package org.elasticsearch.xpack.security.authc.file;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.regex.Pattern;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.util.Maps;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.env.Environment;
import org.elasticsearch.watcher.FileChangesListener;
import org.elasticsearch.watcher.FileWatcher;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.elasticsearch.xpack.core.XPackPlugin;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.elasticsearch.xpack.core.security.support.NoOpLogger;
import org.elasticsearch.xpack.core.security.support.Validation;
import org.elasticsearch.xpack.security.support.SecurityFiles;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.class */
public class FileUserRolesStore {
    private static final Logger logger = LogManager.getLogger(FileUserRolesStore.class);
    private static final Pattern USERS_DELIM = Pattern.compile("\\s*,\\s*");
    private final Path file;
    private final CopyOnWriteArrayList<Runnable> listeners;
    private volatile Map<String, String[]> userRoles;

    /* loaded from: input_file:org/elasticsearch/xpack/security/authc/file/FileUserRolesStore$FileListener.class */
    private class FileListener implements FileChangesListener {
        private FileListener() {
        }

        public void onFileCreated(Path path) {
            onFileChanged(path);
        }

        public void onFileDeleted(Path path) {
            onFileChanged(path);
        }

        public void onFileChanged(Path path) {
            if (path.equals(FileUserRolesStore.this.file)) {
                Map<String, String[]> map = FileUserRolesStore.this.userRoles;
                FileUserRolesStore.this.userRoles = FileUserRolesStore.parseFileLenient(path, FileUserRolesStore.logger);
                if (Maps.deepEquals(map, FileUserRolesStore.this.userRoles)) {
                    return;
                }
                FileUserRolesStore.logger.info("users roles file [{}] changed. updating users roles...", path.toAbsolutePath());
                FileUserRolesStore.this.notifyRefresh();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public FileUserRolesStore(RealmConfig realmConfig, ResourceWatcherService resourceWatcherService) {
        this(realmConfig, resourceWatcherService, () -> {
        });
    }

    FileUserRolesStore(RealmConfig realmConfig, ResourceWatcherService resourceWatcherService, Runnable runnable) {
        this.file = resolveFile(realmConfig.env());
        this.userRoles = parseFileLenient(this.file, logger);
        this.listeners = new CopyOnWriteArrayList<>(Collections.singletonList(runnable));
        FileWatcher fileWatcher = new FileWatcher(this.file.getParent());
        fileWatcher.addListener(new FileListener());
        try {
            resourceWatcherService.add(fileWatcher, ResourceWatcherService.Frequency.HIGH);
        } catch (IOException e) {
            throw new ElasticsearchException("failed to start watching the user roles file [" + this.file.toAbsolutePath() + "]", e, new Object[0]);
        }
    }

    public void addListener(Runnable runnable) {
        this.listeners.add(runnable);
    }

    int entriesCount() {
        return this.userRoles.size();
    }

    public String[] roles(String str) {
        String[] strArr = this.userRoles.get(str);
        return strArr == null ? Strings.EMPTY_ARRAY : strArr;
    }

    public static Path resolveFile(Environment environment) {
        return XPackPlugin.resolveConfigFile(environment, "users_roles");
    }

    static Map<String, String[]> parseFileLenient(Path path, Logger logger2) {
        try {
            Map<String, String[]> parseFile = parseFile(path, logger2);
            return parseFile == null ? Collections.emptyMap() : parseFile;
        } catch (Exception e) {
            logger2.error(() -> {
                return new ParameterizedMessage("failed to parse users_roles file [{}]. skipping/removing all entries...", path.toAbsolutePath());
            }, e);
            return Collections.emptyMap();
        }
    }

    public static Map<String, String[]> parseFile(Path path, @Nullable Logger logger2) {
        if (logger2 == null) {
            logger2 = NoOpLogger.INSTANCE;
        }
        logger2.trace("reading users_roles file [{}]...", path.toAbsolutePath());
        if (!Files.exists(path, new LinkOption[0])) {
            return null;
        }
        try {
            List<String> readAllLines = Files.readAllLines(path, StandardCharsets.UTF_8);
            HashMap hashMap = new HashMap();
            int i = 0;
            for (String str : readAllLines) {
                i++;
                if (!str.startsWith("#")) {
                    int indexOf = str.indexOf(":");
                    if (indexOf <= 0 || indexOf == str.length() - 1) {
                        logger2.error("invalid entry in users_roles file [{}], line [{}]. skipping...", path.toAbsolutePath(), Integer.valueOf(i));
                    } else {
                        String trim = str.substring(0, indexOf).trim();
                        Validation.Error validateRoleName = Validation.Roles.validateRoleName(trim, true);
                        if (validateRoleName != null) {
                            logger2.error("invalid role entry in users_roles file [{}], line [{}] - {}. skipping...", path.toAbsolutePath(), Integer.valueOf(i), validateRoleName);
                        } else {
                            String trim2 = str.substring(indexOf + 1).trim();
                            if (Strings.isEmpty(trim2)) {
                                logger2.error("invalid entry for role [{}] in users_roles file [{}], line [{}]. no users found. skipping...", trim, path.toAbsolutePath(), Integer.valueOf(i));
                            } else {
                                String[] split = USERS_DELIM.split(trim2);
                                if (split.length == 0) {
                                    logger2.error("invalid entry for role [{}] in users_roles file [{}], line [{}]. no users found. skipping...", trim, path.toAbsolutePath(), Integer.valueOf(i));
                                } else {
                                    for (String str2 : split) {
                                        ((List) hashMap.computeIfAbsent(str2, str3 -> {
                                            return new ArrayList();
                                        })).add(trim);
                                    }
                                }
                            }
                        }
                    }
                }
            }
            HashMap hashMap2 = new HashMap();
            for (Map.Entry entry : hashMap.entrySet()) {
                hashMap2.put((String) entry.getKey(), (String[]) ((List) entry.getValue()).toArray(new String[((List) entry.getValue()).size()]));
            }
            logger2.debug("parsed [{}] user to role mappings from file [{}]", Integer.valueOf(hashMap2.size()), path.toAbsolutePath());
            return Collections.unmodifiableMap(hashMap2);
        } catch (IOException e) {
            throw new ElasticsearchException("could not read users file [" + path.toAbsolutePath() + "]", e, new Object[0]);
        }
    }

    public static void writeFile(Map<String, String[]> map, Path path) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String[]> entry : map.entrySet()) {
            for (String str : entry.getValue()) {
                ((List) hashMap.computeIfAbsent(str, str2 -> {
                    return new ArrayList();
                })).add(entry.getKey());
            }
        }
        SecurityFiles.writeFileAtomically(path, hashMap, entry2 -> {
            return String.format(Locale.ROOT, "%s:%s", entry2.getKey(), Strings.collectionToCommaDelimitedString((Iterable) entry2.getValue()));
        });
    }

    void notifyRefresh() {
        this.listeners.forEach((v0) -> {
            v0.run();
        });
    }
}
