package org.elasticsearch.xpack.security.action.token;

import java.io.IOException;
import java.util.Collections;
import java.util.Objects;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.support.ActionFilters;
import org.elasticsearch.action.support.HandledTransportAction;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.common.CheckedConsumer;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.core.security.action.token.CreateTokenRequest;
import org.elasticsearch.xpack.core.security.action.token.CreateTokenResponse;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.xpack.security.authc.AuthenticationService;
import org.elasticsearch.xpack.security.authc.TokenService;
import org.elasticsearch.xpack.security.authc.UserToken;

/* loaded from: input_file:org/elasticsearch/xpack/security/action/token/TransportCreateTokenAction.class */
public final class TransportCreateTokenAction extends HandledTransportAction<CreateTokenRequest, CreateTokenResponse> {
    private static final String DEFAULT_SCOPE = "full";
    private final TokenService tokenService;
    private final AuthenticationService authenticationService;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.elasticsearch.xpack.security.action.token.TransportCreateTokenAction$1, reason: invalid class name */
    /* loaded from: input_file:org/elasticsearch/xpack/security/action/token/TransportCreateTokenAction$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$elasticsearch$xpack$core$security$action$token$CreateTokenRequest$GrantType = new int[CreateTokenRequest.GrantType.values().length];

        static {
            try {
                $SwitchMap$org$elasticsearch$xpack$core$security$action$token$CreateTokenRequest$GrantType[CreateTokenRequest.GrantType.PASSWORD.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$elasticsearch$xpack$core$security$action$token$CreateTokenRequest$GrantType[CreateTokenRequest.GrantType.CLIENT_CREDENTIALS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    @Inject
    public TransportCreateTokenAction(Settings settings, ThreadPool threadPool, TransportService transportService, ActionFilters actionFilters, IndexNameExpressionResolver indexNameExpressionResolver, TokenService tokenService, AuthenticationService authenticationService) {
        super(settings, "cluster:admin/xpack/security/token/create", threadPool, transportService, actionFilters, indexNameExpressionResolver, CreateTokenRequest::new);
        this.tokenService = tokenService;
        this.authenticationService = authenticationService;
    }

    protected void doExecute(CreateTokenRequest createTokenRequest, ActionListener<CreateTokenResponse> actionListener) {
        CreateTokenRequest.GrantType fromString = CreateTokenRequest.GrantType.fromString(createTokenRequest.getGrantType());
        if (!$assertionsDisabled && fromString == null) {
            throw new AssertionError("type should have been validated in the action");
        }
        switch (AnonymousClass1.$SwitchMap$org$elasticsearch$xpack$core$security$action$token$CreateTokenRequest$GrantType[fromString.ordinal()]) {
            case 1:
                authenticateAndCreateToken(createTokenRequest, actionListener);
                return;
            case 2:
                Authentication authentication = Authentication.getAuthentication(this.threadPool.getThreadContext());
                createToken(createTokenRequest, authentication, authentication, false, actionListener);
                return;
            default:
                actionListener.onFailure(new IllegalStateException("grant_type [" + createTokenRequest.getGrantType() + "] is not supported by the create token action"));
                return;
        }
    }

    private void authenticateAndCreateToken(CreateTokenRequest createTokenRequest, ActionListener<CreateTokenResponse> actionListener) {
        Authentication authentication = Authentication.getAuthentication(this.threadPool.getThreadContext());
        ThreadContext.StoredContext stashContext = this.threadPool.getThreadContext().stashContext();
        try {
            this.authenticationService.authenticate("cluster:admin/xpack/security/token/create", (TransportMessage) createTokenRequest, new UsernamePasswordToken(createTokenRequest.getUsername(), createTokenRequest.getPassword()), ActionListener.wrap(authentication2 -> {
                createTokenRequest.getPassword().close();
                if (authentication2 != null) {
                    createToken(createTokenRequest, authentication2, authentication, true, actionListener);
                } else {
                    actionListener.onFailure(new UnsupportedOperationException("cannot create token if authentication is not allowed"));
                }
            }, exc -> {
                createTokenRequest.getPassword().close();
                actionListener.onFailure(exc);
            }));
            if (stashContext != null) {
                stashContext.close();
            }
        } catch (Throwable th) {
            if (stashContext != null) {
                try {
                    stashContext.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void createToken(CreateTokenRequest createTokenRequest, Authentication authentication, Authentication authentication2, boolean z, ActionListener<CreateTokenResponse> actionListener) {
        try {
            TokenService tokenService = this.tokenService;
            CheckedConsumer checkedConsumer = tuple -> {
                actionListener.onResponse(new CreateTokenResponse(this.tokenService.getUserTokenString((UserToken) tuple.v1()), this.tokenService.getExpirationDelay(), getResponseScopeValue(createTokenRequest.getScope()), (String) tuple.v2()));
            };
            Objects.requireNonNull(actionListener);
            tokenService.createUserToken(authentication, authentication2, ActionListener.wrap(checkedConsumer, actionListener::onFailure), Collections.emptyMap(), z);
        } catch (IOException e) {
            actionListener.onFailure(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getResponseScopeValue(String str) {
        return str != null ? DEFAULT_SCOPE : null;
    }

    protected /* bridge */ /* synthetic */ void doExecute(ActionRequest actionRequest, ActionListener actionListener) {
        doExecute((CreateTokenRequest) actionRequest, (ActionListener<CreateTokenResponse>) actionListener);
    }

    static {
        $assertionsDisabled = !TransportCreateTokenAction.class.desiredAssertionStatus();
    }
}
