package org.opensearch.alerting.transport;

import java.util.List;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import org.apache.logging.log4j.Logger;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.opensearch.OpenSearchStatusException;
import org.opensearch.action.ActionListener;
import org.opensearch.alerting.model.destination.Destination;
import org.opensearch.alerting.settings.AlertingSettings;
import org.opensearch.alerting.util.AlertingException;
import org.opensearch.client.Client;
import org.opensearch.cluster.service.ClusterService;
import org.opensearch.commons.authuser.User;
import org.opensearch.rest.RestStatus;

/* compiled from: SecureTransportAction.kt */
@Metadata(mv = {1, 6, 0}, k = 1, xi = 48, d1 = {"��>\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0010\u000b\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\bf\u0018��2\u00020\u0001JD\u0010\b\u001a\u00020\u0003\"\b\b��\u0010\t*\u00020\u00012\b\u0010\n\u001a\u0004\u0018\u00010\u000b2\b\u0010\f\u001a\u0004\u0018\u00010\u000b2\f\u0010\r\u001a\b\u0012\u0004\u0012\u0002H\t0\u000e2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0010H\u0016J\u0012\u0010\u0012\u001a\u00020\u00032\b\u0010\u0013\u001a\u0004\u0018\u00010\u000bH\u0016J\u0012\u0010\u0014\u001a\u00020\u00032\b\u0010\u0013\u001a\u0004\u0018\u00010\u000bH\u0016J\u0010\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0018H\u0016J\u0012\u0010\u0019\u001a\u0004\u0018\u00010\u000b2\u0006\u0010\u001a\u001a\u00020\u001bH\u0016J*\u0010\u001c\u001a\u00020\u0003\"\b\b��\u0010\t*\u00020\u00012\b\u0010\u0013\u001a\u0004\u0018\u00010\u000b2\f\u0010\r\u001a\b\u0012\u0004\u0012\u0002H\t0\u000eH\u0016R\u0018\u0010\u0002\u001a\u00020\u0003X¦\u000e¢\u0006\f\u001a\u0004\b\u0004\u0010\u0005\"\u0004\b\u0006\u0010\u0007¨\u0006\u001d"}, d2 = {"Lorg/opensearch/alerting/transport/SecureTransportAction;", "", "filterByEnabled", "", "getFilterByEnabled", "()Z", "setFilterByEnabled", "(Z)V", "checkUserPermissionsWithResource", "T", "requesterUser", "Lorg/opensearch/commons/authuser/User;", "resourceUser", "actionListener", "Lorg/opensearch/action/ActionListener;", "resourceType", "", "resourceId", "doFilterForUser", Destination.USER_FIELD, "isAdmin", "listenFilterBySettingChange", "", "clusterService", "Lorg/opensearch/cluster/service/ClusterService;", "readUserFromThreadContext", "client", "Lorg/opensearch/client/Client;", "validateUserBackendRoles", "opensearch-alerting"})
/* loaded from: input_file:org/opensearch/alerting/transport/SecureTransportAction.class */
public interface SecureTransportAction {

    /* compiled from: SecureTransportAction.kt */
    @Metadata(mv = {1, 6, 0}, k = 3, xi = 48)
    /* loaded from: input_file:org/opensearch/alerting/transport/SecureTransportAction$DefaultImpls.class */
    public static final class DefaultImpls {
        public static void listenFilterBySettingChange(@NotNull SecureTransportAction secureTransportAction, @NotNull ClusterService clusterService) {
            Intrinsics.checkNotNullParameter(secureTransportAction, "this");
            Intrinsics.checkNotNullParameter(clusterService, "clusterService");
            clusterService.getClusterSettings().addSettingsUpdateConsumer(AlertingSettings.Companion.getFILTER_BY_BACKEND_ROLES(), (v1) -> {
                m97listenFilterBySettingChange$lambda0(r2, v1);
            });
        }

        @Nullable
        public static User readUserFromThreadContext(@NotNull SecureTransportAction secureTransportAction, @NotNull Client client) {
            Logger logger;
            Intrinsics.checkNotNullParameter(secureTransportAction, "this");
            Intrinsics.checkNotNullParameter(client, "client");
            String str = (String) client.threadPool().getThreadContext().getTransient("_opendistro_security_user_info");
            logger = SecureTransportActionKt.log;
            logger.debug("User and roles string from thread context: " + str);
            return User.parse(str);
        }

        public static boolean doFilterForUser(@NotNull SecureTransportAction secureTransportAction, @Nullable User user) {
            Logger logger;
            Intrinsics.checkNotNullParameter(secureTransportAction, "this");
            logger = SecureTransportActionKt.log;
            logger.debug("Is filterByEnabled: " + secureTransportAction.mo101getFilterByEnabled() + " ; Is admin user: " + secureTransportAction.isAdmin(user));
            if (secureTransportAction.isAdmin(user)) {
                return false;
            }
            return secureTransportAction.mo101getFilterByEnabled();
        }

        public static boolean isAdmin(@NotNull SecureTransportAction secureTransportAction, @Nullable User user) {
            boolean z;
            Intrinsics.checkNotNullParameter(secureTransportAction, "this");
            if (user == null) {
                return false;
            }
            List roles = user.getRoles();
            if (roles == null) {
                z = false;
            } else {
                z = roles.isEmpty();
            }
            if (z) {
                return false;
            }
            List roles2 = user.getRoles();
            return roles2 != null && roles2.contains("all_access");
        }

        public static <T> boolean validateUserBackendRoles(@NotNull SecureTransportAction secureTransportAction, @Nullable User user, @NotNull ActionListener<T> actionListener) {
            Intrinsics.checkNotNullParameter(secureTransportAction, "this");
            Intrinsics.checkNotNullParameter(actionListener, "actionListener");
            if (!secureTransportAction.mo101getFilterByEnabled()) {
                return true;
            }
            if (user == null) {
                actionListener.onFailure(AlertingException.Companion.wrap((Exception) new OpenSearchStatusException("Filter by user backend roles is enabled with security disabled.", RestStatus.FORBIDDEN, new Object[0])));
                return false;
            }
            if (secureTransportAction.isAdmin(user)) {
                return true;
            }
            List backendRoles = user.getBackendRoles();
            if (!(backendRoles == null || backendRoles.isEmpty())) {
                return true;
            }
            actionListener.onFailure(AlertingException.Companion.wrap((Exception) new OpenSearchStatusException("User doesn't have backend roles configured. Contact administrator", RestStatus.FORBIDDEN, new Object[0])));
            return false;
        }

        public static <T> boolean checkUserPermissionsWithResource(@NotNull SecureTransportAction secureTransportAction, @Nullable User user, @Nullable User user2, @NotNull ActionListener<T> actionListener, @NotNull String str, @NotNull String str2) {
            Intrinsics.checkNotNullParameter(secureTransportAction, "this");
            Intrinsics.checkNotNullParameter(actionListener, "actionListener");
            Intrinsics.checkNotNullParameter(str, "resourceType");
            Intrinsics.checkNotNullParameter(str2, "resourceId");
            if (!secureTransportAction.doFilterForUser(user)) {
                return true;
            }
            List backendRoles = user2 == null ? null : user2.getBackendRoles();
            List backendRoles2 = user == null ? null : user.getBackendRoles();
            if (backendRoles != null && backendRoles2 != null && !CollectionsKt.intersect(backendRoles, backendRoles2).isEmpty()) {
                return true;
            }
            actionListener.onFailure(AlertingException.Companion.wrap((Exception) new OpenSearchStatusException("Do not have permissions to resource, " + str + ", with id, " + str2, RestStatus.FORBIDDEN, new Object[0])));
            return false;
        }

        /* renamed from: listenFilterBySettingChange$lambda-0, reason: not valid java name */
        private static void m97listenFilterBySettingChange$lambda0(SecureTransportAction secureTransportAction, Boolean bool) {
            Intrinsics.checkNotNullParameter(secureTransportAction, "this$0");
            Intrinsics.checkNotNullExpressionValue(bool, "it");
            secureTransportAction.setFilterByEnabled(bool.booleanValue());
        }
    }

    /* renamed from: getFilterByEnabled */
    boolean mo101getFilterByEnabled();

    void setFilterByEnabled(boolean z);

    void listenFilterBySettingChange(@NotNull ClusterService clusterService);

    @Nullable
    User readUserFromThreadContext(@NotNull Client client);

    boolean doFilterForUser(@Nullable User user);

    boolean isAdmin(@Nullable User user);

    <T> boolean validateUserBackendRoles(@Nullable User user, @NotNull ActionListener<T> actionListener);

    <T> boolean checkUserPermissionsWithResource(@Nullable User user, @Nullable User user2, @NotNull ActionListener<T> actionListener, @NotNull String str, @NotNull String str2);
}
