package com.amazon.opendistroforelasticsearch.security.dlic.rest.validation;

import com.amazon.opendistroforelasticsearch.security.DefaultObjectMapper;
import com.amazon.opendistroforelasticsearch.security.auditlog.config.AuditConfig;
import com.amazon.opendistroforelasticsearch.security.auditlog.impl.AuditCategory;
import com.amazon.opendistroforelasticsearch.security.dlic.rest.validation.AbstractConfigurationValidator;
import com.google.common.collect.ImmutableSet;
import java.util.Set;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.rest.RestRequest;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/dlic/rest/validation/AuditValidator.class */
public class AuditValidator extends AbstractConfigurationValidator {
    private static final Set<AuditCategory> DISABLED_REST_CATEGORIES = ImmutableSet.of(AuditCategory.BAD_HEADERS, AuditCategory.SSL_EXCEPTION, AuditCategory.AUTHENTICATED, AuditCategory.FAILED_LOGIN, AuditCategory.GRANTED_PRIVILEGES, AuditCategory.MISSING_PRIVILEGES, new AuditCategory[0]);
    private static final Set<AuditCategory> DISABLED_TRANSPORT_CATEGORIES = ImmutableSet.of(AuditCategory.BAD_HEADERS, AuditCategory.SSL_EXCEPTION, AuditCategory.AUTHENTICATED, AuditCategory.FAILED_LOGIN, AuditCategory.GRANTED_PRIVILEGES, AuditCategory.MISSING_PRIVILEGES, new AuditCategory[]{AuditCategory.INDEX_EVENT, AuditCategory.OPENDISTRO_SECURITY_INDEX_ATTEMPT});

    public AuditValidator(RestRequest restRequest, BytesReference bytesReference, Settings settings, Object... objArr) {
        super(restRequest, bytesReference, settings, objArr);
        this.payloadMandatory = true;
        this.allowedKeys.put("enabled", AbstractConfigurationValidator.DataType.BOOLEAN);
        this.allowedKeys.put("audit", AbstractConfigurationValidator.DataType.OBJECT);
        this.allowedKeys.put("compliance", AbstractConfigurationValidator.DataType.OBJECT);
    }

    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.validation.AbstractConfigurationValidator
    public boolean validate() {
        if (!super.validate()) {
            return false;
        }
        if ((this.request.method() != RestRequest.Method.PUT && this.request.method() != RestRequest.Method.PATCH) || this.content == null || this.content.length() <= 0) {
            return true;
        }
        try {
            AuditConfig.Filter filter = ((AuditConfig) DefaultObjectMapper.readTree(getContentAsNode(), AuditConfig.class)).getFilter();
            if (!DISABLED_REST_CATEGORIES.containsAll(filter.getDisabledRestCategories())) {
                throw new IllegalArgumentException("Invalid REST categories passed in the request");
            }
            if (DISABLED_TRANSPORT_CATEGORIES.containsAll(filter.getDisabledTransportCategories())) {
                return true;
            }
            throw new IllegalArgumentException("Invalid transport categories passed in the request");
        } catch (Exception e) {
            this.errorType = AbstractConfigurationValidator.ErrorType.BODY_NOT_PARSEABLE;
            this.log.error("Invalid content passed in the request", e);
            return false;
        }
    }
}
