package org.forgerock.audit.handlers.csv;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.inject.Inject;
import org.forgerock.audit.Audit;
import org.forgerock.audit.events.AuditEventHelper;
import org.forgerock.audit.events.EventTopicsMetaData;
import org.forgerock.audit.events.handlers.AuditEventHandlerBase;
import org.forgerock.audit.handlers.csv.CsvAuditEventHandlerConfiguration;
import org.forgerock.audit.providers.KeyStoreHandlerProvider;
import org.forgerock.audit.retention.TimeStampFileNamingPolicy;
import org.forgerock.audit.secure.JcaKeyStoreHandler;
import org.forgerock.audit.secure.KeyStoreHandler;
import org.forgerock.audit.secure.KeyStoreSecureStorage;
import org.forgerock.audit.util.JsonSchemaUtils;
import org.forgerock.audit.util.JsonValueUtils;
import org.forgerock.json.JsonPointer;
import org.forgerock.json.JsonValue;
import org.forgerock.json.resource.ActionRequest;
import org.forgerock.json.resource.ActionResponse;
import org.forgerock.json.resource.BadRequestException;
import org.forgerock.json.resource.InternalServerErrorException;
import org.forgerock.json.resource.NotFoundException;
import org.forgerock.json.resource.QueryFilters;
import org.forgerock.json.resource.QueryRequest;
import org.forgerock.json.resource.QueryResourceHandler;
import org.forgerock.json.resource.QueryResponse;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.json.resource.ResourceResponse;
import org.forgerock.json.resource.Responses;
import org.forgerock.services.context.Context;
import org.forgerock.util.Reject;
import org.forgerock.util.promise.Promise;
import org.forgerock.util.query.QueryFilter;
import org.forgerock.util.query.QueryFilterOperators;
import org.forgerock.util.time.Duration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.supercsv.cellprocessor.Optional;
import org.supercsv.cellprocessor.ift.CellProcessor;
import org.supercsv.io.CsvMapReader;
import org.supercsv.io.ICsvMapReader;
import org.supercsv.prefs.CsvPreference;
import org.supercsv.quote.AlwaysQuoteMode;
import org.supercsv.util.CsvContext;

/* loaded from: input_file:WEB-INF/lib/handler-csv-2.1.4.jar:org/forgerock/audit/handlers/csv/CsvAuditEventHandler.class */
public class CsvAuditEventHandler extends AuditEventHandlerBase {
    public static final String ROTATE_FILE_ACTION_NAME = "rotate";
    static final String SECURE_CSV_FILENAME_PREFIX = "tamper-evident-";
    private static final Random RANDOM;
    private final CsvAuditEventHandlerConfiguration configuration;
    private final CsvPreference csvPreference;
    private final ConcurrentMap<String, CsvWriter> writers;
    private final Map<String, Set<String>> fieldOrderByTopic;
    private final Map<String, JsonPointer> jsonPointerByField;
    private final Map<String, String> fieldDotNotationByField;
    private KeyStoreHandler keyStoreHandler;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CsvAuditEventHandler.class);
    private static final ObjectMapper MAPPER = new ObjectMapper();

    /* loaded from: input_file:WEB-INF/lib/handler-csv-2.1.4.jar:org/forgerock/audit/handlers/csv/CsvAuditEventHandler$ParseJsonValue.class */
    public class ParseJsonValue implements CellProcessor {
        public ParseJsonValue() {
        }

        @Override // org.supercsv.cellprocessor.ift.CellProcessor
        public Object execute(Object obj, CsvContext csvContext) {
            JsonValue jsonValue = null;
            if (((String) obj).startsWith("{") && ((String) obj).endsWith("}")) {
                try {
                    jsonValue = new JsonValue(CsvAuditEventHandler.MAPPER.readValue((String) obj, Map.class));
                } catch (Exception e) {
                    CsvAuditEventHandler.LOGGER.debug("Error parsing JSON string: " + e.getMessage());
                }
            } else if (((String) obj).startsWith("[") && ((String) obj).endsWith("]")) {
                try {
                    jsonValue = new JsonValue(CsvAuditEventHandler.MAPPER.readValue((String) obj, List.class));
                } catch (Exception e2) {
                    CsvAuditEventHandler.LOGGER.debug("Error parsing JSON string: " + e2.getMessage());
                }
            }
            return jsonValue == null ? obj : jsonValue.getObject();
        }
    }

    @Inject
    public CsvAuditEventHandler(CsvAuditEventHandlerConfiguration csvAuditEventHandlerConfiguration, EventTopicsMetaData eventTopicsMetaData, @Audit KeyStoreHandlerProvider keyStoreHandlerProvider) {
        super(csvAuditEventHandlerConfiguration.getName(), eventTopicsMetaData, csvAuditEventHandlerConfiguration.getTopics(), csvAuditEventHandlerConfiguration.isEnabled());
        this.writers = new ConcurrentHashMap();
        this.configuration = csvAuditEventHandlerConfiguration;
        this.csvPreference = createCsvPreference(this.configuration);
        CsvAuditEventHandlerConfiguration.CsvSecurity security = csvAuditEventHandlerConfiguration.getSecurity();
        if (security.isEnabled()) {
            Duration signatureIntervalDuration = security.getSignatureIntervalDuration();
            Reject.ifTrue(signatureIntervalDuration.isZero() || signatureIntervalDuration.isUnlimited(), "The signature interval can't be zero or unlimited");
            if (security.getKeyStoreHandlerName() != null) {
                this.keyStoreHandler = keyStoreHandlerProvider.getKeystoreHandler(security.getKeyStoreHandlerName());
            } else {
                try {
                    this.keyStoreHandler = new JcaKeyStoreHandler(KeyStoreSecureStorage.JCEKS_KEYSTORE_TYPE, security.getFilename(), security.getPassword());
                } catch (Exception e) {
                    throw new IllegalArgumentException("Unable to create secure storage from file: " + security.getFilename(), e);
                }
            }
        }
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        for (String str : this.eventTopicsMetaData.getTopics()) {
            try {
                Set<String> fieldOrder = getFieldOrder(str, this.eventTopicsMetaData);
                for (String str2 : fieldOrder) {
                    if (!hashMap2.containsKey(str2)) {
                        hashMap2.put(str2, new JsonPointer(str2));
                        hashMap3.put(str2, AuditEventHelper.jsonPointerToDotNotation(str2));
                    }
                }
                hashMap.put(str, Collections.unmodifiableSet(fieldOrder));
            } catch (ResourceException e2) {
                LOGGER.error(str + " topic schema meta-data misconfigured.");
            }
        }
        this.fieldOrderByTopic = Collections.unmodifiableMap(hashMap);
        this.jsonPointerByField = Collections.unmodifiableMap(hashMap2);
        this.fieldDotNotationByField = Collections.unmodifiableMap(hashMap3);
    }

    private CsvPreference createCsvPreference(CsvAuditEventHandlerConfiguration csvAuditEventHandlerConfiguration) {
        return new CsvPreference.Builder(csvAuditEventHandlerConfiguration.getFormatting().getQuoteChar(), csvAuditEventHandlerConfiguration.getFormatting().getDelimiterChar(), csvAuditEventHandlerConfiguration.getFormatting().getEndOfLineSymbols()).useQuoteMode(new AlwaysQuoteMode()).build();
    }

    @Override // org.forgerock.audit.events.handlers.AuditEventHandler
    public void startup() throws ResourceException {
        LOGGER.trace("Audit logging to: {}", this.configuration.getLogDirectory());
        File file = new File(this.configuration.getLogDirectory());
        if (!file.isDirectory()) {
            if (file.exists()) {
                LOGGER.warn("Specified path is file but should be a directory: {}", this.configuration.getLogDirectory());
            } else if (!file.mkdirs()) {
                LOGGER.warn("Unable to create audit directory in the path: {}", this.configuration.getLogDirectory());
            }
        }
        for (String str : this.eventTopicsMetaData.getTopics()) {
            File auditLogFile = getAuditLogFile(str);
            try {
                openWriter(str, auditLogFile);
            } catch (IOException e) {
                LOGGER.error("Error when creating audit file: {}", auditLogFile, e);
            }
        }
    }

    @Override // org.forgerock.audit.events.handlers.AuditEventHandler
    public void shutdown() throws ResourceException {
        cleanup();
    }

    @Override // org.forgerock.audit.events.handlers.AuditEventHandler
    public Promise<ResourceResponse, ResourceException> publishEvent(Context context, String str, JsonValue jsonValue) {
        try {
            checkTopic(str);
            publishEventWithRetry(str, jsonValue);
            return Responses.newResourceResponse(jsonValue.get(ResourceResponse.FIELD_CONTENT_ID).asString(), null, jsonValue).asPromise();
        } catch (ResourceException e) {
            return e.asPromise();
        }
    }

    private void checkTopic(String str) throws ResourceException {
        JsonValue auditEventProperties = AuditEventHelper.getAuditEventProperties(this.eventTopicsMetaData.getSchema(str));
        if (auditEventProperties == null || auditEventProperties.isNull()) {
            throw new InternalServerErrorException("No audit event properties defined for audit event: " + str);
        }
    }

    private void publishEventWithRetry(String str, JsonValue jsonValue) throws ResourceException {
        CsvWriter writer = getWriter(str);
        try {
            writeEvent(str, writer, jsonValue);
        } catch (IOException e) {
            LOGGER.debug("IOException while writing ({})", e.getMessage());
            synchronized (this) {
                CsvWriter csvWriter = this.writers.get(str);
                if (csvWriter == writer) {
                    csvWriter = resetAndReopenWriter(str, false);
                    LOGGER.debug("Resetting writer");
                } else {
                    LOGGER.debug("Writer reset by another thread");
                }
                try {
                    writeEvent(str, csvWriter, jsonValue);
                } catch (IOException e2) {
                    throw new BadRequestException(e2);
                }
            }
        }
    }

    private CsvWriter getWriter(String str) throws BadRequestException {
        CsvWriter csvWriter = this.writers.get(str);
        if (csvWriter == null) {
            LOGGER.debug("CSV file writer for {} topic is null; checking for reset by another thread", str);
            synchronized (this) {
                csvWriter = this.writers.get(str);
                if (csvWriter == null) {
                    LOGGER.debug("CSV file writer for {} topic not reset by another thread; resetting", str);
                    csvWriter = resetAndReopenWriter(str, false);
                }
            }
        }
        return csvWriter;
    }

    private CsvWriter writeEvent(String str, CsvWriter csvWriter, JsonValue jsonValue) throws IOException {
        writeEntry(str, csvWriter, jsonValue);
        CsvAuditEventHandlerConfiguration.EventBufferingConfiguration buffering = this.configuration.getBuffering();
        if (!buffering.isEnabled() || buffering.isAutoFlush()) {
            csvWriter.flush();
        }
        return csvWriter;
    }

    private Set<String> getFieldOrder(String str, EventTopicsMetaData eventTopicsMetaData) throws ResourceException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.addAll(JsonSchemaUtils.generateJsonPointers(AuditEventHelper.getAuditEventSchema(eventTopicsMetaData.getSchema(str))));
        return linkedHashSet;
    }

    private synchronized CsvWriter openWriter(String str, File file) throws IOException {
        CsvWriter createCsvWriter = createCsvWriter(file, str);
        this.writers.put(str, createCsvWriter);
        return createCsvWriter;
    }

    private synchronized CsvWriter createCsvWriter(File file, String str) throws IOException {
        String[] buildHeaders = buildHeaders(this.fieldOrderByTopic.get(str));
        return this.configuration.getSecurity().isEnabled() ? new SecureCsvWriter(file, buildHeaders, this.csvPreference, this.configuration, this.keyStoreHandler, RANDOM) : new StandardCsvWriter(file, buildHeaders, this.csvPreference, this.configuration);
    }

    private ICsvMapReader createCsvMapReader(File file) throws IOException {
        CsvMapReader csvMapReader = new CsvMapReader(new FileReader(file), this.csvPreference);
        return this.configuration.getSecurity().isEnabled() ? new CsvSecureMapReader(csvMapReader) : csvMapReader;
    }

    private String[] buildHeaders(Collection<String> collection) {
        String[] strArr = new String[collection.size()];
        collection.toArray(strArr);
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = AuditEventHelper.jsonPointerToDotNotation(strArr[i]);
        }
        return strArr;
    }

    @Override // org.forgerock.audit.events.handlers.AuditEventHandler
    public Promise<QueryResponse, ResourceException> queryEvents(Context context, String str, QueryRequest queryRequest, QueryResourceHandler queryResourceHandler) {
        try {
            for (JsonValue jsonValue : getEntries(str, queryRequest.getQueryFilter())) {
                queryResourceHandler.handleResource(Responses.newResourceResponse(jsonValue.get(ResourceResponse.FIELD_CONTENT_ID).asString(), null, jsonValue));
            }
            return Responses.newQueryResponse().asPromise();
        } catch (Exception e) {
            return new BadRequestException(e).asPromise();
        }
    }

    @Override // org.forgerock.audit.events.handlers.AuditEventHandler
    public Promise<ResourceResponse, ResourceException> readEvent(Context context, String str, String str2) {
        try {
            Set<JsonValue> entries = getEntries(str, QueryFilters.parse("/_id eq \"" + str2 + "\""));
            if (entries.isEmpty()) {
                throw new NotFoundException(str + " audit log not found");
            }
            JsonValue next = entries.iterator().next();
            return Responses.newResourceResponse(next.get(ResourceResponse.FIELD_CONTENT_ID).asString(), null, next).asPromise();
        } catch (ResourceException e) {
            return e.asPromise();
        } catch (IOException e2) {
            return new BadRequestException(e2).asPromise();
        }
    }

    @Override // org.forgerock.audit.events.handlers.AuditEventHandlerBase, org.forgerock.audit.events.handlers.AuditEventHandler
    public Promise<ActionResponse, ResourceException> handleAction(Context context, String str, ActionRequest actionRequest) {
        try {
            String action = actionRequest.getAction();
            return str == null ? new BadRequestException(String.format("Topic is required for action %s", action)).asPromise() : action.equals(ROTATE_FILE_ACTION_NAME) ? handleRotateAction(str).asPromise() : new BadRequestException(String.format("This action is unknown for the CSV handler: %s", action)).asPromise();
        } catch (BadRequestException e) {
            return e.asPromise();
        }
    }

    private ActionResponse handleRotateAction(String str) throws BadRequestException {
        CsvWriter csvWriter = this.writers.get(str);
        if (csvWriter == null) {
            LOGGER.debug("Unable to rotate file for topic: {}", str);
            throw new BadRequestException("Unable to rotate file for topic: " + str);
        }
        if (this.configuration.getFileRotation().isRotationEnabled()) {
            try {
                if (!csvWriter.forceRotation()) {
                    throw new BadRequestException("Unable to rotate file for topic: " + str);
                }
            } catch (IOException e) {
                throw new BadRequestException("Error when rotating file for topic: " + str, e);
            }
        } else {
            resetAndReopenWriter(str, true);
        }
        return Responses.newActionResponse(JsonValue.json(JsonValue.object((Map.Entry<String, Object>[]) new Map.Entry[]{JsonValue.field("rotated", QueryFilterOperators.TRUE)})));
    }

    private File getAuditLogFile(String str) {
        return new File(this.configuration.getLogDirectory(), (this.configuration.getSecurity().isEnabled() ? SECURE_CSV_FILENAME_PREFIX : JsonProperty.USE_DEFAULT_NAME) + str + ".csv");
    }

    private void writeEntry(String str, CsvWriter csvWriter, JsonValue jsonValue) throws IOException {
        Set<String> set = this.fieldOrderByTopic.get(str);
        Map<String, String> hashMap = new HashMap<>(set.size());
        for (String str2 : set) {
            String extractValueAsString = JsonValueUtils.extractValueAsString(jsonValue, str2);
            if (extractValueAsString != null && !extractValueAsString.isEmpty()) {
                hashMap.put(this.fieldDotNotationByField.get(str2), extractValueAsString);
            }
        }
        csvWriter.writeEvent(hashMap);
    }

    private synchronized CsvWriter resetAndReopenWriter(String str, boolean z) throws BadRequestException {
        closeWriter(str);
        try {
            File auditLogFile = getAuditLogFile(str);
            if (z) {
                File nextName = new TimeStampFileNamingPolicy(auditLogFile, null, null).getNextName();
                if (!auditLogFile.renameTo(nextName)) {
                    throw new BadRequestException(String.format("Unable to rename file %s to %s when rotating", auditLogFile, nextName));
                }
            }
            return openWriter(str, auditLogFile);
        } catch (IOException e) {
            throw new BadRequestException(e);
        }
    }

    private synchronized void closeWriter(String str) {
        CsvWriter remove = this.writers.remove(str);
        if (remove != null) {
            try {
                remove.close();
            } catch (Exception e) {
                LOGGER.debug("File writer close in closeWriter reported failure ", (Throwable) e);
            }
        }
    }

    private Set<JsonValue> getEntries(String str, QueryFilter<JsonPointer> queryFilter) throws IOException {
        File auditLogFile = getAuditLogFile(str);
        HashSet hashSet = new HashSet();
        if (queryFilter == null) {
            queryFilter = QueryFilter.alwaysTrue();
        }
        if (auditLogFile.exists()) {
            ICsvMapReader createCsvMapReader = createCsvMapReader(auditLogFile);
            Throwable th = null;
            try {
                String[] convertDotNotationToSlashes = convertDotNotationToSlashes(createCsvMapReader.getHeader(true));
                CellProcessor[] createCellProcessors = createCellProcessors(str, convertDotNotationToSlashes);
                while (true) {
                    Map<String, Object> read = createCsvMapReader.read(convertDotNotationToSlashes, createCellProcessors);
                    if (read == null) {
                        break;
                    }
                    JsonValue expand = JsonValueUtils.expand(convertDotNotationToSlashes(read));
                    if (((Boolean) queryFilter.accept(JsonValueUtils.JSONVALUE_FILTER_VISITOR, expand)).booleanValue()) {
                        hashSet.add(expand);
                    }
                }
            } finally {
                if (createCsvMapReader != null) {
                    if (0 != 0) {
                        try {
                            createCsvMapReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        createCsvMapReader.close();
                    }
                }
            }
        }
        return hashSet;
    }

    private CellProcessor[] createCellProcessors(String str, String[] strArr) throws ResourceException {
        ArrayList arrayList = new ArrayList();
        JsonValue schema = this.eventTopicsMetaData.getSchema(str);
        for (String str2 : strArr) {
            String propertyType = AuditEventHelper.getPropertyType(schema, new JsonPointer(str2));
            if (propertyType.equals("object") || propertyType.equals("array")) {
                arrayList.add(new Optional(new ParseJsonValue()));
            } else {
                arrayList.add(new Optional());
            }
        }
        return (CellProcessor[]) arrayList.toArray(new CellProcessor[arrayList.size()]);
    }

    private synchronized void cleanup() throws ResourceException {
        try {
            for (CsvWriter csvWriter : this.writers.values()) {
                if (csvWriter != null) {
                    csvWriter.flush();
                    csvWriter.close();
                }
            }
        } catch (IOException e) {
            LOGGER.error("Unable to close filewriters during {} cleanup", getClass().getName(), e);
            throw new InternalServerErrorException("Unable to close filewriters during " + getClass().getName() + " cleanup", e);
        }
    }

    private Map<String, Object> convertDotNotationToSlashes(Map<String, Object> map) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            linkedHashMap.put(AuditEventHelper.dotNotationToJsonPointer(entry.getKey()), entry.getValue());
        }
        return linkedHashMap;
    }

    private String[] convertDotNotationToSlashes(String[] strArr) {
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr2[i] = AuditEventHelper.dotNotationToJsonPointer(strArr[i]);
        }
        return strArr2;
    }

    static {
        try {
            RANDOM = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
