package org.elasticsearch.xpack.security.authc;

import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.bulk.BulkItemResponse;
import org.elasticsearch.action.support.TransportActions;
import org.elasticsearch.client.Client;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.index.reindex.BulkByScrollResponse;
import org.elasticsearch.index.reindex.DeleteByQueryAction;
import org.elasticsearch.index.reindex.DeleteByQueryRequest;
import org.elasticsearch.index.reindex.ScrollableHitSource;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.xpack.core.ClientHelper;
import org.elasticsearch.xpack.security.support.SecurityIndexManager;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/ExpiredApiKeysRemover.class */
public final class ExpiredApiKeysRemover extends AbstractRunnable {
    public static final Duration EXPIRED_API_KEYS_RETENTION_PERIOD = Duration.ofDays(7);
    private static final Logger logger = LogManager.getLogger(ExpiredApiKeysRemover.class);
    private final Client client;
    private final AtomicBoolean inProgress = new AtomicBoolean(false);
    private final TimeValue timeout;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ExpiredApiKeysRemover(Settings settings, Client client) {
        this.client = client;
        this.timeout = (TimeValue) ApiKeyService.DELETE_TIMEOUT.get(settings);
    }

    public void doRun() {
        DeleteByQueryRequest deleteByQueryRequest = new DeleteByQueryRequest(new String[]{SecurityIndexManager.SECURITY_INDEX_NAME});
        if (this.timeout != TimeValue.MINUS_ONE) {
            deleteByQueryRequest.setTimeout(this.timeout);
            deleteByQueryRequest.getSearchRequest().source().timeout(this.timeout);
        }
        deleteByQueryRequest.setQuery(QueryBuilders.boolQuery().filter(QueryBuilders.termsQuery("doc_type", new String[]{"api_key"})).should(QueryBuilders.termsQuery("api_key_invalidated", new Object[]{true})).should(QueryBuilders.rangeQuery("expiration_time").lte(Long.valueOf(Instant.now().minus((TemporalAmount) EXPIRED_API_KEYS_RETENTION_PERIOD).toEpochMilli()))).minimumShouldMatch(1));
        ClientHelper.executeAsyncWithOrigin(this.client, "security", DeleteByQueryAction.INSTANCE, deleteByQueryRequest, ActionListener.wrap(bulkByScrollResponse -> {
            debugDbqResponse(bulkByScrollResponse);
            markComplete();
        }, this::onFailure));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public void submit(ThreadPool threadPool) {
        if (this.inProgress.compareAndSet(false, true)) {
            threadPool.executor("generic").submit((Runnable) this);
        }
    }

    private void debugDbqResponse(BulkByScrollResponse bulkByScrollResponse) {
        if (logger.isDebugEnabled()) {
            logger.debug("delete by query of api keys finished with [{}] deletions, [{}] bulk failures, [{}] search failures", Long.valueOf(bulkByScrollResponse.getDeleted()), Integer.valueOf(bulkByScrollResponse.getBulkFailures().size()), Integer.valueOf(bulkByScrollResponse.getSearchFailures().size()));
            for (BulkItemResponse.Failure failure : bulkByScrollResponse.getBulkFailures()) {
                logger.debug(new ParameterizedMessage("deletion failed for index [{}], type [{}], id [{}]", new Object[]{failure.getIndex(), failure.getType(), failure.getId()}), failure.getCause());
            }
            for (ScrollableHitSource.SearchFailure searchFailure : bulkByScrollResponse.getSearchFailures()) {
                logger.debug(new ParameterizedMessage("search failed for index [{}], shard [{}] on node [{}]", new Object[]{searchFailure.getIndex(), searchFailure.getShardId(), searchFailure.getNodeId()}), searchFailure.getReason());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isExpirationInProgress() {
        return this.inProgress.get();
    }

    public void onFailure(Exception exc) {
        if (TransportActions.isShardNotAvailableException(exc)) {
            logger.debug("failed to delete expired or invalidated api keys", exc);
        } else {
            logger.error("failed to delete expired or invalidated api keys", exc);
        }
        markComplete();
    }

    private void markComplete() {
        if (!this.inProgress.compareAndSet(true, false)) {
            throw new IllegalStateException("in progress was set to false but should have been true!");
        }
    }
}
