package org.elasticsearch.xpack.security;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.function.Predicate;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.Version;
import org.elasticsearch.cluster.ClusterChangedEvent;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.ClusterStateListener;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.component.LifecycleListener;
import org.elasticsearch.common.inject.internal.Nullable;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
import org.elasticsearch.gateway.GatewayService;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
import org.elasticsearch.xpack.security.authc.esnative.NativeRealmMigrator;
import org.elasticsearch.xpack.security.support.IndexLifecycleManager;

/* loaded from: input_file:org/elasticsearch/xpack/security/SecurityLifecycleService.class */
public class SecurityLifecycleService extends AbstractComponent implements ClusterStateListener {
    public static final String SECURITY_INDEX_NAME = ".security";
    public static final String SECURITY_TEMPLATE_NAME = "security-index-template";
    private static final Version MIN_READ_VERSION = Version.V_5_0_0;
    private final Settings settings;
    private final ThreadPool threadPool;
    private final IndexAuditTrail indexAuditTrail;
    private final IndexLifecycleManager securityIndex;

    public SecurityLifecycleService(Settings settings, ClusterService clusterService, ThreadPool threadPool, InternalClient internalClient, XPackLicenseState xPackLicenseState, @Nullable IndexAuditTrail indexAuditTrail) {
        this(settings, clusterService, threadPool, internalClient, new NativeRealmMigrator(settings, xPackLicenseState, internalClient), indexAuditTrail);
    }

    SecurityLifecycleService(Settings settings, ClusterService clusterService, ThreadPool threadPool, InternalClient internalClient, NativeRealmMigrator nativeRealmMigrator, @Nullable IndexAuditTrail indexAuditTrail) {
        super(settings);
        this.settings = settings;
        this.threadPool = threadPool;
        this.indexAuditTrail = indexAuditTrail;
        this.securityIndex = new IndexLifecycleManager(settings, internalClient, clusterService, threadPool, ".security", SECURITY_TEMPLATE_NAME, nativeRealmMigrator);
        clusterService.addListener(this);
        clusterService.addLifecycleListener(new LifecycleListener() { // from class: org.elasticsearch.xpack.security.SecurityLifecycleService.1
            public void beforeStop() {
                SecurityLifecycleService.this.stop();
            }
        });
    }

    public void clusterChanged(final ClusterChangedEvent clusterChangedEvent) {
        if (clusterChangedEvent.state().blocks().hasGlobalBlock(GatewayService.STATE_NOT_RECOVERED_BLOCK)) {
            this.logger.debug("lifecycle service waiting until state has been recovered");
            return;
        }
        this.securityIndex.clusterChanged(clusterChangedEvent);
        try {
            if (Security.indexAuditLoggingEnabled(this.settings) && this.indexAuditTrail.state() == IndexAuditTrail.State.INITIALIZED && this.indexAuditTrail.canStart(clusterChangedEvent, clusterChangedEvent.localNodeMaster())) {
                this.threadPool.generic().execute(new AbstractRunnable() { // from class: org.elasticsearch.xpack.security.SecurityLifecycleService.2
                    static final /* synthetic */ boolean $assertionsDisabled;

                    public void onFailure(Exception exc) {
                        SecurityLifecycleService.this.logger.error("failed to start index audit trail services", exc);
                        if (!$assertionsDisabled) {
                            throw new AssertionError("security lifecycle services startup failed");
                        }
                    }

                    public void doRun() {
                        SecurityLifecycleService.this.indexAuditTrail.start(clusterChangedEvent.localNodeMaster());
                    }

                    static {
                        $assertionsDisabled = !SecurityLifecycleService.class.desiredAssertionStatus();
                    }
                });
            }
        } catch (Exception e) {
            this.logger.error("failed to start index audit trail", e);
        }
    }

    protected IndexLifecycleManager securityIndex() {
        return this.securityIndex;
    }

    public boolean isSecurityIndexExisting() {
        return this.securityIndex.indexExists();
    }

    public boolean isSecurityIndexAvailable() {
        return this.securityIndex.isAvailable();
    }

    public boolean isSecurityIndexWriteable() {
        return this.securityIndex.isWritable();
    }

    public boolean checkSecurityMappingVersion(Predicate<Version> predicate) {
        return this.securityIndex.checkMappingVersion(predicate);
    }

    public void stop() {
        if (this.indexAuditTrail != null) {
            try {
                this.indexAuditTrail.stop();
            } catch (Exception e) {
                this.logger.error("failed to stop audit trail module", e);
            }
        }
    }

    public static boolean securityIndexMappingAndTemplateSufficientToRead(ClusterState clusterState, Logger logger) {
        Version version = MIN_READ_VERSION;
        version.getClass();
        return checkTemplateAndMappingVersions(clusterState, logger, version::onOrBefore);
    }

    public static boolean securityIndexMappingAndTemplateUpToDate(ClusterState clusterState, Logger logger) {
        Version version = Version.CURRENT;
        version.getClass();
        return checkTemplateAndMappingVersions(clusterState, logger, (v1) -> {
            return r2.equals(v1);
        });
    }

    private static boolean checkTemplateAndMappingVersions(ClusterState clusterState, Logger logger, Predicate<Version> predicate) {
        return IndexLifecycleManager.checkTemplateExistsAndVersionMatches(SECURITY_TEMPLATE_NAME, clusterState, logger, predicate) && IndexLifecycleManager.checkIndexMappingVersionMatches(".security", clusterState, logger, predicate);
    }

    public static List<String> indexNames() {
        return Collections.unmodifiableList(Arrays.asList(".security"));
    }
}
