package org.elasticsearch.xpack.security.action.user;

import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.support.ActionFilters;
import org.elasticsearch.action.support.HandledTransportAction;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.core.security.SecurityContext;
import org.elasticsearch.xpack.core.security.action.user.AuthenticateRequest;
import org.elasticsearch.xpack.core.security.action.user.AuthenticateResponse;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.user.AnonymousUser;
import org.elasticsearch.xpack.core.security.user.InternalUser;
import org.elasticsearch.xpack.core.security.user.User;

/* loaded from: input_file:org/elasticsearch/xpack/security/action/user/TransportAuthenticateAction.class */
public class TransportAuthenticateAction extends HandledTransportAction<AuthenticateRequest, AuthenticateResponse> {
    private final SecurityContext securityContext;
    private final AnonymousUser anonymousUser;

    @Inject
    public TransportAuthenticateAction(TransportService transportService, ActionFilters actionFilters, SecurityContext securityContext, AnonymousUser anonymousUser) {
        super("cluster:admin/xpack/security/user/authenticate", transportService, actionFilters, AuthenticateRequest::new);
        this.securityContext = securityContext;
        this.anonymousUser = anonymousUser;
    }

    protected void doExecute(Task task, AuthenticateRequest authenticateRequest, ActionListener<AuthenticateResponse> actionListener) {
        User user;
        User user2;
        Authentication authentication = this.securityContext.getAuthentication();
        if (authentication == null) {
            user2 = null;
            user = null;
        } else {
            user = authentication.getEffectiveSubject().getUser();
            user2 = authentication.getAuthenticatingSubject().getUser();
        }
        if (user2 == null) {
            actionListener.onFailure(new ElasticsearchSecurityException("did not find an authenticated user", new Object[0]));
            return;
        }
        if (user2 instanceof InternalUser) {
            actionListener.onFailure(new IllegalArgumentException("user [" + user2.principal() + "] is internal"));
        } else if (user instanceof InternalUser) {
            actionListener.onFailure(new IllegalArgumentException("user [" + user.principal() + "] is internal"));
        } else {
            actionListener.onResponse(new AuthenticateResponse(authentication.maybeAddAnonymousRoles(this.anonymousUser)));
        }
    }

    protected /* bridge */ /* synthetic */ void doExecute(Task task, ActionRequest actionRequest, ActionListener actionListener) {
        doExecute(task, (AuthenticateRequest) actionRequest, (ActionListener<AuthenticateResponse>) actionListener);
    }
}
