package com.floragunn.signals;

import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.searchguard.configuration.ProtectedConfigIndexService;
import com.floragunn.searchguard.internalauthtoken.InternalAuthTokenProvider;
import com.floragunn.searchguard.support.PrivilegedConfigClient;
import com.floragunn.searchguard.user.User;
import com.floragunn.searchsupport.cstate.ComponentState;
import com.floragunn.searchsupport.diag.DiagnosticContext;
import com.floragunn.signals.accounts.AccountRegistry;
import com.floragunn.signals.proxy.service.HttpProxyHostRegistry;
import com.floragunn.signals.proxy.service.ProxyCrudService;
import com.floragunn.signals.proxy.service.persistence.ProxyData;
import com.floragunn.signals.proxy.service.persistence.ProxyRepository;
import com.floragunn.signals.settings.SignalsSettings;
import com.floragunn.signals.truststore.service.TrustManagerRegistry;
import com.floragunn.signals.truststore.service.TruststoreCrudService;
import com.floragunn.signals.truststore.service.persistence.TruststoreData;
import com.floragunn.signals.truststore.service.persistence.TruststoreRepository;
import com.floragunn.signals.watch.Watch;
import com.floragunn.signals.watch.state.WatchState;
import com.google.common.collect.ImmutableList;
import com.google.common.io.BaseEncoding;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.security.SecureRandom;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.admin.indices.template.put.TransportPutComposableIndexTemplateAction;
import org.elasticsearch.action.support.master.AcknowledgedResponse;
import org.elasticsearch.client.internal.Client;
import org.elasticsearch.cluster.metadata.ComposableIndexTemplate;
import org.elasticsearch.cluster.metadata.Template;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.compress.CompressedXContent;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.env.NodeEnvironment;
import org.elasticsearch.features.FeatureService;
import org.elasticsearch.script.ScriptService;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.xcontent.NamedXContentRegistry;

/* loaded from: input_file:com/floragunn/signals/Signals.class */
public class Signals extends AbstractLifecycleComponent {
    private static final Logger log = LogManager.getLogger(Signals.class);
    private final ComponentState componentState;
    private final SignalsSettings signalsSettings;
    private NodeEnvironment nodeEnvironment;
    private Set<String> configuredTenants;
    private Client client;
    private ClusterService clusterService;
    private NamedXContentRegistry xContentRegistry;
    private ScriptService scriptService;
    private InternalAuthTokenProvider internalAuthTokenProvider;
    private AccountRegistry accountRegistry;
    private Exception initException;
    private Settings settings;
    private String nodeId;
    private DiagnosticContext diagnosticContext;
    private ThreadPool threadPool;
    private TrustManagerRegistry trustManagerRegistry;
    private HttpProxyHostRegistry httpProxyHostRegistry;
    private FeatureService featureService;
    private final Map<String, SignalsTenant> tenants = new ConcurrentHashMap();
    private InitializationState initState = InitializationState.INITIALIZING;
    private Map<String, Exception> tenantInitErrors = new ConcurrentHashMap();
    private final SignalsSettings.ChangeListener settingsChangeListener = new SignalsSettings.ChangeListener() { // from class: com.floragunn.signals.Signals.2
        @Override // com.floragunn.signals.settings.SignalsSettings.ChangeListener
        public void onChange() {
            Signals.this.internalAuthTokenProvider.setSigningKey(Signals.this.signalsSettings.getDynamicSettings().getInternalAuthTokenSigningKey());
            Signals.this.internalAuthTokenProvider.setEncryptionKey(Signals.this.signalsSettings.getDynamicSettings().getInternalAuthTokenEncryptionKey());
        }
    };

    /* loaded from: input_file:com/floragunn/signals/Signals$InitializationState.class */
    public enum InitializationState {
        INITIALIZING,
        INITIALIZED,
        FAILED,
        DISABLED
    }

    public Signals(Settings settings, ComponentState componentState) {
        this.componentState = componentState;
        this.settings = settings;
        this.signalsSettings = new SignalsSettings(settings);
        this.signalsSettings.addChangeListener(this.settingsChangeListener);
    }

    public Collection<Object> createComponents(Client client, ClusterService clusterService, ThreadPool threadPool, ScriptService scriptService, NamedXContentRegistry namedXContentRegistry, NodeEnvironment nodeEnvironment, InternalAuthTokenProvider internalAuthTokenProvider, ProtectedConfigIndexService protectedConfigIndexService, DiagnosticContext diagnosticContext, FeatureService featureService) {
        try {
            this.nodeId = nodeEnvironment.nodeId();
            if (!this.signalsSettings.getStaticSettings().isEnabled()) {
                this.initState = InitializationState.DISABLED;
                return Collections.emptyList();
            }
            this.client = client;
            this.clusterService = clusterService;
            this.threadPool = threadPool;
            this.nodeEnvironment = nodeEnvironment;
            this.xContentRegistry = namedXContentRegistry;
            this.scriptService = scriptService;
            this.internalAuthTokenProvider = internalAuthTokenProvider;
            this.diagnosticContext = diagnosticContext;
            createIndexes(protectedConfigIndexService);
            if (this.settings.getAsBoolean("searchguard.enterprise_modules_enabled", true).booleanValue() && this.signalsSettings.getStaticSettings().isEnterpriseEnabled()) {
                initEnterpriseModules();
            }
            this.accountRegistry = new AccountRegistry(this.signalsSettings);
            PrivilegedConfigClient adapt = PrivilegedConfigClient.adapt(client);
            this.trustManagerRegistry = new TrustManagerRegistry(new TruststoreCrudService(new TruststoreRepository(this.signalsSettings, adapt)));
            this.httpProxyHostRegistry = new HttpProxyHostRegistry(new ProxyCrudService(new ProxyRepository(this.signalsSettings, adapt)));
            this.featureService = featureService;
            return Collections.singletonList(this);
        } catch (Exception e) {
            this.initState = InitializationState.FAILED;
            this.initException = e;
            log.error("Error while initializing Signals", e);
            if (e instanceof RuntimeException) {
                throw ((RuntimeException) e);
            }
            throw new RuntimeException(e);
        }
    }

    public SignalsTenant getTenant(User user) throws SignalsUnavailableException, NoSuchTenantException {
        if (user == null) {
            throw new IllegalArgumentException("No user specified");
        }
        return getTenant(user.getRequestedTenant());
    }

    public SignalsTenant getTenant(String str) throws SignalsUnavailableException, NoSuchTenantException {
        checkInitState();
        if (str == null || str.length() == 0 || "_main".equals(str) || "SGS_GLOBAL_TENANT".equals(str)) {
            str = "_main";
        }
        SignalsTenant signalsTenant = this.tenants.get(str);
        if (signalsTenant != null) {
            return signalsTenant;
        }
        Exception exc = this.tenantInitErrors.get(str);
        if (exc != null) {
            throw new SignalsUnavailableException("Tenant " + str + " failed to intialize", this.nodeId, null, exc);
        }
        throw new NoSuchTenantException(str);
    }

    private void createIndexes(ProtectedConfigIndexService protectedConfigIndexService) {
        SignalsSettings.SignalsStaticSettings.IndexNames indexNames = this.signalsSettings.getStaticSettings().getIndexNames();
        this.componentState.addPart(protectedConfigIndexService.createIndex(new ProtectedConfigIndexService.ConfigIndex(indexNames.getWatches()).mapping(Watch.getIndexMapping(), 2).mappingUpdate(0, Watch.getIndexMappingUpdate()).dependsOnIndices(new String[]{indexNames.getWatches(), indexNames.getWatchesState(), indexNames.getWatchesTriggerState(), indexNames.getAccounts(), indexNames.getSettings(), SignalsSettings.SignalsStaticSettings.IndexNames.TRUSTSTORES, SignalsSettings.SignalsStaticSettings.IndexNames.PROXIES}).onIndexReady(this::init)));
        this.componentState.addPart(protectedConfigIndexService.createIndex(new ProtectedConfigIndexService.ConfigIndex(SignalsSettings.SignalsStaticSettings.IndexNames.TRUSTSTORES).mapping(TruststoreData.MAPPINGS)));
        this.componentState.addPart(protectedConfigIndexService.createIndex(new ProtectedConfigIndexService.ConfigIndex(SignalsSettings.SignalsStaticSettings.IndexNames.PROXIES).mapping(ProxyData.MAPPINGS)));
        this.componentState.addPart(protectedConfigIndexService.createIndex(new ProtectedConfigIndexService.ConfigIndex(indexNames.getWatchesState()).mapping(WatchState.getIndexMapping())));
        this.componentState.addPart(protectedConfigIndexService.createIndex(new ProtectedConfigIndexService.ConfigIndex(indexNames.getWatchesTriggerState())));
        this.componentState.addPart(protectedConfigIndexService.createIndex(new ProtectedConfigIndexService.ConfigIndex(indexNames.getAccounts())));
        this.componentState.addPart(protectedConfigIndexService.createIndex(new ProtectedConfigIndexService.ConfigIndex(indexNames.getSettings())));
    }

    private void checkInitState() throws SignalsUnavailableException {
        switch (this.initState) {
            case INITIALIZED:
                return;
            case DISABLED:
                throw new SignalsUnavailableException("Signals is disabled", this.nodeId, this.initState);
            case INITIALIZING:
                if (this.initException == null) {
                    throw new SignalsUnavailableException("Signals is still initializing. Please try again later.", this.nodeId, this.initState);
                }
                throw new SignalsUnavailableException("Signals encountered errors while initializing but is still trying to start up. Please try again later.", this.nodeId, this.initState, this.initException);
            case FAILED:
                throw new SignalsUnavailableException("Signals failed to initialize on node " + this.nodeId + ". Please contact admin or check the ES logs.", this.nodeId, this.initState, this.initException);
            default:
                return;
        }
    }

    private void createTenant(String str) {
        if ("SGS_GLOBAL_TENANT".equals(str)) {
            str = "_main";
        }
        ComponentState orCreatePart = this.componentState.getOrCreatePart("tenant", str);
        orCreatePart.setMandatory(false);
        try {
            this.tenants.put(str, SignalsTenant.create(str, this.client, this.clusterService, this.nodeEnvironment, this.scriptService, this.xContentRegistry, this.internalAuthTokenProvider, this.signalsSettings, this.accountRegistry, orCreatePart, this.diagnosticContext, this.threadPool, this.trustManagerRegistry, this.httpProxyHostRegistry, this.featureService));
            log.debug("Tenant {} created", str);
        } catch (Exception e) {
            log.error("Error while creating tenant " + str, e);
            this.tenantInitErrors.put(str, e);
            orCreatePart.setFailed(e);
        }
    }

    private void deleteTenant(String str) throws SignalsUnavailableException, NoSuchTenantException {
        SignalsTenant tenant = getTenant(str);
        if (tenant == null) {
            log.debug("Trying to delete non-existing tenant {}", str);
            return;
        }
        tenant.delete();
        this.tenants.remove(str);
        log.debug("Tenant {} deleted", str);
    }

    private synchronized void init(ProtectedConfigIndexService.FailureListener failureListener) {
        if (this.initState == InitializationState.INITIALIZED) {
            return;
        }
        try {
            log.info("Initializing Signals");
            this.componentState.setState(ComponentState.State.INITIALIZING, "reading_settings");
            this.signalsSettings.refresh(this.client);
            this.componentState.setState(ComponentState.State.INITIALIZING, "reading_accounts");
            this.accountRegistry.init(this.client);
            loadAllTruststores();
            loadAllProxies();
            this.componentState.setState(ComponentState.State.INITIALIZING, "initializing_keys");
            if (this.signalsSettings.getDynamicSettings().getInternalAuthTokenSigningKey() != null) {
                this.internalAuthTokenProvider.setSigningKey(this.signalsSettings.getDynamicSettings().getInternalAuthTokenSigningKey());
            }
            if (this.signalsSettings.getDynamicSettings().getInternalAuthTokenEncryptionKey() != null) {
                this.internalAuthTokenProvider.setEncryptionKey(this.signalsSettings.getDynamicSettings().getInternalAuthTokenEncryptionKey());
            }
            if ((this.signalsSettings.getDynamicSettings().getInternalAuthTokenSigningKey() == null || this.signalsSettings.getDynamicSettings().getInternalAuthTokenEncryptionKey() == null) && this.clusterService.state().nodes().isLocalNodeElectedMaster()) {
                log.info("Generating keys for internal auth token");
                String internalAuthTokenSigningKey = this.signalsSettings.getDynamicSettings().getInternalAuthTokenSigningKey();
                String internalAuthTokenEncryptionKey = this.signalsSettings.getDynamicSettings().getInternalAuthTokenEncryptionKey();
                if (internalAuthTokenSigningKey == null) {
                    internalAuthTokenSigningKey = generateKey(512);
                }
                if (internalAuthTokenEncryptionKey == null) {
                    internalAuthTokenEncryptionKey = generateKey(256);
                }
                try {
                    this.signalsSettings.getDynamicSettings().update(this.client, SignalsSettings.DynamicSettings.INTERNAL_AUTH_TOKEN_SIGNING_KEY.getKey(), internalAuthTokenSigningKey, SignalsSettings.DynamicSettings.INTERNAL_AUTH_TOKEN_ENCRYPTION_KEY.getKey(), internalAuthTokenEncryptionKey);
                } catch (ConfigValidationException e) {
                    log.error("Could not init encryption keys. This should not happen", e);
                    throw new SignalsInitializationException("Could not init encryption keys. This should not happen", e);
                }
            }
            createSignalsLogIndex();
            this.componentState.setState(ComponentState.State.INITIALIZING, "creating_tenants");
            if (this.configuredTenants != null) {
                log.debug("Initializing tenant schedulers");
                Iterator<String> it = this.configuredTenants.iterator();
                while (it.hasNext()) {
                    createTenant(it.next());
                }
            }
            failureListener.onSuccess();
            this.initState = InitializationState.INITIALIZED;
            this.componentState.setInitialized();
            log.info("Signals has been successfully initialized");
        } catch (SignalsInitializationException e2) {
            failureListener.onFailure(e2);
            this.initState = InitializationState.FAILED;
            this.initException = e2;
            this.componentState.setFailed(e2);
        }
    }

    private void createSignalsLogIndex() {
        String watchLogIndex = this.signalsSettings.getDynamicSettings().getWatchLogIndex();
        if (!this.clusterService.state().nodes().isLocalNodeElectedMaster()) {
            log.debug("Not checking signals_log index because local node is not master");
            return;
        }
        if (this.clusterService.state().getMetadata().componentTemplates().containsKey("signals_log_template")) {
            log.debug("Template signals_log_template does already exist.");
            return;
        }
        if (watchLogIndex.startsWith("<") && watchLogIndex.endsWith(">")) {
            watchLogIndex = watchLogIndex.substring(1, watchLogIndex.length() - 1).replaceAll("\\{.*\\}", "*");
        }
        if (!watchLogIndex.startsWith(".")) {
            log.debug("signals log index does not start with ., so we do not need to create a template");
            return;
        }
        log.debug("Creating signals_log_template for {}", watchLogIndex);
        TransportPutComposableIndexTemplateAction.Request request = new TransportPutComposableIndexTemplateAction.Request("signals_log_template");
        request.indexTemplate(ComposableIndexTemplate.builder().indexPatterns(ImmutableList.of(watchLogIndex)).template(new Template(Settings.builder().put("index.hidden", true).build(), (CompressedXContent) null, (Map) null)).build());
        this.client.execute(TransportPutComposableIndexTemplateAction.TYPE, request, new ActionListener<AcknowledgedResponse>() { // from class: com.floragunn.signals.Signals.1
            public void onResponse(AcknowledgedResponse acknowledgedResponse) {
                Signals.log.debug("Created signals_log_template");
            }

            public void onFailure(Exception exc) {
                Signals.this.componentState.addLastException("create_signals_log_template", exc);
                Signals.log.error("Error while creating signals_log_template", exc);
            }
        });
    }

    private void loadAllTruststores() throws SignalsInitializationException {
        try {
            this.trustManagerRegistry.reloadAll();
        } catch (Exception e) {
            throw new SignalsInitializationException("Cannot load all trust stores.", e);
        }
    }

    private void loadAllProxies() throws SignalsInitializationException {
        try {
            this.httpProxyHostRegistry.reloadAll();
        } catch (Exception e) {
            throw new SignalsInitializationException("Cannot load all http proxies.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void updateTenants(Set<String> set) {
        HashSet hashSet = new HashSet(set);
        hashSet.add("_main");
        hashSet.remove("SGS_GLOBAL_TENANT");
        if (this.initState != InitializationState.INITIALIZED) {
            this.configuredTenants = hashSet;
            return;
        }
        Set<String> keySet = this.tenants.keySet();
        Iterator it = Sets.difference(keySet, hashSet).iterator();
        while (it.hasNext()) {
            try {
                deleteTenant((String) it.next());
            } catch (NoSuchTenantException e) {
                log.debug("Tenant to be deleted does not exist", e);
            } catch (Exception e2) {
                log.error("Error while deleting tenant", e2);
            }
        }
        Iterator it2 = Sets.difference(hashSet, keySet).iterator();
        while (it2.hasNext()) {
            createTenant((String) it2.next());
        }
    }

    private String generateKey(int i) {
        byte[] bArr = new byte[i / 8];
        new SecureRandom().nextBytes(bArr);
        return BaseEncoding.base64().encode(bArr);
    }

    private void initEnterpriseModules() throws SignalsInitializationException {
        try {
            try {
                Class.forName("com.floragunn.signals.enterprise.SignalsEnterpriseFeatures").getDeclaredMethod("init", new Class[0]).invoke(null, new Object[0]);
            } catch (IllegalAccessException | IllegalArgumentException | NoSuchMethodException | SecurityException e) {
                throw new SignalsInitializationException("Error while initializing Signals enterprise features", e);
            } catch (InvocationTargetException e2) {
                throw new SignalsInitializationException("Error while initializing Signals enterprise features", e2.getTargetException());
            }
        } catch (ClassNotFoundException e3) {
            throw new SignalsInitializationException("Signals enterprise features not found", e3);
        }
    }

    protected void doStart() {
    }

    protected void doStop() {
    }

    protected void doClose() throws IOException {
    }

    public AccountRegistry getAccountRegistry() {
        return this.accountRegistry;
    }

    public TrustManagerRegistry getTruststoreRegistry() {
        return this.trustManagerRegistry;
    }

    public HttpProxyHostRegistry getHttpProxyHostRegistry() {
        return this.httpProxyHostRegistry;
    }

    public ClusterService getClusterService() {
        return this.clusterService;
    }

    public FeatureService getFeatureService() {
        return this.featureService;
    }

    public SignalsSettings getSignalsSettings() {
        return this.signalsSettings;
    }

    synchronized void setInitException(Exception exc) {
        if (this.initException != null) {
            return;
        }
        this.initException = exc;
        this.initState = InitializationState.FAILED;
    }
}
