package org.elasticsearch.xpack.security.authc.esnative;

import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.security.AccessController;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.HttpsURLConnection;
import joptsimple.OptionParser;
import joptsimple.OptionSet;
import joptsimple.OptionSpec;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.core.LogEvent;
import org.apache.logging.log4j.core.appender.AbstractAppender;
import org.apache.logging.log4j.core.config.LoggerConfig;
import org.apache.logging.log4j.core.layout.PatternLayout;
import org.apache.logging.log4j.spi.StandardLevel;
import org.eclipse.jetty.util.URIUtil;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.cli.EnvironmentAwareCommand;
import org.elasticsearch.cli.MultiCommand;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.common.CheckedRunnable;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.logging.ESLoggerFactory;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.NamedXContentRegistry;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.common.socket.SocketAccess;
import org.elasticsearch.xpack.ml.job.process.autodetect.writer.ControlMsgToProcessWriter;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.authc.file.FileUserPasswdStore;
import org.elasticsearch.xpack.security.authc.file.FileUserRolesStore;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.xpack.security.authz.RoleDescriptor;
import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
import org.elasticsearch.xpack.ssl.SSLService;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.class */
public class ESNativeRealmMigrateTool extends MultiCommand {

    /* renamed from: org.elasticsearch.xpack.security.authc.esnative.ESNativeRealmMigrateTool$2, reason: invalid class name */
    /* loaded from: input_file:org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$logging$log4j$spi$StandardLevel = new int[StandardLevel.values().length];

        static {
            try {
                $SwitchMap$org$apache$logging$log4j$spi$StandardLevel[StandardLevel.FATAL.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$logging$log4j$spi$StandardLevel[StandardLevel.ERROR.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$logging$log4j$spi$StandardLevel[StandardLevel.OFF.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool$MigrateUserOrRoles.class */
    public static class MigrateUserOrRoles extends EnvironmentAwareCommand {
        private final OptionSpec<String> username;
        private final OptionSpec<String> password;
        private final OptionSpec<String> url;
        private final OptionSpec<String> usersToMigrateCsv;
        private final OptionSpec<String> rolesToMigrateCsv;

        public MigrateUserOrRoles() {
            super("Migrates users or roles from file to native realm");
            this.username = this.parser.acceptsAll(Arrays.asList(ControlMsgToProcessWriter.UPDATE_MESSAGE_CODE, "username"), "User used to authenticate with Elasticsearch").withRequiredArg();
            this.password = this.parser.acceptsAll(Arrays.asList("p", "password"), "Password used to authenticate with Elasticsearch").withRequiredArg();
            this.url = this.parser.acceptsAll(Arrays.asList("U", "url"), "URL of Elasticsearch host").withRequiredArg();
            this.usersToMigrateCsv = this.parser.acceptsAll(Arrays.asList("n", "users"), "Users to migrate from file to native realm").withRequiredArg();
            this.rolesToMigrateCsv = this.parser.acceptsAll(Arrays.asList(ControlMsgToProcessWriter.RESET_BUCKETS_MESSAGE_CODE, "roles"), "Roles to migrate from file to native realm").withRequiredArg();
        }

        public OptionParser getParser() {
            return this.parser;
        }

        @Override // org.elasticsearch.cli.Command
        protected void printAdditionalHelp(Terminal terminal) {
            terminal.println("This tool migrates file based users[1] and roles[2] to the native realm in");
            terminal.println("elasticsearch, saving the administrator from needing to manually transition");
            terminal.println("them from the file.");
        }

        @Override // org.elasticsearch.cli.EnvironmentAwareCommand
        public void execute(Terminal terminal, OptionSet optionSet, Environment environment) throws Exception {
            terminal.println("starting migration of users and roles...");
            importUsers(terminal, environment, optionSet);
            importRoles(terminal, environment, optionSet);
            terminal.println("users and roles imported.");
        }

        /* JADX WARN: Finally extract failed */
        @SuppressForbidden(reason = "We call connect in doPrivileged and provide SocketPermission")
        private String postURL(Settings settings, Environment environment, String str, String str2, OptionSet optionSet, @Nullable String str3) throws Exception {
            HttpURLConnection httpURLConnection;
            BufferedReader bufferedReader;
            Throwable th;
            Throwable th2;
            Throwable th3;
            URI uri = new URI(str2);
            URL url = uri.toURL();
            if (URIUtil.HTTPS.equalsIgnoreCase(uri.getScheme())) {
                Settings byPrefix = settings.getByPrefix(Security.setting("http.ssl."));
                SSLService sSLService = new SSLService(settings, environment);
                HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
                AccessController.doPrivileged(() -> {
                    httpsURLConnection.setSSLSocketFactory(sSLService.sslSocketFactory(byPrefix));
                    return null;
                });
                httpURLConnection = httpsURLConnection;
            } else {
                httpURLConnection = (HttpURLConnection) url.openConnection();
            }
            httpURLConnection.setRequestMethod(str);
            httpURLConnection.setReadTimeout(30000);
            httpURLConnection.setRequestProperty("Authorization", UsernamePasswordToken.basicAuthHeaderValue(this.username.value(optionSet), new SecureString(this.password.value(optionSet).toCharArray())));
            httpURLConnection.setRequestProperty("Content-Type", XContentType.JSON.mediaType());
            httpURLConnection.setDoOutput(true);
            HttpURLConnection httpURLConnection2 = httpURLConnection;
            httpURLConnection2.getClass();
            SocketAccess.doPrivileged((CheckedRunnable<IOException>) httpURLConnection2::connect);
            if (str3 != null) {
                try {
                    OutputStream outputStream = httpURLConnection.getOutputStream();
                    Throwable th4 = null;
                    try {
                        try {
                            outputStream.write(str3.getBytes(StandardCharsets.UTF_8));
                            if (outputStream != null) {
                                if (0 != 0) {
                                    try {
                                        outputStream.close();
                                    } catch (Throwable th5) {
                                        th4.addSuppressed(th5);
                                    }
                                } else {
                                    outputStream.close();
                                }
                            }
                        } finally {
                        }
                    } finally {
                    }
                } catch (Exception e) {
                    try {
                        httpURLConnection.disconnect();
                    } catch (Exception e2) {
                    }
                    throw e;
                }
            }
            try {
                try {
                    bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(), StandardCharsets.UTF_8));
                    th3 = null;
                } catch (Throwable th6) {
                    httpURLConnection.disconnect();
                    throw th6;
                }
            } catch (IOException e3) {
                bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream(), StandardCharsets.UTF_8));
                th = null;
                try {
                    try {
                        StringBuilder sb = new StringBuilder();
                        while (true) {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            }
                            sb.append(readLine);
                        }
                        throw new IOException(sb.toString(), e3);
                    } finally {
                    }
                } finally {
                    if (bufferedReader != null) {
                        if (th2 != null) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th7) {
                                th.addSuppressed(th7);
                            }
                        }
                    }
                }
            }
            try {
                try {
                    StringBuilder sb2 = new StringBuilder();
                    while (true) {
                        String readLine2 = bufferedReader.readLine();
                        if (readLine2 == null) {
                            break;
                        }
                        sb2.append(readLine2);
                    }
                    String sb3 = sb2.toString();
                    if (bufferedReader != null) {
                        if (0 != 0) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th8) {
                                th3.addSuppressed(th8);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    httpURLConnection.disconnect();
                    return sb3;
                } finally {
                }
            } finally {
                if (bufferedReader != null) {
                    if (th2 != null) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th9) {
                            th.addSuppressed(th9);
                        }
                    }
                }
            }
        }

        Set<String> getUsersThatExist(Terminal terminal, Settings settings, Environment environment, OptionSet optionSet) throws Exception {
            HashSet hashSet = new HashSet();
            XContentParser createParser = JsonXContent.jsonXContent.createParser(NamedXContentRegistry.EMPTY, postURL(settings, environment, "GET", this.url.value(optionSet) + "/_xpack/security/user/", optionSet, null));
            Throwable th = null;
            try {
                XContentParser.Token nextToken = createParser.nextToken();
                if (nextToken != XContentParser.Token.START_OBJECT) {
                    throw new ElasticsearchException("failed to retrieve users, expecting an object but got: " + nextToken, new Object[0]);
                }
                while (createParser.nextToken() == XContentParser.Token.FIELD_NAME) {
                    hashSet.add(createParser.currentName());
                    createParser.nextToken();
                    createParser.skipChildren();
                }
                terminal.println("found existing users: " + hashSet);
                return hashSet;
            } finally {
                if (createParser != null) {
                    if (0 != 0) {
                        try {
                            createParser.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        createParser.close();
                    }
                }
            }
        }

        static String createUserJson(String[] strArr, char[] cArr) throws IOException {
            XContentBuilder jsonBuilder = XContentFactory.jsonBuilder();
            jsonBuilder.startObject();
            jsonBuilder.field("password_hash", new String(cArr));
            jsonBuilder.startArray("roles");
            for (String str : strArr) {
                jsonBuilder.value(str);
            }
            jsonBuilder.endArray();
            jsonBuilder.endObject();
            return jsonBuilder.string();
        }

        void importUsers(Terminal terminal, Environment environment, OptionSet optionSet) throws FileNotFoundException {
            String value = this.usersToMigrateCsv.value(optionSet);
            String[] split = value != null ? value.split(StringArrayPropertyEditor.DEFAULT_SEPARATOR) : Strings.EMPTY_ARRAY;
            Path resolveFile = FileUserPasswdStore.resolveFile(environment);
            Path resolveFile2 = FileUserRolesStore.resolveFile(environment);
            if (!Files.exists(resolveFile, new LinkOption[0])) {
                throw new FileNotFoundException("users file [" + resolveFile + "] does not exist");
            }
            if (!Files.exists(resolveFile2, new LinkOption[0])) {
                throw new FileNotFoundException("users_roles file [" + resolveFile2 + "] does not exist");
            }
            terminal.println("importing users from [" + resolveFile + "]...");
            Logger terminalLogger = ESNativeRealmMigrateTool.getTerminalLogger(terminal);
            Map<String, char[]> parseFile = FileUserPasswdStore.parseFile(resolveFile, terminalLogger, environment.settings());
            Map<String, String[]> parseFile2 = FileUserRolesStore.parseFile(resolveFile2, terminalLogger);
            try {
                Set<String> usersThatExist = getUsersThatExist(terminal, environment.settings(), environment, optionSet);
                if (split.length == 0) {
                    split = (String[]) parseFile.keySet().toArray(new String[parseFile.size()]);
                }
                for (String str : split) {
                    if (!parseFile.containsKey(str)) {
                        terminal.println("user [" + str + "] was not found in files, skipping");
                    } else if (usersThatExist.contains(str)) {
                        terminal.println("user [" + str + "] already exists, skipping");
                    } else {
                        terminal.println("migrating user [" + str + "]");
                        String str2 = "n/a";
                        try {
                            str2 = createUserJson(parseFile2.get(str), parseFile.get(str));
                            terminal.println(postURL(environment.settings(), environment, "POST", this.url.value(optionSet) + "/_xpack/security/user/" + str, optionSet, str2));
                        } catch (Exception e) {
                            throw new ElasticsearchException("failed to migrate user [" + str + "] with body: " + str2, e, new Object[0]);
                        }
                    }
                }
            } catch (Exception e2) {
                throw new ElasticsearchException("failed to get users that already exist, skipping user import", e2, new Object[0]);
            }
        }

        Set<String> getRolesThatExist(Terminal terminal, Settings settings, Environment environment, OptionSet optionSet) throws Exception {
            HashSet hashSet = new HashSet();
            XContentParser createParser = JsonXContent.jsonXContent.createParser(NamedXContentRegistry.EMPTY, postURL(settings, environment, "GET", this.url.value(optionSet) + "/_xpack/security/role/", optionSet, null));
            Throwable th = null;
            try {
                XContentParser.Token nextToken = createParser.nextToken();
                if (nextToken != XContentParser.Token.START_OBJECT) {
                    throw new ElasticsearchException("failed to retrieve roles, expecting an object but got: " + nextToken, new Object[0]);
                }
                while (createParser.nextToken() == XContentParser.Token.FIELD_NAME) {
                    hashSet.add(createParser.currentName());
                    createParser.nextToken();
                    createParser.skipChildren();
                }
                terminal.println("found existing roles: " + hashSet);
                return hashSet;
            } finally {
                if (createParser != null) {
                    if (0 != 0) {
                        try {
                            createParser.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        createParser.close();
                    }
                }
            }
        }

        static String createRoleJson(RoleDescriptor roleDescriptor) throws IOException {
            XContentBuilder jsonBuilder = XContentFactory.jsonBuilder();
            roleDescriptor.toXContent(jsonBuilder, ToXContent.EMPTY_PARAMS, true);
            return jsonBuilder.string();
        }

        void importRoles(Terminal terminal, Environment environment, OptionSet optionSet) throws FileNotFoundException {
            String value = this.rolesToMigrateCsv.value(optionSet);
            String[] split = value != null ? value.split(StringArrayPropertyEditor.DEFAULT_SEPARATOR) : Strings.EMPTY_ARRAY;
            Path absolutePath = FileRolesStore.resolveFile(environment).toAbsolutePath();
            if (!Files.exists(absolutePath, new LinkOption[0])) {
                throw new FileNotFoundException("roles.yml file [" + absolutePath + "] does not exist");
            }
            terminal.println("importing roles from [" + absolutePath + "]...");
            Map<String, RoleDescriptor> parseRoleDescriptors = FileRolesStore.parseRoleDescriptors(absolutePath, ESNativeRealmMigrateTool.getTerminalLogger(terminal), true, Settings.EMPTY);
            try {
                Set<String> rolesThatExist = getRolesThatExist(terminal, environment.settings(), environment, optionSet);
                if (split.length == 0) {
                    split = (String[]) parseRoleDescriptors.keySet().toArray(new String[parseRoleDescriptors.size()]);
                }
                for (String str : split) {
                    if (!parseRoleDescriptors.containsKey(str)) {
                        terminal.println("no role [" + str + "] found, skipping");
                    } else if (rolesThatExist.contains(str)) {
                        terminal.println("role [" + str + "] already exists, skipping");
                    } else {
                        terminal.println("migrating role [" + str + "]");
                        String str2 = "n/a";
                        try {
                            str2 = createRoleJson(parseRoleDescriptors.get(str));
                            terminal.println(postURL(environment.settings(), environment, "POST", this.url.value(optionSet) + "/_xpack/security/role/" + str, optionSet, str2));
                        } catch (Exception e) {
                            throw new ElasticsearchException("failed to migrate role [" + str + "] with body: " + str2, e, new Object[0]);
                        }
                    }
                }
            } catch (Exception e2) {
                throw new ElasticsearchException("failed to get roles that already exist, skipping role import", e2, new Object[0]);
            }
        }
    }

    public static void main(String[] strArr) throws Exception {
        exit(new ESNativeRealmMigrateTool().main(strArr, Terminal.DEFAULT));
    }

    public ESNativeRealmMigrateTool() {
        super("Imports file-based users and roles to the native security realm");
        this.subcommands.put(NativeRealm.TYPE, newMigrateUserOrRoles());
    }

    protected MigrateUserOrRoles newMigrateUserOrRoles() {
        return new MigrateUserOrRoles();
    }

    static Logger getTerminalLogger(final Terminal terminal) {
        Logger logger = ESLoggerFactory.getLogger((Class<?>) ESNativeRealmMigrateTool.class);
        Loggers.setLevel(logger, Level.ALL);
        AbstractAppender abstractAppender = new AbstractAppender(ESNativeRealmMigrateTool.class.getName(), null, PatternLayout.newBuilder().withPattern("%m").build()) { // from class: org.elasticsearch.xpack.security.authc.esnative.ESNativeRealmMigrateTool.1
            public void append(LogEvent logEvent) {
                switch (AnonymousClass2.$SwitchMap$org$apache$logging$log4j$spi$StandardLevel[logEvent.getLevel().getStandardLevel().ordinal()]) {
                    case 1:
                    case 2:
                        terminal.println(Terminal.Verbosity.NORMAL, logEvent.getMessage().getFormattedMessage());
                        return;
                    case 3:
                        return;
                    default:
                        terminal.println(Terminal.Verbosity.VERBOSE, logEvent.getMessage().getFormattedMessage());
                        return;
                }
            }
        };
        abstractAppender.start();
        LoggerConfig loggerConfig = LogManager.getContext(false).getConfiguration().getLoggerConfig(ESNativeRealmMigrateTool.class.getName());
        loggerConfig.setParent((LoggerConfig) null);
        loggerConfig.getAppenders().forEach((str, appender) -> {
            Loggers.removeAppender(logger, appender);
        });
        Loggers.addAppender(logger, abstractAppender);
        return logger;
    }
}
