package com.floragunn.searchguard.rest;

import com.floragunn.searchguard.configuration.AdminDNs;
import com.floragunn.searchguard.ssl.transport.PrincipalExtractor;
import com.floragunn.searchguard.ssl.util.SSLRequestHelper;
import com.floragunn.searchguard.support.ConfigConstants;
import com.floragunn.searchguard.support.WildcardMatcher;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.nio.file.Path;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.client.internal.node.NodeClient;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.rest.BaseRestHandler;
import org.elasticsearch.rest.BytesRestResponse;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.xcontent.XContentBuilder;

/* loaded from: input_file:com/floragunn/searchguard/rest/SearchGuardWhoAmIAction.class */
public class SearchGuardWhoAmIAction extends BaseRestHandler {
    private final Logger log = LogManager.getLogger(getClass());
    private final AdminDNs adminDns;
    private final Settings settings;
    private final Path configPath;
    private final PrincipalExtractor principalExtractor;
    private final List<String> nodesDn;

    public SearchGuardWhoAmIAction(Settings settings, AdminDNs adminDNs, Path path, PrincipalExtractor principalExtractor) {
        this.adminDns = adminDNs;
        this.settings = settings;
        this.configPath = path;
        this.principalExtractor = principalExtractor;
        this.nodesDn = settings.getAsList(ConfigConstants.SEARCHGUARD_NODES_DN, Collections.emptyList());
    }

    public List<RestHandler.Route> routes() {
        return ImmutableList.of(new RestHandler.Route(RestRequest.Method.GET, "/_searchguard/whoami"));
    }

    protected BaseRestHandler.RestChannelConsumer prepareRequest(RestRequest restRequest, NodeClient nodeClient) throws IOException {
        return restChannel -> {
            BytesRestResponse bytesRestResponse;
            XContentBuilder newBuilder = restChannel.newBuilder();
            try {
                try {
                    SSLRequestHelper.SSLInfo sSLInfo = SSLRequestHelper.getSSLInfo(this.settings, this.configPath, restRequest, this.principalExtractor);
                    if (sSLInfo == null) {
                        bytesRestResponse = new BytesRestResponse(RestStatus.FORBIDDEN, "");
                    } else {
                        String principal = sSLInfo.getPrincipal();
                        boolean isAdminDN = this.adminDns.isAdminDN(principal);
                        boolean matchAny = WildcardMatcher.matchAny((Collection<String>) this.nodesDn, new String[]{principal}, true);
                        newBuilder.startObject();
                        newBuilder.field("dn", principal);
                        newBuilder.field("is_admin", isAdminDN);
                        newBuilder.field("is_node_certificate_request", matchAny);
                        newBuilder.endObject();
                        bytesRestResponse = new BytesRestResponse(RestStatus.OK, newBuilder);
                    }
                    if (newBuilder != null) {
                        newBuilder.close();
                    }
                } catch (Exception e) {
                    this.log.error(e.toString(), e);
                    XContentBuilder newBuilder2 = restChannel.newBuilder();
                    newBuilder2.startObject();
                    newBuilder2.field("error", e.toString());
                    newBuilder2.endObject();
                    bytesRestResponse = new BytesRestResponse(RestStatus.INTERNAL_SERVER_ERROR, newBuilder2);
                    if (newBuilder2 != null) {
                        newBuilder2.close();
                    }
                }
                restChannel.sendResponse(bytesRestResponse);
            } catch (Throwable th) {
                if (newBuilder != null) {
                    newBuilder.close();
                }
                throw th;
            }
        };
    }

    public String getName() {
        return "Search Guard Who am i";
    }
}
