package org.apache.ranger.server.tomcat;

import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.Locale;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicLong;
import java.util.logging.Logger;
import org.apache.commons.lang.StringUtils;
import org.apache.http.HttpHost;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.entity.ContentType;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.nio.entity.NStringEntity;
import org.apache.ranger.authorization.credutils.CredentialsProviderUtil;
import org.apache.ranger.authorization.credutils.kerberos.KerberosCredentialsProvider;
import org.apache.ranger.credentialapi.CredentialReader;
import org.elasticsearch.action.admin.indices.alias.Alias;
import org.elasticsearch.action.admin.indices.open.OpenIndexRequest;
import org.elasticsearch.client.Request;
import org.elasticsearch.client.RequestOptions;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;
import org.elasticsearch.client.indices.CreateIndexRequest;
import org.elasticsearch.client.indices.IndexTemplatesExistRequest;
import org.elasticsearch.client.indices.PutIndexTemplateRequest;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.xcontent.XContentType;

/* loaded from: input_file:org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.class */
public class ElasticSearchIndexBootStrapper extends Thread {
    private static final Logger LOG = Logger.getLogger(ElasticSearchIndexBootStrapper.class.getName());
    private static final String ES_CONFIG_USERNAME = "ranger.audit.elasticsearch.user";
    private static final String ES_CONFIG_PASSWORD = "ranger.audit.elasticsearch.password";
    private static final String ES_CONFIG_URLS = "ranger.audit.elasticsearch.urls";
    private static final String ES_CONFIG_PORT = "ranger.audit.elasticsearch.port";
    private static final String ES_CONFIG_PROTOCOL = "ranger.audit.elasticsearch.protocol";
    private static final String ES_CONFIG_INDEX = "ranger.audit.elasticsearch.index";
    private static final String ES_TIME_INTERVAL = "ranger.audit.elasticsearch.time.interval";
    private static final String ES_NO_SHARDS = "ranger.audit.elasticsearch.no.shards";
    private static final String ES_NO_REPLICA = "ranger.audit.elasticsearch.no.replica";
    private static final String ES_CREDENTIAL_PROVIDER_PATH = "ranger.credential.provider.path";
    private static final String ES_CREDENTIAL_ALIAS = "ranger.audit.elasticsearch.credential.alias";
    private static final String ES_BOOTSTRAP_MAX_RETRY = "ranger.audit.elasticsearch.max.retry";
    private static final String DEFAULT_INDEX_NAME = "ranger_audits_es";
    private static final String ES_REAL_INDEX_NAME = "<ranger_audits-{now/d}-1>";
    private static final String ES_RANGER_INDEX_TEMPLATE_NAME = "ranger_audits_template";
    private static final String ES_RANGER_INDEX_POLICY_NAME = "ranger_audits_policy";
    private static final String ES_RANGER_AUDIT_POLICYT_FILE = "ranger_es_policy.json";
    private static final String ES_RANGER_AUDIT_SCHEMA_FILE = "ranger_es_schema.json";
    private static final String ES_POLICY_ENDPOINT = "/_opendistro/_ism/policies/";
    private static final long DEFAULT_ES_TIME_INTERVAL_MS = 60000;
    private static final int TRY_UNTIL_SUCCESS = -1;
    private static final int DEFAULT_ES_BOOTSTRAP_MAX_RETRY = 30;
    private Long time_interval;
    private String user;
    private String password;
    private String hosts;
    private String protocol;
    private String index;
    private String es_ranger_audit_schema_json;
    private String es_ranger_audit_policy_json;
    private int port;
    private int max_retry;
    private int no_of_replicas;
    private int no_of_shards;
    private final AtomicLong lastLoggedAt = new AtomicLong(0);
    private volatile RestHighLevelClient client = null;
    private int retry_counter = 0;
    private boolean is_completed = false;

    public ElasticSearchIndexBootStrapper() throws IOException {
        LOG.info("Starting Ranger audit schema setup in ElasticSearch.");
        this.time_interval = EmbeddedServerUtil.getLongConfig(ES_TIME_INTERVAL, 60000L);
        this.user = EmbeddedServerUtil.getConfig(ES_CONFIG_USERNAME);
        this.hosts = EmbeddedServerUtil.getHosts(EmbeddedServerUtil.getConfig(ES_CONFIG_URLS));
        this.port = EmbeddedServerUtil.getIntConfig(ES_CONFIG_PORT, 9200);
        this.protocol = EmbeddedServerUtil.getConfig(ES_CONFIG_PROTOCOL, "http");
        this.index = EmbeddedServerUtil.getConfig(ES_CONFIG_INDEX, DEFAULT_INDEX_NAME);
        this.password = EmbeddedServerUtil.getConfig(ES_CONFIG_PASSWORD);
        this.no_of_replicas = EmbeddedServerUtil.getIntConfig(ES_NO_REPLICA, 1);
        this.no_of_shards = EmbeddedServerUtil.getIntConfig(ES_NO_SHARDS, 1);
        this.max_retry = EmbeddedServerUtil.getIntConfig(ES_BOOTSTRAP_MAX_RETRY, DEFAULT_ES_BOOTSTRAP_MAX_RETRY);
        String str = null;
        try {
            str = getClass().getProtectionDomain().getCodeSource().getLocation().toURI().getPath();
        } catch (Exception e) {
            LOG.severe("Error finding base location:" + e.toString());
        }
        String path = new File(str).getParentFile().getParentFile().getParentFile().getPath();
        this.es_ranger_audit_schema_json = new String(Files.readAllBytes(Paths.get(path, "contrib", "elasticsearch_for_audit_setup", "conf", ES_RANGER_AUDIT_SCHEMA_FILE)), StandardCharsets.UTF_8);
        this.es_ranger_audit_policy_json = new String(Files.readAllBytes(Paths.get(path, "contrib", "elasticsearch_for_audit_setup", "conf", ES_RANGER_AUDIT_POLICYT_FILE)), StandardCharsets.UTF_8);
        String config = EmbeddedServerUtil.getConfig(ES_CREDENTIAL_PROVIDER_PATH);
        String config2 = EmbeddedServerUtil.getConfig(ES_CREDENTIAL_ALIAS, ES_CONFIG_PASSWORD);
        if (config == null || config2 == null) {
            return;
        }
        this.password = CredentialReader.getDecryptedString(config.trim(), config2.trim());
        if (StringUtils.isBlank(this.password) || "none".equalsIgnoreCase(this.password.trim())) {
            this.password = EmbeddedServerUtil.getConfig(ES_CONFIG_PASSWORD);
        }
    }

    private String connectionString() {
        return String.format(Locale.ROOT, "User:%s, %s://%s:%s/%s", this.user, this.protocol, this.hosts, Integer.valueOf(this.port), this.index);
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        LOG.info("Started run method");
        if (!StringUtils.isNotBlank(this.hosts)) {
            LOG.severe("elasticsearch hosts values are empty. Please set property ranger.audit.elasticsearch.urls");
            return;
        }
        LOG.info("Elastic search hosts=" + this.hosts + ", index=" + this.index);
        while (!this.is_completed) {
            if (this.max_retry != -1 && this.retry_counter >= this.max_retry) {
                return;
            }
            try {
                LOG.info("Trying to acquire elastic search connection");
                if (connect()) {
                    LOG.info("Connection to elastic search established successfully");
                    if (createIndex()) {
                        this.is_completed = true;
                        return;
                    }
                    logErrorMessageAndWait("Error while performing operations on elasticsearch. ", null);
                } else {
                    logErrorMessageAndWait("Cannot connect to elasticsearch kindly check the elasticsearch related configs. ", null);
                }
            } catch (Exception e) {
                logErrorMessageAndWait("Error while validating elasticsearch index ", e);
            }
        }
    }

    private synchronized boolean connect() {
        if (this.client == null) {
            synchronized (ElasticSearchIndexBootStrapper.class) {
                if (this.client == null) {
                    try {
                        createClient();
                    } catch (Exception e) {
                        LOG.severe("Can't connect to elasticsearch server. host=" + this.hosts + ", index=" + this.index + e);
                    }
                }
            }
        }
        return this.client != null;
    }

    private void createClient() {
        try {
            this.client = new RestHighLevelClient(getRestClientBuilder(this.hosts, this.protocol, this.user, this.password, this.port));
        } catch (Throwable th) {
            this.lastLoggedAt.updateAndGet(j -> {
                long currentTimeMillis = System.currentTimeMillis();
                if (currentTimeMillis - j <= TimeUnit.MINUTES.toMillis(1L)) {
                    return j;
                }
                LOG.severe("Can't connect to ElasticSearch server: " + connectionString() + th);
                return currentTimeMillis;
            });
        }
    }

    public static RestClientBuilder getRestClientBuilder(String str, String str2, String str3, String str4, int i) {
        RestClientBuilder builder = RestClient.builder((HttpHost[]) EmbeddedServerUtil.toArray(str, ",").stream().map(str5 -> {
            return new HttpHost(str5, i, str2);
        }).toArray(i2 -> {
            return new HttpHost[i2];
        }));
        if (!StringUtils.isNotEmpty(str3) || !StringUtils.isNotEmpty(str4) || str3.equalsIgnoreCase("NONE") || str4.equalsIgnoreCase("NONE")) {
            LOG.severe("ElasticSearch Credentials not provided!!");
            CredentialsProvider credentialsProvider = null;
            builder.setHttpClientConfigCallback(httpAsyncClientBuilder -> {
                return httpAsyncClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
            });
        } else if (str4.contains("keytab") && new File(str4).exists()) {
            KerberosCredentialsProvider kerberosCredentials = CredentialsProviderUtil.getKerberosCredentials(str3, str4);
            Registry build = RegistryBuilder.create().register("Negotiate", new SPNegoSchemeFactory()).build();
            builder.setHttpClientConfigCallback(httpAsyncClientBuilder2 -> {
                httpAsyncClientBuilder2.setDefaultCredentialsProvider(kerberosCredentials);
                httpAsyncClientBuilder2.setDefaultAuthSchemeRegistry(build);
                return httpAsyncClientBuilder2;
            });
        } else {
            CredentialsProvider basicCredentials = CredentialsProviderUtil.getBasicCredentials(str3, str4);
            builder.setHttpClientConfigCallback(httpAsyncClientBuilder3 -> {
                return httpAsyncClientBuilder3.setDefaultCredentialsProvider(basicCredentials);
            });
        }
        return builder;
    }

    private boolean createIndex() {
        boolean z = false;
        if (this.client == null) {
            connect();
        }
        if (this.client != null) {
            try {
                z = this.client.indices().open(new OpenIndexRequest(new String[]{this.index}), RequestOptions.DEFAULT).isShardsAcknowledged();
            } catch (Exception e) {
                LOG.info("Index " + this.index + " not available.");
            }
            if (z) {
                LOG.info("Index " + this.index + " is already created.");
            } else {
                LOG.info("Index does not exist. Attempting to create index:" + this.index);
                if (!createIndexTemplate() || !createIndexPolicy()) {
                    return false;
                }
                CreateIndexRequest createIndexRequest = new CreateIndexRequest(ES_REAL_INDEX_NAME);
                if (this.no_of_shards >= 0 && this.no_of_replicas >= 0) {
                    createIndexRequest.settings(Settings.builder().put("index.number_of_shards", this.no_of_shards).put("index.number_of_replicas", this.no_of_replicas));
                }
                createIndexRequest.mapping(this.es_ranger_audit_schema_json, XContentType.JSON);
                createIndexRequest.setMasterTimeout(TimeValue.timeValueMinutes(1L));
                createIndexRequest.setTimeout(TimeValue.timeValueMinutes(2L));
                createIndexRequest.alias(new Alias(this.index).writeIndex(true));
                try {
                    if (this.client.indices().create(createIndexRequest, RequestOptions.DEFAULT) != null) {
                        z = this.client.indices().open(new OpenIndexRequest(new String[]{this.index}), RequestOptions.DEFAULT).isShardsAcknowledged();
                        if (z) {
                            LOG.info("Index " + this.index + " created successfully.");
                        }
                    }
                } catch (Exception e2) {
                    LOG.severe("Unable to create Index. Reason:" + e2.toString());
                    e2.printStackTrace();
                }
            }
        }
        return z;
    }

    private boolean createIndexTemplate() {
        String str = "{\n    \"order\": 0,\n    \"index_patterns\": [\"ranger_audits-*\"],\n    \"settings\": {\n        \"number_of_shards\" : 5,\n        \"number_of_replicas\" : 1,\n        \"opendistro.index_state_management.rollover_alias\": \"" + this.index + "\"\n   }\n}";
        try {
            if (this.client.indices().existsTemplate(new IndexTemplatesExistRequest(new String[]{ES_RANGER_INDEX_TEMPLATE_NAME}), RequestOptions.DEFAULT)) {
                LOG.info("IndexTemplate ranger_audits_template is already created.");
                return true;
            }
            PutIndexTemplateRequest putIndexTemplateRequest = new PutIndexTemplateRequest(ES_RANGER_INDEX_TEMPLATE_NAME);
            putIndexTemplateRequest.source(str, XContentType.JSON);
            if (this.client.indices().putTemplate(putIndexTemplateRequest, RequestOptions.DEFAULT).isAcknowledged()) {
                LOG.info("Success to create index templateranger_audits_template");
                return true;
            }
            LOG.severe("Fail to create index templateranger_audits_template");
            return false;
        } catch (Exception e) {
            LOG.severe("Unable to create IndexTemplate. Reason:" + e.toString());
            e.printStackTrace();
            return false;
        }
    }

    private boolean createIndexPolicy() {
        boolean z = false;
        try {
            if (this.client.getLowLevelClient().performRequest(new Request("GET", "/_opendistro/_ism/policies/ranger_audits_policy")).getStatusLine().getStatusCode() == 200) {
                LOG.info("Ranger audits index policy already exists.");
                z = true;
            }
        } catch (IOException e) {
            LOG.info("Ranger audits index policy does not exist.");
            z = false;
        }
        if (!z) {
            try {
                Request request = new Request("PUT", "/_opendistro/_ism/policies/ranger_audits_policy");
                NStringEntity nStringEntity = new NStringEntity(this.es_ranger_audit_policy_json, ContentType.APPLICATION_JSON);
                request.addParameter("pretty", "true");
                request.setEntity(nStringEntity);
                if (this.client.getLowLevelClient().performRequest(request).getStatusLine().getStatusCode() == 201) {
                    LOG.info("Success to create ranger audits index policy.");
                    return true;
                }
                LOG.severe("Fail to create ranger audits index policy.");
                return false;
            } catch (Exception e2) {
                LOG.severe("Unable to create IndexPolicy. Reason:" + e2.toString());
            }
        }
        return z;
    }

    private void logErrorMessageAndWait(String str, Exception exc) {
        String str2;
        this.retry_counter++;
        if (this.max_retry != -1) {
            str2 = this.retry_counter == this.max_retry ? "Maximum attempts reached for setting up elasticsearch." : "[retrying after " + this.time_interval + " ms]. No. of attempts left : " + (this.max_retry - this.retry_counter) + " . Maximum attempts : " + this.max_retry;
        } else {
            str2 = "[retrying after " + this.time_interval + " ms]";
        }
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        if (exc != null) {
            sb.append("Error : ".concat(exc.getMessage() + ". "));
        }
        sb.append(str2);
        LOG.severe(sb.toString());
        try {
            Thread.sleep(this.time_interval.longValue());
        } catch (InterruptedException e) {
            LOG.info("sleep interrupted: " + e.getMessage());
        }
    }
}
