package com.floragunn.searchguard.transport;

import com.floragunn.searchguard.auditlog.AuditLog;
import com.floragunn.searchguard.auth.BackendRegistry;
import com.floragunn.searchguard.ssl.transport.PrincipalExtractor;
import com.floragunn.searchguard.support.Base64Helper;
import com.floragunn.searchguard.support.ConfigConstants;
import com.floragunn.searchguard.user.User;
import com.google.common.collect.Maps;
import java.net.InetSocketAddress;
import java.util.Map;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportException;
import org.elasticsearch.transport.TransportInterceptor;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.transport.TransportRequestHandler;
import org.elasticsearch.transport.TransportRequestOptions;
import org.elasticsearch.transport.TransportResponse;
import org.elasticsearch.transport.TransportResponseHandler;

/* loaded from: input_file:com/floragunn/searchguard/transport/SearchGuardInterceptor.class */
public class SearchGuardInterceptor {
    private BackendRegistry backendRegistry;
    private AuditLog auditLog;
    private final ThreadPool threadPool;
    private final PrincipalExtractor principalExtractor;
    private final InterClusterRequestEvaluator requestEvalProvider;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/floragunn/searchguard/transport/SearchGuardInterceptor$RestoringTransportResponseHandler.class */
    public static class RestoringTransportResponseHandler<T extends TransportResponse> implements TransportResponseHandler<T> {
        private final ThreadContext.StoredContext contextToRestore;
        private final TransportResponseHandler<T> innerHandler;

        private RestoringTransportResponseHandler(TransportResponseHandler<T> transportResponseHandler, ThreadContext.StoredContext storedContext) {
            this.contextToRestore = storedContext;
            this.innerHandler = transportResponseHandler;
        }

        public T newInstance() {
            return (T) this.innerHandler.newInstance();
        }

        public void handleResponse(T t) {
            this.contextToRestore.restore();
            this.innerHandler.handleResponse(t);
        }

        public void handleException(TransportException transportException) {
            this.contextToRestore.restore();
            this.innerHandler.handleException(transportException);
        }

        public String executor() {
            return this.innerHandler.executor();
        }
    }

    public SearchGuardInterceptor(Settings settings, ThreadPool threadPool, BackendRegistry backendRegistry, AuditLog auditLog, PrincipalExtractor principalExtractor, InterClusterRequestEvaluator interClusterRequestEvaluator) {
        this.backendRegistry = backendRegistry;
        this.auditLog = auditLog;
        this.threadPool = threadPool;
        this.principalExtractor = principalExtractor;
        this.requestEvalProvider = interClusterRequestEvaluator;
    }

    public <T extends TransportRequest> SearchGuardRequestHandler<T> getHandler(String str, TransportRequestHandler<T> transportRequestHandler) {
        return new SearchGuardRequestHandler<>(str, transportRequestHandler, this.threadPool, this.backendRegistry, this.auditLog, this.principalExtractor, this.requestEvalProvider);
    }

    public <T extends TransportResponse> void sendRequestDecorate(TransportInterceptor.AsyncSender asyncSender, Transport.Connection connection, String str, TransportRequest transportRequest, TransportRequestOptions transportRequestOptions, TransportResponseHandler<T> transportResponseHandler) {
        Map headers = getThreadContext().getHeaders();
        User user = (User) getThreadContext().getTransient(ConfigConstants.SG_USER);
        Object obj = getThreadContext().getTransient(ConfigConstants.SG_REMOTE_ADDRESS);
        ThreadContext.StoredContext newStoredContext = getThreadContext().newStoredContext(false);
        ThreadContext.StoredContext stashAndMergeHeaders = getThreadContext().stashAndMergeHeaders(Maps.filterKeys(headers, str2 -> {
            return str2.equals(ConfigConstants.SG_CONF_REQUEST_HEADER);
        }));
        Throwable th = null;
        try {
            RestoringTransportResponseHandler restoringTransportResponseHandler = new RestoringTransportResponseHandler(transportResponseHandler, newStoredContext);
            getThreadContext().putTransient(ConfigConstants.SG_USER, user);
            getThreadContext().putTransient(ConfigConstants.SG_REMOTE_ADDRESS, obj);
            attachHeaders(str, obj, user);
            asyncSender.sendRequest(connection, str, transportRequest, transportRequestOptions, restoringTransportResponseHandler);
            if (stashAndMergeHeaders != null) {
                if (0 == 0) {
                    stashAndMergeHeaders.close();
                    return;
                }
                try {
                    stashAndMergeHeaders.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (stashAndMergeHeaders != null) {
                if (0 != 0) {
                    try {
                        stashAndMergeHeaders.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    stashAndMergeHeaders.close();
                }
            }
            throw th3;
        }
    }

    private void attachHeaders(String str, Object obj, User user) {
        if (obj != null && (obj instanceof InetSocketTransportAddress)) {
            String header = getThreadContext().getHeader(ConfigConstants.SG_REMOTE_ADDRESS_HEADER);
            if (header == null) {
                getThreadContext().putHeader(ConfigConstants.SG_REMOTE_ADDRESS_HEADER, Base64Helper.serializeObject(((InetSocketTransportAddress) obj).address()));
            } else if (!((InetSocketAddress) Base64Helper.deserializeObject(header)).equals(((InetSocketTransportAddress) obj).address())) {
                throw new RuntimeException("remote address mismatch " + Base64Helper.deserializeObject(header) + "!=" + ((InetSocketTransportAddress) obj).address());
            }
        }
        User user2 = user;
        if (user2 == null && obj == null && getThreadContext().getTransient(ConfigConstants.SG_CHANNEL_TYPE) == null) {
            user2 = User.SG_INTERNAL;
        }
        if (user2 == null) {
            throw new ElasticsearchSecurityException("user must not be null here for " + str, new Object[0]);
        }
        String header2 = getThreadContext().getHeader(ConfigConstants.SG_USER_HEADER);
        if (header2 == null) {
            getThreadContext().putHeader(ConfigConstants.SG_USER_HEADER, Base64Helper.serializeObject(user2));
        } else if (!((User) Base64Helper.deserializeObject(header2)).getName().equals(user2.getName())) {
            throw new RuntimeException("user mismatch " + Base64Helper.deserializeObject(header2) + "!=" + user2);
        }
    }

    private ThreadContext getThreadContext() {
        return this.threadPool.getThreadContext();
    }
}
