package org.elasticsearch.xpack.security.authc;

import java.io.IOException;
import java.util.Base64;
import java.util.Objects;
import org.elasticsearch.Version;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.io.stream.BytesStreamOutput;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.xpack.XPackSettings;
import org.elasticsearch.xpack.security.crypto.CryptoService;
import org.elasticsearch.xpack.security.user.User;

/* loaded from: input_file:x-pack-api-5.4.3.jar:org/elasticsearch/xpack/security/authc/Authentication.class */
public class Authentication {
    public static final String AUTHENTICATION_KEY = "_xpack_security_authentication";
    private final User user;
    private final RealmRef authenticatedBy;
    private final RealmRef lookedUpBy;
    private final Version version;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:x-pack-api-5.4.3.jar:org/elasticsearch/xpack/security/authc/Authentication$RealmRef.class */
    public static class RealmRef {
        private final String nodeName;
        private final String name;
        private final String type;

        public RealmRef(String str, String str2, String str3) {
            this.nodeName = str3;
            this.name = str;
            this.type = str2;
        }

        public RealmRef(StreamInput streamInput) throws IOException {
            this.nodeName = streamInput.readString();
            this.name = streamInput.readString();
            this.type = streamInput.readString();
        }

        void writeTo(StreamOutput streamOutput) throws IOException {
            streamOutput.writeString(this.nodeName);
            streamOutput.writeString(this.name);
            streamOutput.writeString(this.type);
        }

        public String getNodeName() {
            return this.nodeName;
        }

        public String getName() {
            return this.name;
        }

        public String getType() {
            return this.type;
        }

        public boolean equals(Object obj) {
            if (obj.getClass() != getClass()) {
                return false;
            }
            RealmRef realmRef = (RealmRef) obj;
            return this.nodeName.equals(realmRef.nodeName) && this.name.equals(realmRef.name) && this.type.equals(realmRef.type);
        }

        public int hashCode() {
            return Objects.hash(this.nodeName, this.name, this.type);
        }
    }

    public Authentication(User user, RealmRef realmRef, RealmRef realmRef2) {
        this(user, realmRef, realmRef2, Version.CURRENT);
    }

    public Authentication(User user, RealmRef realmRef, RealmRef realmRef2, Version version) {
        this.user = (User) Objects.requireNonNull(user);
        this.authenticatedBy = (RealmRef) Objects.requireNonNull(realmRef);
        this.lookedUpBy = realmRef2;
        this.version = version;
    }

    public Authentication(StreamInput streamInput) throws IOException {
        this.user = User.readFrom(streamInput);
        this.authenticatedBy = new RealmRef(streamInput);
        if (streamInput.readBoolean()) {
            this.lookedUpBy = new RealmRef(streamInput);
        } else {
            this.lookedUpBy = null;
        }
        this.version = streamInput.getVersion();
    }

    public User getUser() {
        return this.user;
    }

    public RealmRef getAuthenticatedBy() {
        return this.authenticatedBy;
    }

    public RealmRef getLookedUpBy() {
        return this.lookedUpBy;
    }

    public Version getVersion() {
        return this.version;
    }

    public static Authentication readFromContext(ThreadContext threadContext, CryptoService cryptoService, Settings settings, Version version, boolean z) throws IOException, IllegalArgumentException {
        Authentication authentication = (Authentication) threadContext.getTransient(AUTHENTICATION_KEY);
        if (authentication != null) {
            if ($assertionsDisabled || threadContext.getHeader(AUTHENTICATION_KEY) != null) {
                return authentication;
            }
            throw new AssertionError();
        }
        String header = threadContext.getHeader(AUTHENTICATION_KEY);
        if (header == null) {
            return null;
        }
        return deserializeHeaderAndPutInContext(header, threadContext, cryptoService, shouldSign(settings, version, z), version);
    }

    public static Authentication getAuthentication(ThreadContext threadContext) {
        return (Authentication) threadContext.getTransient(AUTHENTICATION_KEY);
    }

    private static Authentication deserializeHeaderAndPutInContext(String str, ThreadContext threadContext, CryptoService cryptoService, boolean z, Version version) throws IOException {
        if (!$assertionsDisabled && threadContext.getTransient(AUTHENTICATION_KEY) != null) {
            throw new AssertionError();
        }
        Authentication deserializeHeader = deserializeHeader(str, cryptoService, z, version);
        threadContext.putTransient(AUTHENTICATION_KEY, deserializeHeader);
        return deserializeHeader;
    }

    static Authentication deserializeHeader(String str, CryptoService cryptoService, boolean z, Version version) throws IOException {
        if (z) {
            str = cryptoService.unsignAndVerify(str, version);
        }
        StreamInput wrap = StreamInput.wrap(Base64.getDecoder().decode(str));
        Version readVersion = Version.readVersion(wrap);
        if (!readVersion.equals(version) && !version.equals(Version.V_5_4_0)) {
            throw new IllegalStateException("version mismatch. expected [" + version + "] but got [" + readVersion + "]");
        }
        wrap.setVersion(version);
        return new Authentication(wrap);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writeToContextIfMissing(ThreadContext threadContext, CryptoService cryptoService, Settings settings, Version version, boolean z) throws IOException, IllegalArgumentException {
        if (threadContext.getTransient(AUTHENTICATION_KEY) != null) {
            if (threadContext.getHeader(AUTHENTICATION_KEY) == null) {
                throw new IllegalStateException("authentication present as a transient but not a header");
            }
        } else if (threadContext.getHeader(AUTHENTICATION_KEY) == null) {
            writeToContext(threadContext, cryptoService, settings, version, z);
        } else {
            deserializeHeaderAndPutInContext(threadContext.getHeader(AUTHENTICATION_KEY), threadContext, cryptoService, shouldSign(settings, version, z), version);
        }
    }

    public static boolean shouldSign(Settings settings, Version version, boolean z) {
        return !version.equals(Version.V_5_4_0) && z && (!XPackSettings.TRANSPORT_SSL_ENABLED.get(settings).booleanValue() || version.before(Version.V_5_4_0));
    }

    public void writeToContext(ThreadContext threadContext, CryptoService cryptoService, Settings settings, Version version, boolean z) throws IOException, IllegalArgumentException {
        ensureContextDoesNotContainAuthentication(threadContext);
        String encode = encode();
        if (shouldSign(settings, version, z)) {
            encode = cryptoService.sign(encode, version);
        }
        threadContext.putTransient(AUTHENTICATION_KEY, this);
        threadContext.putHeader(AUTHENTICATION_KEY, encode);
    }

    void ensureContextDoesNotContainAuthentication(ThreadContext threadContext) {
        if (threadContext.getTransient(AUTHENTICATION_KEY) != null) {
            if (threadContext.getHeader(AUTHENTICATION_KEY) != null) {
                throw new IllegalStateException("authentication is already present in the context");
            }
            throw new IllegalStateException("authentication present as a transient but not a header");
        }
    }

    String encode() throws IOException {
        BytesStreamOutput bytesStreamOutput = new BytesStreamOutput();
        bytesStreamOutput.setVersion(this.version);
        Version.writeVersion(this.version, bytesStreamOutput);
        writeTo(bytesStreamOutput);
        return Base64.getEncoder().encodeToString(BytesReference.toBytes(bytesStreamOutput.bytes()));
    }

    void writeTo(StreamOutput streamOutput) throws IOException {
        User.writeTo(this.user, streamOutput);
        this.authenticatedBy.writeTo(streamOutput);
        if (this.lookedUpBy == null) {
            streamOutput.writeBoolean(false);
        } else {
            streamOutput.writeBoolean(true);
            this.lookedUpBy.writeTo(streamOutput);
        }
    }

    static {
        $assertionsDisabled = !Authentication.class.desiredAssertionStatus();
    }
}
