package org.elasticsearch.shield.authz.store;

import com.google.common.base.Charsets;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.authc.support.RefreshListener;
import org.elasticsearch.shield.authz.Permission;
import org.elasticsearch.shield.authz.SystemRole;
import org.elasticsearch.shield.support.NoOpLogger;
import org.elasticsearch.watcher.FileChangesListener;
import org.elasticsearch.watcher.FileWatcher;
import org.elasticsearch.watcher.ResourceWatcherService;

/* loaded from: input_file:lib/shield.jar:org/elasticsearch/shield/authz/store/FileRolesStore.class */
public class FileRolesStore extends AbstractLifecycleComponent<RolesStore> implements RolesStore {
    private static final Pattern COMMA_DELIM = Pattern.compile("\\s*,\\s*");
    private static final Pattern IN_SEGMENT_LINE = Pattern.compile("^\\s+.+");
    private static final Pattern SKIP_LINE = Pattern.compile("(^#.*|^\\s*)");
    private final Path file;
    private final RefreshListener listener;
    private final ImmutableSet<Permission.Global.Role> reservedRoles;
    private final ResourceWatcherService watcherService;
    private volatile ImmutableMap<String, Permission.Global.Role> permissions;

    /* loaded from: input_file:lib/shield.jar:org/elasticsearch/shield/authz/store/FileRolesStore$FileListener.class */
    private class FileListener extends FileChangesListener {
        private FileListener() {
        }

        public void onFileCreated(Path path) {
            onFileChanged(path);
        }

        public void onFileDeleted(Path path) {
            onFileChanged(path);
        }

        public void onFileChanged(Path path) {
            if (path.equals(FileRolesStore.this.file)) {
                try {
                    FileRolesStore.this.permissions = FileRolesStore.parseFile(path, FileRolesStore.this.reservedRoles, FileRolesStore.this.logger, FileRolesStore.this.settings);
                    FileRolesStore.this.logger.info("updated roles (roles file [{}] changed)", new Object[]{path.toAbsolutePath()});
                    FileRolesStore.this.listener.onRefresh();
                } catch (Throwable th) {
                    FileRolesStore.this.logger.error("could not reload roles file [{}]. Current roles remain unmodified", th, new Object[]{path.toAbsolutePath()});
                }
            }
        }
    }

    @Inject
    public FileRolesStore(Settings settings, Environment environment, ResourceWatcherService resourceWatcherService, Set<Permission.Global.Role> set) {
        this(settings, environment, resourceWatcherService, set, RefreshListener.NOOP);
    }

    public FileRolesStore(Settings settings, Environment environment, ResourceWatcherService resourceWatcherService, Set<Permission.Global.Role> set, RefreshListener refreshListener) {
        super(settings);
        this.file = resolveFile(settings, environment);
        this.listener = refreshListener;
        this.watcherService = resourceWatcherService;
        this.reservedRoles = ImmutableSet.copyOf(set);
        this.permissions = ImmutableMap.of();
    }

    protected void doStart() throws ElasticsearchException {
        FileWatcher fileWatcher = new FileWatcher(this.file.getParent());
        fileWatcher.addListener(new FileListener());
        try {
            this.watcherService.add(fileWatcher, ResourceWatcherService.Frequency.HIGH);
            this.permissions = parseFile(this.file, this.reservedRoles, this.logger, this.settings);
        } catch (IOException e) {
            throw new ElasticsearchException("failed to setup roles file watcher", e, new Object[0]);
        }
    }

    protected void doStop() throws ElasticsearchException {
    }

    protected void doClose() throws ElasticsearchException {
    }

    @Override // org.elasticsearch.shield.authz.store.RolesStore
    public Permission.Global.Role role(String str) {
        return (Permission.Global.Role) this.permissions.get(str);
    }

    public static Path resolveFile(Settings settings, Environment environment) {
        String str = settings.get("shield.authz.store.files.roles");
        return str == null ? ShieldPlugin.resolveConfigFile(environment, "roles.yml") : environment.binFile().getParent().resolve(str);
    }

    public static ImmutableSet<String> parseFileForRoleNames(Path path, ESLogger eSLogger) {
        ImmutableMap<String, Permission.Global.Role> parseFile = parseFile(path, Collections.emptySet(), eSLogger, false, Settings.EMPTY);
        return parseFile == null ? ImmutableSet.builder().build() : parseFile.keySet();
    }

    public static ImmutableMap<String, Permission.Global.Role> parseFile(Path path, Set<Permission.Global.Role> set, ESLogger eSLogger, Settings settings) {
        return parseFile(path, set, eSLogger, true, settings);
    }

    public static ImmutableMap<String, Permission.Global.Role> parseFile(Path path, Set<Permission.Global.Role> set, ESLogger eSLogger, boolean z, Settings settings) {
        if (eSLogger == null) {
            eSLogger = NoOpLogger.INSTANCE;
        }
        HashMap hashMap = new HashMap();
        eSLogger.trace("attempted to read roles file located at [{}]", new Object[]{path.toAbsolutePath()});
        if (Files.exists(path, new LinkOption[0])) {
            try {
                Iterator<String> it = roleSegments(path).iterator();
                while (it.hasNext()) {
                    Permission.Global.Role parseRole = parseRole(it.next(), path, eSLogger, z, settings);
                    if (parseRole != null) {
                        if (SystemRole.NAME.equals(parseRole.name())) {
                            eSLogger.warn("role [{}] is reserved to the system. the relevant role definition in the mapping file will be ignored", new Object[]{SystemRole.NAME});
                        } else {
                            hashMap.put(parseRole.name(), parseRole);
                        }
                    }
                }
            } catch (IOException e) {
                eSLogger.error("failed to read roles file [{}]. skipping all roles...", e, new Object[]{path.toAbsolutePath()});
            }
        }
        for (Permission.Global.Role role : set) {
            if (hashMap.containsKey(role.name())) {
                eSLogger.warn("role [{}] is reserved to the system. the relevant role definition in the mapping file will be ignored", new Object[]{role.name()});
            }
            hashMap.put(role.name(), role);
        }
        return ImmutableMap.copyOf(hashMap);
    }

    /* JADX WARN: Code restructure failed: missing block: B:226:0x0089, code lost:
    
        continue;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static org.elasticsearch.shield.authz.Permission.Global.Role parseRole(java.lang.String r8, java.nio.file.Path r9, org.elasticsearch.common.logging.ESLogger r10, boolean r11, org.elasticsearch.common.settings.Settings r12) {
        /*
            Method dump skipped, instructions count: 1666
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.elasticsearch.shield.authz.store.FileRolesStore.parseRole(java.lang.String, java.nio.file.Path, org.elasticsearch.common.logging.ESLogger, boolean, org.elasticsearch.common.settings.Settings):org.elasticsearch.shield.authz.Permission$Global$Role");
    }

    private static List<String> roleSegments(Path path) throws IOException {
        ArrayList arrayList = new ArrayList();
        StringBuilder sb = null;
        for (String str : Files.readAllLines(path, Charsets.UTF_8)) {
            if (!SKIP_LINE.matcher(str).matches()) {
                if (!IN_SEGMENT_LINE.matcher(str).matches()) {
                    if (sb != null) {
                        arrayList.add(sb.toString());
                    }
                    sb = new StringBuilder(str).append("\n");
                } else if (sb != null) {
                    sb.append(str).append("\n");
                }
            }
        }
        if (sb != null) {
            arrayList.add(sb.toString());
        }
        return arrayList;
    }
}
