package org.elasticsearch.xpack.idp.saml.sp;

import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.ParsingException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.cache.Cache;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.iterable.Iterables;
import org.elasticsearch.common.xcontent.LoggingDeprecationHandler;
import org.elasticsearch.common.xcontent.NamedXContentRegistry;
import org.elasticsearch.common.xcontent.ParseField;
import org.elasticsearch.common.xcontent.XContentLocation;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.common.xcontent.XContentParserUtils;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.core.Tuple;
import org.elasticsearch.env.Environment;
import org.elasticsearch.script.ScriptService;
import org.elasticsearch.watcher.FileChangesListener;
import org.elasticsearch.watcher.FileWatcher;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.elasticsearch.xpack.core.XPackPlugin;

/* loaded from: input_file:org/elasticsearch/xpack/idp/saml/sp/WildcardServiceProviderResolver.class */
public class WildcardServiceProviderResolver {
    public static final Setting<String> FILE_PATH_SETTING = Setting.simpleString("xpack.idp.sp.wildcard.path", "wildcard_services.json", new Setting.Property[]{Setting.Property.NodeScope});
    private static final Logger logger = LogManager.getLogger();
    private final Settings settings;
    private final ScriptService scriptService;
    private final SamlServiceProviderFactory serviceProviderFactory;
    private final AtomicReference<State> stateRef = new AtomicReference<>(new State(Collections.emptyMap()));

    /* loaded from: input_file:org/elasticsearch/xpack/idp/saml/sp/WildcardServiceProviderResolver$Fields.class */
    public interface Fields {
        public static final ParseField SERVICES = new ParseField("services", new String[0]);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/xpack/idp/saml/sp/WildcardServiceProviderResolver$State.class */
    public class State {
        final Map<String, WildcardServiceProvider> services;
        final Cache<Tuple<String, String>, SamlServiceProvider> cache;

        private State(Map<String, WildcardServiceProvider> map) {
            this.services = map;
            this.cache = ServiceProviderCacheSettings.buildCache(WildcardServiceProviderResolver.this.settings);
        }
    }

    WildcardServiceProviderResolver(Settings settings, ScriptService scriptService, SamlServiceProviderFactory samlServiceProviderFactory) {
        this.settings = settings;
        this.scriptService = scriptService;
        this.serviceProviderFactory = samlServiceProviderFactory;
    }

    public static WildcardServiceProviderResolver create(Environment environment, ResourceWatcherService resourceWatcherService, ScriptService scriptService, SamlServiceProviderFactory samlServiceProviderFactory) {
        Settings settings = environment.settings();
        Path resolveConfigFile = XPackPlugin.resolveConfigFile(environment, (String) FILE_PATH_SETTING.get(environment.settings()));
        logger.info("Loading wildcard services from file [{}]", resolveConfigFile.toAbsolutePath());
        WildcardServiceProviderResolver wildcardServiceProviderResolver = new WildcardServiceProviderResolver(settings, scriptService, samlServiceProviderFactory);
        if (Files.exists(resolveConfigFile, new LinkOption[0])) {
            try {
                wildcardServiceProviderResolver.reload(resolveConfigFile);
            } catch (IOException e) {
                throw new ElasticsearchException("File [{}] (from setting [{}]) cannot be loaded", e, new Object[]{resolveConfigFile.toAbsolutePath(), FILE_PATH_SETTING.getKey()});
            }
        } else if (FILE_PATH_SETTING.exists(environment.settings())) {
            throw new ElasticsearchException("File [{}] (from setting [{}]) does not exist", new Object[]{resolveConfigFile.toAbsolutePath(), FILE_PATH_SETTING.getKey()});
        }
        FileWatcher fileWatcher = new FileWatcher(resolveConfigFile);
        fileWatcher.addListener(new FileChangesListener() { // from class: org.elasticsearch.xpack.idp.saml.sp.WildcardServiceProviderResolver.1
            public void onFileCreated(Path path) {
                onFileChanged(path);
            }

            public void onFileDeleted(Path path) {
                onFileChanged(path);
            }

            public void onFileChanged(Path path) {
                try {
                    WildcardServiceProviderResolver.this.reload(path);
                } catch (IOException e2) {
                    throw new UncheckedIOException(e2);
                }
            }
        });
        try {
            resourceWatcherService.add(fileWatcher);
            return wildcardServiceProviderResolver;
        } catch (IOException e2) {
            throw new ElasticsearchException("Failed to watch file [{}] (from setting [{}])", e2, new Object[]{resolveConfigFile.toAbsolutePath(), FILE_PATH_SETTING.getKey()});
        }
    }

    public SamlServiceProvider resolve(String str, String str2) {
        State state = this.stateRef.get();
        Tuple tuple = new Tuple(str, str2);
        SamlServiceProvider samlServiceProvider = (SamlServiceProvider) state.cache.get(tuple);
        if (samlServiceProvider != null) {
            logger.trace("Service for [{}] [{}] is cached [{}]", str, str2, samlServiceProvider);
            return samlServiceProvider;
        }
        HashMap hashMap = new HashMap();
        state.services.forEach((str3, wildcardServiceProvider) -> {
            SamlServiceProviderDocument apply = wildcardServiceProvider.apply(this.scriptService, str, str2);
            if (apply != null) {
                hashMap.put(str3, this.serviceProviderFactory.buildServiceProvider(apply));
            }
        });
        switch (hashMap.size()) {
            case 0:
                logger.trace("No wildcard services found for [{}] [{}]", str, str2);
                return null;
            case 1:
                SamlServiceProvider samlServiceProvider2 = (SamlServiceProvider) Iterables.get(hashMap.values(), 0);
                logger.trace("Found exactly 1 wildcard service for [{}] [{}] - [{}]", str, str2, samlServiceProvider2);
                state.cache.put(tuple, samlServiceProvider2);
                return samlServiceProvider2;
            default:
                String collectionToCommaDelimitedString = Strings.collectionToCommaDelimitedString(hashMap.keySet());
                logger.warn("Found multiple matching wildcard services for [{}] [{}] - [{}]", str, str2, collectionToCommaDelimitedString);
                throw new IllegalStateException("Found multiple wildcard service providers for entity ID [" + str + "] and ACS [" + str2 + "] - wildcard service names [" + collectionToCommaDelimitedString + "]");
        }
    }

    Map<String, WildcardServiceProvider> services() {
        return this.stateRef.get().services;
    }

    void reload(XContentParser xContentParser) throws IOException {
        Map unmodifiableMap = Collections.unmodifiableMap(parse(xContentParser));
        State state = this.stateRef.get();
        if (unmodifiableMap.equals(state.services) || !this.stateRef.compareAndSet(state, new State(unmodifiableMap))) {
            return;
        }
        logger.info("Reloaded cached wildcard service providers, new providers [{}]", Strings.collectionToCommaDelimitedString(unmodifiableMap.keySet()));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void reload(Path path) throws IOException {
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        try {
            XContentParser buildServicesParser = buildServicesParser(newInputStream);
            try {
                reload(buildServicesParser);
                if (buildServicesParser != null) {
                    buildServicesParser.close();
                }
                if (newInputStream != null) {
                    newInputStream.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static XContentParser buildServicesParser(InputStream inputStream) throws IOException {
        return XContentType.JSON.xContent().createParser(NamedXContentRegistry.EMPTY, LoggingDeprecationHandler.INSTANCE, inputStream);
    }

    private static Map<String, WildcardServiceProvider> parse(XContentParser xContentParser) throws IOException {
        XContentParserUtils.ensureExpectedToken(XContentParser.Token.START_OBJECT, xContentParser.currentToken() == null ? xContentParser.nextToken() : xContentParser.currentToken(), xContentParser);
        XContentParserUtils.ensureFieldName(xContentParser, xContentParser.nextToken(), Fields.SERVICES.getPreferredName());
        XContentParserUtils.ensureExpectedToken(XContentParser.Token.START_OBJECT, xContentParser.nextToken(), xContentParser);
        HashMap hashMap = new HashMap();
        while (xContentParser.nextToken() != XContentParser.Token.END_OBJECT) {
            XContentParserUtils.ensureExpectedToken(XContentParser.Token.FIELD_NAME, xContentParser.currentToken(), xContentParser);
            String currentName = xContentParser.currentName();
            XContentLocation tokenLocation = xContentParser.getTokenLocation();
            try {
                hashMap.put(currentName, WildcardServiceProvider.parse(xContentParser));
            } catch (Exception e) {
                throw new ParsingException(tokenLocation, "failed to parse wildcard service [{}]", e, new Object[]{currentName});
            }
        }
        XContentParserUtils.ensureExpectedToken(XContentParser.Token.END_OBJECT, xContentParser.currentToken(), xContentParser);
        XContentParserUtils.ensureExpectedToken(XContentParser.Token.END_OBJECT, xContentParser.nextToken(), xContentParser);
        return hashMap;
    }

    public static Collection<? extends Setting<?>> getSettings() {
        return Collections.singletonList(FILE_PATH_SETTING);
    }
}
