package org.elasticsearch.xpack.security.authz.privilege;

import java.util.Locale;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.function.Predicate;
import org.apache.lucene.util.automaton.Automaton;
import org.elasticsearch.common.Strings;
import org.elasticsearch.xpack.security.authz.permission.TransportClientRole;
import org.elasticsearch.xpack.security.authz.privilege.Privilege;
import org.elasticsearch.xpack.security.support.Automatons;

/* loaded from: input_file:org/elasticsearch/xpack/security/authz/privilege/ClusterPrivilege.class */
public class ClusterPrivilege extends AbstractAutomatonPrivilege<ClusterPrivilege> {
    private static final Automaton MANAGE_SECURITY_AUTOMATON = Automatons.patterns("cluster:admin/xpack/security/*");
    private static final Automaton MONITOR_AUTOMATON = Automatons.patterns("cluster:monitor/*");
    private static final Automaton ALL_CLUSTER_AUTOMATON = Automatons.patterns("cluster:*", "indices:admin/template/*");
    private static final Automaton MANAGE_AUTOMATON = Automatons.minusAndDeterminize(ALL_CLUSTER_AUTOMATON, MANAGE_SECURITY_AUTOMATON);
    private static final Automaton TRANSPORT_CLIENT_AUTOMATON = Automatons.patterns("cluster:monitor/nodes/liveness", "cluster:monitor/state");
    private static final Automaton MANAGE_IDX_TEMPLATE_AUTOMATON = Automatons.patterns("indices:admin/template/*");
    private static final Automaton MANAGE_INGEST_PIPELINE_AUTOMATON = Automatons.patterns("cluster:admin/ingest/pipeline/*");
    public static final ClusterPrivilege NONE = new ClusterPrivilege(Privilege.Name.NONE, Automatons.EMPTY);
    public static final ClusterPrivilege ALL = new ClusterPrivilege(Privilege.Name.ALL, ALL_CLUSTER_AUTOMATON);
    public static final ClusterPrivilege MONITOR = new ClusterPrivilege("monitor", MONITOR_AUTOMATON);
    public static final ClusterPrivilege MANAGE = new ClusterPrivilege("manage", MANAGE_AUTOMATON);
    public static final ClusterPrivilege MANAGE_IDX_TEMPLATES = new ClusterPrivilege("manage_index_templates", MANAGE_IDX_TEMPLATE_AUTOMATON);
    public static final ClusterPrivilege MANAGE_INGEST_PIPELINES = new ClusterPrivilege("manage_ingest_pipelines", MANAGE_INGEST_PIPELINE_AUTOMATON);
    public static final ClusterPrivilege TRANSPORT_CLIENT = new ClusterPrivilege(TransportClientRole.NAME, TRANSPORT_CLIENT_AUTOMATON);
    public static final ClusterPrivilege MANAGE_SECURITY = new ClusterPrivilege("manage_security", MANAGE_SECURITY_AUTOMATON);
    public static final ClusterPrivilege MANAGE_PIPELINE = new ClusterPrivilege("manage_pipeline", "cluster:admin/ingest/pipeline/*");
    public static final Predicate<String> ACTION_MATCHER = ALL.predicate();
    private static final Set<ClusterPrivilege> values = new CopyOnWriteArraySet();
    private static final ConcurrentHashMap<Privilege.Name, ClusterPrivilege> cache;

    static Set<ClusterPrivilege> values() {
        return values;
    }

    private ClusterPrivilege(String str, String... strArr) {
        super(str, strArr);
    }

    private ClusterPrivilege(String str, Automaton automaton) {
        super(new Privilege.Name(str), automaton);
    }

    private ClusterPrivilege(Privilege.Name name, Automaton automaton) {
        super(name, automaton);
    }

    public static void addCustom(String str, String... strArr) {
        for (String str2 : strArr) {
            if (!ACTION_MATCHER.test(str2)) {
                throw new IllegalArgumentException("cannot register custom cluster privilege [" + str + "]. cluster action must follow the 'cluster:*' format");
            }
        }
        ClusterPrivilege clusterPrivilege = new ClusterPrivilege(str, strArr);
        if (values.contains(clusterPrivilege)) {
            throw new IllegalArgumentException("cannot register custom cluster privilege [" + str + "] as it already exists.");
        }
        values.add(clusterPrivilege);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.elasticsearch.xpack.security.authz.privilege.AbstractAutomatonPrivilege
    public ClusterPrivilege create(Privilege.Name name, Automaton automaton) {
        return new ClusterPrivilege(name, automaton);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.elasticsearch.xpack.security.authz.privilege.AbstractAutomatonPrivilege
    public ClusterPrivilege none() {
        return NONE;
    }

    public static ClusterPrivilege action(String str) {
        return new ClusterPrivilege(str, actionToPattern(str));
    }

    public static ClusterPrivilege get(Privilege.Name name) {
        return cache.computeIfAbsent(name, name2 -> {
            ClusterPrivilege clusterPrivilege = NONE;
            for (String str : name2.parts) {
                clusterPrivilege = clusterPrivilege == NONE ? resolve(str) : clusterPrivilege.plus(resolve(str));
            }
            return clusterPrivilege;
        });
    }

    private static ClusterPrivilege resolve(String str) {
        String lowerCase = str.toLowerCase(Locale.ROOT);
        if (ACTION_MATCHER.test(lowerCase)) {
            return action(lowerCase);
        }
        for (ClusterPrivilege clusterPrivilege : values) {
            if (lowerCase.equals(clusterPrivilege.name.toString())) {
                return clusterPrivilege;
            }
        }
        throw new IllegalArgumentException("unknown cluster privilege [" + lowerCase + "]. a privilege must be either one of the predefined fixed cluster privileges [" + Strings.collectionToCommaDelimitedString(values) + "] or a pattern over one of the available cluster actions");
    }

    @Override // org.elasticsearch.xpack.security.authz.privilege.AbstractAutomatonPrivilege
    public /* bridge */ /* synthetic */ String toString() {
        return super.toString();
    }

    @Override // org.elasticsearch.xpack.security.authz.privilege.AbstractAutomatonPrivilege, org.elasticsearch.xpack.security.authz.privilege.Privilege
    public /* bridge */ /* synthetic */ Predicate predicate() {
        return super.predicate();
    }

    static {
        values.add(NONE);
        values.add(ALL);
        values.add(MONITOR);
        values.add(MANAGE);
        values.add(MANAGE_IDX_TEMPLATES);
        values.add(MANAGE_INGEST_PIPELINES);
        values.add(TRANSPORT_CLIENT);
        values.add(MANAGE_SECURITY);
        values.add(MANAGE_PIPELINE);
        cache = new ConcurrentHashMap<>();
    }
}
