package com.huawei.es.security.author.parsers.plugin;

import com.google.gson.JsonParser;
import com.huawei.es.security.author.bean.AuthorizationException;
import com.huawei.es.security.author.bean.IndexOperationInfo;
import com.huawei.es.security.author.bean.IndicesPermission;
import com.huawei.es.security.author.bean.OpType;
import com.huawei.es.security.author.cache.IndexOwnerCache;
import com.huawei.es.security.author.parsers.BasicAuthoritySubHandler;
import com.huawei.es.security.author.tool.AuthorityConstants;
import com.huawei.es.security.author.tool.AuthorityUtil;
import com.huawei.es.security.author.tool.HttpRequestParser;
import com.huawei.es.security.author.tool.HttpResponseParser;
import com.huawei.es.security.author.tool.PermissionChecker;
import com.huawei.es.security.ssl.HwSecurityConstants;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.util.CharsetUtil;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.logging.Loggers;

/* loaded from: input_file:com/huawei/es/security/author/parsers/plugin/IndexManagementAuthoritySubHandler.class */
public class IndexManagementAuthoritySubHandler extends BasicAuthoritySubHandler {
    private static final String SOURCE_INDEX = "source_index";
    private static final String TARGET_INDEX = "target_index";
    private static final Logger LOG = Loggers.getLogger(IndexManagementAuthoritySubHandler.class, new String[]{"IndexManagementAuthoritySubHandler"});
    private static final String OPEN_DISTRO_ROLLUP_JOBS = "_opendistro/_rollup/jobs";
    private static final String[] KEY_WORDS = {OPEN_DISTRO_ROLLUP_JOBS};

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.huawei.es.security.author.parsers.plugin.IndexManagementAuthoritySubHandler$1, reason: invalid class name */
    /* loaded from: input_file:com/huawei/es/security/author/parsers/plugin/IndexManagementAuthoritySubHandler$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$huawei$es$security$author$bean$OpType = new int[OpType.values().length];

        static {
            try {
                $SwitchMap$com$huawei$es$security$author$bean$OpType[OpType.SUBMIT_ROLLUP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$huawei$es$security$author$bean$OpType[OpType.DELETE_ROLLUP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$huawei$es$security$author$bean$OpType[OpType.OTHER_ROLLUP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    @Override // com.huawei.es.security.author.parsers.BasicAuthoritySubHandler
    public void doAuthorise(FullHttpRequest fullHttpRequest, FullHttpResponse fullHttpResponse) throws AuthorizationException, IOException {
        PermissionChecker permissionChecker = new PermissionChecker(AuthorityConstants.SUPER_USER, fullHttpResponse.headers().get(AuthorityConstants.CUSTOMISED_HTTP_RESPONSE_HEAD_NAME_FOR_USERNAME));
        if (fullHttpRequest.method().toString().toUpperCase().equals(AuthorityConstants.PUT_UPPER_CASE)) {
            String parseIndex = parseIndex(fullHttpRequest, SOURCE_INDEX);
            String parseIndex2 = parseIndex(fullHttpRequest, TARGET_INDEX);
            if (!AuthorityUtil.isRangerAuthzEnable(AuthorityConstants.getSetting())) {
                checkIndexPermission(permissionChecker, parseIndex, parseIndex2);
            }
            if (IndexOwnerCache.getOwner(parseIndex2) == null) {
                HttpResponseParser.addIndexOpTypeResultForFuture(fullHttpResponse, parseIndex2, OpType.CREATE);
            }
        }
        for (IndexOperationInfo indexOperationInfo : parseRequestForRollup(fullHttpRequest)) {
            if (!AuthorityUtil.isRangerAuthzEnable(AuthorityConstants.getSetting())) {
                doOneAuthorize(permissionChecker, indexOperationInfo.getIndexName(), indexOperationInfo.getType());
            }
            HttpResponseParser.addIndexOpTypeResultForFuture(fullHttpResponse, indexOperationInfo.getIndexName(), indexOperationInfo.getType());
        }
    }

    private void doOneAuthorize(PermissionChecker permissionChecker, String str, OpType opType) throws AuthorizationException {
        switch (AnonymousClass1.$SwitchMap$com$huawei$es$security$author$bean$OpType[opType.ordinal()]) {
            case HwSecurityConstants.SECURITY_SSL_TRANSPORT_ENABLED_DEFAULT /* 1 */:
                return;
            case AuthorityConstants.CODE_2XX_DIVIDE_BY_100 /* 2 */:
            case 3:
                checkPermissionForRollup(permissionChecker, str);
                return;
            default:
                LOG.warn("No case to match this request, please check your request.");
                return;
        }
    }

    private void checkPermissionForRollup(PermissionChecker permissionChecker, String str) throws AuthorizationException {
        permissionChecker.checkRollupOwnerPrivilege(str);
    }

    private List<IndexOperationInfo> parseRequestForRollup(FullHttpRequest fullHttpRequest) {
        String upperCase = fullHttpRequest.method().toString().toUpperCase();
        ArrayList arrayList = new ArrayList();
        String parseRollupId = parseRollupId(fullHttpRequest);
        boolean z = -1;
        switch (upperCase.hashCode()) {
            case 70454:
                if (upperCase.equals(AuthorityConstants.GET_UPPER_CASE)) {
                    z = 3;
                    break;
                }
                break;
            case 79599:
                if (upperCase.equals(AuthorityConstants.PUT_UPPER_CASE)) {
                    z = false;
                    break;
                }
                break;
            case 2461856:
                if (upperCase.equals(AuthorityConstants.POST_UPPER_CASE)) {
                    z = 2;
                    break;
                }
                break;
            case 2012838315:
                if (upperCase.equals(AuthorityConstants.DELETE_UPPER_CASE)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case HwSecurityConstants.SECURITY_SSL_HTTP_ENABLED_DEFAULT /* 0 */:
                arrayList.add(new IndexOperationInfo(parseRollupId, OpType.SUBMIT_ROLLUP));
                break;
            case HwSecurityConstants.SECURITY_SSL_TRANSPORT_ENABLED_DEFAULT /* 1 */:
                arrayList.add(new IndexOperationInfo(parseRollupId, OpType.DELETE_ROLLUP));
                break;
            case AuthorityConstants.CODE_2XX_DIVIDE_BY_100 /* 2 */:
            case true:
                arrayList.add(new IndexOperationInfo(parseRollupId, OpType.OTHER_ROLLUP));
                break;
            default:
                LOG.warn("No case to match this request, please check your request.");
                break;
        }
        return arrayList;
    }

    private String parseIndex(FullHttpRequest fullHttpRequest, String str) {
        String byteBuf = fullHttpRequest.content().toString(CharsetUtil.UTF_8);
        return StringUtils.isEmpty(byteBuf) ? AuthorityConstants.EMPYT_STRING : JsonParser.parseString(byteBuf).getAsJsonObject().get(AuthorityConstants.TYPE_ROLLUP).getAsJsonObject().get(str).getAsString();
    }

    private String parseRollupId(FullHttpRequest fullHttpRequest) {
        return HttpRequestParser.getPattenFromPath(fullHttpRequest.uri(), new HashMap(), "rollup_id");
    }

    private void checkIndexPermission(PermissionChecker permissionChecker, String str, String str2) throws AuthorizationException {
        permissionChecker.checkAccessPrivilege();
        permissionChecker.checkReadIndexPermission(str);
        try {
            permissionChecker.checkReadIndexPermission(str2);
            permissionChecker.checkPermissionForWriteAction(str2, IndicesPermission.IndexPermission.WRITE);
        } catch (AuthorizationException e) {
            if (null != IndexOwnerCache.getOwner(str2) || !permissionChecker.containerGroup(AuthorityConstants.ES_GROUP_DEFAULT)) {
                throw e;
            }
        }
    }

    @Override // com.huawei.es.security.author.parsers.BasicAuthoritySubHandler
    public String[] getKeyWords() {
        return KEY_WORDS;
    }
}
