package org.elasticsearch.xpack.security.authc;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.CountDown;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.xpack.core.security.authc.Realm;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.elasticsearch.xpack.core.security.authc.RealmSettings;
import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/Realms.class */
public class Realms implements Iterable<Realm> {
    private static final Logger logger;
    private static final DeprecationLogger deprecationLogger;
    private final Settings settings;
    private final Environment env;
    private final Map<String, Realm.Factory> factories;
    private final XPackLicenseState licenseState;
    private final ThreadContext threadContext;
    private final ReservedRealm reservedRealm;
    protected List<Realm> realms;
    List<Realm> standardRealmsOnly;
    List<Realm> nativeRealmsOnly;
    static final /* synthetic */ boolean $assertionsDisabled;

    public Realms(Settings settings, Environment environment, Map<String, Realm.Factory> map, XPackLicenseState xPackLicenseState, ThreadContext threadContext, ReservedRealm reservedRealm) throws Exception {
        this.settings = settings;
        this.env = environment;
        this.factories = map;
        this.licenseState = xPackLicenseState;
        this.threadContext = threadContext;
        this.reservedRealm = reservedRealm;
        if (!$assertionsDisabled && map.get(ReservedRealm.TYPE) != null) {
            throw new AssertionError();
        }
        this.realms = initRealms();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (Realm realm : this.realms) {
            if (InternalRealms.isStandardRealm(realm.type())) {
                arrayList.add(realm);
            }
            if ("file".equals(realm.type()) || "native".equals(realm.type())) {
                arrayList2.add(realm);
            }
        }
        for (List<Realm> list : Arrays.asList(arrayList, arrayList2)) {
            if (list.isEmpty()) {
                addNativeRealms(list);
            }
            if (!$assertionsDisabled && list.contains(reservedRealm)) {
                throw new AssertionError();
            }
            list.add(0, reservedRealm);
            if (!$assertionsDisabled && list.get(0) != reservedRealm) {
                throw new AssertionError();
            }
        }
        this.standardRealmsOnly = Collections.unmodifiableList(arrayList);
        this.nativeRealmsOnly = Collections.unmodifiableList(arrayList2);
        this.realms.forEach(realm2 -> {
            realm2.initialize(this, xPackLicenseState);
        });
    }

    @Override // java.lang.Iterable
    public Iterator<Realm> iterator() {
        return asList().iterator();
    }

    public List<Realm> getUnlicensedRealms() {
        XPackLicenseState copyCurrentLicenseState = this.licenseState.copyCurrentLicenseState();
        if (!copyCurrentLicenseState.isSecurityEnabled()) {
            return Collections.unmodifiableList(this.realms);
        }
        if (copyCurrentLicenseState.checkFeature(XPackLicenseState.Feature.SECURITY_ALL_REALMS)) {
            return Collections.emptyList();
        }
        List<Realm> asList = asList();
        return asList.equals(this.realms) ? Collections.emptyList() : Collections.unmodifiableList((List) this.realms.stream().filter(realm -> {
            return !asList.contains(realm);
        }).collect(Collectors.toList()));
    }

    public Stream<Realm> stream() {
        return StreamSupport.stream(spliterator(), false);
    }

    public List<Realm> asList() {
        XPackLicenseState copyCurrentLicenseState = this.licenseState.copyCurrentLicenseState();
        return !copyCurrentLicenseState.isSecurityEnabled() ? Collections.emptyList() : copyCurrentLicenseState.checkFeature(XPackLicenseState.Feature.SECURITY_ALL_REALMS) ? this.realms : copyCurrentLicenseState.checkFeature(XPackLicenseState.Feature.SECURITY_STANDARD_REALMS) ? this.standardRealmsOnly : this.nativeRealmsOnly;
    }

    public Realm realm(String str) {
        for (Realm realm : this.realms) {
            if (str.equals(realm.name())) {
                return realm;
            }
        }
        return null;
    }

    public Realm.Factory realmFactory(String str) {
        return this.factories.get(str);
    }

    protected List<Realm> initRealms() throws Exception {
        Map realmSettings = RealmSettings.getRealmSettings(this.settings);
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        HashMap hashMap = new HashMap();
        TreeSet treeSet = new TreeSet();
        HashMap hashMap2 = new HashMap();
        for (Map.Entry entry : realmSettings.entrySet()) {
            RealmConfig.RealmIdentifier realmIdentifier = (RealmConfig.RealmIdentifier) entry.getKey();
            if (false == ((Settings) entry.getValue()).hasValue("order")) {
                treeSet.add(RealmSettings.getFullSettingKey(realmIdentifier, RealmSettings.ORDER_SETTING));
            } else {
                hashMap2.computeIfAbsent(((Settings) entry.getValue()).get("order"), str -> {
                    return new TreeSet();
                }).add(RealmSettings.getFullSettingKey(realmIdentifier, RealmSettings.ORDER_SETTING));
            }
            Realm.Factory factory = this.factories.get(realmIdentifier.getType());
            if (factory == null) {
                throw new IllegalArgumentException("unknown realm type [" + realmIdentifier.getType() + "] for realm [" + realmIdentifier + "]");
            }
            RealmConfig realmConfig = new RealmConfig(realmIdentifier, this.settings, this.env, this.threadContext);
            if (realmConfig.enabled()) {
                if ("file".equals(realmIdentifier.getType()) || "native".equals(realmIdentifier.getType())) {
                    if (hashSet.contains(realmIdentifier.getType())) {
                        throw new IllegalArgumentException("multiple [" + realmIdentifier.getType() + "] realms are configured. [" + realmIdentifier.getType() + "] is an internal realm and therefore there can only be one such realm configured");
                    }
                    hashSet.add(realmIdentifier.getType());
                }
                if ("kerberos".equals(realmIdentifier.getType())) {
                    arrayList2.add(realmIdentifier.getName());
                    if (arrayList2.size() > 1) {
                        throw new IllegalArgumentException("multiple realms " + arrayList2.toString() + " configured of type [" + realmIdentifier.getType() + "], [" + realmIdentifier.getType() + "] can only have one such realm configured");
                    }
                }
                Realm create = factory.create(realmConfig);
                ((Set) hashMap.computeIfAbsent(create.name(), str2 -> {
                    return new HashSet();
                })).add(RealmSettings.realmSettingPrefix(create.type()) + create.name());
                arrayList.add(create);
            } else if (logger.isDebugEnabled()) {
                logger.debug("realm [{}] is disabled", realmIdentifier);
            }
        }
        if (arrayList.isEmpty()) {
            addNativeRealms(arrayList);
        } else {
            Collections.sort(arrayList);
        }
        arrayList.add(0, this.reservedRealm);
        String str3 = (String) hashMap.entrySet().stream().filter(entry2 -> {
            return ((Set) entry2.getValue()).size() > 1;
        }).map(entry3 -> {
            return ((String) entry3.getKey()) + ": " + entry3.getValue();
        }).collect(Collectors.joining("; "));
        if (Strings.hasText(str3)) {
            throw new IllegalArgumentException("Found multiple realms configured with the same name: " + str3 + "");
        }
        logDeprecationIfFound(treeSet, hashMap2);
        return Collections.unmodifiableList(arrayList);
    }

    public void usageStats(ActionListener<Map<String, Object>> actionListener) {
        XPackLicenseState copyCurrentLicenseState = this.licenseState.copyCurrentLicenseState();
        HashMap hashMap = new HashMap();
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        List<Realm> list = (List) asList().stream().filter(realm -> {
            return !ReservedRealm.TYPE.equals(realm.type());
        }).collect(Collectors.toList());
        CountDown countDown = new CountDown(list.size());
        Runnable runnable = () -> {
            if ((list.isEmpty() || countDown.countDown()) && !atomicBoolean.get()) {
                for (String str : this.factories.keySet()) {
                    if (!$assertionsDisabled && ReservedRealm.TYPE.equals(str)) {
                        throw new AssertionError();
                    }
                    hashMap.compute(str, (str2, obj) -> {
                        if (obj == null) {
                            return MapBuilder.newMapBuilder().put("enabled", false).put("available", Boolean.valueOf(isRealmTypeAvailable(copyCurrentLicenseState, str))).map();
                        }
                        if (!$assertionsDisabled && !(obj instanceof Map)) {
                            throw new AssertionError();
                        }
                        Map map = (Map) obj;
                        map.put("enabled", true);
                        map.put("available", true);
                        return obj;
                    });
                }
                actionListener.onResponse(hashMap);
            }
        };
        if (list.isEmpty()) {
            runnable.run();
            return;
        }
        for (Realm realm2 : list) {
            realm2.usageStats(ActionListener.wrap(map -> {
                if (atomicBoolean.get()) {
                    return;
                }
                synchronized (hashMap) {
                    hashMap.compute(realm2.type(), (str, obj) -> {
                        if (obj == null) {
                            return convertToMapOfLists(map);
                        }
                        if (!$assertionsDisabled && !(obj instanceof Map)) {
                            throw new AssertionError();
                        }
                        combineMaps((Map) obj, map);
                        return obj;
                    });
                }
                runnable.run();
            }, exc -> {
                if (atomicBoolean.compareAndSet(false, true)) {
                    actionListener.onFailure(exc);
                }
            }));
        }
    }

    private void addNativeRealms(List<Realm> list) throws Exception {
        Realm.Factory factory = this.factories.get("file");
        if (factory != null) {
            list.add(factory.create(new RealmConfig(new RealmConfig.RealmIdentifier("file", "default_file"), this.settings, this.env, this.threadContext)));
        }
        Realm.Factory factory2 = this.factories.get("native");
        if (factory2 != null) {
            list.add(factory2.create(new RealmConfig(new RealmConfig.RealmIdentifier("native", "default_native"), this.settings, this.env, this.threadContext)));
        }
    }

    private static void combineMaps(Map<String, Object> map, Map<String, Object> map2) {
        for (Map.Entry<String, Object> entry : map2.entrySet()) {
            map.compute(entry.getKey(), (str, obj) -> {
                if (obj == null) {
                    return new ArrayList(Collections.singletonList(entry.getValue()));
                }
                if (!$assertionsDisabled && !(obj instanceof List)) {
                    throw new AssertionError();
                }
                ((List) obj).add(entry.getValue());
                return obj;
            });
        }
    }

    private static Map<String, Object> convertToMapOfLists(Map<String, Object> map) {
        HashMap hashMap = new HashMap(map.size());
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), new ArrayList(Collections.singletonList(entry.getValue())));
        }
        return hashMap;
    }

    public static boolean isRealmTypeAvailable(XPackLicenseState xPackLicenseState, String str) {
        if (xPackLicenseState.checkFeature(XPackLicenseState.Feature.SECURITY_ALL_REALMS)) {
            return true;
        }
        return xPackLicenseState.checkFeature(XPackLicenseState.Feature.SECURITY_STANDARD_REALMS) ? InternalRealms.isStandardRealm(str) || ReservedRealm.TYPE.equals(str) : "file".equals(str) || "native".equals(str);
    }

    private void logDeprecationIfFound(Set<String> set, Map<String, Set<String>> map) {
        if (set.size() > 0) {
            deprecationLogger.deprecatedAndMaybeLog("unordered_realm_config", "Found realms without order config: [{}]. In next major release, node will fail to start with missing realm order.", new Object[]{String.join("; ", set)});
        }
        List list = (List) map.entrySet().stream().filter(entry -> {
            return ((Set) entry.getValue()).size() > 1;
        }).map(entry2 -> {
            return ((String) entry2.getKey()) + ": " + String.join(",", (Iterable<? extends CharSequence>) entry2.getValue());
        }).sorted().collect(Collectors.toList());
        if (false == list.isEmpty()) {
            deprecationLogger.deprecatedAndMaybeLog("duplicate_realm_order", "Found multiple realms configured with the same order: [{}]. In next major release, node will fail to start with duplicated realm order.", new Object[]{String.join("; ", list)});
        }
    }

    static {
        $assertionsDisabled = !Realms.class.desiredAssertionStatus();
        logger = LogManager.getLogger(Realms.class);
        deprecationLogger = new DeprecationLogger(logger);
    }
}
