package org.elasticsearch.xpack.security.transport;

import java.util.Map;
import org.elasticsearch.action.support.DestructiveOperations;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.TransportChannel;
import org.elasticsearch.transport.TransportException;
import org.elasticsearch.transport.TransportInterceptor;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.transport.TransportRequestHandler;
import org.elasticsearch.transport.TransportRequestOptions;
import org.elasticsearch.transport.TransportResponse;
import org.elasticsearch.transport.TransportResponseHandler;
import org.elasticsearch.xpack.security.SecurityContext;
import org.elasticsearch.xpack.security.authc.AuthenticationService;
import org.elasticsearch.xpack.security.authz.AuthorizationService;
import org.elasticsearch.xpack.security.authz.AuthorizationUtils;
import org.elasticsearch.xpack.security.authz.accesscontrol.RequestContext;
import org.elasticsearch.xpack.security.user.SystemUser;
import org.elasticsearch.xpack.security.user.User;
import org.elasticsearch.xpack.ssl.SSLService;

/* loaded from: input_file:org/elasticsearch/xpack/security/transport/SecurityServerTransportInterceptor.class */
public class SecurityServerTransportInterceptor implements TransportInterceptor {
    private static final String SETTING_NAME = "xpack.security.type";
    private final AuthenticationService authcService;
    private final AuthorizationService authzService;
    private final SSLService sslService;
    private final Map<String, ServerTransportFilter> profileFilters;
    private final XPackLicenseState licenseState;
    private final ThreadPool threadPool;
    private final Settings settings;
    private final SecurityContext securityContext;

    /* loaded from: input_file:org/elasticsearch/xpack/security/transport/SecurityServerTransportInterceptor$ContextRestoreResponseHandler.class */
    static final class ContextRestoreResponseHandler<T extends TransportResponse> implements TransportResponseHandler<T> {
        private final TransportResponseHandler<T> delegate;
        private final ThreadContext.StoredContext context;
        private final ThreadContext threadContext;

        ContextRestoreResponseHandler(ThreadContext threadContext, ThreadContext.StoredContext storedContext, TransportResponseHandler<T> transportResponseHandler) {
            this.delegate = transportResponseHandler;
            this.context = storedContext;
            this.threadContext = threadContext;
        }

        public T newInstance() {
            return (T) this.delegate.newInstance();
        }

        public void handleResponse(T t) {
            ThreadContext.StoredContext newStoredContext = this.threadContext.newStoredContext();
            Throwable th = null;
            try {
                try {
                    this.context.restore();
                    this.delegate.handleResponse(t);
                    if (newStoredContext != null) {
                        if (0 == 0) {
                            newStoredContext.close();
                            return;
                        }
                        try {
                            newStoredContext.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (newStoredContext != null) {
                    if (th != null) {
                        try {
                            newStoredContext.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        newStoredContext.close();
                    }
                }
                throw th4;
            }
        }

        public void handleException(TransportException transportException) {
            ThreadContext.StoredContext newStoredContext = this.threadContext.newStoredContext();
            Throwable th = null;
            try {
                try {
                    this.context.restore();
                    this.delegate.handleException(transportException);
                    if (newStoredContext != null) {
                        if (0 == 0) {
                            newStoredContext.close();
                            return;
                        }
                        try {
                            newStoredContext.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (newStoredContext != null) {
                    if (th != null) {
                        try {
                            newStoredContext.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        newStoredContext.close();
                    }
                }
                throw th4;
            }
        }

        public String executor() {
            return this.delegate.executor();
        }

        public String toString() {
            return getClass().getName() + "/" + this.delegate.toString();
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/security/transport/SecurityServerTransportInterceptor$ProfileSecuredRequestHandler.class */
    public static class ProfileSecuredRequestHandler<T extends TransportRequest> implements TransportRequestHandler<T> {
        protected final String action;
        protected final TransportRequestHandler<T> handler;
        private final Map<String, ServerTransportFilter> profileFilters;
        private final XPackLicenseState licenseState;
        private final ThreadContext threadContext;
        static final /* synthetic */ boolean $assertionsDisabled;

        private ProfileSecuredRequestHandler(String str, TransportRequestHandler<T> transportRequestHandler, Map<String, ServerTransportFilter> map, XPackLicenseState xPackLicenseState, ThreadContext threadContext) {
            this.action = str;
            this.handler = transportRequestHandler;
            this.profileFilters = map;
            this.licenseState = xPackLicenseState;
            this.threadContext = threadContext;
        }

        /* JADX WARN: Failed to calculate best type for var: r10v0 ??
        java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
         */
        /* JADX WARN: Failed to calculate best type for var: r10v0 ??
        java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
        	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
         */
        /* JADX WARN: Failed to calculate best type for var: r9v1 ??
        java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
         */
        /* JADX WARN: Failed to calculate best type for var: r9v1 ??
        java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
        	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
        	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
        	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
         */
        /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
        	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
        	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
        	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
        	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
        	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
        	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
        	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
        	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
         */
        /* JADX WARN: Not initialized variable reg: 10, insn: 0x00ee: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:40:0x00ee */
        /* JADX WARN: Not initialized variable reg: 9, insn: 0x00e9: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:38:0x00e9 */
        /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable] */
        /* JADX WARN: Type inference failed for: r9v1, types: [org.elasticsearch.common.util.concurrent.ThreadContext$StoredContext] */
        public void messageReceived(T t, TransportChannel transportChannel, Task task) throws Exception {
            ?? r9;
            ?? r10;
            try {
                try {
                    ThreadContext.StoredContext newStoredContext = this.threadContext.newStoredContext();
                    Throwable th = null;
                    if (this.licenseState.isAuthAllowed()) {
                        String profileName = transportChannel.getProfileName();
                        ServerTransportFilter serverTransportFilter = this.profileFilters.get(profileName);
                        if (serverTransportFilter == null) {
                            if (!".direct".equals(profileName)) {
                                throw new IllegalStateException("transport profile [" + profileName + "] is not associated with a transport filter");
                            }
                            serverTransportFilter = this.profileFilters.get("default");
                        }
                        if (!$assertionsDisabled && serverTransportFilter == null) {
                            throw new AssertionError();
                        }
                        serverTransportFilter.inbound(this.action, t, transportChannel);
                    }
                    RequestContext.setCurrent(new RequestContext(t, this.threadContext));
                    this.handler.messageReceived(t, transportChannel, task);
                    if (newStoredContext != null) {
                        if (0 != 0) {
                            try {
                                newStoredContext.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newStoredContext.close();
                        }
                    }
                } catch (Throwable th3) {
                    if (r9 != 0) {
                        if (r10 != 0) {
                            try {
                                r9.close();
                            } catch (Throwable th4) {
                                r10.addSuppressed(th4);
                            }
                        } else {
                            r9.close();
                        }
                    }
                    throw th3;
                }
            } catch (Exception e) {
                transportChannel.sendResponse(e);
            } finally {
                RequestContext.removeCurrent();
            }
        }

        public void messageReceived(T t, TransportChannel transportChannel) throws Exception {
            throw new UnsupportedOperationException("task parameter is required for this operation");
        }

        static {
            $assertionsDisabled = !SecurityServerTransportInterceptor.class.desiredAssertionStatus();
        }
    }

    public SecurityServerTransportInterceptor(Settings settings, ThreadPool threadPool, AuthenticationService authenticationService, AuthorizationService authorizationService, XPackLicenseState xPackLicenseState, SSLService sSLService, DestructiveOperations destructiveOperations, SecurityContext securityContext) {
        this.settings = settings;
        this.threadPool = threadPool;
        this.authcService = authenticationService;
        this.authzService = authorizationService;
        this.licenseState = xPackLicenseState;
        this.sslService = sSLService;
        this.profileFilters = initializeProfileFilters(destructiveOperations);
        this.securityContext = securityContext;
    }

    public TransportInterceptor.AsyncSender interceptSender(final TransportInterceptor.AsyncSender asyncSender) {
        return new TransportInterceptor.AsyncSender() { // from class: org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor.1
            public <T extends TransportResponse> void sendRequest(DiscoveryNode discoveryNode, String str, TransportRequest transportRequest, TransportRequestOptions transportRequestOptions, TransportResponseHandler<T> transportResponseHandler) {
                if (!SecurityServerTransportInterceptor.this.licenseState.isAuthAllowed()) {
                    asyncSender.sendRequest(discoveryNode, str, transportRequest, transportRequestOptions, transportResponseHandler);
                    return;
                }
                if (!AuthorizationUtils.shouldReplaceUserWithSystem(SecurityServerTransportInterceptor.this.threadPool.getThreadContext(), str)) {
                    SecurityServerTransportInterceptor.this.sendWithUser(discoveryNode, str, transportRequest, transportRequestOptions, transportResponseHandler, asyncSender);
                    return;
                }
                SecurityContext securityContext = SecurityServerTransportInterceptor.this.securityContext;
                User user = SystemUser.INSTANCE;
                TransportInterceptor.AsyncSender asyncSender2 = asyncSender;
                securityContext.executeAsUser(user, storedContext -> {
                    SecurityServerTransportInterceptor.this.sendWithUser(discoveryNode, str, transportRequest, transportRequestOptions, new ContextRestoreResponseHandler(SecurityServerTransportInterceptor.this.threadPool.getThreadContext(), storedContext, transportResponseHandler), asyncSender2);
                });
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <T extends TransportResponse> void sendWithUser(DiscoveryNode discoveryNode, String str, TransportRequest transportRequest, TransportRequestOptions transportRequestOptions, TransportResponseHandler<T> transportResponseHandler, TransportInterceptor.AsyncSender asyncSender) {
        if (this.securityContext.getAuthentication() == null) {
            throw new IllegalStateException("there should always be a user when sending a message");
        }
        try {
            asyncSender.sendRequest(discoveryNode, str, transportRequest, transportRequestOptions, transportResponseHandler);
        } catch (Exception e) {
            transportResponseHandler.handleException(new TransportException("failed sending request", e));
        }
    }

    public <T extends TransportRequest> TransportRequestHandler<T> interceptHandler(String str, TransportRequestHandler<T> transportRequestHandler) {
        return new ProfileSecuredRequestHandler(str, transportRequestHandler, this.profileFilters, this.licenseState, this.threadPool.getThreadContext());
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x010a A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:20:0x00e0 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected java.util.Map<java.lang.String, org.elasticsearch.xpack.security.transport.ServerTransportFilter> initializeProfileFilters(org.elasticsearch.action.support.DestructiveOperations r11) {
        /*
            Method dump skipped, instructions count: 404
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor.initializeProfileFilters(org.elasticsearch.action.support.DestructiveOperations):java.util.Map");
    }

    ServerTransportFilter transportFilter(String str) {
        return this.profileFilters.get(str);
    }
}
