package org.codelibs.elasticsearch.auth.security;

import java.util.Map;
import org.apache.commons.codec.digest.DigestUtils;
import org.codelibs.elasticsearch.auth.AuthException;
import org.codelibs.elasticsearch.auth.service.AuthService;
import org.codelibs.elasticsearch.auth.util.MapUtil;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.delete.DeleteResponse;
import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.update.UpdateResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestStatus;

/* loaded from: input_file:org/codelibs/elasticsearch/auth/security/IndexAuthenticator.class */
public class IndexAuthenticator extends AbstractLifecycleComponent<IndexAuthenticator> implements Authenticator {
    private static final ESLogger logger = Loggers.getLogger(IndexAuthenticator.class);
    protected Client client;
    protected AuthService authService;
    protected String authIndex;
    protected String userType;
    protected String usernameKey;
    protected String passwordKey;

    @Inject
    public IndexAuthenticator(Settings settings, Client client, AuthService authService) {
        super(settings);
        this.client = client;
        this.authService = authService;
        this.authIndex = settings.get("auth.authenticator.index.index", "auth");
        this.userType = settings.get("auth.authenticator.index.type", "user");
        this.usernameKey = settings.get("auth.authenticator.index.username", "username");
        this.passwordKey = settings.get("auth.authenticator.index.password", "password");
    }

    protected void doStart() throws ElasticsearchException {
        logger.info("Registering IndexAuthenticator.", new Object[0]);
        this.authService.registerAuthenticator("index", this);
    }

    protected void doStop() throws ElasticsearchException {
    }

    protected void doClose() throws ElasticsearchException {
    }

    @Override // org.codelibs.elasticsearch.auth.security.Authenticator
    public void login(RestRequest restRequest, ActionListener<String[]> actionListener) {
        String param = restRequest.param(this.usernameKey);
        String param2 = restRequest.param(this.passwordKey);
        BytesReference content = restRequest.content();
        XContentParser xContentParser = null;
        try {
            try {
                xContentParser = XContentFactory.xContent(XContentFactory.xContentType(content)).createParser(content);
                if (xContentParser.nextToken() != null) {
                    Map map = xContentParser.map();
                    param = MapUtil.getAsString(map, this.usernameKey, param);
                    param2 = MapUtil.getAsString(map, this.passwordKey, param2);
                }
                if (xContentParser != null) {
                    xContentParser.close();
                }
                if (param == null) {
                    actionListener.onResponse(new String[0]);
                } else {
                    processLogin(param, param2, actionListener);
                }
            } catch (Exception e) {
                actionListener.onFailure(e);
                if (xContentParser != null) {
                    xContentParser.close();
                }
            }
        } catch (Throwable th) {
            if (xContentParser != null) {
                xContentParser.close();
            }
            throw th;
        }
    }

    private void processLogin(String str, final String str2, final ActionListener<String[]> actionListener) {
        this.client.prepareGet(this.authIndex, this.userType, getUserId(str)).execute(new ActionListener<GetResponse>() { // from class: org.codelibs.elasticsearch.auth.security.IndexAuthenticator.1
            public void onResponse(GetResponse getResponse) {
                String str3;
                Map source = getResponse.getSource();
                if (source == null || (str3 = (String) source.get("password")) == null || !str3.equals(IndexAuthenticator.this.hashPassword(str2))) {
                    actionListener.onResponse(new String[0]);
                    return;
                }
                if (IndexAuthenticator.logger.isDebugEnabled()) {
                    IndexAuthenticator.logger.debug(source.get("username") + " is logged in.", new Object[0]);
                }
                actionListener.onResponse(MapUtil.getAsArray(source, "roles", new String[0]));
            }

            public void onFailure(Throwable th) {
                actionListener.onFailure(th);
            }
        });
    }

    @Override // org.codelibs.elasticsearch.auth.security.Authenticator
    public void createUser(final String str, String str2, String[] strArr, final ActionListener<Void> actionListener) {
        try {
            this.client.prepareIndex(this.authIndex, this.userType, getUserId(str)).setSource(XContentFactory.jsonBuilder().startObject().field("username", str).field("password", hashPassword(str2)).field("roles", strArr).endObject()).setRefresh(true).execute(new ActionListener<IndexResponse>() { // from class: org.codelibs.elasticsearch.auth.security.IndexAuthenticator.2
                public void onResponse(IndexResponse indexResponse) {
                    actionListener.onResponse((Object) null);
                }

                public void onFailure(Throwable th) {
                    actionListener.onFailure(new AuthException(RestStatus.INTERNAL_SERVER_ERROR, "Could not create " + str, th));
                }
            });
        } catch (Exception e) {
            actionListener.onFailure(new AuthException(RestStatus.INTERNAL_SERVER_ERROR, "Could not create " + str, e));
        }
    }

    @Override // org.codelibs.elasticsearch.auth.security.Authenticator
    public void updateUser(final String str, String str2, String[] strArr, final ActionListener<Void> actionListener) {
        try {
            XContentBuilder startObject = XContentFactory.jsonBuilder().startObject().field("doc").startObject();
            if (str2 != null) {
                startObject.field("password", hashPassword(str2));
            }
            if (strArr != null) {
                startObject.field("roles", strArr);
            }
            startObject.endObject().endObject();
            final String userId = getUserId(str);
            this.client.prepareUpdate(this.authIndex, this.userType, userId).setSource(startObject).setRefresh(true).execute(new ActionListener<UpdateResponse>() { // from class: org.codelibs.elasticsearch.auth.security.IndexAuthenticator.3
                public void onResponse(UpdateResponse updateResponse) {
                    if (userId.equals(updateResponse.getId())) {
                        actionListener.onResponse((Object) null);
                    } else {
                        actionListener.onFailure(new AuthException(RestStatus.BAD_REQUEST, "Could not update " + str));
                    }
                }

                public void onFailure(Throwable th) {
                    actionListener.onFailure(new AuthException(RestStatus.INTERNAL_SERVER_ERROR, "Could not update " + str, th));
                }
            });
        } catch (Exception e) {
            actionListener.onFailure(new AuthException(RestStatus.INTERNAL_SERVER_ERROR, "Could not update " + str, e));
        }
    }

    @Override // org.codelibs.elasticsearch.auth.security.Authenticator
    public void deleteUser(final String str, final ActionListener<Void> actionListener) {
        this.client.prepareDelete(this.authIndex, this.userType, getUserId(str)).setRefresh(true).execute(new ActionListener<DeleteResponse>() { // from class: org.codelibs.elasticsearch.auth.security.IndexAuthenticator.4
            public void onResponse(DeleteResponse deleteResponse) {
                if (deleteResponse.isFound()) {
                    actionListener.onResponse((Object) null);
                } else {
                    actionListener.onFailure(new AuthException(RestStatus.BAD_REQUEST, "Could not delete " + str));
                }
            }

            public void onFailure(Throwable th) {
                actionListener.onFailure(new AuthException(RestStatus.INTERNAL_SERVER_ERROR, "Could not delete " + str, th));
            }
        });
    }

    protected String getUserId(String str) {
        return DigestUtils.sha512Hex(str);
    }

    protected String hashPassword(String str) {
        return str == null ? "" : DigestUtils.sha512Hex(str);
    }
}
