package com.amazon.opendistroforelasticsearch.security.rest;

import com.amazon.opendistroforelasticsearch.security.configuration.AdminDNs;
import com.amazon.opendistroforelasticsearch.security.configuration.ConfigurationRepository;
import com.amazon.opendistroforelasticsearch.security.privileges.PrivilegesEvaluator;
import com.amazon.opendistroforelasticsearch.security.securityconf.DynamicConfigFactory;
import com.amazon.opendistroforelasticsearch.security.securityconf.RoleMappings;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.CType;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.SecurityDynamicConfiguration;
import com.amazon.opendistroforelasticsearch.security.support.ConfigConstants;
import com.amazon.opendistroforelasticsearch.security.user.User;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.rest.BaseRestHandler;
import org.elasticsearch.rest.BytesRestResponse;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/rest/TenantInfoAction.class */
public class TenantInfoAction extends BaseRestHandler {
    private static final List<RestHandler.Route> routes = ImmutableList.of(new RestHandler.Route(RestRequest.Method.GET, "/_opendistro/_security/tenantinfo"), new RestHandler.Route(RestRequest.Method.POST, "/_opendistro/_security/tenantinfo"));
    private final Logger log = LogManager.getLogger(getClass());
    private final PrivilegesEvaluator evaluator;
    private final ThreadContext threadContext;
    private final ClusterService clusterService;
    private final AdminDNs adminDns;
    private final ConfigurationRepository configurationRepository;

    public TenantInfoAction(Settings settings, RestController restController, PrivilegesEvaluator privilegesEvaluator, ThreadPool threadPool, ClusterService clusterService, AdminDNs adminDNs, ConfigurationRepository configurationRepository) {
        this.threadContext = threadPool.getThreadContext();
        this.evaluator = privilegesEvaluator;
        this.clusterService = clusterService;
        this.adminDns = adminDNs;
        this.configurationRepository = configurationRepository;
    }

    public List<RestHandler.Route> routes() {
        return routes;
    }

    protected BaseRestHandler.RestChannelConsumer prepareRequest(RestRequest restRequest, NodeClient nodeClient) throws IOException {
        return new BaseRestHandler.RestChannelConsumer() { // from class: com.amazon.opendistroforelasticsearch.security.rest.TenantInfoAction.1
            public void accept(RestChannel restChannel) throws Exception {
                BytesRestResponse bytesRestResponse;
                XContentBuilder newBuilder = restChannel.newBuilder();
                try {
                    try {
                        if (TenantInfoAction.this.isAuthorized()) {
                            newBuilder.startObject();
                            for (String str : TenantInfoAction.this.clusterService.state().metadata().getIndicesLookup().keySet()) {
                                String tenantNameForIndex = TenantInfoAction.this.tenantNameForIndex(str);
                                if (tenantNameForIndex != null) {
                                    newBuilder.field(str, tenantNameForIndex);
                                }
                            }
                            newBuilder.endObject();
                            bytesRestResponse = new BytesRestResponse(RestStatus.OK, newBuilder);
                        } else {
                            bytesRestResponse = new BytesRestResponse(RestStatus.FORBIDDEN, "");
                        }
                        if (newBuilder != null) {
                            newBuilder.close();
                        }
                    } catch (Exception e) {
                        TenantInfoAction.this.log.error(e.toString(), e);
                        XContentBuilder newBuilder2 = restChannel.newBuilder();
                        newBuilder2.startObject();
                        newBuilder2.field("error", e.toString());
                        newBuilder2.endObject();
                        bytesRestResponse = new BytesRestResponse(RestStatus.INTERNAL_SERVER_ERROR, newBuilder2);
                        if (newBuilder2 != null) {
                            newBuilder2.close();
                        }
                    }
                    restChannel.sendResponse(bytesRestResponse);
                } catch (Throwable th) {
                    if (newBuilder != null) {
                        newBuilder.close();
                    }
                    throw th;
                }
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isAuthorized() {
        RoleMappings roleMappings;
        User user = (User) this.threadContext.getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER);
        if (user == null) {
            return false;
        }
        if (user.getName().equals(this.evaluator.kibanaServerUsername()) || this.adminDns.isAdmin(user)) {
            return true;
        }
        SecurityDynamicConfiguration<?> load = load(CType.ROLESMAPPING, true);
        if (load == null) {
            return false;
        }
        String kibanaOpendistroRole = this.evaluator.kibanaOpendistroRole();
        return (Strings.isNullOrEmpty(kibanaOpendistroRole) || (roleMappings = (RoleMappings) load.getCEntries().getOrDefault(kibanaOpendistroRole, null)) == null || !roleMappings.getUsers().contains(user.getName())) ? false : true;
    }

    private final SecurityDynamicConfiguration<?> load(CType cType, boolean z) {
        return DynamicConfigFactory.addStatics(this.configurationRepository.getConfigurationsFromIndex(Collections.singleton(cType), z).get(cType).deepClone());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String tenantNameForIndex(String str) {
        if (str == null) {
            return null;
        }
        String[] split = str.split("_");
        if (split.length != 3 || !split[0].equals(this.evaluator.kibanaIndex())) {
            return null;
        }
        try {
            int parseInt = Integer.parseInt(split[1]);
            String str2 = split[2];
            for (String str3 : this.evaluator.getAllConfiguredTenantNames()) {
                if (str3.hashCode() == parseInt && str2.equals(str3.toLowerCase().replaceAll("[^a-z0-9]+", ""))) {
                    return str3;
                }
            }
            return "__private__";
        } catch (NumberFormatException e) {
            this.log.warn("Index " + str + " looks like a Security tenant index but we cannot parse the hashcode so we ignore it.");
            return null;
        }
    }

    public String getName() {
        return "Tenant Info Action";
    }
}
