package com.floragunn.searchguard.configuration;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.DocUpdateException;
import com.floragunn.codova.documents.Document;
import com.floragunn.codova.documents.Format;
import com.floragunn.codova.documents.Parser;
import com.floragunn.codova.documents.patch.DocPatch;
import com.floragunn.codova.documents.patch.PatchableDocument;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.ValidationResult;
import com.floragunn.codova.validation.VariableResolvers;
import com.floragunn.codova.validation.errors.InvalidAttributeValue;
import com.floragunn.codova.validation.errors.ValidationError;
import com.floragunn.fluent.collections.ImmutableMap;
import com.floragunn.fluent.collections.OrderedImmutableMap;
import com.floragunn.searchguard.SearchGuardModulesRegistry;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateAction;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateRequest;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateResponse;
import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.configuration.variables.ConfigVarService;
import com.floragunn.searchguard.ssl.util.ExceptionUtils;
import com.floragunn.searchguard.support.ConfigConstants;
import com.floragunn.searchguard.support.PrivilegedConfigClient;
import com.floragunn.searchsupport.action.StandardResponse;
import com.floragunn.searchsupport.cstate.ComponentState;
import com.floragunn.searchsupport.cstate.ComponentStateProvider;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import java.util.stream.Collectors;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ExceptionsHelper;
import org.elasticsearch.ResourceAlreadyExistsException;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
import org.elasticsearch.action.admin.indices.create.CreateIndexResponse;
import org.elasticsearch.action.bulk.BulkItemResponse;
import org.elasticsearch.action.bulk.BulkRequest;
import org.elasticsearch.action.bulk.BulkResponse;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.health.ClusterHealthStatus;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.env.Environment;
import org.elasticsearch.index.engine.VersionConflictEngineException;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:com/floragunn/searchguard/configuration/ConfigurationRepository.class */
public class ConfigurationRepository implements ComponentStateProvider {
    private final String searchguardIndex;
    private final Client client;
    private volatile ConfigMap currentConfig;
    private final ConfigurationLoader mainConfigLoader;
    private final ConfigurationLoader externalUseConfigLoader;
    private final Settings settings;
    private final ClusterService clusterService;
    private final Thread bgThread;
    private final PrivilegedConfigClient privilegedConfigClient;
    private final ThreadPool threadPool;
    private final VariableResolvers variableResolvers;
    private final Context parserContext;
    private static final Logger LOGGER = LogManager.getLogger(ConfigurationRepository.class);
    public static final Map<String, ?> SG_INDEX_MAPPING = ImmutableMap.of("dynamic_templates", Arrays.asList(ImmutableMap.of("encoded_config", ImmutableMap.of("match", "*", "match_mapping_type", "*", "mapping", ImmutableMap.of(ConfigConstants.SEARCHGUARD_AUDIT_ES_TYPE, "binary")))));
    private static final Map<String, ?> SG_INDEX_SETTINGS = ImmutableMap.of("index.number_of_shards", 1, "index.auto_expand_replicas", "0-all");
    private final AtomicBoolean installDefaultConfig = new AtomicBoolean();
    private final ComponentState componentState = new ComponentState(-1000, (String) null, "config_repository", ConfigurationRepository.class);
    private final Lock LOCK = new ReentrantLock();
    private final List<ConfigurationChangeListener> configurationChangedListener = new ArrayList();

    /* loaded from: input_file:com/floragunn/searchguard/configuration/ConfigurationRepository$ConfigUpdateResult.class */
    public static class ConfigUpdateResult implements Document<ConfigUpdateResult> {
        private final String message;
        private final String etag;
        private final StandardResponse.Error error;

        public ConfigUpdateResult(String str, String str2) {
            this.message = str;
            this.etag = str2;
            this.error = null;
        }

        public ConfigUpdateResult(String str, StandardResponse.Error error) {
            this.message = str;
            this.etag = null;
            this.error = error;
        }

        public Object toBasicObject() {
            return OrderedImmutableMap.ofNonNull("message", this.message, "etag", this.etag, "error", this.error);
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/configuration/ConfigurationRepository$ConfigWithMetadata.class */
    public static class ConfigWithMetadata {
        private final Map<String, ?> content;
        private final String etag;

        public ConfigWithMetadata(Map<String, ?> map, String str) {
            this.content = map;
            this.etag = str;
        }

        public Map<String, ?> getContent() {
            return this.content;
        }

        public String getEtag() {
            return this.etag;
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/configuration/ConfigurationRepository$Context.class */
    public static class Context implements Parser.Context {
        private final VariableResolvers variableResolvers;
        private final SearchGuardModulesRegistry searchGuardModulesRegistry;
        private final Settings esSettings;
        private final Path configPath;

        public Context(VariableResolvers variableResolvers, SearchGuardModulesRegistry searchGuardModulesRegistry, Settings settings, Path path) {
            this.variableResolvers = variableResolvers;
            this.searchGuardModulesRegistry = searchGuardModulesRegistry;
            this.esSettings = settings;
            this.configPath = path;
        }

        public VariableResolvers variableResolvers() {
            return this.variableResolvers;
        }

        public SearchGuardModulesRegistry modulesRegistry() {
            return this.searchGuardModulesRegistry;
        }

        public Settings getEsSettings() {
            return this.esSettings;
        }

        public Path getConfigPath() {
            return this.configPath;
        }
    }

    public ConfigurationRepository(final Settings settings, final Path path, final ThreadPool threadPool, final Client client, final ClusterService clusterService, ConfigVarService configVarService, SearchGuardModulesRegistry searchGuardModulesRegistry, StaticSgConfig staticSgConfig) {
        this.searchguardIndex = settings.get(ConfigConstants.SEARCHGUARD_CONFIG_INDEX_NAME, ConfigConstants.SG_DEFAULT_CONFIG_INDEX);
        this.settings = settings;
        this.client = client;
        this.clusterService = clusterService;
        this.privilegedConfigClient = PrivilegedConfigClient.adapt(client);
        this.componentState.setMandatory(true);
        this.mainConfigLoader = new ConfigurationLoader(client, settings, this.componentState, this, staticSgConfig);
        this.externalUseConfigLoader = new ConfigurationLoader(client, settings, null, this, null);
        this.variableResolvers = VariableResolvers.ALL_PRIVILEGED.with("var", str -> {
            return configVarService.get(str);
        });
        this.parserContext = new Context(this.variableResolvers, searchGuardModulesRegistry, settings, path);
        this.threadPool = threadPool;
        configVarService.addChangeListener(() -> {
            if (this.currentConfig != null) {
                try {
                    reloadConfiguration(CType.all(), "Config variable update");
                } catch (Exception e) {
                    LOGGER.error("Error while reloading configuration after config var change", e);
                }
            }
        });
        this.bgThread = new Thread(new Runnable() { // from class: com.floragunn.searchguard.configuration.ConfigurationRepository.1
            @Override // java.lang.Runnable
            public void run() {
                ClusterHealthResponse clusterHealthResponse;
                try {
                    ConfigurationRepository.LOGGER.info("Background init thread started. Install default config?: " + ConfigurationRepository.this.installDefaultConfig.get());
                    if (ConfigurationRepository.this.installDefaultConfig.get()) {
                        ConfigurationRepository.this.componentState.setState(ComponentState.State.INITIALIZING, "install_default_config");
                        try {
                            try {
                                String property = System.getProperty("sg.default_init.dir");
                                String str2 = property != null ? property + "/" : new Environment(settings, path).pluginsFile().toAbsolutePath().toString() + "/search-guard-flx/sgconfig/";
                                File file = new File(str2 + "sg_authc.yml");
                                File file2 = new File(str2 + "sg_config.yml");
                                if (file.exists() || file2.exists()) {
                                    ThreadContext threadContext = threadPool.getThreadContext();
                                    ThreadContext.StoredContext stashContext = threadContext.stashContext();
                                    try {
                                        threadContext.putHeader(ConfigConstants.SG_CONF_REQUEST_HEADER, "true");
                                        ConfigurationRepository.LOGGER.info("Will create {} index so we can apply default config", ConfigurationRepository.this.searchguardIndex);
                                        boolean isAcknowledged = ((CreateIndexResponse) client.admin().indices().create(new CreateIndexRequest(ConfigurationRepository.this.searchguardIndex).settings(ConfigurationRepository.SG_INDEX_SETTINGS).mapping("_doc", ConfigurationRepository.SG_INDEX_MAPPING)).actionGet()).isAcknowledged();
                                        ConfigurationRepository.LOGGER.info("Index {} created?: {}", ConfigurationRepository.this.searchguardIndex, Boolean.valueOf(isAcknowledged));
                                        if (isAcknowledged) {
                                            if (new File(str2 + "sg_authc.yml").exists()) {
                                                ConfigurationRepository.uploadFile(client, str2 + "sg_authc.yml", ConfigurationRepository.this.searchguardIndex, CType.AUTHC, ConfigurationRepository.this.parserContext);
                                            } else if (new File(str2 + "sg_config.yml").exists()) {
                                                ConfigurationRepository.uploadFile(client, str2 + "sg_config.yml", ConfigurationRepository.this.searchguardIndex, CType.CONFIG, ConfigurationRepository.this.parserContext);
                                            }
                                            ConfigurationRepository.uploadFile(client, str2 + "sg_roles.yml", ConfigurationRepository.this.searchguardIndex, CType.ROLES, ConfigurationRepository.this.parserContext);
                                            ConfigurationRepository.uploadFile(client, str2 + "sg_roles_mapping.yml", ConfigurationRepository.this.searchguardIndex, CType.ROLESMAPPING, ConfigurationRepository.this.parserContext);
                                            ConfigurationRepository.uploadFile(client, str2 + "sg_internal_users.yml", ConfigurationRepository.this.searchguardIndex, CType.INTERNALUSERS, ConfigurationRepository.this.parserContext);
                                            ConfigurationRepository.uploadFile(client, str2 + "sg_action_groups.yml", ConfigurationRepository.this.searchguardIndex, CType.ACTIONGROUPS, ConfigurationRepository.this.parserContext);
                                            ConfigurationRepository.uploadFile(client, str2 + "sg_tenants.yml", ConfigurationRepository.this.searchguardIndex, CType.TENANTS, ConfigurationRepository.this.parserContext);
                                            ConfigurationRepository.uploadFile(client, str2 + "sg_blocks.yml", ConfigurationRepository.this.searchguardIndex, CType.BLOCKS, ConfigurationRepository.this.parserContext);
                                            ConfigurationRepository.uploadFile(client, str2 + "sg_frontend_authc.yml", ConfigurationRepository.this.searchguardIndex, CType.FRONTEND_AUTHC, ConfigurationRepository.this.parserContext);
                                            if (new File(str2 + "sg_authc_transport.yml").exists()) {
                                                ConfigurationRepository.uploadFile(client, str2 + "sg_authc_transport.yml", ConfigurationRepository.this.searchguardIndex, CType.AUTHC_TRANSPORT, ConfigurationRepository.this.parserContext);
                                            }
                                            if (new File(str2 + "sg_authz.yml").exists()) {
                                                ConfigurationRepository.uploadFile(client, str2 + "sg_authz.yml", ConfigurationRepository.this.searchguardIndex, CType.AUTHZ, ConfigurationRepository.this.parserContext);
                                            }
                                            if (new File(str2 + "sg_license_key.yml").exists()) {
                                                ConfigurationRepository.uploadFile(client, str2 + "sg_license_key.yml", ConfigurationRepository.this.searchguardIndex, CType.LICENSE_KEY, ConfigurationRepository.this.parserContext);
                                            }
                                            ConfigurationRepository.LOGGER.info("Default config applied");
                                        } else {
                                            ConfigurationRepository.LOGGER.error("Can not create {} index", ConfigurationRepository.this.searchguardIndex);
                                            ConfigurationRepository.this.componentState.setFailed("Index creation was not acknowledged");
                                        }
                                        if (stashContext != null) {
                                            stashContext.close();
                                        }
                                    } catch (Throwable th) {
                                        if (stashContext != null) {
                                            try {
                                                stashContext.close();
                                            } catch (Throwable th2) {
                                                th.addSuppressed(th2);
                                            }
                                        }
                                        throw th;
                                    }
                                } else {
                                    ConfigurationRepository.LOGGER.error("{} does not exist", file.getAbsolutePath());
                                    ConfigurationRepository.this.componentState.setFailed(file.getAbsolutePath() + " does not exist");
                                }
                            } catch (Exception e) {
                                ConfigurationRepository.LOGGER.error("Cannot apply default config (this is maybe not an error!) due to {}", e.getMessage(), e);
                                ConfigurationRepository.this.componentState.setFailed(e);
                            }
                        } catch (ResourceAlreadyExistsException e2) {
                            ConfigurationRepository.LOGGER.debug("Cannot apply default config (this is maybe not an error!) due to {}", e2.getMessage());
                        }
                    }
                    ConfigurationRepository.LOGGER.debug("Node started, try to initialize it. Wait for at least yellow cluster state....");
                    ConfigurationRepository.this.componentState.setState(ComponentState.State.INITIALIZING, "waiting_for_yellow_index");
                    clusterHealthResponse = null;
                    try {
                        clusterHealthResponse = (ClusterHealthResponse) client.admin().cluster().health(new ClusterHealthRequest(new String[]{ConfigurationRepository.this.searchguardIndex}).waitForActiveShards(1).waitForYellowStatus()).actionGet();
                    } catch (Exception e3) {
                        ConfigurationRepository.LOGGER.debug("Catched a {} but we just try again ...", e3.toString());
                    }
                } catch (Exception e4) {
                    ConfigurationRepository.LOGGER.error("Unexpected exception while initializing node " + e4, e4);
                    ConfigurationRepository.this.componentState.setFailed(e4);
                    return;
                }
                while (true) {
                    if (clusterHealthResponse != null && !clusterHealthResponse.isTimedOut() && clusterHealthResponse.getStatus() != ClusterHealthStatus.RED) {
                        break;
                    }
                    ConfigurationRepository.LOGGER.debug("index '{}' not healthy yet, we try again ... (Reason: {})", ConfigurationRepository.this.searchguardIndex, clusterHealthResponse == null ? "no response" : clusterHealthResponse.isTimedOut() ? "timeout" : "other, maybe red cluster");
                    try {
                        Thread.sleep(500L);
                    } catch (InterruptedException e5) {
                        Thread.currentThread().interrupt();
                    }
                    ConfigurationRepository.this.componentState.startNextTry();
                    try {
                        clusterHealthResponse = (ClusterHealthResponse) client.admin().cluster().health(new ClusterHealthRequest(new String[]{ConfigurationRepository.this.searchguardIndex}).waitForActiveShards(1).waitForYellowStatus()).actionGet();
                    } catch (Exception e6) {
                        ConfigurationRepository.LOGGER.debug("Catched again a {} but we just try again ...", e6.toString());
                    }
                    ConfigurationRepository.LOGGER.error("Unexpected exception while initializing node " + e4, e4);
                    ConfigurationRepository.this.componentState.setFailed(e4);
                    return;
                }
                ConfigurationRepository.this.componentState.setState(ComponentState.State.INITIALIZING, "loading");
                while (ConfigurationRepository.this.currentConfig == null) {
                    ConfigurationRepository.this.componentState.startNextTry();
                    try {
                        ConfigurationRepository.LOGGER.debug("Try to load config ...");
                        ConfigurationRepository.this.reloadConfiguration(CType.all(), "Initialization");
                        break;
                    } catch (Exception e7) {
                        ConfigurationRepository.LOGGER.debug("Unable to load configuration due to {}", String.valueOf(ExceptionUtils.getRootCause(e7)));
                        try {
                            Thread.sleep(3000L);
                        } catch (InterruptedException e8) {
                            Thread.currentThread().interrupt();
                            ConfigurationRepository.LOGGER.debug("Thread was interrupted so we cancel initialization");
                        }
                    }
                }
                ConfigurationRepository.LOGGER.info("Node '{}' initialized", clusterService.localNode().getName());
                ConfigurationRepository.this.componentState.setInitialized();
            }
        });
    }

    public void initOnNodeStart() {
        LOGGER.info("Check if " + this.searchguardIndex + " index exists ...");
        try {
            if (this.clusterService.state().getMetadata().hasConcreteIndex(this.searchguardIndex)) {
                LOGGER.info("{} index does already exist, so we try to load the config from it", this.searchguardIndex);
                this.bgThread.start();
            } else if (this.settings.getAsBoolean(ConfigConstants.SEARCHGUARD_ALLOW_DEFAULT_INIT_SGINDEX, false).booleanValue()) {
                LOGGER.info("{} index does not exist yet, so we create a default config", this.searchguardIndex);
                this.installDefaultConfig.set(true);
                this.bgThread.start();
            } else if (this.settings.getAsBoolean(ConfigConstants.SEARCHGUARD_BACKGROUND_INIT_IF_SGINDEX_NOT_EXIST, true).booleanValue()) {
                LOGGER.info("{} index does not exist yet, so no need to load config on node startup. Use sgadmin to initialize cluster", this.searchguardIndex);
                this.bgThread.start();
            } else {
                LOGGER.info("{} index does not exist yet, use sgadmin to initialize the cluster. We will not perform background initialization", this.searchguardIndex);
            }
        } catch (Throwable th) {
            LOGGER.error("Error during node initialization: {}", th, th);
            this.bgThread.start();
            this.componentState.addLastException("initOnNodeStart", th);
        }
    }

    public <T> SgDynamicConfiguration<T> getConfiguration(CType<T> cType) {
        if (this.currentConfig == null) {
            throw new RuntimeException("ConfigurationRepository is not yet initialized");
        }
        return this.currentConfig.get(cType);
    }

    public boolean isInitialized() {
        return this.currentConfig != null;
    }

    public void reloadConfiguration(Set<CType<?>> set, String str) throws ConfigUpdateAlreadyInProgressException, ConfigUnavailableException {
        try {
            if (!this.LOCK.tryLock(60L, TimeUnit.SECONDS)) {
                throw new ConfigUpdateAlreadyInProgressException("A config update is already in progress", new Object[0]);
            }
            try {
                reloadConfiguration0(set, str);
                this.LOCK.unlock();
            } catch (Throwable th) {
                this.LOCK.unlock();
                throw th;
            }
        } catch (InterruptedException e) {
            throw new ConfigUpdateAlreadyInProgressException("Interrupted config update", e, new Object[0]);
        }
    }

    private void reloadConfiguration0(Set<CType<?>> set, String str) throws ConfigUnavailableException {
        ConfigMap only;
        try {
            ConfigMap configMap = this.mainConfigLoader.load(set, str).get();
            if (this.currentConfig == null) {
                this.currentConfig = configMap;
                only = null;
            } else {
                ConfigMap configMap2 = this.currentConfig;
                ConfigMap with = configMap2.with(configMap);
                only = configMap2.only(configMap.getTypes());
                this.currentConfig = with;
            }
            notifyAboutChanges(this.currentConfig);
            if (only != null && !only.isEmpty()) {
                ConfigMap configMap3 = only;
                this.threadPool.schedule(() -> {
                    LOGGER.debug("Destroying old configuration: " + configMap3);
                    configMap3.destroy();
                }, TimeValue.timeValueSeconds(10L), "generic");
            }
        } catch (InterruptedException e) {
            throw new RuntimeException("Interrupted while waiting for configuration", e);
        } catch (ExecutionException e2) {
            if (e2.getCause() instanceof ConfigUnavailableException) {
                throw ((ConfigUnavailableException) e2.getCause());
            }
            if (!(e2.getCause() instanceof RuntimeException)) {
                throw new RuntimeException(e2);
            }
            throw ((RuntimeException) e2.getCause());
        }
    }

    public synchronized void subscribeOnChange(ConfigurationChangeListener configurationChangeListener) {
        this.configurationChangedListener.add(configurationChangeListener);
    }

    private synchronized void notifyAboutChanges(ConfigMap configMap) {
        for (ConfigurationChangeListener configurationChangeListener : this.configurationChangedListener) {
            try {
                LOGGER.debug("Notify {} listener about change configuration with type {}", configurationChangeListener);
                configurationChangeListener.onChange(configMap);
            } catch (Exception e) {
                LOGGER.error("{} listener errored: " + e, configurationChangeListener, e);
                throw ExceptionsHelper.convertToElastic(e);
            }
        }
    }

    public <T> SgDynamicConfiguration<T> getConfigurationFromIndex(CType<T> cType, String str) throws ConfigUnavailableException {
        return this.externalUseConfigLoader.loadSync(cType, str);
    }

    public ConfigMap getConfigurationsFromIndex(Set<CType<?>> set, String str) throws ConfigUnavailableException {
        return this.externalUseConfigLoader.loadSync(set, str);
    }

    public <T> SgConfigEntry<T> getConfigEntryFromIndex(CType<T> cType, String str, String str2) throws ConfigUnavailableException, NoSuchConfigEntryException {
        SgDynamicConfiguration<T> configurationFromIndex = getConfigurationFromIndex(cType, str2);
        T cEntry = configurationFromIndex.getCEntry(str);
        if (cEntry != null) {
            return new SgConfigEntry<>(cEntry, configurationFromIndex);
        }
        throw new NoSuchConfigEntryException(cType, str);
    }

    public <T> StandardResponse addOrUpdate(CType<T> cType, String str, T t, String str2) throws ConfigUpdateException, ConcurrentConfigUpdateException {
        try {
            SgDynamicConfiguration<T> configurationFromIndex = getConfigurationFromIndex(cType, "Update of entry " + str);
            if (str2 != null && !configurationFromIndex.getETag().equals(str2)) {
                throw new ConcurrentConfigUpdateException("Unable to update configuration due to concurrent modification:\nIf-Match: " + str2 + "; ETag: " + configurationFromIndex.getETag());
            }
            boolean z = configurationFromIndex.getCEntry(str) != null;
            configurationFromIndex.putCEntry(str, t);
            update(cType, configurationFromIndex, str2);
            return !z ? new StandardResponse(201).message(cType.getUiName() + " " + str + " has been created") : new StandardResponse(200).message(cType.getUiName() + " " + str + " has been updated");
        } catch (ConfigUnavailableException e) {
            throw new ConfigUpdateException(e);
        }
    }

    public <T> StandardResponse applyPatch(final CType<T> cType, DocPatch docPatch, String str) throws ConfigUpdateException, ConcurrentConfigUpdateException, NoSuchConfigEntryException, ConfigValidationException {
        try {
            if (cType.getArity() == CType.Arity.SINGLE) {
                return applyPatch(cType, "default", docPatch, str);
            }
            final SgDynamicConfiguration<T> configurationFromIndex = getConfigurationFromIndex(cType, "Update of entry");
            if (str != null && !configurationFromIndex.getETag().equals(str)) {
                throw new ConcurrentConfigUpdateException("Unable to update configuration due to concurrent modification:\nIf-Match: " + str + "; ETag: " + configurationFromIndex.getETag());
            }
            configurationFromIndex.setEntries((Map) new PatchableDocument<Map<String, T>>() { // from class: com.floragunn.searchguard.configuration.ConfigurationRepository.2
                public Object toBasicObject() {
                    return configurationFromIndex.toBasicObject();
                }

                /* renamed from: parseI, reason: merged with bridge method [inline-methods] */
                public Map<String, T> m120parseI(DocNode docNode, Parser.Context context) throws ConfigValidationException {
                    ValidationErrors validationErrors = new ValidationErrors();
                    if (!docNode.isMap()) {
                        throw new ConfigValidationException(new InvalidAttributeValue((String) null, docNode, "A JSON object"));
                    }
                    LinkedHashMap linkedHashMap = new LinkedHashMap();
                    for (Map.Entry entry : docNode.toMapOfNodes().entrySet()) {
                        ValidationResult parse = cType.getParser().parse((DocNode) entry.getValue(), ConfigurationRepository.this.parserContext);
                        if (parse.hasErrors()) {
                            validationErrors.add((String) entry.getKey(), parse.getValidationErrors());
                        } else {
                            linkedHashMap.put((String) entry.getKey(), parse.peek());
                        }
                    }
                    validationErrors.throwExceptionForPresentErrors();
                    return linkedHashMap;
                }
            }.patch(docPatch, this.parserContext));
            update(cType, configurationFromIndex, str);
            return new StandardResponse(200).message(cType.getUiName() + " has been updated");
        } catch (ConfigUnavailableException | DocUpdateException e) {
            throw new ConfigUpdateException(e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T> StandardResponse applyPatch(CType<T> cType, String str, DocPatch docPatch, String str2) throws ConfigUpdateException, ConcurrentConfigUpdateException, NoSuchConfigEntryException, ConfigValidationException {
        try {
            SgDynamicConfiguration configurationFromIndex = getConfigurationFromIndex(cType, "Update of entry " + str);
            if (str2 != null && !configurationFromIndex.getETag().equals(str2)) {
                throw new ConcurrentConfigUpdateException("Unable to update configuration due to concurrent modification:\nIf-Match: " + str2 + "; ETag: " + configurationFromIndex.getETag());
            }
            PatchableDocument patchableDocument = (Document) configurationFromIndex.getCEntry(str);
            if (patchableDocument == null) {
                throw new NoSuchConfigEntryException(cType, str);
            }
            if (!(patchableDocument instanceof PatchableDocument)) {
                throw new ConfigUpdateException("The config type " + cType + " cannot be patched");
            }
            configurationFromIndex.putCEntry(str, patchableDocument.patch(docPatch, this.parserContext));
            update(cType, configurationFromIndex, str2);
            return new StandardResponse(200).message(cType.getArity() == CType.Arity.SINGLE ? cType.getUiName() + " has been updated" : cType.getUiName() + " " + str + " has been updated");
        } catch (ConfigUnavailableException | DocUpdateException e) {
            throw new ConfigUpdateException(e);
        }
    }

    public <T> StandardResponse delete(CType<T> cType, String str) throws ConfigUpdateException, ConcurrentConfigUpdateException, NoSuchConfigEntryException {
        try {
            SgDynamicConfiguration<T> configurationFromIndex = getConfigurationFromIndex(cType, "Deletion of entry " + str);
            if (!configurationFromIndex.exists(str)) {
                throw new NoSuchConfigEntryException(cType, str);
            }
            configurationFromIndex.remove(str);
            update(cType, configurationFromIndex, null);
            return new StandardResponse(200).message(cType.getUiName() + " " + str + " has been deleted");
        } catch (ConfigUnavailableException e) {
            throw new ConfigUpdateException(e);
        }
    }

    public <T> void update(CType<T> cType, SgDynamicConfiguration<T> sgDynamicConfiguration, String str) throws ConfigUpdateException, ConcurrentConfigUpdateException {
        IndexRequest indexRequest = new IndexRequest(this.searchguardIndex);
        try {
            sgDynamicConfiguration.removeStatic();
            String lCString = cType.toLCString();
            IndexRequest refreshPolicy = indexRequest.id(lCString).source(new Object[]{lCString, XContentHelper.toXContent(sgDynamicConfiguration, XContentType.JSON, false)}).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE);
            if (str != null) {
                try {
                    int indexOf = str.indexOf(46);
                    if (indexOf == -1) {
                        throw new ConcurrentConfigUpdateException("Invalid E-Tag " + str);
                    }
                    refreshPolicy.setIfPrimaryTerm(Long.parseLong(str.substring(0, indexOf)));
                    refreshPolicy.setIfSeqNo(Long.parseLong(str.substring(indexOf + 1)));
                } catch (NumberFormatException e) {
                    throw new ConcurrentConfigUpdateException("Invalid E-Tag " + str);
                }
            } else if (sgDynamicConfiguration.getPrimaryTerm() != -1 && sgDynamicConfiguration.getSeqNo() != -1) {
                refreshPolicy.setIfPrimaryTerm(sgDynamicConfiguration.getPrimaryTerm());
                refreshPolicy.setIfSeqNo(sgDynamicConfiguration.getSeqNo());
            }
            if (!this.clusterService.state().getMetadata().hasIndex(this.searchguardIndex) && !((CreateIndexResponse) this.privilegedConfigClient.admin().indices().create(new CreateIndexRequest(this.searchguardIndex).settings(SG_INDEX_SETTINGS).mapping("_doc", SG_INDEX_MAPPING)).actionGet()).isAcknowledged()) {
                throw new ConfigUpdateException("The creation of the Search Guard index was not acknowledged");
            }
            try {
                this.privilegedConfigClient.index(refreshPolicy).actionGet();
                try {
                    ConfigUpdateResponse configUpdateResponse = (ConfigUpdateResponse) this.privilegedConfigClient.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest((String[]) CType.lcStringValues().toArray(new String[0]))).actionGet();
                    if (configUpdateResponse.hasFailures()) {
                        throw new ConfigUpdateException("Configuration index was updated; however, some nodes reported failures while refreshing.", configUpdateResponse);
                    }
                } catch (Exception e2) {
                    throw new ConfigUpdateException("Configuration index was updated; however, the refresh failed", (Throwable) e2);
                }
            } catch (VersionConflictEngineException e3) {
                throw new ConcurrentConfigUpdateException("Unable to update configuration due to concurrent modification", e3);
            } catch (Exception e4) {
                throw new ConfigUpdateException("Updating the config failed", (Throwable) e4);
            }
        } catch (IOException e5) {
            throw new RuntimeException(e5);
        }
    }

    public Map<CType<?>, ConfigUpdateResult> update(Map<CType<?>, ConfigWithMetadata> map) throws ConfigUpdateException, ConfigValidationException, ConcurrentConfigUpdateException {
        SgDynamicConfiguration sgDynamicConfiguration;
        ValidationErrors validationErrors = new ValidationErrors();
        BulkRequest bulkRequest = new BulkRequest();
        bulkRequest.setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE);
        if (map.isEmpty()) {
            throw new ConfigValidationException(new ValidationError((String) null, "No configuration given"));
        }
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<CType<?>, ConfigWithMetadata> entry : map.entrySet()) {
            CType<?> key = entry.getKey();
            if (entry.getValue() == null) {
                validationErrors.add(new InvalidAttributeValue(key.toLCString(), (Object) null, "A config JSON document"));
            } else {
                Map content = entry.getValue().getContent();
                String etag = entry.getValue().getEtag();
                if (content == null) {
                    validationErrors.add(new InvalidAttributeValue(key.toLCString(), (Object) null, "A config JSON document"));
                } else {
                    if (key.getArity() == CType.Arity.SINGLE) {
                        content = !content.isEmpty() ? ImmutableMap.of("default", DocNode.wrap(content).splitDottedAttributeNamesToTree().toMap()) : ImmutableMap.empty();
                    }
                    try {
                        SgDynamicConfiguration fromMap = SgDynamicConfiguration.fromMap(content, key, this.parserContext);
                        fromMap.removeStatic();
                        if (fromMap.getValidationErrors() == null || !fromMap.getValidationErrors().hasErrors()) {
                            String lCString = key.toLCString();
                            IndexRequest source = new IndexRequest(this.searchguardIndex).id(lCString).source(new Object[]{lCString, XContentHelper.toXContent(fromMap, XContentType.JSON, false)});
                            if (etag != null) {
                                try {
                                    int indexOf = etag.indexOf(46);
                                    if (indexOf == -1) {
                                        validationErrors.add(new InvalidAttributeValue(key.toLCString(), etag, (Object) null).message("Invalid E-Tag"));
                                    } else {
                                        long parseLong = Long.parseLong(etag.substring(0, indexOf));
                                        long parseLong2 = Long.parseLong(etag.substring(indexOf + 1));
                                        if (this.currentConfig != null && (sgDynamicConfiguration = this.currentConfig.get(key)) != null && (sgDynamicConfiguration.getPrimaryTerm() != parseLong || sgDynamicConfiguration.getSeqNo() != parseLong2)) {
                                            arrayList.add(key.toLCString());
                                        }
                                        source.setIfPrimaryTerm(parseLong);
                                        source.setIfSeqNo(parseLong2);
                                    }
                                } catch (NumberFormatException e) {
                                    validationErrors.add(new InvalidAttributeValue(key.toLCString(), etag, (Object) null).message("Invalid E-Tag"));
                                }
                            }
                            bulkRequest.add(source);
                        } else {
                            validationErrors.add(key.toLCString(), fromMap.getValidationErrors());
                        }
                    } catch (ConfigValidationException e2) {
                        validationErrors.add(key.toLCString(), e2);
                    } catch (IOException e3) {
                        throw new RuntimeException(e3);
                    }
                }
            }
        }
        if (!arrayList.isEmpty()) {
            if (arrayList.size() == 1) {
                throw new ConcurrentConfigUpdateException("The configuration " + ((String) arrayList.get(0)) + " has been concurrently modified.");
            }
            throw new ConcurrentConfigUpdateException("The configurations " + ((String) arrayList.stream().collect(Collectors.joining(", "))) + " have been concurrently modified.");
        }
        validationErrors.throwExceptionForPresentErrors();
        if (!this.clusterService.state().getMetadata().hasIndex(this.searchguardIndex) && !((CreateIndexResponse) this.client.admin().indices().create(new CreateIndexRequest(this.searchguardIndex).settings(SG_INDEX_SETTINGS).mapping("_doc", SG_INDEX_MAPPING)).actionGet()).isAcknowledged()) {
            throw new ConfigUpdateException("The creation of the Search Guard index was not acknowledged");
        }
        try {
            BulkResponse bulkResponse = (BulkResponse) this.privilegedConfigClient.bulk(bulkRequest).actionGet();
            LinkedHashMap linkedHashMap = new LinkedHashMap(map.size());
            for (BulkItemResponse bulkItemResponse : bulkResponse.getItems()) {
                CType<?> fromString = CType.fromString(bulkItemResponse.getId());
                if (fromString == null) {
                    LOGGER.error("Could not find CType for " + bulkItemResponse.getId());
                } else if (bulkItemResponse.isFailed()) {
                    linkedHashMap.put(fromString, new ConfigUpdateResult("Update failed", new StandardResponse.Error(bulkItemResponse.getFailureMessage())));
                } else {
                    linkedHashMap.put(fromString, new ConfigUpdateResult("Update successful", bulkItemResponse.getResponse().getPrimaryTerm() + "." + bulkItemResponse.getResponse().getSeqNo()));
                }
            }
            if (bulkResponse.hasFailures()) {
                LOGGER.error("Index update finished with errors:\n" + Strings.toString(bulkResponse));
                List<String> documentIdsWithVersionConflictEngineException = getDocumentIdsWithVersionConflictEngineException(bulkResponse);
                if (documentIdsWithVersionConflictEngineException.isEmpty()) {
                    throw new ConfigUpdateException("Updating the configuration failed", bulkResponse).updateResult(linkedHashMap);
                }
                if (documentIdsWithVersionConflictEngineException.size() == 1) {
                    throw new ConcurrentConfigUpdateException("The configuration " + documentIdsWithVersionConflictEngineException.get(0) + " has been concurrently modified.").updateResult(linkedHashMap);
                }
                throw new ConcurrentConfigUpdateException("The configurations " + ((String) documentIdsWithVersionConflictEngineException.stream().collect(Collectors.joining(", "))) + " have been concurrently modified.").updateResult(linkedHashMap);
            }
            LOGGER.info("Index update done:\n" + Strings.toString(bulkResponse));
            try {
                ConfigUpdateResponse configUpdateResponse = (ConfigUpdateResponse) this.privilegedConfigClient.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest((String[]) CType.lcStringValues().toArray(new String[0]))).actionGet();
                if (configUpdateResponse.hasFailures()) {
                    throw new ConfigUpdateException("Configuration index was updated; however, some nodes reported failures while refreshing.", configUpdateResponse).updateResult(linkedHashMap);
                }
                return linkedHashMap;
            } catch (Exception e4) {
                throw new ConfigUpdateException("Configuration index was updated; however, the refresh failed", (Throwable) e4).updateResult(linkedHashMap);
            }
        } catch (ConcurrentConfigUpdateException | ConfigUpdateException e5) {
            throw e5;
        } catch (Exception e6) {
            throw new ConfigUpdateException("Updating the configuration failed", (Throwable) e6);
        }
    }

    public ComponentState getComponentState() {
        this.componentState.updateStateFromParts();
        return this.componentState;
    }

    public String getSearchguardIndex() {
        return this.searchguardIndex;
    }

    public Context getParserContext() {
        return this.parserContext;
    }

    private List<String> getDocumentIdsWithVersionConflictEngineException(BulkResponse bulkResponse) {
        ArrayList arrayList = new ArrayList();
        for (BulkItemResponse bulkItemResponse : bulkResponse.getItems()) {
            if (bulkItemResponse.getFailure() != null && (bulkItemResponse.getFailure().getCause() instanceof VersionConflictEngineException)) {
                arrayList.add(bulkItemResponse.getId());
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T> void uploadFile(Client client, String str, String str2, CType<T> cType, Context context) throws Exception {
        LOGGER.info("Will update '" + cType + "' with " + str);
        try {
            FileReader fileReader = new FileReader(str);
            try {
                DocNode from = DocNode.parse(Format.YAML).from(fileReader);
                if (from.isNull()) {
                    from = DocNode.EMPTY;
                }
                if (cType.getArity() == CType.Arity.SINGLE) {
                    from = DocNode.of("default", from.toMap());
                }
                if (!cType.toLCString().equals(((IndexResponse) client.index(new IndexRequest(str2).id(cType.toLCString()).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{cType.toLCString(), new BytesArray(from.toJsonString())})).actionGet()).getId())) {
                    throw new Exception("   FAIL: Configuration for '" + cType.toLCString() + "' failed for unknown reasons. Pls. consult logfile of elasticsearch");
                }
                fileReader.close();
            } finally {
            }
        } catch (Exception e) {
            throw e;
        }
    }
}
