package com.amazon.opendistroforelasticsearch.security.dlic.rest.api;

import com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog;
import com.amazon.opendistroforelasticsearch.security.configuration.AdminDNs;
import com.amazon.opendistroforelasticsearch.security.configuration.ConfigurationRepository;
import com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction;
import com.amazon.opendistroforelasticsearch.security.dlic.rest.validation.AbstractConfigurationValidator;
import com.amazon.opendistroforelasticsearch.security.dlic.rest.validation.NoOpValidator;
import com.amazon.opendistroforelasticsearch.security.privileges.PrivilegesEvaluator;
import com.amazon.opendistroforelasticsearch.security.securityconf.Migration;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.CType;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.SecurityDynamicConfiguration;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.v7.RoleV7;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.v7.TenantV7;
import com.amazon.opendistroforelasticsearch.security.ssl.transport.PrincipalExtractor;
import com.fasterxml.jackson.databind.JsonNode;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.nio.file.Path;
import java.util.Collections;
import java.util.List;
import org.elasticsearch.Version;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.admin.indices.create.CreateIndexResponse;
import org.elasticsearch.action.bulk.BulkRequestBuilder;
import org.elasticsearch.action.bulk.BulkResponse;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.action.support.master.AcknowledgedResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/dlic/rest/api/MigrateApiAction.class */
public class MigrateApiAction extends AbstractApiAction {
    private static final List<RestHandler.Route> routes = Collections.singletonList(new RestHandler.Route(RestRequest.Method.POST, "/_opendistro/_security/api/migrate"));

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.amazon.opendistroforelasticsearch.security.dlic.rest.api.MigrateApiAction$1, reason: invalid class name */
    /* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/dlic/rest/api/MigrateApiAction$1.class */
    public class AnonymousClass1 implements ActionListener<AcknowledgedResponse> {
        final /* synthetic */ Client val$client;
        final /* synthetic */ Settings.Builder val$securityIndexSettings;
        final /* synthetic */ ImmutableList.Builder val$builder;
        final /* synthetic */ RestChannel val$channel;

        AnonymousClass1(Client client, Settings.Builder builder, ImmutableList.Builder builder2, RestChannel restChannel) {
            this.val$client = client;
            this.val$securityIndexSettings = builder;
            this.val$builder = builder2;
            this.val$channel = restChannel;
        }

        public void onResponse(AcknowledgedResponse acknowledgedResponse) {
            if (!acknowledgedResponse.isAcknowledged()) {
                MigrateApiAction.this.log.error("Unable to create opendistro_security index.");
            } else {
                MigrateApiAction.this.log.debug("opendistro_security index deleted successfully");
                this.val$client.admin().indices().prepareCreate(MigrateApiAction.this.opendistroIndex).setSettings(this.val$securityIndexSettings).execute(new ActionListener<CreateIndexResponse>() { // from class: com.amazon.opendistroforelasticsearch.security.dlic.rest.api.MigrateApiAction.1.1
                    public void onResponse(CreateIndexResponse createIndexResponse) {
                        ImmutableList<SecurityDynamicConfiguration> build = AnonymousClass1.this.val$builder.build();
                        ImmutableList.Builder builderWithExpectedSize = ImmutableList.builderWithExpectedSize(build.size());
                        BulkRequestBuilder prepareBulk = AnonymousClass1.this.val$client.prepareBulk(MigrateApiAction.this.opendistroIndex, "_doc");
                        prepareBulk.setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE);
                        try {
                            for (SecurityDynamicConfiguration securityDynamicConfiguration : build) {
                                String lCString = securityDynamicConfiguration.getCType().toLCString();
                                prepareBulk.add(new IndexRequest().id(lCString).source(new Object[]{lCString, XContentHelper.toXContent(securityDynamicConfiguration, XContentType.JSON, false)}));
                                builderWithExpectedSize.add(lCString);
                            }
                            prepareBulk.execute(new AbstractApiAction.ConfigUpdatingActionListener((String[]) builderWithExpectedSize.build().toArray(new String[0]), AnonymousClass1.this.val$client, new ActionListener<BulkResponse>() { // from class: com.amazon.opendistroforelasticsearch.security.dlic.rest.api.MigrateApiAction.1.1.1
                                public void onResponse(BulkResponse bulkResponse) {
                                    if (bulkResponse.hasFailures()) {
                                        MigrateApiAction.this.log.error("Unable to upload migrated configuration because of " + bulkResponse.buildFailureMessage());
                                        MigrateApiAction.this.internalErrorResponse(AnonymousClass1.this.val$channel, "Unable to upload migrated configuration (bulk index failed).");
                                    } else {
                                        MigrateApiAction.this.log.debug("Migration completed");
                                        MigrateApiAction.this.successResponse(AnonymousClass1.this.val$channel, "Migration completed.");
                                    }
                                }

                                public void onFailure(Exception exc) {
                                    MigrateApiAction.this.log.error("Unable to upload migrated configuration because of " + exc, exc);
                                    MigrateApiAction.this.internalErrorResponse(AnonymousClass1.this.val$channel, "Unable to upload migrated configuration.");
                                }
                            }));
                        } catch (IOException e) {
                            MigrateApiAction.this.log.error("Unable to create bulk request " + e, e);
                            MigrateApiAction.this.internalErrorResponse(AnonymousClass1.this.val$channel, "Unable to create bulk request.");
                        }
                    }

                    public void onFailure(Exception exc) {
                        MigrateApiAction.this.log.error("Unable to create opendistro_security index because of " + exc, exc);
                        MigrateApiAction.this.internalErrorResponse(AnonymousClass1.this.val$channel, "Unable to create opendistro_security index.");
                    }
                });
            }
        }

        public void onFailure(Exception exc) {
            MigrateApiAction.this.log.error("Unable to delete opendistro_security index because of " + exc, exc);
            MigrateApiAction.this.internalErrorResponse(this.val$channel, "Unable to delete opendistro_security index.");
        }
    }

    @Inject
    public MigrateApiAction(Settings settings, Path path, RestController restController, Client client, AdminDNs adminDNs, ConfigurationRepository configurationRepository, ClusterService clusterService, PrincipalExtractor principalExtractor, PrivilegesEvaluator privilegesEvaluator, ThreadPool threadPool, AuditLog auditLog) {
        super(settings, path, restController, client, adminDNs, configurationRepository, clusterService, principalExtractor, privilegesEvaluator, threadPool, auditLog);
    }

    public List<RestHandler.Route> routes() {
        return routes;
    }

    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    protected Endpoint getEndpoint() {
        return Endpoint.MIGRATE;
    }

    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    protected void handlePost(RestChannel restChannel, RestRequest restRequest, Client client, JsonNode jsonNode) throws IOException {
        if (this.cs.state().getNodes().getMinNodeVersion().before(Version.V_7_0_0)) {
            badRequestResponse(restChannel, "Can not migrate configuration because cluster is not fully migrated.");
            return;
        }
        SecurityDynamicConfiguration<?> load = load(CType.CONFIG, true);
        if (load.getVersion() != 1) {
            badRequestResponse(restChannel, "Can not migrate configuration because it was already migrated.");
            return;
        }
        SecurityDynamicConfiguration<?> load2 = load(CType.ACTIONGROUPS, true);
        SecurityDynamicConfiguration<?> load3 = load(CType.INTERNALUSERS, true);
        SecurityDynamicConfiguration<?> load4 = load(CType.ROLES, true);
        SecurityDynamicConfiguration<?> load5 = load(CType.ROLESMAPPING, true);
        SecurityDynamicConfiguration<?> load6 = load(CType.NODESDN, true);
        SecurityDynamicConfiguration<?> load7 = load(CType.WHITELIST, true);
        SecurityDynamicConfiguration<?> load8 = load(CType.AUDIT, true);
        ImmutableList.Builder builder = ImmutableList.builder();
        builder.add(Migration.migrateActionGroups(load2));
        builder.add(Migration.migrateConfig(load));
        builder.add(Migration.migrateInternalUsers(load3));
        Tuple<SecurityDynamicConfiguration<RoleV7>, SecurityDynamicConfiguration<TenantV7>> migrateRoles = Migration.migrateRoles(load4, load5);
        builder.add((SecurityDynamicConfiguration) migrateRoles.v1());
        builder.add((SecurityDynamicConfiguration) migrateRoles.v2());
        builder.add(Migration.migrateRoleMappings(load5));
        builder.add(Migration.migrateNodesDn(load6));
        builder.add(Migration.migrateWhitelistingSetting(load7));
        builder.add(Migration.migrateAudit(load8));
        int numberOfReplicas = this.cs.state().metadata().index(this.opendistroIndex).getNumberOfReplicas();
        String str = this.cs.state().metadata().index(this.opendistroIndex).getSettings().get("index.auto_expand_replicas");
        Settings.Builder builder2 = Settings.builder();
        if (str == null) {
            builder2.put("index.number_of_replicas", numberOfReplicas);
        } else {
            builder2.put("index.auto_expand_replicas", str);
        }
        builder2.put("index.number_of_shards", 1);
        client.admin().indices().prepareDelete(new String[]{this.opendistroIndex}).execute(new AnonymousClass1(client, builder2, builder, restChannel));
    }

    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    protected void handleDelete(RestChannel restChannel, RestRequest restRequest, Client client, JsonNode jsonNode) throws IOException {
        notImplemented(restChannel, RestRequest.Method.POST);
    }

    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    protected void handleGet(RestChannel restChannel, RestRequest restRequest, Client client, JsonNode jsonNode) throws IOException {
        notImplemented(restChannel, RestRequest.Method.GET);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public void handlePut(RestChannel restChannel, RestRequest restRequest, Client client, JsonNode jsonNode) throws IOException {
        notImplemented(restChannel, RestRequest.Method.PUT);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public AbstractConfigurationValidator getValidator(RestRequest restRequest, BytesReference bytesReference, Object... objArr) {
        return new NoOpValidator(restRequest, bytesReference, this.settings, objArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public String getResourceName() {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public CType getConfigName() {
        return null;
    }

    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    protected void consumeParameters(RestRequest restRequest) {
    }
}
