package org.elasticsearch.xpack.security.authc.esnative;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.ExceptionsHelper;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.DocWriteResponse;
import org.elasticsearch.action.delete.DeleteRequest;
import org.elasticsearch.action.delete.DeleteResponse;
import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.search.SearchRequest;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.action.update.UpdateResponse;
import org.elasticsearch.client.Requests;
import org.elasticsearch.common.CheckedConsumer;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.ValidationException;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.index.IndexNotFoundException;
import org.elasticsearch.index.engine.DocumentMissingException;
import org.elasticsearch.index.query.MatchAllQueryBuilder;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.search.SearchHit;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.ml.job.process.autodetect.params.TimeRange;
import org.elasticsearch.xpack.security.InternalClient;
import org.elasticsearch.xpack.security.SecurityLifecycleService;
import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheRequest;
import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheResponse;
import org.elasticsearch.xpack.security.action.user.ChangePasswordRequest;
import org.elasticsearch.xpack.security.action.user.DeleteUserRequest;
import org.elasticsearch.xpack.security.action.user.PutUserRequest;
import org.elasticsearch.xpack.security.authc.support.Hasher;
import org.elasticsearch.xpack.security.client.SecurityClient;
import org.elasticsearch.xpack.security.user.User;
import org.elasticsearch.xpack.security.user.XPackUser;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.class */
public class NativeUsersStore extends AbstractComponent {
    private static final String USER_DOC_TYPE = "user";
    public static final String RESERVED_USER_DOC_TYPE = "reserved-user";
    private final Hasher hasher;
    private final InternalClient client;
    private final boolean isTribeNode;
    private volatile SecurityLifecycleService securityLifecycleService;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore$ReservedUserInfo.class */
    public static class ReservedUserInfo {
        public final char[] passwordHash;
        public final boolean enabled;
        public final boolean hasDefaultPassword;

        /* JADX INFO: Access modifiers changed from: package-private */
        public ReservedUserInfo(char[] cArr, boolean z, boolean z2) {
            this.passwordHash = cArr;
            this.enabled = z;
            this.hasDefaultPassword = z2;
        }
    }

    public NativeUsersStore(Settings settings, InternalClient internalClient, SecurityLifecycleService securityLifecycleService) {
        super(settings);
        this.hasher = Hasher.BCRYPT;
        this.client = internalClient;
        this.isTribeNode = XPackPlugin.isTribeNode(settings);
        this.securityLifecycleService = securityLifecycleService;
    }

    public void getUser(String str, ActionListener<User> actionListener) {
        CheckedConsumer checkedConsumer = userAndPassword -> {
            actionListener.onResponse(userAndPassword == null ? null : userAndPassword.user());
        };
        actionListener.getClass();
        getUserAndPassword(str, ActionListener.wrap(checkedConsumer, actionListener::onFailure));
    }

    public void getUsers(String[] strArr, ActionListener<Collection<User>> actionListener) {
        MatchAllQueryBuilder filter;
        Consumer consumer = exc -> {
            if (!(exc instanceof IndexNotFoundException)) {
                actionListener.onFailure(exc);
            } else {
                this.logger.trace("could not retrieve users because security index does not exist");
                actionListener.onResponse(Collections.emptyList());
            }
        };
        if (strArr.length == 1) {
            String str = strArr[0];
            CheckedConsumer checkedConsumer = userAndPassword -> {
                actionListener.onResponse(userAndPassword == null ? Collections.emptyList() : Collections.singletonList(userAndPassword.user()));
            };
            consumer.getClass();
            getUserAndPassword(str, ActionListener.wrap(checkedConsumer, (v1) -> {
                r3.accept(v1);
            }));
            return;
        }
        if (strArr != null) {
            try {
                if (strArr.length != 0) {
                    filter = QueryBuilders.boolQuery().filter(QueryBuilders.idsQuery(new String[]{"user"}).addIds(strArr));
                    SearchRequest request = this.client.prepareSearch(new String[]{".security"}).setScroll(TimeValue.timeValueSeconds(10L)).setTypes(new String[]{"user"}).setQuery(filter).setSize(TimeRange.MILLISECONDS_IN_SECOND).setFetchSource(true).request();
                    request.indicesOptions().ignoreUnavailable();
                    InternalClient.fetchAllByEntity(this.client, request, actionListener, searchHit -> {
                        UserAndPassword transformUser = transformUser(searchHit.getId(), searchHit.getSourceAsMap());
                        if (transformUser != null) {
                            return transformUser.user();
                        }
                        return null;
                    });
                }
            } catch (Exception e) {
                this.logger.error(() -> {
                    return new ParameterizedMessage("unable to retrieve users {}", Arrays.toString(strArr));
                }, e);
                actionListener.onFailure(e);
                return;
            }
        }
        filter = QueryBuilders.matchAllQuery();
        SearchRequest request2 = this.client.prepareSearch(new String[]{".security"}).setScroll(TimeValue.timeValueSeconds(10L)).setTypes(new String[]{"user"}).setQuery(filter).setSize(TimeRange.MILLISECONDS_IN_SECOND).setFetchSource(true).request();
        request2.indicesOptions().ignoreUnavailable();
        InternalClient.fetchAllByEntity(this.client, request2, actionListener, searchHit2 -> {
            UserAndPassword transformUser = transformUser(searchHit2.getId(), searchHit2.getSourceAsMap());
            if (transformUser != null) {
                return transformUser.user();
            }
            return null;
        });
    }

    private void getUserAndPassword(final String str, final ActionListener<UserAndPassword> actionListener) {
        try {
            this.client.get(this.client.prepareGet(".security", "user", str).request(), new ActionListener<GetResponse>() { // from class: org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore.1
                public void onResponse(GetResponse getResponse) {
                    actionListener.onResponse(NativeUsersStore.this.transformUser(getResponse.getId(), getResponse.getSource()));
                }

                public void onFailure(Exception exc) {
                    if (exc instanceof IndexNotFoundException) {
                        Logger logger = NativeUsersStore.this.logger;
                        String str2 = str;
                        logger.trace(() -> {
                            return new ParameterizedMessage("could not retrieve user [{}] because security index does not exist", str2);
                        }, exc);
                    } else {
                        Logger logger2 = NativeUsersStore.this.logger;
                        String str3 = str;
                        logger2.error(() -> {
                            return new ParameterizedMessage("failed to retrieve user [{}]", str3);
                        }, exc);
                    }
                    actionListener.onResponse((Object) null);
                }
            });
        } catch (Exception e) {
            this.logger.error(() -> {
                return new ParameterizedMessage("unable to retrieve user [{}]", str);
            }, e);
            actionListener.onFailure(e);
        } catch (IndexNotFoundException e2) {
            this.logger.trace("could not retrieve user [{}] because security index does not exist", str);
            actionListener.onResponse((Object) null);
        }
    }

    public void changePassword(final ChangePasswordRequest changePasswordRequest, final ActionListener<Void> actionListener) {
        final String username = changePasswordRequest.username();
        if (!$assertionsDisabled && ("_system".equals(username) || XPackUser.NAME.equals(username))) {
            throw new AssertionError(username + "is internal!");
        }
        if (this.isTribeNode) {
            actionListener.onFailure(new UnsupportedOperationException("users may not be created or modified using a tribe node"));
        } else {
            if (!this.securityLifecycleService.isSecurityIndexWriteable()) {
                actionListener.onFailure(new IllegalStateException("password cannot be changed as user service cannot write until template and mappings are up to date"));
                return;
            }
            String str = ReservedRealm.isReserved(username, this.settings) ? RESERVED_USER_DOC_TYPE : "user";
            final String str2 = str;
            this.client.prepareUpdate(".security", str, username).setDoc(Requests.INDEX_CONTENT_TYPE, new Object[]{User.Fields.PASSWORD.getPreferredName(), String.valueOf(changePasswordRequest.passwordHash())}).setRefreshPolicy(changePasswordRequest.getRefreshPolicy()).execute(new ActionListener<UpdateResponse>() { // from class: org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore.2
                static final /* synthetic */ boolean $assertionsDisabled;

                public void onResponse(UpdateResponse updateResponse) {
                    if (!$assertionsDisabled && updateResponse.getResult() != DocWriteResponse.Result.UPDATED) {
                        throw new AssertionError();
                    }
                    NativeUsersStore.this.clearRealmCache(changePasswordRequest.username(), actionListener, null);
                }

                public void onFailure(Exception exc) {
                    if (!NativeUsersStore.isIndexNotFoundOrDocumentMissing(exc)) {
                        actionListener.onFailure(exc);
                        return;
                    }
                    if (str2.equals(NativeUsersStore.RESERVED_USER_DOC_TYPE)) {
                        NativeUsersStore.this.createReservedUser(username, changePasswordRequest.passwordHash(), changePasswordRequest.getRefreshPolicy(), actionListener);
                        return;
                    }
                    Logger logger = NativeUsersStore.this.logger;
                    ChangePasswordRequest changePasswordRequest2 = changePasswordRequest;
                    logger.debug(() -> {
                        return new ParameterizedMessage("failed to change password for user [{}]", changePasswordRequest2.username());
                    }, exc);
                    ValidationException validationException = new ValidationException();
                    validationException.addValidationError("user must exist in order to change password");
                    actionListener.onFailure(validationException);
                }

                static {
                    $assertionsDisabled = !NativeUsersStore.class.desiredAssertionStatus();
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void createReservedUser(final String str, char[] cArr, WriteRequest.RefreshPolicy refreshPolicy, final ActionListener<Void> actionListener) {
        this.client.prepareIndex(".security", RESERVED_USER_DOC_TYPE, str).setSource(new Object[]{User.Fields.PASSWORD.getPreferredName(), String.valueOf(cArr), User.Fields.ENABLED.getPreferredName(), true}).setRefreshPolicy(refreshPolicy).execute(new ActionListener<IndexResponse>() { // from class: org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore.3
            public void onResponse(IndexResponse indexResponse) {
                NativeUsersStore.this.clearRealmCache(str, actionListener, null);
            }

            public void onFailure(Exception exc) {
                actionListener.onFailure(exc);
            }
        });
    }

    public void putUser(PutUserRequest putUserRequest, ActionListener<Boolean> actionListener) {
        if (this.isTribeNode) {
            actionListener.onFailure(new UnsupportedOperationException("users may not be created or modified using a tribe node"));
            return;
        }
        if (!this.securityLifecycleService.isSecurityIndexWriteable()) {
            actionListener.onFailure(new IllegalStateException("user cannot be created or changed as the user service cannot write until template and mappings are up to date"));
            return;
        }
        try {
            if (putUserRequest.passwordHash() == null) {
                updateUserWithoutPassword(putUserRequest, actionListener);
            } else {
                indexUser(putUserRequest, actionListener);
            }
        } catch (Exception e) {
            this.logger.error(() -> {
                return new ParameterizedMessage("unable to put user [{}]", putUserRequest.username());
            }, e);
            actionListener.onFailure(e);
        }
    }

    private void updateUserWithoutPassword(final PutUserRequest putUserRequest, final ActionListener<Boolean> actionListener) {
        if (!$assertionsDisabled && putUserRequest.passwordHash() != null) {
            throw new AssertionError();
        }
        this.client.prepareUpdate(".security", "user", putUserRequest.username()).setDoc(Requests.INDEX_CONTENT_TYPE, new Object[]{User.Fields.USERNAME.getPreferredName(), putUserRequest.username(), User.Fields.ROLES.getPreferredName(), putUserRequest.roles(), User.Fields.FULL_NAME.getPreferredName(), putUserRequest.fullName(), User.Fields.EMAIL.getPreferredName(), putUserRequest.email(), User.Fields.METADATA.getPreferredName(), putUserRequest.metadata(), User.Fields.ENABLED.getPreferredName(), Boolean.valueOf(putUserRequest.enabled())}).setRefreshPolicy(putUserRequest.getRefreshPolicy()).execute(new ActionListener<UpdateResponse>() { // from class: org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore.4
            static final /* synthetic */ boolean $assertionsDisabled;

            public void onResponse(UpdateResponse updateResponse) {
                if (!$assertionsDisabled && updateResponse.getResult() != DocWriteResponse.Result.UPDATED) {
                    throw new AssertionError();
                }
                NativeUsersStore.this.clearRealmCache(putUserRequest.username(), actionListener, false);
            }

            public void onFailure(Exception exc) {
                Exception exc2 = exc;
                if (NativeUsersStore.isIndexNotFoundOrDocumentMissing(exc)) {
                    Logger logger = NativeUsersStore.this.logger;
                    PutUserRequest putUserRequest2 = putUserRequest;
                    logger.debug(() -> {
                        return new ParameterizedMessage("failed to update user document with username [{}]", putUserRequest2.username());
                    }, exc);
                    Exception validationException = new ValidationException();
                    validationException.addValidationError("password must be specified unless you are updating an existing user");
                    exc2 = validationException;
                }
                actionListener.onFailure(exc2);
            }

            static {
                $assertionsDisabled = !NativeUsersStore.class.desiredAssertionStatus();
            }
        });
    }

    private void indexUser(final PutUserRequest putUserRequest, final ActionListener<Boolean> actionListener) {
        if (!$assertionsDisabled && putUserRequest.passwordHash() == null) {
            throw new AssertionError();
        }
        this.client.prepareIndex(".security", "user", putUserRequest.username()).setSource(new Object[]{User.Fields.USERNAME.getPreferredName(), putUserRequest.username(), User.Fields.PASSWORD.getPreferredName(), String.valueOf(putUserRequest.passwordHash()), User.Fields.ROLES.getPreferredName(), putUserRequest.roles(), User.Fields.FULL_NAME.getPreferredName(), putUserRequest.fullName(), User.Fields.EMAIL.getPreferredName(), putUserRequest.email(), User.Fields.METADATA.getPreferredName(), putUserRequest.metadata(), User.Fields.ENABLED.getPreferredName(), Boolean.valueOf(putUserRequest.enabled())}).setRefreshPolicy(putUserRequest.getRefreshPolicy()).execute(new ActionListener<IndexResponse>() { // from class: org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore.5
            public void onResponse(IndexResponse indexResponse) {
                NativeUsersStore.this.clearRealmCache(putUserRequest.username(), actionListener, Boolean.valueOf(indexResponse.getResult() == DocWriteResponse.Result.CREATED));
            }

            public void onFailure(Exception exc) {
                actionListener.onFailure(exc);
            }
        });
    }

    public void setEnabled(String str, boolean z, WriteRequest.RefreshPolicy refreshPolicy, ActionListener<Void> actionListener) {
        if (this.isTribeNode) {
            actionListener.onFailure(new UnsupportedOperationException("users may not be created or modified using a tribe node"));
            return;
        }
        if (!this.securityLifecycleService.isSecurityIndexWriteable()) {
            actionListener.onFailure(new IllegalStateException("enabled status cannot be changed as user service cannot write until template and mappings are up to date"));
        } else if (ReservedRealm.isReserved(str, this.settings)) {
            setReservedUserEnabled(str, z, refreshPolicy, true, actionListener);
        } else {
            setRegularUserEnabled(str, z, refreshPolicy, actionListener);
        }
    }

    private void setRegularUserEnabled(final String str, final boolean z, WriteRequest.RefreshPolicy refreshPolicy, final ActionListener<Void> actionListener) {
        try {
            this.client.prepareUpdate(".security", "user", str).setDoc(Requests.INDEX_CONTENT_TYPE, new Object[]{User.Fields.ENABLED.getPreferredName(), Boolean.valueOf(z)}).setRefreshPolicy(refreshPolicy).execute(new ActionListener<UpdateResponse>() { // from class: org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore.6
                public void onResponse(UpdateResponse updateResponse) {
                    NativeUsersStore.this.clearRealmCache(str, actionListener, null);
                }

                public void onFailure(Exception exc) {
                    Exception exc2 = exc;
                    if (NativeUsersStore.isIndexNotFoundOrDocumentMissing(exc)) {
                        Logger logger = NativeUsersStore.this.logger;
                        boolean z2 = z;
                        String str2 = str;
                        logger.debug(() -> {
                            return new ParameterizedMessage("failed to {} user [{}]", z2 ? "enable" : "disable", str2);
                        }, exc);
                        Exception validationException = new ValidationException();
                        validationException.addValidationError("only existing users can be " + (z ? "enabled" : "disabled"));
                        exc2 = validationException;
                    }
                    actionListener.onFailure(exc2);
                }
            });
        } catch (Exception e) {
            actionListener.onFailure(e);
        }
    }

    private void setReservedUserEnabled(final String str, boolean z, WriteRequest.RefreshPolicy refreshPolicy, final boolean z2, final ActionListener<Void> actionListener) {
        try {
            this.client.prepareUpdate(".security", RESERVED_USER_DOC_TYPE, str).setDoc(Requests.INDEX_CONTENT_TYPE, new Object[]{User.Fields.ENABLED.getPreferredName(), Boolean.valueOf(z)}).setUpsert(XContentType.JSON, new Object[]{User.Fields.PASSWORD.getPreferredName(), "", User.Fields.ENABLED.getPreferredName(), Boolean.valueOf(z)}).setRefreshPolicy(refreshPolicy).execute(new ActionListener<UpdateResponse>() { // from class: org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore.7
                public void onResponse(UpdateResponse updateResponse) {
                    if (z2) {
                        NativeUsersStore.this.clearRealmCache(str, actionListener, null);
                    } else {
                        actionListener.onResponse((Object) null);
                    }
                }

                public void onFailure(Exception exc) {
                    actionListener.onFailure(exc);
                }
            });
        } catch (Exception e) {
            actionListener.onFailure(e);
        }
    }

    public void deleteUser(final DeleteUserRequest deleteUserRequest, final ActionListener<Boolean> actionListener) {
        if (this.isTribeNode) {
            actionListener.onFailure(new UnsupportedOperationException("users may not be deleted using a tribe node"));
            return;
        }
        if (!this.securityLifecycleService.isSecurityIndexWriteable()) {
            actionListener.onFailure(new IllegalStateException("user cannot be deleted as user service cannot write until template and mappings are up to date"));
            return;
        }
        try {
            DeleteRequest request = this.client.prepareDelete(".security", "user", deleteUserRequest.username()).request();
            request.indicesOptions().ignoreUnavailable();
            request.setRefreshPolicy(deleteUserRequest.getRefreshPolicy());
            this.client.delete(request, new ActionListener<DeleteResponse>() { // from class: org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore.8
                public void onResponse(DeleteResponse deleteResponse) {
                    NativeUsersStore.this.clearRealmCache(deleteUserRequest.username(), actionListener, Boolean.valueOf(deleteResponse.getResult() == DocWriteResponse.Result.DELETED));
                }

                public void onFailure(Exception exc) {
                    actionListener.onFailure(exc);
                }
            });
        } catch (Exception e) {
            this.logger.error("unable to remove user", e);
            actionListener.onFailure(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifyPassword(String str, SecureString secureString, ActionListener<User> actionListener) {
        CheckedConsumer checkedConsumer = userAndPassword -> {
            if (userAndPassword == null || userAndPassword.passwordHash() == null) {
                actionListener.onResponse((Object) null);
            } else if (this.hasher.verify(secureString, userAndPassword.passwordHash())) {
                actionListener.onResponse(userAndPassword.user());
            } else {
                actionListener.onResponse((Object) null);
            }
        };
        actionListener.getClass();
        getUserAndPassword(str, ActionListener.wrap(checkedConsumer, actionListener::onFailure));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void getReservedUserInfo(final String str, final ActionListener<ReservedUserInfo> actionListener) {
        if (this.securityLifecycleService.isSecurityIndexExisting()) {
            this.client.prepareGet(".security", RESERVED_USER_DOC_TYPE, str).execute(new ActionListener<GetResponse>() { // from class: org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore.9
                public void onResponse(GetResponse getResponse) {
                    if (!getResponse.isExists()) {
                        actionListener.onResponse((Object) null);
                        return;
                    }
                    Map sourceAsMap = getResponse.getSourceAsMap();
                    String str2 = (String) sourceAsMap.get(User.Fields.PASSWORD.getPreferredName());
                    Boolean bool = (Boolean) sourceAsMap.get(User.Fields.ENABLED.getPreferredName());
                    if (str2 == null) {
                        actionListener.onFailure(new IllegalStateException("password hash must not be null!"));
                        return;
                    }
                    if (bool == null) {
                        actionListener.onFailure(new IllegalStateException("enabled must not be null!"));
                    } else if (str2.isEmpty()) {
                        actionListener.onResponse(new ReservedUserInfo(ReservedRealm.DEFAULT_PASSWORD_HASH, bool.booleanValue(), true));
                    } else {
                        actionListener.onResponse(new ReservedUserInfo(str2.toCharArray(), bool.booleanValue(), false));
                    }
                }

                public void onFailure(Exception exc) {
                    if (exc instanceof IndexNotFoundException) {
                        Logger logger = NativeUsersStore.this.logger;
                        String str2 = str;
                        logger.trace(() -> {
                            return new ParameterizedMessage("could not retrieve built in user [{}] info since security index does not exist", str2);
                        }, exc);
                        actionListener.onResponse((Object) null);
                        return;
                    }
                    Logger logger2 = NativeUsersStore.this.logger;
                    String str3 = str;
                    logger2.error(() -> {
                        return new ParameterizedMessage("failed to retrieve built in user [{}] info", str3);
                    }, exc);
                    actionListener.onFailure((Exception) null);
                }
            });
        } else {
            actionListener.onFailure(new IllegalStateException("Attempt to get reserved user info but the security index does not exist"));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void getAllReservedUserInfo(final ActionListener<Map<String, ReservedUserInfo>> actionListener) {
        this.client.prepareSearch(new String[]{".security"}).setTypes(new String[]{RESERVED_USER_DOC_TYPE}).setQuery(QueryBuilders.matchAllQuery()).setFetchSource(true).execute(new ActionListener<SearchResponse>() { // from class: org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore.10
            static final /* synthetic */ boolean $assertionsDisabled;

            public void onResponse(SearchResponse searchResponse) {
                HashMap hashMap = new HashMap();
                if (!$assertionsDisabled && searchResponse.getHits().getTotalHits() > 10) {
                    throw new AssertionError("there are more than 10 reserved users we need to change this to retrieve them all!");
                }
                for (SearchHit searchHit : searchResponse.getHits().getHits()) {
                    Map sourceAsMap = searchHit.getSourceAsMap();
                    String str = (String) sourceAsMap.get(User.Fields.PASSWORD.getPreferredName());
                    Boolean bool = (Boolean) sourceAsMap.get(User.Fields.ENABLED.getPreferredName());
                    if (str == null) {
                        actionListener.onFailure(new IllegalStateException("password hash must not be null!"));
                        return;
                    } else {
                        if (bool == null) {
                            actionListener.onFailure(new IllegalStateException("enabled must not be null!"));
                            return;
                        }
                        if (str.isEmpty()) {
                            hashMap.put(searchHit.getId(), new ReservedUserInfo(ReservedRealm.DEFAULT_PASSWORD_HASH, bool.booleanValue(), true));
                        } else {
                            hashMap.put(searchHit.getId(), new ReservedUserInfo(str.toCharArray(), bool.booleanValue(), false));
                        }
                    }
                }
                actionListener.onResponse(hashMap);
            }

            public void onFailure(Exception exc) {
                if (exc instanceof IndexNotFoundException) {
                    NativeUsersStore.this.logger.trace("could not retrieve built in users since security index does not exist", exc);
                    actionListener.onResponse(Collections.emptyMap());
                } else {
                    NativeUsersStore.this.logger.error("failed to retrieve built in users", exc);
                    actionListener.onFailure(exc);
                }
            }

            static {
                $assertionsDisabled = !NativeUsersStore.class.desiredAssertionStatus();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <Response> void clearRealmCache(final String str, final ActionListener<Response> actionListener, final Response response) {
        SecurityClient securityClient = new SecurityClient(this.client);
        securityClient.clearRealmCache((ClearRealmCacheRequest) securityClient.prepareClearRealmCache().usernames(str).request(), new ActionListener<ClearRealmCacheResponse>() { // from class: org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore.11
            public void onResponse(ClearRealmCacheResponse clearRealmCacheResponse) {
                actionListener.onResponse(response);
            }

            public void onFailure(Exception exc) {
                Logger logger = NativeUsersStore.this.logger;
                String str2 = str;
                logger.error(() -> {
                    return new ParameterizedMessage("unable to clear realm cache for user [{}]", str2);
                }, exc);
                actionListener.onFailure(new ElasticsearchException("clearing the cache for [" + str + "] failed. please clear the realm cache manually", exc, new Object[0]));
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nullable
    public UserAndPassword transformUser(String str, Map<String, Object> map) {
        if (map == null) {
            return null;
        }
        try {
            String str2 = (String) map.get(User.Fields.PASSWORD.getPreferredName());
            String[] strArr = (String[]) ((List) map.get(User.Fields.ROLES.getPreferredName())).toArray(Strings.EMPTY_ARRAY);
            String str3 = (String) map.get(User.Fields.FULL_NAME.getPreferredName());
            String str4 = (String) map.get(User.Fields.EMAIL.getPreferredName());
            Boolean bool = (Boolean) map.get(User.Fields.ENABLED.getPreferredName());
            if (bool == null) {
                bool = Boolean.TRUE;
            }
            return new UserAndPassword(new User(str, strArr, str3, str4, (Map) map.get(User.Fields.METADATA.getPreferredName()), bool.booleanValue()), str2.toCharArray());
        } catch (Exception e) {
            this.logger.error(() -> {
                return new ParameterizedMessage("error in the format of data for user [{}]", str);
            }, e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isIndexNotFoundOrDocumentMissing(Exception exc) {
        if (!(exc instanceof ElasticsearchException)) {
            return false;
        }
        Throwable unwrapCause = ExceptionsHelper.unwrapCause(exc);
        return (unwrapCause instanceof IndexNotFoundException) || (unwrapCause instanceof DocumentMissingException);
    }

    static {
        $assertionsDisabled = !NativeUsersStore.class.desiredAssertionStatus();
    }
}
