package org.elasticsearch.xpack.core.async;

import java.io.IOException;
import java.util.Map;
import java.util.Objects;
import java.util.function.Consumer;
import org.elasticsearch.ResourceNotFoundException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.get.GetRequest;
import org.elasticsearch.client.internal.Client;
import org.elasticsearch.client.internal.OriginSettingClient;
import org.elasticsearch.common.Strings;
import org.elasticsearch.search.fetch.subphase.FetchSourceContext;
import org.elasticsearch.xpack.core.search.action.GetAsyncStatusAction;
import org.elasticsearch.xpack.core.security.SecurityContext;
import org.elasticsearch.xpack.core.security.action.user.HasPrivilegesAction;
import org.elasticsearch.xpack.core.security.action.user.HasPrivilegesRequest;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.authz.RoleDescriptor;
import org.elasticsearch.xpack.core.security.authz.privilege.ClusterPrivilegeResolver;

/* loaded from: input_file:org/elasticsearch/xpack/core/async/AsyncSearchSecurity.class */
public class AsyncSearchSecurity {
    private static final FetchSourceContext FETCH_HEADERS_FIELD_CONTEXT = FetchSourceContext.of(true, new String[]{AsyncTaskIndexService.HEADERS_FIELD}, Strings.EMPTY_ARRAY);
    private final String indexName;
    private final SecurityContext securityContext;
    private final Client client;
    private final OriginSettingClient clientWithOrigin;

    public AsyncSearchSecurity(String str, SecurityContext securityContext, Client client, String str2) {
        this.securityContext = securityContext;
        this.client = client;
        this.clientWithOrigin = new OriginSettingClient(client, str2);
        this.indexName = str;
    }

    public void currentUserHasCancelTaskPrivilege(Consumer<Boolean> consumer) {
        String name = ClusterPrivilegeResolver.CANCEL_TASK.name();
        Objects.requireNonNull(consumer);
        hasClusterPrivilege(name, ActionListener.wrap((v1) -> {
            r2.accept(v1);
        }, exc -> {
            consumer.accept(false);
        }));
    }

    public void currentUserCanSeeStatusOfAllSearches(ActionListener<Boolean> actionListener) {
        hasClusterPrivilege(GetAsyncStatusAction.NAME, actionListener);
    }

    private void hasClusterPrivilege(String str, ActionListener<Boolean> actionListener) {
        Authentication authentication = this.securityContext.getAuthentication();
        if (authentication == null) {
            actionListener.onResponse(false);
            return;
        }
        HasPrivilegesRequest hasPrivilegesRequest = new HasPrivilegesRequest();
        hasPrivilegesRequest.username(authentication.getEffectiveSubject().getUser().principal());
        hasPrivilegesRequest.clusterPrivileges(str);
        hasPrivilegesRequest.indexPrivileges(new RoleDescriptor.IndicesPrivileges[0]);
        hasPrivilegesRequest.applicationPrivileges(new RoleDescriptor.ApplicationResourcePrivileges[0]);
        try {
            this.client.execute(HasPrivilegesAction.INSTANCE, hasPrivilegesRequest, actionListener.map(hasPrivilegesResponse -> {
                return Boolean.valueOf(hasPrivilegesResponse.isCompleteMatch());
            }));
        } catch (Exception e) {
            actionListener.onFailure(e);
        }
    }

    public boolean currentUserHasAccessToTask(AsyncTask asyncTask) throws IOException {
        Objects.requireNonNull(asyncTask, "Task cannot be null");
        return currentUserHasAccessToTaskWithHeaders(asyncTask.getOriginHeaders());
    }

    public boolean currentUserHasAccessToTaskWithHeaders(Map<String, String> map) throws IOException {
        return this.securityContext.canIAccessResourcesCreatedWithHeaders(map);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void ensureAuthenticatedUserCanDeleteFromIndex(AsyncExecutionId asyncExecutionId, ActionListener<Void> actionListener) {
        getTaskHeadersFromIndex(asyncExecutionId, actionListener.map(map -> {
            if (currentUserHasAccessToTaskWithHeaders(map)) {
                return null;
            }
            throw new ResourceNotFoundException(asyncExecutionId.getEncoded(), new Object[0]);
        }));
    }

    private void getTaskHeadersFromIndex(AsyncExecutionId asyncExecutionId, ActionListener<Map<String, String>> actionListener) {
        this.clientWithOrigin.get(new GetRequest(this.indexName).preference(asyncExecutionId.getEncoded()).id(asyncExecutionId.getDocId()).fetchSourceContext(FETCH_HEADERS_FIELD_CONTEXT), ActionListener.wrap(getResponse -> {
            if (getResponse.isExists()) {
                actionListener.onResponse((Map) getResponse.getSource().get(AsyncTaskIndexService.HEADERS_FIELD));
            } else {
                actionListener.onFailure(new ResourceNotFoundException(asyncExecutionId.getEncoded(), new Object[0]));
            }
        }, exc -> {
            actionListener.onFailure(new ResourceNotFoundException(asyncExecutionId.getEncoded(), new Object[0]));
        }));
    }
}
