package com.amazon.opendistroforelasticsearch.security.dlic.rest.api;

import com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog;
import com.amazon.opendistroforelasticsearch.security.configuration.AdminDNs;
import com.amazon.opendistroforelasticsearch.security.configuration.ConfigurationRepository;
import com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction;
import com.amazon.opendistroforelasticsearch.security.dlic.rest.support.Utils;
import com.amazon.opendistroforelasticsearch.security.dlic.rest.validation.AbstractConfigurationValidator;
import com.amazon.opendistroforelasticsearch.security.dlic.rest.validation.AccountValidator;
import com.amazon.opendistroforelasticsearch.security.privileges.PrivilegesEvaluator;
import com.amazon.opendistroforelasticsearch.security.securityconf.Hashed;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.CType;
import com.amazon.opendistroforelasticsearch.security.securityconf.impl.SecurityDynamicConfiguration;
import com.amazon.opendistroforelasticsearch.security.ssl.transport.PrincipalExtractor;
import com.amazon.opendistroforelasticsearch.security.support.ConfigConstants;
import com.amazon.opendistroforelasticsearch.security.support.SecurityJsonNode;
import com.amazon.opendistroforelasticsearch.security.user.User;
import com.fasterxml.jackson.databind.JsonNode;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.nio.file.Path;
import java.util.List;
import java.util.Set;
import org.bouncycastle.crypto.generators.OpenBSDBCrypt;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.rest.BytesRestResponse;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/dlic/rest/api/AccountApiAction.class */
public class AccountApiAction extends AbstractApiAction {
    private static final String RESOURCE_NAME = "account";
    private static final List<RestHandler.Route> routes = ImmutableList.of(new RestHandler.Route(RestRequest.Method.GET, "/_opendistro/_security/api/account"), new RestHandler.Route(RestRequest.Method.PUT, "/_opendistro/_security/api/account"));
    private final PrivilegesEvaluator privilegesEvaluator;
    private final ThreadContext threadContext;

    public AccountApiAction(Settings settings, Path path, RestController restController, Client client, AdminDNs adminDNs, ConfigurationRepository configurationRepository, ClusterService clusterService, PrincipalExtractor principalExtractor, PrivilegesEvaluator privilegesEvaluator, ThreadPool threadPool, AuditLog auditLog) {
        super(settings, path, restController, client, adminDNs, configurationRepository, clusterService, principalExtractor, privilegesEvaluator, threadPool, auditLog);
        this.privilegesEvaluator = privilegesEvaluator;
        this.threadContext = threadPool.getThreadContext();
    }

    public List<RestHandler.Route> routes() {
        return routes;
    }

    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    protected void handleGet(RestChannel restChannel, RestRequest restRequest, Client client, JsonNode jsonNode) throws IOException {
        BytesRestResponse bytesRestResponse;
        XContentBuilder newBuilder = restChannel.newBuilder();
        try {
            newBuilder.startObject();
            User user = (User) this.threadContext.getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER);
            if (user != null) {
                Set<String> mapRoles = this.privilegesEvaluator.mapRoles(user, (TransportAddress) this.threadContext.getTransient(ConfigConstants.OPENDISTRO_SECURITY_REMOTE_ADDRESS));
                SecurityDynamicConfiguration<?> load = load(getConfigName(), false);
                newBuilder.field("user_name", user.getName()).field("is_reserved", isReserved(load, user.getName())).field("is_hidden", load.isHidden(user.getName())).field("is_internal_user", load.exists(user.getName())).field("user_requested_tenant", user.getRequestedTenant()).field("backend_roles", user.getRoles()).field("custom_attribute_names", user.getCustomAttributesMap().keySet()).field("tenants", this.privilegesEvaluator.mapTenants(user, mapRoles)).field(com.amazon.dlic.auth.ldap.util.ConfigConstants.LDAP_AUTHZ_ROLES, mapRoles);
            }
            newBuilder.endObject();
            bytesRestResponse = new BytesRestResponse(RestStatus.OK, newBuilder);
        } catch (Exception e) {
            this.log.error(e.toString(), e);
            newBuilder.startObject().field("error", e.toString()).endObject();
            bytesRestResponse = new BytesRestResponse(RestStatus.INTERNAL_SERVER_ERROR, newBuilder);
        }
        restChannel.sendResponse(bytesRestResponse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public void handlePut(final RestChannel restChannel, RestRequest restRequest, Client client, JsonNode jsonNode) throws IOException {
        final String name = ((User) this.threadContext.getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER)).getName();
        SecurityDynamicConfiguration<?> load = load(CType.INTERNALUSERS, false);
        if (!load.exists(name)) {
            notFound(restChannel, "Could not find user.");
            return;
        }
        if (isWriteable(restChannel, load, name)) {
            SecurityJsonNode securityJsonNode = new SecurityJsonNode(jsonNode);
            String asText = jsonNode.get("current_password").asText();
            Hashed hashed = (Hashed) load.getCEntry(name);
            String hash = hashed.getHash();
            if (hash == null || !OpenBSDBCrypt.checkPassword(hash, asText.toCharArray())) {
                badRequestResponse(restChannel, "Could not validate your current password.");
                return;
            }
            String asString = securityJsonNode.get("password").asString();
            String asString2 = Strings.isNullOrEmpty(asString) ? securityJsonNode.get("hash").asString() : Utils.hash(asString.toCharArray());
            if (Strings.isNullOrEmpty(asString2)) {
                badRequestResponse(restChannel, "Both provided password and hash cannot be null/empty.");
            } else {
                hashed.setHash(asString2);
                saveAnUpdateConfigs(client, restRequest, CType.INTERNALUSERS, load, new AbstractApiAction.OnSucessActionListener<IndexResponse>(restChannel) { // from class: com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AccountApiAction.1
                    public void onResponse(IndexResponse indexResponse) {
                        AccountApiAction.this.successResponse(restChannel, "'" + name + "' updated.");
                    }
                });
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public AbstractConfigurationValidator getValidator(RestRequest restRequest, BytesReference bytesReference, Object... objArr) {
        return new AccountValidator(restRequest, bytesReference, this.settings, ((User) this.threadContext.getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER)).getName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public String getResourceName() {
        return RESOURCE_NAME;
    }

    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    protected Endpoint getEndpoint() {
        return Endpoint.ACCOUNT;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public void filter(SecurityDynamicConfiguration<?> securityDynamicConfiguration) {
        super.filter(securityDynamicConfiguration);
        securityDynamicConfiguration.clearHashes();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AbstractApiAction
    public CType getConfigName() {
        return CType.INTERNALUSERS;
    }
}
