package org.elasticsearch.xpack.security.action.user;

import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.support.ActionFilters;
import org.elasticsearch.action.support.HandledTransportAction;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.security.SecurityContext;
import org.elasticsearch.xpack.security.user.SystemUser;
import org.elasticsearch.xpack.security.user.User;
import org.elasticsearch.xpack.security.user.XPackUser;

/* loaded from: input_file:org/elasticsearch/xpack/security/action/user/TransportAuthenticateAction.class */
public class TransportAuthenticateAction extends HandledTransportAction<AuthenticateRequest, AuthenticateResponse> {
    private final SecurityContext securityContext;

    @Inject
    public TransportAuthenticateAction(Settings settings, ThreadPool threadPool, TransportService transportService, ActionFilters actionFilters, IndexNameExpressionResolver indexNameExpressionResolver, SecurityContext securityContext) {
        super(settings, AuthenticateAction.NAME, threadPool, transportService, actionFilters, indexNameExpressionResolver, AuthenticateRequest::new);
        this.securityContext = securityContext;
    }

    protected void doExecute(AuthenticateRequest authenticateRequest, ActionListener<AuthenticateResponse> actionListener) {
        User user = this.securityContext.getUser();
        User authenticatedUser = user == null ? null : user.authenticatedUser();
        if (authenticatedUser == null) {
            actionListener.onFailure(new ElasticsearchSecurityException("did not find an authenticated user", new Object[0]));
            return;
        }
        if (SystemUser.is(authenticatedUser) || XPackUser.is(authenticatedUser)) {
            actionListener.onFailure(new IllegalArgumentException("user [" + authenticatedUser.principal() + "] is internal"));
        } else if (SystemUser.is(user) || XPackUser.is(user)) {
            actionListener.onFailure(new IllegalArgumentException("user [" + user.principal() + "] is internal"));
        } else {
            actionListener.onResponse(new AuthenticateResponse(user));
        }
    }

    protected /* bridge */ /* synthetic */ void doExecute(ActionRequest actionRequest, ActionListener actionListener) {
        doExecute((AuthenticateRequest) actionRequest, (ActionListener<AuthenticateResponse>) actionListener);
    }
}
