package org.elasticsearch.xpack.security;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.function.UnaryOperator;
import org.apache.logging.log4j.Logger;
import org.apache.lucene.index.IndexReader;
import org.apache.lucene.util.SetOnce;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionResponse;
import org.elasticsearch.action.support.ActionFilter;
import org.elasticsearch.common.Booleans;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.inject.Module;
import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
import org.elasticsearch.common.logging.LoggerMessageFormat;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.regex.Regex;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.BigArrays;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.xcontent.NamedXContentRegistry;
import org.elasticsearch.env.Environment;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.index.IndexModule;
import org.elasticsearch.indices.breaker.CircuitBreakerService;
import org.elasticsearch.ingest.Processor;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.plugins.ActionPlugin;
import org.elasticsearch.plugins.IngestPlugin;
import org.elasticsearch.plugins.NetworkPlugin;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportInterceptor;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.transport.TransportRequestHandler;
import org.elasticsearch.tribe.TribeService;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.XPackSettings;
import org.elasticsearch.xpack.extensions.XPackExtensionsService;
import org.elasticsearch.xpack.notification.hipchat.UserAccount;
import org.elasticsearch.xpack.security.action.SecurityActionModule;
import org.elasticsearch.xpack.security.action.filter.SecurityActionFilter;
import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheAction;
import org.elasticsearch.xpack.security.action.realm.TransportClearRealmCacheAction;
import org.elasticsearch.xpack.security.action.role.ClearRolesCacheAction;
import org.elasticsearch.xpack.security.action.role.DeleteRoleAction;
import org.elasticsearch.xpack.security.action.role.GetRolesAction;
import org.elasticsearch.xpack.security.action.role.PutRoleAction;
import org.elasticsearch.xpack.security.action.role.TransportClearRolesCacheAction;
import org.elasticsearch.xpack.security.action.role.TransportDeleteRoleAction;
import org.elasticsearch.xpack.security.action.role.TransportGetRolesAction;
import org.elasticsearch.xpack.security.action.role.TransportPutRoleAction;
import org.elasticsearch.xpack.security.action.user.AuthenticateAction;
import org.elasticsearch.xpack.security.action.user.ChangePasswordAction;
import org.elasticsearch.xpack.security.action.user.DeleteUserAction;
import org.elasticsearch.xpack.security.action.user.GetUsersAction;
import org.elasticsearch.xpack.security.action.user.PutUserAction;
import org.elasticsearch.xpack.security.action.user.SetEnabledAction;
import org.elasticsearch.xpack.security.action.user.TransportAuthenticateAction;
import org.elasticsearch.xpack.security.action.user.TransportChangePasswordAction;
import org.elasticsearch.xpack.security.action.user.TransportDeleteUserAction;
import org.elasticsearch.xpack.security.action.user.TransportGetUsersAction;
import org.elasticsearch.xpack.security.action.user.TransportPutUserAction;
import org.elasticsearch.xpack.security.action.user.TransportSetEnabledAction;
import org.elasticsearch.xpack.security.audit.AuditTrail;
import org.elasticsearch.xpack.security.audit.AuditTrailService;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
import org.elasticsearch.xpack.security.audit.index.IndexNameResolver;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
import org.elasticsearch.xpack.security.authc.AuthenticationService;
import org.elasticsearch.xpack.security.authc.RealmSettings;
import org.elasticsearch.xpack.security.authc.Realms;
import org.elasticsearch.xpack.security.authc.esnative.NativeRealm;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.xpack.security.authz.AuthorizationService;
import org.elasticsearch.xpack.security.authz.accesscontrol.OptOutQueryCache;
import org.elasticsearch.xpack.security.authz.accesscontrol.SecurityIndexSearcherWrapper;
import org.elasticsearch.xpack.security.authz.accesscontrol.SetSecurityUserProcessor;
import org.elasticsearch.xpack.security.authz.permission.FieldPermissionsCache;
import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore;
import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
import org.elasticsearch.xpack.security.crypto.CryptoService;
import org.elasticsearch.xpack.security.rest.SecurityRestFilter;
import org.elasticsearch.xpack.security.rest.action.RestAuthenticateAction;
import org.elasticsearch.xpack.security.rest.action.realm.RestClearRealmCacheAction;
import org.elasticsearch.xpack.security.rest.action.role.RestClearRolesCacheAction;
import org.elasticsearch.xpack.security.rest.action.role.RestDeleteRoleAction;
import org.elasticsearch.xpack.security.rest.action.role.RestGetRolesAction;
import org.elasticsearch.xpack.security.rest.action.role.RestPutRoleAction;
import org.elasticsearch.xpack.security.rest.action.user.RestChangePasswordAction;
import org.elasticsearch.xpack.security.rest.action.user.RestDeleteUserAction;
import org.elasticsearch.xpack.security.rest.action.user.RestGetUsersAction;
import org.elasticsearch.xpack.security.rest.action.user.RestPutUserAction;
import org.elasticsearch.xpack.security.rest.action.user.RestSetEnabledAction;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4Transport;
import org.elasticsearch.xpack.security.user.AnonymousUser;
import org.elasticsearch.xpack.ssl.SSLService;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;

/* loaded from: input_file:org/elasticsearch/xpack/security/Security.class */
public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
    private static final Logger logger;
    public static final String NAME3 = "security3";
    public static final String NAME4 = "security4";
    public static final Setting<Optional<String>> USER_SETTING;
    public static final Setting<List<String>> AUDIT_OUTPUTS_SETTING;
    private final Settings settings;
    private final Environment env;
    private final boolean enabled;
    private final boolean transportClientMode;
    private final XPackLicenseState licenseState;
    private final CryptoService cryptoService;
    private final SSLService sslService;
    private final SetOnce<TransportInterceptor> securityInterceptor = new SetOnce<>();
    private final SetOnce<IPFilter> ipFilter = new SetOnce<>();
    private final SetOnce<AuthenticationService> authcService = new SetOnce<>();
    static final /* synthetic */ boolean $assertionsDisabled;

    public Security(Settings settings, Environment environment, XPackLicenseState xPackLicenseState, SSLService sSLService) throws IOException {
        this.settings = settings;
        this.env = environment;
        this.transportClientMode = XPackPlugin.transportClientMode(settings);
        this.enabled = ((Boolean) XPackSettings.SECURITY_ENABLED.get(settings)).booleanValue();
        if (!this.enabled || this.transportClientMode) {
            this.cryptoService = null;
        } else {
            validateAutoCreateIndex(settings);
            this.cryptoService = new CryptoService(settings, environment);
        }
        this.licenseState = xPackLicenseState;
        this.sslService = sSLService;
    }

    public CryptoService getCryptoService() {
        return this.cryptoService;
    }

    public Collection<Module> nodeModules() {
        ArrayList arrayList = new ArrayList();
        if (!this.enabled || this.transportClientMode) {
            arrayList.add(binder -> {
                binder.bind(IPFilter.class).toProvider(Providers.of((Object) null));
            });
        }
        if (this.transportClientMode) {
            if (!this.enabled) {
                return arrayList;
            }
            arrayList.add(binder2 -> {
                binder2.bind(SSLService.class).toInstance(this.sslService);
            });
            return arrayList;
        }
        arrayList.add(binder3 -> {
            XPackPlugin.bindFeatureSet(binder3, SecurityFeatureSet.class);
        });
        if (!this.enabled) {
            arrayList.add(binder4 -> {
                binder4.bind(CryptoService.class).toProvider(Providers.of((Object) null));
                binder4.bind(Realms.class).toProvider(Providers.of((Object) null));
                binder4.bind(CompositeRolesStore.class).toProvider(Providers.of((Object) null));
                binder4.bind(AuditTrailService.class).toInstance(new AuditTrailService(this.settings, Collections.emptyList(), this.licenseState));
            });
            return arrayList;
        }
        arrayList.add(binder5 -> {
            binder5.bind(CryptoService.class).toInstance(this.cryptoService);
            if (((Boolean) XPackSettings.AUDIT_ENABLED.get(this.settings)).booleanValue()) {
                binder5.bind(AuditTrail.class).to(AuditTrailService.class);
            }
        });
        arrayList.add(new SecurityActionModule(this.settings));
        return arrayList;
    }

    /* JADX WARN: Removed duplicated region for block: B:39:0x0238 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:43:0x0255 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:46:0x0220 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.util.Collection<java.lang.Object> createComponents(org.elasticsearch.xpack.security.InternalClient r13, org.elasticsearch.threadpool.ThreadPool r14, org.elasticsearch.cluster.service.ClusterService r15, org.elasticsearch.watcher.ResourceWatcherService r16, java.util.List<org.elasticsearch.xpack.extensions.XPackExtension> r17) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 1191
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.elasticsearch.xpack.security.Security.createComponents(org.elasticsearch.xpack.security.InternalClient, org.elasticsearch.threadpool.ThreadPool, org.elasticsearch.cluster.service.ClusterService, org.elasticsearch.watcher.ResourceWatcherService, java.util.List):java.util.Collection");
    }

    public Settings additionalSettings() {
        return !this.enabled ? Settings.EMPTY : additionalSettings(this.settings, this.transportClientMode);
    }

    static Settings additionalSettings(Settings settings, boolean z) {
        Settings.Builder builder = Settings.builder();
        if (NetworkModule.TRANSPORT_TYPE_SETTING.exists(settings)) {
            String str = (String) NetworkModule.TRANSPORT_TYPE_SETTING.get(settings);
            if (!NAME3.equals(str) && !NAME4.equals(str)) {
                throw new IllegalArgumentException("transport type setting [transport.type] must be one of [security3,security4]");
            }
        } else {
            builder.put("transport.type", NAME4);
        }
        if (NetworkModule.HTTP_TYPE_SETTING.exists(settings)) {
            String str2 = (String) NetworkModule.HTTP_TYPE_SETTING.get(settings);
            if (str2.equals(NAME3)) {
                SecurityNetty3HttpServerTransport.overrideSettings(builder, settings);
            } else {
                if (!str2.equals(NAME4)) {
                    throw new IllegalArgumentException("http type setting [http.type] must be one of [security3,security4]");
                }
                SecurityNetty4HttpServerTransport.overrideSettings(builder, settings);
            }
        } else {
            builder.put("http.type", NAME4);
            SecurityNetty4HttpServerTransport.overrideSettings(builder, settings);
        }
        addUserSettings(settings, builder);
        addTribeSettings(settings, builder);
        return builder.build();
    }

    public static List<Setting<?>> getSettings(boolean z, @Nullable XPackExtensionsService xPackExtensionsService) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(USER_SETTING);
        if (z) {
            return arrayList;
        }
        IPFilter.addSettings(arrayList);
        arrayList.add(AUDIT_OUTPUTS_SETTING);
        LoggingAuditTrail.registerSettings(arrayList);
        IndexAuditTrail.registerSettings(arrayList);
        AnonymousUser.addSettings(arrayList);
        RealmSettings.addSettings(arrayList, xPackExtensionsService == null ? null : xPackExtensionsService.getExtensions());
        NativeRolesStore.addSettings(arrayList);
        AuthenticationService.addSettings(arrayList);
        AuthorizationService.addSettings(arrayList);
        arrayList.add(CompositeRolesStore.CACHE_SIZE_SETTING);
        arrayList.add(FieldPermissionsCache.CACHE_SIZE_SETTING);
        CryptoService.addSettings(arrayList);
        arrayList.add(Setting.listSetting(setting("hide_settings"), Collections.emptyList(), Function.identity(), new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Filtered}));
        return arrayList;
    }

    public List<String> getSettingsFilter() {
        ArrayList arrayList = new ArrayList();
        for (String str : this.settings.getAsArray(setting("hide_settings"))) {
            arrayList.add(str);
        }
        arrayList.add(setting("authc.realms.*.bind_dn"));
        arrayList.add(setting("authc.realms.*.bind_password"));
        arrayList.add(setting("authc.realms.*.hostname_verification"));
        arrayList.add(setting("authc.realms.*.truststore.password"));
        arrayList.add(setting("authc.realms.*.truststore.path"));
        arrayList.add(setting("authc.realms.*.truststore.algorithm"));
        arrayList.add("transport.profiles.*." + setting("*"));
        return arrayList;
    }

    public void onIndexModule(IndexModule indexModule) {
        if (this.enabled) {
            if (!$assertionsDisabled && this.licenseState == null) {
                throw new AssertionError();
            }
            if (((Boolean) XPackSettings.DLS_FLS_ENABLED.get(this.settings)).booleanValue()) {
                indexModule.setSearcherWrapper(indexService -> {
                    return new SecurityIndexSearcherWrapper(indexService.getIndexSettings(), shardId -> {
                        return indexService.newQueryShardContext(shardId.id(), (IndexReader) null, () -> {
                            throw new IllegalArgumentException("permission filters are not allowed to use the current timestamp");
                        });
                    }, indexService.mapperService(), indexService.cache().bitsetFilterCache(), indexService.getThreadPool().getThreadContext(), this.licenseState, indexService.getScriptService());
                });
            }
            if (this.transportClientMode) {
                return;
            }
            indexModule.forceQueryCacheProvider(OptOutQueryCache::new);
        }
    }

    public List<ActionPlugin.ActionHandler<? extends ActionRequest, ? extends ActionResponse>> getActions() {
        return !this.enabled ? Collections.emptyList() : Arrays.asList(new ActionPlugin.ActionHandler(ClearRealmCacheAction.INSTANCE, TransportClearRealmCacheAction.class, new Class[0]), new ActionPlugin.ActionHandler(ClearRolesCacheAction.INSTANCE, TransportClearRolesCacheAction.class, new Class[0]), new ActionPlugin.ActionHandler(GetUsersAction.INSTANCE, TransportGetUsersAction.class, new Class[0]), new ActionPlugin.ActionHandler(PutUserAction.INSTANCE, TransportPutUserAction.class, new Class[0]), new ActionPlugin.ActionHandler(DeleteUserAction.INSTANCE, TransportDeleteUserAction.class, new Class[0]), new ActionPlugin.ActionHandler(GetRolesAction.INSTANCE, TransportGetRolesAction.class, new Class[0]), new ActionPlugin.ActionHandler(PutRoleAction.INSTANCE, TransportPutRoleAction.class, new Class[0]), new ActionPlugin.ActionHandler(DeleteRoleAction.INSTANCE, TransportDeleteRoleAction.class, new Class[0]), new ActionPlugin.ActionHandler(ChangePasswordAction.INSTANCE, TransportChangePasswordAction.class, new Class[0]), new ActionPlugin.ActionHandler(AuthenticateAction.INSTANCE, TransportAuthenticateAction.class, new Class[0]), new ActionPlugin.ActionHandler(SetEnabledAction.INSTANCE, TransportSetEnabledAction.class, new Class[0]));
    }

    public List<Class<? extends ActionFilter>> getActionFilters() {
        if (this.enabled && !this.transportClientMode) {
            return Collections.singletonList(SecurityActionFilter.class);
        }
        return Collections.emptyList();
    }

    public List<Class<? extends RestHandler>> getRestHandlers() {
        return !this.enabled ? Collections.emptyList() : Arrays.asList(RestAuthenticateAction.class, RestClearRealmCacheAction.class, RestClearRolesCacheAction.class, RestGetUsersAction.class, RestPutUserAction.class, RestDeleteUserAction.class, RestGetRolesAction.class, RestPutRoleAction.class, RestDeleteRoleAction.class, RestChangePasswordAction.class, RestSetEnabledAction.class);
    }

    public Map<String, Processor.Factory> getProcessors(Processor.Parameters parameters) {
        return Collections.singletonMap(SetSecurityUserProcessor.TYPE, new SetSecurityUserProcessor.Factory(parameters.threadContext));
    }

    private static void addUserSettings(Settings settings, Settings.Builder builder) {
        String str = "request.headers.Authorization";
        if (settings.get("request.headers.Authorization") != null) {
            return;
        }
        ((Optional) USER_SETTING.get(settings)).ifPresent(str2 -> {
            int indexOf = str2.indexOf(":");
            if (indexOf < 0 || indexOf == str2.length() - 1) {
                throw new IllegalArgumentException("invalid [" + USER_SETTING.getKey() + "] setting. must be in the form of \"<username>:<password>\"");
            }
            builder.put(str, UsernamePasswordToken.basicAuthHeaderValue(str2.substring(0, indexOf), new SecuredString(str2.substring(indexOf + 1).toCharArray())));
        });
    }

    private static void addTribeSettings(Settings settings, Settings.Builder builder) {
        Map groups = settings.getGroups("tribe", true);
        if (groups.isEmpty()) {
            return;
        }
        Map asMap = settings.getAsMap();
        for (Map.Entry entry : groups.entrySet()) {
            String str = "tribe." + ((String) entry.getKey()) + ".";
            String str2 = str + XPackSettings.SECURITY_ENABLED.getKey();
            if (settings.get(str2) == null) {
                builder.put(str2, true);
            } else if (!((Boolean) XPackSettings.SECURITY_ENABLED.get((Settings) entry.getValue())).booleanValue()) {
                throw new IllegalStateException("tribe setting [" + str2 + "] must be set to true but the value is [" + settings.get(str2) + "]");
            }
            for (Map.Entry entry2 : asMap.entrySet()) {
                String str3 = (String) entry2.getKey();
                if (str3.startsWith("xpack.security.")) {
                    builder.put(str + str3, (String) entry2.getValue());
                }
            }
        }
        Map groups2 = settings.getGroups(setting("authc.realms"), true);
        if ((((Boolean) XPackSettings.RESERVED_REALM_ENABLED_SETTING.get(settings)).booleanValue() || groups2.isEmpty() || groups2.entrySet().stream().anyMatch(entry3 -> {
            return NativeRealm.TYPE.equals(((Settings) entry3.getValue()).get("type")) && ((Settings) entry3.getValue()).getAsBoolean("enabled", true).booleanValue();
        })) && !((String) TribeService.ON_CONFLICT_SETTING.get(settings)).startsWith("prefer_")) {
            throw new IllegalArgumentException("use of security on tribe nodes requires setting [tribe.on_conflict] to specify the name of the tribe to prefer such as [prefer_t1] as the security index can exist in multiple tribes but only one can be used by the tribe node");
        }
    }

    public static String settingPrefix() {
        return XPackPlugin.featureSettingPrefix(XPackPlugin.SECURITY) + ".";
    }

    public static String setting(String str) {
        if ($assertionsDisabled || !(str == null || str.startsWith("."))) {
            return settingPrefix() + str;
        }
        throw new AssertionError();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean indexAuditLoggingEnabled(Settings settings) {
        if (!((Boolean) XPackSettings.AUDIT_ENABLED.get(settings)).booleanValue()) {
            return false;
        }
        Iterator it = ((List) AUDIT_OUTPUTS_SETTING.get(settings)).iterator();
        while (it.hasNext()) {
            if (((String) it.next()).equals("index")) {
                return true;
            }
        }
        return false;
    }

    static void validateAutoCreateIndex(Settings settings) {
        String str = settings.get("action.auto_create_index");
        if (str == null) {
            return;
        }
        boolean indexAuditLoggingEnabled = indexAuditLoggingEnabled(settings);
        String format = LoggerMessageFormat.format("the [action.auto_create_index] setting value [{}] is too restrictive. disable [action.auto_create_index] or set it to [{}{}]", new Object[]{str, SecurityTemplateService.SECURITY_INDEX_NAME, indexAuditLoggingEnabled ? ",.security_audit_log*" : ""});
        if (Booleans.isExplicitFalse(str)) {
            throw new IllegalArgumentException(format);
        }
        if (Booleans.isExplicitTrue(str)) {
            return;
        }
        String[] commaDelimitedListToStringArray = Strings.commaDelimitedListToStringArray(str);
        ArrayList<String> arrayList = new ArrayList();
        arrayList.add(SecurityTemplateService.SECURITY_INDEX_NAME);
        if (indexAuditLoggingEnabled) {
            DateTime dateTime = new DateTime(DateTimeZone.UTC);
            arrayList.add(IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, dateTime, IndexNameResolver.Rollover.DAILY));
            arrayList.add(IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, dateTime.plusDays(1), IndexNameResolver.Rollover.DAILY));
            arrayList.add(IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, dateTime.plusMonths(1), IndexNameResolver.Rollover.DAILY));
            arrayList.add(IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, dateTime.plusMonths(2), IndexNameResolver.Rollover.DAILY));
            arrayList.add(IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, dateTime.plusMonths(3), IndexNameResolver.Rollover.DAILY));
            arrayList.add(IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, dateTime.plusMonths(4), IndexNameResolver.Rollover.DAILY));
            arrayList.add(IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, dateTime.plusMonths(5), IndexNameResolver.Rollover.DAILY));
            arrayList.add(IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, dateTime.plusMonths(6), IndexNameResolver.Rollover.DAILY));
        }
        for (String str2 : arrayList) {
            boolean z = false;
            int length = commaDelimitedListToStringArray.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str3 = commaDelimitedListToStringArray[i];
                char charAt = str3.charAt(0);
                if (charAt != '-') {
                    if (charAt != '+') {
                        if (Regex.simpleMatch(str3, str2)) {
                            z = true;
                            break;
                        }
                    } else {
                        if (Regex.simpleMatch(str3.substring(1), str2)) {
                            z = true;
                            break;
                        }
                    }
                } else {
                    if (Regex.simpleMatch(str3.substring(1), str2)) {
                        throw new IllegalArgumentException(format);
                    }
                }
                i++;
            }
            if (!z) {
                throw new IllegalArgumentException(format);
            }
        }
        if (indexAuditLoggingEnabled) {
            logger.warn("the [action.auto_create_index] setting is configured to be restrictive [{}].  for the next 6 months audit indices are allowed to be created, but please make sure that any future history indices after 6 months with the pattern [.security_audit_log*] are allowed to be created", str);
        }
    }

    public List<TransportInterceptor> getTransportInterceptors(ThreadContext threadContext) {
        return (this.transportClientMode || !this.enabled) ? Collections.emptyList() : Collections.singletonList(new TransportInterceptor() { // from class: org.elasticsearch.xpack.security.Security.1
            static final /* synthetic */ boolean $assertionsDisabled;

            public <T extends TransportRequest> TransportRequestHandler<T> interceptHandler(String str, String str2, boolean z, TransportRequestHandler<T> transportRequestHandler) {
                if ($assertionsDisabled || Security.this.securityInterceptor.get() != null) {
                    return ((TransportInterceptor) Security.this.securityInterceptor.get()).interceptHandler(str, str2, z, transportRequestHandler);
                }
                throw new AssertionError();
            }

            public TransportInterceptor.AsyncSender interceptSender(TransportInterceptor.AsyncSender asyncSender) {
                if ($assertionsDisabled || Security.this.securityInterceptor.get() != null) {
                    return ((TransportInterceptor) Security.this.securityInterceptor.get()).interceptSender(asyncSender);
                }
                throw new AssertionError();
            }

            static {
                $assertionsDisabled = !Security.class.desiredAssertionStatus();
            }
        });
    }

    public Map<String, Supplier<Transport>> getTransports(Settings settings, ThreadPool threadPool, BigArrays bigArrays, CircuitBreakerService circuitBreakerService, NamedWriteableRegistry namedWriteableRegistry, NetworkService networkService) {
        if (!this.enabled) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        hashMap.put(NAME3, () -> {
            return new SecurityNetty3Transport(settings, threadPool, networkService, bigArrays, (IPFilter) this.ipFilter.get(), this.sslService, namedWriteableRegistry, circuitBreakerService);
        });
        hashMap.put(NAME4, () -> {
            return new SecurityNetty4Transport(settings, threadPool, networkService, bigArrays, namedWriteableRegistry, circuitBreakerService, (IPFilter) this.ipFilter.get(), this.sslService);
        });
        return Collections.unmodifiableMap(hashMap);
    }

    public Map<String, Supplier<HttpServerTransport>> getHttpTransports(Settings settings, ThreadPool threadPool, BigArrays bigArrays, CircuitBreakerService circuitBreakerService, NamedWriteableRegistry namedWriteableRegistry, NamedXContentRegistry namedXContentRegistry, NetworkService networkService) {
        if (!this.enabled) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        hashMap.put(NAME3, () -> {
            return new SecurityNetty3HttpServerTransport(settings, networkService, bigArrays, (IPFilter) this.ipFilter.get(), this.sslService, threadPool, namedXContentRegistry);
        });
        hashMap.put(NAME4, () -> {
            return new SecurityNetty4HttpServerTransport(settings, networkService, bigArrays, (IPFilter) this.ipFilter.get(), this.sslService, threadPool, namedXContentRegistry);
        });
        return Collections.unmodifiableMap(hashMap);
    }

    public UnaryOperator<RestHandler> getRestHandlerWrapper(ThreadContext threadContext) {
        if (!this.enabled || this.transportClientMode) {
            return null;
        }
        return restHandler -> {
            return new SecurityRestFilter(this.settings, this.licenseState, this.sslService, threadContext, (AuthenticationService) this.authcService.get(), restHandler);
        };
    }

    static {
        $assertionsDisabled = !Security.class.desiredAssertionStatus();
        logger = Loggers.getLogger(XPackPlugin.class);
        USER_SETTING = new Setting<>(setting(UserAccount.TYPE), (String) null, (v0) -> {
            return Optional.ofNullable(v0);
        }, new Setting.Property[]{Setting.Property.NodeScope});
        AUDIT_OUTPUTS_SETTING = Setting.listSetting(setting("audit.outputs"), settings -> {
            return settings.getAsMap().containsKey(setting("audit.outputs")) ? Collections.emptyList() : Collections.singletonList(LoggingAuditTrail.NAME);
        }, Function.identity(), new Setting.Property[]{Setting.Property.NodeScope});
    }
}
