package org.elasticsearch.xpack.security.authc;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.authc.AuthenticationResult;
import org.elasticsearch.xpack.core.security.authc.AuthenticationToken;
import org.elasticsearch.xpack.core.security.support.Exceptions;
import org.elasticsearch.xpack.security.authc.ApiKeyService;
import org.elasticsearch.xpack.security.authc.Authenticator;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/elasticsearch/xpack/security/authc/ApiKeyAuthenticator.class */
public class ApiKeyAuthenticator implements Authenticator {
    private static final Logger logger = LogManager.getLogger(ApiKeyAuthenticator.class);
    private final ApiKeyService apiKeyService;
    private final String nodeName;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ApiKeyAuthenticator(ApiKeyService apiKeyService, String str) {
        this.apiKeyService = apiKeyService;
        this.nodeName = str;
    }

    @Override // org.elasticsearch.xpack.security.authc.Authenticator
    public String name() {
        return "API key";
    }

    @Override // org.elasticsearch.xpack.security.authc.Authenticator
    public AuthenticationToken extractCredentials(Authenticator.Context context) {
        return this.apiKeyService.getCredentialsFromHeader(context.getThreadContext());
    }

    @Override // org.elasticsearch.xpack.security.authc.Authenticator
    public void authenticate(Authenticator.Context context, ActionListener<AuthenticationResult<Authentication>> actionListener) {
        AuthenticationToken mostRecentAuthenticationToken = context.getMostRecentAuthenticationToken();
        if (false == (mostRecentAuthenticationToken instanceof ApiKeyService.ApiKeyCredentials)) {
            actionListener.onResponse(AuthenticationResult.notHandled());
        } else {
            this.apiKeyService.tryAuthenticate(context.getThreadContext(), (ApiKeyService.ApiKeyCredentials) mostRecentAuthenticationToken, ActionListener.wrap(authenticationResult -> {
                if (authenticationResult.isAuthenticated()) {
                    actionListener.onResponse(AuthenticationResult.success(Authentication.newApiKeyAuthentication(authenticationResult, this.nodeName)));
                    return;
                }
                if (authenticationResult.getStatus() == AuthenticationResult.Status.TERMINATE) {
                    Exception exception = authenticationResult.getException() != null ? authenticationResult.getException() : Exceptions.authenticationError(authenticationResult.getMessage(), new Object[0]);
                    logger.debug(() -> {
                        return "API key service terminated authentication for request [" + context.getRequest() + "]";
                    }, exception);
                    actionListener.onFailure(exception);
                } else {
                    if (authenticationResult.getMessage() != null) {
                        if (authenticationResult.getException() != null) {
                            logger.warn(new ParameterizedMessage("Authentication using apikey failed - {}", authenticationResult.getMessage()), authenticationResult.getException());
                        } else {
                            logger.warn("Authentication using apikey failed - {}", authenticationResult.getMessage());
                        }
                    }
                    actionListener.onResponse(AuthenticationResult.unsuccessful(authenticationResult.getMessage(), authenticationResult.getException()));
                }
            }, exc -> {
                actionListener.onFailure(context.getRequest().exceptionProcessingRequest(exc, null));
            }));
        }
    }
}
