package com.floragunn.searchguard.configuration;

import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.ListMultimap;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/floragunn/searchguard/configuration/AdminDNs.class */
public class AdminDNs {
    protected final ESLogger log = Loggers.getLogger(getClass());
    private final Set<LdapName> adminDn = new HashSet();
    private final ListMultimap<LdapName, String> allowedImpersonations = ArrayListMultimap.create();

    @Inject
    public AdminDNs(Settings settings) {
        for (String str : settings.getAsArray("searchguard.authcz.admin_dn")) {
            try {
                this.log.debug(str, new Object[0]);
                this.adminDn.add(new LdapName(str));
            } catch (InvalidNameException e) {
                this.log.error("Unable to parse admin dn {} {}", e, new Object[]{str, e});
            }
        }
        this.log.debug("Loaded {} admin DN's {}", new Object[]{Integer.valueOf(this.adminDn.size()), this.adminDn});
        for (String str2 : settings.getGroups("searchguard.authcz.impersonation_dn").keySet()) {
            try {
                this.allowedImpersonations.putAll(new LdapName(str2), Arrays.asList(settings.getAsArray("searchguard.authcz.impersonation_dn." + str2)));
            } catch (InvalidNameException e2) {
                this.log.error("Unable to parse allowedImpersonations dn {} {}", e2, new Object[]{str2, e2});
            }
        }
        this.log.debug("Loaded {} impersonation DN's {}", new Object[]{Integer.valueOf(this.allowedImpersonations.size()), this.allowedImpersonations});
    }

    public boolean isAdmin(String str) {
        if (str == null) {
            return false;
        }
        try {
            return isAdmin(new LdapName(str));
        } catch (InvalidNameException e) {
            return false;
        }
    }

    public boolean isAdmin(LdapName ldapName) {
        if (ldapName == null) {
            return false;
        }
        return this.adminDn.contains(ldapName);
    }

    public boolean isImpersonationAllowed(LdapName ldapName, String str) {
        if (ldapName == null) {
            return false;
        }
        return isAdmin(ldapName) || this.allowedImpersonations.containsEntry(ldapName, "*") || this.allowedImpersonations.containsEntry(ldapName, str);
    }
}
