package org.apache.ranger.authorization.elasticsearch.plugin.action.filter;

import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.authorization.elasticsearch.authorizer.RangerElasticsearchAuthorizer;
import org.apache.ranger.authorization.elasticsearch.plugin.authc.user.UsernamePasswordToken;
import org.apache.ranger.authorization.elasticsearch.plugin.utils.RequestUtils;
import org.elasticsearch.ElasticsearchStatusException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionResponse;
import org.elasticsearch.action.support.ActionFilter;
import org.elasticsearch.action.support.ActionFilterChain;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.tasks.Task;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/authorization/elasticsearch/plugin/action/filter/RangerSecurityActionFilter.class */
public class RangerSecurityActionFilter extends AbstractLifecycleComponent implements ActionFilter {
    private static final Logger LOG = LoggerFactory.getLogger(RangerSecurityActionFilter.class);
    private final ThreadContext threadContext;
    private final RangerElasticsearchAuthorizer rangerElasticsearchAuthorizer = new RangerElasticsearchAuthorizer();

    public RangerSecurityActionFilter(ThreadContext threadContext) {
        this.threadContext = threadContext;
    }

    public int order() {
        return 0;
    }

    public <Request extends ActionRequest, Response extends ActionResponse> void apply(Task task, String str, Request request, ActionListener<Response> actionListener, ActionFilterChain<Request, Response> actionFilterChain) {
        String str2 = (String) this.threadContext.getTransient(UsernamePasswordToken.USERNAME);
        if (StringUtils.isNotEmpty(str2)) {
            List<String> indexFromRequest = RequestUtils.getIndexFromRequest(request);
            String str3 = (String) this.threadContext.getTransient(RequestUtils.CLIENT_IP_ADDRESS);
            for (String str4 : indexFromRequest) {
                if (!this.rangerElasticsearchAuthorizer.checkPermission(str2, null, str4, str, str3)) {
                    throw new ElasticsearchStatusException("Error: User[{}] could not do action[{}] on index[{}]", RestStatus.FORBIDDEN, new Object[]{str2, str, str4});
                }
            }
        } else if (LOG.isDebugEnabled()) {
            LOG.debug("User is null, no check permission for elasticsearch do action[{}] with request[{}]", str, request);
        }
        actionFilterChain.proceed(task, str, request, actionListener);
    }

    protected void doStart() {
    }

    protected void doStop() {
    }

    protected void doClose() {
    }
}
