package org.elasticsearch.xpack.security.rest.action.saml;

import java.io.IOException;
import java.util.Base64;
import java.util.List;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.ParseField;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ObjectParser;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.rest.BaseRestHandler;
import org.elasticsearch.rest.BytesRestResponse;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestResponse;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.rest.action.RestBuilderListener;
import org.elasticsearch.xpack.core.security.action.saml.SamlAuthenticateResponse;
import org.elasticsearch.xpack.core.security.client.SecurityClient;

/* loaded from: input_file:org/elasticsearch/xpack/security/rest/action/saml/RestSamlAuthenticateAction.class */
public class RestSamlAuthenticateAction extends SamlBaseRestHandler implements RestHandler {
    static final ObjectParser<Input, Void> PARSER = new ObjectParser<>("saml_authenticate", Input::new);

    /* loaded from: input_file:org/elasticsearch/xpack/security/rest/action/saml/RestSamlAuthenticateAction$Input.class */
    static class Input {
        String content;
        List<String> ids;

        Input() {
        }

        void setContent(String str) {
            this.content = str;
        }

        void setIds(List<String> list) {
            this.ids = list;
        }
    }

    public RestSamlAuthenticateAction(Settings settings, RestController restController, XPackLicenseState xPackLicenseState) {
        super(settings, xPackLicenseState);
        restController.registerHandler(RestRequest.Method.POST, "/_xpack/security/saml/authenticate", this);
        restController.registerHandler(RestRequest.Method.POST, "/_security/saml/authenticate", this);
    }

    public String getName() {
        return "xpack_security_saml_authenticate_action";
    }

    @Override // org.elasticsearch.xpack.security.rest.action.SecurityBaseRestHandler
    public BaseRestHandler.RestChannelConsumer innerPrepareRequest(RestRequest restRequest, NodeClient nodeClient) throws IOException {
        XContentParser contentParser = restRequest.contentParser();
        try {
            Input input = (Input) PARSER.parse(contentParser, (Object) null);
            this.logger.trace("SAML Authenticate: [{}...] [{}]", Strings.cleanTruncate(input.content, 128), input.ids);
            BaseRestHandler.RestChannelConsumer restChannelConsumer = restChannel -> {
                new SecurityClient(nodeClient).prepareSamlAuthenticate(decodeBase64(input.content), input.ids).execute(new RestBuilderListener<SamlAuthenticateResponse>(restChannel) { // from class: org.elasticsearch.xpack.security.rest.action.saml.RestSamlAuthenticateAction.1
                    public RestResponse buildResponse(SamlAuthenticateResponse samlAuthenticateResponse, XContentBuilder xContentBuilder) throws Exception {
                        xContentBuilder.startObject().field("username", samlAuthenticateResponse.getPrincipal()).field("access_token", samlAuthenticateResponse.getTokenString()).field("refresh_token", samlAuthenticateResponse.getRefreshToken()).field("expires_in", samlAuthenticateResponse.getExpiresIn().seconds()).endObject();
                        return new BytesRestResponse(RestStatus.OK, xContentBuilder);
                    }
                });
            };
            if (contentParser != null) {
                contentParser.close();
            }
            return restChannelConsumer;
        } catch (Throwable th) {
            if (contentParser != null) {
                try {
                    contentParser.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private byte[] decodeBase64(String str) {
        String replaceAll = str.replaceAll("\\s+", "");
        try {
            return Base64.getDecoder().decode(replaceAll);
        } catch (IllegalArgumentException e) {
            this.logger.info("Failed to decode base64 string [{}] - {}", replaceAll, e.toString());
            throw e;
        }
    }

    static {
        PARSER.declareString((v0, v1) -> {
            v0.setContent(v1);
        }, new ParseField("content", new String[0]));
        PARSER.declareStringArray((v0, v1) -> {
            v0.setIds(v1);
        }, new ParseField("ids", new String[0]));
    }
}
