package org.elasticsearch.shield.authz.store;

import com.google.common.base.Charsets;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.ElasticsearchParseException;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.common.xcontent.yaml.YamlXContent;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.InternalSystemUser;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.authc.support.RefreshListener;
import org.elasticsearch.shield.authz.Permission;
import org.elasticsearch.shield.authz.Privilege;
import org.elasticsearch.shield.authz.RoleDescriptor;
import org.elasticsearch.shield.authz.accesscontrol.AccessControlShardModule;
import org.elasticsearch.shield.support.NoOpLogger;
import org.elasticsearch.shield.support.Validation;
import org.elasticsearch.watcher.FileChangesListener;
import org.elasticsearch.watcher.FileWatcher;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.yaml.snakeyaml.error.YAMLException;

/* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/authz/store/FileRolesStore.class */
public class FileRolesStore extends AbstractLifecycleComponent<RolesStore> implements RolesStore {
    private static final Pattern COMMA_DELIM = Pattern.compile("\\s*,\\s*");
    private static final Pattern IN_SEGMENT_LINE = Pattern.compile("^\\s+.+");
    private static final Pattern SKIP_LINE = Pattern.compile("(^#.*|^\\s*)");
    private final Path file;
    private final RefreshListener listener;
    private final ImmutableSet<Permission.Global.Role> reservedRoles;
    private final ResourceWatcherService watcherService;
    private volatile ImmutableMap<String, Permission.Global.Role> permissions;

    /* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/authz/store/FileRolesStore$FileListener.class */
    private class FileListener extends FileChangesListener {
        private FileListener() {
        }

        public void onFileCreated(Path path) {
            onFileChanged(path);
        }

        public void onFileDeleted(Path path) {
            onFileChanged(path);
        }

        public void onFileChanged(Path path) {
            if (path.equals(FileRolesStore.this.file)) {
                try {
                    FileRolesStore.this.permissions = FileRolesStore.parseFile(path, FileRolesStore.this.reservedRoles, FileRolesStore.this.logger, FileRolesStore.this.settings, FileRolesStore.this.deprecationLogger);
                    FileRolesStore.this.logger.info("updated roles (roles file [{}] changed)", new Object[]{path.toAbsolutePath()});
                    FileRolesStore.this.listener.onRefresh();
                } catch (Throwable th) {
                    FileRolesStore.this.logger.error("could not reload roles file [{}]. Current roles remain unmodified", th, new Object[]{path.toAbsolutePath()});
                }
            }
        }
    }

    /* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/authz/store/FileRolesStore$LenientIndicesPrivileges.class */
    public static class LenientIndicesPrivileges extends RoleDescriptor.IndicesPrivileges {
        private String[] indices;
        private String[] privileges;
        private String[] fields;
        private BytesReference query;

        public LenientIndicesPrivileges(String[] strArr, String[] strArr2, String[] strArr3, String str) {
            this.indices = strArr;
            this.privileges = strArr2;
            this.fields = strArr3;
            this.query = str == null ? null : new BytesArray(str);
        }

        @Override // org.elasticsearch.shield.authz.RoleDescriptor.IndicesPrivileges
        public String[] getIndices() {
            return this.indices;
        }

        @Override // org.elasticsearch.shield.authz.RoleDescriptor.IndicesPrivileges
        @Nullable
        public String[] getPrivileges() {
            return this.privileges;
        }

        @Override // org.elasticsearch.shield.authz.RoleDescriptor.IndicesPrivileges
        @Nullable
        public String[] getFields() {
            return this.fields;
        }

        @Override // org.elasticsearch.shield.authz.RoleDescriptor.IndicesPrivileges
        @Nullable
        public BytesReference getQuery() {
            return this.query;
        }

        @Override // org.elasticsearch.shield.authz.RoleDescriptor.IndicesPrivileges
        public String toString() {
            StringBuilder sb = new StringBuilder("LenientIndicesPrivileges[");
            sb.append("indices=[").append(Strings.arrayToCommaDelimitedString(this.indices));
            sb.append("], privileges=[").append(Strings.arrayToCommaDelimitedString(this.privileges));
            sb.append("], fields=[").append(Strings.arrayToCommaDelimitedString(this.fields));
            if (this.query != null) {
                sb.append("], query=").append(this.query.toUtf8());
            }
            sb.append("]");
            return sb.toString();
        }

        @Override // org.elasticsearch.shield.authz.RoleDescriptor.IndicesPrivileges
        public void readFrom(StreamInput streamInput) throws IOException {
            throw new UnsupportedOperationException("should never be serialized");
        }

        @Override // org.elasticsearch.shield.authz.RoleDescriptor.IndicesPrivileges
        public void writeTo(StreamOutput streamOutput) throws IOException {
            throw new UnsupportedOperationException("should never be serialized");
        }
    }

    @Inject
    public FileRolesStore(Settings settings, Environment environment, ResourceWatcherService resourceWatcherService, Set<Permission.Global.Role> set) {
        this(settings, environment, resourceWatcherService, set, RefreshListener.NOOP);
    }

    public FileRolesStore(Settings settings, Environment environment, ResourceWatcherService resourceWatcherService, Set<Permission.Global.Role> set, RefreshListener refreshListener) {
        super(settings);
        this.file = resolveFile(settings, environment);
        this.listener = refreshListener;
        this.watcherService = resourceWatcherService;
        this.reservedRoles = ImmutableSet.copyOf(set);
        this.permissions = ImmutableMap.of();
    }

    protected void doStart() throws ElasticsearchException {
        FileWatcher fileWatcher = new FileWatcher(this.file.getParent());
        fileWatcher.addListener(new FileListener());
        try {
            this.watcherService.add(fileWatcher, ResourceWatcherService.Frequency.HIGH);
            this.permissions = parseFile(this.file, this.reservedRoles, this.logger, this.settings, this.deprecationLogger);
        } catch (IOException e) {
            throw new ElasticsearchException("failed to setup roles file watcher", e, new Object[0]);
        }
    }

    protected void doStop() throws ElasticsearchException {
    }

    protected void doClose() throws ElasticsearchException {
    }

    @Override // org.elasticsearch.shield.authz.store.RolesStore
    public Permission.Global.Role role(String str) {
        return (Permission.Global.Role) this.permissions.get(str);
    }

    public static Path resolveFile(Settings settings, Environment environment) {
        String str = settings.get("shield.authz.store.files.roles");
        return str == null ? ShieldPlugin.resolveConfigFile(environment, "roles.yml") : environment.binFile().getParent().resolve(str);
    }

    public static ImmutableSet<String> parseFileForRoleNames(Path path, ESLogger eSLogger) {
        ImmutableMap<String, Permission.Global.Role> parseFile = parseFile(path, Collections.emptySet(), eSLogger, false, Settings.EMPTY, new DeprecationLogger(eSLogger));
        return parseFile == null ? ImmutableSet.builder().build() : parseFile.keySet();
    }

    public static ImmutableMap<String, Permission.Global.Role> parseFile(Path path, Set<Permission.Global.Role> set, ESLogger eSLogger, Settings settings, DeprecationLogger deprecationLogger) {
        return parseFile(path, set, eSLogger, true, settings, deprecationLogger);
    }

    public static ImmutableMap<String, Permission.Global.Role> parseFile(Path path, Set<Permission.Global.Role> set, ESLogger eSLogger, boolean z, Settings settings, DeprecationLogger deprecationLogger) {
        if (eSLogger == null) {
            eSLogger = NoOpLogger.INSTANCE;
        }
        HashMap hashMap = new HashMap();
        eSLogger.trace("attempting to read roles file located at [{}]", new Object[]{path.toAbsolutePath()});
        if (Files.exists(path, new LinkOption[0])) {
            try {
                Iterator<String> it = roleSegments(path).iterator();
                while (it.hasNext()) {
                    Permission.Global.Role parseRole = parseRole(it.next(), path, eSLogger, z, settings, deprecationLogger);
                    if (parseRole != null) {
                        if (InternalSystemUser.ROLE_NAME.equals(parseRole.name())) {
                            eSLogger.warn("role [{}] is reserved. the relevant role definition in the mapping file will be ignored", new Object[]{parseRole.name()});
                        } else {
                            hashMap.put(parseRole.name(), parseRole);
                        }
                    }
                }
            } catch (IOException e) {
                eSLogger.error("failed to read roles file [{}]. skipping all roles...", e, new Object[]{path.toAbsolutePath()});
            }
        }
        for (Permission.Global.Role role : set) {
            if (hashMap.containsKey(role.name())) {
                eSLogger.warn("role [{}] is reserved to the system. the relevant role definition in the mapping file will be ignored", new Object[]{role.name()});
            }
            hashMap.put(role.name(), role);
        }
        return ImmutableMap.copyOf(hashMap);
    }

    public static ImmutableMap<String, RoleDescriptor> parseRoleDescriptors(Path path, ESLogger eSLogger, Settings settings, DeprecationLogger deprecationLogger) {
        if (eSLogger == null) {
            eSLogger = NoOpLogger.INSTANCE;
        }
        HashMap hashMap = new HashMap();
        eSLogger.trace("attempting to read roles file located at [{}]", new Object[]{path.toAbsolutePath()});
        if (Files.exists(path, new LinkOption[0])) {
            try {
                Iterator<String> it = roleSegments(path).iterator();
                while (it.hasNext()) {
                    RoleDescriptor parseRoleDescriptor = parseRoleDescriptor(it.next(), path, eSLogger, true, settings, deprecationLogger);
                    if (parseRoleDescriptor != null) {
                        if (InternalSystemUser.ROLE_NAME.equals(parseRoleDescriptor.getName())) {
                            eSLogger.warn("role [{}] is reserved. the relevant role definition in the mapping file will be ignored", new Object[]{parseRoleDescriptor.getName()});
                        } else {
                            hashMap.put(parseRoleDescriptor.getName(), parseRoleDescriptor);
                        }
                    }
                }
            } catch (IOException e) {
                eSLogger.error("failed to read roles file [{}]. skipping all roles...", e, new Object[]{path.toAbsolutePath()});
            }
        }
        return ImmutableMap.copyOf(hashMap);
    }

    @Nullable
    private static Permission.Global.Role parseRole(String str, Path path, ESLogger eSLogger, boolean z, Settings settings, DeprecationLogger deprecationLogger) {
        RoleDescriptor parseRoleDescriptor = parseRoleDescriptor(str, path, eSLogger, z, settings, deprecationLogger);
        if (parseRoleDescriptor == null) {
            return null;
        }
        Permission.Global.Role.Builder builder = Permission.Global.Role.builder(parseRoleDescriptor.getName());
        if (!z) {
            return builder.build();
        }
        if (parseRoleDescriptor.getClusterPrivileges().length > 0) {
            try {
                builder.cluster(Privilege.Cluster.get(new Privilege.Name(parseRoleDescriptor.getClusterPrivileges())));
            } catch (IllegalArgumentException e) {
                eSLogger.error("invalid role definition [{}] in roles file [{}]. could not resolve cluster privileges [{}]. skipping role...", new Object[]{parseRoleDescriptor.getName(), path.toAbsolutePath(), new Privilege.Name(parseRoleDescriptor.getClusterPrivileges())});
                return null;
            }
        }
        if (parseRoleDescriptor.getRunAs() != null && parseRoleDescriptor.getRunAs().length > 0) {
            try {
                builder.runAs(new Privilege.General(new Privilege.Name(parseRoleDescriptor.getRunAs()), parseRoleDescriptor.getRunAs()));
            } catch (IllegalArgumentException e2) {
                eSLogger.error("invalid role definition [{}] in roles file [{}]. could not resolve run_as privileges [{}]. skipping role...", new Object[]{parseRoleDescriptor.getName(), path.toAbsolutePath(), new Privilege.Name(parseRoleDescriptor.getRunAs())});
                return null;
            }
        }
        for (RoleDescriptor.IndicesPrivileges indicesPrivileges : parseRoleDescriptor.getIndicesPrivileges()) {
            String[] indices = indicesPrivileges.getIndices();
            String[] privileges = indicesPrivileges.getPrivileges();
            BytesReference query = indicesPrivileges.getQuery();
            String[] fields = indicesPrivileges.getFields();
            if (privileges != null && privileges.length != 0) {
                if ((query != null || (fields != null && fields.length > 0)) && !AccessControlShardModule.enabled(settings)) {
                    eSLogger.error("invalid role definition [{}] in roles file [{}]. document and field level security is not enabled. set [{}] to [true] in the configuration file. skipping role...", new Object[]{parseRoleDescriptor.getName(), path.toAbsolutePath(), AccessControlShardModule.DLS_FLS_ENABLED_SETTING});
                    return null;
                }
                if (query == null && fields == null) {
                    try {
                        builder.add(Privilege.Index.get(new Privilege.Name(privileges)), indices);
                    } catch (IllegalArgumentException e3) {
                        eSLogger.error("invalid role definition [{}] in roles file [{}]. could not resolve indices privileges [{}]. skipping role...", new Object[]{parseRoleDescriptor.getName(), path.toAbsolutePath(), new Privilege.Name(privileges)});
                        return null;
                    }
                } else {
                    builder.add(fields == null ? null : Arrays.asList(fields), query, Privilege.Index.get(new Privilege.Name(privileges)), indices);
                }
            }
        }
        return builder.build();
    }

    @Nullable
    private static RoleDescriptor parseRoleDescriptor(String str, Path path, ESLogger eSLogger, boolean z, Settings settings, DeprecationLogger deprecationLogger) {
        try {
            String[] strArr = null;
            String[] strArr2 = null;
            ArrayList arrayList = new ArrayList();
            XContentParser createParser = YamlXContent.yamlXContent.createParser(str);
            if (createParser.nextToken() == XContentParser.Token.START_OBJECT && createParser.nextToken() == XContentParser.Token.FIELD_NAME) {
                String currentName = createParser.currentName();
                Validation.Error validateRoleName = Validation.Roles.validateRoleName(currentName);
                if (validateRoleName != null) {
                    eSLogger.error("invalid role definition [{}] in roles file [{}]. invalid role name - {}. skipping role... ", new Object[]{currentName, path.toAbsolutePath(), validateRoleName});
                    return null;
                }
                if (!z) {
                    return new RoleDescriptor(currentName, null, null, null);
                }
                if (createParser.nextToken() == XContentParser.Token.START_OBJECT) {
                    String str2 = null;
                    while (true) {
                        XContentParser.Token nextToken = createParser.nextToken();
                        if (nextToken == XContentParser.Token.END_OBJECT) {
                            return new RoleDescriptor(currentName, strArr, (RoleDescriptor.IndicesPrivileges[]) arrayList.toArray(new RoleDescriptor.IndicesPrivileges[arrayList.size()]), strArr2);
                        }
                        if (nextToken == XContentParser.Token.FIELD_NAME) {
                            str2 = createParser.currentName();
                        } else if ("cluster".equals(str2)) {
                            if (nextToken == XContentParser.Token.VALUE_STRING || nextToken == XContentParser.Token.VALUE_NULL) {
                                deprecationLogger.deprecated("role definition [{}] in roles file [{}] uses the comma separated format for specifying cluster privileges. support for this format will be removed in the future  in favor of the array format", new Object[]{currentName, path.toAbsolutePath()});
                                String textOrNull = createParser.textOrNull();
                                if (Strings.hasText(textOrNull)) {
                                    strArr = COMMA_DELIM.split(textOrNull);
                                }
                            } else {
                                if (nextToken != XContentParser.Token.START_ARRAY) {
                                    eSLogger.error("invalid role definition [{}] in roles file [{}]. [cluster] field value can either be a string or a list of strings, but [{}] was found instead. skipping role...", new Object[]{currentName, path.toAbsolutePath(), nextToken});
                                    return null;
                                }
                                HashSet hashSet = new HashSet();
                                while (true) {
                                    XContentParser.Token nextToken2 = createParser.nextToken();
                                    if (nextToken2 == XContentParser.Token.END_ARRAY) {
                                        break;
                                    }
                                    if (nextToken2 == XContentParser.Token.VALUE_STRING) {
                                        hashSet.add(createParser.text());
                                    }
                                }
                                if (!hashSet.isEmpty()) {
                                    strArr = (String[]) hashSet.toArray(new String[hashSet.size()]);
                                }
                            }
                        } else if ("indices".equals(str2)) {
                            if (nextToken == XContentParser.Token.START_OBJECT) {
                                String[] strArr3 = null;
                                String str3 = null;
                                String[] strArr4 = null;
                                String[] strArr5 = null;
                                deprecationLogger.deprecated("role definition [{}] in roles file [{}] uses the deprecated form for defining indices permissions. please refer to the documentation or the updated roles file for the new format", new Object[]{currentName, path.toAbsolutePath()});
                                while (true) {
                                    XContentParser.Token nextToken3 = createParser.nextToken();
                                    if (nextToken3 != XContentParser.Token.END_OBJECT) {
                                        if (nextToken3 == XContentParser.Token.FIELD_NAME) {
                                            str2 = createParser.currentName();
                                            if (Strings.hasLength(str2)) {
                                                strArr3 = COMMA_DELIM.split(str2);
                                                XContentParser.Token nextToken4 = createParser.nextToken();
                                                if (nextToken4 == XContentParser.Token.VALUE_STRING) {
                                                    if (Strings.hasLength(createParser.text().trim())) {
                                                        strArr4 = COMMA_DELIM.split(createParser.text());
                                                    }
                                                } else if (nextToken4 != XContentParser.Token.VALUE_NULL) {
                                                    if (nextToken4 == XContentParser.Token.START_ARRAY) {
                                                        HashSet hashSet2 = new HashSet();
                                                        while (true) {
                                                            XContentParser.Token nextToken5 = createParser.nextToken();
                                                            if (nextToken5 == XContentParser.Token.END_ARRAY) {
                                                                strArr4 = (String[]) hashSet2.toArray(new String[hashSet2.size()]);
                                                                break;
                                                            }
                                                            if (nextToken5 != XContentParser.Token.VALUE_STRING) {
                                                                eSLogger.error("invalid role definition [{}] in roles file [{}]. could not parse [{}] as index privilege. privilege names must be strings. skipping role...", new Object[]{currentName, path.toAbsolutePath(), nextToken5});
                                                                return null;
                                                            }
                                                            hashSet2.add(createParser.text());
                                                        }
                                                    } else if (nextToken4 == XContentParser.Token.START_OBJECT) {
                                                        while (true) {
                                                            XContentParser.Token nextToken6 = createParser.nextToken();
                                                            if (nextToken6 == XContentParser.Token.END_OBJECT) {
                                                                break;
                                                            }
                                                            if (nextToken6 == XContentParser.Token.FIELD_NAME) {
                                                                str2 = createParser.currentName();
                                                            } else if ("fields".equals(str2)) {
                                                                if (nextToken6 == XContentParser.Token.START_ARRAY) {
                                                                    HashSet hashSet3 = new HashSet();
                                                                    while (true) {
                                                                        XContentParser.Token nextToken7 = createParser.nextToken();
                                                                        if (nextToken7 != XContentParser.Token.END_ARRAY) {
                                                                            if (nextToken7 != XContentParser.Token.VALUE_STRING) {
                                                                                eSLogger.error("invalid role definition [{}] in roles file [{}]. could not parse [{}] as field name. field names must be strings. skipping role...", new Object[]{currentName, path.toAbsolutePath(), nextToken7});
                                                                                return null;
                                                                            }
                                                                            hashSet3.add(createParser.text());
                                                                        } else if (!hashSet3.isEmpty()) {
                                                                            strArr5 = (String[]) hashSet3.toArray(new String[hashSet3.size()]);
                                                                        }
                                                                    }
                                                                } else if (nextToken6.isValue() || nextToken6 == XContentParser.Token.VALUE_NULL) {
                                                                    String textOrNull2 = createParser.textOrNull();
                                                                    strArr5 = !Strings.hasText(textOrNull2) ? Strings.EMPTY_ARRAY : COMMA_DELIM.split(textOrNull2);
                                                                }
                                                            } else if ("query".equals(str2)) {
                                                                if (nextToken6 == XContentParser.Token.START_OBJECT) {
                                                                    XContentBuilder contentBuilder = JsonXContent.contentBuilder();
                                                                    XContentHelper.copyCurrentStructure(contentBuilder.generator(), createParser);
                                                                    str3 = contentBuilder.string();
                                                                } else if (nextToken6 == XContentParser.Token.VALUE_STRING) {
                                                                    str3 = createParser.textOrNull();
                                                                }
                                                            } else if (!"privileges".equals(str2)) {
                                                                continue;
                                                            } else if (nextToken6 == XContentParser.Token.VALUE_STRING) {
                                                                String trim = createParser.text().trim();
                                                                if (Strings.hasLength(trim)) {
                                                                    strArr4 = COMMA_DELIM.split(trim);
                                                                }
                                                            } else if (nextToken6 == XContentParser.Token.START_ARRAY) {
                                                                HashSet hashSet4 = new HashSet();
                                                                while (true) {
                                                                    XContentParser.Token nextToken8 = createParser.nextToken();
                                                                    if (nextToken8 == XContentParser.Token.END_ARRAY) {
                                                                        strArr4 = (String[]) hashSet4.toArray(new String[hashSet4.size()]);
                                                                        break;
                                                                    }
                                                                    if (nextToken8 != XContentParser.Token.VALUE_STRING) {
                                                                        eSLogger.error("invalid role definition [{}] in roles file [{}]. could not parse [{}] as index privilege. privilege names must be strings. skipping role...", new Object[]{currentName, path.toAbsolutePath(), nextToken8});
                                                                        return null;
                                                                    }
                                                                    hashSet4.add(createParser.text());
                                                                }
                                                            } else {
                                                                continue;
                                                            }
                                                        }
                                                    } else {
                                                        if (nextToken4 != XContentParser.Token.FIELD_NAME) {
                                                            eSLogger.error("invalid role definition [{}] in roles file [{}]. could not parse [{}] as index privileges. privilege lists must either be a comma delimited string or an array of strings. skipping role...", new Object[]{currentName, path.toAbsolutePath(), nextToken4});
                                                            return null;
                                                        }
                                                        str2 = createParser.currentName();
                                                    }
                                                }
                                            }
                                        }
                                        arrayList.add(new LenientIndicesPrivileges(strArr3, strArr4, strArr5, str3));
                                    }
                                }
                            } else {
                                if (nextToken != XContentParser.Token.START_ARRAY) {
                                    eSLogger.error("invalid role definition [{}] in roles file [{}]. [indices] field value must be an array of indices-privileges mappings defined as a string in the form <comma-separated list of index name patterns>::<comma-separated list of privileges> , but [{}] was found instead. skipping role...", new Object[]{currentName, path.toAbsolutePath(), nextToken});
                                    return null;
                                }
                                try {
                                    for (RoleDescriptor.IndicesPrivileges indicesPrivileges : RoleDescriptor.parseIndices(currentName, createParser)) {
                                        arrayList.add(indicesPrivileges);
                                    }
                                } catch (Exception e) {
                                    if (e instanceof ElasticsearchParseException) {
                                        eSLogger.error(e.getMessage() + ". skipping role...", new Object[0]);
                                        return null;
                                    }
                                    eSLogger.error("invalid role definition [{}] in roles file [{}]. skipping role...", e, new Object[]{currentName, path.toAbsolutePath()});
                                    return null;
                                }
                            }
                        } else if (!"run_as".equals(str2)) {
                            eSLogger.warn("unknown field [{}] found in role definition [{}] in roles file [{}]", new Object[]{str2, currentName, path.toAbsolutePath()});
                        } else if (nextToken == XContentParser.Token.VALUE_STRING) {
                            String trim2 = createParser.text().trim();
                            if (Strings.hasLength(trim2)) {
                                strArr2 = COMMA_DELIM.split(trim2);
                            }
                        } else {
                            if (nextToken != XContentParser.Token.START_ARRAY) {
                                eSLogger.error("invalid role definition [{}] in roles file [{}]. [run_as] field value can either be a string or a list of strings, but [{}] was found instead. skipping role...", new Object[]{currentName, path.toAbsolutePath(), nextToken});
                                return null;
                            }
                            HashSet hashSet5 = new HashSet();
                            while (true) {
                                XContentParser.Token nextToken9 = createParser.nextToken();
                                if (nextToken9 == XContentParser.Token.END_ARRAY) {
                                    break;
                                }
                                if (nextToken9 == XContentParser.Token.VALUE_STRING) {
                                    hashSet5.add(createParser.text());
                                }
                            }
                            if (!hashSet5.isEmpty()) {
                                strArr2 = (String[]) hashSet5.toArray(new String[hashSet5.size()]);
                            }
                        }
                    }
                } else {
                    eSLogger.error("invalid role definition [{}] in roles file [{}]. skipping role...", new Object[]{currentName, path.toAbsolutePath()});
                }
            }
            return null;
        } catch (YAMLException | IOException e2) {
            if (0 != 0) {
                eSLogger.error("invalid role definition [{}] in roles file [{}]. skipping role...", e2, new Object[]{null, path});
                return null;
            }
            eSLogger.error("invalid role definition in roles file [{}]. skipping role...", e2, new Object[]{path});
            return null;
        }
    }

    private static List<String> roleSegments(Path path) throws IOException {
        ArrayList arrayList = new ArrayList();
        StringBuilder sb = null;
        for (String str : Files.readAllLines(path, Charsets.UTF_8)) {
            if (!SKIP_LINE.matcher(str).matches()) {
                if (!IN_SEGMENT_LINE.matcher(str).matches()) {
                    if (sb != null) {
                        arrayList.add(sb.toString());
                    }
                    sb = new StringBuilder(str).append("\n");
                } else if (sb != null) {
                    sb.append(str).append("\n");
                }
            }
        }
        if (sb != null) {
            arrayList.add(sb.toString());
        }
        return arrayList;
    }
}
