package org.elasticsearch.shield.authc.esusers;

import com.google.common.base.Charsets;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.CopyOnWriteArrayList;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.inject.internal.Nullable;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.authc.RealmConfig;
import org.elasticsearch.shield.authc.support.Hasher;
import org.elasticsearch.shield.authc.support.RefreshListener;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.support.NoOpLogger;
import org.elasticsearch.shield.support.ShieldFiles;
import org.elasticsearch.shield.support.Validation;
import org.elasticsearch.watcher.FileChangesListener;
import org.elasticsearch.watcher.FileWatcher;
import org.elasticsearch.watcher.ResourceWatcherService;

/* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.class */
public class FileUserPasswdStore {
    private final ESLogger logger;
    private final Path file;
    final Hasher hasher;
    private volatile ImmutableMap<String, char[]> users;
    private CopyOnWriteArrayList<RefreshListener> listeners;

    /* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/authc/esusers/FileUserPasswdStore$FileListener.class */
    private class FileListener extends FileChangesListener {
        private FileListener() {
        }

        public void onFileCreated(Path path) {
            onFileChanged(path);
        }

        public void onFileDeleted(Path path) {
            onFileChanged(path);
        }

        public void onFileChanged(Path path) {
            if (path.equals(FileUserPasswdStore.this.file)) {
                FileUserPasswdStore.this.logger.info("users file [{}] changed. updating users... )", new Object[]{path.toAbsolutePath()});
                FileUserPasswdStore.this.users = FileUserPasswdStore.parseFileLenient(path, FileUserPasswdStore.this.logger);
                FileUserPasswdStore.this.notifyRefresh();
            }
        }
    }

    public FileUserPasswdStore(RealmConfig realmConfig, ResourceWatcherService resourceWatcherService) {
        this(realmConfig, resourceWatcherService, null);
    }

    FileUserPasswdStore(RealmConfig realmConfig, ResourceWatcherService resourceWatcherService, RefreshListener refreshListener) {
        this.hasher = Hasher.BCRYPT;
        this.logger = realmConfig.logger(FileUserPasswdStore.class);
        this.file = resolveFile(realmConfig.settings(), realmConfig.env());
        this.users = parseFileLenient(this.file, this.logger);
        if (this.users.isEmpty() && this.logger.isDebugEnabled()) {
            this.logger.debug("realm [esusers] has no users", new Object[0]);
        }
        FileWatcher fileWatcher = new FileWatcher(this.file.getParent());
        fileWatcher.addListener(new FileListener());
        try {
            resourceWatcherService.add(fileWatcher, ResourceWatcherService.Frequency.HIGH);
            this.listeners = new CopyOnWriteArrayList<>();
            if (refreshListener != null) {
                this.listeners.add(refreshListener);
            }
        } catch (IOException e) {
            throw new ElasticsearchException("failed to start watching users file [{}]", e, new Object[]{this.file.toAbsolutePath()});
        }
    }

    public void addListener(RefreshListener refreshListener) {
        this.listeners.add(refreshListener);
    }

    public int usersCount() {
        return this.users.size();
    }

    public boolean verifyPassword(String str, SecuredString securedString) {
        char[] cArr;
        return (this.users == null || (cArr = (char[]) this.users.get(str)) == null || !this.hasher.verify(securedString, cArr)) ? false : true;
    }

    public boolean userExists(String str) {
        return this.users != null && this.users.containsKey(str);
    }

    public static Path resolveFile(Settings settings, Environment environment) {
        String str = settings.get("files.users");
        return str == null ? ShieldPlugin.resolveConfigFile(environment, "users") : environment.binFile().getParent().resolve(str);
    }

    static ImmutableMap<String, char[]> parseFileLenient(Path path, ESLogger eSLogger) {
        try {
            return parseFile(path, eSLogger);
        } catch (Throwable th) {
            eSLogger.error("failed to parse users file [{}]. skipping/removing all users...", th, new Object[]{path.toAbsolutePath()});
            return ImmutableMap.of();
        }
    }

    public static ImmutableMap<String, char[]> parseFile(Path path, @Nullable ESLogger eSLogger) {
        if (eSLogger == null) {
            eSLogger = NoOpLogger.INSTANCE;
        }
        eSLogger.trace("reading users file [{}]...", new Object[]{path.toAbsolutePath()});
        if (!Files.exists(path, new LinkOption[0])) {
            return ImmutableMap.of();
        }
        try {
            List<String> readAllLines = Files.readAllLines(path, Charsets.UTF_8);
            ImmutableMap.Builder builder = ImmutableMap.builder();
            int i = 0;
            for (String str : readAllLines) {
                i++;
                if (!str.startsWith("#")) {
                    String trim = str.trim();
                    int indexOf = trim.indexOf(":");
                    if (indexOf <= 0 || indexOf == trim.length() - 1) {
                        eSLogger.error("invalid entry in users file [{}], line [{}]. skipping...", new Object[]{path.toAbsolutePath(), Integer.valueOf(i)});
                    } else {
                        String substring = trim.substring(0, indexOf);
                        Validation.Error validateUsername = Validation.ESUsers.validateUsername(substring);
                        if (validateUsername != null) {
                            eSLogger.error("invalid username [{}] in users file [{}], skipping... ({})", new Object[]{substring, path.toAbsolutePath(), validateUsername});
                        } else {
                            builder.put(substring, trim.substring(indexOf + 1).toCharArray());
                        }
                    }
                }
            }
            ImmutableMap<String, char[]> build = builder.build();
            if (build.isEmpty()) {
                eSLogger.warn("no users found in users file [{}]. use bin/shield/esusers to add users and role mappings", new Object[]{path.toAbsolutePath()});
            }
            return build;
        } catch (IOException e) {
            throw new IllegalStateException("could not read users file [" + path.toAbsolutePath() + "]", e);
        }
    }

    public static void writeFile(Map<String, char[]> map, Path path) {
        try {
            PrintWriter printWriter = new PrintWriter(ShieldFiles.openAtomicMoveWriter(path));
            Throwable th = null;
            try {
                try {
                    for (Map.Entry<String, char[]> entry : map.entrySet()) {
                        printWriter.printf(Locale.ROOT, "%s:%s%s", entry.getKey(), new String(entry.getValue()), System.lineSeparator());
                    }
                    if (printWriter != null) {
                        if (0 != 0) {
                            try {
                                printWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            printWriter.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new ElasticsearchException("could not write file [{}], please check file permissions", e, new Object[]{path.toAbsolutePath()});
        }
    }

    public void notifyRefresh() {
        Iterator<RefreshListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().onRefresh();
        }
    }
}
