package org.elasticsearch.xpack.security.ingest;

import java.util.Arrays;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Supplier;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.ingest.AbstractProcessor;
import org.elasticsearch.ingest.ConfigurationUtils;
import org.elasticsearch.ingest.IngestDocument;
import org.elasticsearch.ingest.Processor;
import org.elasticsearch.xpack.core.XPackSettings;
import org.elasticsearch.xpack.core.security.SecurityContext;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.user.User;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
import org.elasticsearch.xpack.security.authc.ApiKeyService;
import org.elasticsearch.xpack.security.support.SecuritySystemIndices;

/* loaded from: input_file:org/elasticsearch/xpack/security/ingest/SetSecurityUserProcessor.class */
public final class SetSecurityUserProcessor extends AbstractProcessor {
    public static final String TYPE = "set_security_user";
    private final Logger logger;
    private final SecurityContext securityContext;
    private final Settings settings;
    private final String field;
    private final Set<Property> properties;

    /* renamed from: org.elasticsearch.xpack.security.ingest.SetSecurityUserProcessor$1, reason: invalid class name */
    /* loaded from: input_file:org/elasticsearch/xpack/security/ingest/SetSecurityUserProcessor$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$elasticsearch$xpack$security$ingest$SetSecurityUserProcessor$Property = new int[Property.values().length];

        static {
            try {
                $SwitchMap$org$elasticsearch$xpack$security$ingest$SetSecurityUserProcessor$Property[Property.USERNAME.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$elasticsearch$xpack$security$ingest$SetSecurityUserProcessor$Property[Property.FULL_NAME.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$elasticsearch$xpack$security$ingest$SetSecurityUserProcessor$Property[Property.EMAIL.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$elasticsearch$xpack$security$ingest$SetSecurityUserProcessor$Property[Property.ROLES.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$elasticsearch$xpack$security$ingest$SetSecurityUserProcessor$Property[Property.METADATA.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$elasticsearch$xpack$security$ingest$SetSecurityUserProcessor$Property[Property.API_KEY.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$elasticsearch$xpack$security$ingest$SetSecurityUserProcessor$Property[Property.REALM.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$elasticsearch$xpack$security$ingest$SetSecurityUserProcessor$Property[Property.AUTHENTICATION_TYPE.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/security/ingest/SetSecurityUserProcessor$Factory.class */
    public static final class Factory implements Processor.Factory {
        private final Supplier<SecurityContext> securityContext;
        private final Settings settings;

        public Factory(Supplier<SecurityContext> supplier, Settings settings) {
            this.securityContext = supplier;
            this.settings = settings;
        }

        public SetSecurityUserProcessor create(Map<String, Processor.Factory> map, String str, String str2, Map<String, Object> map2) throws Exception {
            EnumSet allOf;
            String readStringProperty = ConfigurationUtils.readStringProperty(SetSecurityUserProcessor.TYPE, str, map2, "field");
            List readOptionalList = ConfigurationUtils.readOptionalList(SetSecurityUserProcessor.TYPE, str, map2, "properties");
            if (readOptionalList != null) {
                allOf = EnumSet.noneOf(Property.class);
                Iterator it = readOptionalList.iterator();
                while (it.hasNext()) {
                    allOf.add(Property.parse(str, (String) it.next()));
                }
            } else {
                allOf = EnumSet.allOf(Property.class);
            }
            return new SetSecurityUserProcessor(str, str2, this.securityContext.get(), this.settings, readStringProperty, allOf);
        }

        /* renamed from: create, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ Processor m113create(Map map, String str, String str2, Map map2) throws Exception {
            return create((Map<String, Processor.Factory>) map, str, str2, (Map<String, Object>) map2);
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/security/ingest/SetSecurityUserProcessor$Property.class */
    public enum Property {
        USERNAME,
        FULL_NAME,
        EMAIL,
        ROLES,
        METADATA,
        API_KEY,
        REALM,
        AUTHENTICATION_TYPE;

        static Property parse(String str, String str2) {
            try {
                return valueOf(str2.toUpperCase(Locale.ROOT));
            } catch (IllegalArgumentException e) {
                throw ConfigurationUtils.newConfigurationException(SetSecurityUserProcessor.TYPE, str, "properties", "Property value [" + str2 + "] is in valid");
            }
        }
    }

    public SetSecurityUserProcessor(String str, String str2, SecurityContext securityContext, Settings settings, String str3, Set<Property> set) {
        super(str, str2);
        this.logger = LogManager.getLogger();
        this.securityContext = securityContext;
        this.settings = (Settings) Objects.requireNonNull(settings, "settings object cannot be null");
        if (!((Boolean) XPackSettings.SECURITY_ENABLED.get(settings)).booleanValue()) {
            this.logger.warn("Creating processor [{}] (tag [{}]) on field [{}] but authentication is not currently enabled on this cluster  - this processor is likely to fail at runtime if it is used", TYPE, str, str3);
        } else if (this.securityContext == null) {
            throw new IllegalArgumentException("Authentication is allowed on this cluster state, but there is no security context");
        }
        this.field = str3;
        this.properties = set;
    }

    public IngestDocument execute(IngestDocument ingestDocument) throws Exception {
        Authentication authentication = null;
        User user = null;
        if (this.securityContext != null) {
            authentication = this.securityContext.getAuthentication();
            if (authentication != null) {
                user = authentication.getUser();
            }
        }
        if (user == null) {
            this.logger.debug("Failed to find active user. SecurityContext=[{}] Authentication=[{}] User=[{}]", this.securityContext, authentication, user);
            if (((Boolean) XPackSettings.SECURITY_ENABLED.get(this.settings)).booleanValue()) {
                throw new IllegalStateException("There is no authenticated user - the [set_security_user] processor requires an authenticated user");
            }
            throw new IllegalStateException("Security (authentication) is not enabled on this cluster, so there is no active user - the [set_security_user] processor cannot be used without security");
        }
        Object fieldValue = ingestDocument.getFieldValue(this.field, Object.class, true);
        Map hashMap = fieldValue instanceof Map ? (Map) fieldValue : new HashMap();
        for (Property property : this.properties) {
            switch (AnonymousClass1.$SwitchMap$org$elasticsearch$xpack$security$ingest$SetSecurityUserProcessor$Property[property.ordinal()]) {
                case 1:
                    if (user.principal() != null) {
                        hashMap.put("username", user.principal());
                        break;
                    } else {
                        break;
                    }
                case 2:
                    if (user.fullName() != null) {
                        hashMap.put("full_name", user.fullName());
                        break;
                    } else {
                        break;
                    }
                case 3:
                    if (user.email() != null) {
                        hashMap.put("email", user.email());
                        break;
                    } else {
                        break;
                    }
                case 4:
                    if (user.roles() != null && user.roles().length != 0) {
                        hashMap.put("roles", Arrays.asList(user.roles()));
                        break;
                    }
                    break;
                case 5:
                    if (user.metadata() != null && !user.metadata().isEmpty()) {
                        hashMap.put("metadata", user.metadata());
                        break;
                    }
                    break;
                case SecuritySystemIndices.INTERNAL_MAIN_INDEX_FORMAT /* 6 */:
                    if (authentication.isApiKey()) {
                        Object obj = hashMap.get("api_key");
                        Map hashMap2 = obj instanceof Map ? (Map) obj : new HashMap();
                        if (authentication.getMetadata().containsKey("_security_api_key_name")) {
                            hashMap2.put("name", authentication.getMetadata().get("_security_api_key_name"));
                        }
                        if (authentication.getMetadata().containsKey("_security_api_key_id")) {
                            hashMap2.put("id", authentication.getMetadata().get("_security_api_key_id"));
                        }
                        Map<String, Object> apiKeyMetadata = ApiKeyService.getApiKeyMetadata(authentication);
                        if (false == apiKeyMetadata.isEmpty()) {
                            hashMap2.put("metadata", apiKeyMetadata);
                        }
                        if (false == hashMap2.isEmpty()) {
                            hashMap.put("api_key", hashMap2);
                            break;
                        } else {
                            break;
                        }
                    } else {
                        break;
                    }
                case 7:
                    Object obj2 = hashMap.get(LoggingAuditTrail.REALM_FIELD_NAME);
                    Map hashMap3 = obj2 instanceof Map ? (Map) obj2 : new HashMap();
                    String creatorRealmName = ApiKeyService.getCreatorRealmName(authentication);
                    if (creatorRealmName != null) {
                        hashMap3.put("name", creatorRealmName);
                    }
                    String creatorRealmType = ApiKeyService.getCreatorRealmType(authentication);
                    if (creatorRealmType != null) {
                        hashMap3.put(LoggingAuditTrail.LOG_TYPE, creatorRealmType);
                    }
                    if (false == hashMap3.isEmpty()) {
                        hashMap.put(LoggingAuditTrail.REALM_FIELD_NAME, hashMap3);
                        break;
                    } else {
                        break;
                    }
                case 8:
                    if (authentication.getAuthenticationType() != null) {
                        hashMap.put("authentication_type", authentication.getAuthenticationType().toString());
                        break;
                    } else {
                        break;
                    }
                default:
                    throw new UnsupportedOperationException("unsupported property [" + property + "]");
            }
        }
        ingestDocument.setFieldValue(this.field, hashMap);
        return ingestDocument;
    }

    public String getType() {
        return TYPE;
    }

    String getField() {
        return this.field;
    }

    Set<Property> getProperties() {
        return this.properties;
    }
}
