package org.elasticsearch.xpack.core;

import java.io.IOException;
import java.io.UncheckedIOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.BiConsumer;
import java.util.function.Supplier;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.elasticsearch.TransportVersion;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionResponse;
import org.elasticsearch.action.ActionType;
import org.elasticsearch.action.support.ContextPreservingActionListener;
import org.elasticsearch.client.internal.Client;
import org.elasticsearch.client.internal.OriginSettingClient;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.core.Assertions;
import org.elasticsearch.core.CheckedFunction;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.authc.AuthenticationField;
import org.elasticsearch.xpack.core.security.authc.AuthenticationServiceField;
import org.elasticsearch.xpack.core.security.authc.support.AuthenticationContextSerializer;
import org.elasticsearch.xpack.core.security.authc.support.SecondaryAuthentication;
import org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken;

/* loaded from: input_file:org/elasticsearch/xpack/core/ClientHelper.class */
public final class ClientHelper {
    private static final Pattern authorizationHeaderPattern;
    public static final Set<String> SECURITY_HEADER_FILTERS;

    @Deprecated
    public static final String ACTION_ORIGIN_TRANSIENT_NAME = "action.origin";
    public static final String SECURITY_ORIGIN = "security";
    public static final String SECURITY_PROFILE_ORIGIN = "security_profile";
    public static final String WATCHER_ORIGIN = "watcher";
    public static final String ML_ORIGIN = "ml";
    public static final String INDEX_LIFECYCLE_ORIGIN = "index_lifecycle";
    public static final String MONITORING_ORIGIN = "monitoring";
    public static final String DEPRECATION_ORIGIN = "deprecation";
    public static final String ROLLUP_ORIGIN = "rollup";
    public static final String ENRICH_ORIGIN = "enrich";
    public static final String TRANSFORM_ORIGIN = "transform";
    public static final String ASYNC_SEARCH_ORIGIN = "async_search";
    public static final String IDP_ORIGIN = "idp";
    public static final String PROFILING_ORIGIN = "profiling";
    public static final String STACK_ORIGIN = "stack";
    public static final String SEARCHABLE_SNAPSHOTS_ORIGIN = "searchable_snapshots";
    public static final String LOGSTASH_MANAGEMENT_ORIGIN = "logstash_management";
    public static final String FLEET_ORIGIN = "fleet";
    public static final String ENT_SEARCH_ORIGIN = "enterprise_search";
    public static final String CONNECTORS_ORIGIN = "connectors";
    public static final String INFERENCE_ORIGIN = "inference";
    public static final String APM_ORIGIN = "apm";
    public static final String OTEL_ORIGIN = "otel";
    public static final String REINDEX_DATA_STREAM_ORIGIN = "reindex_data_stream";
    public static final String LOGS_PATTERN_USAGE_ORIGIN = "logs_pattern_usage";
    static final /* synthetic */ boolean $assertionsDisabled;

    public static void assertNoAuthorizationHeader(Map<String, String> map) {
        if (Assertions.ENABLED) {
            Iterator<String> it = map.keySet().iterator();
            while (it.hasNext()) {
                if (authorizationHeaderPattern.matcher(it.next()).find() && !$assertionsDisabled) {
                    throw new AssertionError("headers contain \"Authorization\"");
                }
            }
        }
    }

    public static Map<String, String> filterSecurityHeaders(Map<String, String> map) {
        return SECURITY_HEADER_FILTERS.containsAll(map.keySet()) ? map : (Map) ((Map) Objects.requireNonNull(map)).entrySet().stream().filter(entry -> {
            return SECURITY_HEADER_FILTERS.contains(entry.getKey());
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
    }

    public static Map<String, String> getPersistableSafeSecurityHeaders(ThreadContext threadContext, ClusterState clusterState) {
        return maybeRewriteAuthenticationHeadersForVersion(filterSecurityHeaders(threadContext.getHeaders()), str -> {
            return new AuthenticationContextSerializer(str).readFromContext(threadContext);
        }, clusterState.getMinTransportVersion());
    }

    public static Map<String, String> getPersistableSafeSecurityHeaders(Map<String, String> map, ClusterState clusterState) {
        return maybeRewriteAuthenticationHeadersForVersion(filterSecurityHeaders(map), str -> {
            String str = (String) map.get(str);
            if (str == null) {
                return null;
            }
            return AuthenticationContextSerializer.decode(str);
        }, clusterState.getMinTransportVersion());
    }

    private static Map<String, String> maybeRewriteAuthenticationHeadersForVersion(Map<String, String> map, CheckedFunction<String, Authentication, IOException> checkedFunction, TransportVersion transportVersion) {
        HashMap hashMap = null;
        String maybeRewriteSingleAuthenticationHeaderForVersion = maybeRewriteSingleAuthenticationHeaderForVersion(checkedFunction, AuthenticationField.AUTHENTICATION_KEY, transportVersion);
        if (maybeRewriteSingleAuthenticationHeaderForVersion != null) {
            hashMap = new HashMap();
            hashMap.put(AuthenticationField.AUTHENTICATION_KEY, maybeRewriteSingleAuthenticationHeaderForVersion);
        }
        String maybeRewriteSingleAuthenticationHeaderForVersion2 = maybeRewriteSingleAuthenticationHeaderForVersion(checkedFunction, SecondaryAuthentication.THREAD_CTX_KEY, transportVersion);
        if (maybeRewriteSingleAuthenticationHeaderForVersion2 != null) {
            if (hashMap == null) {
                hashMap = new HashMap();
            }
            hashMap.put(SecondaryAuthentication.THREAD_CTX_KEY, maybeRewriteSingleAuthenticationHeaderForVersion2);
        }
        if (hashMap == null) {
            return map;
        }
        HashMap hashMap2 = new HashMap(map);
        hashMap2.putAll(hashMap);
        return Map.copyOf(hashMap2);
    }

    private static String maybeRewriteSingleAuthenticationHeaderForVersion(CheckedFunction<String, Authentication, IOException> checkedFunction, String str, TransportVersion transportVersion) {
        try {
            Authentication authentication = (Authentication) checkedFunction.apply(str);
            if (authentication == null || !authentication.getEffectiveSubject().getTransportVersion().after(transportVersion)) {
                return null;
            }
            return authentication.maybeRewriteForOlderVersion(transportVersion).encode();
        } catch (IOException e) {
            throw new UncheckedIOException("failed to read authentication with key [" + str + "]", e);
        }
    }

    private ClientHelper() {
    }

    @Deprecated
    public static Client clientWithOrigin(Client client, String str) {
        return new OriginSettingClient(client, str);
    }

    public static <Request, Response> void executeAsyncWithOrigin(ThreadContext threadContext, String str, Request request, ActionListener<Response> actionListener, BiConsumer<Request, ActionListener<Response>> biConsumer) {
        Supplier newRestorableContext = threadContext.newRestorableContext(false);
        ThreadContext.StoredContext stashWithOrigin = threadContext.stashWithOrigin(str);
        try {
            biConsumer.accept(request, new ContextPreservingActionListener(newRestorableContext, actionListener));
            if (stashWithOrigin != null) {
                stashWithOrigin.close();
            }
        } catch (Throwable th) {
            if (stashWithOrigin != null) {
                try {
                    stashWithOrigin.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static <Request extends ActionRequest, Response extends ActionResponse> void executeAsyncWithOrigin(Client client, String str, ActionType<Response> actionType, Request request, ActionListener<Response> actionListener) {
        executeAsyncWithOrigin(client.threadPool().getThreadContext(), str, request, actionListener, (BiConsumer<Request, ActionListener<Response>>) (actionRequest, actionListener2) -> {
            client.execute(actionType, actionRequest, actionListener2);
        });
    }

    public static <T extends ActionResponse> T executeWithHeaders(Map<String, String> map, String str, Client client, Supplier<T> supplier) {
        Map<String, String> filterSecurityHeaders = filterSecurityHeaders(map);
        if (filterSecurityHeaders.isEmpty()) {
            ThreadContext.StoredContext stashWithOrigin = client.threadPool().getThreadContext().stashWithOrigin(str);
            try {
                T t = supplier.get();
                if (stashWithOrigin != null) {
                    stashWithOrigin.close();
                }
                return t;
            } catch (Throwable th) {
                if (stashWithOrigin != null) {
                    try {
                        stashWithOrigin.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        ThreadContext.StoredContext stashContext = client.threadPool().getThreadContext().stashContext();
        try {
            client.threadPool().getThreadContext().copyHeaders(filterSecurityHeaders.entrySet());
            T t2 = supplier.get();
            if (stashContext != null) {
                stashContext.close();
            }
            return t2;
        } catch (Throwable th3) {
            if (stashContext != null) {
                try {
                    stashContext.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    public static <Request extends ActionRequest, Response extends ActionResponse> void executeWithHeadersAsync(Map<String, String> map, String str, Client client, ActionType<Response> actionType, Request request, ActionListener<Response> actionListener) {
        executeWithHeadersAsync(client.threadPool().getThreadContext(), map, str, request, actionListener, (BiConsumer<Request, ActionListener<Response>>) (actionRequest, actionListener2) -> {
            client.execute(actionType, actionRequest, actionListener2);
        });
    }

    public static <Request, Response> void executeWithHeadersAsync(ThreadContext threadContext, Map<String, String> map, String str, Request request, ActionListener<Response> actionListener, BiConsumer<Request, ActionListener<Response>> biConsumer) {
        Map<String, String> filterSecurityHeaders = filterSecurityHeaders(map);
        if (filterSecurityHeaders.isEmpty()) {
            executeAsyncWithOrigin(threadContext, str, request, actionListener, biConsumer);
            return;
        }
        Supplier newRestorableContext = threadContext.newRestorableContext(false);
        ThreadContext.StoredContext stashWithHeaders = stashWithHeaders(threadContext, filterSecurityHeaders);
        try {
            biConsumer.accept(request, new ContextPreservingActionListener(newRestorableContext, actionListener));
            if (stashWithHeaders != null) {
                stashWithHeaders.close();
            }
        } catch (Throwable th) {
            if (stashWithHeaders != null) {
                try {
                    stashWithHeaders.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static ThreadContext.StoredContext stashWithHeaders(ThreadContext threadContext, Map<String, String> map) {
        ThreadContext.StoredContext stashContext = threadContext.stashContext();
        assertNoAuthorizationHeader(map);
        threadContext.copyHeaders(map.entrySet());
        return stashContext;
    }

    static {
        $assertionsDisabled = !ClientHelper.class.desiredAssertionStatus();
        authorizationHeaderPattern = Pattern.compile("\\s*" + Pattern.quote(UsernamePasswordToken.BASIC_AUTH_HEADER) + "\\s*", 2);
        SECURITY_HEADER_FILTERS = Set.of(AuthenticationServiceField.RUN_AS_USER_HEADER, AuthenticationField.AUTHENTICATION_KEY, SecondaryAuthentication.THREAD_CTX_KEY);
    }
}
