package com.amazon.opendistroforelasticsearch.security.securityconf;

import com.amazon.opendistroforelasticsearch.security.DefaultObjectMapper;
import com.amazon.opendistroforelasticsearch.security.auditlog.config.AuditConfig;
import com.amazon.opendistroforelasticsearch.security.auth.internal.InternalAuthenticationBackend;
import com.amazon.opendistroforelasticsearch.security.configuration.ClusterInfoHolder;
import com.amazon.opendistroforelasticsearch.security.configuration.ConfigurationChangeListener;
import com.amazon.opendistroforelasticsearch.security.configuration.ConfigurationRepository;
import com.amazon.opendistroforelasticsearch.security.configuration.StaticResourceException;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.CType;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.NodesDn;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.SecurityDynamicConfiguration;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.WhitelistingSettings;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.v6.ConfigV6;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.v6.InternalUserV6;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.v7.ActionGroupsV7;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.v7.ConfigV7;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.v7.InternalUserV7;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.v7.RoleMappingsV7;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.v7.RoleV7;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.v7.TenantV7;
import com.amazon.opendistroforelasticsearch.security.support.ConfigConstants;
import com.amazon.opendistroforelasticsearch.security.support.WildcardMatcher;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.nio.file.Path;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.client.Client;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.threadpool.ThreadPool;
import org.greenrobot.eventbus.EventBus;
import org.greenrobot.eventbus.EventBusBuilder;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/securityconf/DynamicConfigFactory.class */
public class DynamicConfigFactory implements Initializable, ConfigurationChangeListener {
    public static final EventBusBuilder EVENT_BUS_BUILDER = EventBus.builder();
    private static SecurityDynamicConfiguration<RoleV7> staticRoles = SecurityDynamicConfiguration.empty();
    private static SecurityDynamicConfiguration<ActionGroupsV7> staticActionGroups = SecurityDynamicConfiguration.empty();
    private static SecurityDynamicConfiguration<TenantV7> staticTenants = SecurityDynamicConfiguration.empty();
    private static final WhitelistingSettings defaultWhitelistingSettings = new WhitelistingSettings();
    private final ConfigurationRepository cr;
    private final Settings esSettings;
    private final Path configPath;
    SecurityDynamicConfiguration<?> config;
    protected final Logger log = LogManager.getLogger(getClass());
    private final AtomicBoolean initialized = new AtomicBoolean();
    private final EventBus eventBus = EVENT_BUS_BUILDER.build();
    private final InternalAuthenticationBackend iab = new InternalAuthenticationBackend();

    /* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/securityconf/DynamicConfigFactory$InternalUsersModelV6.class */
    private static class InternalUsersModelV6 extends InternalUsersModel {
        SecurityDynamicConfiguration<InternalUserV6> configuration;

        public InternalUsersModelV6(SecurityDynamicConfiguration<InternalUserV6> securityDynamicConfiguration) {
            this.configuration = securityDynamicConfiguration;
        }

        @Override // com.amazon.opendistroforelasticsearch.security.securityconf.InternalUsersModel
        public boolean exists(String str) {
            return this.configuration.exists(str);
        }

        @Override // com.amazon.opendistroforelasticsearch.security.securityconf.InternalUsersModel
        public List<String> getBackenRoles(String str) {
            InternalUserV6 cEntry = this.configuration.getCEntry(str);
            if (cEntry == null) {
                return null;
            }
            return cEntry.getRoles();
        }

        @Override // com.amazon.opendistroforelasticsearch.security.securityconf.InternalUsersModel
        public Map<String, String> getAttributes(String str) {
            InternalUserV6 cEntry = this.configuration.getCEntry(str);
            if (cEntry == null) {
                return null;
            }
            return cEntry.getAttributes();
        }

        @Override // com.amazon.opendistroforelasticsearch.security.securityconf.InternalUsersModel
        public String getDescription(String str) {
            return null;
        }

        @Override // com.amazon.opendistroforelasticsearch.security.securityconf.InternalUsersModel
        public String getHash(String str) {
            InternalUserV6 cEntry = this.configuration.getCEntry(str);
            if (cEntry == null) {
                return null;
            }
            return cEntry.getHash();
        }

        @Override // com.amazon.opendistroforelasticsearch.security.securityconf.InternalUsersModel
        public List<String> getOpenDistroSecurityRoles(String str) {
            return Collections.emptyList();
        }
    }

    /* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/securityconf/DynamicConfigFactory$InternalUsersModelV7.class */
    private static class InternalUsersModelV7 extends InternalUsersModel {
        private final SecurityDynamicConfiguration<InternalUserV7> internalUserV7SecurityDynamicConfiguration;
        private final SecurityDynamicConfiguration<RoleV7> rolesV7SecurityDynamicConfiguration;
        private final SecurityDynamicConfiguration<RoleMappingsV7> rolesMappingsV7SecurityDynamicConfiguration;

        public InternalUsersModelV7(SecurityDynamicConfiguration<InternalUserV7> securityDynamicConfiguration, SecurityDynamicConfiguration<RoleV7> securityDynamicConfiguration2, SecurityDynamicConfiguration<RoleMappingsV7> securityDynamicConfiguration3) {
            this.internalUserV7SecurityDynamicConfiguration = securityDynamicConfiguration;
            this.rolesV7SecurityDynamicConfiguration = securityDynamicConfiguration2;
            this.rolesMappingsV7SecurityDynamicConfiguration = securityDynamicConfiguration3;
        }

        @Override // com.amazon.opendistroforelasticsearch.security.securityconf.InternalUsersModel
        public boolean exists(String str) {
            return this.internalUserV7SecurityDynamicConfiguration.exists(str);
        }

        @Override // com.amazon.opendistroforelasticsearch.security.securityconf.InternalUsersModel
        public List<String> getBackenRoles(String str) {
            InternalUserV7 cEntry = this.internalUserV7SecurityDynamicConfiguration.getCEntry(str);
            if (cEntry == null) {
                return null;
            }
            return cEntry.getBackend_roles();
        }

        @Override // com.amazon.opendistroforelasticsearch.security.securityconf.InternalUsersModel
        public Map<String, String> getAttributes(String str) {
            InternalUserV7 cEntry = this.internalUserV7SecurityDynamicConfiguration.getCEntry(str);
            if (cEntry == null) {
                return null;
            }
            return cEntry.getAttributes();
        }

        @Override // com.amazon.opendistroforelasticsearch.security.securityconf.InternalUsersModel
        public String getDescription(String str) {
            InternalUserV7 cEntry = this.internalUserV7SecurityDynamicConfiguration.getCEntry(str);
            if (cEntry == null) {
                return null;
            }
            return cEntry.getDescription();
        }

        @Override // com.amazon.opendistroforelasticsearch.security.securityconf.InternalUsersModel
        public String getHash(String str) {
            InternalUserV7 cEntry = this.internalUserV7SecurityDynamicConfiguration.getCEntry(str);
            if (cEntry == null) {
                return null;
            }
            return cEntry.getHash();
        }

        @Override // com.amazon.opendistroforelasticsearch.security.securityconf.InternalUsersModel
        public List<String> getOpenDistroSecurityRoles(String str) {
            InternalUserV7 cEntry = this.internalUserV7SecurityDynamicConfiguration.getCEntry(str);
            return cEntry == null ? ImmutableList.of() : (List) cEntry.getOpendistro_security_roles().stream().filter(str2 -> {
                return !isRolesMappingHidden(str2) && this.rolesV7SecurityDynamicConfiguration.exists(str2);
            }).collect(ImmutableList.toImmutableList());
        }

        private boolean isRolesMappingHidden(String str) {
            RoleMappingsV7 cEntry = this.rolesMappingsV7SecurityDynamicConfiguration.getCEntry(str);
            return cEntry != null && cEntry.isHidden();
        }
    }

    /* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/securityconf/DynamicConfigFactory$NodesDnModelImpl.class */
    private static class NodesDnModelImpl extends NodesDnModel {
        SecurityDynamicConfiguration<NodesDn> configuration;

        public NodesDnModelImpl(SecurityDynamicConfiguration<?> securityDynamicConfiguration) {
            this.configuration = null == securityDynamicConfiguration.getCType() ? SecurityDynamicConfiguration.empty() : securityDynamicConfiguration;
        }

        @Override // com.amazon.opendistroforelasticsearch.security.securityconf.NodesDnModel
        public Map<String, WildcardMatcher> getNodesDn() {
            return (Map) this.configuration.getCEntries().entrySet().stream().collect(ImmutableMap.toImmutableMap((v0) -> {
                return v0.getKey();
            }, entry -> {
                return WildcardMatcher.from((Collection) ((NodesDn) entry.getValue()).getNodesDn(), false);
            }));
        }
    }

    static void resetStatics() {
        staticRoles = SecurityDynamicConfiguration.empty();
        staticActionGroups = SecurityDynamicConfiguration.empty();
        staticTenants = SecurityDynamicConfiguration.empty();
    }

    private void loadStaticConfig() throws IOException {
        staticRoles = SecurityDynamicConfiguration.fromNode(DefaultObjectMapper.YAML_MAPPER.readTree(DynamicConfigFactory.class.getResourceAsStream("/static_config/static_roles.yml")), CType.ROLES, 2, 0L, 0L);
        staticActionGroups = SecurityDynamicConfiguration.fromNode(DefaultObjectMapper.YAML_MAPPER.readTree(DynamicConfigFactory.class.getResourceAsStream("/static_config/static_action_groups.yml")), CType.ACTIONGROUPS, 2, 0L, 0L);
        staticTenants = SecurityDynamicConfiguration.fromNode(DefaultObjectMapper.YAML_MAPPER.readTree(DynamicConfigFactory.class.getResourceAsStream("/static_config/static_tenants.yml")), CType.TENANTS, 2, 0L, 0L);
    }

    public static final SecurityDynamicConfiguration<?> addStatics(SecurityDynamicConfiguration<?> securityDynamicConfiguration) {
        if (securityDynamicConfiguration.getCType() == CType.ACTIONGROUPS && !staticActionGroups.getCEntries().isEmpty()) {
            securityDynamicConfiguration.add(staticActionGroups.deepClone());
        }
        if (securityDynamicConfiguration.getCType() == CType.ROLES && !staticRoles.getCEntries().isEmpty()) {
            securityDynamicConfiguration.add(staticRoles.deepClone());
        }
        if (securityDynamicConfiguration.getCType() == CType.TENANTS && !staticTenants.getCEntries().isEmpty()) {
            securityDynamicConfiguration.add(staticTenants.deepClone());
        }
        return securityDynamicConfiguration;
    }

    public DynamicConfigFactory(ConfigurationRepository configurationRepository, Settings settings, Path path, Client client, ThreadPool threadPool, ClusterInfoHolder clusterInfoHolder) {
        this.cr = configurationRepository;
        this.esSettings = settings;
        this.configPath = path;
        if (settings.getAsBoolean(ConfigConstants.OPENDISTRO_SECURITY_UNSUPPORTED_LOAD_STATIC_RESOURCES, true).booleanValue()) {
            try {
                loadStaticConfig();
            } catch (IOException e) {
                throw new StaticResourceException("Unable to load static resources due to " + e, e, new Object[0]);
            }
        } else {
            this.log.info("Static resources will not be loaded.");
        }
        if (settings.getAsBoolean(ConfigConstants.OPENDISTRO_SECURITY_UNSUPPORTED_LOAD_STATIC_RESOURCES, true).booleanValue()) {
            try {
                loadStaticConfig();
            } catch (IOException e2) {
                throw new StaticResourceException("Unable to load static resources due to " + e2, e2, new Object[0]);
            }
        } else {
            this.log.info("Static resources will not be loaded.");
        }
        registerDCFListener(this.iab);
        this.cr.subscribeOnChange(this);
    }

    @Override // com.amazon.opendistroforelasticsearch.security.configuration.ConfigurationChangeListener
    public void onChange(Map<CType, SecurityDynamicConfiguration<?>> map) {
        DynamicConfigModel dynamicConfigModelV6;
        Object internalUsersModelV6;
        ConfigModel configModelV6;
        SecurityDynamicConfiguration<?> configuration = this.cr.getConfiguration(CType.ACTIONGROUPS);
        this.config = this.cr.getConfiguration(CType.CONFIG);
        SecurityDynamicConfiguration<?> configuration2 = this.cr.getConfiguration(CType.INTERNALUSERS);
        SecurityDynamicConfiguration<?> configuration3 = this.cr.getConfiguration(CType.ROLES);
        SecurityDynamicConfiguration<?> configuration4 = this.cr.getConfiguration(CType.ROLESMAPPING);
        SecurityDynamicConfiguration<?> configuration5 = this.cr.getConfiguration(CType.TENANTS);
        SecurityDynamicConfiguration<?> configuration6 = this.cr.getConfiguration(CType.NODESDN);
        SecurityDynamicConfiguration<?> configuration7 = this.cr.getConfiguration(CType.WHITELIST);
        if (this.log.isDebugEnabled()) {
            this.log.debug("current config (because of " + map.keySet() + ")\n actionGroups: " + configuration.getImplementingClass() + " with " + configuration.getCEntries().size() + " entries\n config: " + this.config.getImplementingClass() + " with " + this.config.getCEntries().size() + " entries\n internalusers: " + configuration2.getImplementingClass() + " with " + configuration2.getCEntries().size() + " entries\n roles: " + configuration3.getImplementingClass() + " with " + configuration3.getCEntries().size() + " entries\n rolesmapping: " + configuration4.getImplementingClass() + " with " + configuration4.getCEntries().size() + " entries\n tenants: " + configuration5.getImplementingClass() + " with " + configuration5.getCEntries().size() + " entries\n nodesdn: " + configuration6.getImplementingClass() + " with " + configuration6.getCEntries().size() + " entries\n whitelist " + configuration7.getImplementingClass() + " with " + configuration7.getCEntries().size() + " entries\n");
        }
        NodesDnModelImpl nodesDnModelImpl = new NodesDnModelImpl(configuration6);
        WhitelistingSettings whitelistingSettings = (WhitelistingSettings) this.cr.getConfiguration(CType.WHITELIST).getCEntry("config");
        AuditConfig auditConfig = (AuditConfig) this.cr.getConfiguration(CType.AUDIT).getCEntry("config");
        if (this.config.getImplementingClass() != ConfigV7.class) {
            dynamicConfigModelV6 = new DynamicConfigModelV6(getConfigV6(this.config), this.esSettings, this.configPath, this.iab);
            internalUsersModelV6 = new InternalUsersModelV6(configuration2);
            configModelV6 = new ConfigModelV6(configuration3, configuration, configuration4, dynamicConfigModelV6, this.esSettings);
        } else {
            if (configuration3.containsAny(staticRoles)) {
                throw new StaticResourceException("Cannot override static roles", new Object[0]);
            }
            if (!configuration3.add(staticRoles) && !staticRoles.getCEntries().isEmpty()) {
                throw new StaticResourceException("Unable to load static roles", new Object[0]);
            }
            this.log.debug("Static roles loaded ({})", Integer.valueOf(staticRoles.getCEntries().size()));
            if (configuration.containsAny(staticActionGroups)) {
                System.out.println("static: " + configuration.getCEntries());
                System.out.println("Static Action Groups:" + staticActionGroups.getCEntries());
                throw new StaticResourceException("Cannot override static action groups", new Object[0]);
            }
            if (!configuration.add(staticActionGroups) && !staticActionGroups.getCEntries().isEmpty()) {
                throw new StaticResourceException("Unable to load static action groups", new Object[0]);
            }
            this.log.debug("Static action groups loaded ({})", Integer.valueOf(staticActionGroups.getCEntries().size()));
            if (configuration5.containsAny(staticTenants)) {
                throw new StaticResourceException("Cannot override static tenants", new Object[0]);
            }
            if (!configuration5.add(staticTenants) && !staticTenants.getCEntries().isEmpty()) {
                throw new StaticResourceException("Unable to load static tenants", new Object[0]);
            }
            this.log.debug("Static tenants loaded ({})", Integer.valueOf(staticTenants.getCEntries().size()));
            this.log.debug("Static configuration loaded (total roles: {}/total action groups: {}/total tenants: {})", Integer.valueOf(configuration3.getCEntries().size()), Integer.valueOf(configuration.getCEntries().size()), Integer.valueOf(configuration5.getCEntries().size()));
            dynamicConfigModelV6 = new DynamicConfigModelV7(getConfigV7(this.config), this.esSettings, this.configPath, this.iab);
            internalUsersModelV6 = new InternalUsersModelV7(configuration2, configuration3, configuration4);
            configModelV6 = new ConfigModelV7(configuration3, configuration4, configuration, configuration5, dynamicConfigModelV6, this.esSettings);
        }
        this.eventBus.post(configModelV6);
        this.eventBus.post(dynamicConfigModelV6);
        this.eventBus.post(internalUsersModelV6);
        this.eventBus.post(nodesDnModelImpl);
        this.eventBus.post(whitelistingSettings == null ? defaultWhitelistingSettings : whitelistingSettings);
        if (this.cr.isAuditHotReloadingEnabled()) {
            this.eventBus.post(auditConfig);
        }
        this.initialized.set(true);
    }

    private static ConfigV6 getConfigV6(SecurityDynamicConfiguration<?> securityDynamicConfiguration) {
        return (ConfigV6) securityDynamicConfiguration.getCEntry("opendistro_security");
    }

    private static ConfigV7 getConfigV7(SecurityDynamicConfiguration<?> securityDynamicConfiguration) {
        return (ConfigV7) securityDynamicConfiguration.getCEntry("config");
    }

    @Override // com.amazon.opendistroforelasticsearch.security.securityconf.Initializable
    public final boolean isInitialized() {
        return this.initialized.get();
    }

    public void registerDCFListener(Object obj) {
        this.eventBus.register(obj);
    }

    public void unregisterDCFListener(Object obj) {
        this.eventBus.unregister(obj);
    }
}
