package org.elasticsearch.xpack.security.authc;

import java.io.Closeable;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.authc.AuthenticationResult;
import org.elasticsearch.xpack.core.security.authc.AuthenticationToken;
import org.elasticsearch.xpack.core.security.authc.Realm;
import org.elasticsearch.xpack.core.security.user.User;
import org.elasticsearch.xpack.security.authc.AuthenticationService;
import org.elasticsearch.xpack.security.authc.jwt.JwtRealm;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/Authenticator.class */
public interface Authenticator {

    /* loaded from: input_file:org/elasticsearch/xpack/security/authc/Authenticator$Context.class */
    public static class Context implements Closeable {
        private final ThreadContext threadContext;
        private final AuthenticationService.AuditableRequest request;
        private final User fallbackUser;
        private final boolean allowAnonymous;
        private final Realms realms;
        private final List<AuthenticationToken> authenticationTokens = new ArrayList();
        private final List<String> unsuccessfulMessages = new ArrayList();
        private boolean handleNullToken = true;
        private SecureString bearerString = null;
        private List<Realm> defaultOrderedRealmList = null;
        private List<Realm> unlicensedRealms = null;

        public Context(ThreadContext threadContext, AuthenticationService.AuditableRequest auditableRequest, User user, boolean z, Realms realms) {
            this.threadContext = threadContext;
            this.request = auditableRequest;
            this.fallbackUser = user;
            this.allowAnonymous = z;
            this.realms = realms;
        }

        public ThreadContext getThreadContext() {
            return this.threadContext;
        }

        public AuthenticationService.AuditableRequest getRequest() {
            return this.request;
        }

        public User getFallbackUser() {
            return this.fallbackUser;
        }

        public boolean isAllowAnonymous() {
            return this.allowAnonymous;
        }

        public void setHandleNullToken(boolean z) {
            this.handleNullToken = z;
        }

        public boolean shouldHandleNullToken() {
            return this.handleNullToken;
        }

        public List<String> getUnsuccessfulMessages() {
            return this.unsuccessfulMessages;
        }

        public void addAuthenticationToken(AuthenticationToken authenticationToken) {
            this.authenticationTokens.add(authenticationToken);
        }

        @Nullable
        public AuthenticationToken getMostRecentAuthenticationToken() {
            if (this.authenticationTokens.isEmpty()) {
                return null;
            }
            return this.authenticationTokens.get(this.authenticationTokens.size() - 1);
        }

        public SecureString getBearerString() {
            if (this.bearerString == null) {
                this.bearerString = Authenticator.extractBearerTokenFromHeader(this.threadContext);
            }
            return this.bearerString;
        }

        public List<Realm> getDefaultOrderedRealmList() {
            if (this.defaultOrderedRealmList == null) {
                this.defaultOrderedRealmList = this.realms.getActiveRealms();
            }
            return this.defaultOrderedRealmList;
        }

        public List<Realm> getUnlicensedRealms() {
            if (this.unlicensedRealms == null) {
                this.unlicensedRealms = this.realms.getUnlicensedRealms();
            }
            return this.unlicensedRealms;
        }

        public void addUnsuccessfulMessage(String str) {
            this.unsuccessfulMessages.add(str);
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            this.authenticationTokens.forEach((v0) -> {
                v0.clearCredentials();
            });
        }

        public void addUnsuccessfulMessageToMetadata(ElasticsearchSecurityException elasticsearchSecurityException) {
            if (false == getUnsuccessfulMessages().isEmpty()) {
                elasticsearchSecurityException.addMetadata("es.additional_unsuccessful_credentials", getUnsuccessfulMessages());
            }
        }
    }

    String name();

    @Nullable
    AuthenticationToken extractCredentials(Context context);

    default boolean canBeFollowedByNullTokenHandler() {
        return true;
    }

    void authenticate(Context context, ActionListener<AuthenticationResult<Authentication>> actionListener);

    static SecureString extractCredentialFromAuthorizationHeader(ThreadContext threadContext, String str) {
        return extractCredentialFromHeaderValue(threadContext.getHeader("Authorization"), str);
    }

    static SecureString extractCredentialFromHeaderValue(String str, String str2) {
        String str3 = str2 + " ";
        if (!Strings.hasText(str) || !str.regionMatches(true, 0, str3, 0, str3.length()) || str.length() <= str3.length()) {
            return null;
        }
        char[] cArr = new char[str.length() - str3.length()];
        str.getChars(str3.length(), str.length(), cArr, 0);
        return new SecureString(cArr);
    }

    static SecureString extractBearerTokenFromHeader(ThreadContext threadContext) {
        return extractCredentialFromAuthorizationHeader(threadContext, JwtRealm.HEADER_END_USER_AUTHENTICATION_SCHEME);
    }
}
