package co.elastic.support.diagnostics.commands;

import co.elastic.support.Constants;
import co.elastic.support.diagnostics.chain.Command;
import co.elastic.support.diagnostics.chain.DiagnosticContext;
import co.elastic.support.rest.RestClient;
import co.elastic.support.rest.RestResult;
import co.elastic.support.util.JsonYamlUtils;
import co.elastic.support.util.UrlUtils;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.vdurmont.semver4j.Semver;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:co/elastic/support/diagnostics/commands/CheckUserAuthLevel.class */
public class CheckUserAuthLevel implements Command {
    Logger logger = LogManager.getLogger(CheckUserAuthLevel.class);

    @Override // co.elastic.support.diagnostics.chain.Command
    public void execute(DiagnosticContext diagnosticContext) {
        if (StringUtils.isEmpty(diagnosticContext.diagnosticInputs.user)) {
            return;
        }
        String encodeValue = UrlUtils.encodeValue(diagnosticContext.diagnosticInputs.user);
        RestClient restClient = diagnosticContext.resourceCache.getRestClient(Constants.restInputHost);
        boolean z = false;
        Semver semver = diagnosticContext.version;
        RestResult execQuery = restClient.execQuery(diagnosticContext.elasticRestCalls.get("security_users").getUrl().replace("?pretty", "/" + encodeValue));
        if (execQuery.getStatus() == 200) {
            z = checkForAuth(semver.getMajor().intValue(), diagnosticContext.diagnosticInputs.user, JsonYamlUtils.createJsonNodeFromString(execQuery.toString()));
        }
        diagnosticContext.isAuthorized = z;
    }

    public boolean checkForAuth(int i, String str, JsonNode jsonNode) {
        JsonNode path = jsonNode.path(str).path("roles");
        boolean z = false;
        if (path.isArray()) {
            List list = (List) new ObjectMapper().convertValue(path, List.class);
            z = i <= 2 ? list.contains("admin") : list.contains("superuser");
        }
        return z;
    }
}
