package org.opensearch.identity.shiro;

import java.util.Collection;
import java.util.Collections;
import java.util.function.Supplier;
import java.util.function.UnaryOperator;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.opensearch.client.Client;
import org.opensearch.client.node.NodeClient;
import org.opensearch.cluster.metadata.IndexNameExpressionResolver;
import org.opensearch.cluster.service.ClusterService;
import org.opensearch.common.settings.Settings;
import org.opensearch.common.util.concurrent.ThreadContext;
import org.opensearch.core.common.io.stream.NamedWriteableRegistry;
import org.opensearch.core.rest.RestStatus;
import org.opensearch.core.xcontent.NamedXContentRegistry;
import org.opensearch.env.Environment;
import org.opensearch.env.NodeEnvironment;
import org.opensearch.identity.PluginSubject;
import org.opensearch.identity.Subject;
import org.opensearch.identity.tokens.AuthToken;
import org.opensearch.identity.tokens.TokenManager;
import org.opensearch.plugins.ActionPlugin;
import org.opensearch.plugins.IdentityPlugin;
import org.opensearch.plugins.Plugin;
import org.opensearch.repositories.RepositoriesService;
import org.opensearch.rest.BytesRestResponse;
import org.opensearch.rest.RestChannel;
import org.opensearch.rest.RestHandler;
import org.opensearch.rest.RestRequest;
import org.opensearch.script.ScriptService;
import org.opensearch.threadpool.ThreadPool;
import org.opensearch.watcher.ResourceWatcherService;

/* loaded from: input_file:org/opensearch/identity/shiro/ShiroIdentityPlugin.class */
public final class ShiroIdentityPlugin extends Plugin implements IdentityPlugin, ActionPlugin {
    private final Settings settings;
    private ThreadPool threadPool;
    private Logger log = LogManager.getLogger(getClass());
    private final ShiroTokenManager authTokenHandler = new ShiroTokenManager();

    /* loaded from: input_file:org/opensearch/identity/shiro/ShiroIdentityPlugin$AuthcRestHandler.class */
    class AuthcRestHandler extends RestHandler.Wrapper {
        public AuthcRestHandler(RestHandler restHandler) {
            super(restHandler);
        }

        public void handleRequest(RestRequest restRequest, RestChannel restChannel, NodeClient nodeClient) throws Exception {
            try {
                AuthToken extractToken = ShiroTokenExtractor.extractToken(restRequest);
                if (extractToken == null) {
                    super.handleRequest(restRequest, restChannel, nodeClient);
                } else {
                    ShiroIdentityPlugin.this.getCurrentSubject().authenticate(extractToken);
                    super.handleRequest(restRequest, restChannel, nodeClient);
                }
            } catch (Exception e) {
                restChannel.sendResponse(new BytesRestResponse(RestStatus.UNAUTHORIZED, e.getMessage()));
            }
        }
    }

    public ShiroIdentityPlugin(Settings settings) {
        this.settings = settings;
        SecurityUtils.setSecurityManager(new ShiroSecurityManager());
    }

    public Collection<Object> createComponents(Client client, ClusterService clusterService, ThreadPool threadPool, ResourceWatcherService resourceWatcherService, ScriptService scriptService, NamedXContentRegistry namedXContentRegistry, Environment environment, NodeEnvironment nodeEnvironment, NamedWriteableRegistry namedWriteableRegistry, IndexNameExpressionResolver indexNameExpressionResolver, Supplier<RepositoriesService> supplier) {
        this.threadPool = threadPool;
        return Collections.emptyList();
    }

    public Subject getCurrentSubject() {
        return new ShiroSubject(this.authTokenHandler, SecurityUtils.getSubject());
    }

    public TokenManager getTokenManager() {
        return this.authTokenHandler;
    }

    public UnaryOperator<RestHandler> getRestHandlerWrapper(ThreadContext threadContext) {
        return restHandler -> {
            return new AuthcRestHandler(restHandler);
        };
    }

    public PluginSubject getPluginSubject(Plugin plugin) {
        return new ShiroPluginSubject(this.threadPool);
    }
}
