package org.elasticsearch.shield.authz.esnative;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.LatchedActionListener;
import org.elasticsearch.action.delete.DeleteRequest;
import org.elasticsearch.action.delete.DeleteResponse;
import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.search.ClearScrollResponse;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.ClusterChangedEvent;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.ClusterStateListener;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.inject.Provider;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.gateway.GatewayService;
import org.elasticsearch.index.IndexNotFoundException;
import org.elasticsearch.index.get.GetResult;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.search.SearchHit;
import org.elasticsearch.shield.InternalShieldUser;
import org.elasticsearch.shield.ShieldTemplateService;
import org.elasticsearch.shield.action.role.ClearRolesCacheRequest;
import org.elasticsearch.shield.action.role.ClearRolesCacheResponse;
import org.elasticsearch.shield.action.role.DeleteRoleRequest;
import org.elasticsearch.shield.action.role.PutRoleRequest;
import org.elasticsearch.shield.authc.AuthenticationService;
import org.elasticsearch.shield.authz.Permission;
import org.elasticsearch.shield.authz.RoleDescriptor;
import org.elasticsearch.shield.authz.store.RolesStore;
import org.elasticsearch.shield.client.ShieldClient;
import org.elasticsearch.shield.support.ClientWithUser;
import org.elasticsearch.shield.support.SelfReschedulingRunnable;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:org/elasticsearch/shield/authz/esnative/ESNativeRolesStore.class */
public class ESNativeRolesStore extends AbstractComponent implements RolesStore, ClusterStateListener {
    public static final String ROLE_DOC_TYPE = "role";
    private final Provider<Client> clientProvider;
    private final Provider<AuthenticationService> authProvider;
    private final ThreadPool threadPool;
    private final AtomicReference<State> state;
    private final ConcurrentMap<String, RoleAndVersion> roleCache;
    private Client client;
    private ShieldClient shieldClient;
    private int scrollSize;
    private TimeValue scrollKeepAlive;
    private SelfReschedulingRunnable rolesPoller;
    private volatile boolean shieldIndexExists;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/shield/authz/esnative/ESNativeRolesStore$RoleAndVersion.class */
    public static class RoleAndVersion {
        private final RoleDescriptor roleDescriptor;
        private final Permission.Global.Role role;
        private final long version;

        RoleAndVersion(RoleDescriptor roleDescriptor, long j) {
            Objects.requireNonNull(roleDescriptor);
            this.roleDescriptor = roleDescriptor;
            this.role = Permission.Global.Role.builder(roleDescriptor).build();
            this.version = j;
        }

        RoleDescriptor getRoleDescriptor() {
            return this.roleDescriptor;
        }

        Permission.Global.Role getRole() {
            return this.role;
        }

        long getVersion() {
            return this.version;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            RoleAndVersion roleAndVersion = (RoleAndVersion) obj;
            if (this.version != roleAndVersion.version) {
                return false;
            }
            return this.roleDescriptor.getName().equals(roleAndVersion.roleDescriptor.getName());
        }

        public int hashCode() {
            return (31 * this.roleDescriptor.hashCode()) + ((int) (this.version ^ (this.version >>> 32)));
        }
    }

    /* loaded from: input_file:org/elasticsearch/shield/authz/esnative/ESNativeRolesStore$RolesStorePoller.class */
    private class RolesStorePoller extends AbstractRunnable {
        private RolesStorePoller() {
        }

        /* JADX WARN: Finally extract failed */
        protected void doRun() throws Exception {
            Client client = ESNativeRolesStore.this.client;
            if (isStopped()) {
                return;
            }
            if (!ESNativeRolesStore.this.shieldIndexExists) {
                ESNativeRolesStore.this.logger.trace("cannot poll for role changes since security index [{}] does not exist", new Object[]{ShieldTemplateService.SECURITY_INDEX_NAME});
                return;
            }
            if (ESNativeRolesStore.this.roleCache.isEmpty()) {
                ESNativeRolesStore.this.logger.trace("role cache is empty. skipping execution of poller", new Object[0]);
                return;
            }
            ESNativeRolesStore.this.logger.trace("starting polling of roles index to check for changes", new Object[0]);
            SearchResponse searchResponse = null;
            HashSet hashSet = new HashSet(ESNativeRolesStore.this.roleCache.keySet());
            try {
                try {
                    client.admin().indices().prepareRefresh(new String[]{ShieldTemplateService.SECURITY_INDEX_NAME}).get();
                    searchResponse = (SearchResponse) client.search(client.prepareSearch(new String[]{ShieldTemplateService.SECURITY_INDEX_NAME}).setScroll(ESNativeRolesStore.this.scrollKeepAlive).setQuery(QueryBuilders.typeQuery(ESNativeRolesStore.ROLE_DOC_TYPE)).setSize(ESNativeRolesStore.this.scrollSize).setFetchSource(false).setVersion(true).request()).get();
                    boolean z = searchResponse.getHits().getHits().length > 0;
                    while (z) {
                        if (isStopped()) {
                            if (searchResponse != null) {
                                client.clearScroll(client.prepareClearScroll().addScrollId(searchResponse.getScrollId()).request()).actionGet();
                                return;
                            }
                            return;
                        }
                        for (SearchHit searchHit : searchResponse.getHits().getHits()) {
                            String id = searchHit.getId();
                            long version = searchHit.version();
                            if (hashSet.remove(id)) {
                                RoleAndVersion roleAndVersion = (RoleAndVersion) ESNativeRolesStore.this.roleCache.get(id);
                                if (roleAndVersion == null) {
                                    ESNativeRolesStore.this.logger.trace("role [{}] was in the cache at the start of polling but has been removed. skipping checks", new Object[]{id});
                                } else if (version > roleAndVersion.getVersion()) {
                                    ESNativeRolesStore.this.logger.trace("removing role [{}] from cache with version [{}] since version [{}] is in index", new Object[]{id, Long.valueOf(roleAndVersion.getVersion()), Long.valueOf(version)});
                                    ESNativeRolesStore.this.roleCache.remove(id);
                                } else {
                                    ESNativeRolesStore.this.logger.trace("role [{}] does not need to be updated. retrieved version [{}] existing version [{}]", new Object[]{id, Long.valueOf(version), Long.valueOf(roleAndVersion.getVersion())});
                                }
                            } else {
                                ESNativeRolesStore.this.logger.trace("role [{}] wasn't in cache at start of polling. skipping checks", new Object[]{id});
                            }
                        }
                        searchResponse = (SearchResponse) client.prepareSearchScroll(searchResponse.getScrollId()).setScroll(ESNativeRolesStore.this.scrollKeepAlive).get();
                        z = searchResponse.getHits().getHits().length > 0;
                    }
                    if (!hashSet.isEmpty()) {
                        ESNativeRolesStore.this.logger.trace("removing roles {} from cache since they no longer exist in the index", new Object[]{hashSet});
                        Iterator it = hashSet.iterator();
                        while (it.hasNext()) {
                            ESNativeRolesStore.this.roleCache.remove((String) it.next());
                        }
                    }
                    if (searchResponse != null) {
                        client.clearScroll(client.prepareClearScroll().addScrollId(searchResponse.getScrollId()).request()).actionGet();
                    }
                } catch (IndexNotFoundException e) {
                    ESNativeRolesStore.this.logger.trace("security index does not exist", e, new Object[0]);
                    if (searchResponse != null) {
                        client.clearScroll(client.prepareClearScroll().addScrollId(searchResponse.getScrollId()).request()).actionGet();
                    }
                }
                ESNativeRolesStore.this.logger.trace("completed polling of roles index", new Object[0]);
            } catch (Throwable th) {
                if (searchResponse != null) {
                    client.clearScroll(client.prepareClearScroll().addScrollId(searchResponse.getScrollId()).request()).actionGet();
                }
                throw th;
            }
        }

        public void onFailure(Throwable th) {
            ESNativeRolesStore.this.logger.error("error occurred while checking the native roles for changes", th, new Object[0]);
        }

        private boolean isStopped() {
            State state = ESNativeRolesStore.this.state();
            return state == State.STOPPED || state == State.STOPPING;
        }
    }

    /* loaded from: input_file:org/elasticsearch/shield/authz/esnative/ESNativeRolesStore$State.class */
    public enum State {
        INITIALIZED,
        STARTING,
        STARTED,
        STOPPING,
        STOPPED,
        FAILED
    }

    @Inject
    public ESNativeRolesStore(Settings settings, Provider<Client> provider, Provider<AuthenticationService> provider2, ThreadPool threadPool) {
        super(settings);
        this.state = new AtomicReference<>(State.INITIALIZED);
        this.roleCache = new ConcurrentHashMap();
        this.shieldIndexExists = false;
        this.clientProvider = provider;
        this.authProvider = provider2;
        this.threadPool = threadPool;
    }

    public boolean canStart(ClusterState clusterState, boolean z) {
        if (state() != State.INITIALIZED) {
            return false;
        }
        if (clusterState.blocks().hasGlobalBlock(GatewayService.STATE_NOT_RECOVERED_BLOCK)) {
            this.logger.debug("native roles store waiting until gateway has recovered from disk", new Object[0]);
            return false;
        }
        if (clusterState.metaData().templates().get(ShieldTemplateService.SECURITY_TEMPLATE_NAME) != null) {
            return true;
        }
        this.logger.debug("native roles template [{}] does not exist, so service cannot start", new Object[]{ShieldTemplateService.SECURITY_TEMPLATE_NAME});
        return false;
    }

    public void start() {
        try {
            if (this.state.compareAndSet(State.INITIALIZED, State.STARTING)) {
                this.client = new ClientWithUser((Client) this.clientProvider.get(), (AuthenticationService) this.authProvider.get(), InternalShieldUser.INSTANCE);
                this.shieldClient = new ShieldClient(this.client);
                this.scrollSize = this.settings.getAsInt("shield.authc.native.scroll.size", 1000).intValue();
                this.scrollKeepAlive = this.settings.getAsTime("shield.authc.native.scroll.keep_alive", TimeValue.timeValueSeconds(10L));
                this.rolesPoller = new SelfReschedulingRunnable(new RolesStorePoller(), this.threadPool, this.settings.getAsTime("shield.authc.native.reload.interval", TimeValue.timeValueSeconds(30L)), "generic", this.logger);
                this.rolesPoller.start();
                this.state.set(State.STARTED);
            }
        } catch (Exception e) {
            this.logger.error("failed to start ESNativeRolesStore", e, new Object[0]);
            this.state.set(State.FAILED);
        }
    }

    public void stop() {
        if (this.state.compareAndSet(State.STARTED, State.STOPPING)) {
            try {
                this.rolesPoller.stop();
                this.state.set(State.STOPPED);
            } catch (Throwable th) {
                this.state.set(State.STOPPED);
                throw th;
            }
        }
    }

    public void getRoleDescriptors(String[] strArr, final ActionListener<List<RoleDescriptor>> actionListener) {
        if (state() != State.STARTED) {
            this.logger.trace("attempted to get roles before service was started", new Object[0]);
            actionListener.onFailure(new IllegalStateException("roles cannot be retrieved as native role service has not been started"));
            return;
        }
        try {
            final ArrayList arrayList = new ArrayList();
            this.client.search(this.client.prepareSearch(new String[]{ShieldTemplateService.SECURITY_INDEX_NAME}).setTypes(new String[]{ROLE_DOC_TYPE}).setScroll(this.scrollKeepAlive).setQuery((strArr == null || strArr.length == 0) ? QueryBuilders.matchAllQuery() : QueryBuilders.boolQuery().filter(QueryBuilders.idsQuery(new String[]{ROLE_DOC_TYPE}).addIds(strArr))).setSize(this.scrollSize).setFetchSource(true).request(), new ActionListener<SearchResponse>() { // from class: org.elasticsearch.shield.authz.esnative.ESNativeRolesStore.1
                private SearchResponse lastResponse = null;

                public void onResponse(SearchResponse searchResponse) {
                    this.lastResponse = searchResponse;
                    if (!(searchResponse.getHits().getHits().length > 0)) {
                        if (searchResponse.getScrollId() != null) {
                            ESNativeRolesStore.this.clearScollRequest(searchResponse.getScrollId());
                        }
                        actionListener.onResponse(Collections.unmodifiableList(arrayList));
                        return;
                    }
                    for (SearchHit searchHit : searchResponse.getHits().getHits()) {
                        RoleDescriptor transformRole = ESNativeRolesStore.this.transformRole(searchHit.getId(), searchHit.getSourceRef());
                        if (transformRole != null) {
                            arrayList.add(transformRole);
                        }
                    }
                    ESNativeRolesStore.this.client.searchScroll(ESNativeRolesStore.this.client.prepareSearchScroll(searchResponse.getScrollId()).setScroll(ESNativeRolesStore.this.scrollKeepAlive).request(), this);
                }

                public void onFailure(Throwable th) {
                    if (this.lastResponse != null && this.lastResponse.getScrollId() != null) {
                        ESNativeRolesStore.this.clearScollRequest(this.lastResponse.getScrollId());
                    }
                    if (!(th instanceof IndexNotFoundException)) {
                        actionListener.onFailure(th);
                    } else {
                        ESNativeRolesStore.this.logger.trace("could not retrieve roles because security index does not exist", new Object[0]);
                        actionListener.onResponse(Collections.emptyList());
                    }
                }
            });
        } catch (Exception e) {
            this.logger.error("unable to retrieve roles {}", e, new Object[]{Arrays.toString(strArr)});
            actionListener.onFailure(e);
        }
    }

    public void getRoleDescriptor(String str, ActionListener<RoleDescriptor> actionListener) {
        if (state() != State.STARTED) {
            this.logger.trace("attempted to get role [{}] before service was started", new Object[]{str});
            actionListener.onResponse((Object) null);
        }
        RoleAndVersion roleAndVersion = getRoleAndVersion(str);
        actionListener.onResponse(roleAndVersion == null ? null : roleAndVersion.getRoleDescriptor());
    }

    public void deleteRole(final DeleteRoleRequest deleteRoleRequest, final ActionListener<Boolean> actionListener) {
        if (state() != State.STARTED) {
            this.logger.trace("attempted to delete role [{}] before service was started", new Object[]{deleteRoleRequest.name()});
            actionListener.onResponse(false);
        }
        try {
            DeleteRequest request = this.client.prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, deleteRoleRequest.name()).request();
            request.refresh(deleteRoleRequest.refresh());
            this.client.delete(request, new ActionListener<DeleteResponse>() { // from class: org.elasticsearch.shield.authz.esnative.ESNativeRolesStore.2
                public void onResponse(DeleteResponse deleteResponse) {
                    ESNativeRolesStore.this.clearRoleCache(deleteRoleRequest.name(), actionListener, Boolean.valueOf(deleteResponse.isFound()));
                }

                public void onFailure(Throwable th) {
                    ESNativeRolesStore.this.logger.error("failed to delete role from the index", th, new Object[0]);
                    actionListener.onFailure(th);
                }
            });
        } catch (Exception e) {
            this.logger.error("unable to remove role", e, new Object[0]);
            actionListener.onFailure(e);
        } catch (IndexNotFoundException e2) {
            this.logger.trace("security index does not exist", e2, new Object[0]);
            actionListener.onResponse(false);
        }
    }

    public void putRole(final PutRoleRequest putRoleRequest, final RoleDescriptor roleDescriptor, final ActionListener<Boolean> actionListener) {
        if (state() != State.STARTED) {
            this.logger.trace("attempted to put role [{}] before service was started", new Object[]{putRoleRequest.name()});
            actionListener.onResponse(false);
        }
        try {
            this.client.prepareIndex(ShieldTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, roleDescriptor.getName()).setSource(roleDescriptor.toXContent(XContentFactory.jsonBuilder(), ToXContent.EMPTY_PARAMS)).setRefresh(putRoleRequest.refresh()).execute(new ActionListener<IndexResponse>() { // from class: org.elasticsearch.shield.authz.esnative.ESNativeRolesStore.3
                public void onResponse(IndexResponse indexResponse) {
                    if (indexResponse.isCreated()) {
                        actionListener.onResponse(Boolean.valueOf(indexResponse.isCreated()));
                    } else {
                        ESNativeRolesStore.this.clearRoleCache(roleDescriptor.getName(), actionListener, Boolean.valueOf(indexResponse.isCreated()));
                    }
                }

                public void onFailure(Throwable th) {
                    ESNativeRolesStore.this.logger.error("failed to put role [{}]", th, new Object[]{putRoleRequest.name()});
                    actionListener.onFailure(th);
                }
            });
        } catch (Exception e) {
            this.logger.error("unable to put role [{}]", e, new Object[]{putRoleRequest.name()});
            actionListener.onFailure(e);
        }
    }

    @Override // org.elasticsearch.shield.authz.store.RolesStore
    public Permission.Global.Role role(String str) {
        RoleAndVersion roleAndVersion = getRoleAndVersion(str);
        if (roleAndVersion == null) {
            return null;
        }
        return roleAndVersion.getRole();
    }

    private RoleAndVersion getRoleAndVersion(final String str) {
        RoleDescriptor transformRole;
        RoleAndVersion roleAndVersion = null;
        final AtomicReference atomicReference = new AtomicReference(null);
        CountDownLatch countDownLatch = new CountDownLatch(1);
        try {
            roleAndVersion = this.roleCache.get(str);
            if (roleAndVersion == null) {
                this.logger.debug("attempting to load role [{}] from index", new Object[]{str});
                executeGetRoleRequest(str, new LatchedActionListener(new ActionListener<GetResponse>() { // from class: org.elasticsearch.shield.authz.esnative.ESNativeRolesStore.4
                    public void onResponse(GetResponse getResponse) {
                        atomicReference.set(getResponse);
                    }

                    public void onFailure(Throwable th) {
                        if (th instanceof IndexNotFoundException) {
                            ESNativeRolesStore.this.logger.trace("failed to retrieve role [{}] since security index does not exist", th, new Object[]{str});
                        } else {
                            ESNativeRolesStore.this.logger.error("failed to retrieve role [{}]", th, new Object[]{str});
                        }
                    }
                }, countDownLatch));
                try {
                    countDownLatch.await(30L, TimeUnit.SECONDS);
                } catch (InterruptedException e) {
                    this.logger.error("timed out retrieving role [{}]", new Object[]{str});
                }
                GetResponse getResponse = (GetResponse) atomicReference.get();
                if (getResponse == null || (transformRole = transformRole(getResponse)) == null) {
                    return null;
                }
                this.logger.debug("loaded role [{}] from index with version [{}]", new Object[]{str, Long.valueOf(getResponse.getVersion())});
                RoleAndVersion roleAndVersion2 = new RoleAndVersion(transformRole, getResponse.getVersion());
                RoleAndVersion putIfAbsent = this.roleCache.putIfAbsent(str, roleAndVersion2);
                if (putIfAbsent == null) {
                    return roleAndVersion2;
                }
                while (roleAndVersion2.getVersion() > putIfAbsent.getVersion()) {
                    this.logger.trace("role [{}] is in cache with version [{}], trying to update to version [{}]", new Object[]{str, Long.valueOf(putIfAbsent.getVersion()), Long.valueOf(roleAndVersion2.getVersion())});
                    if (this.roleCache.replace(str, putIfAbsent, roleAndVersion2)) {
                        return roleAndVersion2;
                    }
                    putIfAbsent = this.roleCache.get(str);
                    if (putIfAbsent == null) {
                        this.logger.trace("failed to replace role [{}]. it was removed from the cache", new Object[]{str});
                        return roleAndVersion2;
                    }
                    this.logger.trace("failed to replace role [{}] in cache. replacement version [{}] existing version [{}]", new Object[]{str, Long.valueOf(roleAndVersion2.getVersion()), Long.valueOf(putIfAbsent.getVersion())});
                }
                if (roleAndVersion2.getVersion() == putIfAbsent.getVersion()) {
                    this.logger.trace("role [{}] is already in cache with version [{}]", new Object[]{str, Long.valueOf(roleAndVersion2.getVersion())});
                    return roleAndVersion2;
                }
                if (!$assertionsDisabled && putIfAbsent.getVersion() <= roleAndVersion2.getVersion()) {
                    throw new AssertionError();
                }
                this.logger.trace("role [{}] has cached value with version [{}] newer than the retrieved version [{}]", new Object[]{str, Long.valueOf(putIfAbsent.getVersion()), Long.valueOf(roleAndVersion2.getVersion())});
                return putIfAbsent;
            }
        } catch (RuntimeException e2) {
            this.logger.error("could not get or load value from cache for role [{}]", e2, new Object[]{str});
        }
        return roleAndVersion;
    }

    private void executeGetRoleRequest(String str, ActionListener<GetResponse> actionListener) {
        try {
            this.client.get(this.client.prepareGet(ShieldTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, str).request(), actionListener);
        } catch (IndexNotFoundException e) {
            this.logger.trace("unable to retrieve role [{}] since security index does not exist", e, new Object[]{str});
            actionListener.onResponse(new GetResponse(new GetResult(ShieldTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, str, -1L, false, (BytesReference) null, (Map) null)));
        } catch (Exception e2) {
            this.logger.error("unable to retrieve role", e2, new Object[0]);
            actionListener.onFailure(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void clearScollRequest(final String str) {
        this.client.clearScroll(this.client.prepareClearScroll().addScrollId(str).request(), new ActionListener<ClearScrollResponse>() { // from class: org.elasticsearch.shield.authz.esnative.ESNativeRolesStore.5
            public void onResponse(ClearScrollResponse clearScrollResponse) {
            }

            public void onFailure(Throwable th) {
                ESNativeRolesStore.this.logger.warn("failed to clear scroll [{}] after retrieving roles", th, new Object[]{str});
            }
        });
    }

    public void reset() {
        State state = state();
        if (state != State.STOPPED && state != State.FAILED) {
            throw new IllegalStateException("can only reset if stopped!!!");
        }
        this.roleCache.clear();
        this.client = null;
        this.shieldIndexExists = false;
        this.state.set(State.INITIALIZED);
    }

    public void invalidateAll() {
        this.logger.debug("invalidating all roles in cache", new Object[0]);
        this.roleCache.clear();
    }

    public void invalidate(String str) {
        this.logger.debug("invalidating role [{}] in cache", new Object[]{str});
        this.roleCache.remove(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <Response> void clearRoleCache(final String str, final ActionListener<Response> actionListener, final Response response) {
        this.shieldClient.clearRolesCache(new ClearRolesCacheRequest().roles(str), new ActionListener<ClearRolesCacheResponse>() { // from class: org.elasticsearch.shield.authz.esnative.ESNativeRolesStore.6
            public void onResponse(ClearRolesCacheResponse clearRolesCacheResponse) {
                if (clearRolesCacheResponse.hasFailures()) {
                    ArrayList arrayList = new ArrayList();
                    for (ClearRolesCacheResponse.Node node : (ClearRolesCacheResponse.Node[]) clearRolesCacheResponse.getNodes()) {
                        if (!node.success()) {
                            arrayList.add(node.id());
                        }
                    }
                    ESNativeRolesStore.this.logger.error("failed to clear roles cache for [{}] on nodes [{}]", new Object[]{str, arrayList});
                }
                actionListener.onResponse(response);
            }

            public void onFailure(Throwable th) {
                ESNativeRolesStore.this.logger.error("unable to clear cache for role [{}]", th, new Object[]{str});
                actionListener.onFailure(new ElasticsearchException("clearing the cache for [" + str + "] failed. please clear the role cache manually", th, new Object[0]));
            }
        });
    }

    public void clusterChanged(ClusterChangedEvent clusterChangedEvent) {
        if (!(clusterChangedEvent.state().metaData().indices().get(ShieldTemplateService.SECURITY_INDEX_NAME) != null) || !clusterChangedEvent.state().routingTable().index(ShieldTemplateService.SECURITY_INDEX_NAME).allPrimaryShardsActive()) {
            this.shieldIndexExists = false;
        } else {
            this.logger.debug("security index [{}] all primary shards started, so polling can start", new Object[]{ShieldTemplateService.SECURITY_INDEX_NAME});
            this.shieldIndexExists = true;
        }
    }

    public State state() {
        return this.state.get();
    }

    @Nullable
    private RoleDescriptor transformRole(GetResponse getResponse) {
        if (getResponse.isExists()) {
            return transformRole(getResponse.getId(), getResponse.getSourceAsBytesRef());
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nullable
    public RoleDescriptor transformRole(String str, BytesReference bytesReference) {
        try {
            return RoleDescriptor.parse(str, bytesReference);
        } catch (Exception e) {
            this.logger.error("error in the format of data for role [{}]", e, new Object[]{str});
            return null;
        }
    }

    static {
        $assertionsDisabled = !ESNativeRolesStore.class.desiredAssertionStatus();
    }
}
