package org.elasticsearch.xpack.security.support;

import java.io.IOException;
import java.io.UncheckedIOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Comparator;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Function;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.Version;
import org.elasticsearch.client.internal.Client;
import org.elasticsearch.cluster.metadata.IndexMetadata;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.VersionId;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.features.FeatureService;
import org.elasticsearch.features.NodeFeature;
import org.elasticsearch.index.IndexSettings;
import org.elasticsearch.indices.ExecutorNames;
import org.elasticsearch.indices.SystemIndexDescriptor;
import org.elasticsearch.xcontent.XContentBuilder;
import org.elasticsearch.xcontent.XContentFactory;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;

/* loaded from: input_file:org/elasticsearch/xpack/security/support/SecuritySystemIndices.class */
public class SecuritySystemIndices {
    public static final int INTERNAL_MAIN_INDEX_FORMAT = 6;
    private static final int INTERNAL_TOKENS_INDEX_FORMAT = 7;
    private static final int INTERNAL_TOKENS_INDEX_MAPPINGS_FORMAT = 1;
    private static final int INTERNAL_PROFILE_INDEX_FORMAT = 8;
    private static final int INTERNAL_PROFILE_INDEX_MAPPINGS_FORMAT = 2;
    public static final String SECURITY_MAIN_ALIAS = ".security";
    private static final String MAIN_INDEX_CONCRETE_NAME = ".security-7";
    public static final String SECURITY_TOKENS_ALIAS = ".security-tokens";
    private static final String TOKENS_INDEX_CONCRETE_NAME = ".security-tokens-7";
    public static final String INTERNAL_SECURITY_PROFILE_INDEX_8 = ".security-profile-8";
    public static final String SECURITY_PROFILE_ALIAS = ".security-profile";
    public static final Version VERSION_SECURITY_PROFILE_ORIGIN;
    public static final NodeFeature SECURITY_PROFILE_ORIGIN_FEATURE;
    public static final NodeFeature SECURITY_MIGRATION_FRAMEWORK;
    public static final NodeFeature SECURITY_ROLES_METADATA_FLATTENED;
    public static final NodeFeature SECURITY_ROLE_MAPPING_CLEANUP;
    public static final String BWC_MAPPINGS_VERSION = "8.14.0";
    private static final Logger logger;
    private final SystemIndexDescriptor profileDescriptor;
    static final /* synthetic */ boolean $assertionsDisabled;
    private final SystemIndexDescriptor mainDescriptor = getSecurityMainIndexDescriptor();
    private final SystemIndexDescriptor tokenDescriptor = getSecurityTokenIndexDescriptor();
    private final AtomicBoolean initialized = new AtomicBoolean(false);
    private SecurityIndexManager mainIndexManager = null;
    private SecurityIndexManager tokenIndexManager = null;
    private SecurityIndexManager profileIndexManager = null;

    /* loaded from: input_file:org/elasticsearch/xpack/security/support/SecuritySystemIndices$SecurityMainIndexMappingVersion.class */
    public enum SecurityMainIndexMappingVersion implements VersionId<SecurityMainIndexMappingVersion> {
        INITIAL(1),
        ADD_REMOTE_CLUSTER_AND_DESCRIPTION_FIELDS(SecuritySystemIndices.INTERNAL_PROFILE_INDEX_MAPPINGS_FORMAT),
        ADD_MANAGE_ROLES_PRIVILEGE(3);

        private static final SecurityMainIndexMappingVersion LATEST;
        private final int id;
        static final /* synthetic */ boolean $assertionsDisabled;

        SecurityMainIndexMappingVersion(int i) {
            if (!$assertionsDisabled && i <= 0) {
                throw new AssertionError();
            }
            this.id = i;
        }

        public int id() {
            return this.id;
        }

        public static SecurityMainIndexMappingVersion latest() {
            return LATEST;
        }

        public /* bridge */ /* synthetic */ int compareTo(VersionId versionId) {
            return super.compareTo((SecurityMainIndexMappingVersion) versionId);
        }

        static {
            $assertionsDisabled = !SecuritySystemIndices.class.desiredAssertionStatus();
            LATEST = (SecurityMainIndexMappingVersion) Arrays.stream(values()).max(Comparator.comparingInt(securityMainIndexMappingVersion -> {
                return securityMainIndexMappingVersion.id;
            })).orElseThrow();
        }
    }

    public SecuritySystemIndices(Settings settings) {
        this.profileDescriptor = getSecurityProfileIndexDescriptor(settings);
    }

    public Collection<SystemIndexDescriptor> getSystemIndexDescriptors() {
        return List.of(this.mainDescriptor, this.tokenDescriptor, this.profileDescriptor);
    }

    public void init(Client client, FeatureService featureService, ClusterService clusterService) {
        if (!this.initialized.compareAndSet(false, true)) {
            throw new IllegalStateException("Already initialized");
        }
        this.mainIndexManager = SecurityIndexManager.buildSecurityIndexManager(client, clusterService, featureService, this.mainDescriptor);
        this.tokenIndexManager = SecurityIndexManager.buildSecurityIndexManager(client, clusterService, featureService, this.tokenDescriptor);
        this.profileIndexManager = SecurityIndexManager.buildSecurityIndexManager(client, clusterService, featureService, this.profileDescriptor);
    }

    public SecurityIndexManager getMainIndexManager() {
        checkInitialized();
        return this.mainIndexManager;
    }

    public SecurityIndexManager getTokenIndexManager() {
        checkInitialized();
        return this.tokenIndexManager;
    }

    public SecurityIndexManager getProfileIndexManager() {
        return this.profileIndexManager;
    }

    private void checkInitialized() {
        if (this.initialized.get()) {
            return;
        }
        String str = "Attempt access " + getClass().getSimpleName() + " before it is initialized";
        if (!$assertionsDisabled) {
            throw new AssertionError(str);
        }
        throw new IllegalStateException(str);
    }

    private SystemIndexDescriptor getSecurityMainIndexDescriptor() {
        Function function = securityMainIndexMappingVersion -> {
            return SystemIndexDescriptor.builder().setIndexPattern(".security-[0-9]+*").setPrimaryIndex(MAIN_INDEX_CONCRETE_NAME).setDescription("Contains Security configuration").setMappings(getMainIndexMappings(securityMainIndexMappingVersion)).setSettings(getMainIndexSettings()).setAliasName(SECURITY_MAIN_ALIAS).setIndexFormat(6).setVersionMetaKey(SecurityIndexManager.SECURITY_VERSION_STRING).setOrigin("security").setThreadPools(ExecutorNames.CRITICAL_SYSTEM_INDEX_THREAD_POOLS);
        };
        return ((SystemIndexDescriptor.Builder) function.apply(SecurityMainIndexMappingVersion.latest())).setPriorSystemIndexDescriptors(List.of(((SystemIndexDescriptor.Builder) function.apply(SecurityMainIndexMappingVersion.INITIAL)).build())).build();
    }

    private static Settings getMainIndexSettings() {
        return Settings.builder().put("index.number_of_shards", 1).put("index.auto_expand_replicas", "0-1").put("index.routing.allocation.include._tier_preference", "data_hot,data_content").put("index.priority", 1000).put(IndexMetadata.INDEX_FORMAT_SETTING.getKey(), 6).put("analysis.filter.email.type", "pattern_capture").put("analysis.filter.email.preserve_original", true).putList("analysis.filter.email.patterns", List.of("([^@]+)", "(\\p{L}+)", "(\\d+)", "@(.+)")).put("analysis.analyzer.email.tokenizer", "uax_url_email").putList("analysis.analyzer.email.filter", List.of("email", "lowercase", "unique")).build();
    }

    private XContentBuilder getMainIndexMappings(SecurityMainIndexMappingVersion securityMainIndexMappingVersion) {
        try {
            XContentBuilder jsonBuilder = XContentFactory.jsonBuilder();
            jsonBuilder.startObject();
            jsonBuilder.startObject("_meta");
            jsonBuilder.field(SecurityIndexManager.SECURITY_VERSION_STRING, BWC_MAPPINGS_VERSION);
            jsonBuilder.field("managed_index_mappings_version", securityMainIndexMappingVersion.id);
            jsonBuilder.endObject();
            jsonBuilder.field("dynamic", "strict");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("username");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("roles");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("role_templates");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("template");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "text");
            jsonBuilder.endObject();
            jsonBuilder.startObject("format");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("password");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.field("index", false);
            jsonBuilder.field("doc_values", false);
            jsonBuilder.endObject();
            jsonBuilder.startObject("full_name");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "text");
            jsonBuilder.endObject();
            jsonBuilder.startObject("email");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "text");
            jsonBuilder.field("analyzer", "email");
            jsonBuilder.endObject();
            jsonBuilder.startObject("metadata");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.field("dynamic", false);
            jsonBuilder.endObject();
            jsonBuilder.startObject(FieldNameTranslators.FLATTENED_METADATA_INDEX_FIELD_NAME);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "flattened");
            jsonBuilder.endObject();
            jsonBuilder.startObject("enabled");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "boolean");
            jsonBuilder.endObject();
            jsonBuilder.startObject("cluster");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject(LoggingAuditTrail.INDICES_FIELD_NAME);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("field_security");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("grant");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("except");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("names");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("privileges");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("query");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("allow_restricted_indices");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "boolean");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("remote_indices");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("field_security");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("grant");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("except");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("names");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("privileges");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("query");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("allow_restricted_indices");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "boolean");
            jsonBuilder.endObject();
            jsonBuilder.startObject("clusters");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            if (securityMainIndexMappingVersion.onOrAfter(SecurityMainIndexMappingVersion.ADD_REMOTE_CLUSTER_AND_DESCRIPTION_FIELDS)) {
                jsonBuilder.startObject("remote_cluster");
                jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
                jsonBuilder.startObject("properties");
                jsonBuilder.startObject("clusters");
                jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
                jsonBuilder.endObject();
                jsonBuilder.startObject("privileges");
                jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
                jsonBuilder.endObject();
                jsonBuilder.endObject();
                jsonBuilder.endObject();
            }
            jsonBuilder.startObject("applications");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("application");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("privileges");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("resources");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("application");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("global");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("application");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("manage");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("applications");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("profile");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("write");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("applications");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            if (securityMainIndexMappingVersion.onOrAfter(SecurityMainIndexMappingVersion.ADD_MANAGE_ROLES_PRIVILEGE)) {
                jsonBuilder.startObject("role");
                jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
                jsonBuilder.startObject("properties");
                jsonBuilder.startObject("manage");
                jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
                jsonBuilder.startObject("properties");
                jsonBuilder.startObject(LoggingAuditTrail.INDICES_FIELD_NAME);
                jsonBuilder.startObject("properties");
                jsonBuilder.startObject("names");
                jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
                jsonBuilder.endObject();
                jsonBuilder.startObject("privileges");
                jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
                jsonBuilder.endObject();
                jsonBuilder.endObject();
                jsonBuilder.endObject();
                jsonBuilder.endObject();
                jsonBuilder.endObject();
                jsonBuilder.endObject();
                jsonBuilder.endObject();
            }
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("name");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            if (securityMainIndexMappingVersion.onOrAfter(SecurityMainIndexMappingVersion.ADD_REMOTE_CLUSTER_AND_DESCRIPTION_FIELDS)) {
                jsonBuilder.startObject("description");
                jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "text");
                jsonBuilder.endObject();
            }
            jsonBuilder.startObject("run_as");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("doc_type");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject(LoggingAuditTrail.LOG_TYPE);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("actions");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("expiration_time");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "date");
            jsonBuilder.field("format", "epoch_millis");
            jsonBuilder.endObject();
            jsonBuilder.startObject("creation_time");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "date");
            jsonBuilder.field("format", "epoch_millis");
            jsonBuilder.endObject();
            jsonBuilder.startObject("invalidation_time");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "date");
            jsonBuilder.field("format", "epoch_millis");
            jsonBuilder.endObject();
            jsonBuilder.startObject("api_key_hash");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.field("index", false);
            jsonBuilder.field("doc_values", false);
            jsonBuilder.endObject();
            jsonBuilder.startObject("api_key_invalidated");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "boolean");
            jsonBuilder.endObject();
            jsonBuilder.startObject("role_descriptors");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.field("enabled", false);
            jsonBuilder.endObject();
            jsonBuilder.startObject("limited_by_role_descriptors");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.field("enabled", false);
            jsonBuilder.endObject();
            jsonBuilder.startObject("version");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "integer");
            jsonBuilder.endObject();
            jsonBuilder.startObject("creator");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("principal");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("full_name");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "text");
            jsonBuilder.endObject();
            jsonBuilder.startObject("email");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "text");
            jsonBuilder.field("analyzer", "email");
            jsonBuilder.endObject();
            jsonBuilder.startObject("metadata");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.field("dynamic", false);
            jsonBuilder.endObject();
            jsonBuilder.startObject(LoggingAuditTrail.REALM_FIELD_NAME);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("realm_type");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            defineRealmDomain(jsonBuilder, "realm_domain");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("rules");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.field("dynamic", false);
            jsonBuilder.endObject();
            jsonBuilder.startObject("refresh_token");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("token");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("refreshed");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "boolean");
            jsonBuilder.endObject();
            jsonBuilder.startObject("refresh_time");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "date");
            jsonBuilder.field("format", "epoch_millis");
            jsonBuilder.endObject();
            jsonBuilder.startObject("superseding");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("encrypted_tokens");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "binary");
            jsonBuilder.endObject();
            jsonBuilder.startObject("encryption_iv");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "binary");
            jsonBuilder.endObject();
            jsonBuilder.startObject("encryption_salt");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "binary");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("invalidated");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "boolean");
            jsonBuilder.endObject();
            jsonBuilder.startObject("client");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject(LoggingAuditTrail.LOG_TYPE);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject(NativeUsersStore.USER_DOC_TYPE);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject(LoggingAuditTrail.REALM_FIELD_NAME);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("access_token");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("user_token");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("id");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("expiration_time");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "date");
            jsonBuilder.field("format", "epoch_millis");
            jsonBuilder.endObject();
            jsonBuilder.startObject("version");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "integer");
            jsonBuilder.endObject();
            jsonBuilder.startObject("metadata");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.field("dynamic", false);
            jsonBuilder.endObject();
            jsonBuilder.startObject("authentication");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "binary");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("invalidated");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "boolean");
            jsonBuilder.endObject();
            jsonBuilder.startObject(LoggingAuditTrail.REALM_FIELD_NAME);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            return jsonBuilder;
        } catch (IOException e) {
            logger.fatal("Failed to build .security-7 index mappings", e);
            throw new UncheckedIOException("Failed to build .security-7 index mappings", e);
        }
    }

    private static SystemIndexDescriptor getSecurityTokenIndexDescriptor() {
        return SystemIndexDescriptor.builder().setIndexPattern(".security-tokens-[0-9]+*").setPrimaryIndex(TOKENS_INDEX_CONCRETE_NAME).setDescription("Contains auth token data").setMappings(getTokenIndexMappings()).setSettings(getTokenIndexSettings()).setAliasName(SECURITY_TOKENS_ALIAS).setIndexFormat(INTERNAL_TOKENS_INDEX_FORMAT).setVersionMetaKey(SecurityIndexManager.SECURITY_VERSION_STRING).setOrigin("security").setThreadPools(ExecutorNames.CRITICAL_SYSTEM_INDEX_THREAD_POOLS).build();
    }

    private static Settings getTokenIndexSettings() {
        return Settings.builder().put("index.number_of_shards", 1).put("index.auto_expand_replicas", "0-1").put("index.routing.allocation.include._tier_preference", "data_hot,data_content").put("index.priority", 1000).put(IndexMetadata.INDEX_FORMAT_SETTING.getKey(), INTERNAL_TOKENS_INDEX_FORMAT).build();
    }

    private static XContentBuilder getTokenIndexMappings() {
        try {
            XContentBuilder jsonBuilder = XContentFactory.jsonBuilder();
            jsonBuilder.startObject();
            jsonBuilder.startObject("_meta");
            jsonBuilder.field(SecurityIndexManager.SECURITY_VERSION_STRING, BWC_MAPPINGS_VERSION);
            jsonBuilder.field("managed_index_mappings_version", 1);
            jsonBuilder.endObject();
            jsonBuilder.field("dynamic", "strict");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("doc_type");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("creation_time");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "date");
            jsonBuilder.field("format", "epoch_millis");
            jsonBuilder.endObject();
            jsonBuilder.startObject("refresh_token");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("token");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("refreshed");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "boolean");
            jsonBuilder.endObject();
            jsonBuilder.startObject("refresh_time");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "date");
            jsonBuilder.field("format", "epoch_millis");
            jsonBuilder.endObject();
            jsonBuilder.startObject("superseding");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("encrypted_tokens");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "binary");
            jsonBuilder.endObject();
            jsonBuilder.startObject("encryption_iv");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "binary");
            jsonBuilder.endObject();
            jsonBuilder.startObject("encryption_salt");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "binary");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("invalidated");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "boolean");
            jsonBuilder.endObject();
            jsonBuilder.startObject("client");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject(LoggingAuditTrail.LOG_TYPE);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject(NativeUsersStore.USER_DOC_TYPE);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject(LoggingAuditTrail.REALM_FIELD_NAME);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            defineRealmDomain(jsonBuilder, "realm_domain");
            jsonBuilder.startObject("authentication").field(LoggingAuditTrail.LOG_TYPE, "binary").endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("access_token");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("user_token");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("id");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("expiration_time");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "date");
            jsonBuilder.field("format", "epoch_millis");
            jsonBuilder.endObject();
            jsonBuilder.startObject("version");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "integer");
            jsonBuilder.endObject();
            jsonBuilder.startObject("metadata");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.field("dynamic", false);
            jsonBuilder.endObject();
            jsonBuilder.startObject("authentication");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "binary");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("invalidated");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "boolean");
            jsonBuilder.endObject();
            jsonBuilder.startObject("token");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject(LoggingAuditTrail.REALM_FIELD_NAME);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            defineRealmDomain(jsonBuilder, "realm_domain");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            return jsonBuilder;
        } catch (IOException e) {
            throw new UncheckedIOException("Failed to build .security-tokens-7 index mappings", e);
        }
    }

    private SystemIndexDescriptor getSecurityProfileIndexDescriptor(Settings settings) {
        return SystemIndexDescriptor.builder().setIndexPattern(".security-profile-[0-9]+*").setPrimaryIndex(INTERNAL_SECURITY_PROFILE_INDEX_8).setDescription("Contains user profile documents").setMappings(getProfileIndexMappings(INTERNAL_PROFILE_INDEX_MAPPINGS_FORMAT)).setSettings(getProfileIndexSettings(settings)).setAliasName(SECURITY_PROFILE_ALIAS).setIndexFormat(INTERNAL_PROFILE_INDEX_FORMAT).setVersionMetaKey(SecurityIndexManager.SECURITY_VERSION_STRING).setOrigin("security_profile").setThreadPools(ExecutorNames.CRITICAL_SYSTEM_INDEX_THREAD_POOLS).setMinimumNodeVersion(VERSION_SECURITY_PROFILE_ORIGIN).setPriorSystemIndexDescriptors(List.of(SystemIndexDescriptor.builder().setIndexPattern(".security-profile-[0-9]+*").setPrimaryIndex(INTERNAL_SECURITY_PROFILE_INDEX_8).setDescription("Contains user profile documents").setMappings(getProfileIndexMappings(1)).setSettings(getProfileIndexSettings(settings)).setAliasName(SECURITY_PROFILE_ALIAS).setIndexFormat(INTERNAL_PROFILE_INDEX_FORMAT).setVersionMetaKey(SecurityIndexManager.SECURITY_VERSION_STRING).setOrigin("security").setThreadPools(ExecutorNames.CRITICAL_SYSTEM_INDEX_THREAD_POOLS).build())).build();
    }

    private static Settings getProfileIndexSettings(Settings settings) {
        Settings.Builder putList = Settings.builder().put("index.number_of_shards", 1).put("index.auto_expand_replicas", "0-1").put("index.routing.allocation.include._tier_preference", "data_hot,data_content").put("index.priority", 1000).put(IndexMetadata.INDEX_FORMAT_SETTING.getKey(), INTERNAL_PROFILE_INDEX_FORMAT).put("analysis.filter.email.type", "pattern_capture").put("analysis.filter.email.preserve_original", true).putList("analysis.filter.email.patterns", List.of("([^@]+)", "(\\p{L}+)", "(\\d+)", "@(.+)")).put("analysis.analyzer.email.tokenizer", "uax_url_email").putList("analysis.analyzer.email.filter", List.of("email", "lowercase", "unique"));
        if (DiscoveryNode.isStateless(settings)) {
            putList.put(IndexSettings.INDEX_FAST_REFRESH_SETTING.getKey(), true);
        }
        return putList.build();
    }

    private XContentBuilder getProfileIndexMappings(int i) {
        try {
            XContentBuilder jsonBuilder = XContentFactory.jsonBuilder();
            jsonBuilder.startObject();
            jsonBuilder.startObject("_meta");
            jsonBuilder.field(SecurityIndexManager.SECURITY_VERSION_STRING, BWC_MAPPINGS_VERSION);
            jsonBuilder.field("managed_index_mappings_version", i);
            jsonBuilder.endObject();
            jsonBuilder.field("dynamic", "strict");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("user_profile");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("uid");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject("enabled");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "boolean");
            jsonBuilder.endObject();
            jsonBuilder.startObject(NativeUsersStore.USER_DOC_TYPE);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("username");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "search_as_you_type");
            jsonBuilder.startObject("fields");
            jsonBuilder.startObject("keyword");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("roles");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject(LoggingAuditTrail.REALM_FIELD_NAME);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.startObject("properties");
            jsonBuilder.startObject("name");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.startObject(LoggingAuditTrail.LOG_TYPE);
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            defineRealmDomain(jsonBuilder, "domain");
            jsonBuilder.startObject("node_name");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("email");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "text");
            jsonBuilder.field("analyzer", "email");
            jsonBuilder.endObject();
            jsonBuilder.startObject("full_name");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "search_as_you_type");
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.startObject("last_synchronized");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "date");
            jsonBuilder.field("format", "epoch_millis");
            jsonBuilder.endObject();
            jsonBuilder.startObject("labels");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "flattened");
            jsonBuilder.endObject();
            jsonBuilder.startObject("application_data");
            jsonBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
            jsonBuilder.field("enabled", false);
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            jsonBuilder.endObject();
            return jsonBuilder;
        } catch (IOException e) {
            logger.fatal("Failed to build profile index mappings", e);
            throw new UncheckedIOException("Failed to build profile index mappings", e);
        }
    }

    private static void defineRealmDomain(XContentBuilder xContentBuilder, String str) throws IOException {
        xContentBuilder.startObject(str);
        xContentBuilder.field(LoggingAuditTrail.LOG_TYPE, "object");
        xContentBuilder.startObject("properties");
        xContentBuilder.startObject("name");
        xContentBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
        xContentBuilder.endObject();
        xContentBuilder.startObject("realms");
        xContentBuilder.field(LoggingAuditTrail.LOG_TYPE, "nested");
        xContentBuilder.startObject("properties");
        xContentBuilder.startObject("name");
        xContentBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
        xContentBuilder.endObject();
        xContentBuilder.startObject(LoggingAuditTrail.LOG_TYPE);
        xContentBuilder.field(LoggingAuditTrail.LOG_TYPE, "keyword");
        xContentBuilder.endObject();
        xContentBuilder.endObject();
        xContentBuilder.endObject();
        xContentBuilder.endObject();
        xContentBuilder.endObject();
    }

    static {
        $assertionsDisabled = !SecuritySystemIndices.class.desiredAssertionStatus();
        VERSION_SECURITY_PROFILE_ORIGIN = Version.V_8_3_0;
        SECURITY_PROFILE_ORIGIN_FEATURE = new NodeFeature("security.security_profile_origin");
        SECURITY_MIGRATION_FRAMEWORK = new NodeFeature("security.migration_framework", true);
        SECURITY_ROLES_METADATA_FLATTENED = new NodeFeature("security.roles_metadata_flattened", true);
        SECURITY_ROLE_MAPPING_CLEANUP = new NodeFeature("security.role_mapping_cleanup", true);
        logger = LogManager.getLogger(SecuritySystemIndices.class);
    }
}
