package com.floragunn.searchguard.enterprise.auditlog;

import com.floragunn.codova.config.text.Pattern;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.license.LicenseChangeListener;
import com.floragunn.searchguard.license.SearchGuardLicense;
import com.floragunn.searchguard.support.WildcardMatcher;
import com.floragunn.searchsupport.StaticSettings;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.joda.time.format.DateTimeFormat;
import org.joda.time.format.DateTimeFormatter;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/auditlog/AuditLogConfig.class */
public class AuditLogConfig implements LicenseChangeListener {
    public static final StaticSettings.Attribute<List<String>> COMPLIANCE_HISTORY_READ_WATCHED_FIELDS = StaticSettings.Attribute.define("searchguard.compliance.history.read.watched_fields").asListOfStrings();
    private final Settings settings;
    private final List<String> watchedWriteIndices;
    private DateTimeFormatter auditLogPattern;
    private String auditLogIndex;
    private final boolean logDiffsForWrite;
    private final boolean logWriteMetadataOnly;
    private final boolean logReadMetadataOnly;
    private final boolean logInternalConfig;
    private final boolean logExternalConfig;
    private final LoadingCache<String, Set<String>> cache;
    private final Pattern searchguardIndexPattern;
    private final Logger log = LogManager.getLogger(getClass());
    private final Map<Pattern, Set<String>> readEnabledFields = new HashMap(100);
    private volatile boolean enabled = true;

    public AuditLogConfig(Environment environment, ConfigurationRepository configurationRepository) {
        this.auditLogPattern = null;
        this.auditLogIndex = null;
        this.settings = environment.settings();
        this.searchguardIndexPattern = configurationRepository.getConfiguredSearchguardIndices();
        List asList = this.settings.getAsList("searchguard.compliance.history.read.watched_fields", Collections.emptyList(), false);
        this.watchedWriteIndices = this.settings.getAsList("searchguard.compliance.history.write.watched_indices", Collections.emptyList());
        this.logDiffsForWrite = this.settings.getAsBoolean("searchguard.compliance.history.write.log_diffs", false).booleanValue();
        this.logWriteMetadataOnly = this.settings.getAsBoolean("searchguard.compliance.history.write.metadata_only", false).booleanValue();
        this.logReadMetadataOnly = this.settings.getAsBoolean("searchguard.compliance.history.read.metadata_only", false).booleanValue();
        this.logExternalConfig = this.settings.getAsBoolean("searchguard.compliance.history.external_config_enabled", false).booleanValue();
        this.logInternalConfig = this.settings.getAsBoolean("searchguard.compliance.history.internal_config_enabled", false).booleanValue();
        Iterator it = asList.iterator();
        while (it.hasNext()) {
            ArrayList arrayList = new ArrayList(Arrays.asList(((String) it.next()).split(",")));
            try {
                if (!arrayList.isEmpty()) {
                    if (arrayList.size() == 1) {
                        this.readEnabledFields.put(Pattern.create((String) arrayList.get(0)), Collections.singleton("*"));
                    } else {
                        this.readEnabledFields.put(Pattern.create((String) arrayList.get(0)), new HashSet(arrayList.subList(1, arrayList.size())));
                    }
                }
            } catch (ConfigValidationException e) {
                throw new RuntimeException("Invalid index pattern in searchguard.compliance.history.read.watched_fields", e);
            }
        }
        if ("internal_elasticsearch".equalsIgnoreCase(this.settings.get("searchguard.audit.type", (String) null))) {
            String str = this.settings.get("searchguard.audit.config.index", "'sg6-auditlog-'YYYY.MM.dd");
            try {
                this.auditLogPattern = DateTimeFormat.forPattern(str);
            } catch (IllegalArgumentException e2) {
                this.auditLogIndex = str;
            } catch (Exception e3) {
                this.log.error("Unable to check if auditlog index {} is part of compliance setup", str, e3);
            }
        }
        this.log.info("PII configuration [auditLogPattern={},  auditLogIndex={}]: {}", this.auditLogPattern, this.auditLogIndex, this.readEnabledFields);
        this.cache = CacheBuilder.newBuilder().maximumSize(1000L).build(new CacheLoader<String, Set<String>>() { // from class: com.floragunn.searchguard.enterprise.auditlog.AuditLogConfig.1
            public Set<String> load(String str2) throws Exception {
                return AuditLogConfig.this.getFieldsForIndex0(str2);
            }
        });
    }

    public void onChange(SearchGuardLicense searchGuardLicense) {
        if (searchGuardLicense == null) {
            this.enabled = false;
        } else if (searchGuardLicense.hasFeature(SearchGuardLicense.Feature.COMPLIANCE)) {
            this.enabled = true;
        } else {
            this.enabled = false;
        }
        this.log.info("Compliance features are " + (this.enabled ? "enabled" : "disabled. To enable them you need a special license. Please contact support for this."));
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    private Set<String> getFieldsForIndex0(String str) {
        if (str == null) {
            return Collections.EMPTY_SET;
        }
        if (this.auditLogIndex != null && this.auditLogIndex.equalsIgnoreCase(str)) {
            return Collections.EMPTY_SET;
        }
        if (this.auditLogPattern != null && str.equalsIgnoreCase(getExpandedIndexName(this.auditLogPattern, null))) {
            return Collections.EMPTY_SET;
        }
        HashSet hashSet = new HashSet(100);
        for (Pattern pattern : this.readEnabledFields.keySet()) {
            if (pattern.matches(str)) {
                hashSet.addAll(this.readEnabledFields.get(pattern));
            }
        }
        return hashSet;
    }

    private String getExpandedIndexName(DateTimeFormatter dateTimeFormatter, String str) {
        return dateTimeFormatter == null ? str : dateTimeFormatter.print(DateTime.now(DateTimeZone.UTC));
    }

    public boolean writeHistoryEnabledForIndex(String str) {
        if (str == null) {
            return false;
        }
        if (this.searchguardIndexPattern.matches(str)) {
            return this.logInternalConfig;
        }
        if (this.auditLogIndex != null && this.auditLogIndex.equalsIgnoreCase(str)) {
            return false;
        }
        if (this.auditLogPattern == null || !str.equalsIgnoreCase(getExpandedIndexName(this.auditLogPattern, null))) {
            return WildcardMatcher.matchAny(this.watchedWriteIndices, str);
        }
        return false;
    }

    public boolean readHistoryEnabledForIndex(String str) {
        if (!this.enabled) {
            return false;
        }
        if (this.searchguardIndexPattern.matches(str)) {
            return this.logInternalConfig;
        }
        try {
            return !((Set) this.cache.get(str)).isEmpty();
        } catch (ExecutionException e) {
            this.log.error(e);
            return true;
        }
    }

    public boolean readHistoryEnabledForField(String str, String str2) {
        if (!this.enabled) {
            return false;
        }
        if (this.searchguardIndexPattern.matches(str)) {
            return this.logInternalConfig;
        }
        try {
            Set set = (Set) this.cache.get(str);
            if (set.isEmpty()) {
                return false;
            }
            return WildcardMatcher.matchAny(set, str2);
        } catch (ExecutionException e) {
            this.log.error(e);
            return true;
        }
    }

    public boolean logDiffsForWrite() {
        return !logWriteMetadataOnly() && this.logDiffsForWrite;
    }

    public boolean logWriteMetadataOnly() {
        return this.logWriteMetadataOnly;
    }

    public boolean logReadMetadataOnly() {
        return this.logReadMetadataOnly;
    }

    public boolean isLogExternalConfig() {
        return this.logExternalConfig;
    }
}
