package org.elasticsearch.xpack.security.support;

import java.nio.charset.StandardCharsets;
import java.util.Comparator;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.BiConsumer;
import java.util.function.Predicate;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.ElasticsearchParseException;
import org.elasticsearch.Version;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.admin.indices.mapping.put.PutMappingResponse;
import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateResponse;
import org.elasticsearch.cluster.ClusterChangedEvent;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.health.ClusterIndexHealth;
import org.elasticsearch.cluster.metadata.AliasOrIndex;
import org.elasticsearch.cluster.metadata.IndexMetaData;
import org.elasticsearch.cluster.metadata.IndexTemplateMetaData;
import org.elasticsearch.cluster.metadata.MappingMetaData;
import org.elasticsearch.cluster.metadata.MetaData;
import org.elasticsearch.cluster.routing.IndexRoutingTable;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.compress.CompressedXContent;
import org.elasticsearch.common.inject.internal.Nullable;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.ConcurrentCollections;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.xpack.security.InternalClient;
import org.elasticsearch.xpack.template.TemplateUtils;

/* loaded from: input_file:org/elasticsearch/xpack/security/support/IndexLifecycleManager.class */
public class IndexLifecycleManager extends AbstractComponent {
    private static final String SECURITY_VERSION_STRING = "security-version";
    public static final String TEMPLATE_VERSION_PATTERN;
    public static int NEW_INDEX_VERSION;
    private static final int MAX_MIGRATE_ATTEMPTS = 10;
    private final String indexName;
    private final String templateName;
    private final InternalClient client;
    private final IndexDataMigrator migrator;
    private final ClusterService clusterService;
    private final ThreadPool threadPool;
    private final AtomicBoolean templateCreationPending;
    private final AtomicBoolean updateMappingPending;
    private final AtomicReference<UpgradeState> migrateDataState;
    private final AtomicInteger migrateDataAttempts;
    private final List<BiConsumer<ClusterIndexHealth, ClusterIndexHealth>> indexHealthChangeListeners;
    private volatile boolean templateIsUpToDate;
    private volatile boolean indexExists;
    private volatile boolean indexAvailable;
    private volatile boolean canWriteToIndex;
    private volatile boolean mappingIsUpToDate;
    private volatile Version mappingVersion;
    private volatile boolean isIndexOnNewVersion;
    public static final IndexDataMigrator NULL_MIGRATOR;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/elasticsearch/xpack/security/support/IndexLifecycleManager$IndexDataMigrator.class */
    public interface IndexDataMigrator {
        void performUpgrade(@Nullable Version version, ActionListener<Boolean> actionListener);
    }

    /* loaded from: input_file:org/elasticsearch/xpack/security/support/IndexLifecycleManager$UpgradeState.class */
    public enum UpgradeState {
        NOT_STARTED,
        IN_PROGRESS,
        COMPLETE,
        FAILED
    }

    public IndexLifecycleManager(Settings settings, InternalClient internalClient, ClusterService clusterService, ThreadPool threadPool, String str, String str2, IndexDataMigrator indexDataMigrator) {
        super(settings);
        this.templateCreationPending = new AtomicBoolean(false);
        this.updateMappingPending = new AtomicBoolean(false);
        this.migrateDataState = new AtomicReference<>(UpgradeState.NOT_STARTED);
        this.migrateDataAttempts = new AtomicInteger(0);
        this.indexHealthChangeListeners = new CopyOnWriteArrayList();
        this.client = internalClient;
        this.indexName = str;
        this.templateName = str2;
        this.migrator = indexDataMigrator;
        this.clusterService = clusterService;
        this.threadPool = threadPool;
    }

    public boolean isTemplateUpToDate() {
        return this.templateIsUpToDate;
    }

    public boolean isTemplateCreationPending() {
        return this.templateCreationPending.get();
    }

    public boolean isMappingUpToDate() {
        return this.mappingIsUpToDate;
    }

    public Version getMappingVersion() {
        return this.mappingVersion;
    }

    public boolean checkMappingVersion(Predicate<Version> predicate) {
        return this.mappingVersion == null || predicate.test(this.mappingVersion);
    }

    public boolean isMappingUpdatePending() {
        return this.updateMappingPending.get();
    }

    public boolean indexExists() {
        return this.indexExists;
    }

    public boolean isAvailable() {
        return this.indexAvailable;
    }

    public boolean isWritable() {
        return this.canWriteToIndex;
    }

    public boolean isIndexOnNewVersion() {
        return this.isIndexOnNewVersion;
    }

    public UpgradeState getMigrationState() {
        return this.migrateDataState.get();
    }

    public void addIndexHealthChangeListener(BiConsumer<ClusterIndexHealth, ClusterIndexHealth> biConsumer) {
        this.indexHealthChangeListeners.add(biConsumer);
    }

    public void clusterChanged(ClusterChangedEvent clusterChangedEvent) {
        processClusterState(clusterChangedEvent.state());
        checkIndexHealthChange(clusterChangedEvent);
    }

    private void processClusterState(ClusterState clusterState) {
        if (!$assertionsDisabled && clusterState == null) {
            throw new AssertionError();
        }
        IndexMetaData resolveConcreteIndex = resolveConcreteIndex(this.indexName, clusterState.metaData());
        this.indexExists = resolveConcreteIndex != null;
        this.isIndexOnNewVersion = resolveConcreteIndex != null && ((Integer) IndexMetaData.INDEX_FORMAT_SETTING.get(resolveConcreteIndex.getSettings())).intValue() == NEW_INDEX_VERSION;
        this.indexAvailable = checkIndexAvailable(clusterState);
        this.templateIsUpToDate = this.isIndexOnNewVersion ? true : checkTemplateExistsAndIsUpToDate(clusterState);
        this.mappingIsUpToDate = this.isIndexOnNewVersion ? true : checkIndexMappingUpToDate(clusterState);
        this.canWriteToIndex = this.templateIsUpToDate && this.mappingIsUpToDate;
        this.mappingVersion = oldestIndexMappingVersion(clusterState);
        if (!clusterState.nodes().isLocalNodeElectedMaster() || this.isIndexOnNewVersion) {
            return;
        }
        if (!this.templateIsUpToDate) {
            updateTemplate();
        }
        if (!this.indexAvailable || this.mappingIsUpToDate) {
            return;
        }
        migrateData(clusterState, this::updateMapping);
    }

    private void checkIndexHealthChange(ClusterChangedEvent clusterChangedEvent) {
        ClusterState state = clusterChangedEvent.state();
        ClusterState previousState = clusterChangedEvent.previousState();
        IndexMetaData resolveConcreteIndex = resolveConcreteIndex(this.indexName, state.metaData());
        IndexMetaData resolveConcreteIndex2 = resolveConcreteIndex(this.indexName, previousState.metaData());
        if (resolveConcreteIndex == null) {
            if (resolveConcreteIndex2 != null) {
                notifyIndexHealthChangeListeners(new ClusterIndexHealth(resolveConcreteIndex2, previousState.getRoutingTable().index(resolveConcreteIndex2.getIndex())), null);
            }
        } else {
            ClusterIndexHealth clusterIndexHealth = new ClusterIndexHealth(resolveConcreteIndex, state.getRoutingTable().index(resolveConcreteIndex.getIndex()));
            ClusterIndexHealth clusterIndexHealth2 = resolveConcreteIndex2 != null ? new ClusterIndexHealth(resolveConcreteIndex2, previousState.getRoutingTable().index(resolveConcreteIndex2.getIndex())) : null;
            if (clusterIndexHealth2 == null || clusterIndexHealth2.getStatus() != clusterIndexHealth.getStatus()) {
                notifyIndexHealthChangeListeners(clusterIndexHealth2, clusterIndexHealth);
            }
        }
    }

    private void notifyIndexHealthChangeListeners(ClusterIndexHealth clusterIndexHealth, ClusterIndexHealth clusterIndexHealth2) {
        for (BiConsumer<ClusterIndexHealth, ClusterIndexHealth> biConsumer : this.indexHealthChangeListeners) {
            try {
                biConsumer.accept(clusterIndexHealth, clusterIndexHealth2);
            } catch (Exception e) {
                this.logger.warn(new ParameterizedMessage("failed to notify listener [{}] of index health change", biConsumer), e);
            }
        }
    }

    private boolean checkIndexAvailable(ClusterState clusterState) {
        IndexRoutingTable indexRoutingTable = getIndexRoutingTable(clusterState);
        if (indexRoutingTable != null && indexRoutingTable.allPrimaryShardsActive()) {
            return true;
        }
        this.logger.debug("Security index [{}] is not yet active", this.indexName);
        return false;
    }

    private IndexRoutingTable getIndexRoutingTable(ClusterState clusterState) {
        IndexMetaData resolveConcreteIndex = resolveConcreteIndex(this.indexName, clusterState.metaData());
        if (resolveConcreteIndex == null) {
            return null;
        }
        return clusterState.routingTable().index(resolveConcreteIndex.getIndex());
    }

    private boolean checkTemplateExistsAndIsUpToDate(ClusterState clusterState) {
        String str = this.templateName;
        Logger logger = this.logger;
        Version version = Version.CURRENT;
        version.getClass();
        return checkTemplateExistsAndVersionMatches(str, clusterState, logger, version::onOrBefore);
    }

    public static boolean checkTemplateExistsAndVersionMatches(String str, ClusterState clusterState, Logger logger, Predicate<Version> predicate) {
        IndexTemplateMetaData indexTemplateMetaData = (IndexTemplateMetaData) clusterState.metaData().templates().get(str);
        if (indexTemplateMetaData == null) {
            return false;
        }
        for (Object obj : indexTemplateMetaData.getMappings().values().toArray()) {
            try {
                Map map = (Map) XContentHelper.convertToMap(new BytesArray(((CompressedXContent) obj).uncompressed()), false, XContentType.JSON).v2();
                if (!$assertionsDisabled && map.size() != 1) {
                    throw new AssertionError();
                }
                if (!containsCorrectVersion((Map) map.get((String) map.keySet().iterator().next()), predicate)) {
                    return false;
                }
            } catch (ElasticsearchParseException e) {
                logger.error(new ParameterizedMessage("Cannot parse the template [{}]", str), e);
                throw new IllegalStateException("Cannot parse the template " + str, e);
            }
        }
        return true;
    }

    private static boolean containsCorrectVersion(Map<String, Object> map, Predicate<Version> predicate) {
        Map map2 = (Map) map.get("_meta");
        if (map2 == null) {
            return false;
        }
        return predicate.test(Version.fromString((String) map2.get(SECURITY_VERSION_STRING)));
    }

    private boolean checkIndexMappingUpToDate(ClusterState clusterState) {
        Version version = Version.CURRENT;
        version.getClass();
        return checkIndexMappingVersionMatches(clusterState, (v1) -> {
            return r2.equals(v1);
        });
    }

    private boolean checkIndexMappingVersionMatches(ClusterState clusterState, Predicate<Version> predicate) {
        return checkIndexMappingVersionMatches(this.indexName, clusterState, this.logger, predicate);
    }

    public static boolean checkIndexMappingVersionMatches(String str, ClusterState clusterState, Logger logger, Predicate<Version> predicate) {
        return loadIndexMappingVersions(str, clusterState, logger).stream().allMatch(predicate);
    }

    private Version oldestIndexMappingVersion(ClusterState clusterState) {
        return loadIndexMappingVersions(this.indexName, clusterState, this.logger).stream().min(Comparator.comparingInt(version -> {
            return version.id;
        })).orElse(null);
    }

    private static Set<Version> loadIndexMappingVersions(String str, ClusterState clusterState, Logger logger) {
        HashSet hashSet = new HashSet();
        IndexMetaData resolveConcreteIndex = resolveConcreteIndex(str, clusterState.metaData());
        if (resolveConcreteIndex != null) {
            for (Object obj : resolveConcreteIndex.getMappings().values().toArray()) {
                MappingMetaData mappingMetaData = (MappingMetaData) obj;
                if (!mappingMetaData.type().equals("_default_")) {
                    hashSet.add(readMappingVersion(str, mappingMetaData, logger));
                }
            }
        }
        return hashSet;
    }

    private static IndexMetaData resolveConcreteIndex(String str, MetaData metaData) {
        AliasOrIndex aliasOrIndex = (AliasOrIndex) metaData.getAliasAndIndexLookup().get(str);
        if (aliasOrIndex == null) {
            return null;
        }
        List indices = aliasOrIndex.getIndices();
        if (!aliasOrIndex.isAlias() || indices.size() <= 1) {
            return (IndexMetaData) indices.get(0);
        }
        throw new IllegalStateException("Alias [" + str + "] points to more than one index: " + indices.stream().map(indexMetaData -> {
            return indexMetaData.getIndex().getName();
        }).collect(Collectors.toList()));
    }

    private static Version readMappingVersion(String str, MappingMetaData mappingMetaData, Logger logger) {
        try {
            Map map = (Map) mappingMetaData.sourceAsMap().get("_meta");
            if (map != null) {
                return Version.fromString((String) map.get(SECURITY_VERSION_STRING));
            }
            logger.info("Missing _meta field in mapping [{}] of index [{}]", mappingMetaData.type(), str);
            return Version.V_2_3_0;
        } catch (ElasticsearchParseException e) {
            logger.error(new ParameterizedMessage("Cannot parse the mapping for index [{}]", str), e);
            throw new ElasticsearchException("Cannot parse the mapping for index [{}]", e, new Object[]{str});
        }
    }

    private void updateTemplate() {
        if (this.templateCreationPending.compareAndSet(false, true)) {
            putTemplate();
        }
    }

    private boolean migrateData(ClusterState clusterState, final Runnable runnable) {
        if (this.migrateDataState.compareAndSet(UpgradeState.NOT_STARTED, UpgradeState.IN_PROGRESS)) {
            final Version oldestIndexMappingVersion = oldestIndexMappingVersion(clusterState);
            this.migrator.performUpgrade(oldestIndexMappingVersion, new ActionListener<Boolean>() { // from class: org.elasticsearch.xpack.security.support.IndexLifecycleManager.1
                public void onResponse(Boolean bool) {
                    IndexLifecycleManager.this.migrateDataState.set(UpgradeState.COMPLETE);
                    runnable.run();
                }

                public void onFailure(Exception exc) {
                    IndexLifecycleManager.this.migrateDataState.set(UpgradeState.FAILED);
                    int incrementAndGet = IndexLifecycleManager.this.migrateDataAttempts.incrementAndGet();
                    IndexLifecycleManager.this.logger.error(new ParameterizedMessage("failed to upgrade security [{}] data from version [{}] (Attempt {} of {})", new Object[]{IndexLifecycleManager.this.indexName, oldestIndexMappingVersion, Integer.valueOf(incrementAndGet), 10}), exc);
                    if (incrementAndGet >= 10) {
                        IndexLifecycleManager.this.logger.error("Security migration has failed after {} attempts. Restart the master node to try again.", 10);
                        return;
                    }
                    TimeValue timeValueMillis = TimeValue.timeValueMillis((long) Math.pow(incrementAndGet, 5.0d));
                    IndexLifecycleManager.this.logger.info("Will attempt upgrade again in {}", timeValueMillis);
                    ThreadPool threadPool = IndexLifecycleManager.this.threadPool;
                    IndexLifecycleManager indexLifecycleManager = IndexLifecycleManager.this;
                    threadPool.schedule(timeValueMillis, "same", () -> {
                        indexLifecycleManager.retryDataMigration();
                    });
                }

                public String toString() {
                    return getClass() + "{" + IndexLifecycleManager.this.indexName + " migrator}";
                }
            });
            return true;
        }
        if (this.migrateDataState.get() != UpgradeState.COMPLETE) {
            return false;
        }
        runnable.run();
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void retryDataMigration() {
        if (this.migrateDataState.compareAndSet(UpgradeState.FAILED, UpgradeState.NOT_STARTED)) {
            processClusterState(this.clusterService.state());
        }
    }

    private void updateMapping() {
        if (this.updateMappingPending.compareAndSet(false, true)) {
            putMappings();
        }
    }

    private void putMappings() {
        try {
            Map convertToMap = XContentHelper.convertToMap(JsonXContent.jsonXContent, TemplateUtils.loadTemplate("/" + this.templateName + ".json", Version.CURRENT.toString(), TEMPLATE_VERSION_PATTERN), false);
            ConcurrentMap newConcurrentMap = ConcurrentCollections.newConcurrentMap();
            Map map = (Map) convertToMap.get("mappings");
            int size = map.size();
            for (String str : map.keySet()) {
                putMapping(newConcurrentMap, size, str, (Map) map.get(str));
            }
        } catch (ElasticsearchParseException e) {
            this.updateMappingPending.set(false);
            this.logger.error(new ParameterizedMessage("failed to parse index template {}", this.templateName), e);
            throw new ElasticsearchException("failed to parse index template {}", e, new Object[]{this.templateName});
        }
    }

    private void putMapping(final Map<String, PutMappingResponse> map, final int i, final String str, Map<String, Object> map2) {
        this.logger.debug("updating mapping of the [{}] index for type [{}]", this.indexName, str);
        this.client.admin().indices().putMapping(this.client.admin().indices().preparePutMapping(new String[]{this.indexName}).setSource(map2).setType(str).request(), new ActionListener<PutMappingResponse>() { // from class: org.elasticsearch.xpack.security.support.IndexLifecycleManager.2
            public void onResponse(PutMappingResponse putMappingResponse) {
                if (!putMappingResponse.isAcknowledged()) {
                    IndexLifecycleManager.this.updateMappingPending.set(false);
                    throw new ElasticsearchException("update mapping for type [{}] in index [{}] was not acknowledged", new Object[]{str, IndexLifecycleManager.this.indexName});
                }
                map.put(str, putMappingResponse);
                if (map.size() == i) {
                    IndexLifecycleManager.this.updateMappingPending.set(false);
                }
            }

            public void onFailure(Exception exc) {
                IndexLifecycleManager.this.updateMappingPending.set(false);
                Logger logger = IndexLifecycleManager.this.logger;
                String str2 = str;
                logger.warn(() -> {
                    return new ParameterizedMessage("failed to update mapping for type [{}] on index [{}]", str2, IndexLifecycleManager.this.indexName);
                }, exc);
            }

            public String toString() {
                return getClass() + "{" + IndexLifecycleManager.this.indexName + " PutMapping}";
            }
        });
    }

    private void putTemplate() {
        this.logger.debug("putting the template [{}]", this.templateName);
        this.client.admin().indices().putTemplate(this.client.admin().indices().preparePutTemplate(this.templateName).setSource(new BytesArray(TemplateUtils.loadTemplate("/" + this.templateName + ".json", Version.CURRENT.toString(), TEMPLATE_VERSION_PATTERN).getBytes(StandardCharsets.UTF_8)), XContentType.JSON).request(), new ActionListener<PutIndexTemplateResponse>() { // from class: org.elasticsearch.xpack.security.support.IndexLifecycleManager.3
            public void onResponse(PutIndexTemplateResponse putIndexTemplateResponse) {
                IndexLifecycleManager.this.templateCreationPending.set(false);
                if (!putIndexTemplateResponse.isAcknowledged()) {
                    throw new ElasticsearchException("put template [{}] was not acknowledged", new Object[]{IndexLifecycleManager.this.templateName});
                }
                IndexLifecycleManager.this.templateIsUpToDate = true;
            }

            public void onFailure(Exception exc) {
                IndexLifecycleManager.this.templateCreationPending.set(false);
                IndexLifecycleManager.this.logger.warn(new ParameterizedMessage("failed to put template [{}]", IndexLifecycleManager.this.templateName), exc);
            }

            public String toString() {
                return getClass() + "{" + IndexLifecycleManager.this.indexName + " PutTemplate}";
            }
        });
    }

    static {
        $assertionsDisabled = !IndexLifecycleManager.class.desiredAssertionStatus();
        TEMPLATE_VERSION_PATTERN = Pattern.quote("${security.template.version}");
        NEW_INDEX_VERSION = 6;
        NULL_MIGRATOR = (version, actionListener) -> {
            actionListener.onResponse(false);
        };
    }
}
