package org.elasticsearch.shield.authc;

import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.authc.Realm;
import org.elasticsearch.shield.authc.esnative.ESNativeRealm;
import org.elasticsearch.shield.authc.esusers.FileRealm;
import org.elasticsearch.shield.authc.ldap.support.LdapLoadBalancing;
import org.elasticsearch.shield.license.ShieldLicenseState;

/* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/authc/Realms.class */
public class Realms extends AbstractLifecycleComponent<Realms> implements Iterable<Realm> {
    private final Environment env;
    private final Map<String, Realm.Factory> factories;
    private final ShieldSettingsFilter settingsFilter;
    private final ShieldLicenseState shieldLicenseState;
    protected List<Realm> realms;
    protected List<Realm> internalRealmsOnly;

    @Inject
    public Realms(Settings settings, Environment environment, Map<String, Realm.Factory> map, ShieldSettingsFilter shieldSettingsFilter, ShieldLicenseState shieldLicenseState) {
        super(settings);
        this.realms = Collections.emptyList();
        this.internalRealmsOnly = Collections.emptyList();
        this.env = environment;
        this.factories = map;
        this.settingsFilter = shieldSettingsFilter;
        this.shieldLicenseState = shieldLicenseState;
    }

    protected void doStart() throws ElasticsearchException {
        this.realms = initRealms();
        ArrayList arrayList = new ArrayList();
        for (Realm realm : this.realms) {
            if (AuthenticationModule.INTERNAL_REALM_TYPES.contains(realm.type())) {
                arrayList.add(realm);
            }
        }
        if (arrayList.isEmpty()) {
            addInternalRealms(arrayList);
        }
        this.internalRealmsOnly = Collections.unmodifiableList(arrayList);
    }

    protected void doStop() throws ElasticsearchException {
    }

    protected void doClose() throws ElasticsearchException {
    }

    @Override // java.lang.Iterable
    public Iterator<Realm> iterator() {
        return this.shieldLicenseState.customRealmsEnabled() ? this.realms.iterator() : this.internalRealmsOnly.iterator();
    }

    public Realm realm(String str) {
        for (Realm realm : this.realms) {
            if (str.equals(realm.config.name)) {
                return realm;
            }
        }
        return null;
    }

    public Realm.Factory realmFactory(String str) {
        return this.factories.get(str);
    }

    protected List<Realm> initRealms() {
        Settings asSettings = this.settings.getAsSettings("shield.authc.realms");
        HashSet newHashSet = Sets.newHashSet();
        ArrayList arrayList = new ArrayList();
        for (String str : asSettings.names()) {
            Settings asSettings2 = asSettings.getAsSettings(str);
            String str2 = asSettings2.get(LdapLoadBalancing.LOAD_BALANCE_TYPE_SETTING);
            if (str2 == null) {
                throw new IllegalArgumentException("missing realm type for [" + str + "] realm");
            }
            Realm.Factory factory = this.factories.get(str2);
            if (factory == null) {
                throw new IllegalArgumentException("unknown realm type [" + str2 + "] set for realm [" + str + "]");
            }
            factory.filterOutSensitiveSettings(str, this.settingsFilter);
            RealmConfig realmConfig = new RealmConfig(str, asSettings2, this.settings, this.env);
            if (realmConfig.enabled()) {
                if (factory.internal()) {
                    if (newHashSet.contains(str2)) {
                        throw new IllegalArgumentException("multiple [" + str2 + "] realms are configured. [" + str2 + "] is an internal realm and therefore there can only be one such realm configured");
                    }
                    newHashSet.add(str2);
                }
                arrayList.add(factory.create(realmConfig));
            } else if (this.logger.isDebugEnabled()) {
                this.logger.debug("realm [{}/{}] is disabled", new Object[]{str2, str});
            }
        }
        if (arrayList.isEmpty()) {
            addInternalRealms(arrayList);
            return arrayList;
        }
        Collections.sort(arrayList);
        return arrayList;
    }

    public static Settings fileRealmSettings(Settings settings) {
        Settings asSettings = settings.getAsSettings("shield.authc.realms");
        Settings settings2 = null;
        for (String str : asSettings.names()) {
            Settings asSettings2 = asSettings.getAsSettings(str);
            String str2 = asSettings2.get(LdapLoadBalancing.LOAD_BALANCE_TYPE_SETTING);
            if (str2 == null) {
                throw new IllegalArgumentException("missing realm type for [" + str + "] realm");
            }
            if (isESUsersRealm(str2)) {
                if (settings2 != null) {
                    throw new IllegalArgumentException("multiple [file/esusers]realms are configured. only one may be configured");
                }
                settings2 = asSettings2;
            }
        }
        return settings2 != null ? settings2 : Settings.EMPTY;
    }

    private static boolean isESUsersRealm(String str) {
        return FileRealm.TYPE.equals(str) || FileRealm.OLD_TYPE.equals(str);
    }

    private void addInternalRealms(List<Realm> list) {
        Realm.Factory factory = this.factories.get(ESNativeRealm.TYPE);
        if (factory != null) {
            list.add(factory.createDefault("default_native"));
        }
        Realm.Factory factory2 = this.factories.get(FileRealm.TYPE);
        if (factory2 != null) {
            list.add(factory2.createDefault("default_file"));
        }
    }
}
