package org.elasticsearch.shield.authc.esusers.tool;

import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import com.google.common.collect.ObjectArrays;
import com.google.common.collect.Sets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import org.apache.commons.cli.CommandLine;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.cli.CheckFileCommand;
import org.elasticsearch.common.cli.CliTool;
import org.elasticsearch.common.cli.CliToolConfig;
import org.elasticsearch.common.cli.Terminal;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.authc.Realms;
import org.elasticsearch.shield.authc.esusers.ESUsersRealm;
import org.elasticsearch.shield.authc.esusers.FileUserPasswdStore;
import org.elasticsearch.shield.authc.esusers.FileUserRolesStore;
import org.elasticsearch.shield.authc.support.Hasher;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authz.store.FileRolesStore;
import org.elasticsearch.shield.support.Validation;

/* loaded from: input_file:org/elasticsearch/shield/authc/esusers/tool/ESUsersTool.class */
public class ESUsersTool extends CliTool {
    private static final CliToolConfig CONFIG;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/elasticsearch/shield/authc/esusers/tool/ESUsersTool$ListUsersAndRoles.class */
    static class ListUsersAndRoles extends CliTool.Command {
        private static final String NAME = "list";
        private static final CliToolConfig.Cmd CMD = CliToolConfig.Builder.cmd(NAME, Useradd.class).build();
        String username;

        public static CliTool.Command parse(Terminal terminal, CommandLine commandLine) {
            String str = null;
            if (commandLine.getArgs().length == 1) {
                str = commandLine.getArgs()[0];
            } else if (commandLine.getArgs().length > 1) {
                return ESUsersTool.exitCmd(CliTool.ExitStatus.USAGE, terminal, "extra arguments " + Arrays.toString((String[]) Arrays.copyOfRange(commandLine.getArgs(), 1, commandLine.getArgs().length)) + " were provided. list can be used without a user or with a single user", new Object[0]);
            }
            return new ListUsersAndRoles(terminal, str);
        }

        public ListUsersAndRoles(Terminal terminal, String str) {
            super(terminal);
            this.username = str;
        }

        public CliTool.ExitStatus execute(Settings settings, Environment environment) throws Exception {
            Settings internalRealmSettings = Realms.internalRealmSettings(settings, ESUsersRealm.TYPE);
            ImmutableSet loadRoleNames = ESUsersTool.loadRoleNames(this.terminal, settings, environment);
            ImmutableMap<String, String[]> parseFile = FileUserRolesStore.parseFile(FileUserRolesStore.resolveFile(internalRealmSettings, environment), null);
            ImmutableSet keySet = FileUserPasswdStore.parseFile(FileUserPasswdStore.resolveFile(internalRealmSettings, environment), null).keySet();
            if (this.username == null) {
                boolean z = false;
                boolean z2 = false;
                for (Map.Entry entry : parseFile.entrySet()) {
                    String[] strArr = (String[]) entry.getValue();
                    Sets.SetView difference = Sets.difference(Sets.newHashSet(strArr), loadRoleNames);
                    this.terminal.println("%-15s: %s", new Object[]{entry.getKey(), Joiner.on(",").join(ESUsersTool.markUnknownRoles(strArr, difference))});
                    z = z || !difference.isEmpty();
                    z2 = true;
                }
                HashSet newHashSet = Sets.newHashSet(keySet);
                newHashSet.removeAll(parseFile.keySet());
                Iterator it = newHashSet.iterator();
                while (it.hasNext()) {
                    this.terminal.println("%-15s: -", new Object[]{(String) it.next()});
                    z2 = true;
                }
                if (!z2) {
                    this.terminal.println("No users found", new Object[0]);
                    return CliTool.ExitStatus.OK;
                }
                if (z) {
                    Path absolutePath = FileRolesStore.resolveFile(internalRealmSettings, environment).toAbsolutePath();
                    this.terminal.println();
                    this.terminal.println(" [*]   An unknown role. Please check [%s] to see available roles", new Object[]{absolutePath.toAbsolutePath()});
                }
            } else {
                if (!keySet.contains(this.username)) {
                    this.terminal.println("User [%s] doesn't exist", new Object[]{this.username});
                    return CliTool.ExitStatus.NO_USER;
                }
                if (parseFile.containsKey(this.username)) {
                    String[] strArr2 = (String[]) parseFile.get(this.username);
                    Sets.SetView difference2 = Sets.difference(Sets.newHashSet(strArr2), loadRoleNames);
                    this.terminal.println("%-15s: %s", new Object[]{this.username, Joiner.on(",").useForNull("-").join(ESUsersTool.markUnknownRoles(strArr2, difference2))});
                    if (!difference2.isEmpty()) {
                        Path absolutePath2 = FileRolesStore.resolveFile(internalRealmSettings, environment).toAbsolutePath();
                        this.terminal.println();
                        this.terminal.println(" [*]   An unknown role. Please check [%s] to see available roles", new Object[]{absolutePath2.toAbsolutePath()});
                    }
                } else {
                    this.terminal.println("%-15s: -", new Object[]{this.username});
                }
            }
            return CliTool.ExitStatus.OK;
        }
    }

    /* loaded from: input_file:org/elasticsearch/shield/authc/esusers/tool/ESUsersTool$Passwd.class */
    static class Passwd extends CheckFileCommand {
        private static final String NAME = "passwd";
        private static final CliToolConfig.Cmd CMD = CliToolConfig.Builder.cmd(NAME, Passwd.class).options(new CliToolConfig.OptionBuilder[]{CliToolConfig.Builder.option("p", "password").hasArg(false).required(false)}).build();
        final String username;
        final SecuredString passwd;

        public static CliTool.Command parse(Terminal terminal, CommandLine commandLine) {
            char[] readSecret;
            if (commandLine.getArgs().length == 0) {
                return ESUsersTool.exitCmd(CliTool.ExitStatus.USAGE, terminal, "username is missing", new Object[0]);
            }
            if (commandLine.getArgs().length != 1) {
                return ESUsersTool.exitCmd(CliTool.ExitStatus.USAGE, terminal, "extra arguments " + Arrays.toString((String[]) Arrays.copyOfRange(commandLine.getArgs(), 1, commandLine.getArgs().length)) + " were provided", new Object[0]);
            }
            String str = commandLine.getArgs()[0];
            String optionValue = commandLine.getOptionValue("password");
            if (optionValue != null) {
                readSecret = optionValue.toCharArray();
            } else {
                readSecret = terminal.readSecret("Enter new password: ", new Object[0]);
                if (!Arrays.equals(readSecret, terminal.readSecret("Retype new password: ", new Object[0]))) {
                    return ESUsersTool.exitCmd(CliTool.ExitStatus.USAGE, terminal, "Password mismatch", new Object[0]);
                }
            }
            return new Passwd(terminal, str, readSecret);
        }

        Passwd(Terminal terminal, String str, char[] cArr) {
            super(terminal);
            this.username = str;
            this.passwd = new SecuredString(cArr);
            Arrays.fill(cArr, (char) 0);
        }

        protected Path[] pathsForPermissionsCheck(Settings settings, Environment environment) {
            return new Path[]{FileUserPasswdStore.resolveFile(Realms.internalRealmSettings(settings, ESUsersRealm.TYPE), environment)};
        }

        public CliTool.ExitStatus doExecute(Settings settings, Environment environment) throws Exception {
            Path resolveFile = FileUserPasswdStore.resolveFile(Realms.internalRealmSettings(settings, ESUsersRealm.TYPE), environment);
            HashMap hashMap = new HashMap((Map) FileUserPasswdStore.parseFile(resolveFile, null));
            if (!hashMap.containsKey(this.username)) {
                this.terminal.println("User [%s] doesn't exist", new Object[]{this.username});
                return CliTool.ExitStatus.NO_USER;
            }
            hashMap.put(this.username, Hasher.BCRYPT.hash(this.passwd));
            FileUserPasswdStore.writeFile(hashMap, resolveFile);
            return CliTool.ExitStatus.OK;
        }
    }

    /* loaded from: input_file:org/elasticsearch/shield/authc/esusers/tool/ESUsersTool$Roles.class */
    static class Roles extends CheckFileCommand {
        private static final String NAME = "roles";
        private static final CliToolConfig.Cmd CMD = CliToolConfig.Builder.cmd(NAME, Roles.class).options(new CliToolConfig.OptionBuilder[]{CliToolConfig.Builder.option("a", "add").hasArg(true).required(false), CliToolConfig.Builder.option("r", "remove").hasArg(true).required(false)}).build();
        public static final Pattern ROLE_PATTERN = Pattern.compile("[\\w@-]+");
        final String username;
        final String[] addRoles;
        final String[] removeRoles;

        public static CliTool.Command parse(Terminal terminal, CommandLine commandLine) {
            if (commandLine.getArgs().length == 0) {
                return ESUsersTool.exitCmd(CliTool.ExitStatus.USAGE, terminal, "username is missing", new Object[0]);
            }
            if (commandLine.getArgs().length != 1) {
                return ESUsersTool.exitCmd(CliTool.ExitStatus.USAGE, terminal, "extra arguments " + Arrays.toString((String[]) Arrays.copyOfRange(commandLine.getArgs(), 1, commandLine.getArgs().length)) + " were provided. please ensure all special characters are escaped", new Object[0]);
            }
            String str = commandLine.getArgs()[0];
            String optionValue = commandLine.getOptionValue("add");
            String[] split = optionValue != null ? optionValue.split(",") : Strings.EMPTY_ARRAY;
            String optionValue2 = commandLine.getOptionValue("remove");
            return new Roles(terminal, str, split, optionValue2 != null ? optionValue2.split(",") : Strings.EMPTY_ARRAY);
        }

        public Roles(Terminal terminal, String str, String[] strArr, String[] strArr2) {
            super(terminal);
            this.username = str;
            this.addRoles = strArr;
            this.removeRoles = strArr2;
        }

        protected Path[] pathsForPermissionsCheck(Settings settings, Environment environment) {
            return new Path[]{FileUserPasswdStore.resolveFile(Realms.internalRealmSettings(settings, ESUsersRealm.TYPE), environment)};
        }

        public CliTool.ExitStatus doExecute(Settings settings, Environment environment) throws Exception {
            if (this.removeRoles.length == 0 && this.addRoles.length == 0) {
                return new ListUsersAndRoles(this.terminal, this.username).execute(settings, environment);
            }
            for (String str : (String[]) ObjectArrays.concat(this.addRoles, this.removeRoles, String.class)) {
                if (!ROLE_PATTERN.matcher(str).matches()) {
                    this.terminal.println("Role name [%s] is not valid. Please use lowercase and numbers only", new Object[]{str});
                    return CliTool.ExitStatus.DATA_ERROR;
                }
            }
            Settings internalRealmSettings = Realms.internalRealmSettings(settings, ESUsersRealm.TYPE);
            if (!FileUserPasswdStore.parseFile(FileUserPasswdStore.resolveFile(internalRealmSettings, environment), null).containsKey(this.username)) {
                this.terminal.println("User [%s] doesn't exist", new Object[]{this.username});
                return CliTool.ExitStatus.NO_USER;
            }
            Path resolveFile = FileUserRolesStore.resolveFile(internalRealmSettings, environment);
            ImmutableMap<String, String[]> parseFile = FileUserRolesStore.parseFile(resolveFile, null);
            ArrayList arrayList = new ArrayList();
            if (parseFile.get(this.username) != null) {
                arrayList.addAll(Arrays.asList((Object[]) parseFile.get(this.username)));
            }
            ESUsersTool.verifyRoles(this.terminal, settings, environment, this.addRoles);
            arrayList.addAll(Arrays.asList(this.addRoles));
            arrayList.removeAll(Arrays.asList(this.removeRoles));
            HashMap newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(parseFile.size());
            newHashMapWithExpectedSize.putAll(parseFile);
            if (arrayList.size() == 0) {
                newHashMapWithExpectedSize.remove(this.username);
            } else {
                newHashMapWithExpectedSize.put(this.username, Sets.newLinkedHashSet(arrayList).toArray(new String[0]));
            }
            FileUserRolesStore.writeFile(newHashMapWithExpectedSize, resolveFile);
            return CliTool.ExitStatus.OK;
        }
    }

    /* loaded from: input_file:org/elasticsearch/shield/authc/esusers/tool/ESUsersTool$Useradd.class */
    static class Useradd extends CheckFileCommand {
        private static final String NAME = "useradd";
        private static final CliToolConfig.Cmd CMD = CliToolConfig.Builder.cmd(NAME, Useradd.class).options(new CliToolConfig.OptionBuilder[]{CliToolConfig.Builder.option("p", "password").hasArg(false).required(false), CliToolConfig.Builder.option("r", "roles").hasArg(false).required(false)}).build();
        final String username;
        final SecuredString passwd;
        final String[] roles;

        public static CliTool.Command parse(Terminal terminal, CommandLine commandLine) {
            char[] readSecret;
            if (commandLine.getArgs().length == 0) {
                return ESUsersTool.exitCmd(CliTool.ExitStatus.USAGE, terminal, "username is missing", new Object[0]);
            }
            if (commandLine.getArgs().length != 1) {
                return ESUsersTool.exitCmd(CliTool.ExitStatus.USAGE, terminal, "extra arguments " + Arrays.toString((String[]) Arrays.copyOfRange(commandLine.getArgs(), 1, commandLine.getArgs().length)) + " were provided. please ensure all special characters are escaped", new Object[0]);
            }
            String str = commandLine.getArgs()[0];
            Validation.Error validateUsername = Validation.ESUsers.validateUsername(str);
            if (validateUsername != null) {
                return ESUsersTool.exitCmd(CliTool.ExitStatus.DATA_ERROR, terminal, "Invalid username [" + str + "]... " + validateUsername, new Object[0]);
            }
            String optionValue = commandLine.getOptionValue("password");
            if (optionValue != null) {
                readSecret = optionValue.toCharArray();
                Validation.Error validatePassword = Validation.ESUsers.validatePassword(readSecret);
                if (validatePassword != null) {
                    return ESUsersTool.exitCmd(CliTool.ExitStatus.DATA_ERROR, terminal, "Invalid password..." + validatePassword, new Object[0]);
                }
            } else {
                readSecret = terminal.readSecret("Enter new password: ", new Object[0]);
                Validation.Error validatePassword2 = Validation.ESUsers.validatePassword(readSecret);
                if (validatePassword2 != null) {
                    return ESUsersTool.exitCmd(CliTool.ExitStatus.DATA_ERROR, terminal, "Invalid password..." + validatePassword2, new Object[0]);
                }
                if (!Arrays.equals(readSecret, terminal.readSecret("Retype new password: ", new Object[0]))) {
                    return ESUsersTool.exitCmd(CliTool.ExitStatus.USAGE, terminal, "Password mismatch", new Object[0]);
                }
            }
            String optionValue2 = commandLine.getOptionValue("roles");
            String[] split = optionValue2 != null ? optionValue2.split(",") : Strings.EMPTY_ARRAY;
            for (String str2 : split) {
                Validation.Error validateRoleName = Validation.Roles.validateRoleName(str2);
                if (validateRoleName != null) {
                    return ESUsersTool.exitCmd(CliTool.ExitStatus.DATA_ERROR, terminal, "Invalid role [" + str2 + "]... " + validateRoleName, new Object[0]);
                }
            }
            return new Useradd(terminal, str, new SecuredString(readSecret), split);
        }

        Useradd(Terminal terminal, String str, SecuredString securedString, String... strArr) {
            super(terminal);
            this.username = str;
            this.passwd = securedString;
            this.roles = strArr;
        }

        public CliTool.ExitStatus doExecute(Settings settings, Environment environment) throws Exception {
            Settings internalRealmSettings = Realms.internalRealmSettings(settings, ESUsersRealm.TYPE);
            ESUsersTool.verifyRoles(this.terminal, settings, environment, this.roles);
            Path resolveFile = FileUserPasswdStore.resolveFile(internalRealmSettings, environment);
            HashMap hashMap = new HashMap((Map) FileUserPasswdStore.parseFile(resolveFile, null));
            if (hashMap.containsKey(this.username)) {
                this.terminal.println("User [%s] already exists", new Object[]{this.username});
                return CliTool.ExitStatus.CODE_ERROR;
            }
            hashMap.put(this.username, Hasher.BCRYPT.hash(this.passwd));
            FileUserPasswdStore.writeFile(hashMap, resolveFile);
            if (this.roles != null && this.roles.length > 0) {
                Path resolveFile2 = FileUserRolesStore.resolveFile(internalRealmSettings, environment);
                HashMap hashMap2 = new HashMap((Map) FileUserRolesStore.parseFile(resolveFile2, null));
                hashMap2.put(this.username, this.roles);
                FileUserRolesStore.writeFile(hashMap2, resolveFile2);
            }
            return CliTool.ExitStatus.OK;
        }

        protected Path[] pathsForPermissionsCheck(Settings settings, Environment environment) {
            Settings internalRealmSettings = Realms.internalRealmSettings(settings, ESUsersRealm.TYPE);
            return new Path[]{FileUserPasswdStore.resolveFile(internalRealmSettings, environment), FileUserRolesStore.resolveFile(internalRealmSettings, environment)};
        }
    }

    /* loaded from: input_file:org/elasticsearch/shield/authc/esusers/tool/ESUsersTool$Userdel.class */
    static class Userdel extends CheckFileCommand {
        private static final String NAME = "userdel";
        private static final CliToolConfig.Cmd CMD = CliToolConfig.Builder.cmd(NAME, Userdel.class).build();
        final String username;

        public static CliTool.Command parse(Terminal terminal, CommandLine commandLine) {
            if (commandLine.getArgs().length == 0) {
                return ESUsersTool.exitCmd(CliTool.ExitStatus.USAGE, terminal, "username is missing", new Object[0]);
            }
            if (commandLine.getArgs().length == 1) {
                return new Userdel(terminal, commandLine.getArgs()[0]);
            }
            return ESUsersTool.exitCmd(CliTool.ExitStatus.USAGE, terminal, "extra arguments " + Arrays.toString((String[]) Arrays.copyOfRange(commandLine.getArgs(), 1, commandLine.getArgs().length)) + " were provided. userdel only supports deleting one user at a time", new Object[0]);
        }

        Userdel(Terminal terminal, String str) {
            super(terminal);
            this.username = str;
        }

        protected Path[] pathsForPermissionsCheck(Settings settings, Environment environment) {
            Settings internalRealmSettings = Realms.internalRealmSettings(settings, ESUsersRealm.TYPE);
            Path resolveFile = FileUserPasswdStore.resolveFile(internalRealmSettings, environment);
            Path resolveFile2 = FileUserRolesStore.resolveFile(internalRealmSettings, environment);
            return Files.exists(resolveFile2, new LinkOption[0]) ? new Path[]{resolveFile, resolveFile2} : new Path[]{resolveFile};
        }

        public CliTool.ExitStatus doExecute(Settings settings, Environment environment) throws Exception {
            Settings internalRealmSettings = Realms.internalRealmSettings(settings, ESUsersRealm.TYPE);
            Path resolveFile = FileUserPasswdStore.resolveFile(internalRealmSettings, environment);
            HashMap hashMap = new HashMap((Map) FileUserPasswdStore.parseFile(resolveFile, null));
            if (!hashMap.containsKey(this.username)) {
                this.terminal.println("User [%s] doesn't exist", new Object[]{this.username});
                return CliTool.ExitStatus.NO_USER;
            }
            if (Files.exists(resolveFile, new LinkOption[0]) && ((char[]) hashMap.remove(this.username)) != null) {
                FileUserPasswdStore.writeFile(hashMap, resolveFile);
            }
            Path resolveFile2 = FileUserRolesStore.resolveFile(internalRealmSettings, environment);
            HashMap hashMap2 = new HashMap((Map) FileUserRolesStore.parseFile(resolveFile2, null));
            if (Files.exists(resolveFile2, new LinkOption[0]) && ((String[]) hashMap2.remove(this.username)) != null) {
                FileUserRolesStore.writeFile(hashMap2, resolveFile2);
            }
            return CliTool.ExitStatus.OK;
        }
    }

    public static void main(String[] strArr) {
        exit(new ESUsersTool().execute(strArr).status());
    }

    @SuppressForbidden(reason = "Allowed to exit explicitly from #main()")
    private static void exit(int i) {
        System.exit(i);
    }

    public ESUsersTool() {
        super(CONFIG);
    }

    public ESUsersTool(Terminal terminal) {
        super(CONFIG, terminal);
    }

    protected CliTool.Command parse(String str, CommandLine commandLine) throws Exception {
        String lowerCase = str.toLowerCase(Locale.ROOT);
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -995380578:
                if (lowerCase.equals("passwd")) {
                    z = 2;
                    break;
                }
                break;
            case -147131146:
                if (lowerCase.equals("useradd")) {
                    z = false;
                    break;
                }
                break;
            case -147128224:
                if (lowerCase.equals("userdel")) {
                    z = true;
                    break;
                }
                break;
            case 3322014:
                if (lowerCase.equals("list")) {
                    z = 3;
                    break;
                }
                break;
            case 108695229:
                if (lowerCase.equals("roles")) {
                    z = 4;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return Useradd.parse(this.terminal, commandLine);
            case true:
                return Userdel.parse(this.terminal, commandLine);
            case true:
                return Passwd.parse(this.terminal, commandLine);
            case true:
                return ListUsersAndRoles.parse(this.terminal, commandLine);
            case true:
                return Roles.parse(this.terminal, commandLine);
            default:
                if ($assertionsDisabled) {
                    return null;
                }
                throw new AssertionError("should never get here, if the user enters an unknown command, an error message should be shown before parse is called");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ImmutableSet<String> loadRoleNames(Terminal terminal, Settings settings, Environment environment) {
        Path resolveFile = FileRolesStore.resolveFile(settings, environment);
        try {
            return FileRolesStore.parseFileForRoleNames(resolveFile, null);
        } catch (Throwable th) {
            terminal.println("Warning:  Could not parse [%s] for roles verification. Please revise and fix it. Nonetheless, the user will still be associated with all specified roles", new Object[]{resolveFile.toAbsolutePath()});
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String[] markUnknownRoles(String[] strArr, Set<String> set) {
        if (set.isEmpty()) {
            return strArr;
        }
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            if (set.contains(strArr[i])) {
                strArr2[i] = strArr[i] + "*";
            } else {
                strArr2[i] = strArr[i];
            }
        }
        return strArr2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void verifyRoles(Terminal terminal, Settings settings, Environment environment, String[] strArr) {
        Sets.SetView difference = Sets.difference(Sets.newHashSet(strArr), loadRoleNames(terminal, settings, environment));
        if (difference.isEmpty()) {
            return;
        }
        terminal.println("Warning: The following roles [%s] are unknown. Make sure to add them to the [%s] file. Nonetheless the user will still be associated with all specified roles", new Object[]{Strings.collectionToCommaDelimitedString(difference), FileRolesStore.resolveFile(settings, environment).toAbsolutePath()});
    }

    static {
        $assertionsDisabled = !ESUsersTool.class.desiredAssertionStatus();
        CONFIG = CliToolConfig.config(ESUsersRealm.TYPE, ESUsersTool.class).cmds(new CliToolConfig.Cmd[]{Useradd.CMD, Userdel.CMD, Passwd.CMD, Roles.CMD, ListUsersAndRoles.CMD}).build();
    }
}
