package org.elasticsearch.shield.authc.esnative;

import com.carrotsearch.hppc.ObjectHashSet;
import com.carrotsearch.hppc.ObjectLongHashMap;
import com.carrotsearch.hppc.ObjectLongMap;
import com.carrotsearch.hppc.cursors.ObjectCursor;
import com.carrotsearch.hppc.cursors.ObjectLongCursor;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.ExceptionsHelper;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.LatchedActionListener;
import org.elasticsearch.action.delete.DeleteRequest;
import org.elasticsearch.action.delete.DeleteResponse;
import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.search.ClearScrollResponse;
import org.elasticsearch.action.search.SearchRequest;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.action.update.UpdateResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.ClusterChangedEvent;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.ClusterStateListener;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.ValidationException;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.inject.Provider;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
import org.elasticsearch.gateway.GatewayService;
import org.elasticsearch.index.IndexNotFoundException;
import org.elasticsearch.index.engine.DocumentMissingException;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.search.SearchHit;
import org.elasticsearch.shield.InternalShieldUser;
import org.elasticsearch.shield.ShieldTemplateService;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.action.realm.ClearRealmCacheRequest;
import org.elasticsearch.shield.action.realm.ClearRealmCacheResponse;
import org.elasticsearch.shield.action.user.DeleteUserRequest;
import org.elasticsearch.shield.action.user.PutUserRequest;
import org.elasticsearch.shield.authc.AuthenticationService;
import org.elasticsearch.shield.authc.support.Hasher;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.client.ShieldClient;
import org.elasticsearch.shield.support.ClientWithUser;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.RemoteTransportException;

/* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/authc/esnative/ESNativeUsersStore.class */
public class ESNativeUsersStore extends AbstractComponent implements ClusterStateListener {
    public static final String USER_DOC_TYPE = "user";
    private final ObjectLongHashMap<String> versionMap;
    private final Hasher hasher;
    private final List<ChangeListener> listeners;
    private final AtomicReference<State> state;
    private final Provider<Client> clientProvider;
    private final Provider<AuthenticationService> authProvider;
    private final ThreadPool threadPool;
    private ThreadPool.Cancellable userPoller;
    private Client client;
    private int scrollSize;
    private TimeValue scrollKeepAlive;
    private volatile boolean shieldIndexExists;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/authc/esnative/ESNativeUsersStore$ChangeListener.class */
    public interface ChangeListener {
        void onUsersChanged(List<String> list);
    }

    /* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/authc/esnative/ESNativeUsersStore$State.class */
    public enum State {
        INITIALIZED,
        STARTING,
        STARTED,
        STOPPING,
        STOPPED,
        FAILED
    }

    /* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/authc/esnative/ESNativeUsersStore$UserStorePoller.class */
    private class UserStorePoller extends AbstractRunnable {
        static final /* synthetic */ boolean $assertionsDisabled;

        private UserStorePoller() {
        }

        public void doRun() {
            Client client = ESNativeUsersStore.this.client;
            if (isStopped()) {
                return;
            }
            if (!ESNativeUsersStore.this.shieldIndexExists) {
                ESNativeUsersStore.this.logger.trace("cannot poll for user changes since security index [{}] does not exist", new Object[]{ShieldTemplateService.SECURITY_INDEX_NAME});
                return;
            }
            ESNativeUsersStore.this.logger.trace("starting polling of user index to check for changes", new Object[0]);
            ObjectHashSet objectHashSet = new ObjectHashSet(ESNativeUsersStore.this.versionMap.keys());
            ArrayList arrayList = new ArrayList();
            Iterator it = collectUsersAndVersions(client).iterator();
            while (it.hasNext()) {
                ObjectLongCursor objectLongCursor = (ObjectLongCursor) it.next();
                String str = (String) objectLongCursor.key;
                long j = objectLongCursor.value;
                if (objectHashSet.contains(str)) {
                    long j2 = ESNativeUsersStore.this.versionMap.get(str);
                    if (j != j2) {
                        if (!$assertionsDisabled && j <= j2) {
                            throw new AssertionError();
                        }
                        ESNativeUsersStore.this.versionMap.put(str, j);
                        arrayList.add(str);
                    }
                    objectHashSet.remove(str);
                } else {
                    ESNativeUsersStore.this.versionMap.put(str, j);
                }
            }
            if (isStopped()) {
                return;
            }
            Iterator it2 = objectHashSet.iterator();
            while (it2.hasNext()) {
                String str2 = (String) ((ObjectCursor) it2.next()).value;
                ESNativeUsersStore.this.versionMap.remove(str2);
                arrayList.add(str2);
            }
            if (arrayList.isEmpty()) {
                return;
            }
            List<String> unmodifiableList = Collections.unmodifiableList(arrayList);
            if (ESNativeUsersStore.this.logger.isDebugEnabled()) {
                ESNativeUsersStore.this.logger.debug("changes detected for users [{}]", new Object[]{unmodifiableList});
            }
            Throwable th = null;
            Iterator it3 = ESNativeUsersStore.this.listeners.iterator();
            while (it3.hasNext()) {
                try {
                    ((ChangeListener) it3.next()).onUsersChanged(unmodifiableList);
                } catch (Throwable th2) {
                    th = ExceptionsHelper.useOrSuppress(th, th2);
                }
            }
            ExceptionsHelper.reThrowIfNotNull(th);
        }

        public void onFailure(Throwable th) {
            ESNativeUsersStore.this.logger.error("error occurred while checking the native users for changes", th, new Object[0]);
        }

        /* JADX WARN: Finally extract failed */
        private ObjectLongMap<String> collectUsersAndVersions(Client client) {
            ObjectLongHashMap objectLongHashMap = new ObjectLongHashMap();
            SearchResponse searchResponse = null;
            try {
                try {
                    client.admin().indices().prepareRefresh(new String[]{ShieldTemplateService.SECURITY_INDEX_NAME}).get();
                    searchResponse = (SearchResponse) client.search(client.prepareSearch(new String[]{ShieldTemplateService.SECURITY_INDEX_NAME}).setScroll(ESNativeUsersStore.this.scrollKeepAlive).setQuery(QueryBuilders.typeQuery(ESNativeUsersStore.USER_DOC_TYPE)).setSize(ESNativeUsersStore.this.scrollSize).setVersion(true).setFetchSource(false).request()).actionGet();
                    boolean z = searchResponse.getHits().getHits().length > 0;
                    while (z) {
                        if (isStopped()) {
                            ObjectLongHashMap objectLongHashMap2 = new ObjectLongHashMap();
                            if (searchResponse != null) {
                                client.clearScroll(client.prepareClearScroll().addScrollId(searchResponse.getScrollId()).request()).actionGet();
                            }
                            return objectLongHashMap2;
                        }
                        for (SearchHit searchHit : searchResponse.getHits().getHits()) {
                            objectLongHashMap.put(searchHit.id(), searchHit.version());
                        }
                        searchResponse = (SearchResponse) client.searchScroll(client.prepareSearchScroll(searchResponse.getScrollId()).setScroll(ESNativeUsersStore.this.scrollKeepAlive).request()).actionGet();
                        z = searchResponse.getHits().getHits().length > 0;
                    }
                    if (searchResponse != null) {
                        client.clearScroll(client.prepareClearScroll().addScrollId(searchResponse.getScrollId()).request()).actionGet();
                    }
                } catch (IndexNotFoundException e) {
                    ESNativeUsersStore.this.logger.trace("security index does not exist", e, new Object[0]);
                    if (searchResponse != null) {
                        client.clearScroll(client.prepareClearScroll().addScrollId(searchResponse.getScrollId()).request()).actionGet();
                    }
                }
                return objectLongHashMap;
            } catch (Throwable th) {
                if (searchResponse != null) {
                    client.clearScroll(client.prepareClearScroll().addScrollId(searchResponse.getScrollId()).request()).actionGet();
                }
                throw th;
            }
        }

        private boolean isStopped() {
            State state = ESNativeUsersStore.this.state();
            return state == State.STOPPED || state == State.STOPPING;
        }

        static {
            $assertionsDisabled = !ESNativeUsersStore.class.desiredAssertionStatus();
        }
    }

    @Inject
    public ESNativeUsersStore(Settings settings, Provider<Client> provider, Provider<AuthenticationService> provider2, ThreadPool threadPool) {
        super(settings);
        this.versionMap = new ObjectLongHashMap<>();
        this.hasher = Hasher.BCRYPT;
        this.listeners = new CopyOnWriteArrayList();
        this.state = new AtomicReference<>(State.INITIALIZED);
        this.shieldIndexExists = false;
        this.clientProvider = provider;
        this.authProvider = provider2;
        this.threadPool = threadPool;
    }

    public User getUser(String str) {
        if (state() != State.STARTED) {
            this.logger.trace("attempted to get user [{}] before service was started", new Object[]{str});
            return null;
        }
        UserAndPassword userAndPassword = getUserAndPassword(str);
        if (userAndPassword == null) {
            return null;
        }
        return userAndPassword.user();
    }

    public void getUser(final String str, final ActionListener<User> actionListener) {
        if (state() == State.STARTED) {
            getUserAndPassword(str, new ActionListener<UserAndPassword>() { // from class: org.elasticsearch.shield.authc.esnative.ESNativeUsersStore.1
                public void onResponse(UserAndPassword userAndPassword) {
                    actionListener.onResponse(userAndPassword == null ? null : userAndPassword.user());
                }

                public void onFailure(Throwable th) {
                    if (th instanceof IndexNotFoundException) {
                        ESNativeUsersStore.this.logger.trace("failed to retrieve user [{}] since security index does not exist", new Object[]{str});
                    } else {
                        ESNativeUsersStore.this.logger.debug("failed to retrieve user [{}]", th, new Object[]{str});
                    }
                    actionListener.onResponse((Object) null);
                }
            });
        } else {
            this.logger.trace("attempted to get user [{}] before service was started", new Object[]{str});
            actionListener.onFailure(new IllegalStateException("user cannot be retrieved as native user service has not been started"));
        }
    }

    public void getUsers(String[] strArr, final ActionListener<List<User>> actionListener) {
        if (state() != State.STARTED) {
            this.logger.trace("attempted to get users before service was started", new Object[0]);
            actionListener.onFailure(new IllegalStateException("users cannot be retrieved as native user service has not been started"));
            return;
        }
        try {
            final ArrayList arrayList = new ArrayList();
            SearchRequest request = this.client.prepareSearch(new String[]{ShieldTemplateService.SECURITY_INDEX_NAME}).setScroll(this.scrollKeepAlive).setTypes(new String[]{USER_DOC_TYPE}).setQuery((strArr == null || strArr.length == 0) ? QueryBuilders.matchAllQuery() : QueryBuilders.boolQuery().filter(QueryBuilders.idsQuery(new String[]{USER_DOC_TYPE}).addIds(strArr))).setSize(this.scrollSize).setFetchSource(true).request();
            request.indicesOptions().ignoreUnavailable();
            this.client.search(request, new ActionListener<SearchResponse>() { // from class: org.elasticsearch.shield.authc.esnative.ESNativeUsersStore.2
                private SearchResponse lastResponse = null;

                public void onResponse(SearchResponse searchResponse) {
                    this.lastResponse = searchResponse;
                    if (!(searchResponse.getHits().getHits().length > 0)) {
                        if (searchResponse.getScrollId() != null) {
                            ESNativeUsersStore.this.clearScrollResponse(searchResponse.getScrollId());
                        }
                        actionListener.onResponse(Collections.unmodifiableList(arrayList));
                        return;
                    }
                    for (SearchHit searchHit : searchResponse.getHits().getHits()) {
                        UserAndPassword transformUser = ESNativeUsersStore.this.transformUser(searchHit.getId(), searchHit.getSource());
                        if (transformUser != null) {
                            arrayList.add(transformUser.user());
                        }
                    }
                    ESNativeUsersStore.this.client.searchScroll(ESNativeUsersStore.this.client.prepareSearchScroll(searchResponse.getScrollId()).setScroll(ESNativeUsersStore.this.scrollKeepAlive).request(), this);
                }

                public void onFailure(Throwable th) {
                    if (this.lastResponse != null && this.lastResponse.getScrollId() != null) {
                        ESNativeUsersStore.this.clearScrollResponse(this.lastResponse.getScrollId());
                    }
                    if (!(th instanceof IndexNotFoundException)) {
                        actionListener.onFailure(th);
                    } else {
                        ESNativeUsersStore.this.logger.trace("could not retrieve users because security index does not exist", new Object[0]);
                        actionListener.onResponse(Collections.emptyList());
                    }
                }
            });
        } catch (Exception e) {
            this.logger.error("unable to retrieve users {}", e, new Object[]{Arrays.toString(strArr)});
            actionListener.onFailure(e);
        }
    }

    private UserAndPassword getUserAndPassword(final String str) {
        final AtomicReference atomicReference = new AtomicReference(null);
        CountDownLatch countDownLatch = new CountDownLatch(1);
        getUserAndPassword(str, new LatchedActionListener(new ActionListener<UserAndPassword>() { // from class: org.elasticsearch.shield.authc.esnative.ESNativeUsersStore.3
            public void onResponse(UserAndPassword userAndPassword) {
                atomicReference.set(userAndPassword);
            }

            public void onFailure(Throwable th) {
                if (th instanceof IndexNotFoundException) {
                    ESNativeUsersStore.this.logger.trace("failed to retrieve user [{}] since security index does not exist", th, new Object[]{str});
                } else {
                    ESNativeUsersStore.this.logger.error("failed to retrieve user [{}]", th, new Object[]{str});
                }
            }
        }, countDownLatch));
        try {
            countDownLatch.await(30L, TimeUnit.SECONDS);
            return (UserAndPassword) atomicReference.get();
        } catch (InterruptedException e) {
            this.logger.error("timed out retrieving user [{}]", new Object[]{str});
            return null;
        }
    }

    private void getUserAndPassword(final String str, final ActionListener<UserAndPassword> actionListener) {
        try {
            this.client.get(this.client.prepareGet(ShieldTemplateService.SECURITY_INDEX_NAME, USER_DOC_TYPE, str).request(), new ActionListener<GetResponse>() { // from class: org.elasticsearch.shield.authc.esnative.ESNativeUsersStore.4
                public void onResponse(GetResponse getResponse) {
                    actionListener.onResponse(ESNativeUsersStore.this.transformUser(getResponse.getId(), getResponse.getSource()));
                }

                public void onFailure(Throwable th) {
                    if (th instanceof IndexNotFoundException) {
                        ESNativeUsersStore.this.logger.trace("could not retrieve user [{}] because security index does not exist", th, new Object[]{str});
                    } else {
                        ESNativeUsersStore.this.logger.error("failed to retrieve user [{}]", th, new Object[]{str});
                    }
                    actionListener.onResponse((Object) null);
                }
            });
        } catch (Exception e) {
            this.logger.error("unable to retrieve user [{}]", e, new Object[]{str});
            actionListener.onFailure(e);
        } catch (IndexNotFoundException e2) {
            this.logger.trace("could not retrieve user [{}] because security index does not exist", new Object[]{str});
            actionListener.onResponse((Object) null);
        }
    }

    public void putUser(PutUserRequest putUserRequest, ActionListener<Boolean> actionListener) {
        if (state() != State.STARTED) {
            actionListener.onFailure(new IllegalStateException("user cannot be added as native user service has not been started"));
            return;
        }
        try {
            if (putUserRequest.passwordHash() == null) {
                updateUserWithoutPassword(putUserRequest, actionListener);
            } else {
                indexUser(putUserRequest, actionListener);
            }
        } catch (Exception e) {
            this.logger.error("unable to put user [{}]", e, new Object[]{putUserRequest.username()});
            actionListener.onFailure(e);
        }
    }

    private void updateUserWithoutPassword(final PutUserRequest putUserRequest, final ActionListener<Boolean> actionListener) {
        if (!$assertionsDisabled && putUserRequest.passwordHash() != null) {
            throw new AssertionError();
        }
        this.client.prepareUpdate(ShieldTemplateService.SECURITY_INDEX_NAME, USER_DOC_TYPE, putUserRequest.username()).setDoc(new Object[]{User.Fields.USERNAME.getPreferredName(), putUserRequest.username(), User.Fields.ROLES.getPreferredName(), putUserRequest.roles(), User.Fields.FULL_NAME.getPreferredName(), putUserRequest.fullName(), User.Fields.EMAIL.getPreferredName(), putUserRequest.email(), User.Fields.METADATA.getPreferredName(), putUserRequest.metadata()}).setRefresh(putUserRequest.refresh()).execute(new ActionListener<UpdateResponse>() { // from class: org.elasticsearch.shield.authc.esnative.ESNativeUsersStore.5
            static final /* synthetic */ boolean $assertionsDisabled;

            public void onResponse(UpdateResponse updateResponse) {
                if (!$assertionsDisabled && updateResponse.isCreated()) {
                    throw new AssertionError();
                }
                ESNativeUsersStore.this.clearRealmCache(putUserRequest.username(), actionListener, false);
            }

            public void onFailure(Throwable th) {
                Throwable th2 = th;
                if (th instanceof RemoteTransportException) {
                    th2 = ExceptionsHelper.unwrapCause(th);
                    if (!(th2 instanceof IndexNotFoundException) && !(th2 instanceof DocumentMissingException)) {
                        actionListener.onFailure(th);
                        return;
                    }
                }
                ESNativeUsersStore.this.logger.debug("failed to update user document with username [{}]", th2, new Object[]{putUserRequest.username()});
                ValidationException validationException = new ValidationException();
                validationException.addValidationError("password must be specified unless you are updating an existing user");
                actionListener.onFailure(validationException);
            }

            static {
                $assertionsDisabled = !ESNativeUsersStore.class.desiredAssertionStatus();
            }
        });
    }

    private void indexUser(final PutUserRequest putUserRequest, final ActionListener<Boolean> actionListener) {
        if (!$assertionsDisabled && putUserRequest.passwordHash() == null) {
            throw new AssertionError();
        }
        this.client.prepareIndex(ShieldTemplateService.SECURITY_INDEX_NAME, USER_DOC_TYPE, putUserRequest.username()).setSource(new Object[]{User.Fields.USERNAME.getPreferredName(), putUserRequest.username(), User.Fields.PASSWORD.getPreferredName(), String.valueOf(putUserRequest.passwordHash()), User.Fields.ROLES.getPreferredName(), putUserRequest.roles(), User.Fields.FULL_NAME.getPreferredName(), putUserRequest.fullName(), User.Fields.EMAIL.getPreferredName(), putUserRequest.email(), User.Fields.METADATA.getPreferredName(), putUserRequest.metadata()}).setRefresh(putUserRequest.refresh()).execute(new ActionListener<IndexResponse>() { // from class: org.elasticsearch.shield.authc.esnative.ESNativeUsersStore.6
            public void onResponse(IndexResponse indexResponse) {
                if (indexResponse.isCreated()) {
                    actionListener.onResponse(Boolean.valueOf(indexResponse.isCreated()));
                } else {
                    ESNativeUsersStore.this.clearRealmCache(putUserRequest.username(), actionListener, Boolean.valueOf(indexResponse.isCreated()));
                }
            }

            public void onFailure(Throwable th) {
                actionListener.onFailure(th);
            }
        });
    }

    public void deleteUser(final DeleteUserRequest deleteUserRequest, final ActionListener<Boolean> actionListener) {
        if (state() != State.STARTED) {
            actionListener.onFailure(new IllegalStateException("user cannot be deleted as native user service has not been started"));
            return;
        }
        try {
            DeleteRequest request = this.client.prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME, USER_DOC_TYPE, deleteUserRequest.username()).request();
            request.indicesOptions().ignoreUnavailable();
            request.refresh(deleteUserRequest.refresh());
            this.client.delete(request, new ActionListener<DeleteResponse>() { // from class: org.elasticsearch.shield.authc.esnative.ESNativeUsersStore.7
                public void onResponse(DeleteResponse deleteResponse) {
                    ESNativeUsersStore.this.clearRealmCache(deleteUserRequest.username(), actionListener, Boolean.valueOf(deleteResponse.isFound()));
                }

                public void onFailure(Throwable th) {
                    actionListener.onFailure(th);
                }
            });
        } catch (Exception e) {
            this.logger.error("unable to remove user", e, new Object[0]);
            actionListener.onFailure(e);
        }
    }

    public boolean canStart(ClusterState clusterState, boolean z) {
        if (state() != State.INITIALIZED) {
            return false;
        }
        if (clusterState.blocks().hasGlobalBlock(GatewayService.STATE_NOT_RECOVERED_BLOCK)) {
            this.logger.debug("native users store waiting until gateway has recovered from disk", new Object[0]);
            return false;
        }
        if (clusterState.metaData().templates().get(ShieldTemplateService.SECURITY_TEMPLATE_NAME) == null) {
            this.logger.debug("native users template [{}] does not exist, so service cannot start", new Object[]{ShieldTemplateService.SECURITY_TEMPLATE_NAME});
            return false;
        }
        if (clusterState.metaData().index(ShieldTemplateService.SECURITY_INDEX_NAME) == null) {
            this.logger.debug("security index [{}] does not exist, so service can start", new Object[]{ShieldTemplateService.SECURITY_INDEX_NAME});
            return true;
        }
        if (!clusterState.routingTable().index(ShieldTemplateService.SECURITY_INDEX_NAME).allPrimaryShardsActive()) {
            return false;
        }
        this.logger.debug("security index [{}] all primary shards started, so service can start", new Object[]{ShieldTemplateService.SECURITY_INDEX_NAME});
        return true;
    }

    /* JADX WARN: Type inference failed for: r0v10, types: [org.elasticsearch.shield.authc.esnative.ESNativeUsersStore$UserStorePoller, java.lang.Runnable] */
    public void start() {
        try {
            if (this.state.compareAndSet(State.INITIALIZED, State.STARTING)) {
                this.client = new ClientWithUser((Client) this.clientProvider.get(), (AuthenticationService) this.authProvider.get(), InternalShieldUser.INSTANCE);
                this.scrollSize = this.settings.getAsInt("shield.authc.native.scroll.size", 1000).intValue();
                this.scrollKeepAlive = this.settings.getAsTime("shield.authc.native.scroll.keep_alive", TimeValue.timeValueSeconds(10L));
                ?? userStorePoller = new UserStorePoller();
                try {
                    userStorePoller.doRun();
                } catch (Exception e) {
                    this.logger.warn("failed to do initial poll of users", e, new Object[0]);
                }
                this.userPoller = this.threadPool.scheduleWithFixedDelay((Runnable) userStorePoller, this.settings.getAsTime("shield.authc.native.reload.interval", TimeValue.timeValueSeconds(30L)), "generic");
                this.state.set(State.STARTED);
            }
        } catch (Exception e2) {
            this.logger.error("failed to start native user store", e2, new Object[0]);
            this.state.set(State.FAILED);
        }
    }

    public void stop() {
        try {
            if (this.state.compareAndSet(State.STARTED, State.STOPPING)) {
                try {
                    this.userPoller.cancel();
                    this.state.set(State.STOPPED);
                } catch (Throwable th) {
                    this.state.set(State.FAILED);
                    throw th;
                }
            }
        } catch (Throwable th2) {
            this.state.set(State.STOPPED);
            throw th2;
        }
    }

    public User verifyPassword(String str, SecuredString securedString) {
        if (state() != State.STARTED) {
            this.logger.trace("attempted to verify user credentials for [{}] but service was not started", new Object[]{str});
            return null;
        }
        UserAndPassword userAndPassword = getUserAndPassword(str);
        if (userAndPassword == null || userAndPassword.passwordHash() == null || !this.hasher.verify(securedString, userAndPassword.passwordHash())) {
            return null;
        }
        return userAndPassword.user();
    }

    public void addListener(ChangeListener changeListener) {
        this.listeners.add(changeListener);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void clearScrollResponse(final String str) {
        this.client.clearScroll(this.client.prepareClearScroll().addScrollId(str).request(), new ActionListener<ClearScrollResponse>() { // from class: org.elasticsearch.shield.authc.esnative.ESNativeUsersStore.8
            public void onResponse(ClearScrollResponse clearScrollResponse) {
            }

            public void onFailure(Throwable th) {
                ESNativeUsersStore.this.logger.warn("failed to clear scroll [{}]", th, new Object[]{str});
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <Response> void clearRealmCache(final String str, final ActionListener<Response> actionListener, final Response response) {
        ShieldClient shieldClient = new ShieldClient(this.client);
        shieldClient.clearRealmCache((ClearRealmCacheRequest) shieldClient.prepareClearRealmCache().usernames(str).request(), new ActionListener<ClearRealmCacheResponse>() { // from class: org.elasticsearch.shield.authc.esnative.ESNativeUsersStore.9
            public void onResponse(ClearRealmCacheResponse clearRealmCacheResponse) {
                actionListener.onResponse(response);
            }

            public void onFailure(Throwable th) {
                ESNativeUsersStore.this.logger.error("unable to clear realm cache for user [{}]", th, new Object[]{str});
                actionListener.onFailure(new ElasticsearchException("clearing the cache for [" + str + "] failed. please clear the realm cache manually", th, new Object[0]));
            }
        });
    }

    public void clusterChanged(ClusterChangedEvent clusterChangedEvent) {
        if (!(clusterChangedEvent.state().metaData().indices().get(ShieldTemplateService.SECURITY_INDEX_NAME) != null) || !clusterChangedEvent.state().routingTable().index(ShieldTemplateService.SECURITY_INDEX_NAME).allPrimaryShardsActive()) {
            this.shieldIndexExists = false;
        } else {
            this.logger.debug("security index [{}] all primary shards started, so polling can start", new Object[]{ShieldTemplateService.SECURITY_INDEX_NAME});
            this.shieldIndexExists = true;
        }
    }

    public State state() {
        return this.state.get();
    }

    public void reset() {
        State state = state();
        if (state != State.STOPPED && state != State.FAILED) {
            throw new IllegalStateException("can only reset if stopped!!!");
        }
        this.versionMap.clear();
        this.listeners.clear();
        this.client = null;
        this.shieldIndexExists = false;
        this.state.set(State.INITIALIZED);
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nullable
    public UserAndPassword transformUser(String str, Map<String, Object> map) {
        if (map == null) {
            return null;
        }
        try {
            return new UserAndPassword(new User(str, (String[]) ((List) map.get(User.Fields.ROLES.getPreferredName())).toArray(Strings.EMPTY_ARRAY), (String) map.get(User.Fields.FULL_NAME.getPreferredName()), (String) map.get(User.Fields.EMAIL.getPreferredName()), (Map) map.get(User.Fields.METADATA.getPreferredName())), ((String) map.get(User.Fields.PASSWORD.getPreferredName())).toCharArray());
        } catch (Exception e) {
            this.logger.error("error in the format of data for user [{}]", e, new Object[]{str});
            return null;
        }
    }

    static {
        $assertionsDisabled = !ESNativeUsersStore.class.desiredAssertionStatus();
    }
}
