package com.floragunn.searchguard.ssl.http.netty;

import com.floragunn.searchguard.ssl.util.ExceptionUtils;
import com.floragunn.searchguard.ssl.util.SSLRequestHelper;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.ExceptionsHelper;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestStatus;

/* loaded from: input_file:WEB-INF/lib/search-guard-ssl-5.6.2-23.jar:com/floragunn/searchguard/ssl/http/netty/ValidatingDispatcher.class */
public class ValidatingDispatcher implements HttpServerTransport.Dispatcher {
    private static final Logger logger = LogManager.getLogger((Class<?>) ValidatingDispatcher.class);
    private final ThreadContext threadContext;
    private final HttpServerTransport.Dispatcher originalDispatcher;
    private AuditErrorHandler auditErrorHandler;
    private final Settings settings;

    public ValidatingDispatcher(ThreadContext threadContext, HttpServerTransport.Dispatcher dispatcher, Settings settings) {
        this.threadContext = threadContext;
        this.originalDispatcher = dispatcher;
        this.settings = settings;
    }

    public void setAuditErrorHandler(AuditErrorHandler auditErrorHandler) {
        this.auditErrorHandler = auditErrorHandler;
    }

    public void dispatchRequest(RestRequest restRequest, RestChannel restChannel, ThreadContext threadContext) {
        checkRequest(restRequest, restChannel);
        this.originalDispatcher.dispatchRequest(restRequest, restChannel, threadContext);
    }

    public void dispatchBadRequest(RestRequest restRequest, RestChannel restChannel, ThreadContext threadContext, Throwable th) {
        checkRequest(restRequest, restChannel);
        this.originalDispatcher.dispatchBadRequest(restRequest, restChannel, threadContext, th);
    }

    protected void checkRequest(RestRequest restRequest, RestChannel restChannel) {
        if (SSLRequestHelper.containsBadHeader(this.threadContext, "_sg_ssl_")) {
            ElasticsearchException createBadHeaderException = ExceptionUtils.createBadHeaderException();
            this.auditErrorHandler.logError(createBadHeaderException, restRequest);
            throw createBadHeaderException;
        }
        try {
            if (SSLRequestHelper.getSSLInfo(this.settings, restRequest, null) == null) {
                logger.error("Not an SSL request");
                throw new ElasticsearchSecurityException("Not an SSL request", RestStatus.INTERNAL_SERVER_ERROR, new Object[0]);
            }
        } catch (SSLPeerUnverifiedException e) {
            logger.error("No client certificates found but such are needed (SG 8).");
            this.auditErrorHandler.logError(e, restRequest);
            throw ExceptionsHelper.convertToElastic(e);
        }
    }
}
