package com.floragunn.searchguard.ssl.rest;

import com.floragunn.searchguard.configuration.AdminDNs;
import com.floragunn.searchguard.ssl.SearchGuardKeyStore;
import com.floragunn.searchguard.support.ConfigConstants;
import com.floragunn.searchguard.user.User;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.rest.BaseRestHandler;
import org.elasticsearch.rest.BytesRestResponse;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:com/floragunn/searchguard/ssl/rest/SSLReloadCertAction.class */
public class SSLReloadCertAction extends BaseRestHandler {
    private static final List<RestHandler.Route> routes = Collections.singletonList(new RestHandler.Route(RestRequest.Method.POST, "_searchguard/api/ssl/{certType}/reloadcerts/"));
    private final SearchGuardKeyStore keyStore;
    private final ThreadContext threadContext;
    private final boolean sslCertReloadEnabled;
    private final AdminDNs adminDns;

    public SSLReloadCertAction(SearchGuardKeyStore searchGuardKeyStore, ThreadPool threadPool, AdminDNs adminDNs, boolean z) {
        this.keyStore = searchGuardKeyStore;
        this.adminDns = adminDNs;
        this.threadContext = threadPool.getThreadContext();
        this.sslCertReloadEnabled = z;
    }

    public List<RestHandler.Route> routes() {
        return routes;
    }

    protected BaseRestHandler.RestChannelConsumer prepareRequest(final RestRequest restRequest, NodeClient nodeClient) throws IOException {
        return new BaseRestHandler.RestChannelConsumer() { // from class: com.floragunn.searchguard.ssl.rest.SSLReloadCertAction.1
            final String certType;

            {
                this.certType = restRequest.param("certType").toLowerCase().trim();
            }

            public void accept(RestChannel restChannel) throws Exception {
                BytesRestResponse bytesRestResponse;
                if (!SSLReloadCertAction.this.sslCertReloadEnabled) {
                    restChannel.sendResponse(new BytesRestResponse(RestStatus.BAD_REQUEST, "SSL Reload action called while searchguard.ssl.cert_reload_enabled is set to false."));
                    return;
                }
                XContentBuilder newBuilder = restChannel.newBuilder();
                User user = (User) SSLReloadCertAction.this.threadContext.getTransient(ConfigConstants.SG_USER);
                if (user != null) {
                    try {
                        if (SSLReloadCertAction.this.adminDns.isAdmin(user)) {
                            try {
                                newBuilder.startObject();
                                if (SSLReloadCertAction.this.keyStore != null) {
                                    String str = this.certType;
                                    boolean z = -1;
                                    switch (str.hashCode()) {
                                        case 3213448:
                                            if (str.equals("http")) {
                                                z = false;
                                                break;
                                            }
                                            break;
                                        case 1052964649:
                                            if (str.equals("transport")) {
                                                z = true;
                                                break;
                                            }
                                            break;
                                    }
                                    switch (z) {
                                        case false:
                                            SSLReloadCertAction.this.keyStore.initHttpSSLConfig();
                                            newBuilder.field("message", "updated http certs");
                                            newBuilder.endObject();
                                            bytesRestResponse = new BytesRestResponse(RestStatus.OK, newBuilder);
                                            break;
                                        case true:
                                            SSLReloadCertAction.this.keyStore.initTransportSSLConfig();
                                            newBuilder.field("message", "updated transport certs");
                                            newBuilder.endObject();
                                            bytesRestResponse = new BytesRestResponse(RestStatus.OK, newBuilder);
                                            break;
                                        default:
                                            newBuilder.field("message", "invalid uri path, please use /_searchguard/api/ssl/http/reload or /_searchguard/api/ssl/transport/reload");
                                            newBuilder.endObject();
                                            bytesRestResponse = new BytesRestResponse(RestStatus.FORBIDDEN, newBuilder);
                                            break;
                                    }
                                } else {
                                    newBuilder.field("message", "keystore is not initialized");
                                    newBuilder.endObject();
                                    bytesRestResponse = new BytesRestResponse(RestStatus.INTERNAL_SERVER_ERROR, newBuilder);
                                }
                                if (newBuilder != null) {
                                    newBuilder.close();
                                }
                            } catch (Exception e) {
                                XContentBuilder newBuilder2 = restChannel.newBuilder();
                                newBuilder2.startObject();
                                newBuilder2.field("error", e.toString());
                                newBuilder2.endObject();
                                bytesRestResponse = new BytesRestResponse(RestStatus.INTERNAL_SERVER_ERROR, newBuilder2);
                                if (newBuilder2 != null) {
                                    newBuilder2.close();
                                }
                            }
                            restChannel.sendResponse(bytesRestResponse);
                        }
                    } catch (Throwable th) {
                        if (newBuilder != null) {
                            newBuilder.close();
                        }
                        throw th;
                    }
                }
                bytesRestResponse = new BytesRestResponse(RestStatus.FORBIDDEN, "");
                restChannel.sendResponse(bytesRestResponse);
            }
        };
    }

    public String getName() {
        return "SSL Cert Reload Action";
    }
}
