package com.amazon.opendistroforelasticsearch.security.dlic.rest.validation;

import com.amazon.opendistroforelasticsearch.security.DefaultObjectMapper;
import com.amazon.opendistroforelasticsearch.security.support.ConfigConstants;
import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonToken;
import com.fasterxml.jackson.databind.JsonNode;
import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestRequest;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/dlic/rest/validation/AbstractConfigurationValidator.class */
public abstract class AbstractConfigurationValidator {
    public static final String INVALID_KEYS_KEY = "invalid_keys";
    public static final String MISSING_MANDATORY_KEYS_KEY = "missing_mandatory_keys";
    public static final String MISSING_MANDATORY_OR_KEYS_KEY = "specify_one_of";
    protected final RestRequest.Method method;
    protected final BytesReference content;
    protected final Settings esSettings;
    protected final RestRequest request;
    protected final Object[] param;
    private JsonNode contentAsNode;
    JsonFactory factory = new JsonFactory();
    protected final Logger log = LogManager.getLogger(getClass());
    protected final Map<String, DataType> allowedKeys = new HashMap();
    protected final Set<String> mandatoryKeys = new HashSet();
    protected final Set<String> mandatoryOrKeys = new HashSet();
    protected final Map<String, String> wrongDatatypes = new HashMap();
    protected final Set<String> missingMandatoryKeys = new HashSet();
    protected final Set<String> invalidKeys = new HashSet();
    protected final Set<String> missingMandatoryOrKeys = new HashSet();
    protected ErrorType errorType = ErrorType.NONE;
    protected boolean payloadMandatory = false;
    protected boolean payloadAllowed = true;

    /* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/dlic/rest/validation/AbstractConfigurationValidator$DataType.class */
    public enum DataType {
        STRING,
        ARRAY,
        OBJECT,
        BOOLEAN
    }

    /* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/dlic/rest/validation/AbstractConfigurationValidator$ErrorType.class */
    public enum ErrorType {
        NONE("ok"),
        INVALID_CONFIGURATION("Invalid configuration"),
        INVALID_PASSWORD("Invalid password"),
        WRONG_DATATYPE("Wrong datatype"),
        BODY_NOT_PARSEABLE("Could not parse content of request."),
        PAYLOAD_NOT_ALLOWED("Request body not allowed for this action."),
        PAYLOAD_MANDATORY("Request body required for this action."),
        SECURITY_NOT_INITIALIZED("Security index not initialized");

        private String message;

        ErrorType(String str) {
            this.message = str;
        }

        public String getMessage() {
            return this.message;
        }
    }

    public AbstractConfigurationValidator(RestRequest restRequest, BytesReference bytesReference, Settings settings, Object... objArr) {
        this.content = bytesReference;
        this.method = restRequest.method();
        this.esSettings = settings;
        this.request = restRequest;
        this.param = objArr;
    }

    public JsonNode getContentAsNode() {
        return this.contentAsNode;
    }

    public boolean validate() {
        if (this.method.equals(RestRequest.Method.DELETE) || this.method.equals(RestRequest.Method.GET)) {
            return true;
        }
        if (this.payloadMandatory && this.content.length() == 0) {
            this.errorType = ErrorType.PAYLOAD_MANDATORY;
            return false;
        }
        if (!this.payloadMandatory && this.content.length() == 0) {
            return true;
        }
        if (this.payloadMandatory && this.content.length() > 0) {
            try {
                if (DefaultObjectMapper.readTree(this.content.utf8ToString()).size() == 0) {
                    this.errorType = ErrorType.PAYLOAD_MANDATORY;
                    return false;
                }
            } catch (IOException e) {
                this.log.error(ErrorType.BODY_NOT_PARSEABLE.toString(), e);
                this.errorType = ErrorType.BODY_NOT_PARSEABLE;
                return false;
            }
        }
        if (!this.payloadAllowed && this.content.length() > 0) {
            this.errorType = ErrorType.PAYLOAD_NOT_ALLOWED;
            return false;
        }
        HashSet hashSet = new HashSet();
        try {
            this.contentAsNode = DefaultObjectMapper.readTree(this.content.utf8ToString());
            hashSet.addAll(ImmutableList.copyOf(this.contentAsNode.fieldNames()));
            if (Collections.disjoint(hashSet, this.mandatoryOrKeys)) {
                this.missingMandatoryOrKeys.addAll(this.mandatoryOrKeys);
            }
            HashSet hashSet2 = new HashSet(this.mandatoryKeys);
            hashSet2.removeAll(hashSet);
            this.missingMandatoryKeys.addAll(hashSet2);
            hashSet.removeAll(new HashSet(this.allowedKeys.keySet()));
            this.invalidKeys.addAll(hashSet);
            boolean z = this.missingMandatoryKeys.isEmpty() && this.invalidKeys.isEmpty() && this.missingMandatoryOrKeys.isEmpty();
            if (!z) {
                this.errorType = ErrorType.INVALID_CONFIGURATION;
            }
            try {
                if (checkDatatypes()) {
                    return z;
                }
                this.errorType = ErrorType.WRONG_DATATYPE;
                return false;
            } catch (Exception e2) {
                this.log.error(ErrorType.BODY_NOT_PARSEABLE.toString(), e2);
                this.errorType = ErrorType.BODY_NOT_PARSEABLE;
                return false;
            }
        } catch (Exception e3) {
            this.log.error(ErrorType.BODY_NOT_PARSEABLE.toString(), e3);
            this.errorType = ErrorType.BODY_NOT_PARSEABLE;
            return false;
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    private boolean checkDatatypes() throws Exception {
        JsonParser createParser = this.factory.createParser(XContentHelper.convertToJson(this.content, false, XContentType.JSON));
        while (true) {
            try {
                JsonToken nextToken = createParser.nextToken();
                if (nextToken == null) {
                    boolean isEmpty = this.wrongDatatypes.isEmpty();
                    if (createParser != null) {
                        createParser.close();
                    }
                    return isEmpty;
                }
                if (nextToken.equals(JsonToken.FIELD_NAME)) {
                    String currentName = createParser.getCurrentName();
                    DataType dataType = this.allowedKeys.get(currentName);
                    if (dataType != null) {
                        JsonToken nextToken2 = createParser.nextToken();
                        switch (dataType) {
                            case STRING:
                                if (!nextToken2.equals(JsonToken.VALUE_STRING)) {
                                    this.wrongDatatypes.put(currentName, "String expected");
                                    break;
                                }
                                break;
                            case ARRAY:
                                if (!nextToken2.equals(JsonToken.START_ARRAY) && !nextToken2.equals(JsonToken.END_ARRAY)) {
                                    this.wrongDatatypes.put(currentName, "Array expected");
                                    break;
                                }
                                break;
                            case OBJECT:
                                if (!nextToken2.equals(JsonToken.START_OBJECT) && !nextToken2.equals(JsonToken.END_OBJECT)) {
                                    this.wrongDatatypes.put(currentName, "Object expected");
                                    break;
                                }
                                break;
                        }
                    }
                }
            } catch (Throwable th) {
                if (createParser != null) {
                    try {
                        createParser.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
    }

    public XContentBuilder errorsAsXContent(RestChannel restChannel) {
        try {
            XContentBuilder newBuilder = restChannel.newBuilder();
            newBuilder.startObject();
            switch (this.errorType) {
                case NONE:
                    newBuilder.field("status", "error");
                    newBuilder.field("reason", this.errorType.getMessage());
                    break;
                case INVALID_CONFIGURATION:
                    newBuilder.field("status", "error");
                    newBuilder.field("reason", ErrorType.INVALID_CONFIGURATION.getMessage());
                    addErrorMessage(newBuilder, INVALID_KEYS_KEY, this.invalidKeys);
                    addErrorMessage(newBuilder, MISSING_MANDATORY_KEYS_KEY, this.missingMandatoryKeys);
                    addErrorMessage(newBuilder, MISSING_MANDATORY_OR_KEYS_KEY, this.missingMandatoryKeys);
                    break;
                case INVALID_PASSWORD:
                    newBuilder.field("status", "error");
                    newBuilder.field("reason", this.esSettings.get(ConfigConstants.OPENDISTRO_SECURITY_RESTAPI_PASSWORD_VALIDATION_ERROR_MESSAGE, "Password does not match minimum criteria"));
                    break;
                case WRONG_DATATYPE:
                    newBuilder.field("status", "error");
                    newBuilder.field("reason", ErrorType.WRONG_DATATYPE.getMessage());
                    for (Map.Entry<String, String> entry : this.wrongDatatypes.entrySet()) {
                        newBuilder.field(entry.getKey(), entry.getValue());
                    }
                    break;
                default:
                    newBuilder.field("status", "error");
                    newBuilder.field("reason", this.errorType.getMessage());
                    break;
            }
            newBuilder.endObject();
            return newBuilder;
        } catch (IOException e) {
            this.log.error("Cannot build error settings", e);
            return null;
        }
    }

    private void addErrorMessage(XContentBuilder xContentBuilder, String str, Set<String> set) throws IOException {
        if (set.isEmpty()) {
            return;
        }
        xContentBuilder.startObject(str);
        xContentBuilder.field("keys", Joiner.on(",").join(set.toArray(new String[0])));
        xContentBuilder.endObject();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean hasParams() {
        return this.param != null && this.param.length > 0;
    }
}
