package org.elasticsearch.xpack.security.action.user;

import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionRequestValidationException;
import org.elasticsearch.action.ValidateActions;
import org.elasticsearch.action.support.ActionFilters;
import org.elasticsearch.action.support.HandledTransportAction;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.core.security.action.user.PutUserRequest;
import org.elasticsearch.xpack.core.security.action.user.PutUserResponse;
import org.elasticsearch.xpack.core.security.authc.esnative.ClientReservedRealm;
import org.elasticsearch.xpack.core.security.support.Validation;
import org.elasticsearch.xpack.core.security.user.AnonymousUser;
import org.elasticsearch.xpack.core.security.user.User;
import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;

/* loaded from: input_file:org/elasticsearch/xpack/security/action/user/TransportPutUserAction.class */
public class TransportPutUserAction extends HandledTransportAction<PutUserRequest, PutUserResponse> {
    private final Settings settings;
    private final NativeUsersStore usersStore;

    @Inject
    public TransportPutUserAction(Settings settings, ActionFilters actionFilters, NativeUsersStore nativeUsersStore, TransportService transportService) {
        super("cluster:admin/xpack/security/user/put", transportService, actionFilters, PutUserRequest::new);
        this.settings = settings;
        this.usersStore = nativeUsersStore;
    }

    protected void doExecute(Task task, final PutUserRequest putUserRequest, final ActionListener<PutUserResponse> actionListener) {
        ActionRequestValidationException validateRequest = validateRequest(putUserRequest);
        if (validateRequest != null) {
            actionListener.onFailure(validateRequest);
        } else {
            this.usersStore.putUser(putUserRequest, new ActionListener<Boolean>() { // from class: org.elasticsearch.xpack.security.action.user.TransportPutUserAction.1
                public void onResponse(Boolean bool) {
                    if (bool.booleanValue()) {
                        TransportPutUserAction.this.logger.info("added user [{}]", putUserRequest.username());
                    } else {
                        TransportPutUserAction.this.logger.info("updated user [{}]", putUserRequest.username());
                    }
                    actionListener.onResponse(new PutUserResponse(bool.booleanValue()));
                }

                public void onFailure(Exception exc) {
                    Logger logger = TransportPutUserAction.this.logger;
                    PutUserRequest putUserRequest2 = putUserRequest;
                    logger.error(() -> {
                        return new ParameterizedMessage("failed to put user [{}]", putUserRequest2.username());
                    }, exc);
                    actionListener.onFailure(exc);
                }
            });
        }
    }

    private ActionRequestValidationException validateRequest(PutUserRequest putUserRequest) {
        ActionRequestValidationException actionRequestValidationException = null;
        String username = putUserRequest.username();
        if (ClientReservedRealm.isReserved(username, this.settings)) {
            actionRequestValidationException = AnonymousUser.isAnonymousUsername(username, this.settings) ? ValidateActions.addValidationError("user [" + username + "] is anonymous and cannot be modified via the API", (ActionRequestValidationException) null) : ValidateActions.addValidationError("user [" + username + "] is reserved and only the password can be changed", (ActionRequestValidationException) null);
        } else if (User.isInternalUsername(username)) {
            actionRequestValidationException = ValidateActions.addValidationError("user [" + username + "] is internal", (ActionRequestValidationException) null);
        } else {
            Validation.Error validateUsername = Validation.Users.validateUsername(username, true, this.settings);
            if (validateUsername != null) {
                actionRequestValidationException = ValidateActions.addValidationError(validateUsername.toString(), (ActionRequestValidationException) null);
            }
        }
        if (putUserRequest.roles() != null) {
            for (String str : putUserRequest.roles()) {
                Validation.Error validateRoleName = Validation.Roles.validateRoleName(str, true);
                if (validateRoleName != null) {
                    actionRequestValidationException = ValidateActions.addValidationError(validateRoleName.toString(), actionRequestValidationException);
                }
            }
        }
        return actionRequestValidationException;
    }

    protected /* bridge */ /* synthetic */ void doExecute(Task task, ActionRequest actionRequest, ActionListener actionListener) {
        doExecute(task, (PutUserRequest) actionRequest, (ActionListener<PutUserResponse>) actionListener);
    }
}
