package com.amazon.opendistroforelasticsearch.security.dlic.rest.api;

import com.amazon.opendistroforelasticsearch.security.DefaultObjectMapper;
import com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog;
import com.amazon.opendistroforelasticsearch.security.auditlog.config.AuditConfig;
import com.amazon.opendistroforelasticsearch.security.configuration.AdminDNs;
import com.amazon.opendistroforelasticsearch.security.configuration.ConfigurationRepository;
import com.amazon.opendistroforelasticsearch.security.configuration.StaticResourceException;
import com.amazon.opendistroforelasticsearch.security.dlic.rest.support.Utils;
import com.amazon.opendistroforelasticsearch.security.dlic.rest.validation.AbstractConfigurationValidator;
import com.amazon.opendistroforelasticsearch.security.dlic.rest.validation.AuditValidator;
import com.amazon.opendistroforelasticsearch.security.privileges.PrivilegesEvaluator;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.CType;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.SecurityDynamicConfiguration;
import com.amazon.opendistroforelasticsearch.security.ssl.transport.PrincipalExtractor;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.JsonNode;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.nio.file.Path;
import java.util.List;
import java.util.Map;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/dlic/rest/api/AuditApiAction.class */
public class AuditApiAction extends PatchableResourceApiAction {
    private static final List<RestHandler.Route> routes = ImmutableList.of(new RestHandler.Route(RestRequest.Method.GET, "/_opendistro/_security/api/audit/"), new RestHandler.Route(RestRequest.Method.PUT, "/_opendistro/_security/api/audit/{name}"), new RestHandler.Route(RestRequest.Method.PATCH, "/_opendistro/_security/api/audit/"));
    private static final String RESOURCE_NAME = "config";

    @VisibleForTesting
    public static final String READONLY_FIELD = "_readonly";

    @VisibleForTesting
    public static final String STATIC_RESOURCE = "/static_config/static_audit.yml";
    private final List<String> readonlyFields;
    private final PrivilegesEvaluator privilegesEvaluator;
    private final ThreadContext threadContext;

    public AuditApiAction(Settings settings, Path path, RestController restController, Client client, AdminDNs adminDNs, ConfigurationRepository configurationRepository, ClusterService clusterService, PrincipalExtractor principalExtractor, PrivilegesEvaluator privilegesEvaluator, ThreadPool threadPool, AuditLog auditLog) {
        super(settings, path, restController, client, adminDNs, configurationRepository, clusterService, principalExtractor, privilegesEvaluator, threadPool, auditLog);
        this.privilegesEvaluator = privilegesEvaluator;
        this.threadContext = threadPool.getThreadContext();
        try {
            this.readonlyFields = (List) ((Map) DefaultObjectMapper.YAML_MAPPER.readValue(getClass().getResourceAsStream(STATIC_RESOURCE), new TypeReference<Map<String, List<String>>>() { // from class: com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AuditApiAction.1
            })).get(READONLY_FIELD);
            if (AuditConfig.FIELD_PATHS.containsAll(this.readonlyFields)) {
            } else {
                throw new StaticResourceException("Invalid read-only field paths provided in static resource file /static_config/static_audit.yml", new Object[0]);
            }
        } catch (IOException e) {
            throw new StaticResourceException("Unable to load audit static resource file", e, new Object[0]);
        }
    }

    public List<RestHandler.Route> routes() {
        return routes;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.PatchableResourceApiAction, com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public void handleApiRequest(RestChannel restChannel, RestRequest restRequest, Client client) throws IOException {
        if (this.cl.isAuditHotReloadingEnabled()) {
            super.handleApiRequest(restChannel, restRequest, client);
        } else {
            notImplemented(restChannel, restRequest.method());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public void handlePut(RestChannel restChannel, RestRequest restRequest, Client client, JsonNode jsonNode) throws IOException {
        if (RESOURCE_NAME.equals(restRequest.param("name"))) {
            super.handlePut(restChannel, restRequest, client, jsonNode);
        } else {
            badRequestResponse(restChannel, "name must be config");
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    protected void handleGet(RestChannel restChannel, RestRequest restRequest, Client client, JsonNode jsonNode) {
        SecurityDynamicConfiguration<?> load = load(getConfigName(), true);
        filter(load);
        String resourceName = getResourceName();
        if (!load.exists(resourceName)) {
            notFound(restChannel, "Resource '" + resourceName + "' not found.");
        } else {
            load.putCObject(READONLY_FIELD, this.readonlyFields);
            successResponse(restChannel, load);
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    protected void handlePost(RestChannel restChannel, RestRequest restRequest, Client client, JsonNode jsonNode) {
        notImplemented(restChannel, RestRequest.Method.POST);
    }

    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    protected void handleDelete(RestChannel restChannel, RestRequest restRequest, Client client, JsonNode jsonNode) {
        notImplemented(restChannel, RestRequest.Method.DELETE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public AbstractConfigurationValidator getValidator(RestRequest restRequest, BytesReference bytesReference, Object... objArr) {
        return new AuditValidator(restRequest, bytesReference, this.settings, objArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public String getResourceName() {
        return RESOURCE_NAME;
    }

    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    protected Endpoint getEndpoint() {
        return Endpoint.AUDIT;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public CType getConfigName() {
        return CType.AUDIT;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public boolean isReadonlyFieldUpdated(JsonNode jsonNode, JsonNode jsonNode2) {
        if (isSuperAdmin()) {
            return false;
        }
        return this.readonlyFields.stream().anyMatch(str -> {
            return !jsonNode.at(str).equals(jsonNode2.at(str));
        });
    }

    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    protected boolean isReadonlyFieldUpdated(SecurityDynamicConfiguration<?> securityDynamicConfiguration, JsonNode jsonNode) {
        return isReadonlyFieldUpdated(Utils.convertJsonToJackson(securityDynamicConfiguration, false).get(getResourceName()), jsonNode);
    }
}
