package org.elasticsearch.xpack.core.security.action.token;

import java.io.IOException;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Locale;
import java.util.Set;
import java.util.stream.Collectors;
import org.elasticsearch.Version;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionRequestValidationException;
import org.elasticsearch.action.ValidateActions;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.xpack.core.security.action.GrantApiKeyRequest;

/* loaded from: input_file:lib/x-pack-core-7.9.0.jar:org/elasticsearch/xpack/core/security/action/token/CreateTokenRequest.class */
public final class CreateTokenRequest extends ActionRequest {
    private static final Set<GrantType> SUPPORTED_GRANT_TYPES = Collections.unmodifiableSet(EnumSet.of(GrantType.PASSWORD, GrantType.KERBEROS, GrantType.REFRESH_TOKEN, GrantType.CLIENT_CREDENTIALS));
    private String grantType;
    private String username;
    private SecureString password;
    private SecureString kerberosTicket;
    private String scope;
    private String refreshToken;

    /* loaded from: input_file:lib/x-pack-core-7.9.0.jar:org/elasticsearch/xpack/core/security/action/token/CreateTokenRequest$GrantType.class */
    public enum GrantType {
        PASSWORD(GrantApiKeyRequest.PASSWORD_GRANT_TYPE),
        KERBEROS("_kerberos"),
        REFRESH_TOKEN("refresh_token"),
        AUTHORIZATION_CODE("authorization_code"),
        CLIENT_CREDENTIALS("client_credentials");

        private final String value;

        GrantType(String str) {
            this.value = str;
        }

        public String getValue() {
            return this.value;
        }

        public static GrantType fromString(String str) {
            if (str == null) {
                return null;
            }
            for (GrantType grantType : values()) {
                if (grantType.getValue().equals(str)) {
                    return grantType;
                }
            }
            return null;
        }
    }

    public CreateTokenRequest(StreamInput streamInput) throws IOException {
        super(streamInput);
        this.grantType = streamInput.readString();
        if (streamInput.getVersion().onOrAfter(Version.V_6_2_0)) {
            this.username = streamInput.readOptionalString();
            this.password = streamInput.readOptionalSecureString();
            this.refreshToken = streamInput.readOptionalString();
            this.kerberosTicket = streamInput.readOptionalSecureString();
        } else {
            this.username = streamInput.readString();
            this.password = streamInput.readSecureString();
        }
        this.scope = streamInput.readOptionalString();
    }

    public CreateTokenRequest() {
    }

    public CreateTokenRequest(String str, @Nullable String str2, @Nullable SecureString secureString, @Nullable SecureString secureString2, @Nullable String str3, @Nullable String str4) {
        this.grantType = str;
        this.username = str2;
        this.password = secureString;
        this.kerberosTicket = secureString2;
        this.scope = str3;
        this.refreshToken = str4;
    }

    @Override // org.elasticsearch.action.ActionRequest
    public ActionRequestValidationException validate() {
        ActionRequestValidationException addValidationError;
        GrantType fromString = GrantType.fromString(this.grantType);
        if (fromString != null) {
            switch (fromString) {
                case PASSWORD:
                    addValidationError = validateRequiredField(GrantApiKeyRequest.PASSWORD_GRANT_TYPE, this.password, validateRequiredField("username", this.username, validateUnsupportedField(fromString, "refresh_token", this.refreshToken, validateUnsupportedField(fromString, "kerberos_ticket", this.kerberosTicket, null))));
                    break;
                case KERBEROS:
                    addValidationError = validateRequiredField("kerberos_ticket", this.kerberosTicket, validateUnsupportedField(fromString, "refresh_token", this.refreshToken, validateUnsupportedField(fromString, GrantApiKeyRequest.PASSWORD_GRANT_TYPE, this.password, validateUnsupportedField(fromString, "username", this.username, null))));
                    break;
                case REFRESH_TOKEN:
                    addValidationError = validateRequiredField("refresh_token", this.refreshToken, validateUnsupportedField(fromString, "kerberos_ticket", this.kerberosTicket, validateUnsupportedField(fromString, GrantApiKeyRequest.PASSWORD_GRANT_TYPE, this.password, validateUnsupportedField(fromString, "username", this.username, null))));
                    break;
                case CLIENT_CREDENTIALS:
                    addValidationError = validateUnsupportedField(fromString, "refresh_token", this.refreshToken, validateUnsupportedField(fromString, "kerberos_ticket", this.kerberosTicket, validateUnsupportedField(fromString, GrantApiKeyRequest.PASSWORD_GRANT_TYPE, this.password, validateUnsupportedField(fromString, "username", this.username, null))));
                    break;
                default:
                    addValidationError = ValidateActions.addValidationError("grant_type only supports the values: [" + ((String) SUPPORTED_GRANT_TYPES.stream().map((v0) -> {
                        return v0.getValue();
                    }).collect(Collectors.joining(", "))) + "]", null);
                    break;
            }
        } else {
            addValidationError = ValidateActions.addValidationError("grant_type only supports the values: [" + ((String) SUPPORTED_GRANT_TYPES.stream().map((v0) -> {
                return v0.getValue();
            }).collect(Collectors.joining(", "))) + "]", null);
        }
        return addValidationError;
    }

    private static ActionRequestValidationException validateRequiredField(String str, String str2, ActionRequestValidationException actionRequestValidationException) {
        if (Strings.isNullOrEmpty(str2)) {
            actionRequestValidationException = ValidateActions.addValidationError(String.format(Locale.ROOT, "%s is missing", str), actionRequestValidationException);
        }
        return actionRequestValidationException;
    }

    private static ActionRequestValidationException validateRequiredField(String str, SecureString secureString, ActionRequestValidationException actionRequestValidationException) {
        if (secureString == null || secureString.getChars() == null || secureString.length() == 0) {
            actionRequestValidationException = ValidateActions.addValidationError(String.format(Locale.ROOT, "%s is missing", str), actionRequestValidationException);
        }
        return actionRequestValidationException;
    }

    private static ActionRequestValidationException validateUnsupportedField(GrantType grantType, String str, Object obj, ActionRequestValidationException actionRequestValidationException) {
        if (obj != null) {
            actionRequestValidationException = ValidateActions.addValidationError(String.format(Locale.ROOT, "%s is not supported with the %s grant_type", str, grantType.getValue()), actionRequestValidationException);
        }
        return actionRequestValidationException;
    }

    public void setGrantType(String str) {
        this.grantType = str;
    }

    public void setUsername(@Nullable String str) {
        this.username = str;
    }

    public void setPassword(@Nullable SecureString secureString) {
        this.password = secureString;
    }

    public void setKerberosTicket(@Nullable SecureString secureString) {
        this.kerberosTicket = secureString;
    }

    public void setScope(@Nullable String str) {
        this.scope = str;
    }

    public void setRefreshToken(@Nullable String str) {
        this.refreshToken = str;
    }

    public String getGrantType() {
        return this.grantType;
    }

    @Nullable
    public String getUsername() {
        return this.username;
    }

    @Nullable
    public SecureString getPassword() {
        return this.password;
    }

    @Nullable
    public SecureString getKerberosTicket() {
        return this.kerberosTicket;
    }

    @Nullable
    public String getScope() {
        return this.scope;
    }

    @Nullable
    public String getRefreshToken() {
        return this.refreshToken;
    }

    @Override // org.elasticsearch.action.ActionRequest, org.elasticsearch.transport.TransportRequest, org.elasticsearch.common.io.stream.Writeable
    public void writeTo(StreamOutput streamOutput) throws IOException {
        super.writeTo(streamOutput);
        if (streamOutput.getVersion().before(Version.V_6_5_0) && GrantType.CLIENT_CREDENTIALS.getValue().equals(this.grantType)) {
            throw new IllegalArgumentException("a request with the client_credentials grant_type cannot be sent to version [" + streamOutput.getVersion() + "]");
        }
        if (streamOutput.getVersion().before(Version.V_7_3_0) && GrantType.KERBEROS.getValue().equals(this.grantType)) {
            throw new IllegalArgumentException("a request with the _kerberos grant_type cannot be sent to version [" + streamOutput.getVersion() + "]");
        }
        streamOutput.writeString(this.grantType);
        if (streamOutput.getVersion().onOrAfter(Version.V_6_2_0)) {
            streamOutput.writeOptionalString(this.username);
            streamOutput.writeOptionalSecureString(this.password);
            streamOutput.writeOptionalString(this.refreshToken);
            streamOutput.writeOptionalSecureString(this.kerberosTicket);
        } else {
            if ("refresh_token".equals(this.grantType)) {
                throw new IllegalArgumentException("a refresh request cannot be sent to an older version");
            }
            streamOutput.writeString(this.username);
            streamOutput.writeSecureString(this.password);
        }
        streamOutput.writeOptionalString(this.scope);
    }
}
