package com.amazon.opendistroforelasticsearch.security.dlic.rest.validation;

import com.amazon.opendistroforelasticsearch.security.dlic.rest.validation.AbstractConfigurationValidator;
import com.amazon.opendistroforelasticsearch.security.ssl.util.Utils;
import com.amazon.opendistroforelasticsearch.security.support.ConfigConstants;
import java.util.Map;
import java.util.regex.Pattern;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.compress.NotXContentException;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.rest.RestRequest;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/dlic/rest/validation/CredentialsValidator.class */
public class CredentialsValidator extends AbstractConfigurationValidator {
    public CredentialsValidator(RestRequest restRequest, BytesReference bytesReference, Settings settings, Object... objArr) {
        super(restRequest, bytesReference, settings, objArr);
        this.payloadMandatory = true;
        this.allowedKeys.put("hash", AbstractConfigurationValidator.DataType.STRING);
        this.allowedKeys.put("password", AbstractConfigurationValidator.DataType.STRING);
    }

    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.validation.AbstractConfigurationValidator
    public boolean validate() {
        if (!super.validate()) {
            return false;
        }
        String str = this.esSettings.get(ConfigConstants.OPENDISTRO_SECURITY_RESTAPI_PASSWORD_VALIDATION_REGEX, (String) null);
        if ((this.request.method() != RestRequest.Method.PUT && this.request.method() != RestRequest.Method.PATCH) || this.content == null || this.content.length() <= 1) {
            return true;
        }
        try {
            String str2 = (String) ((Map) XContentHelper.convertToMap(this.content, false, XContentType.JSON).v2()).get("password");
            if (str2 == null) {
                return true;
            }
            if (str2.isEmpty()) {
                this.errorType = AbstractConfigurationValidator.ErrorType.INVALID_PASSWORD;
                return false;
            }
            if (Strings.isNullOrEmpty(str)) {
                return true;
            }
            if (!Pattern.compile("^" + str + "$").matcher(str2).matches()) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Regex does not match password");
                }
                this.errorType = AbstractConfigurationValidator.ErrorType.INVALID_PASSWORD;
                return false;
            }
            String param = this.request.param("name");
            String[] strArr = new String[1];
            strArr[0] = hasParams() ? (String) this.param[0] : null;
            String str3 = (String) Utils.coalesce(param, strArr);
            if (str3 == null || str3.isEmpty()) {
                if (!this.log.isDebugEnabled()) {
                    return false;
                }
                this.log.debug("Unable to validate username because no user is given");
                return false;
            }
            if (!str3.toLowerCase().equals(str2.toLowerCase())) {
                return true;
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug("Username must not match password");
            }
            this.errorType = AbstractConfigurationValidator.ErrorType.INVALID_PASSWORD;
            return false;
        } catch (NotXContentException e) {
            this.log.error("Invalid xContent: " + e, e);
            return false;
        }
    }
}
