package org.elasticsearch.shield.audit.index;

import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableSet;
import com.google.common.io.ByteStreams;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.atomic.AtomicReference;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.action.admin.cluster.state.ClusterStateResponse;
import org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsRequest;
import org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsResponse;
import org.elasticsearch.action.admin.indices.mapping.put.PutMappingRequest;
import org.elasticsearch.action.admin.indices.mapping.put.PutMappingResponse;
import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateRequest;
import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateResponse;
import org.elasticsearch.action.bulk.BulkProcessor;
import org.elasticsearch.action.bulk.BulkRequest;
import org.elasticsearch.action.bulk.BulkResponse;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.cluster.ClusterChangedEvent;
import org.elasticsearch.cluster.ClusterService;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.ClusterStateListener;
import org.elasticsearch.common.ContextAndHeaderHolder;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.inject.Provider;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
import org.elasticsearch.common.util.concurrent.EsExecutors;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentBuilderString;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.gateway.GatewayService;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.shield.InternalSystemUser;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.audit.AuditTrail;
import org.elasticsearch.shield.audit.AuditUtil;
import org.elasticsearch.shield.audit.index.IndexNameResolver;
import org.elasticsearch.shield.authc.AuthenticationService;
import org.elasticsearch.shield.authc.AuthenticationToken;
import org.elasticsearch.shield.authz.Privilege;
import org.elasticsearch.shield.rest.RemoteHostHeader;
import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportMessage;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;

/* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/audit/index/IndexAuditTrail.class */
public class IndexAuditTrail extends AbstractComponent implements AuditTrail, ClusterStateListener {
    public static final int DEFAULT_BULK_SIZE = 1000;
    public static final int MAX_BULK_SIZE = 10000;
    public static final int DEFAULT_MAX_QUEUE_SIZE = 1000;
    public static final TimeValue DEFAULT_FLUSH_INTERVAL;
    public static final IndexNameResolver.Rollover DEFAULT_ROLLOVER;
    public static final String NAME = "index";
    public static final String INDEX_NAME_PREFIX = ".shield_audit_log";
    public static final String DOC_TYPE = "event";
    public static final String ROLLOVER_SETTING = "shield.audit.index.rollover";
    public static final String QUEUE_SIZE_SETTING = "shield.audit.index.queue_max_size";
    public static final String INDEX_TEMPLATE_NAME = "shield_audit_log";
    public static final String DEFAULT_CLIENT_NAME = "shield-audit-client";
    static final String[] DEFAULT_EVENT_INCLUDES;
    private static final ImmutableSet<String> forbiddenIndexSettings;
    private final AtomicReference<State> state;
    private final String nodeName;
    private final Provider<Client> clientProvider;
    private final AuthenticationService authenticationService;
    private final BlockingQueue<Message> eventQueue;
    private final QueueConsumer queueConsumer;
    private final Transport transport;
    private final ThreadPool threadPool;
    private final Lock putMappingLock;
    private final ClusterService clusterService;
    private final boolean indexToRemoteCluster;
    private BulkProcessor bulkProcessor;
    private Client client;
    private IndexNameResolver.Rollover rollover;
    private String nodeHostName;
    private String nodeHostAddress;
    private EnumSet<IndexAuditLevel> events;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/audit/index/IndexAuditTrail$Field.class */
    public interface Field {
        public static final XContentBuilderString TIMESTAMP = new XContentBuilderString("@timestamp");
        public static final XContentBuilderString NODE_NAME = new XContentBuilderString("node_name");
        public static final XContentBuilderString NODE_HOST_NAME = new XContentBuilderString("node_host_name");
        public static final XContentBuilderString NODE_HOST_ADDRESS = new XContentBuilderString("node_host_address");
        public static final XContentBuilderString LAYER = new XContentBuilderString("layer");
        public static final XContentBuilderString TYPE = new XContentBuilderString("event_type");
        public static final XContentBuilderString ORIGIN_ADDRESS = new XContentBuilderString("origin_address");
        public static final XContentBuilderString ORIGIN_TYPE = new XContentBuilderString("origin_type");
        public static final XContentBuilderString PRINCIPAL = new XContentBuilderString("principal");
        public static final XContentBuilderString RUN_AS_PRINCIPAL = new XContentBuilderString("run_as_principal");
        public static final XContentBuilderString RUN_BY_PRINCIPAL = new XContentBuilderString("run_by_principal");
        public static final XContentBuilderString ACTION = new XContentBuilderString("action");
        public static final XContentBuilderString INDICES = new XContentBuilderString("indices");
        public static final XContentBuilderString REQUEST = new XContentBuilderString("request");
        public static final XContentBuilderString REQUEST_BODY = new XContentBuilderString("request_body");
        public static final XContentBuilderString URI = new XContentBuilderString("uri");
        public static final XContentBuilderString REALM = new XContentBuilderString("realm");
        public static final XContentBuilderString TRANSPORT_PROFILE = new XContentBuilderString("transport_profile");
        public static final XContentBuilderString RULE = new XContentBuilderString("rule");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/audit/index/IndexAuditTrail$Message.class */
    public static class Message {
        final DateTime timestamp = DateTime.now(DateTimeZone.UTC);
        final XContentBuilder builder = XContentFactory.jsonBuilder();

        Message() throws IOException {
        }

        Message start() throws IOException {
            this.builder.startObject();
            this.builder.field(Field.TIMESTAMP, this.timestamp);
            return this;
        }

        Message end() throws IOException {
            this.builder.endObject();
            return this;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/audit/index/IndexAuditTrail$QueueConsumer.class */
    public class QueueConsumer extends Thread {
        volatile boolean running;

        QueueConsumer(String str) {
            super(str);
            this.running = true;
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            while (this.running) {
                try {
                    Message message = (Message) IndexAuditTrail.this.eventQueue.take();
                    ContextAndHeaderHolder contextAndHeaderHolder = (IndexRequest) IndexAuditTrail.this.client.prepareIndex().setIndex(IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, message.timestamp, IndexAuditTrail.this.rollover)).setType(IndexAuditTrail.DOC_TYPE).setSource(message.builder).request();
                    if (!IndexAuditTrail.this.indexToRemoteCluster) {
                        IndexAuditTrail.this.authenticationService.attachUserHeaderIfMissing(contextAndHeaderHolder, InternalAuditUser.INSTANCE);
                    }
                    IndexAuditTrail.this.bulkProcessor.add(contextAndHeaderHolder);
                } catch (InterruptedException e) {
                    IndexAuditTrail.this.logger.debug("index audit queue consumer interrupted", e, new Object[0]);
                    this.running = false;
                    return;
                } catch (Exception e2) {
                    IndexAuditTrail.this.logger.warn("failed to index audit message from queue", e2, new Object[0]);
                }
            }
        }
    }

    /* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/audit/index/IndexAuditTrail$State.class */
    public enum State {
        INITIALIZED,
        STARTING,
        STARTED,
        STOPPING,
        STOPPED,
        FAILED
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public String name() {
        return NAME;
    }

    @Inject
    public IndexAuditTrail(Settings settings, AuthenticationService authenticationService, Transport transport, Provider<Client> provider, ThreadPool threadPool, ClusterService clusterService) {
        super(settings);
        this.state = new AtomicReference<>(State.INITIALIZED);
        this.putMappingLock = new ReentrantLock();
        this.authenticationService = authenticationService;
        this.clientProvider = provider;
        this.transport = transport;
        this.threadPool = threadPool;
        this.clusterService = clusterService;
        this.nodeName = settings.get("name");
        this.queueConsumer = new QueueConsumer(EsExecutors.threadName(settings, "audit-queue-consumer"));
        int intValue = settings.getAsInt(QUEUE_SIZE_SETTING, 1000).intValue();
        if (intValue <= 0) {
            this.logger.warn("invalid value [{}] for setting [{}]. using default value [{}]", new Object[]{Integer.valueOf(intValue), QUEUE_SIZE_SETTING, 1000});
            intValue = 1000;
        }
        this.eventQueue = createQueue(intValue);
        try {
            this.rollover = IndexNameResolver.Rollover.valueOf(settings.get(ROLLOVER_SETTING, DEFAULT_ROLLOVER.name()).toUpperCase(Locale.ENGLISH));
        } catch (IllegalArgumentException e) {
            this.logger.warn("invalid value for setting [shield.audit.index.rollover]; falling back to default [{}]", new Object[]{DEFAULT_ROLLOVER.name()});
            this.rollover = DEFAULT_ROLLOVER;
        }
        String[] asArray = settings.getAsArray("shield.audit.index.events.include", DEFAULT_EVENT_INCLUDES);
        String[] asArray2 = settings.getAsArray("shield.audit.index.events.exclude");
        try {
            this.events = IndexAuditLevel.parse(asArray, asArray2);
        } catch (IllegalArgumentException e2) {
            this.logger.warn("invalid event type specified, using default for audit index output. include events [{}], exclude events [{}]", e2, new Object[]{asArray, asArray2});
            this.events = IndexAuditLevel.parse(DEFAULT_EVENT_INCLUDES, Strings.EMPTY_ARRAY);
        }
        this.indexToRemoteCluster = settings.getByPrefix("shield.audit.index.client.").names().size() > 0;
    }

    public State state() {
        return this.state.get();
    }

    public synchronized boolean canStart(ClusterChangedEvent clusterChangedEvent, boolean z) {
        if (!this.indexToRemoteCluster) {
            return canStart(clusterChangedEvent.state(), z);
        }
        try {
            if (this.client == null) {
                initializeClient();
            }
            return canStart(((ClusterStateResponse) this.client.admin().cluster().prepareState().execute().actionGet()).getState(), z);
        } catch (Exception e) {
            this.logger.error("failed to initialize client for remote indexing. index based output is disabled", e, new Object[0]);
            this.state.set(State.FAILED);
            return false;
        }
    }

    private boolean canStart(ClusterState clusterState, boolean z) {
        if (clusterState.blocks().hasGlobalBlock(GatewayService.STATE_NOT_RECOVERED_BLOCK)) {
            this.logger.debug("index audit trail waiting until gateway has recovered from disk", new Object[0]);
            return false;
        }
        if (!z && clusterState.metaData().templates().get(INDEX_TEMPLATE_NAME) == null) {
            this.logger.debug("shield audit index template [{}] does not exist, so service cannot start", new Object[]{INDEX_TEMPLATE_NAME});
            return false;
        }
        String resolve = IndexNameResolver.resolve(INDEX_NAME_PREFIX, DateTime.now(DateTimeZone.UTC), this.rollover);
        if (clusterState.metaData().index(resolve) == null) {
            this.logger.debug("shield audit index [{}] does not exist, so service can start", new Object[]{resolve});
            return true;
        }
        if (clusterState.routingTable().index(resolve).allPrimaryShardsActive()) {
            this.logger.debug("shield audit index [{}] all primary shards started, so service can start", new Object[]{resolve});
            return true;
        }
        this.logger.debug("shield audit index [{}] does not have all primary shards started, so service cannot start", new Object[]{resolve});
        return false;
    }

    public void start(boolean z) {
        if (this.state.compareAndSet(State.INITIALIZED, State.STARTING)) {
            this.nodeHostName = this.transport.boundAddress().publishAddress().getHost();
            this.nodeHostAddress = this.transport.boundAddress().publishAddress().getAddress();
            if (this.client == null) {
                initializeClient();
            }
            if (z) {
                putTemplate(customAuditIndexSettings(this.settings));
            }
            this.clusterService.add(this);
            initializeBulkProcessor();
            this.queueConsumer.start();
            this.state.set(State.STARTED);
        }
    }

    public void stop() {
        if (this.state.compareAndSet(State.STARTED, State.STOPPING)) {
            try {
                this.queueConsumer.interrupt();
                if (this.bulkProcessor != null) {
                    this.bulkProcessor.flush();
                }
            } finally {
                this.state.set(State.STOPPED);
            }
        }
    }

    public void close() {
        if (this.state.get() != State.STOPPED) {
            stop();
        }
        try {
            if (this.bulkProcessor != null) {
                this.bulkProcessor.close();
            }
        } finally {
            if (this.indexToRemoteCluster && this.client != null) {
                this.client.close();
            }
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void anonymousAccessDenied(String str, TransportMessage<?> transportMessage) {
        if (this.events.contains(IndexAuditLevel.ANONYMOUS_ACCESS_DENIED)) {
            try {
                enqueue(message("anonymous_access_denied", str, (AuthenticationToken) null, (String) null, AuditUtil.indices(transportMessage), transportMessage), "anonymous_access_denied");
            } catch (Exception e) {
                this.logger.warn("failed to index audit event: [anonymous_access_denied]", e, new Object[0]);
            }
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void anonymousAccessDenied(RestRequest restRequest) {
        if (this.events.contains(IndexAuditLevel.ANONYMOUS_ACCESS_DENIED)) {
            try {
                enqueue(message("anonymous_access_denied", (String) null, (AuthenticationToken) null, (String) null, (String[]) null, restRequest), "anonymous_access_denied");
            } catch (Exception e) {
                this.logger.warn("failed to index audit event: [anonymous_access_denied]", e, new Object[0]);
            }
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void authenticationFailed(String str, TransportMessage<?> transportMessage) {
        if (this.events.contains(IndexAuditLevel.AUTHENTICATION_FAILED)) {
            try {
                enqueue(message("authentication_failed", str, (AuthenticationToken) null, (String) null, AuditUtil.indices(transportMessage), transportMessage), "authentication_failed");
            } catch (Exception e) {
                this.logger.warn("failed to index audit event: [authentication_failed]", e, new Object[0]);
            }
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void authenticationFailed(RestRequest restRequest) {
        if (this.events.contains(IndexAuditLevel.AUTHENTICATION_FAILED)) {
            try {
                enqueue(message("authentication_failed", (String) null, (AuthenticationToken) null, (String) null, (String[]) null, restRequest), "authentication_failed");
            } catch (Exception e) {
                this.logger.warn("failed to index audit event: [authentication_failed]", e, new Object[0]);
            }
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void authenticationFailed(AuthenticationToken authenticationToken, String str, TransportMessage<?> transportMessage) {
        if (!this.events.contains(IndexAuditLevel.AUTHENTICATION_FAILED) || InternalAuditUser.is(authenticationToken.principal())) {
            return;
        }
        try {
            enqueue(message("authentication_failed", str, authenticationToken, (String) null, AuditUtil.indices(transportMessage), transportMessage), "authentication_failed");
        } catch (Exception e) {
            this.logger.warn("failed to index audit event: [authentication_failed]", e, new Object[0]);
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void authenticationFailed(AuthenticationToken authenticationToken, RestRequest restRequest) {
        if (!this.events.contains(IndexAuditLevel.AUTHENTICATION_FAILED) || InternalAuditUser.is(authenticationToken.principal())) {
            return;
        }
        try {
            enqueue(message("authentication_failed", (String) null, authenticationToken, (String) null, (String[]) null, restRequest), "authentication_failed");
        } catch (Exception e) {
            this.logger.warn("failed to index audit event: [authentication_failed]", e, new Object[0]);
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void authenticationFailed(String str, AuthenticationToken authenticationToken, String str2, TransportMessage<?> transportMessage) {
        if (!this.events.contains(IndexAuditLevel.AUTHENTICATION_FAILED) || InternalAuditUser.is(authenticationToken.principal())) {
            return;
        }
        try {
            enqueue(message("authentication_failed", str2, authenticationToken, str, AuditUtil.indices(transportMessage), transportMessage), "authentication_failed");
        } catch (Exception e) {
            this.logger.warn("failed to index audit event: [authentication_failed]", e, new Object[0]);
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void authenticationFailed(String str, AuthenticationToken authenticationToken, RestRequest restRequest) {
        if (!this.events.contains(IndexAuditLevel.AUTHENTICATION_FAILED) || InternalAuditUser.is(authenticationToken.principal())) {
            return;
        }
        try {
            enqueue(message("authentication_failed", (String) null, authenticationToken, str, (String[]) null, restRequest), "authentication_failed");
        } catch (Exception e) {
            this.logger.warn("failed to index audit event: [authentication_failed]", e, new Object[0]);
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void accessGranted(User user, String str, TransportMessage<?> transportMessage) {
        if (InternalSystemUser.is(user) && Privilege.SYSTEM.predicate().apply(str)) {
            if (this.events.contains(IndexAuditLevel.SYSTEM_ACCESS_GRANTED)) {
                try {
                    enqueue(message("access_granted", str, user, AuditUtil.indices(transportMessage), transportMessage), "access_granted");
                    return;
                } catch (Exception e) {
                    this.logger.warn("failed to index audit event: [access_granted]", e, new Object[0]);
                    return;
                }
            }
            return;
        }
        if (!this.events.contains(IndexAuditLevel.ACCESS_GRANTED) || InternalAuditUser.is(user)) {
            return;
        }
        try {
            enqueue(message("access_granted", str, user, AuditUtil.indices(transportMessage), transportMessage), "access_granted");
        } catch (Exception e2) {
            this.logger.warn("failed to index audit event: [access_granted]", e2, new Object[0]);
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void accessDenied(User user, String str, TransportMessage<?> transportMessage) {
        if (!this.events.contains(IndexAuditLevel.ACCESS_DENIED) || InternalAuditUser.is(user)) {
            return;
        }
        try {
            enqueue(message("access_denied", str, user, AuditUtil.indices(transportMessage), transportMessage), "access_denied");
        } catch (Exception e) {
            this.logger.warn("failed to index audit event: [access_denied]", e, new Object[0]);
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void tamperedRequest(String str, TransportMessage<?> transportMessage) {
        if (this.events.contains(IndexAuditLevel.TAMPERED_REQUEST)) {
            try {
                enqueue(message("tampered_request", str, (User) null, AuditUtil.indices(transportMessage), transportMessage), "tampered_request");
            } catch (Exception e) {
                this.logger.warn("failed to index audit event: [tampered_request]", e, new Object[0]);
            }
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void tamperedRequest(User user, String str, TransportMessage<?> transportMessage) {
        if (!this.events.contains(IndexAuditLevel.TAMPERED_REQUEST) || InternalAuditUser.is(user)) {
            return;
        }
        try {
            enqueue(message("tampered_request", str, user, AuditUtil.indices(transportMessage), transportMessage), "tampered_request");
        } catch (Exception e) {
            this.logger.warn("failed to index audit event: [tampered_request]", e, new Object[0]);
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void connectionGranted(InetAddress inetAddress, String str, ShieldIpFilterRule shieldIpFilterRule) {
        if (this.events.contains(IndexAuditLevel.CONNECTION_GRANTED)) {
            try {
                enqueue(message("ip_filter", "connection_granted", inetAddress, str, shieldIpFilterRule), "connection_granted");
            } catch (Exception e) {
                this.logger.warn("failed to index audit event: [connection_granted]", e, new Object[0]);
            }
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void connectionDenied(InetAddress inetAddress, String str, ShieldIpFilterRule shieldIpFilterRule) {
        if (this.events.contains(IndexAuditLevel.CONNECTION_DENIED)) {
            try {
                enqueue(message("ip_filter", "connection_denied", inetAddress, str, shieldIpFilterRule), "connection_denied");
            } catch (Exception e) {
                this.logger.warn("failed to index audit event: [connection_denied]", e, new Object[0]);
            }
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void runAsGranted(User user, String str, TransportMessage<?> transportMessage) {
        if (this.events.contains(IndexAuditLevel.RUN_AS_GRANTED)) {
            try {
                enqueue(message("run_as_granted", str, user, (String[]) null, transportMessage), "access_granted");
            } catch (Exception e) {
                this.logger.warn("failed to index audit event: [run_as_granted]", e, new Object[0]);
            }
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void runAsDenied(User user, String str, TransportMessage<?> transportMessage) {
        if (this.events.contains(IndexAuditLevel.RUN_AS_DENIED)) {
            try {
                enqueue(message("run_as_denied", str, user, (String[]) null, transportMessage), "access_granted");
            } catch (Exception e) {
                this.logger.warn("failed to index audit event: [run_as_denied]", e, new Object[0]);
            }
        }
    }

    private Message message(String str, @Nullable String str2, @Nullable User user, @Nullable String[] strArr, TransportMessage transportMessage) throws Exception {
        Message start = new Message().start();
        common("transport", str, start.builder);
        originAttributes(transportMessage, start.builder, this.transport);
        if (str2 != null) {
            start.builder.field(Field.ACTION, str2);
        }
        if (user != null) {
            if (user.runAs() == null) {
                start.builder.field(Field.PRINCIPAL, user.principal());
            } else if ("run_as_granted".equals(str) || "run_as_denied".equals(str)) {
                start.builder.field(Field.PRINCIPAL, user.principal());
                start.builder.field(Field.RUN_AS_PRINCIPAL, user.runAs().principal());
            } else {
                start.builder.field(Field.PRINCIPAL, user.runAs().principal());
                start.builder.field(Field.RUN_BY_PRINCIPAL, user.principal());
            }
        }
        if (strArr != null) {
            start.builder.array(Field.INDICES, strArr);
        }
        start.builder.field(Field.REQUEST, transportMessage.getClass().getSimpleName());
        return start.end();
    }

    private Message message(String str, @Nullable String str2, @Nullable AuthenticationToken authenticationToken, @Nullable String str3, @Nullable String[] strArr, TransportMessage transportMessage) throws Exception {
        Message start = new Message().start();
        common("transport", str, start.builder);
        originAttributes(transportMessage, start.builder, this.transport);
        if (str2 != null) {
            start.builder.field(Field.ACTION, str2);
        }
        if (authenticationToken != null) {
            start.builder.field(Field.PRINCIPAL, authenticationToken.principal());
        }
        if (str3 != null) {
            start.builder.field(Field.REALM, str3);
        }
        if (strArr != null) {
            start.builder.array(Field.INDICES, strArr);
        }
        start.builder.field(Field.REQUEST, transportMessage.getClass().getSimpleName());
        return start.end();
    }

    private Message message(String str, @Nullable String str2, @Nullable AuthenticationToken authenticationToken, @Nullable String str3, @Nullable String[] strArr, RestRequest restRequest) throws Exception {
        Message start = new Message().start();
        common("rest", str, start.builder);
        if (str2 != null) {
            start.builder.field(Field.ACTION, str2);
        }
        if (authenticationToken != null) {
            start.builder.field(Field.PRINCIPAL, authenticationToken.principal());
        }
        if (str3 != null) {
            start.builder.field(Field.REALM, str3);
        }
        if (strArr != null) {
            start.builder.array(Field.INDICES, strArr);
        }
        start.builder.field(Field.REQUEST_BODY, AuditUtil.restRequestContent(restRequest));
        start.builder.field(Field.ORIGIN_TYPE, "rest");
        SocketAddress remoteAddress = restRequest.getRemoteAddress();
        if (remoteAddress instanceof InetSocketAddress) {
            start.builder.field(Field.ORIGIN_ADDRESS, NetworkAddress.format(((InetSocketAddress) restRequest.getRemoteAddress()).getAddress()));
        } else {
            start.builder.field(Field.ORIGIN_ADDRESS, remoteAddress);
        }
        start.builder.field(Field.URI, restRequest.uri());
        return start.end();
    }

    private Message message(String str, String str2, InetAddress inetAddress, String str3, ShieldIpFilterRule shieldIpFilterRule) throws IOException {
        Message start = new Message().start();
        common(str, str2, start.builder);
        start.builder.field(Field.ORIGIN_ADDRESS, NetworkAddress.format(inetAddress));
        start.builder.field(Field.TRANSPORT_PROFILE, str3);
        start.builder.field(Field.RULE, shieldIpFilterRule);
        return start.end();
    }

    private XContentBuilder common(String str, String str2, XContentBuilder xContentBuilder) throws IOException {
        xContentBuilder.field(Field.NODE_NAME, this.nodeName);
        xContentBuilder.field(Field.NODE_HOST_NAME, this.nodeHostName);
        xContentBuilder.field(Field.NODE_HOST_ADDRESS, this.nodeHostAddress);
        xContentBuilder.field(Field.LAYER, str);
        xContentBuilder.field(Field.TYPE, str2);
        return xContentBuilder;
    }

    private static XContentBuilder originAttributes(TransportMessage transportMessage, XContentBuilder xContentBuilder, Transport transport) throws IOException {
        InetSocketAddress restRemoteAddress = RemoteHostHeader.restRemoteAddress(transportMessage);
        if (restRemoteAddress != null) {
            xContentBuilder.field(Field.ORIGIN_TYPE, "rest");
            xContentBuilder.field(Field.ORIGIN_ADDRESS, NetworkAddress.format(restRemoteAddress.getAddress()));
            return xContentBuilder;
        }
        InetSocketTransportAddress remoteAddress = transportMessage.remoteAddress();
        if (remoteAddress == null) {
            xContentBuilder.field(Field.ORIGIN_TYPE, "local_node");
            xContentBuilder.field(Field.ORIGIN_ADDRESS, transport.boundAddress().publishAddress().getAddress());
            return xContentBuilder;
        }
        xContentBuilder.field(Field.ORIGIN_TYPE, "transport");
        if (remoteAddress instanceof InetSocketTransportAddress) {
            xContentBuilder.field(Field.ORIGIN_ADDRESS, NetworkAddress.format(remoteAddress.address().getAddress()));
        } else {
            xContentBuilder.field(Field.ORIGIN_ADDRESS, remoteAddress);
        }
        return xContentBuilder;
    }

    void enqueue(Message message, String str) {
        State state = state();
        if (state == State.STOPPING || state == State.STOPPED || this.eventQueue.offer(message)) {
            return;
        }
        this.logger.warn("failed to index audit event: [{}]. queue is full; bulk processor may not be able to keep up or has stopped indexing.", new Object[]{str});
    }

    Message peek() {
        return this.eventQueue.peek();
    }

    private void initializeClient() {
        if (!this.indexToRemoteCluster) {
            this.client = (Client) this.clientProvider.get();
            return;
        }
        Settings byPrefix = this.settings.getByPrefix("shield.audit.index.client.");
        String[] asArray = byPrefix.getAsArray("hosts");
        if (asArray.length == 0) {
            throw new ElasticsearchException("missing required setting [shield.audit.index.client.hosts] for remote audit log indexing", new Object[0]);
        }
        if (byPrefix.get("cluster.name", "").isEmpty()) {
            throw new ElasticsearchException("missing required setting [shield.audit.index.client.cluster.name] for remote audit log indexing", new Object[0]);
        }
        ArrayList<Tuple> arrayList = new ArrayList();
        for (String str : asArray) {
            List splitToList = Splitter.on(":").splitToList(str.trim());
            if (splitToList.size() != 1 && splitToList.size() != 2) {
                this.logger.warn("invalid host:port specified: [{}] for setting [shield.audit.index.client.hosts]", new Object[]{str});
            }
            arrayList.add(new Tuple(splitToList.get(0), Integer.valueOf(splitToList.size() == 2 ? Integer.valueOf((String) splitToList.get(1)).intValue() : 9300)));
        }
        if (arrayList.size() == 0) {
            throw new ElasticsearchException("no valid host:port pairs specified for setting [shield.audit.index.client.hosts]", new Object[0]);
        }
        TransportClient build = TransportClient.builder().settings(Settings.builder().put("name", "shield-audit-client-" + this.settings.get("name")).put(byPrefix)).addPlugin(ShieldPlugin.class).build();
        for (Tuple tuple : arrayList) {
            try {
                build.addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName((String) tuple.v1()), ((Integer) tuple.v2()).intValue()));
            } catch (UnknownHostException e) {
                throw new ElasticsearchException("could not find host {}", e, new Object[]{tuple.v1()});
            }
        }
        this.client = build;
        this.logger.info("forwarding audit events to remote cluster [{}] using hosts [{}]", new Object[]{byPrefix.get("cluster.name", ""), arrayList.toString()});
    }

    Settings customAuditIndexSettings(Settings settings) {
        Settings build = Settings.builder().put(settings.getAsSettings("shield.audit.index.settings.index")).build();
        if (build.names().isEmpty()) {
            return Settings.EMPTY;
        }
        Settings.Builder builder = Settings.builder();
        for (Map.Entry entry : build.getAsMap().entrySet()) {
            String str = "index." + ((String) entry.getKey());
            if (forbiddenIndexSettings.contains(str)) {
                this.logger.warn("overriding the default [{}} setting is forbidden. ignoring...", new Object[]{str});
            } else {
                builder.put(str, (String) entry.getValue());
            }
        }
        return builder.build();
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x0212: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:59:0x0212 */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x020e: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:57:0x020e */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r9v1, types: [java.io.InputStream] */
    void putTemplate(Settings settings) {
        try {
            try {
                InputStream resourceAsStream = getClass().getResourceAsStream("/shield_audit_log.json");
                Throwable th = null;
                ContextAndHeaderHolder source = new PutIndexTemplateRequest(INDEX_TEMPLATE_NAME).source(ByteStreams.toByteArray(resourceAsStream));
                if (settings != null && settings.names().size() > 0) {
                    source.settings(Settings.builder().put(source.settings()).put(settings).build());
                }
                if (!$assertionsDisabled && Thread.currentThread().isInterrupted()) {
                    throw new AssertionError("current thread has been interrupted before putting index template!!!");
                }
                if (!this.indexToRemoteCluster) {
                    this.authenticationService.attachUserHeaderIfMissing(source, InternalAuditUser.INSTANCE);
                }
                if (!((PutIndexTemplateResponse) this.client.admin().indices().putTemplate(source).actionGet()).isAcknowledged()) {
                    throw new IllegalStateException("failed to put index template for audit logging");
                }
                Message peek = this.eventQueue.peek();
                String resolve = IndexNameResolver.resolve(INDEX_NAME_PREFIX, peek != null ? peek.timestamp : DateTime.now(DateTimeZone.UTC), this.rollover);
                ContextAndHeaderHolder indicesExistsRequest = new IndicesExistsRequest(new String[]{resolve});
                if (!this.indexToRemoteCluster) {
                    this.authenticationService.attachUserHeaderIfMissing(indicesExistsRequest, InternalAuditUser.INSTANCE);
                }
                if (((IndicesExistsResponse) this.client.admin().indices().exists(indicesExistsRequest).get()).isExists()) {
                    this.logger.debug("index [{}] exists so we need to update mappings", new Object[]{resolve});
                    ContextAndHeaderHolder source2 = new PutMappingRequest(new String[]{resolve}).type(DOC_TYPE).source((String) source.mappings().get(DOC_TYPE));
                    if (!this.indexToRemoteCluster) {
                        this.authenticationService.attachUserHeaderIfMissing(source2, InternalAuditUser.INSTANCE);
                    }
                    if (!((PutMappingResponse) this.client.admin().indices().putMapping(source2).get()).isAcknowledged()) {
                        throw new IllegalStateException("failed to put mappings for audit logging index [" + resolve + "]");
                    }
                } else {
                    this.logger.debug("index [{}] does not exist so we do not need to update mappings", new Object[]{resolve});
                }
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
            } finally {
            }
        } catch (Exception e) {
            this.logger.debug("unexpected exception while putting index template", e, new Object[0]);
            throw new IllegalStateException("failed to load [shield_audit_log.json]", e);
        }
    }

    BlockingQueue<Message> createQueue(int i) {
        return new LinkedBlockingQueue(i);
    }

    private void initializeBulkProcessor() {
        int min = Math.min(this.settings.getAsInt("shield.audit.index.bulk_size", 1000).intValue(), MAX_BULK_SIZE);
        int i = min < 1 ? 1000 : min;
        TimeValue asTime = this.settings.getAsTime("shield.audit.index.flush_interval", DEFAULT_FLUSH_INTERVAL);
        this.bulkProcessor = BulkProcessor.builder(this.client, new BulkProcessor.Listener() { // from class: org.elasticsearch.shield.audit.index.IndexAuditTrail.1
            public void beforeBulk(long j, BulkRequest bulkRequest) {
                try {
                    if (!IndexAuditTrail.this.indexToRemoteCluster) {
                        IndexAuditTrail.this.authenticationService.attachUserHeaderIfMissing(bulkRequest, InternalAuditUser.INSTANCE);
                    }
                } catch (IOException e) {
                    throw new ElasticsearchException("failed to attach user header", e, new Object[0]);
                }
            }

            public void afterBulk(long j, BulkRequest bulkRequest, BulkResponse bulkResponse) {
                if (bulkResponse.hasFailures()) {
                    IndexAuditTrail.this.logger.info("failed to bulk index audit events: [{}]", new Object[]{bulkResponse.buildFailureMessage()});
                }
            }

            public void afterBulk(long j, BulkRequest bulkRequest, Throwable th) {
                IndexAuditTrail.this.logger.error("failed to bulk index audit events: [{}]", th, new Object[]{th.getMessage()});
            }
        }).setBulkActions(i).setFlushInterval(asTime.millis() < 1 ? DEFAULT_FLUSH_INTERVAL : asTime).setConcurrentRequests(1).build();
    }

    public void clusterChanged(ClusterChangedEvent clusterChangedEvent) {
        if (state() == State.STARTED && !this.indexToRemoteCluster && clusterChangedEvent.localNodeMaster() && clusterChangedEvent.state().metaData().templates().get(INDEX_TEMPLATE_NAME) == null) {
            this.logger.debug("shield audit index template [{}] does not exist. it may have been deleted - putting the template", new Object[]{INDEX_TEMPLATE_NAME});
            this.threadPool.generic().execute(new AbstractRunnable() { // from class: org.elasticsearch.shield.audit.index.IndexAuditTrail.2
                public void onFailure(Throwable th) {
                    IndexAuditTrail.this.logger.error("failed to update shield audit index template [{}]", th, new Object[]{IndexAuditTrail.INDEX_TEMPLATE_NAME});
                }

                protected void doRun() throws Exception {
                    if (!IndexAuditTrail.this.putMappingLock.tryLock()) {
                        IndexAuditTrail.this.logger.trace("unable to PUT shield audit index template as the lock is already held", new Object[0]);
                        return;
                    }
                    try {
                        IndexAuditTrail.this.putTemplate(IndexAuditTrail.this.customAuditIndexSettings(IndexAuditTrail.this.settings));
                        IndexAuditTrail.this.putMappingLock.unlock();
                    } catch (Throwable th) {
                        IndexAuditTrail.this.putMappingLock.unlock();
                        throw th;
                    }
                }
            });
        }
    }

    static {
        $assertionsDisabled = !IndexAuditTrail.class.desiredAssertionStatus();
        DEFAULT_FLUSH_INTERVAL = TimeValue.timeValueSeconds(1L);
        DEFAULT_ROLLOVER = IndexNameResolver.Rollover.DAILY;
        DEFAULT_EVENT_INCLUDES = new String[]{IndexAuditLevel.ACCESS_DENIED.toString(), IndexAuditLevel.ACCESS_GRANTED.toString(), IndexAuditLevel.ANONYMOUS_ACCESS_DENIED.toString(), IndexAuditLevel.AUTHENTICATION_FAILED.toString(), IndexAuditLevel.CONNECTION_DENIED.toString(), IndexAuditLevel.CONNECTION_GRANTED.toString(), IndexAuditLevel.TAMPERED_REQUEST.toString(), IndexAuditLevel.RUN_AS_DENIED.toString(), IndexAuditLevel.RUN_AS_GRANTED.toString()};
        forbiddenIndexSettings = ImmutableSet.of("index.mapper.dynamic");
    }
}
