package org.elasticsearch.xpack.security.rest.action.saml;

import java.io.IOException;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ObjectParser;
import org.elasticsearch.common.xcontent.ParseField;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.core.RestApiVersion;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.rest.BaseRestHandler;
import org.elasticsearch.rest.BytesRestResponse;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestRequestFilter;
import org.elasticsearch.rest.RestResponse;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.rest.action.RestBuilderListener;
import org.elasticsearch.xpack.core.security.action.saml.SamlAuthenticateResponse;
import org.elasticsearch.xpack.core.security.client.SecurityClient;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;

/* loaded from: input_file:org/elasticsearch/xpack/security/rest/action/saml/RestSamlAuthenticateAction.class */
public class RestSamlAuthenticateAction extends SamlBaseRestHandler implements RestRequestFilter {
    private static final Logger logger = LogManager.getLogger();
    static final ObjectParser<Input, Void> PARSER = new ObjectParser<>("saml_authenticate", Input::new);
    private static final Set<String> FILTERED_FIELDS;

    /* loaded from: input_file:org/elasticsearch/xpack/security/rest/action/saml/RestSamlAuthenticateAction$Input.class */
    static class Input {
        String content;
        List<String> ids;
        String realm;

        Input() {
        }

        void setContent(String str) {
            this.content = str;
        }

        void setIds(List<String> list) {
            this.ids = list;
        }

        void setRealm(String str) {
            this.realm = str;
        }
    }

    public RestSamlAuthenticateAction(Settings settings, XPackLicenseState xPackLicenseState) {
        super(settings, xPackLicenseState);
    }

    public List<RestHandler.Route> routes() {
        return org.elasticsearch.core.List.of(RestHandler.Route.builder(RestRequest.Method.POST, "/_security/saml/authenticate").replaces(RestRequest.Method.POST, "/_xpack/security/saml/authenticate", RestApiVersion.V_7).build());
    }

    public String getName() {
        return "security_saml_authenticate_action";
    }

    @Override // org.elasticsearch.xpack.security.rest.action.SecurityBaseRestHandler
    public BaseRestHandler.RestChannelConsumer innerPrepareRequest(RestRequest restRequest, NodeClient nodeClient) throws IOException {
        XContentParser contentParser = restRequest.contentParser();
        try {
            Input input = (Input) PARSER.parse(contentParser, (Object) null);
            logger.trace("SAML Authenticate: [{}...] [{}]", Strings.cleanTruncate(input.content, 128), input.ids);
            BaseRestHandler.RestChannelConsumer restChannelConsumer = restChannel -> {
                new SecurityClient(nodeClient).prepareSamlAuthenticate(decodeBase64(input.content), input.ids).authenticatingRealm(input.realm).execute(new RestBuilderListener<SamlAuthenticateResponse>(restChannel) { // from class: org.elasticsearch.xpack.security.rest.action.saml.RestSamlAuthenticateAction.1
                    public RestResponse buildResponse(SamlAuthenticateResponse samlAuthenticateResponse, XContentBuilder xContentBuilder) throws Exception {
                        xContentBuilder.startObject();
                        xContentBuilder.field("username", samlAuthenticateResponse.getPrincipal());
                        xContentBuilder.field(LoggingAuditTrail.REALM_FIELD_NAME, samlAuthenticateResponse.getRealm());
                        xContentBuilder.field("access_token", samlAuthenticateResponse.getTokenString());
                        xContentBuilder.field("refresh_token", samlAuthenticateResponse.getRefreshToken());
                        xContentBuilder.field("expires_in", samlAuthenticateResponse.getExpiresIn().seconds());
                        if (samlAuthenticateResponse.getAuthentication() != null) {
                            xContentBuilder.field("authentication", samlAuthenticateResponse.getAuthentication());
                        }
                        xContentBuilder.endObject();
                        return new BytesRestResponse(RestStatus.OK, xContentBuilder);
                    }
                });
            };
            if (contentParser != null) {
                contentParser.close();
            }
            return restChannelConsumer;
        } catch (Throwable th) {
            if (contentParser != null) {
                try {
                    contentParser.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private byte[] decodeBase64(String str) {
        String replaceAll = str.replaceAll("\\s+", "");
        try {
            return Base64.getDecoder().decode(replaceAll);
        } catch (IllegalArgumentException e) {
            logger.info("Failed to decode base64 string [{}] - {}", replaceAll, e.toString());
            throw e;
        }
    }

    public Set<String> getFilteredFields() {
        return FILTERED_FIELDS;
    }

    static {
        PARSER.declareString((v0, v1) -> {
            v0.setContent(v1);
        }, new ParseField("content", new String[0]));
        PARSER.declareStringArray((v0, v1) -> {
            v0.setIds(v1);
        }, new ParseField("ids", new String[0]));
        PARSER.declareStringOrNull((v0, v1) -> {
            v0.setRealm(v1);
        }, new ParseField(LoggingAuditTrail.REALM_FIELD_NAME, new String[0]));
        FILTERED_FIELDS = Collections.singleton("content");
    }
}
