package org.elasticsearch.shield.authc.esusers.tool;

import com.google.common.base.Charsets;
import com.google.common.collect.ImmutableMap;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.HttpsURLConnection;
import org.apache.commons.cli.CommandLine;
import org.elasticsearch.ExceptionsHelper;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.cli.CliTool;
import org.elasticsearch.common.cli.CliToolConfig;
import org.elasticsearch.common.cli.Terminal;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.authc.Realms;
import org.elasticsearch.shield.authc.esusers.FileUserPasswdStore;
import org.elasticsearch.shield.authc.esusers.FileUserRolesStore;
import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.shield.authz.RoleDescriptor;
import org.elasticsearch.shield.authz.store.FileRolesStore;
import org.elasticsearch.shield.ssl.ClientSSLService;
import org.elasticsearch.shield.support.NoOpLogger;

/* loaded from: input_file:org/elasticsearch/shield/authc/esusers/tool/ESNativeRealmMigrateTool.class */
public class ESNativeRealmMigrateTool extends CliTool {
    private static final CliToolConfig CONFIG = CliToolConfig.config("migrate", ESNativeRealmMigrateTool.class).cmds(new CliToolConfig.Cmd[]{NoopCmd.CMD, MigrateUserOrRoles.CMD}).build();

    /* loaded from: input_file:org/elasticsearch/shield/authc/esusers/tool/ESNativeRealmMigrateTool$MigrateUserOrRoles.class */
    public static class MigrateUserOrRoles extends CliTool.Command {
        private static final String NAME = "native";
        private static final CliToolConfig.Cmd CMD = CliToolConfig.Builder.cmd("native", MigrateUserOrRoles.class).options(new CliToolConfig.OptionBuilder[]{CliToolConfig.Builder.option("u", "username").hasArg(true).required(false), CliToolConfig.Builder.option("p", "password").hasArg(true).required(false), CliToolConfig.Builder.option("n", "users").hasArg(true).required(false), CliToolConfig.Builder.option("r", "roles").hasArg(true).required(false), CliToolConfig.Builder.option("U", SessionFactory.URLS_SETTING).hasArg(true).required(true), CliToolConfig.Builder.option("c", "config").hasArg(true).required(false)}).build();
        String username;
        String password;
        String url;
        String[] usersToMigrate;
        String[] rolesToMigrate;
        String esConfigDir;

        public MigrateUserOrRoles(Terminal terminal, String str, String str2, String str3, String[] strArr, String[] strArr2, String str4) {
            super(terminal);
            this.username = str;
            this.password = str2;
            this.url = str3;
            this.usersToMigrate = strArr;
            this.rolesToMigrate = strArr2;
            this.esConfigDir = str4;
        }

        public static CliTool.Command parse(Terminal terminal, CommandLine commandLine) {
            String optionValue = commandLine.getOptionValue("username");
            String optionValue2 = commandLine.getOptionValue("password");
            String optionValue3 = commandLine.getOptionValue(SessionFactory.URLS_SETTING);
            String optionValue4 = commandLine.getOptionValue("config");
            String optionValue5 = commandLine.getOptionValue("users");
            String optionValue6 = commandLine.getOptionValue("roles");
            return new MigrateUserOrRoles(terminal, optionValue, optionValue2, optionValue3, optionValue5 != null ? optionValue5.split(",") : Strings.EMPTY_ARRAY, optionValue6 != null ? optionValue6.split(",") : Strings.EMPTY_ARRAY, optionValue4);
        }

        public CliTool.ExitStatus execute(Settings settings, Environment environment) throws Exception {
            this.terminal.println("starting migration of users and roles...", new Object[0]);
            Environment environment2 = environment;
            if (this.esConfigDir != null) {
                environment2 = new Environment(Settings.builder().put(settings).put("path.conf", this.esConfigDir).build());
            }
            importUsers(settings, environment2);
            importRoles(settings, environment2);
            this.terminal.println("users and roles imported.", new Object[0]);
            return CliTool.ExitStatus.OK;
        }

        /* JADX WARN: Finally extract failed */
        private String postURL(Settings settings, Environment environment, String str, String str2, @Nullable String str3) throws Exception {
            HttpURLConnection httpURLConnection;
            Throwable th;
            BufferedReader bufferedReader;
            Throwable th2;
            Throwable th3;
            URI uri = new URI(str2);
            URL url = uri.toURL();
            if ("https".equalsIgnoreCase(uri.getScheme())) {
                final ClientSSLService clientSSLService = new ClientSSLService(settings);
                clientSSLService.setEnvironment(environment);
                final HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
                AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool.MigrateUserOrRoles.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public Void run() {
                        httpsURLConnection.setSSLSocketFactory(clientSSLService.sslSocketFactory());
                        return null;
                    }
                });
                httpURLConnection = httpsURLConnection;
            } else {
                httpURLConnection = (HttpURLConnection) url.openConnection();
            }
            httpURLConnection.setRequestMethod(str);
            httpURLConnection.setReadTimeout(30000);
            httpURLConnection.setRequestProperty(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(this.username, new SecuredString(this.password.toCharArray())));
            httpURLConnection.setDoOutput(true);
            httpURLConnection.connect();
            if (str3 != null) {
                try {
                    OutputStream outputStream = httpURLConnection.getOutputStream();
                    Throwable th4 = null;
                    try {
                        try {
                            outputStream.write(str3.getBytes(Charsets.UTF_8));
                            if (outputStream != null) {
                                if (0 != 0) {
                                    try {
                                        outputStream.close();
                                    } catch (Throwable th5) {
                                        th4.addSuppressed(th5);
                                    }
                                } else {
                                    outputStream.close();
                                }
                            }
                        } finally {
                        }
                    } finally {
                    }
                } catch (Exception e) {
                    httpURLConnection.disconnect();
                    throw e;
                }
            }
            try {
                try {
                    bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(), Charsets.UTF_8));
                    th = null;
                } catch (IOException e2) {
                    bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream(), Charsets.UTF_8));
                    th2 = null;
                    try {
                        try {
                            StringBuilder sb = new StringBuilder();
                            while (true) {
                                String readLine = bufferedReader.readLine();
                                if (readLine == null) {
                                    break;
                                }
                                sb.append(readLine);
                            }
                            throw new IOException(sb.toString(), e2);
                        } finally {
                        }
                    } finally {
                        if (bufferedReader != null) {
                            if (th3 != null) {
                                try {
                                    bufferedReader.close();
                                } catch (Throwable th6) {
                                    th2.addSuppressed(th6);
                                }
                            }
                        }
                    }
                }
                try {
                    try {
                        StringBuilder sb2 = new StringBuilder();
                        while (true) {
                            String readLine2 = bufferedReader.readLine();
                            if (readLine2 == null) {
                                break;
                            }
                            sb2.append(readLine2);
                        }
                        String sb3 = sb2.toString();
                        if (bufferedReader != null) {
                            if (0 != 0) {
                                try {
                                    bufferedReader.close();
                                } catch (Throwable th7) {
                                    th.addSuppressed(th7);
                                }
                            } else {
                                bufferedReader.close();
                            }
                        }
                        httpURLConnection.disconnect();
                        return sb3;
                    } finally {
                    }
                } finally {
                    if (bufferedReader != null) {
                        if (th3 != null) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th8) {
                                th2.addSuppressed(th8);
                            }
                        }
                    }
                }
            } catch (Throwable th9) {
                httpURLConnection.disconnect();
                throw th9;
            }
        }

        public Set<String> getUsersThatExist(Settings settings, Environment environment) throws Exception {
            HashSet hashSet = new HashSet();
            XContentParser createParser = JsonXContent.jsonXContent.createParser(postURL(settings, environment, "GET", this.url + "/_shield/user/", null));
            Throwable th = null;
            try {
                XContentParser.Token nextToken = createParser.nextToken();
                if (nextToken != XContentParser.Token.START_OBJECT) {
                    throw new Exception("failed to retrieve users, expecting an object but got: " + nextToken);
                }
                while (createParser.nextToken() == XContentParser.Token.FIELD_NAME) {
                    hashSet.add(createParser.currentName());
                    createParser.nextToken();
                    createParser.skipChildren();
                }
                this.terminal.println("found existing users: %s", new Object[]{hashSet});
                return hashSet;
            } finally {
                if (createParser != null) {
                    if (0 != 0) {
                        try {
                            createParser.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        createParser.close();
                    }
                }
            }
        }

        public static String createUserJson(String[] strArr, char[] cArr) throws IOException {
            XContentBuilder jsonBuilder = XContentFactory.jsonBuilder();
            jsonBuilder.startObject();
            jsonBuilder.field("password_hash", new String(cArr));
            jsonBuilder.startArray("roles");
            for (String str : strArr) {
                jsonBuilder.value(str);
            }
            jsonBuilder.endArray();
            jsonBuilder.endObject();
            return jsonBuilder.string();
        }

        public void importUsers(Settings settings, Environment environment) {
            Settings fileRealmSettings = Realms.fileRealmSettings(settings);
            Path resolveFile = FileUserPasswdStore.resolveFile(fileRealmSettings, environment);
            Path resolveFile2 = FileUserRolesStore.resolveFile(fileRealmSettings, environment);
            this.terminal.println("importing users from [%s]...", new Object[]{resolveFile});
            ImmutableMap<String, char[]> parseFile = FileUserPasswdStore.parseFile(resolveFile, null);
            ImmutableMap<String, String[]> parseFile2 = FileUserRolesStore.parseFile(resolveFile2, null);
            try {
                Set<String> usersThatExist = getUsersThatExist(settings, environment);
                if (this.usersToMigrate.length == 0) {
                    this.usersToMigrate = (String[]) parseFile.keySet().toArray(new String[parseFile.size()]);
                }
                for (String str : this.usersToMigrate) {
                    if (!parseFile.containsKey(str)) {
                        this.terminal.println("no user [%s] found, skipping", new Object[]{str});
                    } else if (usersThatExist.contains(str)) {
                        this.terminal.println("user [%s] already exists, skipping", new Object[]{str});
                    } else {
                        this.terminal.println("migrating user [%s]", new Object[]{str});
                        String str2 = "n/a";
                        try {
                            str2 = createUserJson((String[]) parseFile2.get(str), (char[]) parseFile.get(str));
                            this.terminal.println(postURL(settings, environment, "POST", this.url + "/_shield/user/" + str, str2), new Object[0]);
                        } catch (Exception e) {
                            this.terminal.println("failed to migrate user [%s] with body: %s", new Object[]{str, str2});
                            this.terminal.println(ExceptionsHelper.stackTrace(e), new Object[0]);
                        }
                    }
                }
            } catch (Exception e2) {
                this.terminal.println("failed to get users that already exist, skipping user import", new Object[0]);
                this.terminal.println(ExceptionsHelper.stackTrace(e2), new Object[0]);
            }
        }

        public Set<String> getRolesThatExist(Settings settings, Environment environment) throws Exception {
            HashSet hashSet = new HashSet();
            XContentParser createParser = JsonXContent.jsonXContent.createParser(postURL(settings, environment, "GET", this.url + "/_shield/role/", null));
            Throwable th = null;
            try {
                XContentParser.Token nextToken = createParser.nextToken();
                if (nextToken != XContentParser.Token.START_OBJECT) {
                    throw new Exception("failed to retrieve roles, expecting an object but got: " + nextToken);
                }
                while (createParser.nextToken() == XContentParser.Token.FIELD_NAME) {
                    hashSet.add(createParser.currentName());
                    createParser.nextToken();
                    createParser.skipChildren();
                }
                this.terminal.println("found existing roles: %s", new Object[]{hashSet});
                return hashSet;
            } finally {
                if (createParser != null) {
                    if (0 != 0) {
                        try {
                            createParser.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        createParser.close();
                    }
                }
            }
        }

        public static String createRoleJson(RoleDescriptor roleDescriptor) throws IOException {
            XContentBuilder jsonBuilder = XContentFactory.jsonBuilder();
            jsonBuilder.startObject();
            String[] clusterPrivileges = roleDescriptor.getClusterPrivileges();
            String[] runAs = roleDescriptor.getRunAs();
            RoleDescriptor.IndicesPrivileges[] indicesPrivileges = roleDescriptor.getIndicesPrivileges();
            if (clusterPrivileges != null && clusterPrivileges.length > 0) {
                jsonBuilder.array("cluster", clusterPrivileges);
            }
            if (runAs != null && runAs.length > 0) {
                jsonBuilder.array("run_as", runAs);
            }
            if (indicesPrivileges != null && indicesPrivileges.length > 0) {
                jsonBuilder.startArray("indices");
                for (RoleDescriptor.IndicesPrivileges indicesPrivileges2 : indicesPrivileges) {
                    jsonBuilder.startObject();
                    String[] indices = indicesPrivileges2.getIndices();
                    String[] privileges = indicesPrivileges2.getPrivileges();
                    String[] fields = indicesPrivileges2.getFields();
                    BytesReference query = indicesPrivileges2.getQuery();
                    if (indices != null && indices.length > 0) {
                        jsonBuilder.array("names", indices);
                    }
                    if (privileges != null && privileges.length > 0) {
                        jsonBuilder.array("privileges", privileges);
                    }
                    if (fields != null && fields.length > 0) {
                        jsonBuilder.array("fields", fields);
                    }
                    if (query != null) {
                        jsonBuilder.field("query", query.toUtf8());
                    }
                    jsonBuilder.endObject();
                }
                jsonBuilder.endArray();
            }
            jsonBuilder.endObject();
            return jsonBuilder.string();
        }

        public void importRoles(Settings settings, Environment environment) {
            Path absolutePath = FileRolesStore.resolveFile(Realms.fileRealmSettings(settings), environment).toAbsolutePath();
            this.terminal.println("importing roles from [%s]...", new Object[]{absolutePath});
            ImmutableMap<String, RoleDescriptor> parseRoleDescriptors = FileRolesStore.parseRoleDescriptors(absolutePath, null, Settings.EMPTY, new DeprecationLogger(NoOpLogger.INSTANCE));
            try {
                Set<String> rolesThatExist = getRolesThatExist(settings, environment);
                if (this.rolesToMigrate.length == 0) {
                    this.rolesToMigrate = (String[]) parseRoleDescriptors.keySet().toArray(new String[parseRoleDescriptors.size()]);
                }
                for (String str : this.rolesToMigrate) {
                    if (!parseRoleDescriptors.containsKey(str)) {
                        this.terminal.println("no role [%s] found, skipping", new Object[]{str});
                    } else if (rolesThatExist.contains(str)) {
                        this.terminal.println("role [%s] already exists, skipping", new Object[]{str});
                    } else {
                        this.terminal.println("migrating role [%s]", new Object[]{str});
                        String str2 = "n/a";
                        try {
                            str2 = createRoleJson((RoleDescriptor) parseRoleDescriptors.get(str));
                            this.terminal.println(postURL(settings, environment, "POST", this.url + "/_shield/role/" + str, str2), new Object[0]);
                        } catch (Exception e) {
                            this.terminal.println("failed to migrate role [%s] with body: %s", new Object[]{str, str2});
                            this.terminal.println(ExceptionsHelper.stackTrace(e), new Object[0]);
                        }
                    }
                }
            } catch (Exception e2) {
                this.terminal.println("failed to get roles that already exist, skipping role import", new Object[0]);
                this.terminal.println(ExceptionsHelper.stackTrace(e2), new Object[0]);
            }
        }
    }

    /* loaded from: input_file:org/elasticsearch/shield/authc/esusers/tool/ESNativeRealmMigrateTool$NoopCmd.class */
    static class NoopCmd extends CliTool.Command {
        private static final CliToolConfig.Cmd CMD = CliToolConfig.Builder.cmd("noop", NoopCmd.class).build();

        public NoopCmd(Terminal terminal) {
            super(terminal);
        }

        public CliTool.ExitStatus execute(Settings settings, Environment environment) throws Exception {
            return CliTool.ExitStatus.OK;
        }
    }

    public ESNativeRealmMigrateTool() {
        super(CONFIG);
    }

    public ESNativeRealmMigrateTool(Terminal terminal) {
        super(CONFIG, terminal);
    }

    public static void main(String[] strArr) {
        exit(new ESNativeRealmMigrateTool().execute(strArr).status());
    }

    @SuppressForbidden(reason = "Allowed to exit explicitly from #main()")
    private static void exit(int i) {
        System.exit(i);
    }

    protected CliTool.Command parse(String str, CommandLine commandLine) throws Exception {
        return MigrateUserOrRoles.parse(this.terminal, commandLine);
    }
}
