package org.elasticsearch.xpack.security.authc.file;

import java.io.IOException;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.CopyOnWriteArrayList;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.inject.internal.Nullable;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.watcher.FileChangesListener;
import org.elasticsearch.watcher.FileWatcher;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.XPackSettings;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.authc.support.Hasher;
import org.elasticsearch.xpack.security.authc.support.RefreshListener;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.support.NoOpLogger;
import org.elasticsearch.xpack.security.support.SecurityFiles;
import org.elasticsearch.xpack.security.support.Validation;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.class */
public class FileUserPasswdStore {
    private final Logger logger;
    private final Path file;
    private final Hasher hasher;
    private final Settings settings;
    private volatile Map<String, char[]> users;
    private CopyOnWriteArrayList<RefreshListener> listeners;

    /* loaded from: input_file:org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore$FileListener.class */
    private class FileListener implements FileChangesListener {
        private FileListener() {
        }

        public void onFileCreated(Path path) {
            onFileChanged(path);
        }

        public void onFileDeleted(Path path) {
            onFileChanged(path);
        }

        public void onFileChanged(Path path) {
            if (path.equals(FileUserPasswdStore.this.file)) {
                FileUserPasswdStore.this.logger.info("users file [{}] changed. updating users... )", path.toAbsolutePath());
                FileUserPasswdStore.this.users = FileUserPasswdStore.parseFileLenient(path, FileUserPasswdStore.this.logger, FileUserPasswdStore.this.settings);
                FileUserPasswdStore.this.notifyRefresh();
            }
        }
    }

    public FileUserPasswdStore(RealmConfig realmConfig, ResourceWatcherService resourceWatcherService) {
        this(realmConfig, resourceWatcherService, null);
    }

    FileUserPasswdStore(RealmConfig realmConfig, ResourceWatcherService resourceWatcherService, RefreshListener refreshListener) {
        this.hasher = Hasher.BCRYPT;
        this.logger = realmConfig.logger(FileUserPasswdStore.class);
        this.file = resolveFile(realmConfig.env());
        this.settings = realmConfig.globalSettings();
        this.users = parseFileLenient(this.file, this.logger, this.settings);
        FileWatcher fileWatcher = new FileWatcher(this.file.getParent());
        fileWatcher.addListener(new FileListener());
        try {
            resourceWatcherService.add(fileWatcher, ResourceWatcherService.Frequency.HIGH);
            this.listeners = new CopyOnWriteArrayList<>();
            if (refreshListener != null) {
                this.listeners.add(refreshListener);
            }
        } catch (IOException e) {
            throw new ElasticsearchException("failed to start watching users file [{}]", e, new Object[]{this.file.toAbsolutePath()});
        }
    }

    public void addListener(RefreshListener refreshListener) {
        this.listeners.add(refreshListener);
    }

    public int usersCount() {
        return this.users.size();
    }

    public boolean verifyPassword(String str, SecuredString securedString) {
        char[] cArr = this.users.get(str);
        return cArr != null && this.hasher.verify(securedString, cArr);
    }

    public boolean userExists(String str) {
        return this.users != null && this.users.containsKey(str);
    }

    public static Path resolveFile(Environment environment) {
        return XPackPlugin.resolveConfigFile(environment, "users");
    }

    static Map<String, char[]> parseFileLenient(Path path, Logger logger, Settings settings) {
        try {
            return parseFile(path, logger, settings);
        } catch (Exception e) {
            logger.error(() -> {
                return new ParameterizedMessage("failed to parse users file [{}]. skipping/removing all users...", path.toAbsolutePath());
            }, e);
            return Collections.emptyMap();
        }
    }

    public static Map<String, char[]> parseFile(Path path, @Nullable Logger logger, Settings settings) {
        if (logger == null) {
            logger = NoOpLogger.INSTANCE;
        }
        logger.trace("reading users file [{}]...", path.toAbsolutePath());
        if (!Files.exists(path, new LinkOption[0])) {
            return Collections.emptyMap();
        }
        try {
            List<String> readAllLines = Files.readAllLines(path, StandardCharsets.UTF_8);
            HashMap hashMap = new HashMap();
            boolean z = !((Boolean) XPackSettings.RESERVED_REALM_ENABLED_SETTING.get(settings)).booleanValue();
            int i = 0;
            for (String str : readAllLines) {
                i++;
                if (!str.startsWith("#")) {
                    String trim = str.trim();
                    int indexOf = trim.indexOf(":");
                    if (indexOf <= 0 || indexOf == trim.length() - 1) {
                        logger.error("invalid entry in users file [{}], line [{}]. skipping...", path.toAbsolutePath(), Integer.valueOf(i));
                    } else {
                        String substring = trim.substring(0, indexOf);
                        Validation.Error validateUsername = Validation.Users.validateUsername(substring, z, settings);
                        if (validateUsername != null) {
                            logger.error("invalid username [{}] in users file [{}], skipping... ({})", substring, path.toAbsolutePath(), validateUsername);
                        } else {
                            hashMap.put(substring, trim.substring(indexOf + 1).toCharArray());
                        }
                    }
                }
            }
            logger.debug("parsed [{}] users from file [{}]", Integer.valueOf(hashMap.size()), path.toAbsolutePath());
            return Collections.unmodifiableMap(hashMap);
        } catch (IOException e) {
            throw new IllegalStateException("could not read users file [" + path.toAbsolutePath() + "]", e);
        }
    }

    public static void writeFile(Map<String, char[]> map, Path path) {
        try {
            PrintWriter printWriter = new PrintWriter(SecurityFiles.openAtomicMoveWriter(path));
            Throwable th = null;
            try {
                try {
                    for (Map.Entry<String, char[]> entry : map.entrySet()) {
                        printWriter.printf(Locale.ROOT, "%s:%s%s", entry.getKey(), new String(entry.getValue()), System.lineSeparator());
                    }
                    if (printWriter != null) {
                        if (0 != 0) {
                            try {
                                printWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            printWriter.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new ElasticsearchException("could not write file [{}], please check file permissions", e, new Object[]{path.toAbsolutePath()});
        }
    }

    public void notifyRefresh() {
        Iterator<RefreshListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().onRefresh();
        }
    }
}
