package com.floragunn.searchguard.sgconf;

import com.floragunn.searchguard.resolver.IndexResolverReplacer;
import com.floragunn.searchguard.sgconf.impl.SgDynamicConfiguration;
import com.floragunn.searchguard.sgconf.impl.v7.ActionGroupsV7;
import com.floragunn.searchguard.sgconf.impl.v7.RoleMappingsV7;
import com.floragunn.searchguard.sgconf.impl.v7.RoleV7;
import com.floragunn.searchguard.sgconf.impl.v7.TenantV7;
import com.floragunn.searchguard.support.ConfigConstants;
import com.floragunn.searchguard.support.WildcardMatcher;
import com.floragunn.searchguard.user.User;
import com.google.common.base.Joiner;
import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.Iterables;
import com.google.common.collect.ListMultimap;
import com.google.common.collect.MultimapBuilder;
import com.google.common.collect.SetMultimap;
import com.google.common.collect.Sets;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ExceptionsHelper;
import org.elasticsearch.action.support.IndicesOptions;
import org.elasticsearch.cluster.metadata.AliasOrIndex;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;

/* loaded from: input_file:com/floragunn/searchguard/sgconf/ConfigModelV7.class */
public class ConfigModelV7 extends ConfigModel {
    protected final Logger log = LogManager.getLogger(getClass());
    private ConfigConstants.RolesMappingResolution rolesMappingResolution;
    private ActionGroupResolver agr;
    private SgRoles sgRoles;
    private TenantHolder tenantHolder;
    private RoleMappingHolder roleMappingHolder;
    private SgDynamicConfiguration<RoleV7> roles;
    private SgDynamicConfiguration<TenantV7> tenants;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/floragunn/searchguard/sgconf/ConfigModelV7$ActionGroupResolver.class */
    public interface ActionGroupResolver {
        Set<String> resolvedActions(List<String> list);
    }

    /* loaded from: input_file:com/floragunn/searchguard/sgconf/ConfigModelV7$IndexPattern.class */
    public static class IndexPattern {
        private final String indexPattern;
        private String dlsQuery;
        private final Set<String> fls = new HashSet();
        private final Set<String> maskedFields = new HashSet();
        private final Set<String> perms = new HashSet();

        public IndexPattern(String str) {
            this.indexPattern = (String) Objects.requireNonNull(str);
        }

        public IndexPattern addFlsFields(List<String> list) {
            if (list != null) {
                this.fls.addAll(list);
            }
            return this;
        }

        public IndexPattern addMaskedFields(List<String> list) {
            if (list != null) {
                this.maskedFields.addAll(list);
            }
            return this;
        }

        public IndexPattern addPerm(Set<String> set) {
            if (set != null) {
                this.perms.addAll(set);
            }
            return this;
        }

        public IndexPattern setDlsQuery(String str) {
            if (str != null) {
                this.dlsQuery = str;
            }
            return this;
        }

        public int hashCode() {
            return (31 * ((31 * ((31 * ((31 * ((31 * 1) + (this.dlsQuery == null ? 0 : this.dlsQuery.hashCode()))) + (this.fls == null ? 0 : this.fls.hashCode()))) + (this.maskedFields == null ? 0 : this.maskedFields.hashCode()))) + (this.indexPattern == null ? 0 : this.indexPattern.hashCode()))) + (this.perms == null ? 0 : this.perms.hashCode());
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            IndexPattern indexPattern = (IndexPattern) obj;
            if (this.dlsQuery == null) {
                if (indexPattern.dlsQuery != null) {
                    return false;
                }
            } else if (!this.dlsQuery.equals(indexPattern.dlsQuery)) {
                return false;
            }
            if (this.fls == null) {
                if (indexPattern.fls != null) {
                    return false;
                }
            } else if (!this.fls.equals(indexPattern.fls)) {
                return false;
            }
            if (this.maskedFields == null) {
                if (indexPattern.maskedFields != null) {
                    return false;
                }
            } else if (!this.maskedFields.equals(indexPattern.maskedFields)) {
                return false;
            }
            if (this.indexPattern == null) {
                if (indexPattern.indexPattern != null) {
                    return false;
                }
            } else if (!this.indexPattern.equals(indexPattern.indexPattern)) {
                return false;
            }
            return this.perms == null ? indexPattern.perms == null : this.perms.equals(indexPattern.perms);
        }

        public String toString() {
            return System.lineSeparator() + "        indexPattern=" + this.indexPattern + System.lineSeparator() + "          dlsQuery=" + this.dlsQuery + System.lineSeparator() + "          fls=" + this.fls + System.lineSeparator() + "          perms=" + this.perms;
        }

        public String getUnresolvedIndexPattern(User user) {
            return ConfigModelV7.replaceProperties(this.indexPattern, user);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String[] getResolvedIndexPattern(User user, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
            String[] strArr;
            String unresolvedIndexPattern = getUnresolvedIndexPattern(user);
            String[] strArr2 = null;
            if (WildcardMatcher.containsWildcard(unresolvedIndexPattern) && (strArr = (String[]) clusterService.state().getMetaData().getAliasAndIndexLookup().entrySet().stream().filter(entry -> {
                return ((AliasOrIndex) entry.getValue()).isAlias();
            }).filter(entry2 -> {
                return WildcardMatcher.match(unresolvedIndexPattern, (String) entry2.getKey());
            }).map(entry3 -> {
                return (String) entry3.getKey();
            }).toArray(i -> {
                return new String[i];
            })) != null && strArr.length > 0) {
                strArr2 = indexNameExpressionResolver.concreteIndexNames(clusterService.state(), IndicesOptions.lenientExpandOpen(), strArr);
            }
            if (strArr2 == null && !unresolvedIndexPattern.isEmpty()) {
                strArr2 = indexNameExpressionResolver.concreteIndexNames(clusterService.state(), IndicesOptions.lenientExpandOpen(), new String[]{unresolvedIndexPattern});
            }
            if (strArr2 == null || strArr2.length == 0) {
                return new String[]{unresolvedIndexPattern};
            }
            String[] strArr3 = (String[]) Arrays.copyOf(strArr2, strArr2.length + 1);
            strArr3[strArr3.length - 1] = unresolvedIndexPattern;
            return strArr3;
        }

        public String getDlsQuery(User user) {
            return ConfigModelV7.replaceProperties(this.dlsQuery, user);
        }

        public Set<String> getFls() {
            return Collections.unmodifiableSet(this.fls);
        }

        public Set<String> getMaskedFields() {
            return Collections.unmodifiableSet(this.maskedFields);
        }

        public Set<String> getPerms() {
            return Collections.unmodifiableSet(this.perms);
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/sgconf/ConfigModelV7$RoleMappingHolder.class */
    private class RoleMappingHolder {
        private ListMultimap<String, String> users;
        private ListMultimap<Set<String>, String> abars;
        private ListMultimap<String, String> bars;
        private ListMultimap<String, String> hosts;
        private final String hostResolverMode;

        private RoleMappingHolder(SgDynamicConfiguration<RoleMappingsV7> sgDynamicConfiguration, String str) {
            this.hostResolverMode = str;
            if (ConfigModelV7.this.roles != null) {
                ArrayListMultimap create = ArrayListMultimap.create();
                ArrayListMultimap create2 = ArrayListMultimap.create();
                ArrayListMultimap create3 = ArrayListMultimap.create();
                ArrayListMultimap create4 = ArrayListMultimap.create();
                for (Map.Entry<String, RoleMappingsV7> entry : sgDynamicConfiguration.getCEntries().entrySet()) {
                    Iterator<String> it = entry.getValue().getUsers().iterator();
                    while (it.hasNext()) {
                        create.put(it.next(), entry.getKey());
                    }
                    HashSet hashSet = new HashSet(entry.getValue().getAnd_backend_roles());
                    if (!hashSet.isEmpty()) {
                        create2.put(hashSet, entry.getKey());
                    }
                    Iterator<String> it2 = entry.getValue().getBackend_roles().iterator();
                    while (it2.hasNext()) {
                        create3.put(it2.next(), entry.getKey());
                    }
                    Iterator<String> it3 = entry.getValue().getHosts().iterator();
                    while (it3.hasNext()) {
                        create4.put(it3.next(), entry.getKey());
                    }
                }
                this.users = create;
                this.abars = create2;
                this.bars = create3;
                this.hosts = create4;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Set<String> map(User user, TransportAddress transportAddress) {
            if (user == null || this.users == null || this.abars == null || this.bars == null || this.hosts == null) {
                return Collections.emptySet();
            }
            TreeSet treeSet = new TreeSet(user.getSearchGuardRoles());
            if (ConfigModelV7.this.rolesMappingResolution == ConfigConstants.RolesMappingResolution.BOTH || ConfigModelV7.this.rolesMappingResolution == ConfigConstants.RolesMappingResolution.BACKENDROLES_ONLY) {
                if (ConfigModelV7.this.log.isDebugEnabled()) {
                    ConfigModelV7.this.log.debug("Pass backendroles from {}", user);
                }
                treeSet.addAll(user.getRoles());
            }
            if (ConfigModelV7.this.rolesMappingResolution == ConfigConstants.RolesMappingResolution.BOTH || ConfigModelV7.this.rolesMappingResolution == ConfigConstants.RolesMappingResolution.MAPPING_ONLY) {
                Iterator<String> it = WildcardMatcher.getAllMatchingPatterns(this.users.keySet(), user.getName()).iterator();
                while (it.hasNext()) {
                    treeSet.addAll(this.users.get(it.next()));
                }
                Iterator<String> it2 = WildcardMatcher.getAllMatchingPatterns(this.bars.keySet(), user.getRoles()).iterator();
                while (it2.hasNext()) {
                    treeSet.addAll(this.bars.get(it2.next()));
                }
                for (Set set : this.abars.keySet()) {
                    if (WildcardMatcher.allPatternsMatched(set, user.getRoles())) {
                        treeSet.addAll(this.abars.get(set));
                    }
                }
                if (transportAddress != null) {
                    Iterator<String> it3 = WildcardMatcher.getAllMatchingPatterns(this.hosts.keySet(), transportAddress.getAddress()).iterator();
                    while (it3.hasNext()) {
                        treeSet.addAll(this.hosts.get(it3.next()));
                    }
                    if (transportAddress.address() != null && (this.hostResolverMode.equalsIgnoreCase("ip-hostname") || this.hostResolverMode.equalsIgnoreCase("ip-hostname-lookup"))) {
                        Iterator<String> it4 = WildcardMatcher.getAllMatchingPatterns(this.hosts.keySet(), transportAddress.address().getHostString()).iterator();
                        while (it4.hasNext()) {
                            treeSet.addAll(this.hosts.get(it4.next()));
                        }
                    }
                    if (transportAddress.address() != null && this.hostResolverMode.equalsIgnoreCase("ip-hostname-lookup")) {
                        Iterator<String> it5 = WildcardMatcher.getAllMatchingPatterns(this.hosts.keySet(), transportAddress.address().getHostName()).iterator();
                        while (it5.hasNext()) {
                            treeSet.addAll(this.hosts.get(it5.next()));
                        }
                    }
                }
            }
            return Collections.unmodifiableSet(treeSet);
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/sgconf/ConfigModelV7$SgRole.class */
    public static class SgRole {
        private final String name;
        private final Set<IndexPattern> ipatterns;
        private final Set<String> clusterPerms;

        private SgRole(String str) {
            this.ipatterns = new HashSet();
            this.clusterPerms = new HashSet();
            this.name = (String) Objects.requireNonNull(str);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean impliesClusterPermission(String str) {
            return WildcardMatcher.matchAny(this.clusterPerms, str);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Set<String> getAllResolvedPermittedIndices(IndexResolverReplacer.Resolved resolved, User user, String[] strArr, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
            HashSet hashSet = new HashSet();
            for (IndexPattern indexPattern : this.ipatterns) {
                if (WildcardMatcher.matchAll((String[]) indexPattern.getPerms().toArray(new String[0]), strArr)) {
                    String[] resolvedIndexPattern = indexPattern.getResolvedIndexPattern(user, indexNameExpressionResolver, clusterService);
                    HashSet hashSet2 = new HashSet();
                    if (resolved.isLocalAll() || resolved.getAllIndices().contains("*") || resolved.getAllIndices().contains("_all")) {
                        HashSet hashSet3 = new HashSet(Arrays.asList(clusterService.state().metaData().getConcreteAllOpenIndices()));
                        WildcardMatcher.wildcardRetainInSet(hashSet3, resolvedIndexPattern);
                        hashSet2.addAll(hashSet3);
                    } else {
                        HashSet hashSet4 = new HashSet(resolved.getAllIndices());
                        WildcardMatcher.wildcardRetainInSet(hashSet4, resolvedIndexPattern);
                        hashSet2.addAll(hashSet4);
                    }
                    hashSet.addAll(hashSet2);
                }
            }
            return Collections.unmodifiableSet(hashSet);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public SgRole addIndexPattern(IndexPattern indexPattern) {
            if (indexPattern != null) {
                this.ipatterns.add(indexPattern);
            }
            return this;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public SgRole addClusterPerms(Collection<String> collection) {
            if (collection != null) {
                this.clusterPerms.addAll(collection);
            }
            return this;
        }

        public int hashCode() {
            return (31 * ((31 * ((31 * 1) + (this.clusterPerms == null ? 0 : this.clusterPerms.hashCode()))) + (this.ipatterns == null ? 0 : this.ipatterns.hashCode()))) + (this.name == null ? 0 : this.name.hashCode());
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            SgRole sgRole = (SgRole) obj;
            if (this.clusterPerms == null) {
                if (sgRole.clusterPerms != null) {
                    return false;
                }
            } else if (!this.clusterPerms.equals(sgRole.clusterPerms)) {
                return false;
            }
            if (this.ipatterns == null) {
                if (sgRole.ipatterns != null) {
                    return false;
                }
            } else if (!this.ipatterns.equals(sgRole.ipatterns)) {
                return false;
            }
            return this.name == null ? sgRole.name == null : this.name.equals(sgRole.name);
        }

        public String toString() {
            return System.lineSeparator() + "  " + this.name + System.lineSeparator() + "    ipatterns=" + this.ipatterns + System.lineSeparator() + "    clusterPerms=" + this.clusterPerms;
        }

        public Set<IndexPattern> getIpatterns() {
            return Collections.unmodifiableSet(this.ipatterns);
        }

        public Set<String> getClusterPerms() {
            return Collections.unmodifiableSet(this.clusterPerms);
        }

        public String getName() {
            return this.name;
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/sgconf/ConfigModelV7$SgRoles.class */
    public static class SgRoles extends com.floragunn.searchguard.sgconf.SgRoles {
        protected final Logger log;
        final Set<SgRole> roles;

        private SgRoles(int i) {
            this.log = LogManager.getLogger(getClass());
            this.roles = new HashSet(i);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public SgRoles addSgRole(SgRole sgRole) {
            if (sgRole != null) {
                this.roles.add(sgRole);
            }
            return this;
        }

        public int hashCode() {
            return (31 * 1) + (this.roles == null ? 0 : this.roles.hashCode());
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            SgRoles sgRoles = (SgRoles) obj;
            return this.roles == null ? sgRoles.roles == null : this.roles.equals(sgRoles.roles);
        }

        public String toString() {
            return "roles=" + this.roles;
        }

        public Set<SgRole> getRoles() {
            return Collections.unmodifiableSet(this.roles);
        }

        @Override // com.floragunn.searchguard.sgconf.SgRoles
        public Set<String> getRoleNames() {
            return (Set) getRoles().stream().map(sgRole -> {
                return sgRole.getName();
            }).collect(Collectors.toSet());
        }

        @Override // com.floragunn.searchguard.sgconf.SgRoles
        public SgRoles filter(Set<String> set) {
            SgRoles sgRoles = new SgRoles(this.roles.size());
            for (SgRole sgRole : this.roles) {
                if (set.contains(sgRole.getName())) {
                    sgRoles.addSgRole(sgRole);
                }
            }
            return sgRoles;
        }

        @Override // com.floragunn.searchguard.sgconf.SgRoles
        public Map<String, Set<String>> getMaskedFields(User user, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
            HashMap hashMap = new HashMap();
            Iterator<SgRole> it = this.roles.iterator();
            while (it.hasNext()) {
                for (IndexPattern indexPattern : it.next().getIpatterns()) {
                    Set<String> maskedFields = indexPattern.getMaskedFields();
                    String unresolvedIndexPattern = indexPattern.getUnresolvedIndexPattern(user);
                    String[] strArr = new String[0];
                    if (maskedFields != null && maskedFields.size() > 0) {
                        strArr = indexPattern.getResolvedIndexPattern(user, indexNameExpressionResolver, clusterService);
                    }
                    if (maskedFields != null && maskedFields.size() > 0) {
                        if (hashMap.containsKey(unresolvedIndexPattern)) {
                            ((Set) hashMap.get(unresolvedIndexPattern)).addAll(Sets.newHashSet(maskedFields));
                        } else {
                            hashMap.put(unresolvedIndexPattern, new HashSet());
                            ((Set) hashMap.get(unresolvedIndexPattern)).addAll(Sets.newHashSet(maskedFields));
                        }
                        for (String str : strArr) {
                            if (hashMap.containsKey(str)) {
                                ((Set) hashMap.get(str)).addAll(Sets.newHashSet(maskedFields));
                            } else {
                                hashMap.put(str, new HashSet());
                                ((Set) hashMap.get(str)).addAll(Sets.newHashSet(maskedFields));
                            }
                        }
                    }
                }
            }
            return hashMap;
        }

        @Override // com.floragunn.searchguard.sgconf.SgRoles
        public Tuple<Map<String, Set<String>>, Map<String, Set<String>>> getDlsFls(User user, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            Iterator<SgRole> it = this.roles.iterator();
            while (it.hasNext()) {
                for (IndexPattern indexPattern : it.next().getIpatterns()) {
                    Set<String> fls = indexPattern.getFls();
                    String dlsQuery = indexPattern.getDlsQuery(user);
                    String unresolvedIndexPattern = indexPattern.getUnresolvedIndexPattern(user);
                    String[] strArr = new String[0];
                    if ((dlsQuery != null && dlsQuery.length() > 0) || (fls != null && fls.size() > 0)) {
                        strArr = indexPattern.getResolvedIndexPattern(user, indexNameExpressionResolver, clusterService);
                    }
                    if (dlsQuery != null && dlsQuery.length() > 0) {
                        if (hashMap.containsKey(unresolvedIndexPattern)) {
                            ((Set) hashMap.get(unresolvedIndexPattern)).add(dlsQuery);
                        } else {
                            hashMap.put(unresolvedIndexPattern, new HashSet());
                            ((Set) hashMap.get(unresolvedIndexPattern)).add(dlsQuery);
                        }
                        for (String str : strArr) {
                            if (hashMap.containsKey(str)) {
                                ((Set) hashMap.get(str)).add(dlsQuery);
                            } else {
                                hashMap.put(str, new HashSet());
                                ((Set) hashMap.get(str)).add(dlsQuery);
                            }
                        }
                    }
                    if (fls != null && fls.size() > 0) {
                        if (hashMap2.containsKey(unresolvedIndexPattern)) {
                            ((Set) hashMap2.get(unresolvedIndexPattern)).addAll(Sets.newHashSet(fls));
                        } else {
                            hashMap2.put(unresolvedIndexPattern, new HashSet());
                            ((Set) hashMap2.get(unresolvedIndexPattern)).addAll(Sets.newHashSet(fls));
                        }
                        for (String str2 : strArr) {
                            if (hashMap2.containsKey(str2)) {
                                ((Set) hashMap2.get(str2)).addAll(Sets.newHashSet(fls));
                            } else {
                                hashMap2.put(str2, new HashSet());
                                ((Set) hashMap2.get(str2)).addAll(Sets.newHashSet(fls));
                            }
                        }
                    }
                }
            }
            return new Tuple<>(hashMap, hashMap2);
        }

        @Override // com.floragunn.searchguard.sgconf.SgRoles
        public Set<String> getAllPermittedIndicesForKibana(IndexResolverReplacer.Resolved resolved, User user, String[] strArr, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
            HashSet hashSet = new HashSet();
            Iterator<SgRole> it = this.roles.iterator();
            while (it.hasNext()) {
                hashSet.addAll(it.next().getAllResolvedPermittedIndices(IndexResolverReplacer.Resolved._LOCAL_ALL, user, strArr, indexNameExpressionResolver, clusterService));
                hashSet.addAll(resolved.getRemoteIndices());
            }
            return Collections.unmodifiableSet(hashSet);
        }

        @Override // com.floragunn.searchguard.sgconf.SgRoles
        public Set<String> reduce(IndexResolverReplacer.Resolved resolved, User user, String[] strArr, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
            HashSet hashSet = new HashSet();
            Iterator<SgRole> it = this.roles.iterator();
            while (it.hasNext()) {
                hashSet.addAll(it.next().getAllResolvedPermittedIndices(resolved, user, strArr, indexNameExpressionResolver, clusterService));
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug("Reduced requested resolved indices {} to permitted indices {}.", resolved, hashSet.toString());
            }
            return Collections.unmodifiableSet(hashSet);
        }

        @Override // com.floragunn.searchguard.sgconf.SgRoles
        public boolean get(IndexResolverReplacer.Resolved resolved, User user, String[] strArr, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
            Iterator<SgRole> it = this.roles.iterator();
            while (it.hasNext()) {
                if (ConfigModelV7.impliesTypePerm(it.next().getIpatterns(), resolved, user, strArr, indexNameExpressionResolver, clusterService)) {
                    return true;
                }
            }
            return false;
        }

        @Override // com.floragunn.searchguard.sgconf.SgRoles
        public boolean impliesClusterPermissionPermission(String str) {
            return this.roles.stream().filter(sgRole -> {
                return sgRole.impliesClusterPermission(str);
            }).count() > 0;
        }

        @Override // com.floragunn.searchguard.sgconf.SgRoles
        public boolean impliesTypePermGlobal(IndexResolverReplacer.Resolved resolved, User user, String[] strArr, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
            HashSet hashSet = new HashSet();
            this.roles.stream().forEach(sgRole -> {
                hashSet.addAll(sgRole.getIpatterns());
            });
            return ConfigModelV7.impliesTypePerm(hashSet, resolved, user, strArr, indexNameExpressionResolver, clusterService);
        }

        @Override // com.floragunn.searchguard.sgconf.SgRoles
        public /* bridge */ /* synthetic */ com.floragunn.searchguard.sgconf.SgRoles filter(Set set) {
            return filter((Set<String>) set);
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/sgconf/ConfigModelV7$Tenant.class */
    public static class Tenant {
        private final String tenant;
        private final boolean readWrite;

        private Tenant(String str, boolean z) {
            this.tenant = str;
            this.readWrite = z;
        }

        public String getTenant() {
            return this.tenant;
        }

        public boolean isReadWrite() {
            return this.readWrite;
        }

        public int hashCode() {
            return (31 * ((31 * 1) + (this.readWrite ? 1231 : 1237))) + (this.tenant == null ? 0 : this.tenant.hashCode());
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            Tenant tenant = (Tenant) obj;
            if (this.readWrite != tenant.readWrite) {
                return false;
            }
            return this.tenant == null ? tenant.tenant == null : this.tenant.equals(tenant.tenant);
        }

        public String toString() {
            return System.lineSeparator() + "                tenant=" + this.tenant + System.lineSeparator() + "                readWrite=" + this.readWrite;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/floragunn/searchguard/sgconf/ConfigModelV7$TenantHolder.class */
    public class TenantHolder {
        private SetMultimap<String, Tuple<String, Boolean>> tenantsMM;

        public TenantHolder(SgDynamicConfiguration<RoleV7> sgDynamicConfiguration, final SgDynamicConfiguration<TenantV7> sgDynamicConfiguration2) {
            this.tenantsMM = null;
            HashSet hashSet = new HashSet(sgDynamicConfiguration.getCEntries().size());
            ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(10);
            for (final Map.Entry<String, RoleV7> entry : sgDynamicConfiguration.getCEntries().entrySet()) {
                if (entry.getValue() != null) {
                    hashSet.add(newFixedThreadPool.submit(new Callable<Tuple<String, Set<Tuple<String, Boolean>>>>() { // from class: com.floragunn.searchguard.sgconf.ConfigModelV7.TenantHolder.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.util.concurrent.Callable
                        public Tuple<String, Set<Tuple<String, Boolean>>> call() throws Exception {
                            HashSet hashSet2 = new HashSet();
                            List<RoleV7.Tenant> tenant_permissions = ((RoleV7) entry.getValue()).getTenant_permissions();
                            if (tenant_permissions != null) {
                                for (RoleV7.Tenant tenant : tenant_permissions) {
                                    Iterator<String> it = WildcardMatcher.getMatchAny(tenant.getTenant_patterns(), sgDynamicConfiguration2.getCEntries().keySet()).iterator();
                                    while (it.hasNext()) {
                                        hashSet2.add(new Tuple(it.next(), Boolean.valueOf(ConfigModelV7.this.agr.resolvedActions(tenant.getAllowed_actions()).contains("kibana:saved_objects/*/write"))));
                                    }
                                }
                            }
                            return new Tuple<>((String) entry.getKey(), hashSet2);
                        }
                    }));
                }
            }
            newFixedThreadPool.shutdown();
            try {
                newFixedThreadPool.awaitTermination(30L, TimeUnit.SECONDS);
                try {
                    SetMultimap<String, Tuple<String, Boolean>> build = MultimapBuilder.SetMultimapBuilder.hashKeys(hashSet.size()).hashSetValues(16).build();
                    Iterator it = hashSet.iterator();
                    while (it.hasNext()) {
                        Tuple tuple = (Tuple) ((Future) it.next()).get();
                        build.putAll((String) tuple.v1(), (Iterable) tuple.v2());
                    }
                    this.tenantsMM = build;
                } catch (InterruptedException e) {
                    Thread.currentThread().interrupt();
                    ConfigModelV7.this.log.error("Thread interrupted (2) while loading roles");
                } catch (ExecutionException e2) {
                    ConfigModelV7.this.log.error("Error while updating roles: {}", e2.getCause(), e2.getCause());
                    throw ExceptionsHelper.convertToElastic(e2);
                }
            } catch (InterruptedException e3) {
                Thread.currentThread().interrupt();
                ConfigModelV7.this.log.error("Thread interrupted (1) while loading roles");
            }
        }

        public Map<String, Boolean> mapTenants(User user, Set<String> set) {
            if (user == null || this.tenantsMM == null) {
                return Collections.emptyMap();
            }
            HashMap hashMap = new HashMap(set.size());
            hashMap.put(user.getName(), true);
            this.tenantsMM.entries().stream().filter(entry -> {
                return set.contains(entry.getKey());
            }).filter(entry2 -> {
                return !user.getName().equals(((Tuple) entry2.getValue()).v1());
            }).forEach(entry3 -> {
                String str = (String) ((Tuple) entry3.getValue()).v1();
                boolean booleanValue = ((Boolean) ((Tuple) entry3.getValue()).v2()).booleanValue();
                if (booleanValue || !hashMap.containsKey(str)) {
                    hashMap.put(str, Boolean.valueOf(booleanValue));
                }
            });
            if (!hashMap.containsKey("SGS_GLOBAL_TENANT") && (set.contains("sg_kibana_user") || set.contains("SGS_KIBANA_USER") || set.contains("sg_all_access") || set.contains("SGS_ALL_ACCESS"))) {
                hashMap.put("SGS_GLOBAL_TENANT", true);
            }
            return Collections.unmodifiableMap(hashMap);
        }
    }

    public ConfigModelV7(SgDynamicConfiguration<RoleV7> sgDynamicConfiguration, SgDynamicConfiguration<RoleMappingsV7> sgDynamicConfiguration2, SgDynamicConfiguration<ActionGroupsV7> sgDynamicConfiguration3, SgDynamicConfiguration<TenantV7> sgDynamicConfiguration4, DynamicConfigModel dynamicConfigModel, Settings settings) {
        this.agr = null;
        this.sgRoles = null;
        this.roles = sgDynamicConfiguration;
        this.tenants = sgDynamicConfiguration4;
        try {
            this.rolesMappingResolution = ConfigConstants.RolesMappingResolution.valueOf(settings.get(ConfigConstants.SEARCHGUARD_ROLES_MAPPING_RESOLUTION, ConfigConstants.RolesMappingResolution.MAPPING_ONLY.toString()).toUpperCase());
        } catch (Exception e) {
            this.log.error("Cannot apply roles mapping resolution", e);
            this.rolesMappingResolution = ConfigConstants.RolesMappingResolution.MAPPING_ONLY;
        }
        this.agr = reloadActionGroups(sgDynamicConfiguration3);
        this.sgRoles = reload(sgDynamicConfiguration);
        this.tenantHolder = new TenantHolder(sgDynamicConfiguration, sgDynamicConfiguration4);
        this.roleMappingHolder = new RoleMappingHolder(sgDynamicConfiguration2, dynamicConfigModel.getHostsResolverMode());
    }

    @Override // com.floragunn.searchguard.sgconf.ConfigModel
    public Set<String> getAllConfiguredTenantNames() {
        return Collections.unmodifiableSet(this.tenants.getCEntries().keySet());
    }

    @Override // com.floragunn.searchguard.sgconf.ConfigModel
    public SgRoles getSgRoles() {
        return this.sgRoles;
    }

    private ActionGroupResolver reloadActionGroups(final SgDynamicConfiguration<ActionGroupsV7> sgDynamicConfiguration) {
        return new ActionGroupResolver() { // from class: com.floragunn.searchguard.sgconf.ConfigModelV7.1
            private Set<String> getGroupMembers(String str) {
                return sgDynamicConfiguration == null ? Collections.emptySet() : Collections.unmodifiableSet(resolve(sgDynamicConfiguration, str));
            }

            private Set<String> resolve(SgDynamicConfiguration<?> sgDynamicConfiguration2, String str) {
                if (!sgDynamicConfiguration2.getCEntries().containsKey(str)) {
                    return Collections.emptySet();
                }
                HashSet hashSet = new HashSet();
                Object obj = sgDynamicConfiguration2.getCEntries().get(str);
                if (obj != null && (obj instanceof List)) {
                    for (String str2 : (List) obj) {
                        if (sgDynamicConfiguration2.getCEntries().keySet().contains(str2)) {
                            hashSet.addAll(resolve(sgDynamicConfiguration2, str2));
                        } else {
                            hashSet.add(str2);
                        }
                    }
                } else {
                    if (obj == null || !(obj instanceof ActionGroupsV7)) {
                        throw new RuntimeException("Unable to handle " + obj);
                    }
                    for (String str3 : ((ActionGroupsV7) obj).getAllowed_actions()) {
                        if (sgDynamicConfiguration2.getCEntries().keySet().contains(str3)) {
                            hashSet.addAll(resolve(sgDynamicConfiguration2, str3));
                        } else {
                            hashSet.add(str3);
                        }
                    }
                }
                return Collections.unmodifiableSet(hashSet);
            }

            @Override // com.floragunn.searchguard.sgconf.ConfigModelV7.ActionGroupResolver
            public Set<String> resolvedActions(List<String> list) {
                HashSet hashSet = new HashSet();
                for (String str : list) {
                    Set<String> groupMembers = getGroupMembers(str);
                    if (groupMembers.isEmpty()) {
                        hashSet.add(str);
                    } else {
                        hashSet.addAll(groupMembers);
                    }
                }
                return Collections.unmodifiableSet(hashSet);
            }
        };
    }

    private SgRoles reload(SgDynamicConfiguration<RoleV7> sgDynamicConfiguration) {
        HashSet hashSet = new HashSet(5000);
        ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(10);
        for (final Map.Entry<String, RoleV7> entry : sgDynamicConfiguration.getCEntries().entrySet()) {
            hashSet.add(newFixedThreadPool.submit(new Callable<SgRole>() { // from class: com.floragunn.searchguard.sgconf.ConfigModelV7.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public SgRole call() throws Exception {
                    SgRole sgRole = new SgRole((String) entry.getKey());
                    if (entry.getValue() == null) {
                        return null;
                    }
                    sgRole.addClusterPerms(ConfigModelV7.this.agr.resolvedActions(((RoleV7) entry.getValue()).getCluster_permissions()));
                    for (RoleV7.Index index : ((RoleV7) entry.getValue()).getIndex_permissions()) {
                        String dls = index.getDls();
                        List<String> fls = index.getFls();
                        List<String> masked_fields = index.getMasked_fields();
                        Iterator<String> it = index.getIndex_patterns().iterator();
                        while (it.hasNext()) {
                            IndexPattern indexPattern = new IndexPattern(it.next());
                            indexPattern.setDlsQuery(dls);
                            indexPattern.addFlsFields(fls);
                            indexPattern.addMaskedFields(masked_fields);
                            indexPattern.addPerm(ConfigModelV7.this.agr.resolvedActions(index.getAllowed_actions()));
                            sgRole.addIndexPattern(indexPattern);
                        }
                    }
                    return sgRole;
                }
            }));
        }
        newFixedThreadPool.shutdown();
        try {
            newFixedThreadPool.awaitTermination(30L, TimeUnit.SECONDS);
            try {
                SgRoles sgRoles = new SgRoles(hashSet.size());
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    sgRoles.addSgRole((SgRole) ((Future) it.next()).get());
                }
                return sgRoles;
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                this.log.error("Thread interrupted (2) while loading roles");
                return null;
            } catch (ExecutionException e2) {
                this.log.error("Error while updating roles: {}", e2.getCause(), e2.getCause());
                throw ExceptionsHelper.convertToElastic(e2);
            }
        } catch (InterruptedException e3) {
            Thread.currentThread().interrupt();
            this.log.error("Thread interrupted (1) while loading roles");
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String replaceProperties(String str, User user) {
        if (user == null || str == null) {
            return str;
        }
        String replaceRoles = replaceRoles(str.replace("${user.name}", user.getName()).replace("${user_name}", user.getName()), user);
        for (Map.Entry<String, String> entry : user.getCustomAttributesMap().entrySet()) {
            if (entry != null && entry.getKey() != null && entry.getValue() != null) {
                replaceRoles = replaceRoles.replace("${" + entry.getKey() + "}", entry.getValue()).replace("${" + entry.getKey().replace('.', '_') + "}", entry.getValue());
            }
        }
        return replaceRoles;
    }

    private static String replaceRoles(String str, User user) {
        String str2 = str;
        if (str.contains("${user.roles}") || str.contains("${user_roles}")) {
            String quotedCommaSeparatedString = toQuotedCommaSeparatedString(user.getRoles());
            str2 = str.replace("${user.roles}", quotedCommaSeparatedString).replace("${user_roles}", quotedCommaSeparatedString);
        }
        return str2;
    }

    private static String toQuotedCommaSeparatedString(Set<String> set) {
        return Joiner.on(',').join(Iterables.transform(set, str -> {
            return new StringBuilder(str.length() + 2).append('\"').append(str).append('\"').toString();
        }));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean impliesTypePerm(Set<IndexPattern> set, IndexResolverReplacer.Resolved resolved, User user, String[] strArr, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService) {
        HashSet hashSet = new HashSet(resolved.getAllIndices());
        for (String str : resolved.getAllIndices()) {
            HashSet hashSet2 = new HashSet(Arrays.asList(strArr));
            for (IndexPattern indexPattern : set) {
                if (WildcardMatcher.matchAny(indexPattern.getResolvedIndexPattern(user, indexNameExpressionResolver, clusterService), str)) {
                    for (String str2 : Arrays.asList(strArr)) {
                        if (WildcardMatcher.matchAny(indexPattern.perms, str2)) {
                            hashSet2.remove(str2);
                        }
                    }
                }
            }
            if (hashSet2.isEmpty()) {
                hashSet.remove(str);
            }
        }
        return hashSet.isEmpty();
    }

    @Override // com.floragunn.searchguard.sgconf.ConfigModel
    public Map<String, Boolean> mapTenants(User user, Set<String> set) {
        return this.tenantHolder.mapTenants(user, set);
    }

    @Override // com.floragunn.searchguard.sgconf.ConfigModel
    public Set<String> mapSgRoles(User user, TransportAddress transportAddress) {
        return this.roleMappingHolder.map(user, transportAddress);
    }
}
