package com.floragunn.searchguard.auth;

import com.floragunn.searchguard.auditlog.AuditLog;
import com.floragunn.searchguard.http.XFFResolver;
import com.floragunn.searchguard.support.ConfigConstants;
import com.floragunn.searchguard.support.SgUtils;
import com.floragunn.searchguard.user.User;
import com.google.common.base.Strings;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.Map;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.threadpool.ThreadPool;

/* loaded from: input_file:com/floragunn/searchguard/auth/UserInjector.class */
public class UserInjector {
    protected final Logger log = LogManager.getLogger(UserInjector.class);
    private final ThreadPool threadPool;
    private final AuditLog auditLog;
    private final XFFResolver xffResolver;
    private final Boolean injectUserEnabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserInjector(Settings settings, ThreadPool threadPool, AuditLog auditLog, XFFResolver xFFResolver) {
        this.threadPool = threadPool;
        this.auditLog = auditLog;
        this.xffResolver = xFFResolver;
        this.injectUserEnabled = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_UNSUPPORTED_INJECT_USER_ENABLED, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean injectUser(RestRequest restRequest) {
        if (!this.injectUserEnabled.booleanValue()) {
            return false;
        }
        String str = (String) this.threadPool.getThreadContext().getTransient(ConfigConstants.SG_INJECTED_USER);
        if (this.log.isDebugEnabled()) {
            this.log.debug("Injected user string: {}", str);
        }
        if (Strings.isNullOrEmpty(str)) {
            return false;
        }
        String[] split = str.split("\\|");
        if (split.length == 0) {
            this.log.error("User string malformed, could not extract parts. User string was '{}.' User injection failed.", str);
            return false;
        }
        if (Strings.isNullOrEmpty(split[0])) {
            this.log.error("Username must not be null, user string was '{}.' User injection failed.", str);
            return false;
        }
        User user = new User(split[0]);
        if (split.length > 1 && !Strings.isNullOrEmpty(split[1]) && split[1].length() > 0) {
            user.addRoles(Arrays.asList(split[1].split(",")));
        }
        if (split.length > 3 && !Strings.isNullOrEmpty(split[3])) {
            Map<String, String> mapFromArray = SgUtils.mapFromArray(split[3].split(","));
            if (mapFromArray == null) {
                this.log.error("Could not parse custom attributes {}, user injection failed.", split[3]);
                return false;
            }
            user.addAttributes(mapFromArray);
        }
        if (split.length > 4 && !Strings.isNullOrEmpty(split[4])) {
            user.setRequestedTenant(split[4]);
        }
        if (split.length <= 2 || Strings.isNullOrEmpty(split[2])) {
            this.threadPool.getThreadContext().putTransient(ConfigConstants.SG_REMOTE_ADDRESS, this.xffResolver.resolve(restRequest));
        } else {
            String[] split2 = split[2].split(":");
            if (split2.length != 2) {
                this.log.error("Remote address must have format ip:port, was: {}. User injection failed.", split[2]);
                return false;
            }
            try {
                this.threadPool.getThreadContext().putTransient(ConfigConstants.SG_REMOTE_ADDRESS, new TransportAddress(InetAddress.getByName(split2[0]), Integer.parseInt(split2[1])));
            } catch (NumberFormatException | UnknownHostException e) {
                this.log.error("Cannot parse remote IP or port: {}, user injection failed.", split[2], e);
                return false;
            }
        }
        user.setInjected(true);
        this.threadPool.getThreadContext().putTransient(ConfigConstants.SG_USER, user);
        this.auditLog.logSucceededLogin(split[0], true, null, restRequest);
        if (!this.log.isTraceEnabled()) {
            return true;
        }
        this.log.trace("Injected user object:{} ", user.toString());
        return true;
    }
}
