package org.elasticsearch.xpack.enrich.action;

import java.io.IOException;
import java.util.Objects;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.support.ActionFilters;
import org.elasticsearch.action.support.master.AcknowledgedResponse;
import org.elasticsearch.action.support.master.MasterNodeRequest;
import org.elasticsearch.action.support.master.TransportMasterNodeAction;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.block.ClusterBlockException;
import org.elasticsearch.cluster.block.ClusterBlockLevel;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.CheckedConsumer;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.core.XPackSettings;
import org.elasticsearch.xpack.core.enrich.action.PutEnrichPolicyAction;
import org.elasticsearch.xpack.core.security.SecurityContext;
import org.elasticsearch.xpack.core.security.action.user.HasPrivilegesAction;
import org.elasticsearch.xpack.core.security.action.user.HasPrivilegesRequest;
import org.elasticsearch.xpack.core.security.authz.RoleDescriptor;
import org.elasticsearch.xpack.core.security.support.Exceptions;
import org.elasticsearch.xpack.enrich.EnrichStore;

/* loaded from: input_file:org/elasticsearch/xpack/enrich/action/TransportPutEnrichPolicyAction.class */
public class TransportPutEnrichPolicyAction extends TransportMasterNodeAction<PutEnrichPolicyAction.Request, AcknowledgedResponse> {
    private final XPackLicenseState licenseState;
    private final SecurityContext securityContext;
    private final Client client;

    @Inject
    public TransportPutEnrichPolicyAction(Settings settings, TransportService transportService, ClusterService clusterService, ThreadPool threadPool, Client client, XPackLicenseState xPackLicenseState, ActionFilters actionFilters, IndexNameExpressionResolver indexNameExpressionResolver) {
        super("cluster:admin/xpack/enrich/put", transportService, clusterService, threadPool, actionFilters, PutEnrichPolicyAction.Request::new, indexNameExpressionResolver);
        this.licenseState = xPackLicenseState;
        this.securityContext = ((Boolean) XPackSettings.SECURITY_ENABLED.get(settings)).booleanValue() ? new SecurityContext(settings, threadPool.getThreadContext()) : null;
        this.client = client;
    }

    protected String executor() {
        return "same";
    }

    protected AcknowledgedResponse newResponse() {
        throw new UnsupportedOperationException("usage of Streamable is to be replaced by Writeable");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: read, reason: merged with bridge method [inline-methods] */
    public AcknowledgedResponse m21read(StreamInput streamInput) throws IOException {
        return new AcknowledgedResponse(streamInput);
    }

    protected void masterOperation(PutEnrichPolicyAction.Request request, ClusterState clusterState, ActionListener<AcknowledgedResponse> actionListener) {
        if (!this.licenseState.isAuthAllowed()) {
            putPolicy(request, actionListener);
            return;
        }
        RoleDescriptor.IndicesPrivileges build = RoleDescriptor.IndicesPrivileges.builder().indices(request.getPolicy().getIndices()).privileges(new String[]{"read"}).build();
        String principal = this.securityContext.getUser().principal();
        HasPrivilegesRequest hasPrivilegesRequest = new HasPrivilegesRequest();
        hasPrivilegesRequest.applicationPrivileges(new RoleDescriptor.ApplicationResourcePrivileges[0]);
        hasPrivilegesRequest.username(principal);
        hasPrivilegesRequest.clusterPrivileges(Strings.EMPTY_ARRAY);
        hasPrivilegesRequest.indexPrivileges(new RoleDescriptor.IndicesPrivileges[]{build});
        CheckedConsumer checkedConsumer = hasPrivilegesResponse -> {
            if (hasPrivilegesResponse.isCompleteMatch()) {
                putPolicy(request, actionListener);
            } else {
                actionListener.onFailure(Exceptions.authorizationError("unable to store policy because no indices match with the specified index patterns {}", new Object[]{request.getPolicy().getIndices(), principal}));
            }
        };
        Objects.requireNonNull(actionListener);
        this.client.execute(HasPrivilegesAction.INSTANCE, hasPrivilegesRequest, ActionListener.wrap(checkedConsumer, actionListener::onFailure));
    }

    private void putPolicy(PutEnrichPolicyAction.Request request, ActionListener<AcknowledgedResponse> actionListener) {
        EnrichStore.putPolicy(request.getName(), request.getPolicy(), this.clusterService, this.indexNameExpressionResolver, exc -> {
            if (exc == null) {
                actionListener.onResponse(new AcknowledgedResponse(true));
            } else {
                actionListener.onFailure(exc);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClusterBlockException checkBlock(PutEnrichPolicyAction.Request request, ClusterState clusterState) {
        return clusterState.blocks().globalBlockedException(ClusterBlockLevel.METADATA_WRITE);
    }

    protected /* bridge */ /* synthetic */ void masterOperation(MasterNodeRequest masterNodeRequest, ClusterState clusterState, ActionListener actionListener) throws Exception {
        masterOperation((PutEnrichPolicyAction.Request) masterNodeRequest, clusterState, (ActionListener<AcknowledgedResponse>) actionListener);
    }
}
