package org.elasticsearch.xpack.security.action;

import java.util.Objects;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.support.ActionFilters;
import org.elasticsearch.action.support.HandledTransportAction;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.core.CheckedConsumer;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xcontent.NamedXContentRegistry;
import org.elasticsearch.xpack.core.security.action.CreateApiKeyResponse;
import org.elasticsearch.xpack.core.security.action.GrantApiKeyRequest;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.xpack.security.authc.ApiKeyService;
import org.elasticsearch.xpack.security.authc.AuthenticationService;
import org.elasticsearch.xpack.security.authc.TokenService;
import org.elasticsearch.xpack.security.authc.support.ApiKeyGenerator;
import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore;

/* loaded from: input_file:org/elasticsearch/xpack/security/action/TransportGrantApiKeyAction.class */
public final class TransportGrantApiKeyAction extends HandledTransportAction<GrantApiKeyRequest, CreateApiKeyResponse> {
    private final ThreadContext threadContext;
    private final ApiKeyGenerator generator;
    private final AuthenticationService authenticationService;
    private final TokenService tokenService;

    @Inject
    public TransportGrantApiKeyAction(TransportService transportService, ActionFilters actionFilters, ThreadPool threadPool, ApiKeyService apiKeyService, AuthenticationService authenticationService, TokenService tokenService, CompositeRolesStore compositeRolesStore, NamedXContentRegistry namedXContentRegistry) {
        this(transportService, actionFilters, threadPool.getThreadContext(), new ApiKeyGenerator(apiKeyService, compositeRolesStore, namedXContentRegistry), authenticationService, tokenService);
    }

    TransportGrantApiKeyAction(TransportService transportService, ActionFilters actionFilters, ThreadContext threadContext, ApiKeyGenerator apiKeyGenerator, AuthenticationService authenticationService, TokenService tokenService) {
        super("cluster:admin/xpack/security/api_key/grant", transportService, actionFilters, GrantApiKeyRequest::new);
        this.threadContext = threadContext;
        this.generator = apiKeyGenerator;
        this.authenticationService = authenticationService;
        this.tokenService = tokenService;
    }

    protected void doExecute(Task task, GrantApiKeyRequest grantApiKeyRequest, ActionListener<CreateApiKeyResponse> actionListener) {
        try {
            ThreadContext.StoredContext stashContext = this.threadContext.stashContext();
            try {
                GrantApiKeyRequest.Grant grant = grantApiKeyRequest.getGrant();
                CheckedConsumer checkedConsumer = authentication -> {
                    this.generator.generateApiKey(authentication, grantApiKeyRequest.getApiKeyRequest(), actionListener);
                };
                Objects.requireNonNull(actionListener);
                resolveAuthentication(grant, grantApiKeyRequest, ActionListener.wrap(checkedConsumer, actionListener::onFailure));
                if (stashContext != null) {
                    stashContext.close();
                }
            } finally {
            }
        } catch (Exception e) {
            actionListener.onFailure(e);
        }
    }

    private void resolveAuthentication(GrantApiKeyRequest.Grant grant, TransportRequest transportRequest, ActionListener<Authentication> actionListener) {
        String type = grant.getType();
        boolean z = -1;
        switch (type.hashCode()) {
            case -1938933922:
                if (type.equals("access_token")) {
                    z = true;
                    break;
                }
                break;
            case 1216985755:
                if (type.equals("password")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                this.authenticationService.authenticate(((HandledTransportAction) this).actionName, transportRequest, new UsernamePasswordToken(grant.getUsername(), grant.getPassword()), actionListener);
                return;
            case true:
                this.tokenService.authenticateToken(grant.getAccessToken(), actionListener);
                return;
            default:
                actionListener.onFailure(new ElasticsearchSecurityException("the grant type [{}] is not supported", new Object[]{grant.getType()}));
                return;
        }
    }

    protected /* bridge */ /* synthetic */ void doExecute(Task task, ActionRequest actionRequest, ActionListener actionListener) {
        doExecute(task, (GrantApiKeyRequest) actionRequest, (ActionListener<CreateApiKeyResponse>) actionListener);
    }
}
