package org.elasticsearch.xpack.security.action.saml;

import java.io.StringWriter;
import java.util.List;
import java.util.Locale;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.support.ActionFilters;
import org.elasticsearch.action.support.HandledTransportAction;
import org.elasticsearch.common.util.concurrent.EsExecutors;
import org.elasticsearch.injection.guice.Inject;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.core.security.action.saml.SamlSpMetadataRequest;
import org.elasticsearch.xpack.core.security.action.saml.SamlSpMetadataResponse;
import org.elasticsearch.xpack.security.authc.Realms;
import org.elasticsearch.xpack.security.authc.saml.SamlRealm;
import org.elasticsearch.xpack.security.authc.saml.SamlSpMetadataBuilder;
import org.elasticsearch.xpack.security.authc.saml.SamlUtils;
import org.elasticsearch.xpack.security.authc.saml.SpConfiguration;
import org.opensaml.saml.saml2.metadata.impl.EntityDescriptorMarshaller;
import org.w3c.dom.Element;

/* loaded from: input_file:org/elasticsearch/xpack/security/action/saml/TransportSamlSpMetadataAction.class */
public class TransportSamlSpMetadataAction extends HandledTransportAction<SamlSpMetadataRequest, SamlSpMetadataResponse> {
    private final Realms realms;

    @Inject
    public TransportSamlSpMetadataAction(TransportService transportService, ActionFilters actionFilters, Realms realms) {
        super("cluster:monitor/xpack/security/saml/metadata", transportService, actionFilters, SamlSpMetadataRequest::new, EsExecutors.DIRECT_EXECUTOR_SERVICE);
        this.realms = realms;
    }

    protected void doExecute(Task task, SamlSpMetadataRequest samlSpMetadataRequest, ActionListener<SamlSpMetadataResponse> actionListener) {
        List<SamlRealm> findSamlRealms = SamlRealm.findSamlRealms(this.realms, samlSpMetadataRequest.getRealmName(), null);
        if (findSamlRealms.isEmpty()) {
            actionListener.onFailure(SamlUtils.samlException("Cannot find any matching realm for [{}]", samlSpMetadataRequest.getRealmName()));
        } else if (findSamlRealms.size() > 1) {
            actionListener.onFailure(SamlUtils.samlException("Found multiple matching realms [{}] for [{}]", findSamlRealms, samlSpMetadataRequest.getRealmName()));
        } else {
            prepareMetadata(findSamlRealms.get(0), actionListener);
        }
    }

    private void prepareMetadata(SamlRealm samlRealm, ActionListener<SamlSpMetadataResponse> actionListener) {
        try {
            EntityDescriptorMarshaller entityDescriptorMarshaller = new EntityDescriptorMarshaller();
            SpConfiguration serviceProvider = samlRealm.getServiceProvider();
            Element marshall = entityDescriptorMarshaller.marshall(new SamlSpMetadataBuilder(Locale.getDefault(), serviceProvider.getEntityId()).assertionConsumerServiceUrl(serviceProvider.getAscUrl()).singleLogoutServiceUrl(serviceProvider.getLogoutUrl()).encryptionCredentials(serviceProvider.getEncryptionCredentials()).signingCredential(serviceProvider.getSigningConfiguration().getCredential()).authnRequestsSigned(Boolean.valueOf(serviceProvider.getSigningConfiguration().shouldSign("AuthnRequest"))).build());
            StringWriter stringWriter = new StringWriter();
            SamlUtils.getHardenedXMLTransformer().transform(new DOMSource(marshall), new StreamResult(stringWriter));
            actionListener.onResponse(new SamlSpMetadataResponse(stringWriter.toString()));
        } catch (Exception e) {
            this.logger.error(() -> {
                return "Error during SAML SP metadata generation for realm [" + samlRealm.name() + "]";
            }, e);
            actionListener.onFailure(e);
        }
    }

    protected /* bridge */ /* synthetic */ void doExecute(Task task, ActionRequest actionRequest, ActionListener actionListener) {
        doExecute(task, (SamlSpMetadataRequest) actionRequest, (ActionListener<SamlSpMetadataResponse>) actionListener);
    }
}
