package com.amazon.opendistroforelasticsearch.security.http;

import com.amazon.opendistroforelasticsearch.security.auth.HTTPAuthenticator;
import com.amazon.opendistroforelasticsearch.security.support.ConfigConstants;
import com.amazon.opendistroforelasticsearch.security.user.AuthCredentials;
import com.google.common.base.Predicates;
import java.nio.file.Path;
import java.util.regex.Pattern;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestRequest;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/http/HTTPProxyAuthenticator.class */
public class HTTPProxyAuthenticator implements HTTPAuthenticator {
    protected final Logger log = LogManager.getLogger(getClass());
    private volatile Settings settings;
    private final Pattern rolesSeparator;

    public HTTPProxyAuthenticator(Settings settings, Path path) {
        this.settings = settings;
        this.rolesSeparator = Pattern.compile(settings.get("roles_separator", ","));
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auth.HTTPAuthenticator
    public AuthCredentials extractCredentials(RestRequest restRequest, ThreadContext threadContext) {
        if (threadContext.getTransient(ConfigConstants.OPENDISTRO_SECURITY_XFF_DONE) != Boolean.TRUE) {
            throw new ElasticsearchSecurityException("xff not done", new Object[0]);
        }
        String str = this.settings.get("user_header");
        String str2 = this.settings.get("roles_header");
        if (this.log.isDebugEnabled()) {
            this.log.debug("headers {}", restRequest.getHeaders());
            this.log.debug("userHeader {}, value {}", str, str == null ? null : restRequest.header(str));
            this.log.debug("rolesHeader {}, value {}", str2, str2 == null ? null : restRequest.header(str2));
        }
        if (Strings.isNullOrEmpty(str) || Strings.isNullOrEmpty(restRequest.header(str))) {
            if (!this.log.isTraceEnabled()) {
                return null;
            }
            this.log.trace("No '{}' header, send 401", str);
            return null;
        }
        String[] strArr = null;
        if (!Strings.isNullOrEmpty(str2) && !Strings.isNullOrEmpty(restRequest.header(str2))) {
            strArr = (String[]) this.rolesSeparator.splitAsStream(restRequest.header(str2)).map((v0) -> {
                return v0.trim();
            }).filter(Predicates.not((v0) -> {
                return v0.isEmpty();
            })).toArray(i -> {
                return new String[i];
            });
        }
        return new AuthCredentials(restRequest.header(str), strArr).markComplete();
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auth.HTTPAuthenticator
    public boolean reRequestAuthentication(RestChannel restChannel, AuthCredentials authCredentials) {
        return false;
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auth.HTTPAuthenticator
    public String getType() {
        return "proxy";
    }
}
