package org.opends.server.loggers;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.forgerock.audit.events.AccessAuditEventBuilder;
import org.forgerock.audit.events.AuditEvent;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizableMessageBuilder;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.json.JsonValue;
import org.forgerock.json.resource.RequestHandler;
import org.forgerock.json.resource.Requests;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.json.resource.ResourcePath;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.server.config.server.AccessLogPublisherCfg;
import org.forgerock.opendj.server.config.server.LogPublisherCfg;
import org.forgerock.services.context.RootContext;
import org.forgerock.util.Pair;
import org.forgerock.util.promise.ExceptionHandler;
import org.forgerock.util.promise.RuntimeExceptionHandler;
import org.opends.messages.LoggerMessages;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.ExtendedOperationHandler;
import org.opends.server.controls.TransactionIdControl;
import org.opends.server.core.AbandonOperation;
import org.opends.server.core.AddOperation;
import org.opends.server.core.BindOperation;
import org.opends.server.core.CompareOperation;
import org.opends.server.core.DeleteOperation;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ExtendedOperation;
import org.opends.server.core.ModifyDNOperation;
import org.opends.server.core.ModifyOperation;
import org.opends.server.core.SearchOperation;
import org.opends.server.core.ServerContext;
import org.opends.server.core.UnbindOperation;
import org.opends.server.types.AuthenticationInfo;
import org.opends.server.types.AuthenticationType;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.DisconnectReason;
import org.opends.server.types.InitializationException;
import org.opends.server.types.Operation;
import org.opends.server.util.StaticUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/opends/server/loggers/CommonAuditAccessLogPublisher.class */
public abstract class CommonAuditAccessLogPublisher<T extends AccessLogPublisherCfg> extends AbstractTextAccessLogPublisher<T> implements CommonAuditLogPublisher {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private RequestHandler requestHandler;
    private T config;
    private ServerContext serverContext;

    @Override // org.opends.server.loggers.CommonAuditLogPublisher
    public void setRequestHandler(RequestHandler requestHandler) {
        this.requestHandler = requestHandler;
    }

    abstract boolean shouldLogControlOids();

    /* JADX INFO: Access modifiers changed from: package-private */
    public T getConfig() {
        return this.config;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setConfig(T t) {
        this.config = t;
    }

    @Override // org.opends.server.loggers.LogPublisher
    public void initializeLogPublisher(T t, ServerContext serverContext) throws ConfigException, InitializationException {
        this.serverContext = serverContext;
        initializeFilters(t);
        this.config = t;
    }

    @Override // org.opends.server.loggers.AccessLogPublisher
    public boolean isConfigurationAcceptable(T t, List<LocalizableMessage> list) {
        return isFilterConfigurationAcceptable(t, list);
    }

    @Override // org.opends.server.loggers.AccessLogPublisher
    public void logAbandonResult(AbandonOperation abandonOperation) {
        if (isResponseLoggable(abandonOperation)) {
            OpenDJAccessAuditEventBuilder<?> eventBuilder = getEventBuilder(abandonOperation, "ABANDON");
            addResultCodeAndMessage(abandonOperation, eventBuilder);
            appendAbandonRequest(abandonOperation, eventBuilder);
            sendEvent(eventBuilder.toEvent());
        }
    }

    @Override // org.opends.server.loggers.AccessLogPublisher
    public void logAddResponse(AddOperation addOperation) {
        if (isResponseLoggable(addOperation)) {
            OpenDJAccessAuditEventBuilder<?> eventBuilder = getEventBuilder(addOperation, "ADD");
            addResultCodeAndMessage(addOperation, eventBuilder);
            appendAddRequest(addOperation, eventBuilder);
            appendProxiedAuthorizationDNIfNeeded(eventBuilder, addOperation.getProxiedAuthorizationDN());
            sendEvent(eventBuilder.toEvent());
        }
    }

    @Override // org.opends.server.loggers.AccessLogPublisher
    public void logBindResponse(BindOperation bindOperation) {
        AuthenticationInfo authenticationInfo;
        if (isResponseLoggable(bindOperation)) {
            OpenDJAccessAuditEventBuilder<?> eventBuilder = getEventBuilder(bindOperation, "BIND");
            addResultCodeAndMessage(bindOperation, eventBuilder);
            appendBindRequest(bindOperation, eventBuilder);
            LocalizableMessage authFailureReason = bindOperation.getAuthFailureReason();
            if (authFailureReason != null) {
                eventBuilder.ldapFailureMessage(authFailureReason.toString());
                if (bindOperation.getSASLMechanism() == null || bindOperation.getSASLAuthUserEntry() == null) {
                    eventBuilder.userId(bindOperation.getRawBindDN().toString());
                } else {
                    eventBuilder.userId(bindOperation.getSASLAuthUserEntry().getName().toString());
                }
            }
            if (bindOperation.getResultCode() == ResultCode.SUCCESS && (authenticationInfo = bindOperation.getAuthenticationInfo()) != null) {
                DN authenticationDN = authenticationInfo.getAuthenticationDN();
                if (authenticationDN != null) {
                    eventBuilder.userId(authenticationDN.toString());
                    DN authorizationDN = authenticationInfo.getAuthorizationDN();
                    if (!authenticationDN.equals(authorizationDN)) {
                        eventBuilder.runAs(authorizationDN == null ? JsonProperty.USE_DEFAULT_NAME : authorizationDN.toString());
                    }
                } else {
                    eventBuilder.userId(JsonProperty.USE_DEFAULT_NAME);
                }
            }
            sendEvent(eventBuilder.toEvent());
        }
    }

    @Override // org.opends.server.loggers.AccessLogPublisher
    public void logCompareResponse(CompareOperation compareOperation) {
        if (isResponseLoggable(compareOperation)) {
            OpenDJAccessAuditEventBuilder<?> eventBuilder = getEventBuilder(compareOperation, "COMPARE");
            addResultCodeAndMessage(compareOperation, eventBuilder);
            appendCompareRequest(compareOperation, eventBuilder);
            appendProxiedAuthorizationDNIfNeeded(eventBuilder, compareOperation.getProxiedAuthorizationDN());
            sendEvent(eventBuilder.toEvent());
        }
    }

    private void appendProxiedAuthorizationDNIfNeeded(OpenDJAccessAuditEventBuilder<?> openDJAccessAuditEventBuilder, DN dn) {
        if (dn != null) {
            openDJAccessAuditEventBuilder.runAs(dn.toString());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.opends.server.loggers.AccessLogPublisher
    public void logConnect(ClientConnection clientConnection) {
        if (isConnectLoggable(clientConnection)) {
            sendEvent(((OpenDJAccessAuditEventBuilder) ((OpenDJAccessAuditEventBuilder) ((OpenDJAccessAuditEventBuilder) ((OpenDJAccessAuditEventBuilder) ((OpenDJAccessAuditEventBuilder) OpenDJAccessAuditEventBuilder.openDJAccessEvent().client(clientConnection.getClientAddress(), clientConnection.getClientPort())).server(clientConnection.getServerAddress(), clientConnection.getServerPort())).request(clientConnection.getProtocol(), "CONNECT")).transactionId("0")).response(AccessAuditEventBuilder.ResponseStatus.SUCCESSFUL, String.valueOf(ResultCode.SUCCESS.intValue()), 0L, TimeUnit.MILLISECONDS)).ldapConnectionId(clientConnection.getConnectionID()).toEvent());
        }
    }

    @Override // org.opends.server.loggers.AccessLogPublisher
    public void logDeleteResponse(DeleteOperation deleteOperation) {
        if (isResponseLoggable(deleteOperation)) {
            OpenDJAccessAuditEventBuilder<?> eventBuilder = getEventBuilder(deleteOperation, "DELETE");
            addResultCodeAndMessage(deleteOperation, eventBuilder);
            appendDeleteRequest(deleteOperation, eventBuilder);
            appendProxiedAuthorizationDNIfNeeded(eventBuilder, deleteOperation.getProxiedAuthorizationDN());
            sendEvent(eventBuilder.toEvent());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.opends.server.loggers.AccessLogPublisher
    public void logDisconnect(ClientConnection clientConnection, DisconnectReason disconnectReason, LocalizableMessage localizableMessage) {
        if (isDisconnectLoggable(clientConnection)) {
            sendEvent(((OpenDJAccessAuditEventBuilder) ((OpenDJAccessAuditEventBuilder) ((OpenDJAccessAuditEventBuilder) ((OpenDJAccessAuditEventBuilder) ((OpenDJAccessAuditEventBuilder) OpenDJAccessAuditEventBuilder.openDJAccessEvent().client(clientConnection.getClientAddress(), clientConnection.getClientPort())).server(clientConnection.getServerAddress(), clientConnection.getServerPort())).request(clientConnection.getProtocol(), "DISCONNECT")).transactionId("0")).response(AccessAuditEventBuilder.ResponseStatus.SUCCESSFUL, String.valueOf(ResultCode.SUCCESS.intValue()), 0L, TimeUnit.MILLISECONDS)).ldapConnectionId(clientConnection.getConnectionID()).ldapReason(disconnectReason).ldapMessage(localizableMessage).toEvent());
        }
    }

    @Override // org.opends.server.loggers.AccessLogPublisher
    public void logExtendedResponse(ExtendedOperation extendedOperation) {
        if (isResponseLoggable(extendedOperation)) {
            OpenDJAccessAuditEventBuilder<?> eventBuilder = getEventBuilder(extendedOperation, "EXTENDED");
            addResultCodeAndMessage(extendedOperation, eventBuilder);
            appendExtendedRequest(extendedOperation, eventBuilder);
            String responseOID = extendedOperation.getResponseOID();
            if (responseOID != null) {
                ExtendedOperationHandler<?> extendedOperationHandler = DirectoryServer.getExtendedOperationHandler(responseOID);
                if (extendedOperationHandler != null) {
                    eventBuilder.ldapName(extendedOperationHandler.getExtendedOperationName());
                }
                eventBuilder.ldapOid(responseOID);
            }
            sendEvent(eventBuilder.toEvent());
        }
    }

    @Override // org.opends.server.loggers.AccessLogPublisher
    public void logModifyDNResponse(ModifyDNOperation modifyDNOperation) {
        if (isResponseLoggable(modifyDNOperation)) {
            OpenDJAccessAuditEventBuilder<?> eventBuilder = getEventBuilder(modifyDNOperation, "MODIFYDN");
            addResultCodeAndMessage(modifyDNOperation, eventBuilder);
            appendModifyDNRequest(modifyDNOperation, eventBuilder);
            appendProxiedAuthorizationDNIfNeeded(eventBuilder, modifyDNOperation.getProxiedAuthorizationDN());
            sendEvent(eventBuilder.toEvent());
        }
    }

    @Override // org.opends.server.loggers.AccessLogPublisher
    public void logModifyResponse(ModifyOperation modifyOperation) {
        if (isResponseLoggable(modifyOperation)) {
            OpenDJAccessAuditEventBuilder<?> eventBuilder = getEventBuilder(modifyOperation, "MODIFY");
            addResultCodeAndMessage(modifyOperation, eventBuilder);
            appendModifyRequest(modifyOperation, eventBuilder);
            appendProxiedAuthorizationDNIfNeeded(eventBuilder, modifyOperation.getProxiedAuthorizationDN());
            sendEvent(eventBuilder.toEvent());
        }
    }

    /* JADX WARN: Type inference failed for: r0v7, types: [org.opends.server.loggers.OpenDJAccessAuditEventBuilder] */
    @Override // org.opends.server.loggers.AccessLogPublisher
    public void logSearchResultDone(SearchOperation searchOperation) {
        if (isResponseLoggable(searchOperation)) {
            OpenDJAccessAuditEventBuilder<?> eventBuilder = getEventBuilder(searchOperation, "SEARCH");
            addResultCodeAndMessage(searchOperation, eventBuilder);
            eventBuilder.ldapSearch(searchOperation).ldapNEntries(searchOperation.getEntriesSent());
            appendProxiedAuthorizationDNIfNeeded(eventBuilder, searchOperation.getProxiedAuthorizationDN());
            sendEvent(eventBuilder.toEvent());
        }
    }

    @Override // org.opends.server.loggers.AccessLogPublisher
    public void logUnbind(UnbindOperation unbindOperation) {
        if (isRequestLoggable(unbindOperation)) {
            sendEvent(getEventBuilder(unbindOperation, "UNBIND").toEvent());
        }
    }

    @Override // org.opends.server.loggers.AbstractTextAccessLogPublisher
    protected void close0() {
    }

    private void appendAbandonRequest(AbandonOperation abandonOperation, OpenDJAccessAuditEventBuilder<?> openDJAccessAuditEventBuilder) {
        openDJAccessAuditEventBuilder.ldapIdToAbandon(abandonOperation.getIDToAbandon());
    }

    private void appendAddRequest(AddOperation addOperation, OpenDJAccessAuditEventBuilder<?> openDJAccessAuditEventBuilder) {
        openDJAccessAuditEventBuilder.ldapDn(addOperation.getRawEntryDN().toString());
    }

    private void appendBindRequest(BindOperation bindOperation, OpenDJAccessAuditEventBuilder<?> openDJAccessAuditEventBuilder) {
        openDJAccessAuditEventBuilder.ldapProtocolVersion(bindOperation.getProtocolVersion());
        openDJAccessAuditEventBuilder.ldapAuthType(bindOperation.getAuthenticationType() != AuthenticationType.SASL ? bindOperation.getAuthenticationType().toString() : "SASL mechanism=" + bindOperation.getSASLMechanism());
        openDJAccessAuditEventBuilder.ldapDn(bindOperation.getRawBindDN().toString());
    }

    private void appendCompareRequest(CompareOperation compareOperation, OpenDJAccessAuditEventBuilder<?> openDJAccessAuditEventBuilder) {
        openDJAccessAuditEventBuilder.ldapDn(compareOperation.getRawEntryDN().toString());
        openDJAccessAuditEventBuilder.ldapAttr(compareOperation.getAttributeDescription().getAttributeType().getNameOrOID());
    }

    private void appendDeleteRequest(DeleteOperation deleteOperation, OpenDJAccessAuditEventBuilder<?> openDJAccessAuditEventBuilder) {
        openDJAccessAuditEventBuilder.ldapDn(deleteOperation.getRawEntryDN().toString());
    }

    private void appendExtendedRequest(ExtendedOperation extendedOperation, OpenDJAccessAuditEventBuilder<?> openDJAccessAuditEventBuilder) {
        String requestOID = extendedOperation.getRequestOID();
        ExtendedOperationHandler<?> extendedOperationHandler = DirectoryServer.getExtendedOperationHandler(requestOID);
        if (extendedOperationHandler != null) {
            openDJAccessAuditEventBuilder.ldapName(extendedOperationHandler.getExtendedOperationName());
        }
        openDJAccessAuditEventBuilder.ldapOid(requestOID);
    }

    private void appendModifyDNRequest(ModifyDNOperation modifyDNOperation, OpenDJAccessAuditEventBuilder<?> openDJAccessAuditEventBuilder) {
        openDJAccessAuditEventBuilder.ldapDn(modifyDNOperation.getRawEntryDN().toString());
        openDJAccessAuditEventBuilder.ldapModifyDN(modifyDNOperation);
    }

    private void appendModifyRequest(ModifyOperation modifyOperation, OpenDJAccessAuditEventBuilder<?> openDJAccessAuditEventBuilder) {
        openDJAccessAuditEventBuilder.ldapDn(modifyOperation.getRawEntryDN().toString());
    }

    /* JADX WARN: Type inference failed for: r0v16, types: [org.opends.server.loggers.OpenDJAccessAuditEventBuilder] */
    private OpenDJAccessAuditEventBuilder<?> addResultCodeAndMessage(Operation operation, OpenDJAccessAuditEventBuilder<?> openDJAccessAuditEventBuilder) {
        LocalizableMessageBuilder errorMessage = operation.getErrorMessage();
        int intValue = operation.getResultCode().intValue();
        AccessAuditEventBuilder.ResponseStatus responseStatus = intValue == 0 ? AccessAuditEventBuilder.ResponseStatus.SUCCESSFUL : AccessAuditEventBuilder.ResponseStatus.FAILED;
        Pair<Long, TimeUnit> executionTime = getExecutionTime(operation);
        if (errorMessage == null || errorMessage.length() <= 0) {
            openDJAccessAuditEventBuilder.response(responseStatus, String.valueOf(intValue), executionTime.getFirst().longValue(), executionTime.getSecond());
        } else {
            openDJAccessAuditEventBuilder.responseWithDetail(responseStatus, String.valueOf(intValue), executionTime.getFirst().longValue(), executionTime.getSecond(), JsonValue.json(errorMessage.toString()));
        }
        if (shouldLogControlOids()) {
            openDJAccessAuditEventBuilder.ldapResponseControls(operation);
        }
        openDJAccessAuditEventBuilder.ldapMaskedResultAndMessage(operation).ldapAdditionalItems(operation);
        return openDJAccessAuditEventBuilder;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private OpenDJAccessAuditEventBuilder<?> getEventBuilder(Operation operation, String str) {
        ClientConnection clientConnection = operation.getClientConnection();
        OpenDJAccessAuditEventBuilder<?> openDJAccessAuditEventBuilder = (OpenDJAccessAuditEventBuilder) ((OpenDJAccessAuditEventBuilder) ((OpenDJAccessAuditEventBuilder) ((OpenDJAccessAuditEventBuilder) OpenDJAccessAuditEventBuilder.openDJAccessEvent().client(clientConnection.getClientAddress(), clientConnection.getClientPort())).server(clientConnection.getServerAddress(), clientConnection.getServerPort())).request(clientConnection.getProtocol(), str)).ldapSync(operation).ldapIds(operation).transactionId(getTransactionId(operation));
        if (shouldLogControlOids()) {
            openDJAccessAuditEventBuilder.ldapRequestControls(operation);
        }
        return openDJAccessAuditEventBuilder;
    }

    private String getTransactionId(Operation operation) {
        String transactionIdFromControl = getTransactionIdFromControl(operation);
        if (transactionIdFromControl == null || !this.serverContext.getCommonAudit().shouldTrustTransactionIds()) {
            transactionIdFromControl = "0";
        }
        return transactionIdFromControl;
    }

    private String getTransactionIdFromControl(Operation operation) {
        try {
            TransactionIdControl transactionIdControl = (TransactionIdControl) operation.getRequestControl(TransactionIdControl.DECODER);
            if (transactionIdControl != null) {
                return transactionIdControl.getTransactionId();
            }
            return null;
        } catch (DirectoryException e) {
            logger.error(LoggerMessages.ERR_COMMON_AUDIT_INVALID_TRANSACTION_ID.get(StaticUtils.stackTraceToSingleLineString(e)));
            return null;
        }
    }

    private Pair<Long, TimeUnit> getExecutionTime(Operation operation) {
        Long valueOf = Long.valueOf(operation.getProcessingNanoTime());
        return valueOf.longValue() <= -1 ? Pair.of(Long.valueOf(operation.getProcessingTime()), TimeUnit.MILLISECONDS) : Pair.of(valueOf, TimeUnit.NANOSECONDS);
    }

    private void sendEvent(AuditEvent auditEvent) {
        this.requestHandler.handleCreate(new RootContext(), Requests.newCreateRequest(ResourcePath.resourcePath("/ldap-access"), auditEvent.getValue())).thenOnException(new ExceptionHandler<ResourceException>() { // from class: org.opends.server.loggers.CommonAuditAccessLogPublisher.2
            @Override // org.forgerock.util.promise.ExceptionHandler
            public void handleException(ResourceException resourceException) {
                CommonAuditAccessLogPublisher.logger.error(LoggerMessages.ERR_COMMON_AUDIT_UNABLE_TO_PROCESS_LOG_EVENT.get(StaticUtils.stackTraceToSingleLineString(resourceException)));
            }
        }).thenOnRuntimeException(new RuntimeExceptionHandler() { // from class: org.opends.server.loggers.CommonAuditAccessLogPublisher.1
            @Override // org.forgerock.util.promise.RuntimeExceptionHandler
            public void handleRuntimeException(RuntimeException runtimeException) {
                CommonAuditAccessLogPublisher.logger.error(LoggerMessages.ERR_COMMON_AUDIT_UNABLE_TO_PROCESS_LOG_EVENT.get(StaticUtils.stackTraceToSingleLineString(runtimeException)));
            }
        });
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.opends.server.loggers.AccessLogPublisher, org.opends.server.loggers.LogPublisher
    public /* bridge */ /* synthetic */ boolean isConfigurationAcceptable(LogPublisherCfg logPublisherCfg, List list) {
        return isConfigurationAcceptable((CommonAuditAccessLogPublisher<T>) logPublisherCfg, (List<LocalizableMessage>) list);
    }
}
