package com.floragunn.searchguard.sgconf.history;

import com.fasterxml.jackson.core.Base64Variants;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.searchguard.authc.blocking.Blocks;
import com.floragunn.searchguard.authz.PrivilegesEvaluator;
import com.floragunn.searchguard.authz.actions.Actions;
import com.floragunn.searchguard.authz.config.ActionGroup;
import com.floragunn.searchguard.authz.config.Role;
import com.floragunn.searchguard.authz.config.RoleMapping;
import com.floragunn.searchguard.authz.config.Tenant;
import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.configuration.ProtectedConfigIndexService;
import com.floragunn.searchguard.configuration.SgDynamicConfiguration;
import com.floragunn.searchguard.configuration.StaticSgConfig;
import com.floragunn.searchguard.support.PrivilegedConfigClient;
import com.floragunn.searchsupport.StaticSettings;
import com.floragunn.searchsupport.cstate.ComponentState;
import com.floragunn.searchsupport.cstate.ComponentStateProvider;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import java.nio.ByteBuffer;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.OpenSearchException;
import org.opensearch.action.ActionListener;
import org.opensearch.action.bulk.BulkRequestBuilder;
import org.opensearch.action.bulk.BulkResponse;
import org.opensearch.action.get.GetResponse;
import org.opensearch.action.get.MultiGetItemResponse;
import org.opensearch.action.get.MultiGetRequest;
import org.opensearch.action.get.MultiGetResponse;
import org.opensearch.action.index.IndexRequest;
import org.opensearch.action.support.WriteRequest;
import org.opensearch.common.bytes.BytesReference;
import org.opensearch.index.IndexNotFoundException;

/* loaded from: input_file:com/floragunn/searchguard/sgconf/history/ConfigHistoryService.class */
public class ConfigHistoryService implements ComponentStateProvider {
    private static final Logger log = LogManager.getLogger(ConfigHistoryService.class);
    public static final StaticSettings.Attribute<String> INDEX_NAME = StaticSettings.Attribute.define("searchguard.config_history.index.name").withDefault(".searchguard_config_history").asString();
    public static final StaticSettings.Attribute<Integer> CACHE_TTL = StaticSettings.Attribute.define("searchguard.config_history.cache.ttl").withDefault(2880).asInteger();
    public static final StaticSettings.Attribute<Integer> CACHE_MAX_SIZE = StaticSettings.Attribute.define("searchguard.config_history.cache.max_size").withDefault(100).asInteger();
    public static final StaticSettings.Attribute<Integer> MODEL_CACHE_TTL = StaticSettings.Attribute.define("searchguard.config_history.model.cache.ttl").withDefault(2880).asInteger();
    public static final StaticSettings.Attribute<Integer> MODEL_CACHE_MAX_SIZE = StaticSettings.Attribute.define("searchguard.config_history.model.cache.max_size").withDefault(100).asInteger();
    private final String indexName;
    private final ConfigurationRepository configurationRepository;
    private final StaticSgConfig staticSgConfig;
    private final PrivilegedConfigClient privilegedConfigClient;
    private final Actions actions;
    private final Cache<ConfigVersionSet, ConfigModel> configModelCache;
    private final PrivilegesEvaluator privilegesEvaluator;
    private final ComponentState componentState = new ComponentState(1000, (String) null, "config_history_service", ConfigHistoryService.class);
    private final Cache<ConfigVersion, SgDynamicConfiguration<?>> configCache = CacheBuilder.newBuilder().weakValues().build();

    public ConfigHistoryService(ConfigurationRepository configurationRepository, StaticSgConfig staticSgConfig, PrivilegedConfigClient privilegedConfigClient, ProtectedConfigIndexService protectedConfigIndexService, Actions actions, StaticSettings staticSettings, PrivilegesEvaluator privilegesEvaluator) {
        this.indexName = (String) staticSettings.get(INDEX_NAME);
        this.privilegedConfigClient = privilegedConfigClient;
        this.configurationRepository = configurationRepository;
        this.staticSgConfig = staticSgConfig;
        this.actions = actions;
        this.configModelCache = CacheBuilder.newBuilder().maximumSize(((Integer) staticSettings.get(MODEL_CACHE_MAX_SIZE)).intValue()).expireAfterAccess(((Integer) staticSettings.get(MODEL_CACHE_TTL)).intValue(), TimeUnit.MINUTES).build();
        this.privilegesEvaluator = privilegesEvaluator;
        this.componentState.addPart(protectedConfigIndexService.createIndex(new ProtectedConfigIndexService.ConfigIndex(this.indexName).onIndexReady(failureListener -> {
            failureListener.onSuccess();
            this.componentState.setInitialized();
        })));
    }

    public ConfigSnapshot getCurrentConfigSnapshot() {
        return getCurrentConfigSnapshot(CType.all());
    }

    public ConfigSnapshot getCurrentConfigSnapshot(CType<?> cType, CType<?>... cTypeArr) {
        return getCurrentConfigSnapshot(CType.of(cType, cTypeArr));
    }

    public ConfigSnapshot getCurrentConfigSnapshot(Set<CType<?>> set) {
        HashMap hashMap = new HashMap();
        for (CType<?> cType : set) {
            SgDynamicConfiguration configuration = this.configurationRepository.getConfiguration(cType);
            if (configuration == null) {
                throw new IllegalStateException("Could not get configuration of type " + cType + " from configuration repository");
            }
            if (configuration.getDocVersion() <= 0) {
                throw new IllegalStateException("Illegal config version " + configuration.getVersion() + " in " + configuration);
            }
            hashMap.put(cType, configuration.withoutStatic());
        }
        ConfigSnapshot peekConfigSnapshot = peekConfigSnapshot(ConfigVersionSet.from(hashMap));
        if (!peekConfigSnapshot.hasMissingConfigVersions()) {
            return peekConfigSnapshot;
        }
        log.info("Storing missing config versions: " + peekConfigSnapshot.getMissingConfigVersions());
        storeMissingConfigDocs(peekConfigSnapshot.getMissingConfigVersions(), hashMap);
        return new ConfigSnapshot(hashMap);
    }

    public void getConfigSnapshot(ConfigVersionSet configVersionSet, Consumer<ConfigSnapshot> consumer, Consumer<Exception> consumer2) {
        peekConfigSnapshot(configVersionSet, configSnapshot -> {
            if (configSnapshot.hasMissingConfigVersions()) {
                consumer2.accept(new UnknownConfigVersionException(configSnapshot.getMissingConfigVersions()));
            } else {
                consumer.accept(configSnapshot);
            }
        }, consumer2);
    }

    public void getConfigSnapshots(final Set<ConfigVersionSet> set, final Consumer<Map<ConfigVersionSet, ConfigSnapshot>> consumer, Consumer<Exception> consumer2) {
        final HashMap hashMap = new HashMap(set.size() * 2);
        HashSet hashSet = new HashSet(set.size() * 2);
        Iterator<ConfigVersionSet> it = set.iterator();
        while (it.hasNext()) {
            Iterator<ConfigVersion> it2 = it.next().iterator();
            while (it2.hasNext()) {
                ConfigVersion next = it2.next();
                SgDynamicConfiguration<?> sgDynamicConfiguration = (SgDynamicConfiguration) this.configCache.getIfPresent(next);
                if (sgDynamicConfiguration != null) {
                    hashMap.put(next, sgDynamicConfiguration);
                } else {
                    hashSet.add(next);
                }
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("missingConfigVersions: " + hashSet.size());
        }
        if (hashSet.size() == 0) {
            consumer.accept(buildConfigSnapshotResultMap(set, hashMap));
            return;
        }
        MultiGetRequest multiGetRequest = new MultiGetRequest();
        Iterator it3 = hashSet.iterator();
        while (it3.hasNext()) {
            multiGetRequest.add(this.indexName, ((ConfigVersion) it3.next()).toId());
        }
        this.privilegedConfigClient.multiGet(multiGetRequest, new ActionListener<MultiGetResponse>() { // from class: com.floragunn.searchguard.sgconf.history.ConfigHistoryService.1
            public void onResponse(MultiGetResponse multiGetResponse) {
                try {
                    for (MultiGetItemResponse multiGetItemResponse : multiGetResponse.getResponses()) {
                        if (multiGetItemResponse.getResponse() != null) {
                            if (multiGetItemResponse.getResponse().isExists()) {
                                SgDynamicConfiguration<?> parseConfig = ConfigHistoryService.this.parseConfig(multiGetItemResponse.getResponse());
                                ConfigVersion configVersion = new ConfigVersion(parseConfig.getCType(), parseConfig.getDocVersion());
                                hashMap.put(configVersion, parseConfig);
                                ConfigHistoryService.this.configCache.put(configVersion, parseConfig);
                            }
                            consumer.accept(ConfigHistoryService.this.buildConfigSnapshotResultMap(set, hashMap));
                        } else if (multiGetItemResponse.getFailure() == null) {
                            ConfigHistoryService.log.warn("Error while retrieving configuration versions " + multiGetItemResponse);
                        } else if (!(multiGetItemResponse.getFailure().getFailure() instanceof IndexNotFoundException)) {
                            ConfigHistoryService.log.warn("Error while retrieving configuration versions " + multiGetItemResponse + ": " + multiGetItemResponse.getFailure().getFailure());
                        }
                    }
                } catch (Exception e) {
                    onFailure(e);
                }
            }

            public void onFailure(Exception exc) {
                onFailure(exc);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<ConfigVersionSet, ConfigSnapshot> buildConfigSnapshotResultMap(Set<ConfigVersionSet> set, Map<ConfigVersion, SgDynamicConfiguration<?>> map) {
        HashMap hashMap = new HashMap(set.size());
        for (ConfigVersionSet configVersionSet : set) {
            ConfigSnapshot peekConfigSnapshotFromCache = peekConfigSnapshotFromCache(configVersionSet);
            if (peekConfigSnapshotFromCache.hasMissingConfigVersions()) {
                log.error("Could not completely load " + configVersionSet + ". Missing: " + peekConfigSnapshotFromCache.getMissingConfigVersions());
            } else {
                hashMap.put(configVersionSet, peekConfigSnapshotFromCache);
            }
        }
        return hashMap;
    }

    public ConfigModel getConfigModelForSnapshot(ConfigSnapshot configSnapshot) {
        ConfigModel configModel = (ConfigModel) this.configModelCache.getIfPresent(configSnapshot.getConfigVersions());
        return configModel != null ? configModel : createConfigModelForSnapshot(configSnapshot);
    }

    private ConfigModel createConfigModelForSnapshot(ConfigSnapshot configSnapshot) {
        SgDynamicConfiguration copy = configSnapshot.getConfigByType(Role.class).copy();
        SgDynamicConfiguration configByType = configSnapshot.getConfigByType(RoleMapping.class);
        SgDynamicConfiguration copy2 = configSnapshot.getConfigByType(ActionGroup.class).copy();
        SgDynamicConfiguration copy3 = configSnapshot.getConfigByType(Tenant.class).copy();
        SgDynamicConfiguration configByType2 = configSnapshot.getConfigByType(Blocks.class);
        if (configByType2 == null) {
            configByType2 = SgDynamicConfiguration.empty(CType.BLOCKS);
        }
        this.staticSgConfig.addTo(copy);
        this.staticSgConfig.addTo(copy2);
        this.staticSgConfig.addTo(copy3);
        ConfigModel configModel = new ConfigModel(copy, configByType, copy2, copy3, configByType2, this.actions, this.privilegesEvaluator.getResolver(), this.privilegesEvaluator.getClusterService());
        this.configModelCache.put(configSnapshot.getConfigVersions(), configModel);
        return configModel;
    }

    public ConfigSnapshot peekConfigSnapshotFromCache(ConfigVersionSet configVersionSet) {
        HashMap hashMap = new HashMap();
        Iterator<ConfigVersion> it = configVersionSet.iterator();
        while (it.hasNext()) {
            ConfigVersion next = it.next();
            SgDynamicConfiguration sgDynamicConfiguration = (SgDynamicConfiguration) this.configCache.getIfPresent(next);
            if (sgDynamicConfiguration != null) {
                hashMap.put(next.getConfigurationType(), sgDynamicConfiguration);
            }
        }
        return new ConfigSnapshot(hashMap, configVersionSet);
    }

    public ConfigSnapshot peekConfigSnapshot(ConfigVersionSet configVersionSet) {
        CompletableFuture completableFuture = new CompletableFuture();
        Objects.requireNonNull(completableFuture);
        Consumer<ConfigSnapshot> consumer = (v1) -> {
            r2.complete(v1);
        };
        Objects.requireNonNull(completableFuture);
        peekConfigSnapshot(configVersionSet, consumer, (v1) -> {
            r3.completeExceptionally(v1);
        });
        try {
            return (ConfigSnapshot) completableFuture.get();
        } catch (InterruptedException e) {
            throw new RuntimeException(e);
        } catch (ExecutionException e2) {
            throw new RuntimeException(e2.getCause());
        }
    }

    public void peekConfigSnapshot(final ConfigVersionSet configVersionSet, final Consumer<ConfigSnapshot> consumer, Consumer<Exception> consumer2) {
        try {
            final HashMap hashMap = new HashMap();
            Iterator<ConfigVersion> it = configVersionSet.iterator();
            while (it.hasNext()) {
                ConfigVersion next = it.next();
                SgDynamicConfiguration sgDynamicConfiguration = (SgDynamicConfiguration) this.configCache.getIfPresent(next);
                if (sgDynamicConfiguration != null) {
                    hashMap.put(next.getConfigurationType(), sgDynamicConfiguration);
                }
            }
            if (hashMap.size() == configVersionSet.size()) {
                consumer.accept(new ConfigSnapshot(hashMap, configVersionSet));
            } else {
                MultiGetRequest multiGetRequest = new MultiGetRequest();
                Iterator<ConfigVersion> it2 = configVersionSet.iterator();
                while (it2.hasNext()) {
                    ConfigVersion next2 = it2.next();
                    if (!hashMap.containsKey(next2.getConfigurationType())) {
                        multiGetRequest.add(this.indexName, next2.toId());
                    }
                }
                this.privilegedConfigClient.multiGet(multiGetRequest, new ActionListener<MultiGetResponse>() { // from class: com.floragunn.searchguard.sgconf.history.ConfigHistoryService.2
                    public void onResponse(MultiGetResponse multiGetResponse) {
                        try {
                            for (MultiGetItemResponse multiGetItemResponse : multiGetResponse.getResponses()) {
                                if (multiGetItemResponse.getResponse() == null) {
                                    if (multiGetItemResponse.getFailure() == null) {
                                        throw new OpenSearchException("Error while retrieving configuration versions " + configVersionSet + ": " + multiGetItemResponse, new Object[0]);
                                    }
                                    if (!(multiGetItemResponse.getFailure().getFailure() instanceof IndexNotFoundException)) {
                                        throw new OpenSearchException("Error while retrieving configuration versions " + configVersionSet + ": " + multiGetItemResponse.getFailure().getFailure(), new Object[0]);
                                    }
                                } else if (multiGetItemResponse.getResponse().isExists()) {
                                    SgDynamicConfiguration<?> parseConfig = ConfigHistoryService.this.parseConfig(multiGetItemResponse.getResponse());
                                    hashMap.put(parseConfig.getCType(), parseConfig);
                                    ConfigHistoryService.this.configCache.put(new ConfigVersion(parseConfig.getCType(), parseConfig.getDocVersion()), parseConfig);
                                }
                            }
                            consumer.accept(new ConfigSnapshot(hashMap, configVersionSet));
                        } catch (Exception e) {
                            onFailure(e);
                        }
                    }

                    public void onFailure(Exception exc) {
                        onFailure(exc);
                    }
                });
            }
        } catch (Exception e) {
            consumer2.accept(e);
        }
    }

    public SgDynamicConfiguration<?> parseConfig(GetResponse getResponse) throws ConfigValidationException {
        ConfigVersion fromId = ConfigVersion.fromId(getResponse.getId());
        Object obj = getResponse.getSource().get("config");
        if (!(obj instanceof String)) {
            throw new IllegalStateException("Malformed config history record: " + obj + "\n" + getResponse.getSource());
        }
        String str = new String(Base64Variants.getDefaultVariant().decode((String) obj));
        try {
            return SgDynamicConfiguration.fromJson(str, fromId.getConfigurationType(), fromId.getVersion(), 0L, 0L, (ConfigurationRepository.Context) null);
        } catch (Exception e) {
            this.componentState.addLastException("parseConfig", new ComponentState.ExceptionRecord(e, "Error while parsing config history record"));
            throw new RuntimeException("Error while parsing config history record: " + str + "\n" + getResponse);
        }
    }

    private void storeMissingConfigDocs(ConfigVersionSet configVersionSet, Map<CType<?>, SgDynamicConfiguration<?>> map) {
        BulkRequestBuilder refreshPolicy = this.privilegedConfigClient.prepareBulk().setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE);
        Iterator<ConfigVersion> it = configVersionSet.iterator();
        while (it.hasNext()) {
            ConfigVersion next = it.next();
            SgDynamicConfiguration<?> sgDynamicConfiguration = map.get(next.getConfigurationType());
            this.configCache.put(next, sgDynamicConfiguration);
            refreshPolicy.add(new IndexRequest(this.indexName).id(next.toId()).source(new Object[]{"config", BytesReference.fromByteBuffer(ByteBuffer.wrap(sgDynamicConfiguration.getUninterpolatedJson().getBytes()))}));
        }
        BulkResponse bulkResponse = refreshPolicy.get();
        if (bulkResponse.hasFailures()) {
            throw new RuntimeException("Failure while storing configs " + configVersionSet + "; " + bulkResponse.buildFailureMessage());
        }
    }

    public String getIndexName() {
        return this.indexName;
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }
}
