package org.elasticsearch.xpack.idp.saml.sp;

import java.io.ByteArrayOutputStream;
import java.io.Closeable;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.util.Arrays;
import java.util.Objects;
import java.util.Set;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.Version;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.DocWriteRequest;
import org.elasticsearch.action.DocWriteResponse;
import org.elasticsearch.action.admin.indices.refresh.RefreshRequest;
import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateRequest;
import org.elasticsearch.action.delete.DeleteRequest;
import org.elasticsearch.action.delete.DeleteResponse;
import org.elasticsearch.action.get.GetRequest;
import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.internal.Client;
import org.elasticsearch.client.internal.OriginSettingClient;
import org.elasticsearch.cluster.ClusterChangedEvent;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.ClusterStateListener;
import org.elasticsearch.cluster.metadata.IndexAbstraction;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.ValidationException;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.util.CachedSupplier;
import org.elasticsearch.common.xcontent.LoggingDeprecationHandler;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.gateway.GatewayService;
import org.elasticsearch.index.IndexNotFoundException;
import org.elasticsearch.index.get.GetResult;
import org.elasticsearch.index.query.QueryBuilder;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.search.SearchHit;
import org.elasticsearch.xcontent.ToXContent;
import org.elasticsearch.xcontent.XContentBuilder;
import org.elasticsearch.xcontent.XContentParser;
import org.elasticsearch.xcontent.XContentType;
import org.elasticsearch.xpack.core.template.TemplateUtils;
import org.elasticsearch.xpack.idp.saml.sp.SamlServiceProviderDocument;

/* loaded from: input_file:org/elasticsearch/xpack/idp/saml/sp/SamlServiceProviderIndex.class */
public class SamlServiceProviderIndex implements Closeable {
    private static final Logger logger = LogManager.getLogger(SamlServiceProviderIndex.class);
    private final Client client;
    private final ClusterService clusterService;
    private final ClusterStateListener clusterStateListener = this::clusterChanged;
    private volatile boolean aliasExists;
    private volatile boolean templateInstalled;
    public static final String ALIAS_NAME = "saml-service-provider";
    public static final String INDEX_NAME = "saml-service-provider-v1";
    static final String TEMPLATE_NAME = "saml-service-provider";
    private static final String TEMPLATE_RESOURCE = "/idp/saml-service-provider-template.json";
    private static final String TEMPLATE_META_VERSION_KEY = "idp-version";
    private static final String TEMPLATE_VERSION_SUBSTITUTE = "idp.template.version";

    /* loaded from: input_file:org/elasticsearch/xpack/idp/saml/sp/SamlServiceProviderIndex$DocumentSupplier.class */
    public static final class DocumentSupplier {
        public final DocumentVersion version;
        public final Supplier<SamlServiceProviderDocument> document;

        public DocumentSupplier(DocumentVersion documentVersion, Supplier<SamlServiceProviderDocument> supplier) {
            this.version = documentVersion;
            this.document = CachedSupplier.wrap(supplier);
        }

        public SamlServiceProviderDocument getDocument() {
            return this.document.get();
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/idp/saml/sp/SamlServiceProviderIndex$DocumentVersion.class */
    public static final class DocumentVersion {
        public final String id;
        public final long primaryTerm;
        public final long seqNo;

        public DocumentVersion(String str, long j, long j2) {
            this.id = str;
            this.primaryTerm = j;
            this.seqNo = j2;
        }

        public DocumentVersion(GetResponse getResponse) {
            this(getResponse.getId(), getResponse.getPrimaryTerm(), getResponse.getSeqNo());
        }

        public DocumentVersion(GetResult getResult) {
            this(getResult.getId(), getResult.getPrimaryTerm(), getResult.getSeqNo());
        }

        public DocumentVersion(SearchHit searchHit) {
            this(searchHit.getId(), searchHit.getPrimaryTerm(), searchHit.getSeqNo());
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            DocumentVersion documentVersion = (DocumentVersion) obj;
            return Objects.equals(this.id, documentVersion.id) && this.primaryTerm == documentVersion.primaryTerm && this.seqNo == documentVersion.seqNo;
        }

        public int hashCode() {
            return Objects.hash(this.id, Long.valueOf(this.primaryTerm), Long.valueOf(this.seqNo));
        }
    }

    public SamlServiceProviderIndex(Client client, ClusterService clusterService) {
        this.client = new OriginSettingClient(client, "idp");
        this.clusterService = clusterService;
        clusterService.addListener(this.clusterStateListener);
    }

    private void clusterChanged(ClusterChangedEvent clusterChangedEvent) {
        ClusterState state = clusterChangedEvent.state();
        installTemplateIfRequired(state);
        checkForAliasStateChange(state);
    }

    private void installTemplateIfRequired(ClusterState clusterState) {
        if (this.templateInstalled || clusterState.blocks().hasGlobalBlock(GatewayService.STATE_NOT_RECOVERED_BLOCK)) {
            return;
        }
        if (isTemplateUpToDate(clusterState)) {
            this.templateInstalled = true;
        } else if (clusterState.nodes().isLocalNodeElectedMaster()) {
            installIndexTemplate(ActionListener.wrap(bool -> {
                this.templateInstalled = true;
                if (bool.booleanValue()) {
                    logger.debug("Template [{}] has been updated", "saml-service-provider");
                } else {
                    logger.debug("Template [{}] appears to be up to date", "saml-service-provider");
                }
            }, exc -> {
                logger.warn(() -> {
                    return "Failed to install template [saml-service-provider]";
                }, exc);
            }));
        }
    }

    private void checkForAliasStateChange(ClusterState clusterState) {
        IndexAbstraction indexAbstraction = (IndexAbstraction) clusterState.getMetadata().getIndicesLookup().get("saml-service-provider");
        boolean z = this.aliasExists;
        this.aliasExists = indexAbstraction != null;
        if (this.aliasExists != z) {
            logChangedAliasState(indexAbstraction);
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        logger.debug("Closing ... removing cluster state listener");
        this.clusterService.removeListener(this.clusterStateListener);
    }

    private void logChangedAliasState(IndexAbstraction indexAbstraction) {
        if (indexAbstraction == null) {
            logger.warn("service provider index/alias [{}] no longer exists", "saml-service-provider");
            return;
        }
        if (indexAbstraction.getType() != IndexAbstraction.Type.ALIAS) {
            logger.warn("service provider index [{}] does not exist as an alias, but it should be", "saml-service-provider");
        } else if (indexAbstraction.getIndices().size() != 1) {
            logger.warn("service provider alias [{}] refers to multiple indices [{}] - this is unexpected and is likely to cause problems", "saml-service-provider", Strings.collectionToCommaDelimitedString(indexAbstraction.getIndices()));
        } else {
            logger.info("service provider alias [{}] refers to [{}]", "saml-service-provider", indexAbstraction.getIndices().get(0));
        }
    }

    public void installIndexTemplate(ActionListener<Boolean> actionListener) {
        if (isTemplateUpToDate(this.clusterService.state())) {
            actionListener.onResponse(false);
            return;
        }
        this.client.admin().indices().putTemplate(new PutIndexTemplateRequest("saml-service-provider").source(TemplateUtils.loadTemplate(TEMPLATE_RESOURCE, Version.CURRENT.toString(), TEMPLATE_VERSION_SUBSTITUTE), XContentType.JSON), actionListener.delegateFailureAndWrap((actionListener2, acknowledgedResponse) -> {
            logger.info("Installed template [{}]", "saml-service-provider");
            actionListener2.onResponse(true);
        }));
    }

    private boolean isTemplateUpToDate(ClusterState clusterState) {
        return TemplateUtils.checkTemplateExistsAndIsUpToDate("saml-service-provider", TEMPLATE_META_VERSION_KEY, clusterState, logger);
    }

    public void deleteDocument(DocumentVersion documentVersion, WriteRequest.RefreshPolicy refreshPolicy, ActionListener<DeleteResponse> actionListener) {
        this.client.delete(new DeleteRequest(this.aliasExists ? "saml-service-provider" : INDEX_NAME).id(documentVersion.id).setIfSeqNo(documentVersion.seqNo).setIfPrimaryTerm(documentVersion.primaryTerm).setRefreshPolicy(refreshPolicy), actionListener.delegateFailureAndWrap((actionListener2, deleteResponse) -> {
            logger.debug("Deleted service provider document [{}] ({})", documentVersion.id, deleteResponse.getResult());
            actionListener2.onResponse(deleteResponse);
        }));
    }

    public void writeDocument(SamlServiceProviderDocument samlServiceProviderDocument, DocWriteRequest.OpType opType, WriteRequest.RefreshPolicy refreshPolicy, ActionListener<DocWriteResponse> actionListener) {
        ValidationException validate = samlServiceProviderDocument.validate();
        if (validate != null) {
            actionListener.onFailure(validate);
        } else if (this.templateInstalled) {
            _writeDocument(samlServiceProviderDocument, opType, refreshPolicy, actionListener);
        } else {
            installIndexTemplate(actionListener.delegateFailureAndWrap((actionListener2, bool) -> {
                _writeDocument(samlServiceProviderDocument, opType, refreshPolicy, actionListener2);
            }));
        }
    }

    private void _writeDocument(SamlServiceProviderDocument samlServiceProviderDocument, DocWriteRequest.OpType opType, WriteRequest.RefreshPolicy refreshPolicy, ActionListener<DocWriteResponse> actionListener) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                XContentBuilder xContentBuilder = new XContentBuilder(XContentType.JSON.xContent(), byteArrayOutputStream);
                try {
                    samlServiceProviderDocument.toXContent(xContentBuilder, ToXContent.EMPTY_PARAMS);
                    this.client.index(new IndexRequest(this.aliasExists ? "saml-service-provider" : INDEX_NAME).opType(opType).source(xContentBuilder).id(samlServiceProviderDocument.docId).setRefreshPolicy(refreshPolicy), actionListener.delegateFailureAndWrap((actionListener2, docWriteResponse) -> {
                        logger.debug("Wrote service provider [{}][{}] as document [{}] ({})", samlServiceProviderDocument.name, samlServiceProviderDocument.entityId, docWriteResponse.getId(), docWriteResponse.getResult());
                        actionListener2.onResponse(docWriteResponse);
                    }));
                    xContentBuilder.close();
                    byteArrayOutputStream.close();
                } catch (Throwable th) {
                    try {
                        xContentBuilder.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            actionListener.onFailure(e);
        }
    }

    public void readDocument(String str, ActionListener<DocumentSupplier> actionListener) {
        this.client.get(new GetRequest("saml-service-provider", str), actionListener.delegateFailureAndWrap((actionListener2, getResponse) -> {
            if (getResponse.isExists()) {
                actionListener2.onResponse(new DocumentSupplier(new DocumentVersion(getResponse), () -> {
                    return toDocument(str, getResponse.getSourceAsBytesRef());
                }));
            } else {
                actionListener2.onResponse((Object) null);
            }
        }));
    }

    public void findByEntityId(String str, ActionListener<Set<DocumentSupplier>> actionListener) {
        findDocuments(QueryBuilders.termQuery(SamlServiceProviderDocument.Fields.ENTITY_ID.getPreferredName(), str), actionListener);
    }

    public void findAll(ActionListener<Set<DocumentSupplier>> actionListener) {
        findDocuments(QueryBuilders.matchAllQuery(), actionListener);
    }

    public void refresh(ActionListener<Void> actionListener) {
        this.client.admin().indices().refresh(new RefreshRequest(new String[]{"saml-service-provider"}), actionListener.delegateFailureAndWrap((actionListener2, broadcastResponse) -> {
            actionListener2.onResponse((Object) null);
        }));
    }

    private void findDocuments(QueryBuilder queryBuilder, ActionListener<Set<DocumentSupplier>> actionListener) {
        logger.trace("Searching [{}] for [{}]", "saml-service-provider", queryBuilder);
        this.client.search(this.client.prepareSearch(new String[]{"saml-service-provider"}).setQuery(queryBuilder).setSize(1000).setFetchSource(true).request(), ActionListener.wrap(searchResponse -> {
            if (logger.isTraceEnabled()) {
                logger.trace("Search hits: [{}] [{}]", searchResponse.getHits().getTotalHits(), Arrays.toString(searchResponse.getHits().getHits()));
            }
            actionListener.onResponse((Set) Stream.of((Object[]) searchResponse.getHits().getHits()).map(searchHit -> {
                return new DocumentSupplier(new DocumentVersion(searchHit), () -> {
                    return toDocument(searchHit.getId(), searchHit.getSourceRef());
                });
            }).collect(Collectors.toUnmodifiableSet()));
        }, exc -> {
            if (exc instanceof IndexNotFoundException) {
                actionListener.onResponse(Set.of());
            } else {
                actionListener.onFailure(exc);
            }
        }));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SamlServiceProviderDocument toDocument(String str, BytesReference bytesReference) {
        try {
            XContentParser createParserNotCompressed = XContentHelper.createParserNotCompressed(LoggingDeprecationHandler.XCONTENT_PARSER_CONFIG, bytesReference, XContentType.JSON);
            try {
                SamlServiceProviderDocument fromXContent = SamlServiceProviderDocument.fromXContent(str, createParserNotCompressed);
                if (createParserNotCompressed != null) {
                    createParserNotCompressed.close();
                }
                return fromXContent;
            } finally {
            }
        } catch (IOException e) {
            throw new UncheckedIOException("failed to parse document [" + str + "]", e);
        }
    }

    public String toString() {
        return getClass().getSimpleName() + "{alias=saml-service-provider [" + (this.aliasExists ? "exists" : "not-found") + "]}";
    }
}
