package org.elasticsearch.shield.authc.esusers;

import com.google.common.base.Charsets;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.regex.Pattern;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.inject.internal.Nullable;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.authc.RealmConfig;
import org.elasticsearch.shield.authc.support.RefreshListener;
import org.elasticsearch.shield.support.NoOpLogger;
import org.elasticsearch.shield.support.ShieldFiles;
import org.elasticsearch.shield.support.Validation;
import org.elasticsearch.watcher.FileChangesListener;
import org.elasticsearch.watcher.FileWatcher;
import org.elasticsearch.watcher.ResourceWatcherService;

/* loaded from: input_file:org/elasticsearch/shield/authc/esusers/FileUserRolesStore.class */
public class FileUserRolesStore {
    private static final Pattern USERS_DELIM = Pattern.compile("\\s*,\\s*");
    private final ESLogger logger;
    private final Path file;
    private CopyOnWriteArrayList<RefreshListener> listeners;
    private volatile ImmutableMap<String, String[]> userRoles;

    /* loaded from: input_file:org/elasticsearch/shield/authc/esusers/FileUserRolesStore$FileListener.class */
    private class FileListener extends FileChangesListener {
        private FileListener() {
        }

        public void onFileCreated(Path path) {
            onFileChanged(path);
        }

        public void onFileDeleted(Path path) {
            onFileChanged(path);
        }

        public void onFileChanged(Path path) {
            if (path.equals(FileUserRolesStore.this.file)) {
                FileUserRolesStore.this.logger.info("users_roles file [{}] changed. updating users roles...", new Object[]{path.toAbsolutePath()});
                FileUserRolesStore.this.userRoles = FileUserRolesStore.parseFileLenient(path, FileUserRolesStore.this.logger);
                FileUserRolesStore.this.notifyRefresh();
            }
        }
    }

    public FileUserRolesStore(RealmConfig realmConfig, ResourceWatcherService resourceWatcherService) {
        this(realmConfig, resourceWatcherService, null);
    }

    FileUserRolesStore(RealmConfig realmConfig, ResourceWatcherService resourceWatcherService, RefreshListener refreshListener) {
        this.logger = realmConfig.logger(FileUserRolesStore.class);
        this.file = resolveFile(realmConfig.settings(), realmConfig.env());
        this.userRoles = parseFileLenient(this.file, this.logger);
        FileWatcher fileWatcher = new FileWatcher(this.file.getParent());
        fileWatcher.addListener(new FileListener());
        try {
            resourceWatcherService.add(fileWatcher, ResourceWatcherService.Frequency.HIGH);
            this.listeners = new CopyOnWriteArrayList<>();
            if (refreshListener != null) {
                this.listeners.add(refreshListener);
            }
        } catch (IOException e) {
            throw new ElasticsearchException("failed to start watching the user roles file [" + this.file.toAbsolutePath() + "]", e, new Object[0]);
        }
    }

    public synchronized void addListener(RefreshListener refreshListener) {
        this.listeners.add(refreshListener);
    }

    int entriesCount() {
        return this.userRoles.size();
    }

    public String[] roles(String str) {
        if (this.userRoles != null && ((String[]) this.userRoles.get(str)) != null) {
            return (String[]) this.userRoles.get(str);
        }
        return Strings.EMPTY_ARRAY;
    }

    public static Path resolveFile(Settings settings, Environment environment) {
        String str = settings.get("files.users_roles");
        return str == null ? ShieldPlugin.resolveConfigFile(environment, "users_roles") : environment.binFile().getParent().resolve(str);
    }

    static ImmutableMap<String, String[]> parseFileLenient(Path path, ESLogger eSLogger) {
        try {
            return parseFile(path, eSLogger);
        } catch (Throwable th) {
            eSLogger.error("failed to parse users_roles file [{}]. skipping/removing all entries...", th, new Object[]{path.toAbsolutePath()});
            return ImmutableMap.of();
        }
    }

    public static ImmutableMap<String, String[]> parseFile(Path path, @Nullable ESLogger eSLogger) {
        if (eSLogger == null) {
            eSLogger = NoOpLogger.INSTANCE;
        }
        eSLogger.trace("reading users_roles file [{}]...", new Object[]{path.toAbsolutePath()});
        if (!Files.exists(path, new LinkOption[0])) {
            return ImmutableMap.of();
        }
        try {
            List<String> readAllLines = Files.readAllLines(path, Charsets.UTF_8);
            HashMap hashMap = new HashMap();
            int i = 0;
            for (String str : readAllLines) {
                i++;
                if (!str.startsWith("#")) {
                    int indexOf = str.indexOf(":");
                    if (indexOf <= 0 || indexOf == str.length() - 1) {
                        eSLogger.error("invalid entry in users_roles file [{}], line [{}]. skipping...", new Object[]{path.toAbsolutePath(), Integer.valueOf(i)});
                    } else {
                        String trim = str.substring(0, indexOf).trim();
                        Validation.Error validateRoleName = Validation.Roles.validateRoleName(trim);
                        if (validateRoleName != null) {
                            eSLogger.error("invalid role entry in users_roles file [{}], line [{}] - {}. skipping...", new Object[]{path.toAbsolutePath(), Integer.valueOf(i), validateRoleName});
                        } else {
                            String trim2 = str.substring(indexOf + 1).trim();
                            if (Strings.isEmpty(trim2)) {
                                eSLogger.error("invalid entry for role [{}] in users_roles file [{}], line [{}]. no users found. skipping...", new Object[]{trim, path.toAbsolutePath(), Integer.valueOf(i)});
                            } else {
                                String[] split = USERS_DELIM.split(trim2);
                                if (split.length == 0) {
                                    eSLogger.error("invalid entry for role [{}] in users_roles file [{}], line [{}]. no users found. skipping...", new Object[]{trim, path.toAbsolutePath(), Integer.valueOf(i)});
                                } else {
                                    for (String str2 : split) {
                                        List list = (List) hashMap.get(str2);
                                        if (list == null) {
                                            list = new ArrayList();
                                            hashMap.put(str2, list);
                                        }
                                        list.add(trim);
                                    }
                                }
                            }
                        }
                    }
                }
            }
            ImmutableMap.Builder builder = ImmutableMap.builder();
            for (Map.Entry entry : hashMap.entrySet()) {
                builder.put(entry.getKey(), ((List) entry.getValue()).toArray(new String[((List) entry.getValue()).size()]));
            }
            ImmutableMap<String, String[]> build = builder.build();
            if (build.isEmpty()) {
                eSLogger.warn("no entries found in users_roles file [{}]. use bin/shield/esusers to add users and role mappings", new Object[]{path.toAbsolutePath()});
            }
            return build;
        } catch (IOException e) {
            throw new ElasticsearchException("could not read users file [" + path.toAbsolutePath() + "]", e, new Object[0]);
        }
    }

    public static void writeFile(Map<String, String[]> map, Path path) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String[]> entry : map.entrySet()) {
            for (String str : entry.getValue()) {
                List list = (List) hashMap.get(str);
                if (list == null) {
                    list = new ArrayList();
                    hashMap.put(str, list);
                }
                list.add(entry.getKey());
            }
        }
        try {
            PrintWriter printWriter = new PrintWriter(ShieldFiles.openAtomicMoveWriter(path));
            Throwable th = null;
            try {
                for (Map.Entry entry2 : hashMap.entrySet()) {
                    printWriter.printf(Locale.ROOT, "%s:%s%s", entry2.getKey(), Strings.collectionToCommaDelimitedString((Iterable) entry2.getValue()), System.lineSeparator());
                }
                if (printWriter != null) {
                    if (0 != 0) {
                        try {
                            printWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        printWriter.close();
                    }
                }
            } finally {
            }
        } catch (IOException e) {
            throw new ElasticsearchException("could not write file [" + path.toAbsolutePath() + "], please check file permissions", e, new Object[0]);
        }
    }

    public void notifyRefresh() {
        Iterator<RefreshListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().onRefresh();
        }
    }
}
