package com.floragunn.searchguard.authtoken;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.searchguard.BaseDependencies;
import com.floragunn.searchguard.SearchGuardModule;
import com.floragunn.searchguard.authc.AuthenticationDomain;
import com.floragunn.searchguard.authc.legacy.LegacySgConfig;
import com.floragunn.searchguard.authc.rest.HttpAuthenticationFrontend;
import com.floragunn.searchguard.authtoken.api.AuthTokenInfoAction;
import com.floragunn.searchguard.authtoken.api.AuthTokenInfoRestAction;
import com.floragunn.searchguard.authtoken.api.AuthTokenRestAction;
import com.floragunn.searchguard.authtoken.api.CreateAuthTokenAction;
import com.floragunn.searchguard.authtoken.api.GetAuthTokenAction;
import com.floragunn.searchguard.authtoken.api.RevokeAuthTokenAction;
import com.floragunn.searchguard.authtoken.api.SearchAuthTokenRestAction;
import com.floragunn.searchguard.authtoken.api.SearchAuthTokensAction;
import com.floragunn.searchguard.authtoken.api.TransportAuthTokenInfoAction;
import com.floragunn.searchguard.authtoken.api.TransportCreateAuthTokenAction;
import com.floragunn.searchguard.authtoken.api.TransportGetAuthTokenAction;
import com.floragunn.searchguard.authtoken.api.TransportRevokeAuthTokenAction;
import com.floragunn.searchguard.authtoken.api.TransportSearchAuthTokensAction;
import com.floragunn.searchguard.authtoken.update.PushAuthTokenUpdateAction;
import com.floragunn.searchguard.authtoken.update.TransportPushAuthTokenUpdateAction;
import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.configuration.ConfigMap;
import com.floragunn.searchguard.configuration.ConfigurationChangeListener;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.configuration.SgDynamicConfiguration;
import com.floragunn.searchguard.configuration.variables.ConfigVarService;
import com.floragunn.searchguard.sgconf.history.ConfigHistoryService;
import com.floragunn.searchguard.support.PrivilegedConfigClient;
import com.floragunn.searchsupport.StaticSettings;
import com.floragunn.searchsupport.cstate.ComponentState;
import com.floragunn.searchsupport.cstate.ComponentStateProvider;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.function.Supplier;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionResponse;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.cluster.node.DiscoveryNodes;
import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.IndexScopedSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsFilter;
import org.elasticsearch.plugins.ActionPlugin;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.script.ScriptService;

/* loaded from: input_file:com/floragunn/searchguard/authtoken/AuthTokenModule.class */
public class AuthTokenModule implements SearchGuardModule, ComponentStateProvider {
    private static final Logger log = LogManager.getLogger(AuthTokenModule.class);
    private AuthTokenService authTokenService;
    private ConfigVarService configVarService;
    private final ComponentState componentState = new ComponentState(1000, (String) null, "auth_token_service", AuthTokenModule.class).requiresEnterpriseLicense();
    private AuthTokenAuthenticationDomain authenticationDomain;

    public List<RestHandler> getRestHandlers(Settings settings, RestController restController, ClusterSettings clusterSettings, IndexScopedSettings indexScopedSettings, SettingsFilter settingsFilter, IndexNameExpressionResolver indexNameExpressionResolver, ScriptService scriptService, Supplier<DiscoveryNodes> supplier) {
        return Arrays.asList(new AuthTokenRestAction(), new SearchAuthTokenRestAction(), new AuthTokenInfoRestAction(), AuthTokenServiceConfigApi.REST_API);
    }

    public List<ActionPlugin.ActionHandler<? extends ActionRequest, ? extends ActionResponse>> getActions() {
        return ImmutableList.of(new ActionPlugin.ActionHandler(CreateAuthTokenAction.INSTANCE, TransportCreateAuthTokenAction.class), new ActionPlugin.ActionHandler(PushAuthTokenUpdateAction.INSTANCE, TransportPushAuthTokenUpdateAction.class), new ActionPlugin.ActionHandler(GetAuthTokenAction.INSTANCE, TransportGetAuthTokenAction.class), new ActionPlugin.ActionHandler[]{new ActionPlugin.ActionHandler(RevokeAuthTokenAction.INSTANCE, TransportRevokeAuthTokenAction.class), new ActionPlugin.ActionHandler(SearchAuthTokensAction.INSTANCE, TransportSearchAuthTokensAction.class), new ActionPlugin.ActionHandler(AuthTokenInfoAction.INSTANCE, TransportAuthTokenInfoAction.class)}).with(AuthTokenServiceConfigApi.ACTION_HANDLERS);
    }

    public Collection<Object> createComponents(BaseDependencies baseDependencies) {
        this.configVarService = baseDependencies.getConfigVarService();
        this.configVarService.requestRandomKey("auth_tokens_signing_key_hs512", 512, "authc");
        PrivilegedConfigClient adapt = PrivilegedConfigClient.adapt(baseDependencies.getLocalClient());
        ConfigHistoryService configHistoryService = new ConfigHistoryService(baseDependencies.getConfigurationRepository(), baseDependencies.getStaticSgConfig(), adapt, baseDependencies.getProtectedConfigIndexService(), baseDependencies.getActions(), baseDependencies.getStaticSettings(), baseDependencies.getPrivilegesEvaluator());
        this.componentState.addPart(configHistoryService.getComponentState());
        this.authTokenService = new AuthTokenService(adapt, baseDependencies.getAuthorizationService(), baseDependencies.getPrivilegesEvaluator(), configHistoryService, baseDependencies.getStaticSettings(), baseDependencies.getThreadPool(), baseDependencies.getClusterService(), baseDependencies.getProtectedConfigIndexService(), baseDependencies.getActions(), null, this.componentState);
        AuthTokenAuthenticationDomain authTokenAuthenticationDomain = new AuthTokenAuthenticationDomain(this.authTokenService);
        baseDependencies.getSpecialPrivilegesEvaluationContextProviderRegistry().add(this.authTokenService);
        this.authenticationDomain = new AuthTokenAuthenticationDomain(this.authTokenService);
        final ConfigurationRepository configurationRepository = baseDependencies.getConfigurationRepository();
        configurationRepository.subscribeOnChange(new ConfigurationChangeListener() { // from class: com.floragunn.searchguard.authtoken.AuthTokenModule.1
            public void onChange(ConfigMap configMap) {
                SgDynamicConfiguration sgDynamicConfiguration = configMap.get(AuthTokenServiceConfig.TYPE);
                SgDynamicConfiguration sgDynamicConfiguration2 = configMap.get(CType.CONFIG);
                if (sgDynamicConfiguration != null && sgDynamicConfiguration.getCEntry("default") != null) {
                    AuthTokenModule.this.authTokenService.setConfig((AuthTokenServiceConfig) sgDynamicConfiguration.getCEntry("default"));
                    AuthTokenModule.this.componentState.setConfigVersion(sgDynamicConfiguration.getDocVersion());
                    AuthTokenModule.this.componentState.setState(ComponentState.State.INITIALIZED, "using_config");
                } else {
                    if (sgDynamicConfiguration2 == null || sgDynamicConfiguration2.getCEntry("sg_config") == null) {
                        AuthTokenModule.this.componentState.setState(ComponentState.State.SUSPENDED, "not_configured");
                        return;
                    }
                    DocNode asNode = ((LegacySgConfig) sgDynamicConfiguration2.getCEntry("sg_config")).getSource().getAsNode("dynamic", new String[]{"auth_token_provider"});
                    if (asNode.isNull()) {
                        return;
                    }
                    try {
                        AuthTokenModule.this.authTokenService.setConfig((AuthTokenServiceConfig) AuthTokenServiceConfig.parse(asNode, configurationRepository.getParserContext()).get());
                        AuthTokenModule.this.componentState.setConfigVersion(sgDynamicConfiguration2.getDocVersion());
                        AuthTokenModule.this.componentState.setState(ComponentState.State.INITIALIZED, "using_legacy_config");
                    } catch (ConfigValidationException e) {
                        AuthTokenModule.log.error("Invalid config for AuthTokenService", e);
                    }
                }
            }
        });
        return Arrays.asList(this.authTokenService, configHistoryService, authTokenAuthenticationDomain);
    }

    public StaticSettings.AttributeSet getSettings() {
        return StaticSettings.AttributeSet.of(new StaticSettings.Attribute[]{AuthTokenService.INDEX_NAME, AuthTokenService.CLEANUP_INTERVAL, ConfigHistoryService.CACHE_MAX_SIZE, ConfigHistoryService.CACHE_TTL, ConfigHistoryService.INDEX_NAME, ConfigHistoryService.MODEL_CACHE_MAX_SIZE, ConfigHistoryService.MODEL_CACHE_TTL});
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }

    public List<AuthenticationDomain<HttpAuthenticationFrontend>> getImplicitHttpAuthenticationDomains() {
        return Collections.singletonList(this.authenticationDomain);
    }

    public ImmutableSet<String> getCapabilities() {
        return ImmutableSet.of("auth_tokens");
    }
}
