package org.elasticsearch.xpack.security.action.saml;

import java.util.List;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.support.ActionFilters;
import org.elasticsearch.action.support.HandledTransportAction;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.core.security.action.saml.SamlPrepareAuthenticationRequest;
import org.elasticsearch.xpack.core.security.action.saml.SamlPrepareAuthenticationResponse;
import org.elasticsearch.xpack.security.authc.Realms;
import org.elasticsearch.xpack.security.authc.saml.SamlRealm;
import org.elasticsearch.xpack.security.authc.saml.SamlRedirect;
import org.elasticsearch.xpack.security.authc.saml.SamlUtils;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.RequestAbstractType;

/* loaded from: input_file:org/elasticsearch/xpack/security/action/saml/TransportSamlPrepareAuthenticationAction.class */
public final class TransportSamlPrepareAuthenticationAction extends HandledTransportAction<SamlPrepareAuthenticationRequest, SamlPrepareAuthenticationResponse> {
    private final Realms realms;

    @Inject
    public TransportSamlPrepareAuthenticationAction(TransportService transportService, ActionFilters actionFilters, Realms realms) {
        super("cluster:admin/xpack/security/saml/prepare", transportService, actionFilters, SamlPrepareAuthenticationRequest::new);
        this.realms = realms;
    }

    protected void doExecute(Task task, SamlPrepareAuthenticationRequest samlPrepareAuthenticationRequest, ActionListener<SamlPrepareAuthenticationResponse> actionListener) {
        List<SamlRealm> findSamlRealms = SamlRealm.findSamlRealms(this.realms, samlPrepareAuthenticationRequest.getRealmName(), samlPrepareAuthenticationRequest.getAssertionConsumerServiceURL());
        if (findSamlRealms.isEmpty()) {
            actionListener.onFailure(SamlUtils.samlException("Cannot find any matching realm for [{}]", samlPrepareAuthenticationRequest));
        } else if (findSamlRealms.size() > 1) {
            actionListener.onFailure(SamlUtils.samlException("Found multiple matching realms [{}] for [{}]", findSamlRealms, samlPrepareAuthenticationRequest));
        } else {
            prepareAuthentication(findSamlRealms.get(0), samlPrepareAuthenticationRequest.getRelayState(), actionListener);
        }
    }

    private void prepareAuthentication(SamlRealm samlRealm, String str, ActionListener<SamlPrepareAuthenticationResponse> actionListener) {
        AuthnRequest buildAuthenticationRequest = samlRealm.buildAuthenticationRequest();
        try {
            actionListener.onResponse(new SamlPrepareAuthenticationResponse(samlRealm.name(), buildAuthenticationRequest.getID(), new SamlRedirect((RequestAbstractType) buildAuthenticationRequest, samlRealm.getSigningConfiguration()).getRedirectUrl(str)));
        } catch (ElasticsearchException e) {
            actionListener.onFailure(e);
        }
    }

    protected /* bridge */ /* synthetic */ void doExecute(Task task, ActionRequest actionRequest, ActionListener actionListener) {
        doExecute(task, (SamlPrepareAuthenticationRequest) actionRequest, (ActionListener<SamlPrepareAuthenticationResponse>) actionListener);
    }
}
