package org.elasticsearch.xpack.idp.action;

import java.nio.charset.StandardCharsets;
import java.time.Clock;
import java.time.Instant;
import java.util.Base64;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.DocWriteRequest;
import org.elasticsearch.action.DocWriteResponse;
import org.elasticsearch.action.support.ActionFilters;
import org.elasticsearch.action.support.HandledTransportAction;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.common.ValidationException;
import org.elasticsearch.common.hash.MessageDigests;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.util.iterable.Iterables;
import org.elasticsearch.core.CheckedConsumer;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.idp.saml.idp.SamlIdentityProvider;
import org.elasticsearch.xpack.idp.saml.sp.SamlServiceProviderDocument;
import org.elasticsearch.xpack.idp.saml.sp.SamlServiceProviderIndex;

/* loaded from: input_file:org/elasticsearch/xpack/idp/action/TransportPutSamlServiceProviderAction.class */
public class TransportPutSamlServiceProviderAction extends HandledTransportAction<PutSamlServiceProviderRequest, PutSamlServiceProviderResponse> {
    private final Logger logger;
    private final SamlServiceProviderIndex index;
    private final SamlIdentityProvider identityProvider;
    private final Clock clock;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Inject
    public TransportPutSamlServiceProviderAction(TransportService transportService, ActionFilters actionFilters, SamlServiceProviderIndex samlServiceProviderIndex, SamlIdentityProvider samlIdentityProvider) {
        this(transportService, actionFilters, samlServiceProviderIndex, samlIdentityProvider, Clock.systemUTC());
    }

    TransportPutSamlServiceProviderAction(TransportService transportService, ActionFilters actionFilters, SamlServiceProviderIndex samlServiceProviderIndex, SamlIdentityProvider samlIdentityProvider, Clock clock) {
        super(PutSamlServiceProviderAction.NAME, transportService, actionFilters, PutSamlServiceProviderRequest::new);
        this.logger = LogManager.getLogger(TransportPutSamlServiceProviderAction.class);
        this.index = samlServiceProviderIndex;
        this.identityProvider = samlIdentityProvider;
        this.clock = clock;
    }

    protected void doExecute(Task task, PutSamlServiceProviderRequest putSamlServiceProviderRequest, ActionListener<PutSamlServiceProviderResponse> actionListener) {
        SamlServiceProviderDocument document = putSamlServiceProviderRequest.getDocument();
        if (document.docId != null) {
            actionListener.onFailure(new IllegalArgumentException("request document must not have an id [" + document.docId + "]"));
            return;
        }
        if (document.nameIdFormat != null && !this.identityProvider.getAllowedNameIdFormats().contains(document.nameIdFormat)) {
            actionListener.onFailure(new IllegalArgumentException("NameID format [" + document.nameIdFormat + "] is not supported."));
            return;
        }
        this.logger.trace("Searching for existing ServiceProvider with id [{}] for [{}]", document.entityId, putSamlServiceProviderRequest);
        SamlServiceProviderIndex samlServiceProviderIndex = this.index;
        String str = document.entityId;
        CheckedConsumer checkedConsumer = set -> {
            if (set.isEmpty()) {
                document.docId = deriveDocumentId(document);
                this.logger.trace("No existing ServiceProvider for EntityID=[{}], writing new doc [{}]", document.entityId, document.docId);
                writeDocument(document, DocWriteRequest.OpType.CREATE, putSamlServiceProviderRequest.getRefreshPolicy(), actionListener);
                return;
            }
            if (set.size() != 1) {
                this.logger.warn("Found multiple existing service providers in [{}] with entity id [{}] - [{}]", this.index, document.entityId, set.stream().map(documentSupplier -> {
                    return documentSupplier.getDocument().docId;
                }).collect(Collectors.joining(",")));
                actionListener.onFailure(new IllegalStateException("Multiple service providers already exist with entity id [" + document.entityId + "]"));
                return;
            }
            SamlServiceProviderDocument document2 = ((SamlServiceProviderIndex.DocumentSupplier) Iterables.get(set, 0)).getDocument();
            if (!$assertionsDisabled && document2.docId == null) {
                throw new AssertionError("Loaded document with no doc id");
            }
            if (!$assertionsDisabled && !document2.entityId.equals(document.entityId)) {
                throw new AssertionError("Loaded document with non-matching entity-id");
            }
            document.setDocId(document2.docId);
            document.setCreated(document2.created);
            this.logger.trace("Found existing ServiceProvider for EntityID=[{}], writing to doc [{}]", document.entityId, document.docId);
            writeDocument(document, DocWriteRequest.OpType.INDEX, putSamlServiceProviderRequest.getRefreshPolicy(), actionListener);
        };
        Objects.requireNonNull(actionListener);
        samlServiceProviderIndex.findByEntityId(str, ActionListener.wrap(checkedConsumer, actionListener::onFailure));
    }

    private void writeDocument(SamlServiceProviderDocument samlServiceProviderDocument, DocWriteRequest.OpType opType, WriteRequest.RefreshPolicy refreshPolicy, ActionListener<PutSamlServiceProviderResponse> actionListener) {
        Instant instant = this.clock.instant();
        if (samlServiceProviderDocument.created == null || opType == DocWriteRequest.OpType.CREATE) {
            samlServiceProviderDocument.created = instant;
        }
        samlServiceProviderDocument.lastModified = instant;
        ValidationException validate = samlServiceProviderDocument.validate();
        if (validate != null) {
            actionListener.onFailure(validate);
            return;
        }
        this.logger.debug("[{}] service provider [{}] in document [{}] of [{}]", opType, samlServiceProviderDocument.entityId, samlServiceProviderDocument.docId, this.index);
        SamlServiceProviderIndex samlServiceProviderIndex = this.index;
        CheckedConsumer checkedConsumer = docWriteResponse -> {
            actionListener.onResponse(new PutSamlServiceProviderResponse(docWriteResponse.getId(), docWriteResponse.getResult() == DocWriteResponse.Result.CREATED, docWriteResponse.getSeqNo(), docWriteResponse.getPrimaryTerm(), samlServiceProviderDocument.entityId, samlServiceProviderDocument.enabled));
        };
        Objects.requireNonNull(actionListener);
        samlServiceProviderIndex.writeDocument(samlServiceProviderDocument, opType, refreshPolicy, ActionListener.wrap(checkedConsumer, actionListener::onFailure));
    }

    private String deriveDocumentId(SamlServiceProviderDocument samlServiceProviderDocument) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(MessageDigests.sha256().digest(samlServiceProviderDocument.entityId.getBytes(StandardCharsets.UTF_8)));
    }

    protected /* bridge */ /* synthetic */ void doExecute(Task task, ActionRequest actionRequest, ActionListener actionListener) {
        doExecute(task, (PutSamlServiceProviderRequest) actionRequest, (ActionListener<PutSamlServiceProviderResponse>) actionListener);
    }

    static {
        $assertionsDisabled = !TransportPutSamlServiceProviderAction.class.desiredAssertionStatus();
    }
}
