package com.amazon.opendistroforelasticsearch.security.auth;

import com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog;
import com.amazon.opendistroforelasticsearch.security.http.XFFResolver;
import com.amazon.opendistroforelasticsearch.security.support.ConfigConstants;
import com.amazon.opendistroforelasticsearch.security.support.OpenDistroSecurityUtils;
import com.amazon.opendistroforelasticsearch.security.user.User;
import com.google.common.base.Strings;
import java.io.ObjectStreamException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.Map;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/auth/UserInjector.class */
public class UserInjector {
    protected final Logger log = LogManager.getLogger(UserInjector.class);
    private final ThreadPool threadPool;
    private final AuditLog auditLog;
    private final XFFResolver xffResolver;
    private final Boolean injectUserEnabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/auth/UserInjector$InjectedUser.class */
    public static class InjectedUser extends User {
        private transient TransportAddress transportAddress;

        public InjectedUser(String str) {
            super(str);
        }

        private Object writeReplace() throws ObjectStreamException {
            User user = new User(getName());
            user.addRoles(getRoles());
            user.addOpenDistroSecurityRoles(getOpenDistroSecurityRoles());
            user.setRequestedTenant(getRequestedTenant());
            user.addAttributes(getCustomAttributesMap());
            user.setInjected(true);
            return user;
        }

        public TransportAddress getTransportAddress() {
            return this.transportAddress;
        }

        public void setTransportAddress(String str) throws UnknownHostException, IllegalArgumentException {
            String[] split = str.split(":");
            if (split.length != 2) {
                throw new IllegalArgumentException("Remote address must have format ip:port");
            }
            this.transportAddress = new TransportAddress(InetAddress.getByName(split[0]), Integer.parseInt(split[1]));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserInjector(Settings settings, ThreadPool threadPool, AuditLog auditLog, XFFResolver xFFResolver) {
        this.threadPool = threadPool;
        this.auditLog = auditLog;
        this.xffResolver = xFFResolver;
        this.injectUserEnabled = settings.getAsBoolean(ConfigConstants.OPENDISTRO_SECURITY_UNSUPPORTED_INJECT_USER_ENABLED, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public InjectedUser getInjectedUser() {
        if (!this.injectUserEnabled.booleanValue()) {
            return null;
        }
        String str = (String) this.threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER);
        if (this.log.isDebugEnabled()) {
            this.log.debug("Injected user string: {}", str);
        }
        if (Strings.isNullOrEmpty(str)) {
            return null;
        }
        String[] split = str.split("\\|");
        if (split.length == 0) {
            this.log.error("User string malformed, could not extract parts. User string was '{}.' User injection failed.", str);
            return null;
        }
        if (Strings.isNullOrEmpty(split[0])) {
            this.log.error("Username must not be null, user string was '{}.' User injection failed.", str);
            return null;
        }
        InjectedUser injectedUser = new InjectedUser(split[0]);
        if (split.length > 1 && !Strings.isNullOrEmpty(split[1]) && split[1].length() > 0) {
            injectedUser.addRoles(Arrays.asList(split[1].split(",")));
        }
        if (split.length > 3 && !Strings.isNullOrEmpty(split[3])) {
            Map<String, String> mapFromArray = OpenDistroSecurityUtils.mapFromArray(split[3].split(","));
            if (mapFromArray == null) {
                this.log.error("Could not parse custom attributes {}, user injection failed.", split[3]);
                return null;
            }
            injectedUser.addAttributes(mapFromArray);
        }
        if (split.length > 4 && !Strings.isNullOrEmpty(split[4])) {
            injectedUser.setRequestedTenant(split[4]);
        }
        if (split.length > 2 && !Strings.isNullOrEmpty(split[2])) {
            try {
                injectedUser.setTransportAddress(split[2]);
            } catch (IllegalArgumentException | UnknownHostException e) {
                this.log.error("Cannot parse remote IP or port: {}, user injection failed.", split[2], e);
                return null;
            }
        }
        injectedUser.setInjected(true);
        if (this.log.isTraceEnabled()) {
            this.log.trace("Injected user object:{} ", injectedUser.toString());
        }
        return injectedUser;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean injectUser(RestRequest restRequest) {
        InjectedUser injectedUser = getInjectedUser();
        if (injectedUser == null) {
            return false;
        }
        if (injectedUser.getTransportAddress() != null) {
            this.threadPool.getThreadContext().putTransient(ConfigConstants.OPENDISTRO_SECURITY_REMOTE_ADDRESS, injectedUser.getTransportAddress());
        } else {
            this.threadPool.getThreadContext().putTransient(ConfigConstants.OPENDISTRO_SECURITY_REMOTE_ADDRESS, this.xffResolver.resolve(restRequest));
        }
        this.threadPool.getThreadContext().putTransient(ConfigConstants.OPENDISTRO_SECURITY_USER, injectedUser);
        this.auditLog.logSucceededLogin(injectedUser.getName(), true, null, restRequest);
        return true;
    }
}
