package org.elasticsearch.xpack.core.security;

import java.io.IOException;
import java.util.Objects;
import java.util.function.Consumer;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.Version;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.node.Node;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.user.User;

/* loaded from: input_file:org/elasticsearch/xpack/core/security/SecurityContext.class */
public class SecurityContext {
    private final Logger logger = LogManager.getLogger(SecurityContext.class);
    private final ThreadContext threadContext;
    private final UserSettings userSettings;
    private final String nodeName;

    public SecurityContext(Settings settings, ThreadContext threadContext) {
        this.threadContext = threadContext;
        this.userSettings = new UserSettings(threadContext);
        this.nodeName = (String) Node.NODE_NAME_SETTING.get(settings);
    }

    public User getUser() {
        Authentication authentication = getAuthentication();
        if (authentication == null) {
            return null;
        }
        return authentication.getUser();
    }

    public Authentication getAuthentication() {
        try {
            return Authentication.readFromContext(this.threadContext);
        } catch (IOException e) {
            this.logger.error("failed to read authentication", e);
            return null;
        }
    }

    public void setUser(User user, Version version) {
        Objects.requireNonNull(user);
        Authentication.RealmRef realmRef = new Authentication.RealmRef("__attach", "__attach", this.nodeName);
        setAuthentication(new Authentication(user, realmRef, user.isRunAs() ? realmRef : null, version));
    }

    private void setAuthentication(Authentication authentication) {
        try {
            authentication.writeToContext(this.threadContext);
        } catch (IOException e) {
            throw new AssertionError("how can we have a IOException with a user we set", e);
        }
    }

    public void executeAsUser(User user, Consumer<ThreadContext.StoredContext> consumer, Version version) {
        ThreadContext.StoredContext newStoredContext = this.threadContext.newStoredContext(true);
        ThreadContext.StoredContext stashContext = this.threadContext.stashContext();
        try {
            setUser(user, version);
            consumer.accept(newStoredContext);
            if (stashContext != null) {
                stashContext.close();
            }
        } catch (Throwable th) {
            if (stashContext != null) {
                try {
                    stashContext.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public void executeAfterRewritingAuthentication(Consumer<ThreadContext.StoredContext> consumer, Version version) {
        ThreadContext.StoredContext newStoredContext = this.threadContext.newStoredContext(true);
        Authentication authentication = (Authentication) Objects.requireNonNull(this.userSettings.getAuthentication());
        ThreadContext.StoredContext stashContext = this.threadContext.stashContext();
        try {
            setAuthentication(new Authentication(authentication.getUser(), authentication.getAuthenticatedBy(), authentication.getLookedUpBy(), version));
            consumer.accept(newStoredContext);
            if (stashContext != null) {
                stashContext.close();
            }
        } catch (Throwable th) {
            if (stashContext != null) {
                try {
                    stashContext.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
