package com.floragunn.searchguard.dlic.rest.api;

import com.floragunn.searchguard.auditlog.AuditLog;
import com.floragunn.searchguard.configuration.AdminDNs;
import com.floragunn.searchguard.configuration.IndexBaseConfigurationRepository;
import com.floragunn.searchguard.configuration.PrivilegesEvaluator;
import com.floragunn.searchguard.dlic.rest.support.Utils;
import com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator;
import com.floragunn.searchguard.dlic.rest.validation.InternalUsersValidator;
import com.floragunn.searchguard.ssl.transport.PrincipalExtractor;
import java.nio.file.Path;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Map;
import java.util.Objects;
import org.bouncycastle.crypto.generators.OpenBSDBCrypt;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestResponse;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/InternalUsersApiAction.class */
public class InternalUsersApiAction extends AbstractApiAction {
    @Inject
    public InternalUsersApiAction(Settings settings, Path path, RestController restController, Client client, AdminDNs adminDNs, IndexBaseConfigurationRepository indexBaseConfigurationRepository, ClusterService clusterService, PrincipalExtractor principalExtractor, PrivilegesEvaluator privilegesEvaluator, ThreadPool threadPool, AuditLog auditLog) {
        super(settings, path, restController, client, adminDNs, indexBaseConfigurationRepository, clusterService, principalExtractor, privilegesEvaluator, threadPool, auditLog);
        restController.registerHandler(RestRequest.Method.GET, "/_searchguard/api/user/{name}", this);
        restController.registerHandler(RestRequest.Method.GET, "/_searchguard/api/user/", this);
        restController.registerHandler(RestRequest.Method.DELETE, "/_searchguard/api/user/{name}", this);
        restController.registerHandler(RestRequest.Method.PUT, "/_searchguard/api/user/{name}", this);
        restController.registerHandler(RestRequest.Method.GET, "/_searchguard/api/internalusers/{name}", this);
        restController.registerHandler(RestRequest.Method.GET, "/_searchguard/api/internalusers/", this);
        restController.registerHandler(RestRequest.Method.DELETE, "/_searchguard/api/internalusers/{name}", this);
        restController.registerHandler(RestRequest.Method.PUT, "/_searchguard/api/internalusers/{name}", this);
    }

    @Override // com.floragunn.searchguard.dlic.rest.api.AbstractApiAction
    protected Endpoint getEndpoint() {
        return Endpoint.INTERNALUSERS;
    }

    @Override // com.floragunn.searchguard.dlic.rest.api.AbstractApiAction
    protected Tuple<String[], RestResponse> handlePut(RestRequest restRequest, Client client, Settings.Builder builder) throws Throwable {
        String param = restRequest.param("name");
        if (param == null || param.length() == 0) {
            return badRequestResponse("No " + getResourceName() + " specified");
        }
        if (loadAsSettings(getConfigName()).getAsBoolean(param + ".readonly", Boolean.FALSE).booleanValue()) {
            return forbidden("Resource '" + param + "' is read-only.");
        }
        String str = builder.get("password");
        if (str != null && str.length() > 0) {
            builder.remove("password");
            builder.put("hash", hash(str.toCharArray()));
        }
        Map<String, Object> convertJsonToxToStructuredMap = Utils.convertJsonToxToStructuredMap(load("internalusers").build());
        boolean containsKey = convertJsonToxToStructuredMap.containsKey(param);
        if (!containsKey && builder.get("hash") == null) {
            return badRequestResponse("Please specify either 'hash' or 'password' when creating a new internal user");
        }
        if (containsKey && builder.get("hash") == null) {
            Map map = (Map) convertJsonToxToStructuredMap.get(param);
            if (!map.containsKey("hash")) {
                return internalErrorResponse("Existing user " + param + " has no password, and no new password or hash was specified");
            }
            builder.put("hash", (String) map.get("hash"));
        }
        convertJsonToxToStructuredMap.remove(param);
        convertJsonToxToStructuredMap.put(param, Utils.convertJsonToxToStructuredMap(builder.build()));
        save(client, restRequest, "internalusers", Utils.convertStructuredMapToBytes(convertJsonToxToStructuredMap));
        return containsKey ? successResponse("'" + param + "' updated", "internalusers") : createdResponse("'" + param + "' created", "internalusers");
    }

    public static String hash(char[] cArr) {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        String generate = OpenBSDBCrypt.generate((char[]) Objects.requireNonNull(cArr), bArr, 12);
        Arrays.fill(bArr, (byte) 0);
        Arrays.fill(cArr, (char) 0);
        return generate;
    }

    @Override // com.floragunn.searchguard.dlic.rest.api.AbstractApiAction
    protected String getResourceName() {
        return "user";
    }

    @Override // com.floragunn.searchguard.dlic.rest.api.AbstractApiAction
    protected String getConfigName() {
        return "internalusers";
    }

    @Override // com.floragunn.searchguard.dlic.rest.api.AbstractApiAction
    protected AbstractConfigurationValidator getValidator(RestRequest.Method method, BytesReference bytesReference) {
        return new InternalUsersValidator(method, bytesReference);
    }
}
