package org.elasticsearch.xpack.security.action.oidc;

import java.util.List;
import java.util.stream.Collectors;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.support.ActionFilters;
import org.elasticsearch.action.support.HandledTransportAction;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.core.security.action.oidc.OpenIdConnectPrepareAuthenticationRequest;
import org.elasticsearch.xpack.core.security.action.oidc.OpenIdConnectPrepareAuthenticationResponse;
import org.elasticsearch.xpack.core.security.authc.Realm;
import org.elasticsearch.xpack.security.authc.Realms;
import org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectRealm;

/* loaded from: input_file:org/elasticsearch/xpack/security/action/oidc/TransportOpenIdConnectPrepareAuthenticationAction.class */
public class TransportOpenIdConnectPrepareAuthenticationAction extends HandledTransportAction<OpenIdConnectPrepareAuthenticationRequest, OpenIdConnectPrepareAuthenticationResponse> {
    private final Realms realms;

    @Inject
    public TransportOpenIdConnectPrepareAuthenticationAction(TransportService transportService, ActionFilters actionFilters, Realms realms) {
        super("cluster:admin/xpack/security/oidc/prepare", transportService, actionFilters, OpenIdConnectPrepareAuthenticationRequest::new);
        this.realms = realms;
    }

    protected void doExecute(Task task, OpenIdConnectPrepareAuthenticationRequest openIdConnectPrepareAuthenticationRequest, ActionListener<OpenIdConnectPrepareAuthenticationResponse> actionListener) {
        Realm realm = null;
        if (Strings.hasText(openIdConnectPrepareAuthenticationRequest.getIssuer())) {
            List list = (List) this.realms.stream().filter(realm2 -> {
                return (realm2 instanceof OpenIdConnectRealm) && ((OpenIdConnectRealm) realm2).isIssuerValid(openIdConnectPrepareAuthenticationRequest.getIssuer());
            }).map(realm3 -> {
                return (OpenIdConnectRealm) realm3;
            }).collect(Collectors.toList());
            if (list.isEmpty()) {
                actionListener.onFailure(new ElasticsearchSecurityException("Cannot find OpenID Connect realm with issuer [{}]", new Object[]{openIdConnectPrepareAuthenticationRequest.getIssuer()}));
            } else if (list.size() > 1) {
                actionListener.onFailure(new ElasticsearchSecurityException("Found multiple OpenID Connect realm with issuer [{}]", new Object[]{openIdConnectPrepareAuthenticationRequest.getIssuer()}));
            } else {
                realm = (Realm) list.get(0);
            }
        } else if (Strings.hasText(openIdConnectPrepareAuthenticationRequest.getRealmName())) {
            realm = this.realms.realm(openIdConnectPrepareAuthenticationRequest.getRealmName());
        }
        if (realm instanceof OpenIdConnectRealm) {
            prepareAuthenticationResponse((OpenIdConnectRealm) realm, openIdConnectPrepareAuthenticationRequest.getState(), openIdConnectPrepareAuthenticationRequest.getNonce(), openIdConnectPrepareAuthenticationRequest.getLoginHint(), actionListener);
        } else {
            actionListener.onFailure(new ElasticsearchSecurityException("Cannot find OpenID Connect realm with name [{}]", new Object[]{openIdConnectPrepareAuthenticationRequest.getRealmName()}));
        }
    }

    private static void prepareAuthenticationResponse(OpenIdConnectRealm openIdConnectRealm, String str, String str2, String str3, ActionListener<OpenIdConnectPrepareAuthenticationResponse> actionListener) {
        try {
            actionListener.onResponse(openIdConnectRealm.buildAuthenticationRequestUri(str, str2, str3));
        } catch (ElasticsearchException e) {
            actionListener.onFailure(e);
        }
    }

    protected /* bridge */ /* synthetic */ void doExecute(Task task, ActionRequest actionRequest, ActionListener actionListener) {
        doExecute(task, (OpenIdConnectPrepareAuthenticationRequest) actionRequest, (ActionListener<OpenIdConnectPrepareAuthenticationResponse>) actionListener);
    }
}
