package com.floragunn.searchguard.authc.session.backend;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.DocReader;
import com.floragunn.codova.documents.Format;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.OrderedImmutableMap;
import com.floragunn.searchguard.authc.AuthInfoService;
import com.floragunn.searchguard.authz.PrivilegesEvaluator;
import com.floragunn.searchguard.support.ConfigConstants;
import com.floragunn.searchguard.user.User;
import com.floragunn.searchsupport.action.Action;
import com.floragunn.searchsupport.action.RestApi;
import com.floragunn.searchsupport.action.StandardRequests;
import com.floragunn.searchsupport.action.StandardResponse;
import com.floragunn.searchsupport.cstate.metrics.Meter;
import com.floragunn.searchsupport.rest.Responses;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.rest.BaseRestHandler;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestStatus;

/* loaded from: input_file:com/floragunn/searchguard/authc/session/backend/SessionApi.class */
public class SessionApi {

    /* loaded from: input_file:com/floragunn/searchguard/authc/session/backend/SessionApi$CreateAction.class */
    public static class CreateAction extends Action<StandardRequests.EmptyRequest, StartSessionResponse> {
        public static final CreateAction INSTANCE = new CreateAction();
        public static final String NAME = "cluster:admin:searchguard:session/create";

        /* loaded from: input_file:com/floragunn/searchguard/authc/session/backend/SessionApi$CreateAction$Handler.class */
        public static class Handler extends Action.Handler<StandardRequests.EmptyRequest, StartSessionResponse> {
            private static final Logger log = LogManager.getLogger(Handler.class);
            private final SessionService sessionService;
            private final AuthInfoService authInfoService;

            @Inject
            public Handler(Action.HandlerDependencies handlerDependencies, SessionService sessionService, AuthInfoService authInfoService, PrivilegesEvaluator privilegesEvaluator) {
                super(CreateAction.INSTANCE, handlerDependencies);
                this.sessionService = sessionService;
                this.authInfoService = authInfoService;
            }

            /* JADX INFO: Access modifiers changed from: protected */
            public final CompletableFuture<StartSessionResponse> doExecute(StandardRequests.EmptyRequest emptyRequest) {
                User currentUser = this.authInfoService.getCurrentUser();
                if (currentUser != null) {
                    return this.sessionService.createSession(currentUser);
                }
                log.error("Cannot create session: No user found in thread context");
                CompletableFuture<StartSessionResponse> completableFuture = new CompletableFuture<>();
                completableFuture.completeExceptionally(new Exception("Invalid authentication"));
                return completableFuture;
            }
        }

        protected CreateAction() {
            super(NAME, StandardRequests.EmptyRequest::new, StartSessionResponse::new);
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/authc/session/backend/SessionApi$DeleteAction.class */
    public static class DeleteAction extends Action<StandardRequests.EmptyRequest, StandardResponse> {
        public static final DeleteAction INSTANCE = new DeleteAction();
        public static final String NAME = "cluster:admin:searchguard:session/_own/delete";

        /* loaded from: input_file:com/floragunn/searchguard/authc/session/backend/SessionApi$DeleteAction$Handler.class */
        public static class Handler extends Action.Handler<StandardRequests.EmptyRequest, StandardResponse> {
            private static final Logger log = LogManager.getLogger(Handler.class);
            private final SessionService sessionService;
            private final AuthInfoService authInfoService;

            @Inject
            public Handler(Action.HandlerDependencies handlerDependencies, SessionService sessionService, AuthInfoService authInfoService, PrivilegesEvaluator privilegesEvaluator) {
                super(DeleteAction.INSTANCE, handlerDependencies);
                this.sessionService = sessionService;
                this.authInfoService = authInfoService;
            }

            /* JADX INFO: Access modifiers changed from: protected */
            public final CompletableFuture<StandardResponse> doExecute(StandardRequests.EmptyRequest emptyRequest) {
                User currentUser = this.authInfoService.getCurrentUser();
                return supplyAsync(() -> {
                    String str = null;
                    if (0 == 0) {
                        try {
                            if (SessionService.USER_TYPE.equals(currentUser.getType())) {
                                str = String.valueOf(currentUser.getSpecialAuthzConfig());
                            }
                        } catch (NoSuchSessionException e) {
                            return new StandardResponse(404, new StandardResponse.Error("No such auth token: " + ((String) null)));
                        } catch (SessionUpdateException e2) {
                            log.error("Error while updating " + ((String) null), e2);
                            return new StandardResponse(500, new StandardResponse.Error(e2.getMessage()));
                        }
                    }
                    if (str == null) {
                        return new StandardResponse(400, new StandardResponse.Error("User has no active session"));
                    }
                    SessionToken byIdFromIndex = this.sessionService.getByIdFromIndex(str, Meter.NO_OP);
                    if (currentUser.getName().equals(byIdFromIndex.getUserName())) {
                        return new StandardResponse(200, this.sessionService.delete(currentUser, byIdFromIndex));
                    }
                    throw new NoSuchSessionException(str);
                });
            }
        }

        protected DeleteAction() {
            super(NAME, StandardRequests.EmptyRequest::new, StandardResponse::new);
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/authc/session/backend/SessionApi$GetExtendedInfoAction.class */
    public static class GetExtendedInfoAction extends Action<StandardRequests.EmptyRequest, Response> {
        public static final GetExtendedInfoAction INSTANCE = new GetExtendedInfoAction();
        public static final String NAME = "cluster:admin:searchguard:session/_own/get/extended";

        /* loaded from: input_file:com/floragunn/searchguard/authc/session/backend/SessionApi$GetExtendedInfoAction$Handler.class */
        public static class Handler extends Action.Handler<StandardRequests.EmptyRequest, Response> {
            private final SessionService sessionService;
            private final AuthInfoService authInfoService;

            @Inject
            public Handler(Action.HandlerDependencies handlerDependencies, SessionService sessionService, AuthInfoService authInfoService) {
                super(GetExtendedInfoAction.INSTANCE, handlerDependencies);
                this.sessionService = sessionService;
                this.authInfoService = authInfoService;
            }

            /* JADX INFO: Access modifiers changed from: protected */
            public final CompletableFuture<Response> doExecute(StandardRequests.EmptyRequest emptyRequest) {
                User currentUser = this.authInfoService.getCurrentUser();
                if (currentUser != null) {
                    return CompletableFuture.completedFuture(new Response(currentUser, this.sessionService.getSsoLogoutUrl(currentUser)));
                }
                CompletableFuture<Response> completableFuture = new CompletableFuture<>();
                completableFuture.completeExceptionally(new Exception("No user present"));
                return completableFuture;
            }
        }

        /* loaded from: input_file:com/floragunn/searchguard/authc/session/backend/SessionApi$GetExtendedInfoAction$Response.class */
        public static class Response extends Action.Response {
            private String userName;
            private String userSubName;
            private String userType;
            private List<String> userRoles;
            private List<String> userSearchGuardRoles;
            private Map<String, Object> userAttributes;
            private String userRequestedTenant;
            private String ssoLogoutUrl;

            public Response(User user, String str) {
                this.userName = user.getName();
                this.userSubName = user.getSubName();
                this.userType = user.getType();
                this.userRoles = ImmutableList.of(user.getRoles());
                this.userSearchGuardRoles = ImmutableList.of(user.getSearchGuardRoles());
                this.userAttributes = user.getStructuredAttributes();
                this.userRequestedTenant = user.getRequestedTenant();
                this.ssoLogoutUrl = str;
            }

            public Response(Action.UnparsedMessage unparsedMessage) throws ConfigValidationException {
                super(unparsedMessage);
                DocNode requiredDocNode = unparsedMessage.requiredDocNode();
                DocNode asNode = requiredDocNode.getAsNode("user");
                this.userName = asNode.getAsString("name");
                this.userSubName = asNode.getAsString("sub_name");
                this.userType = asNode.getAsString(ConfigConstants.SEARCHGUARD_AUDIT_ES_TYPE);
                this.userRoles = asNode.getAsListOfStrings("backend_roles");
                this.userSearchGuardRoles = asNode.getAsListOfStrings("search_guard_roles");
                this.userAttributes = asNode.getAsNode("attributes").toMap();
                this.userRequestedTenant = asNode.getAsString("requested_tenant");
                this.ssoLogoutUrl = requiredDocNode.getAsString("sso_logout_url");
            }

            public Object toBasicObject() {
                return OrderedImmutableMap.of("user", OrderedImmutableMap.of("name", this.userName, "sub_name", this.userSubName, ConfigConstants.SEARCHGUARD_AUDIT_ES_TYPE, this.userType, "backend_roles", this.userRoles, "search_guard_roles", this.userSearchGuardRoles).with("attributes", this.userAttributes).with("requested_tenant", this.userRequestedTenant), "sso_logout_url", this.ssoLogoutUrl);
            }
        }

        protected GetExtendedInfoAction() {
            super(NAME, StandardRequests.EmptyRequest::new, Response::new);
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/authc/session/backend/SessionApi$Rest.class */
    public static class Rest extends RestApi {
        private static final Logger log = LogManager.getLogger(Rest.class);
        private SessionService sessionService;

        public Rest() {
            handlesGet("/_searchguard/auth/session/extended").with(GetExtendedInfoAction.INSTANCE);
            handlesGet("/_searchguard/auth/session").with((restRequest, nodeClient) -> {
                return handleGet(restRequest, nodeClient);
            });
            handlesPost("/_searchguard/auth/session/with_header").with(CreateAction.INSTANCE);
            handlesPost("/_searchguard/auth/session").with((restRequest2, nodeClient2) -> {
                return handlePost(restRequest2, nodeClient2);
            });
            handlesDelete("/_searchguard/auth/session").with(DeleteAction.INSTANCE);
        }

        private BaseRestHandler.RestChannelConsumer handleGet(RestRequest restRequest, NodeClient nodeClient) {
            return restChannel -> {
                try {
                    User user = (User) nodeClient.threadPool().getThreadContext().getTransient(ConfigConstants.SG_USER);
                    if (user != null) {
                        Responses.send(restChannel, RestStatus.OK, DocNode.of("sso_logout_url", this.sessionService.getSsoLogoutUrl(user)));
                    } else {
                        Responses.sendError(restChannel, RestStatus.NOT_FOUND, "No session");
                    }
                } catch (Exception e) {
                    log.warn("Error while handling request", e);
                    Responses.sendError(restChannel, e);
                }
            };
        }

        private BaseRestHandler.RestChannelConsumer handlePost(RestRequest restRequest, NodeClient nodeClient) {
            BytesReference requiredContent = restRequest.requiredContent();
            XContentType xContentType = restRequest.getXContentType();
            return restChannel -> {
                try {
                    this.sessionService.authenticateAndCreateSession(DocReader.format(Format.getByContentType(xContentType.mediaType())).readObject(BytesReference.toBytes(requiredContent)), restRequest, startSessionResponse -> {
                        Responses.send(restChannel, RestStatus.CREATED, startSessionResponse);
                    }, authcResult -> {
                        Responses.send(restChannel, authcResult.getRestStatus(), authcResult);
                    }, exc -> {
                        log.error("Error while handling request", exc);
                        Responses.sendError(restChannel, exc);
                    });
                } catch (Exception e) {
                    log.warn("Error while handling request", e);
                    Responses.sendError(restChannel, e);
                }
            };
        }

        public String getName() {
            return "/_searchguard/auth/session";
        }

        public SessionService getSessionService() {
            return this.sessionService;
        }

        public void setSessionService(SessionService sessionService) {
            this.sessionService = sessionService;
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/authc/session/backend/SessionApi$StartSessionResponse.class */
    public static class StartSessionResponse extends Action.Response {
        private String token;
        private String redirectUri;

        public StartSessionResponse(String str, String str2) {
            this.token = str;
            this.redirectUri = str2;
        }

        public StartSessionResponse(Action.UnparsedMessage unparsedMessage) throws ConfigValidationException {
            super(unparsedMessage);
            DocNode requiredDocNode = unparsedMessage.requiredDocNode();
            this.token = requiredDocNode.getAsString("token");
            this.redirectUri = requiredDocNode.getAsString("redirect_uri");
        }

        public String getToken() {
            return this.token;
        }

        public String getRedirectUri() {
            return this.redirectUri;
        }

        public Object toBasicObject() {
            return OrderedImmutableMap.of("token", this.token, "redirect_uri", this.redirectUri);
        }
    }
}
