package org.elasticsearch.xpack.security;

import java.io.IOException;
import java.util.Map;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.regex.Pattern;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.Version;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.admin.indices.mapping.put.PutMappingResponse;
import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateResponse;
import org.elasticsearch.cluster.ClusterChangedEvent;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.ClusterStateListener;
import org.elasticsearch.cluster.metadata.IndexMetaData;
import org.elasticsearch.cluster.metadata.IndexTemplateMetaData;
import org.elasticsearch.cluster.metadata.MappingMetaData;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.compress.CompressedXContent;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ConcurrentCollections;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.gateway.GatewayService;
import org.elasticsearch.xpack.template.TemplateUtils;

/* loaded from: input_file:org/elasticsearch/xpack/security/SecurityTemplateService.class */
public class SecurityTemplateService extends AbstractComponent implements ClusterStateListener {
    public static final String SECURITY_INDEX_NAME = ".security";
    public static final String SECURITY_TEMPLATE_NAME = "security-index-template";
    private static final String SECURITY_VERSION_STRING = "security-version";
    static final String SECURITY_INDEX_TEMPLATE_VERSION_PATTERN;
    private final InternalClient client;
    final AtomicBoolean templateCreationPending;
    final AtomicBoolean updateMappingPending;
    static final /* synthetic */ boolean $assertionsDisabled;

    public SecurityTemplateService(Settings settings, ClusterService clusterService, InternalClient internalClient) {
        super(settings);
        this.templateCreationPending = new AtomicBoolean(false);
        this.updateMappingPending = new AtomicBoolean(false);
        this.client = internalClient;
        clusterService.add(this);
    }

    public void clusterChanged(ClusterChangedEvent clusterChangedEvent) {
        if (clusterChangedEvent.localNodeMaster()) {
            ClusterState state = clusterChangedEvent.state();
            if (state.blocks().hasGlobalBlock(GatewayService.STATE_NOT_RECOVERED_BLOCK)) {
                this.logger.debug("template service waiting until state has been recovered");
                return;
            }
            if (!securityTemplateExistsAndIsUpToDate(state, this.logger)) {
                updateSecurityTemplate();
            }
            if (state.metaData().getIndices() == null || securityIndexMappingUpToDate(state, this.logger)) {
                return;
            }
            updateSecurityMapping();
        }
    }

    private void updateSecurityTemplate() {
        if (this.templateCreationPending.compareAndSet(false, true)) {
            putSecurityTemplate();
        }
    }

    private void updateSecurityMapping() {
        if (this.updateMappingPending.compareAndSet(false, true)) {
            putSecurityMappings();
        }
    }

    private void putSecurityMappings() {
        String loadTemplate = TemplateUtils.loadTemplate("/security-index-template.json", Version.CURRENT.toString(), SECURITY_INDEX_TEMPLATE_VERSION_PATTERN);
        try {
            Map map = XContentFactory.xContent(loadTemplate).createParser(loadTemplate).map();
            ConcurrentMap newConcurrentMap = ConcurrentCollections.newConcurrentMap();
            Map map2 = (Map) map.get("mappings");
            int size = map2.size();
            for (String str : map2.keySet()) {
                putSecurityMapping(newConcurrentMap, size, str, (Map) map2.get(str));
            }
        } catch (IOException e) {
            this.updateMappingPending.set(false);
            this.logger.error("failed to parse the security index template", e);
            throw new ElasticsearchException("failed to parse the security index template", e, new Object[0]);
        }
    }

    private void putSecurityMapping(final Map<String, PutMappingResponse> map, final int i, final String str, Map<String, Object> map2) {
        this.logger.debug("updating mapping of the security index for type [{}]", str);
        this.client.admin().indices().putMapping(this.client.admin().indices().preparePutMapping(new String[]{SECURITY_INDEX_NAME}).setSource(map2).setType(str).request(), new ActionListener<PutMappingResponse>() { // from class: org.elasticsearch.xpack.security.SecurityTemplateService.1
            public void onResponse(PutMappingResponse putMappingResponse) {
                if (!putMappingResponse.isAcknowledged()) {
                    SecurityTemplateService.this.updateMappingPending.set(false);
                    throw new ElasticsearchException("update mapping for [{}] security index was not acknowledged", new Object[]{str});
                }
                map.put(str, putMappingResponse);
                if (map.size() == i) {
                    SecurityTemplateService.this.updateMappingPending.set(false);
                }
            }

            public void onFailure(Exception exc) {
                SecurityTemplateService.this.updateMappingPending.set(false);
                Logger logger = SecurityTemplateService.this.logger;
                String str2 = str;
                logger.warn(() -> {
                    return new ParameterizedMessage("failed to update mapping for [{}] on security index", str2);
                }, exc);
            }
        });
    }

    private void putSecurityTemplate() {
        this.logger.debug("putting the security index template");
        this.client.admin().indices().putTemplate(this.client.admin().indices().preparePutTemplate(SECURITY_TEMPLATE_NAME).setSource(TemplateUtils.loadTemplate("/security-index-template.json", Version.CURRENT.toString(), SECURITY_INDEX_TEMPLATE_VERSION_PATTERN)).request(), new ActionListener<PutIndexTemplateResponse>() { // from class: org.elasticsearch.xpack.security.SecurityTemplateService.2
            public void onResponse(PutIndexTemplateResponse putIndexTemplateResponse) {
                SecurityTemplateService.this.templateCreationPending.set(false);
                if (!putIndexTemplateResponse.isAcknowledged()) {
                    throw new ElasticsearchException("put template for security index was not acknowledged", new Object[0]);
                }
            }

            public void onFailure(Exception exc) {
                SecurityTemplateService.this.templateCreationPending.set(false);
                SecurityTemplateService.this.logger.warn("failed to put security index template", exc);
            }
        });
    }

    static boolean securityIndexMappingUpToDate(ClusterState clusterState, Logger logger) {
        IndexMetaData indexMetaData = (IndexMetaData) clusterState.metaData().getIndices().get(SECURITY_INDEX_NAME);
        if (indexMetaData == null) {
            return true;
        }
        for (Object obj : indexMetaData.getMappings().values().toArray()) {
            MappingMetaData mappingMetaData = (MappingMetaData) obj;
            if (!mappingMetaData.type().equals("_default_")) {
                try {
                    if (!containsCorrectVersion(mappingMetaData.sourceAsMap())) {
                        return false;
                    }
                } catch (IOException e) {
                    logger.error("Cannot parse the mapping for security index.", e);
                    throw new ElasticsearchException("Cannot parse the mapping for security index.", e, new Object[0]);
                }
            }
        }
        return true;
    }

    static boolean securityTemplateExistsAndIsUpToDate(ClusterState clusterState, Logger logger) {
        XContentParser createParser;
        Throwable th;
        IndexTemplateMetaData indexTemplateMetaData = (IndexTemplateMetaData) clusterState.metaData().templates().get(SECURITY_TEMPLATE_NAME);
        if (indexTemplateMetaData == null) {
            return false;
        }
        for (Object obj : indexTemplateMetaData.getMappings().values().toArray()) {
            CompressedXContent compressedXContent = (CompressedXContent) obj;
            try {
                createParser = XContentFactory.xContent(compressedXContent.toString()).createParser(compressedXContent.toString());
                th = null;
            } catch (IOException e) {
                logger.error("Cannot parse the template for security index.", e);
                throw new IllegalStateException("Cannot parse the template for security index.", e);
            }
            try {
                try {
                    Map map = createParser.map();
                    if (!$assertionsDisabled && map.size() != 1) {
                        throw new AssertionError();
                    }
                    if (!containsCorrectVersion((Map) map.get((String) map.keySet().iterator().next()))) {
                        if (createParser != null) {
                            if (0 != 0) {
                                try {
                                    createParser.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                createParser.close();
                            }
                        }
                        return false;
                    }
                    if (createParser != null) {
                        if (0 != 0) {
                            try {
                                createParser.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            createParser.close();
                        }
                    }
                    logger.error("Cannot parse the template for security index.", e);
                    throw new IllegalStateException("Cannot parse the template for security index.", e);
                } finally {
                }
            } finally {
            }
        }
        return true;
    }

    private static boolean containsCorrectVersion(Map<String, Object> map) {
        Map map2 = (Map) map.get("_meta");
        return map2 != null && Version.CURRENT.toString().equals(map2.get(SECURITY_VERSION_STRING));
    }

    public static boolean securityIndexMappingAndTemplateUpToDate(ClusterState clusterState, Logger logger) {
        if (!securityTemplateExistsAndIsUpToDate(clusterState, logger)) {
            logger.debug("security template [{}] does not exist or is not up to date, so service cannot start", SECURITY_TEMPLATE_NAME);
            return false;
        }
        if (securityIndexMappingUpToDate(clusterState, logger)) {
            return true;
        }
        logger.debug("mapping for security index not up to date, so service cannot start");
        return false;
    }

    static {
        $assertionsDisabled = !SecurityTemplateService.class.desiredAssertionStatus();
        SECURITY_INDEX_TEMPLATE_VERSION_PATTERN = Pattern.quote("${security.template.version}");
    }
}
