package org.elasticsearch.xpack.security.authz.permission;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.elasticsearch.cluster.metadata.MetaData;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.xpack.security.authz.RoleDescriptor;
import org.elasticsearch.xpack.security.authz.accesscontrol.IndicesAccessControl;
import org.elasticsearch.xpack.security.authz.permission.IndicesPermission;
import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege;
import org.elasticsearch.xpack.security.authz.privilege.Privilege;

/* loaded from: input_file:org/elasticsearch/xpack/security/authz/permission/Role.class */
public final class Role {
    public static final Role EMPTY = builder("__empty").build();
    private final String name;
    private final ClusterPermission cluster;
    private final IndicesPermission indices;
    private final RunAsPermission runAs;

    /* loaded from: input_file:org/elasticsearch/xpack/security/authz/permission/Role$Builder.class */
    public static class Builder {
        private final String name;
        private ClusterPermission cluster;
        private RunAsPermission runAs;
        private List<IndicesPermission.Group> groups;
        private FieldPermissionsCache fieldPermissionsCache;

        private Builder(String str, FieldPermissionsCache fieldPermissionsCache) {
            this.cluster = ClusterPermission.NONE;
            this.runAs = RunAsPermission.NONE;
            this.groups = new ArrayList();
            this.fieldPermissionsCache = null;
            this.name = str;
            this.fieldPermissionsCache = fieldPermissionsCache;
        }

        private Builder(RoleDescriptor roleDescriptor, @Nullable FieldPermissionsCache fieldPermissionsCache) {
            this.cluster = ClusterPermission.NONE;
            this.runAs = RunAsPermission.NONE;
            this.groups = new ArrayList();
            this.fieldPermissionsCache = null;
            this.name = roleDescriptor.getName();
            this.fieldPermissionsCache = fieldPermissionsCache;
            if (roleDescriptor.getClusterPrivileges().length == 0) {
                this.cluster = ClusterPermission.NONE;
            } else {
                cluster(ClusterPrivilege.get(Sets.newHashSet(roleDescriptor.getClusterPrivileges())));
            }
            this.groups.addAll(convertFromIndicesPrivileges(roleDescriptor.getIndicesPrivileges(), fieldPermissionsCache));
            String[] runAs = roleDescriptor.getRunAs();
            if (runAs == null || runAs.length <= 0) {
                return;
            }
            runAs(new Privilege(Sets.newHashSet(runAs), runAs));
        }

        public Builder cluster(ClusterPrivilege clusterPrivilege) {
            this.cluster = new ClusterPermission(clusterPrivilege);
            return this;
        }

        public Builder runAs(Privilege privilege) {
            this.runAs = new RunAsPermission(privilege);
            return this;
        }

        public Builder add(IndexPrivilege indexPrivilege, String... strArr) {
            this.groups.add(new IndicesPermission.Group(indexPrivilege, FieldPermissions.DEFAULT, null, strArr));
            return this;
        }

        public Builder add(FieldPermissions fieldPermissions, Set<BytesReference> set, IndexPrivilege indexPrivilege, String... strArr) {
            this.groups.add(new IndicesPermission.Group(indexPrivilege, fieldPermissions, set, strArr));
            return this;
        }

        public Role build() {
            return new Role(this.name, this.cluster, this.groups.isEmpty() ? IndicesPermission.NONE : new IndicesPermission((IndicesPermission.Group[]) this.groups.toArray(new IndicesPermission.Group[this.groups.size()])), this.runAs);
        }

        static List<IndicesPermission.Group> convertFromIndicesPrivileges(RoleDescriptor.IndicesPrivileges[] indicesPrivilegesArr, @Nullable FieldPermissionsCache fieldPermissionsCache) {
            ArrayList arrayList = new ArrayList(indicesPrivilegesArr.length);
            for (RoleDescriptor.IndicesPrivileges indicesPrivileges : indicesPrivilegesArr) {
                arrayList.add(new IndicesPermission.Group(IndexPrivilege.get(Sets.newHashSet(indicesPrivileges.getPrivileges())), fieldPermissionsCache != null ? fieldPermissionsCache.getFieldPermissions(indicesPrivileges.getGrantedFields(), indicesPrivileges.getDeniedFields()) : new FieldPermissions(new FieldPermissionsDefinition(indicesPrivileges.getGrantedFields(), indicesPrivileges.getDeniedFields())), indicesPrivileges.getQuery() == null ? null : Collections.singleton(indicesPrivileges.getQuery()), indicesPrivileges.getIndices()));
            }
            return arrayList;
        }
    }

    Role(String str, ClusterPermission clusterPermission, IndicesPermission indicesPermission, RunAsPermission runAsPermission) {
        this.name = str;
        this.cluster = (ClusterPermission) Objects.requireNonNull(clusterPermission);
        this.indices = (IndicesPermission) Objects.requireNonNull(indicesPermission);
        this.runAs = (RunAsPermission) Objects.requireNonNull(runAsPermission);
    }

    public String name() {
        return this.name;
    }

    public ClusterPermission cluster() {
        return this.cluster;
    }

    public IndicesPermission indices() {
        return this.indices;
    }

    public RunAsPermission runAs() {
        return this.runAs;
    }

    public static Builder builder(String str) {
        return new Builder(str, (FieldPermissionsCache) null);
    }

    public static Builder builder(String str, FieldPermissionsCache fieldPermissionsCache) {
        return new Builder(str, fieldPermissionsCache);
    }

    public static Builder builder(RoleDescriptor roleDescriptor, FieldPermissionsCache fieldPermissionsCache) {
        return new Builder(roleDescriptor, fieldPermissionsCache);
    }

    public IndicesAccessControl authorize(String str, Set<String> set, MetaData metaData, FieldPermissionsCache fieldPermissionsCache) {
        Map<String, IndicesAccessControl.IndexAccessControl> authorize = this.indices.authorize(str, set, metaData, fieldPermissionsCache);
        boolean z = true;
        Iterator<Map.Entry<String, IndicesAccessControl.IndexAccessControl>> it = authorize.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (!it.next().getValue().isGranted()) {
                z = false;
                break;
            }
        }
        return new IndicesAccessControl(z, authorize);
    }
}
