package com.huawei.es.security.author.parsers;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.huawei.es.security.author.bean.AuthorizationException;
import com.huawei.es.security.author.bean.IndexOperationInfo;
import com.huawei.es.security.author.bean.IndicesPermission;
import com.huawei.es.security.author.bean.OpType;
import com.huawei.es.security.author.bean.jsoninfo.GetDocInfo;
import com.huawei.es.security.author.bean.jsoninfo.ReindexInfo;
import com.huawei.es.security.author.tool.Alias2IndexTurner;
import com.huawei.es.security.author.tool.AuthorityConstants;
import com.huawei.es.security.author.tool.AuthorityUtil;
import com.huawei.es.security.author.tool.AutoCreateIndexChecker;
import com.huawei.es.security.author.tool.HttpRequestParser;
import com.huawei.es.security.author.tool.HttpResponseParser;
import com.huawei.es.security.author.tool.PermissionChecker;
import com.huawei.es.security.cluster.ClusterStateManager;
import com.huawei.es.security.ssl.HwSecurityConstants;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.util.CharsetUtil;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.lucene.index.IndexNotFoundException;
import org.elasticsearch.action.DocWriteRequest;
import org.elasticsearch.action.bulk.BulkRequest;
import org.elasticsearch.client.Requests;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.rest.RestUtils;
import org.elasticsearch.transport.netty4.Netty4Utils;

/* loaded from: input_file:com/huawei/es/security/author/parsers/DocAuthoritySubHandler.class */
public class DocAuthoritySubHandler extends BasicAuthoritySubHandler {
    private static final String BULK = "_bulk";
    private static ClusterStateManager clusterStateManager;
    private static final String OPTYPE_INDEX = "index";
    private static final String OPTYPE_DELETE = "delete";
    private static final String OPTYPE_UPDATE = "update";
    private static final String OPTYPE_CREATE = "create";
    private static final Logger LOG = LogManager.getLogger(DocAuthoritySubHandler.class);
    private static final String DELETE_BY_QUERY = "_delete_by_query";
    private static final String UPDATE_BY_QUERY = "_update_by_query";
    private static final String M_GET = "_mget";
    private static final String REINDEX = "_reindex";
    private static final String TERM_VECTORS = "_termvectors";
    private static final String M_TERM_VECTORS = "_mtermvectors";
    private static final String UPDATE = "_update";
    private static final String[] KEY_WORDS = {DELETE_BY_QUERY, UPDATE_BY_QUERY, M_GET, "_bulk", REINDEX, TERM_VECTORS, M_TERM_VECTORS, UPDATE};
    private static Map<String, OpType> keywords2Type = new HashMap();
    private static Map<String, OpType> httpMethod2Type = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.huawei.es.security.author.parsers.DocAuthoritySubHandler$3, reason: invalid class name */
    /* loaded from: input_file:com/huawei/es/security/author/parsers/DocAuthoritySubHandler$3.class */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$com$huawei$es$security$author$bean$OpType = new int[OpType.values().length];

        static {
            try {
                $SwitchMap$com$huawei$es$security$author$bean$OpType[OpType.CREATE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$huawei$es$security$author$bean$OpType[OpType.DELETE_DOC.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$huawei$es$security$author$bean$OpType[OpType.UPDATE_DOC.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$huawei$es$security$author$bean$OpType[OpType.CREATE_DOC.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$huawei$es$security$author$bean$OpType[OpType.INDEX_DOC.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$huawei$es$security$author$bean$OpType[OpType.HEAD_DOC.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$huawei$es$security$author$bean$OpType[OpType.READ_DOC.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    public DocAuthoritySubHandler(ClusterStateManager clusterStateManager2) {
        clusterStateManager = clusterStateManager2;
    }

    @Override // com.huawei.es.security.author.parsers.BasicAuthoritySubHandler
    public String[] getKeyWords() {
        return KEY_WORDS;
    }

    @Override // com.huawei.es.security.author.parsers.BasicAuthoritySubHandler
    public void doAuthorise(FullHttpRequest fullHttpRequest, FullHttpResponse fullHttpResponse) throws AuthorizationException, IOException {
        PermissionChecker permissionChecker = new PermissionChecker(AuthorityConstants.SUPER_USER, fullHttpResponse.headers().get(AuthorityConstants.CUSTOMISED_HTTP_RESPONSE_HEAD_NAME_FOR_USERNAME));
        for (IndexOperationInfo indexOperationInfo : parseHttpRequest(fullHttpRequest)) {
            if (!AuthorityUtil.isRangerAuthzEnable(AuthorityConstants.getSetting())) {
                doOneAuthorize(permissionChecker, indexOperationInfo.getIndexName(), indexOperationInfo.getType());
            }
            HttpResponseParser.addIndexOpTypeResultForFuture(fullHttpResponse, indexOperationInfo.getIndexName(), indexOperationInfo.getType());
        }
    }

    private void doOneAuthorize(PermissionChecker permissionChecker, String str, OpType opType) throws AuthorizationException {
        switch (AnonymousClass3.$SwitchMap$com$huawei$es$security$author$bean$OpType[opType.ordinal()]) {
            case HwSecurityConstants.SECURITY_SSL_TRANSPORT_ENABLED_DEFAULT /* 1 */:
                permissionChecker.checkAccessPrivilege();
                return;
            case AuthorityConstants.CODE_2XX_DIVIDE_BY_100 /* 2 */:
            case 3:
            case AuthorityConstants.ERROR4XX_DIVIDE_BY_100 /* 4 */:
            case AuthorityConstants.ERROR_5XX_DIVIDE_BY_100 /* 5 */:
                if (isHitAllIndex(str)) {
                    permissionChecker.checkSuperPrivilege();
                    return;
                } else {
                    permissionChecker.checkPermissionForWriteAction(str, IndicesPermission.IndexPermission.WRITE);
                    return;
                }
            case 6:
                permissionChecker.checkIndexJustWriteOrReadPrivilege(str);
                return;
            case 7:
                if (isHitAllIndex(str)) {
                    permissionChecker.checkSuperPrivilege();
                    return;
                } else {
                    permissionChecker.checkPermission(str, IndicesPermission.IndexPermission.READ);
                    return;
                }
            default:
                permissionChecker.checkPermission(str, IndicesPermission.IndexPermission.READ);
                return;
        }
    }

    private List<IndexOperationInfo> parseHttpRequest(FullHttpRequest fullHttpRequest) throws IOException {
        List<IndexOperationInfo> arrayList = new ArrayList();
        String keyWords = keyWords(fullHttpRequest);
        boolean z = -1;
        switch (keyWords.hashCode()) {
            case -848647872:
                if (keyWords.equals(REINDEX)) {
                    z = 8;
                    break;
                }
                break;
            case -549135179:
                if (keyWords.equals(DELETE_BY_QUERY)) {
                    z = true;
                    break;
                }
                break;
            case -145144586:
                if (keyWords.equals(M_TERM_VECTORS)) {
                    z = 6;
                    break;
                }
                break;
            case -125842601:
                if (keyWords.equals(UPDATE_BY_QUERY)) {
                    z = 3;
                    break;
                }
                break;
            case 90769905:
                if (keyWords.equals("_bulk")) {
                    z = 7;
                    break;
                }
                break;
            case 91083944:
                if (keyWords.equals(M_GET)) {
                    z = 5;
                    break;
                }
                break;
            case 151179237:
                if (keyWords.equals(TERM_VECTORS)) {
                    z = 4;
                    break;
                }
                break;
            case 1544803905:
                if (keyWords.equals("default")) {
                    z = false;
                    break;
                }
                break;
            case 1869624808:
                if (keyWords.equals(UPDATE)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case HwSecurityConstants.SECURITY_SSL_HTTP_ENABLED_DEFAULT /* 0 */:
                arrayList = parseRequestForDefaultRequest(fullHttpRequest);
                break;
            case HwSecurityConstants.SECURITY_SSL_TRANSPORT_ENABLED_DEFAULT /* 1 */:
                if (!HttpRequestParser.isStartWithKeyword(fullHttpRequest, DELETE_BY_QUERY)) {
                    arrayList = Alias2IndexTurner.aliasOrWildcard2Indexes(HttpRequestParser.getIndexsFromURL(fullHttpRequest), OpType.DELETE_DOC);
                    break;
                } else {
                    arrayList.add(new IndexOperationInfo(AuthorityConstants.PATTERN_STAR, OpType.DELETE_DOC));
                    break;
                }
            case AuthorityConstants.CODE_2XX_DIVIDE_BY_100 /* 2 */:
            case true:
                arrayList = Alias2IndexTurner.aliasOrWildcard2Indexes(HttpRequestParser.getIndexsFromURL(fullHttpRequest), OpType.UPDATE_DOC);
                break;
            case AuthorityConstants.ERROR4XX_DIVIDE_BY_100 /* 4 */:
                arrayList = Alias2IndexTurner.aliasOrWildcard2Indexes(HttpRequestParser.getIndexsFromURL(fullHttpRequest), OpType.READ_DOC);
                break;
            case AuthorityConstants.ERROR_5XX_DIVIDE_BY_100 /* 5 */:
                arrayList = Alias2IndexTurner.aliasOrWildcard2Indexes(getIndexFromHttpRequestForMultiIndex(fullHttpRequest, M_GET), OpType.READ_DOC);
                break;
            case true:
                arrayList = Alias2IndexTurner.aliasOrWildcard2Indexes(getIndexFromHttpRequestForMultiIndex(fullHttpRequest, M_TERM_VECTORS), OpType.READ_DOC);
                break;
            case true:
                arrayList = parseRequestForBulk(fullHttpRequest);
                break;
            case true:
                arrayList = parseRequestForReindex(fullHttpRequest);
                break;
            default:
                LOG.warn("No case to match this request, please check your request.");
                break;
        }
        return arrayList;
    }

    private static List<IndexOperationInfo> parseRequestForDefaultRequest(FullHttpRequest fullHttpRequest) {
        ArrayList arrayList = new ArrayList();
        OpType opTypeFromHttpMethod = getOpTypeFromHttpMethod(fullHttpRequest);
        String[] parsePattenFromPath = HttpRequestParser.parsePattenFromPath(fullHttpRequest.uri(), new HashMap(), "index");
        for (String str : parsePattenFromPath) {
            if (null != str && !str.trim().isEmpty() && opTypeFromHttpMethod.equals(OpType.CREATE_DOC) && !Alias2IndexTurner.isIndexExist(str)) {
                String resolveDateMathExpression = Alias2IndexTurner.resolveDateMathExpression(str);
                LOG.debug("Parsed result type : {} and index name : {}", OpType.CREATE, resolveDateMathExpression);
                arrayList.add(new IndexOperationInfo(resolveDateMathExpression, OpType.CREATE));
                return arrayList;
            }
        }
        arrayList.addAll(Alias2IndexTurner.aliasOrWildcard2Indexes(parsePattenFromPath, opTypeFromHttpMethod));
        return arrayList;
    }

    private static List<IndexOperationInfo> parseRequestForReindex(FullHttpRequest fullHttpRequest) throws IOException {
        ReindexInfo reindexInfo = (ReindexInfo) new ObjectMapper().readValue(fullHttpRequest.content().toString(CharsetUtil.UTF_8), new TypeReference<ReindexInfo>() { // from class: com.huawei.es.security.author.parsers.DocAuthoritySubHandler.1
        });
        List<String> sourceIndex = reindexInfo.getSourceIndex();
        List<String> destIndex = reindexInfo.getDestIndex();
        if (sourceIndex == null || sourceIndex.isEmpty() || destIndex == null) {
            LOG.warn("When reindex , source index or dest index is missing, please check your reindex request.");
            LOG.warn("The belows json content is wrong.");
            throw new IOException("Reindex request body has no good content, please check content format.");
        }
        ArrayList arrayList = new ArrayList(Alias2IndexTurner.aliasOrWildcard2Indexes((String[]) sourceIndex.toArray(new String[0]), OpType.READ_DOC));
        for (String str : destIndex) {
            try {
                for (String str2 : Alias2IndexTurner.alias2FullNameWithException(str)) {
                    arrayList.add(new IndexOperationInfo(str2, OpType.INDEX_DOC));
                }
            } catch (IndexNotFoundException e) {
                arrayList.add(new IndexOperationInfo(Alias2IndexTurner.resolveDateMathExpression(str), OpType.CREATE));
            }
        }
        return arrayList;
    }

    private List<IndexOperationInfo> parseRequestForBulk(FullHttpRequest fullHttpRequest) throws IOException {
        return new ArrayList(new HashSet(parseMultiIndexesForBulkRequest(fullHttpRequest)));
    }

    private List<IndexOperationInfo> parseMultiIndexesForBulkRequest(FullHttpRequest fullHttpRequest) throws IOException {
        BulkRequest bulkRequest = Requests.bulkRequest();
        HashMap newHashMap = Maps.newHashMap();
        String uri = fullHttpRequest.uri();
        String indexFromPath = HttpRequestParser.getIndexFromPath(uri, newHashMap);
        RestUtils.decodeQueryString(uri, uri.indexOf(63) + 1, newHashMap);
        bulkRequest.add(Netty4Utils.toBytesReference(fullHttpRequest.content()), indexFromPath, (String) newHashMap.get(AuthorityConstants.SECURITY_INDEX_FIELD_TYPE), XContentType.JSON);
        return new ArrayList(parseMutiPartInBulkRequestBody(getIndexAndOpTypeFromBulkRequest(bulkRequest.requests())));
    }

    private static Collection<? extends IndexOperationInfo> parseMutiPartInBulkRequestBody(HashMap<String, Set<String>> hashMap) {
        if (null == hashMap || hashMap.isEmpty()) {
            return new ArrayList();
        }
        ArrayList arrayList = new ArrayList();
        Set<String> keySet = hashMap.keySet();
        Set<String> existsAlias = getExistsAlias(keySet);
        Sets.SetView difference = Sets.difference(keySet, existsAlias);
        for (Map.Entry<String, Set<String>> entry : getAllIndex2Optypes(hashMap, existsAlias).entrySet()) {
            String key = entry.getKey();
            for (String str : entry.getValue()) {
                if (!str.equals("delete") && difference.contains(key) && AutoCreateIndexChecker.shouldAutoCreate(key, clusterStateManager.getClusterState())) {
                    arrayList.add(new IndexOperationInfo(key, OpType.CREATE));
                }
                if (str.equals("create")) {
                    arrayList.add(new IndexOperationInfo(key, OpType.CREATE_DOC));
                }
                if (str.equals("delete")) {
                    arrayList.add(new IndexOperationInfo(key, OpType.DELETE_DOC));
                }
                if (str.equals("index")) {
                    arrayList.add(new IndexOperationInfo(key, OpType.INDEX_DOC));
                }
                if (str.equals("update")) {
                    arrayList.add(new IndexOperationInfo(key, OpType.UPDATE_DOC));
                }
            }
        }
        return arrayList;
    }

    private static HashMap<String, Set<String>> getAllIndex2Optypes(HashMap<String, Set<String>> hashMap, Set<String> set) {
        Set<String> set2;
        if (set.size() == 0) {
            return hashMap;
        }
        Map<String, Set<String>> mutiGetAlias2ExactIndexNameMap = mutiGetAlias2ExactIndexNameMap((String[]) set.toArray(new String[0]));
        if (mutiGetAlias2ExactIndexNameMap != null && !mutiGetAlias2ExactIndexNameMap.isEmpty()) {
            for (Map.Entry<String, Set<String>> entry : mutiGetAlias2ExactIndexNameMap.entrySet()) {
                String key = entry.getKey();
                for (String str : entry.getValue()) {
                    if (!hashMap.containsKey(str) && (set2 = hashMap.get(key)) != null && !set2.isEmpty()) {
                        hashMap.put(str, set2);
                    }
                }
                hashMap.remove(key);
            }
        }
        return hashMap;
    }

    private static Set<String> getExistsAlias(Set<String> set) {
        HashSet newHashSet = Sets.newHashSet();
        for (String str : set) {
            if (Alias2IndexTurner.isIndexExist(str)) {
                newHashSet.add(str);
            }
        }
        return newHashSet;
    }

    private static HashMap<String, Set<String>> getIndexAndOpTypeFromBulkRequest(List<DocWriteRequest<?>> list) {
        if (null == list || list.isEmpty()) {
            return new HashMap<>(0);
        }
        HashMap<String, Set<String>> newHashMap = Maps.newHashMap();
        for (DocWriteRequest<?> docWriteRequest : list) {
            Set<String> set = newHashMap.get(docWriteRequest.index());
            Set<String> newHashSet = set == null ? Sets.newHashSet() : set;
            newHashSet.add(docWriteRequest.opType().name().toLowerCase());
            newHashMap.put(docWriteRequest.index(), newHashSet);
        }
        return newHashMap;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static Map<String, Set<String>> mutiGetAlias2ExactIndexNameMap(String[] strArr) {
        Map hashMap = new HashMap();
        if (strArr == null || strArr.length == 0) {
            LOG.debug("No index or alias was found.");
            return hashMap;
        }
        try {
            hashMap = Alias2IndexTurner.mutiGetAliases2ExactIndexNameMap(Alias2IndexTurner.getRpcClient(), strArr);
        } catch (IndexNotFoundException e) {
            LOG.debug("There are some indices can not found.");
        }
        return hashMap;
    }

    private static String[] getIndexFromHttpRequestForMultiIndex(FullHttpRequest fullHttpRequest, String str) throws IOException {
        return HttpRequestParser.isOnlyKeywordInURL(fullHttpRequest, str) ? (String[]) getIndexFromHttpRequestBodyForMultiIndex(fullHttpRequest).toArray(new String[0]) : HttpRequestParser.getIndexsFromURL(fullHttpRequest);
    }

    private static List<String> getIndexFromHttpRequestBodyForMultiIndex(FullHttpRequest fullHttpRequest) throws IOException {
        LinkedList linkedList = new LinkedList();
        Map map = (Map) new ObjectMapper().readValue(fullHttpRequest.content().toString(CharsetUtil.UTF_8), new TypeReference<HashMap<String, List<GetDocInfo>>>() { // from class: com.huawei.es.security.author.parsers.DocAuthoritySubHandler.2
        });
        Iterator it = map.keySet().iterator();
        while (it.hasNext()) {
            Iterator it2 = ((List) map.get(it.next())).iterator();
            while (it2.hasNext()) {
                linkedList.add(((GetDocInfo) it2.next()).getIndex());
            }
        }
        return linkedList;
    }

    private static OpType getOpTypeFromHttpMethod(FullHttpRequest fullHttpRequest) {
        OpType opType = httpMethod2Type.get(fullHttpRequest.method().name().toUpperCase());
        if (null == opType) {
            opType = OpType.READ_DOC;
        }
        return opType;
    }

    static {
        keywords2Type.put(DELETE_BY_QUERY, OpType.DELETE_DOC);
        keywords2Type.put(UPDATE, OpType.UPDATE_DOC);
        keywords2Type.put(UPDATE_BY_QUERY, OpType.UPDATE_DOC);
        keywords2Type.put(M_GET, OpType.READ_DOC);
        keywords2Type.put(REINDEX, OpType.CREATE_DOC);
        httpMethod2Type.put(HttpMethod.DELETE.name(), OpType.DELETE_DOC);
        httpMethod2Type.put(HttpMethod.POST.name(), OpType.CREATE_DOC);
        httpMethod2Type.put(HttpMethod.PUT.name(), OpType.CREATE_DOC);
        httpMethod2Type.put(HttpMethod.GET.name(), OpType.READ_DOC);
        httpMethod2Type.put(HttpMethod.HEAD.name(), OpType.HEAD_DOC);
        httpMethod2Type.put(HttpMethod.DELETE.name().toUpperCase(), OpType.DELETE_DOC);
        httpMethod2Type.put(HttpMethod.POST.name().toUpperCase(), OpType.CREATE_DOC);
        httpMethod2Type.put(HttpMethod.PUT.name().toUpperCase(), OpType.CREATE_DOC);
        httpMethod2Type.put(HttpMethod.GET.name().toUpperCase(), OpType.READ_DOC);
        httpMethod2Type.put(HttpMethod.HEAD.name().toUpperCase(), OpType.HEAD_DOC);
    }
}
