package com.floragunn.searchguard.configuration.variables;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.DocWriter;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.errors.MissingAttribute;
import com.floragunn.codova.validation.errors.ValidationError;
import com.floragunn.searchguard.configuration.ProtectedConfigIndexService;
import com.floragunn.searchguard.configuration.variables.ConfigVarApi;
import com.floragunn.searchguard.configuration.variables.ConfigVarRefreshAction;
import com.floragunn.searchguard.support.ConfigConstants;
import com.floragunn.searchguard.support.PrivilegedConfigClient;
import com.floragunn.searchsupport.action.StandardResponse;
import com.floragunn.searchsupport.client.Actions;
import com.floragunn.searchsupport.cstate.ComponentState;
import com.floragunn.searchsupport.cstate.ComponentStateProvider;
import com.google.common.io.BaseEncoding;
import java.security.SecureRandom;
import java.time.Instant;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Random;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.DocWriteRequest;
import org.elasticsearch.action.DocWriteResponse;
import org.elasticsearch.action.bulk.BulkItemResponse;
import org.elasticsearch.action.bulk.BulkRequest;
import org.elasticsearch.action.bulk.BulkResponse;
import org.elasticsearch.action.delete.DeleteRequest;
import org.elasticsearch.action.delete.DeleteResponse;
import org.elasticsearch.action.get.GetRequest;
import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.search.SearchRequest;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.index.engine.VersionConflictEngineException;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.search.SearchHit;
import org.elasticsearch.search.builder.SearchSourceBuilder;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:com/floragunn/searchguard/configuration/variables/ConfigVarService.class */
public class ConfigVarService implements ComponentStateProvider {
    private static final Logger log = LogManager.getLogger(ConfigVarService.class);
    private final Client client;
    private final PrivilegedConfigClient privilegedConfigClient;
    private final ClusterService clusterService;
    private final ThreadPool threadPool;
    private volatile Map<String, Object> values;
    private final EncryptionKeys encryptionKeys;
    private final Map<String, RequestedValue> requestedValues = new ConcurrentHashMap();
    private final ComponentState componentState = new ComponentState(1000, (String) null, "config_var_storage", ConfigVarService.class);
    private final String indexName = ".searchguard_config_vars";
    private final List<Runnable> changeListeners = new ArrayList();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.floragunn.searchguard.configuration.variables.ConfigVarService$4, reason: invalid class name */
    /* loaded from: input_file:com/floragunn/searchguard/configuration/variables/ConfigVarService$4.class */
    public static /* synthetic */ class AnonymousClass4 {
        static final /* synthetic */ int[] $SwitchMap$org$elasticsearch$action$DocWriteResponse$Result = new int[DocWriteResponse.Result.values().length];

        static {
            try {
                $SwitchMap$org$elasticsearch$action$DocWriteResponse$Result[DocWriteResponse.Result.CREATED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$elasticsearch$action$DocWriteResponse$Result[DocWriteResponse.Result.DELETED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$elasticsearch$action$DocWriteResponse$Result[DocWriteResponse.Result.NOOP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$elasticsearch$action$DocWriteResponse$Result[DocWriteResponse.Result.NOT_FOUND.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$elasticsearch$action$DocWriteResponse$Result[DocWriteResponse.Result.UPDATED.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/floragunn/searchguard/configuration/variables/ConfigVarService$RequestedValue.class */
    public static class RequestedValue {
        final Supplier<Object> valueSupplier;
        final String scope;

        RequestedValue(Supplier<Object> supplier, String str) {
            this.valueSupplier = supplier;
            this.scope = str;
        }

        public String toString() {
            return "[scope=" + this.scope + "]";
        }
    }

    public ConfigVarService(Client client, ClusterService clusterService, ThreadPool threadPool, ProtectedConfigIndexService protectedConfigIndexService, EncryptionKeys encryptionKeys) {
        this.client = client;
        this.privilegedConfigClient = PrivilegedConfigClient.adapt(client);
        this.clusterService = clusterService;
        this.threadPool = threadPool;
        this.encryptionKeys = encryptionKeys;
        this.componentState.addPart(protectedConfigIndexService.createIndex(new ProtectedConfigIndexService.ConfigIndex(".searchguard_config_vars").mapping(ConfigVar.INDEX_MAPPING).onIndexReady(failureListener -> {
            init(failureListener);
        })));
    }

    public Object get(String str) {
        Map<String, Object> map = this.values;
        if (map == null) {
            throw new ConfigVarServiceNotYetAvailableException("ConfigVarService is not yet initialized");
        }
        return map.get(str);
    }

    public String getAsString(String str) {
        Object obj = get(str);
        if (obj != null) {
            return obj.toString();
        }
        return null;
    }

    public String getAsStringMandatory(String str) throws ConfigValidationException {
        Object obj = get(str);
        if (obj != null) {
            return obj.toString();
        }
        throw new ConfigValidationException(new MissingAttribute(str));
    }

    public CompletableFuture<StandardResponse> delete(final String str) {
        final CompletableFuture<StandardResponse> completableFuture = new CompletableFuture<>();
        this.privilegedConfigClient.delete((DeleteRequest) new DeleteRequest(".searchguard_config_vars", str).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE), new ActionListener<DeleteResponse>() { // from class: com.floragunn.searchguard.configuration.variables.ConfigVarService.1
            public void onResponse(final DeleteResponse deleteResponse) {
                ConfigVarRefreshAction.send(ConfigVarService.this.client, new ActionListener<ConfigVarRefreshAction.Response>() { // from class: com.floragunn.searchguard.configuration.variables.ConfigVarService.1.1
                    public void onResponse(ConfigVarRefreshAction.Response response) {
                        try {
                            ConfigVarService.log.info("Result of settings update:\n" + response);
                            if (response.hasFailures()) {
                                completableFuture.complete(new StandardResponse(500).error((String) null, "Index update was successful, but node refresh partially failed", response.failures().toString()));
                            } else if (deleteResponse.getResult() == DocWriteResponse.Result.DELETED) {
                                completableFuture.complete(new StandardResponse(200).message("Deleted"));
                            } else {
                                completableFuture.complete(new StandardResponse(404).error("Not found"));
                            }
                        } catch (Exception e) {
                            ConfigVarService.log.error("Error in onResponse", e);
                            completableFuture.completeExceptionally(e);
                        }
                    }

                    public void onFailure(Exception exc) {
                        ConfigVarService.log.error("settings update failed", exc);
                        completableFuture.complete(new StandardResponse(500).error("Index update was successful, but node refresh failed"));
                    }
                });
            }

            public void onFailure(Exception exc) {
                ConfigVarService.log.error("Error while deleting " + str, exc);
                ConfigVarService.this.componentState.addLastException("delete", exc);
                completableFuture.completeExceptionally(exc);
            }
        });
        return completableFuture;
    }

    public CompletableFuture<StandardResponse> update(ConfigVarApi.UpdateAction.Request request) throws EncryptionException {
        final String id = request.getId();
        final CompletableFuture<StandardResponse> completableFuture = new CompletableFuture<>();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (request.isEncrypt()) {
            linkedHashMap.put("encrypted", this.encryptionKeys.getEncryptedData(request.getValue()));
        } else {
            linkedHashMap.put("value", request.getValue());
        }
        if (request.getScope() != null) {
            linkedHashMap.put("scope", request.getScope());
        }
        linkedHashMap.put("updated", Instant.now());
        log.info("Writing secret " + id);
        this.privilegedConfigClient.index(new IndexRequest(".searchguard_config_vars").opType(request.mustNotExist() ? DocWriteRequest.OpType.CREATE : DocWriteRequest.OpType.INDEX).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id(id).source(linkedHashMap), new ActionListener<IndexResponse>() { // from class: com.floragunn.searchguard.configuration.variables.ConfigVarService.2
            public void onResponse(final IndexResponse indexResponse) {
                if (indexResponse.getResult() == DocWriteResponse.Result.CREATED || indexResponse.getResult() == DocWriteResponse.Result.UPDATED) {
                    ConfigVarRefreshAction.send(ConfigVarService.this.client, new ActionListener<ConfigVarRefreshAction.Response>() { // from class: com.floragunn.searchguard.configuration.variables.ConfigVarService.2.1
                        public void onResponse(ConfigVarRefreshAction.Response response) {
                            try {
                                ConfigVarService.log.info("Result of settings update:\n" + response);
                                if (response.hasFailures()) {
                                    completableFuture.complete(new StandardResponse(500).error((String) null, "Index update was successful, but node refresh partially failed", response.failures().toString()));
                                } else if (indexResponse.getResult() == DocWriteResponse.Result.CREATED) {
                                    completableFuture.complete(new StandardResponse(201).message("Created"));
                                } else {
                                    completableFuture.complete(new StandardResponse(200).message("Updated"));
                                }
                            } catch (Exception e) {
                                ConfigVarService.log.error("Error in onResponse", e);
                                completableFuture.completeExceptionally(e);
                            }
                        }

                        public void onFailure(Exception exc) {
                            ConfigVarService.log.error("settings update failed", exc);
                            completableFuture.complete(new StandardResponse(500).error("Index update was successful, but node refresh failed"));
                        }
                    });
                } else if (indexResponse.getResult() == DocWriteResponse.Result.NOOP) {
                    completableFuture.complete(new StandardResponse(200).message("Not changed"));
                } else {
                    completableFuture.complete(new StandardResponse(500).error((String) null, "Unexpected response", indexResponse.getResult() + ""));
                }
            }

            public void onFailure(Exception exc) {
                if (!(exc instanceof VersionConflictEngineException)) {
                    ConfigVarService.log.error("Error while updating " + id, exc);
                    ConfigVarService.this.componentState.addLastException("update", exc);
                    completableFuture.completeExceptionally(exc);
                } else if (exc.getMessage().contains("document already exists")) {
                    completableFuture.complete(new StandardResponse(412).error("Variable does already exist"));
                } else {
                    completableFuture.complete(new StandardResponse(412).error(exc.getMessage()));
                }
            }
        });
        return completableFuture;
    }

    public CompletableFuture<StandardResponse> updateAll(Map<String, ConfigVar> map) {
        BulkRequest bulkRequest = new BulkRequest();
        bulkRequest.setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE);
        ValidationErrors validationErrors = new ValidationErrors();
        for (Map.Entry<String, ConfigVar> entry : map.entrySet()) {
            ConfigVar value = entry.getValue();
            if (value.getEncValue() != null) {
                try {
                    this.encryptionKeys.getDecryptedData(value);
                } catch (Exception e) {
                    validationErrors.add(new ValidationError(entry.getKey(), e.getMessage()).cause(e));
                }
            }
            bulkRequest.add(new IndexRequest(".searchguard_config_vars").id(entry.getKey()).source(DocWriter.json().writeAsString(entry.getValue().updatedNow()), XContentType.JSON));
        }
        if (validationErrors.hasErrors()) {
            return CompletableFuture.completedFuture(new StandardResponse(400).error(validationErrors));
        }
        Iterator it = ((Set) this.values.keySet().stream().filter(str -> {
            return !map.containsKey(str);
        }).collect(Collectors.toSet())).iterator();
        while (it.hasNext()) {
            bulkRequest.add(new DeleteRequest(".searchguard_config_vars").id((String) it.next()));
        }
        if (bulkRequest.numberOfActions() == 0) {
            return CompletableFuture.completedFuture(new StandardResponse(200).message("Nothing to update"));
        }
        final CompletableFuture<StandardResponse> completableFuture = new CompletableFuture<>();
        this.privilegedConfigClient.bulk(bulkRequest, new ActionListener<BulkResponse>() { // from class: com.floragunn.searchguard.configuration.variables.ConfigVarService.3
            public void onResponse(final BulkResponse bulkResponse) {
                if (bulkResponse.hasFailures()) {
                    completableFuture.complete(new StandardResponse(500).error("Bulk update partially failed"));
                } else {
                    ConfigVarRefreshAction.send(ConfigVarService.this.client, new ActionListener<ConfigVarRefreshAction.Response>() { // from class: com.floragunn.searchguard.configuration.variables.ConfigVarService.3.1
                        public void onResponse(ConfigVarRefreshAction.Response response) {
                            ConfigVarService.log.info("Result of settings update:\n" + response);
                            if (response.hasFailures()) {
                                completableFuture.complete(new StandardResponse(500).error("Index update was successful, but node refresh partially failed"));
                            } else {
                                completableFuture.complete(new StandardResponse(200).message(ConfigVarService.this.getUpdateMessage(bulkResponse)));
                            }
                        }

                        public void onFailure(Exception exc) {
                            ConfigVarService.log.error("settings update failed", exc);
                            completableFuture.complete(new StandardResponse(500).error("Index update was successful, but node refresh failed"));
                        }
                    });
                }
            }

            public void onFailure(Exception exc) {
                ConfigVarService.log.error("Error while updating secrets", exc);
                ConfigVarService.this.componentState.addLastException("update", exc);
                completableFuture.completeExceptionally(exc);
            }
        });
        return completableFuture;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getUpdateMessage(BulkResponse bulkResponse) {
        int i = 0;
        int i2 = 0;
        int i3 = 0;
        int i4 = 0;
        int i5 = 0;
        for (BulkItemResponse bulkItemResponse : bulkResponse.getItems()) {
            switch (AnonymousClass4.$SwitchMap$org$elasticsearch$action$DocWriteResponse$Result[bulkItemResponse.getResponse().getResult().ordinal()]) {
                case ConfigConstants.SEARCHGUARD_AUDIT_SSL_VERIFY_HOSTNAMES_DEFAULT /* 1 */:
                    i++;
                    break;
                case 2:
                    i3++;
                    break;
                case 3:
                    i4++;
                    break;
                case 4:
                    i5++;
                    break;
                case 5:
                    i2++;
                    break;
            }
        }
        String str = "Update succesful: " + i + " created; " + i2 + " updated; " + i3 + " deleted";
        if (i4 > 0) {
            str = str + "; " + i4 + " unchanged";
        }
        if (i5 > 0) {
            str = str + "; " + i5 + " not found";
        }
        return str;
    }

    public synchronized void requestRandomKey(String str, int i, String str2) {
        this.requestedValues.put(str, new RequestedValue(() -> {
            return generateKey(i);
        }, str2));
    }

    public synchronized void requestValue(String str, Supplier<Object> supplier, String str2) {
        this.requestedValues.put(str, new RequestedValue(supplier, str2));
    }

    public Map<String, ConfigVar> getAllFromIndex() {
        PrivilegedConfigClient privilegedConfigClient = this.privilegedConfigClient;
        Objects.requireNonNull(this);
        SearchResponse searchResponse = (SearchResponse) privilegedConfigClient.search(new SearchRequest(new String[]{".searchguard_config_vars"}).source(SearchSourceBuilder.searchSource().query(QueryBuilders.matchAllQuery()).size(1000)).scroll(new TimeValue(10000L))).actionGet();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        do {
            try {
                for (SearchHit searchHit : searchResponse.getHits().getHits()) {
                    try {
                        linkedHashMap.put(searchHit.getId(), new ConfigVar(DocNode.wrap(searchHit.getSourceAsMap())));
                    } catch (Exception e) {
                        log.error("Error while reading " + searchHit, e);
                    }
                }
                searchResponse = (SearchResponse) this.client.prepareSearchScroll(searchResponse.getScrollId()).setScroll(new TimeValue(10000L)).execute().actionGet();
            } catch (Throwable th) {
                Actions.clearScrollAsync(this.client, searchResponse);
                throw th;
            }
        } while (searchResponse.getHits().getHits().length != 0);
        Actions.clearScrollAsync(this.client, searchResponse);
        return linkedHashMap;
    }

    public ConfigVar getFromIndex(String str) {
        PrivilegedConfigClient privilegedConfigClient = this.privilegedConfigClient;
        Objects.requireNonNull(this);
        GetResponse getResponse = (GetResponse) privilegedConfigClient.get(new GetRequest(".searchguard_config_vars", str)).actionGet();
        if (!getResponse.isExists()) {
            return null;
        }
        try {
            return new ConfigVar(DocNode.wrap(getResponse.getSourceAsMap()));
        } catch (ConfigValidationException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private synchronized void init(ProtectedConfigIndexService.FailureListener failureListener) {
        HashMap hashMap = new HashMap(this.requestedValues);
        try {
            HashMap hashMap2 = new HashMap(readValues());
            if (log.isDebugEnabled()) {
                log.debug("Read existing values: " + hashMap2.keySet());
            }
            if (this.clusterService.state().nodes().isLocalNodeElectedMaster()) {
                if (hashMap.isEmpty()) {
                    log.debug("No secrets need to be generated");
                } else {
                    log.info("Creating secrets: " + hashMap);
                }
                HashMap hashMap3 = new HashMap();
                for (Map.Entry entry : hashMap.entrySet()) {
                    String str = (String) entry.getKey();
                    try {
                        if (!hashMap2.containsKey(str)) {
                            Object obj = ((RequestedValue) entry.getValue()).valueSupplier.get();
                            hashMap3.put(str, obj);
                            LinkedHashMap linkedHashMap = new LinkedHashMap();
                            linkedHashMap.putAll(this.encryptionKeys.getEncryptedData(obj));
                            String str2 = ((RequestedValue) entry.getValue()).scope;
                            if (str2 != null) {
                                linkedHashMap.put("scope", str2);
                            }
                            linkedHashMap.put("updated", Instant.now());
                            PrivilegedConfigClient privilegedConfigClient = this.privilegedConfigClient;
                            Objects.requireNonNull(this);
                            IndexResponse indexResponse = (IndexResponse) privilegedConfigClient.index((IndexRequest) new IndexRequest(".searchguard_config_vars").id(str).source(linkedHashMap).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE)).actionGet();
                            this.requestedValues.remove(str);
                            if (log.isDebugEnabled()) {
                                log.debug("Written " + str + ": " + indexResponse);
                            }
                        }
                    } catch (Exception e) {
                        throw new Exception("Error while initializing value for " + str, e);
                    }
                }
                if (!hashMap3.isEmpty()) {
                    hashMap2.putAll(hashMap3);
                    ConfigVarRefreshAction.send(this.client);
                }
            }
            this.values = hashMap2;
            this.componentState.setInitialized();
            notifyChangeListeners();
            failureListener.onSuccess();
        } catch (Exception e2) {
            failureListener.onFailure(e2);
        }
    }

    public synchronized void addChangeListener(Runnable runnable) {
        this.changeListeners.add(runnable);
    }

    private void notifyChangeListeners() {
        for (Runnable runnable : this.changeListeners) {
            try {
                runnable.run();
            } catch (Exception e) {
                this.componentState.addLastException("notifyChangeListeners", e);
                log.error("Exception in change listener: " + runnable, e);
            }
        }
    }

    private Map<String, Object> readValues() {
        if (log.isTraceEnabled()) {
            log.trace("SecretsService.readValues()");
        }
        PrivilegedConfigClient privilegedConfigClient = this.privilegedConfigClient;
        Objects.requireNonNull(this);
        SearchResponse searchResponse = (SearchResponse) privilegedConfigClient.search(new SearchRequest(new String[]{".searchguard_config_vars"}).source(SearchSourceBuilder.searchSource().query(QueryBuilders.matchAllQuery()).size(1000)).scroll(new TimeValue(10000L))).actionGet();
        HashMap hashMap = new HashMap();
        loop0: do {
            try {
                for (SearchHit searchHit : searchResponse.getHits().getHits()) {
                    try {
                        Map<String, Object> sourceAsMap = searchHit.getSourceAsMap();
                        if (!sourceAsMap.containsKey("value")) {
                            if (!sourceAsMap.containsKey("encrypted")) {
                                throw new Exception("Unexpected doc: " + Strings.toString(searchHit));
                                break loop0;
                            }
                            hashMap.put(searchHit.getId(), this.encryptionKeys.getDecryptedData(sourceAsMap));
                        } else {
                            hashMap.put(searchHit.getId(), sourceAsMap.get("value"));
                        }
                    } catch (Exception e) {
                        this.componentState.getOrCreatePart("entry", searchHit.getId()).setFailed(e);
                        log.error("Error while reading " + searchHit, e);
                    }
                }
                searchResponse = (SearchResponse) this.client.prepareSearchScroll(searchResponse.getScrollId()).setScroll(new TimeValue(10000L)).execute().actionGet();
            } catch (Throwable th) {
                Actions.clearScrollAsync(this.client, searchResponse);
                throw th;
            }
        } while (searchResponse.getHits().getHits().length != 0);
        Actions.clearScrollAsync(this.client, searchResponse);
        log.debug("Read " + hashMap.size() + " secrets");
        return hashMap;
    }

    public void refresh() {
        log.info("Refreshing config variables");
        this.threadPool.generic().submit(() -> {
            refreshSync();
        });
    }

    private synchronized void refreshSync() {
        try {
            this.componentState.setState(ComponentState.State.INITIALIZING, "refreshing");
            Map<String, Object> readValues = readValues();
            if (this.values == null || !this.values.equals(readValues)) {
                log.info("Config variables changed");
                this.values = readValues;
                this.componentState.setState(ComponentState.State.INITIALIZED);
                notifyChangeListeners();
            } else {
                this.componentState.setState(ComponentState.State.INITIALIZED);
                log.debug("Config variables did not change");
            }
        } catch (Exception e) {
            log.error("Error while refreshing. Trying again.", e);
            this.componentState.addLastException("refresh", e);
            this.threadPool.generic().submit(() -> {
                try {
                    Thread.sleep(10000 + new Random().nextInt(10000));
                    refreshSync();
                } catch (InterruptedException e2) {
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String generateKey(int i) {
        byte[] bArr = new byte[i / 8];
        new SecureRandom().nextBytes(bArr);
        return BaseEncoding.base64().encode(bArr);
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }
}
