package org.elasticsearch.xpack.security;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.CheckedConsumer;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.CountDown;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.env.Environment;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.xpack.XPackFeatureSet;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.XPackSettings;
import org.elasticsearch.xpack.security.authc.Realms;
import org.elasticsearch.xpack.security.authc.esnative.NativeRealm;
import org.elasticsearch.xpack.security.authc.support.mapper.NativeRoleMappingStore;
import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore;
import org.elasticsearch.xpack.security.crypto.CryptoService;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import org.elasticsearch.xpack.security.user.AnonymousUser;

/* loaded from: input_file:org/elasticsearch/xpack/security/SecurityFeatureSet.class */
public class SecurityFeatureSet implements XPackFeatureSet {
    private final Settings settings;
    private final boolean enabled;
    private final XPackLicenseState licenseState;

    @Nullable
    private final Realms realms;

    @Nullable
    private final CompositeRolesStore rolesStore;

    @Nullable
    private final NativeRoleMappingStore roleMappingStore;

    @Nullable
    private final IPFilter ipFilter;
    private final boolean systemKeyUsed;

    /* loaded from: input_file:org/elasticsearch/xpack/security/SecurityFeatureSet$Usage.class */
    public static class Usage extends XPackFeatureSet.Usage {
        private static final String REALMS_XFIELD = "realms";
        private static final String ROLES_XFIELD = "roles";
        private static final String ROLE_MAPPING_XFIELD = "role_mapping";
        private static final String SSL_XFIELD = "ssl";
        private static final String AUDIT_XFIELD = "audit";
        private static final String IP_FILTER_XFIELD = "ipfilter";
        private static final String SYSTEM_KEY_XFIELD = "system_key";
        private static final String ANONYMOUS_XFIELD = "anonymous";
        private Map<String, Object> realmsUsage;
        private Map<String, Object> rolesStoreUsage;
        private Map<String, Object> sslUsage;
        private Map<String, Object> auditUsage;
        private Map<String, Object> ipFilterUsage;
        private Map<String, Object> systemKeyUsage;
        private Map<String, Object> anonymousUsage;
        private Map<String, Object> roleMappingStoreUsage;

        public Usage(StreamInput streamInput) throws IOException {
            super(streamInput);
            this.realmsUsage = streamInput.readMap();
            this.rolesStoreUsage = streamInput.readMap();
            this.sslUsage = streamInput.readMap();
            this.auditUsage = streamInput.readMap();
            this.ipFilterUsage = streamInput.readMap();
            this.systemKeyUsage = streamInput.readMap();
            this.anonymousUsage = streamInput.readMap();
            this.roleMappingStoreUsage = streamInput.readMap();
        }

        public Usage(boolean z, boolean z2, Map<String, Object> map, Map<String, Object> map2, Map<String, Object> map3, Map<String, Object> map4, Map<String, Object> map5, Map<String, Object> map6, Map<String, Object> map7, Map<String, Object> map8) {
            super(XPackPlugin.SECURITY, z, z2);
            this.realmsUsage = map;
            this.rolesStoreUsage = map2;
            this.roleMappingStoreUsage = map3;
            this.sslUsage = map4;
            this.auditUsage = map5;
            this.ipFilterUsage = map6;
            this.systemKeyUsage = map7;
            this.anonymousUsage = map8;
        }

        @Override // org.elasticsearch.xpack.XPackFeatureSet.Usage
        public void writeTo(StreamOutput streamOutput) throws IOException {
            super.writeTo(streamOutput);
            streamOutput.writeMap(this.realmsUsage);
            streamOutput.writeMap(this.rolesStoreUsage);
            streamOutput.writeMap(this.sslUsage);
            streamOutput.writeMap(this.auditUsage);
            streamOutput.writeMap(this.ipFilterUsage);
            streamOutput.writeMap(this.systemKeyUsage);
            streamOutput.writeMap(this.anonymousUsage);
            streamOutput.writeMap(this.roleMappingStoreUsage);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.elasticsearch.xpack.XPackFeatureSet.Usage
        public void innerXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
            super.innerXContent(xContentBuilder, params);
            if (this.enabled) {
                xContentBuilder.field(REALMS_XFIELD, this.realmsUsage);
                xContentBuilder.field(ROLES_XFIELD, this.rolesStoreUsage);
                xContentBuilder.field(ROLE_MAPPING_XFIELD, this.roleMappingStoreUsage);
                xContentBuilder.field("ssl", this.sslUsage);
                xContentBuilder.field(AUDIT_XFIELD, this.auditUsage);
                xContentBuilder.field(IP_FILTER_XFIELD, this.ipFilterUsage);
                xContentBuilder.field(SYSTEM_KEY_XFIELD, this.systemKeyUsage);
                xContentBuilder.field(ANONYMOUS_XFIELD, this.anonymousUsage);
            }
        }
    }

    @Inject
    public SecurityFeatureSet(Settings settings, @Nullable XPackLicenseState xPackLicenseState, @Nullable Realms realms, @Nullable CompositeRolesStore compositeRolesStore, @Nullable NativeRoleMappingStore nativeRoleMappingStore, @Nullable IPFilter iPFilter, Environment environment) {
        this.enabled = ((Boolean) XPackSettings.SECURITY_ENABLED.get(settings)).booleanValue();
        this.licenseState = xPackLicenseState;
        this.realms = realms;
        this.rolesStore = compositeRolesStore;
        this.roleMappingStore = nativeRoleMappingStore;
        this.settings = settings;
        this.ipFilter = iPFilter;
        this.systemKeyUsed = this.enabled && Files.exists(CryptoService.resolveSystemKey(environment), new LinkOption[0]);
    }

    @Override // org.elasticsearch.xpack.XPackFeatureSet
    public String name() {
        return XPackPlugin.SECURITY;
    }

    @Override // org.elasticsearch.xpack.XPackFeatureSet
    public String description() {
        return "Security for the Elastic Stack";
    }

    @Override // org.elasticsearch.xpack.XPackFeatureSet
    public boolean available() {
        return this.licenseState != null && this.licenseState.isAuthAllowed();
    }

    @Override // org.elasticsearch.xpack.XPackFeatureSet
    public boolean enabled() {
        return this.enabled;
    }

    @Override // org.elasticsearch.xpack.XPackFeatureSet
    public Map<String, Object> nativeCodeInfo() {
        return null;
    }

    @Override // org.elasticsearch.xpack.XPackFeatureSet
    public void usage(ActionListener<XPackFeatureSet.Usage> actionListener) {
        Map<String, Object> buildRealmsUsage = buildRealmsUsage(this.realms);
        Map<String, Object> sslUsage = sslUsage(this.settings);
        Map<String, Object> auditUsage = auditUsage(this.settings);
        Map<String, Object> ipFilterUsage = ipFilterUsage(this.ipFilter);
        Map<String, Object> systemKeyUsage = systemKeyUsage();
        Map singletonMap = Collections.singletonMap("enabled", Boolean.valueOf(AnonymousUser.isAnonymousEnabled(this.settings)));
        AtomicReference atomicReference = new AtomicReference();
        AtomicReference atomicReference2 = new AtomicReference();
        CountDown countDown = new CountDown(2);
        Runnable runnable = () -> {
            if (countDown.countDown()) {
                actionListener.onResponse(new Usage(available(), enabled(), buildRealmsUsage, (Map) atomicReference.get(), (Map) atomicReference2.get(), sslUsage, auditUsage, ipFilterUsage, systemKeyUsage, singletonMap));
            }
        };
        CheckedConsumer checkedConsumer = map -> {
            atomicReference.set(map);
            runnable.run();
        };
        actionListener.getClass();
        ActionListener<Map<String, Object>> wrap = ActionListener.wrap(checkedConsumer, actionListener::onFailure);
        CheckedConsumer checkedConsumer2 = map2 -> {
            atomicReference2.set(Collections.singletonMap(NativeRealm.TYPE, map2));
            runnable.run();
        };
        actionListener.getClass();
        ActionListener<Map<String, Object>> wrap2 = ActionListener.wrap(checkedConsumer2, actionListener::onFailure);
        if (this.rolesStore == null) {
            wrap.onResponse(Collections.emptyMap());
        } else {
            this.rolesStore.usageStats(wrap);
        }
        if (this.roleMappingStore == null) {
            wrap2.onResponse(Collections.emptyMap());
        } else {
            this.roleMappingStore.usageStats(wrap2);
        }
    }

    static Map<String, Object> buildRealmsUsage(Realms realms) {
        return realms == null ? Collections.emptyMap() : realms.usageStats();
    }

    static Map<String, Object> sslUsage(Settings settings) {
        HashMap hashMap = new HashMap(2);
        hashMap.put("http", Collections.singletonMap("enabled", XPackSettings.HTTP_SSL_ENABLED.get(settings)));
        hashMap.put("transport", Collections.singletonMap("enabled", XPackSettings.TRANSPORT_SSL_ENABLED.get(settings)));
        return hashMap;
    }

    static Map<String, Object> auditUsage(Settings settings) {
        HashMap hashMap = new HashMap(2);
        hashMap.put("enabled", XPackSettings.AUDIT_ENABLED.get(settings));
        hashMap.put("outputs", Security.AUDIT_OUTPUTS_SETTING.get(settings));
        return hashMap;
    }

    static Map<String, Object> ipFilterUsage(@Nullable IPFilter iPFilter) {
        return iPFilter == null ? IPFilter.DISABLED_USAGE_STATS : iPFilter.usageStats();
    }

    Map<String, Object> systemKeyUsage() {
        return Collections.singletonMap("enabled", Boolean.valueOf(this.systemKeyUsed));
    }
}
