package org.elasticsearch.shield;

import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.util.concurrent.atomic.AtomicBoolean;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateRequest;
import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.ClusterChangedEvent;
import org.elasticsearch.cluster.ClusterService;
import org.elasticsearch.cluster.ClusterStateListener;
import org.elasticsearch.cluster.metadata.IndexTemplateMetaData;
import org.elasticsearch.common.ContextAndHeaderHolder;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.inject.Provider;
import org.elasticsearch.common.io.Streams;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
import org.elasticsearch.gateway.GatewayService;
import org.elasticsearch.shield.authc.AuthenticationService;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/ShieldTemplateService.class */
public class ShieldTemplateService extends AbstractComponent implements ClusterStateListener {
    public static final String SECURITY_INDEX_NAME = ".security";
    public static final String SECURITY_TEMPLATE_NAME = "security-index-template";
    private final ThreadPool threadPool;
    private final Provider<Client> clientProvider;
    private final Provider<AuthenticationService> authProvider;
    private final AtomicBoolean templateCreationPending;

    @Inject
    public ShieldTemplateService(Settings settings, ClusterService clusterService, Provider<Client> provider, ThreadPool threadPool, Provider<AuthenticationService> provider2) {
        super(settings);
        this.templateCreationPending = new AtomicBoolean(false);
        this.threadPool = threadPool;
        this.clientProvider = provider;
        this.authProvider = provider2;
        clusterService.add(this);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void createShieldTemplate() {
        Client client = (Client) this.clientProvider.get();
        try {
            InputStream resourceAsStream = getClass().getResourceAsStream("/security-index-template.json");
            Throwable th = null;
            try {
                try {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    Streams.copy(resourceAsStream, byteArrayOutputStream);
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    this.logger.info("adding the security index template", new Object[0]);
                    ContextAndHeaderHolder contextAndHeaderHolder = (PutIndexTemplateRequest) client.admin().indices().preparePutTemplate(SECURITY_TEMPLATE_NAME).setSource(byteArray).request();
                    ((AuthenticationService) this.authProvider.get()).attachUserHeaderIfMissing(contextAndHeaderHolder, InternalShieldUser.INSTANCE);
                    if (!((PutIndexTemplateResponse) client.admin().indices().putTemplate(contextAndHeaderHolder).get()).isAcknowledged()) {
                        throw new ElasticsearchException("adding template for shield admin index was not acknowledged", new Object[0]);
                    }
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            this.logger.error("failed to create shield admin index template [{}]", e, new Object[]{SECURITY_INDEX_NAME});
            throw new IllegalStateException("failed to create shield admin index template [.security]", e);
        }
    }

    public void clusterChanged(ClusterChangedEvent clusterChangedEvent) {
        if (clusterChangedEvent.state().blocks().hasGlobalBlock(GatewayService.STATE_NOT_RECOVERED_BLOCK)) {
            this.logger.debug("template service waiting until state has been recovered", new Object[0]);
            return;
        }
        if (clusterChangedEvent.state().routingTable().index(SECURITY_INDEX_NAME) == null && clusterChangedEvent.localNodeMaster()) {
            final boolean z = ((IndexTemplateMetaData) clusterChangedEvent.state().metaData().templates().get(SECURITY_TEMPLATE_NAME)) == null;
            if (z && this.templateCreationPending.compareAndSet(false, true)) {
                this.threadPool.generic().execute(new AbstractRunnable() { // from class: org.elasticsearch.shield.ShieldTemplateService.1
                    public void onFailure(Throwable th) {
                        ShieldTemplateService.this.logger.warn("failed to create shield admin template", th, new Object[0]);
                        ShieldTemplateService.this.templateCreationPending.set(false);
                    }

                    protected void doRun() throws Exception {
                        if (z) {
                            ShieldTemplateService.this.createShieldTemplate();
                        }
                        ShieldTemplateService.this.templateCreationPending.set(false);
                    }
                });
            }
        }
    }
}
