package com.floragunn.searchguard.legacy.auth;

import com.floragunn.searchguard.TypedComponent;
import com.floragunn.searchguard.authc.legacy.LegacyHTTPAuthenticator;
import com.floragunn.searchguard.legacy.LegacyComponentFactory;
import com.floragunn.searchguard.user.AuthCredentials;
import com.floragunn.searchsupport.cstate.ComponentState;
import java.nio.file.Path;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.OpenSearchSecurityException;
import org.opensearch.common.Strings;
import org.opensearch.common.settings.Settings;
import org.opensearch.common.util.concurrent.ThreadContext;
import org.opensearch.rest.RestRequest;

/* loaded from: input_file:com/floragunn/searchguard/legacy/auth/HTTPProxyAuthenticator.class */
public class HTTPProxyAuthenticator implements LegacyHTTPAuthenticator {
    private volatile Settings settings;
    public static TypedComponent.Info<LegacyHTTPAuthenticator> INFO = new TypedComponent.Info<LegacyHTTPAuthenticator>() { // from class: com.floragunn.searchguard.legacy.auth.HTTPProxyAuthenticator.1
        public Class<LegacyHTTPAuthenticator> getType() {
            return LegacyHTTPAuthenticator.class;
        }

        public String getName() {
            return "proxy";
        }

        public TypedComponent.Factory<LegacyHTTPAuthenticator> getFactory() {
            return LegacyComponentFactory.adapt(HTTPProxyAuthenticator::new);
        }
    };
    protected final Logger log = LogManager.getLogger(getClass());
    private final ComponentState componentState = new ComponentState(0, "authentication_frontend", "proxy", HTTPProxyAuthenticator.class).initialized();

    public HTTPProxyAuthenticator(Settings settings, Path path) {
        this.settings = settings;
    }

    public AuthCredentials extractCredentials(RestRequest restRequest, ThreadContext threadContext) {
        if (threadContext.getTransient("_sg_xff_done") != Boolean.TRUE) {
            throw new OpenSearchSecurityException("xff not done", new Object[0]);
        }
        String str = this.settings.get("user_header");
        String str2 = this.settings.get("roles_header");
        String str3 = this.settings.get("roles_separator", ",");
        if (this.log.isDebugEnabled()) {
            this.log.debug("headers {}", restRequest.getHeaders());
            this.log.debug("userHeader {}, value {}", str, str == null ? null : restRequest.header(str));
            this.log.debug("rolesHeader {}, value {}", str2, str2 == null ? null : restRequest.header(str2));
        }
        if (Strings.isNullOrEmpty(str) || Strings.isNullOrEmpty(restRequest.header(str))) {
            if (!this.log.isTraceEnabled()) {
                return null;
            }
            this.log.trace("No '{}' header, send 401", str);
            return null;
        }
        String[] strArr = null;
        if (!Strings.isNullOrEmpty(str2) && !Strings.isNullOrEmpty(restRequest.header(str2))) {
            strArr = restRequest.header(str2).split(str3);
        }
        return AuthCredentials.forUser(restRequest.header(str)).authenticatorType(getType()).backendRoles(strArr).complete().build();
    }

    public String getType() {
        return "proxy";
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }
}
