package com.floragunn.searchguard.dlic.rest.api;

import com.floragunn.searchguard.action.configupdate.ConfigUpdateAction;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateNodeResponse;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateRequest;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateResponse;
import com.floragunn.searchguard.auditlog.AuditLog;
import com.floragunn.searchguard.configuration.AdminDNs;
import com.floragunn.searchguard.configuration.ConfigurationLoader;
import com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator;
import com.floragunn.searchguard.ssl.transport.PrincipalExtractor;
import com.floragunn.searchguard.ssl.util.SSLRequestHelper;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.rest.BaseRestHandler;
import org.elasticsearch.rest.BytesRestResponse;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestResponse;
import org.elasticsearch.rest.RestStatus;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/AbstractApiAction.class */
public abstract class AbstractApiAction extends BaseRestHandler {
    private final AdminDNs adminDNs;
    private final ConfigurationLoader cl;
    private final ClusterService cs;
    private final PrincipalExtractor principalExtractor;
    private String searchguardIndex;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.floragunn.searchguard.dlic.rest.api.AbstractApiAction$3, reason: invalid class name */
    /* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/AbstractApiAction$3.class */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$org$elasticsearch$rest$RestRequest$Method = new int[RestRequest.Method.values().length];

        static {
            try {
                $SwitchMap$org$elasticsearch$rest$RestRequest$Method[RestRequest.Method.DELETE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$elasticsearch$rest$RestRequest$Method[RestRequest.Method.POST.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$elasticsearch$rest$RestRequest$Method[RestRequest.Method.PUT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$elasticsearch$rest$RestRequest$Method[RestRequest.Method.GET.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractApiAction(Settings settings, RestController restController, Client client, AdminDNs adminDNs, ConfigurationLoader configurationLoader, ClusterService clusterService, AuditLog auditLog, PrincipalExtractor principalExtractor) {
        super(settings);
        this.searchguardIndex = settings.get("searchguard.config_index_name", "searchguard");
        this.adminDNs = adminDNs;
        this.cl = configurationLoader;
        this.cs = clusterService;
        this.principalExtractor = principalExtractor;
    }

    protected abstract AbstractConfigurationValidator getValidator(RestRequest.Method method, BytesReference bytesReference);

    protected abstract String getResourceName();

    protected abstract String getConfigName();

    protected Tuple<String[], RestResponse> handleApiRequest(RestRequest restRequest, Client client) throws Throwable {
        consumeParameters(restRequest);
        if (!ensureIndexExists(client)) {
            return internalErrorResponse(AbstractConfigurationValidator.ErrorType.SG_NOT_INITIALIZED.getMessage());
        }
        AbstractConfigurationValidator validator = getValidator(restRequest.method(), restRequest.content());
        if (!validator.validateSettings()) {
            restRequest.params().clear();
            return new Tuple<>(new String[0], new BytesRestResponse(RestStatus.BAD_REQUEST, validator.errorsAsXContent()));
        }
        switch (AnonymousClass3.$SwitchMap$org$elasticsearch$rest$RestRequest$Method[restRequest.method().ordinal()]) {
            case 1:
                return handleDelete(restRequest, client, validator.settingsBuilder());
            case 2:
                return handlePost(restRequest, client, validator.settingsBuilder());
            case 3:
                return handlePut(restRequest, client, validator.settingsBuilder());
            case 4:
                return handleGet(restRequest, client, validator.settingsBuilder());
            default:
                throw new IllegalArgumentException(restRequest.method() + " not supported");
        }
    }

    protected Tuple<String[], RestResponse> handleDelete(RestRequest restRequest, Client client, Settings.Builder builder) throws Throwable {
        String param = restRequest.param("name");
        if (param == null || param.length() == 0) {
            return badRequestResponse("No " + getResourceName() + " specified");
        }
        Settings.Builder load = load(getConfigName());
        if (!removeKeysStartingWith(load.internalMap(), param + ".")) {
            return notFound(getResourceName() + " " + param + " not found.");
        }
        save(client, restRequest, getConfigName(), load);
        return successResponse(getResourceName() + " " + param + " deleted.", getConfigName());
    }

    protected Tuple<String[], RestResponse> handlePut(RestRequest restRequest, Client client, Settings.Builder builder) throws Throwable {
        String param = restRequest.param("name");
        if (param == null || param.length() == 0) {
            return badRequestResponse("No " + getResourceName() + " specified");
        }
        Settings.Builder load = load(getConfigName());
        boolean removeKeysStartingWith = removeKeysStartingWith(load.internalMap(), param + ".");
        load.put(prependValueToEachKey(builder.build().getAsMap(), param + "."));
        save(client, restRequest, getConfigName(), load);
        return removeKeysStartingWith ? successResponse(getResourceName() + " " + param + " replaced.", getConfigName()) : createdResponse(getResourceName() + " " + param + " created.", getConfigName());
    }

    protected Tuple<String[], RestResponse> handlePost(RestRequest restRequest, Client client, Settings.Builder builder) throws Throwable {
        return notImplemented(RestRequest.Method.POST);
    }

    protected Tuple<String[], RestResponse> handleGet(RestRequest restRequest, Client client, Settings.Builder builder) throws Throwable {
        String param = restRequest.param("name");
        if (param == null || param.length() == 0) {
            return badRequestResponse("No " + getResourceName() + " specified.");
        }
        Settings.Builder copyKeysStartingWith = copyKeysStartingWith(load(getConfigName()).internalMap(), param + ".");
        return copyKeysStartingWith.internalMap().size() == 0 ? notFound("Resource '" + param + "' not found.") : new Tuple<>(new String[0], new BytesRestResponse(RestStatus.OK, convertToJson(copyKeysStartingWith.build())));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Settings.Builder load(String str) {
        return Settings.builder().put(loadAsSettings(str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Settings loadAsSettings(String str) {
        try {
            return (Settings) this.cl.load(new String[]{str}, 30L, TimeUnit.SECONDS).get(str);
        } catch (InterruptedException e) {
            this.logger.error("Unable to retrieve configuration due to a thread interruption");
            return null;
        } catch (TimeoutException e2) {
            this.logger.error("Unable to retrieve configuration due to a timeout {}", e2, e2.toString());
            return null;
        }
    }

    protected boolean ensureIndexExists(Client client) throws Throwable {
        return this.cs.state().metaData().hasConcreteIndex(this.searchguardIndex);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void save(Client client, RestRequest restRequest, final String str, Settings.Builder builder) throws Throwable {
        final Semaphore semaphore = new Semaphore(0);
        final ArrayList arrayList = new ArrayList(1);
        client.index(new IndexRequest(this.searchguardIndex).type(str).id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(str, toSource(builder)), new ActionListener<IndexResponse>() { // from class: com.floragunn.searchguard.dlic.rest.api.AbstractApiAction.1
            public void onResponse(IndexResponse indexResponse) {
                semaphore.release();
                if (AbstractApiAction.this.logger.isDebugEnabled()) {
                    AbstractApiAction.this.logger.debug("{} successfully updated", str);
                }
            }

            public void onFailure(Exception exc) {
                semaphore.release();
                arrayList.add(exc);
                AbstractApiAction.this.logger.error("Cannot update {} due to {}", exc, str, exc);
            }
        });
        if (!semaphore.tryAcquire(2L, TimeUnit.MINUTES)) {
            this.logger.error("Cannot update {} due to timeout}", str);
            throw new ElasticsearchException("Timeout updating " + str, new Object[0]);
        }
        if (arrayList.size() > 0) {
            throw ((Throwable) arrayList.get(0));
        }
    }

    protected BaseRestHandler.RestChannelConsumer prepareRequest(RestRequest restRequest, NodeClient nodeClient) throws IOException {
        SSLRequestHelper.SSLInfo sSLInfo = SSLRequestHelper.getSSLInfo(restRequest, this.principalExtractor);
        if (sSLInfo == null) {
            this.logger.error("No ssl info found");
            restRequest.params().clear();
            BytesRestResponse bytesRestResponse = new BytesRestResponse(RestStatus.FORBIDDEN, "No ssl info found");
            return restChannel -> {
                restChannel.sendResponse(bytesRestResponse);
            };
        }
        X509Certificate[] x509Certs = sSLInfo.getX509Certs();
        if (x509Certs == null || x509Certs.length == 0) {
            this.logger.error("No certificate found");
            restRequest.params().clear();
            BytesRestResponse bytesRestResponse2 = new BytesRestResponse(RestStatus.FORBIDDEN, "No certificates");
            return restChannel2 -> {
                restChannel2.sendResponse(bytesRestResponse2);
            };
        }
        AdminDNs adminDNs = this.adminDNs;
        if (!AdminDNs.isAdmin(sSLInfo.getPrincipal())) {
            restRequest.params().clear();
            this.logger.error("SG admin permissions required but {} is not an admin", sSLInfo.getPrincipal());
            BytesRestResponse bytesRestResponse3 = new BytesRestResponse(RestStatus.FORBIDDEN, "SG admin permissions required");
            return restChannel3 -> {
                restChannel3.sendResponse(bytesRestResponse3);
            };
        }
        final Semaphore semaphore = new Semaphore(0);
        final ArrayList arrayList = new ArrayList(1);
        try {
            final Tuple<String[], RestResponse> handleApiRequest = handleApiRequest(restRequest, nodeClient);
            if (((String[]) handleApiRequest.v1()).length > 0) {
                nodeClient.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest((String[]) handleApiRequest.v1()), new ActionListener<ConfigUpdateResponse>() { // from class: com.floragunn.searchguard.dlic.rest.api.AbstractApiAction.2
                    public void onFailure(Exception exc) {
                        semaphore.release();
                        AbstractApiAction.this.logger.error("Cannot update {} due to {}", exc, Arrays.toString((Object[]) handleApiRequest.v1()), exc);
                        arrayList.add(exc);
                    }

                    public void onResponse(ConfigUpdateResponse configUpdateResponse) {
                        semaphore.release();
                        if (!AbstractApiAction.this.checkConfigUpdateResponse(configUpdateResponse)) {
                            AbstractApiAction.this.logger.error("Cannot update {}", Arrays.toString((Object[]) handleApiRequest.v1()));
                            arrayList.add(new ElasticsearchException("Unable to update " + Arrays.toString((Object[]) handleApiRequest.v1()), new Object[0]));
                        } else if (AbstractApiAction.this.logger.isDebugEnabled()) {
                            AbstractApiAction.this.logger.debug("Configs {} successfully updated", Arrays.toString((Object[]) handleApiRequest.v1()));
                        }
                    }
                });
            } else {
                semaphore.release();
            }
            try {
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
            }
            if (!semaphore.tryAcquire(2L, TimeUnit.MINUTES)) {
                this.logger.error("Cannot update {} due to timeout", Arrays.toString((Object[]) handleApiRequest.v1()));
                throw new ElasticsearchException("Timeout updating " + Arrays.toString((Object[]) handleApiRequest.v1()), new Object[0]);
            }
            if (arrayList.size() <= 0) {
                return restChannel4 -> {
                    restChannel4.sendResponse((RestResponse) handleApiRequest.v2());
                };
            }
            restRequest.params().clear();
            return restChannel5 -> {
                restChannel5.sendResponse(new BytesRestResponse(RestStatus.INTERNAL_SERVER_ERROR, ((Throwable) arrayList.get(0)).toString()));
            };
        } catch (Throwable th) {
            this.logger.error("Unexpected exception {}", th, th);
            restRequest.params().clear();
            return restChannel6 -> {
                restChannel6.sendResponse(new BytesRestResponse(RestStatus.INTERNAL_SERVER_ERROR, th.toString()));
            };
        }
    }

    protected static BytesReference toSource(Settings.Builder builder) throws IOException {
        XContentBuilder jsonBuilder = XContentFactory.jsonBuilder();
        jsonBuilder.startObject();
        builder.build().toXContent(jsonBuilder, ToXContent.EMPTY_PARAMS);
        jsonBuilder.endObject();
        return jsonBuilder.bytes();
    }

    protected boolean checkConfigUpdateResponse(ConfigUpdateResponse configUpdateResponse) {
        int size = this.cs.state().getNodes().getNodes().size();
        boolean z = configUpdateResponse.getNodes().size() == size;
        if (!z) {
            this.logger.error("Expected " + size + " nodes to return response, but got only " + configUpdateResponse.getNodes().size());
        }
        for (String str : configUpdateResponse.getNodesMap().keySet()) {
            ConfigUpdateNodeResponse configUpdateNodeResponse = (ConfigUpdateNodeResponse) configUpdateResponse.getNodesMap().get(str);
            boolean z2 = configUpdateNodeResponse.getUpdatedConfigTypes() != null && configUpdateNodeResponse.getUpdatedConfigTypes().length == 1;
            if (!z2) {
                this.logger.error("Expected 1 config types for node " + str + " but got only " + Arrays.toString(configUpdateNodeResponse.getUpdatedConfigTypes()));
            }
            z &= z2;
        }
        return z;
    }

    protected Settings.Builder copyKeysStartingWith(Map<String, String> map, String str) {
        if (map == null || map.isEmpty() || str == null || str.isEmpty()) {
            return Settings.builder();
        }
        HashMap hashMap = new HashMap();
        Iterator it = new HashSet(map.keySet()).iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (str2 != null && str2.startsWith(str)) {
                hashMap.put(str2, map.get(str2));
            }
        }
        return Settings.builder().put(hashMap);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean removeKeysStartingWith(Map<String, String> map, String str) {
        if (map == null || map.isEmpty() || str == null || str.isEmpty()) {
            return false;
        }
        boolean z = false;
        Iterator it = new HashSet(map.keySet()).iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (str2 != null && str2.startsWith(str) && map.remove(str2) != null) {
                z = true;
            }
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> prependValueToEachKey(Map<String, String> map, String str) {
        if (map == null || map.isEmpty() || str == null || str.isEmpty()) {
            return map;
        }
        HashMap hashMap = new HashMap();
        Iterator it = new HashSet(map.keySet()).iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (str2 != null) {
                hashMap.put(str + str2, map.get(str2));
            }
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> removeLeadingValueFromEachKey(Map<String, String> map, String str) {
        if (map == null || map.isEmpty() || str == null || str.isEmpty()) {
            return map;
        }
        HashMap hashMap = new HashMap();
        Iterator it = new HashSet(map.keySet()).iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (str2 != null) {
                hashMap.put(str2.replaceAll(str, ""), map.get(str2));
            }
        }
        return hashMap;
    }

    protected static String convertToYaml(BytesReference bytesReference, boolean z) throws IOException {
        XContentParser createParser = XContentFactory.xContent(XContentFactory.xContentType(bytesReference)).createParser(bytesReference.streamInput());
        Throwable th = null;
        try {
            try {
                createParser.nextToken();
                XContentBuilder yamlBuilder = XContentFactory.yamlBuilder();
                if (z) {
                    yamlBuilder.prettyPrint();
                }
                yamlBuilder.copyCurrentStructure(createParser);
                String string = yamlBuilder.string();
                if (createParser != null) {
                    if (0 != 0) {
                        try {
                            createParser.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        createParser.close();
                    }
                }
                return string;
            } finally {
            }
        } catch (Throwable th3) {
            if (createParser != null) {
                if (th != null) {
                    try {
                        createParser.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    createParser.close();
                }
            }
            throw th3;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static XContentBuilder convertToJson(Settings settings) throws IOException {
        XContentBuilder jsonBuilder = XContentFactory.jsonBuilder();
        jsonBuilder.prettyPrint();
        jsonBuilder.startObject();
        settings.toXContent(jsonBuilder, ToXContent.EMPTY_PARAMS);
        jsonBuilder.endObject();
        return jsonBuilder;
    }

    protected Tuple<String[], RestResponse> response(RestStatus restStatus, String str, String str2, String... strArr) {
        try {
            XContentBuilder jsonBuilder = XContentFactory.jsonBuilder();
            jsonBuilder.startObject();
            jsonBuilder.field("status", str);
            jsonBuilder.field("message", str2);
            jsonBuilder.endObject();
            return new Tuple<>(strArr == null ? new String[0] : strArr, new BytesRestResponse(restStatus, jsonBuilder));
        } catch (IOException e) {
            this.logger.error("Cannot build response", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Tuple<String[], RestResponse> successResponse(String str, String... strArr) {
        return response(RestStatus.OK, RestStatus.OK.name(), str, strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Tuple<String[], RestResponse> createdResponse(String str, String... strArr) {
        return response(RestStatus.CREATED, RestStatus.CREATED.name(), str, strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Tuple<String[], RestResponse> badRequestResponse(String str) {
        return response(RestStatus.BAD_REQUEST, RestStatus.BAD_REQUEST.name(), str, new String[0]);
    }

    protected Tuple<String[], RestResponse> notFound(String str) {
        return response(RestStatus.NOT_FOUND, RestStatus.NOT_FOUND.name(), str, new String[0]);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Tuple<String[], RestResponse> internalErrorResponse(String str) {
        return response(RestStatus.INTERNAL_SERVER_ERROR, RestStatus.INTERNAL_SERVER_ERROR.name(), str, new String[0]);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Tuple<String[], RestResponse> notImplemented(RestRequest.Method method) {
        return response(RestStatus.NOT_IMPLEMENTED, RestStatus.NOT_IMPLEMENTED.name(), "Method " + method.name() + " not supported for this action.", new String[0]);
    }

    protected void consumeParameters(RestRequest restRequest) {
        restRequest.param("name");
    }

    public static void printLicenseInfo() {
        System.out.println("***************************************************");
        System.out.println("Searchguard Management API is not free software");
        System.out.println("for commercial use in production.");
        System.out.println("You have to obtain a license if you ");
        System.out.println("use it in production.");
        System.out.println("***************************************************");
    }

    static {
        printLicenseInfo();
    }
}
