package com.orientechnologies.security.auditing;

import com.orientechnologies.common.log.OLogManager;
import com.orientechnologies.orient.core.Orient;
import com.orientechnologies.orient.core.db.ODatabaseDocumentInternal;
import com.orientechnologies.orient.core.db.ODatabaseInternal;
import com.orientechnologies.orient.core.db.ODatabaseLifecycleListener;
import com.orientechnologies.orient.core.db.ODatabaseRecordThreadLocal;
import com.orientechnologies.orient.core.db.OrientDBInternal;
import com.orientechnologies.orient.core.metadata.schema.OClass;
import com.orientechnologies.orient.core.metadata.schema.OType;
import com.orientechnologies.orient.core.metadata.security.OSecurityUser;
import com.orientechnologies.orient.core.record.impl.ODocument;
import com.orientechnologies.orient.core.security.OAuditingOperation;
import com.orientechnologies.orient.core.security.OAuditingService;
import com.orientechnologies.orient.core.security.OSecuritySystem;
import com.orientechnologies.orient.server.OServerAware;
import com.orientechnologies.orient.server.distributed.ODistributedLifecycleListener;
import com.orientechnologies.orient.server.distributed.ODistributedServerManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Calendar;
import java.util.Date;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: input_file:com/orientechnologies/security/auditing/ODefaultAuditing.class */
public class ODefaultAuditing implements OAuditingService, ODatabaseLifecycleListener, ODistributedLifecycleListener {
    public static final String AUDITING_LOG_CLASSNAME = "OAuditingLog";
    private OrientDBInternal context;
    private OAuditingHook globalHook;
    private TimerTask retainTask;
    protected static final String DEFAULT_FILE_AUDITING_DB_CONFIG = "default-auditing-config.json";
    protected static final String FILE_AUDITING_DB_CONFIG = "auditing-config.json";
    private OAuditingDistribConfig distribConfig;
    private OSystemDBImporter systemDbImporter;
    private OSecuritySystem security;
    public static final String IMPORTER_FLAG = "AUDITING_IMPORTER";
    private boolean enabled = true;
    private Integer globalRetentionDays = -1;
    private Timer timer = new Timer();
    private Map<String, OAuditingHook> hooks = new ConcurrentHashMap(20);

    /* loaded from: input_file:com/orientechnologies/security/auditing/ODefaultAuditing$OAuditingDistribConfig.class */
    private class OAuditingDistribConfig extends OAuditingConfig {
        private boolean onNodeJoinedEnabled;
        private String onNodeJoinedMessage;
        private boolean onNodeLeftEnabled;
        private String onNodeLeftMessage;

        public OAuditingDistribConfig(ODocument oDocument) {
            this.onNodeJoinedEnabled = false;
            this.onNodeJoinedMessage = "The node ${node} has joined";
            this.onNodeLeftEnabled = false;
            this.onNodeLeftMessage = "The node ${node} has left";
            if (oDocument.containsField("onNodeJoinedEnabled")) {
                this.onNodeJoinedEnabled = ((Boolean) oDocument.field("onNodeJoinedEnabled")).booleanValue();
            }
            this.onNodeJoinedMessage = (String) oDocument.field("onNodeJoinedMessage");
            if (oDocument.containsField("onNodeLeftEnabled")) {
                this.onNodeLeftEnabled = ((Boolean) oDocument.field("onNodeLeftEnabled")).booleanValue();
            }
            this.onNodeLeftMessage = (String) oDocument.field("onNodeLeftMessage");
        }

        @Override // com.orientechnologies.security.auditing.OAuditingConfig
        public String formatMessage(OAuditingOperation oAuditingOperation, String str) {
            return oAuditingOperation == OAuditingOperation.NODEJOINED ? resolveMessage(this.onNodeJoinedMessage, "node", str) : oAuditingOperation == OAuditingOperation.NODELEFT ? resolveMessage(this.onNodeLeftMessage, "node", str) : str;
        }

        @Override // com.orientechnologies.security.auditing.OAuditingConfig
        public boolean isEnabled(OAuditingOperation oAuditingOperation) {
            if (oAuditingOperation == OAuditingOperation.NODEJOINED) {
                return this.onNodeJoinedEnabled;
            }
            if (oAuditingOperation == OAuditingOperation.NODELEFT) {
                return this.onNodeLeftEnabled;
            }
            return false;
        }
    }

    public ODatabaseLifecycleListener.PRIORITY getPriority() {
        return ODatabaseLifecycleListener.PRIORITY.LAST;
    }

    public void onCreate(ODatabaseInternal oDatabaseInternal) {
        if (oDatabaseInternal.getName().equalsIgnoreCase("OSystem")) {
            return;
        }
        OAuditingHook defaultHook = defaultHook(oDatabaseInternal);
        this.hooks.put(oDatabaseInternal.getName(), defaultHook);
        oDatabaseInternal.registerHook(defaultHook);
        oDatabaseInternal.registerListener(defaultHook);
    }

    private OAuditingHook defaultHook(ODatabaseInternal oDatabaseInternal) {
        String string;
        File configFile = getConfigFile(oDatabaseInternal.getName());
        if (configFile == null || !configFile.exists()) {
            InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(DEFAULT_FILE_AUDITING_DB_CONFIG);
            if (resourceAsStream == null) {
                try {
                    OLogManager.instance().error(this, "defaultHook() resourceAsStream is null", (Throwable) null, new Object[0]);
                } catch (Throwable th) {
                    if (resourceAsStream != null) {
                        try {
                            resourceAsStream.close();
                        } catch (IOException e) {
                            OLogManager.instance().error(this, "Cannot read auditing file configuration", e, new Object[0]);
                            throw th;
                        }
                    }
                    throw th;
                }
            }
            string = getString(resourceAsStream);
            if (configFile != null) {
                try {
                    configFile.getParentFile().mkdirs();
                    configFile.createNewFile();
                    FileOutputStream fileOutputStream = new FileOutputStream(configFile);
                    try {
                        fileOutputStream.write(string.getBytes());
                        fileOutputStream.flush();
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        fileOutputStream.close();
                        throw th2;
                    }
                } catch (IOException e2) {
                    string = "{}";
                    OLogManager.instance().error(this, "Cannot save auditing file configuration", e2, new Object[0]);
                }
            }
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (IOException e3) {
                    OLogManager.instance().error(this, "Cannot read auditing file configuration", e3, new Object[0]);
                }
            }
        } else {
            string = getContent(configFile);
        }
        return new OAuditingHook(new ODocument().fromJSON(string, "noMap"), this.security);
    }

    private String getContent(File file) {
        String str;
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
                byte[] bArr = new byte[(int) file.length()];
                fileInputStream.read(bArr);
                str = new String(bArr);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        OLogManager.instance().error(this, "Cannot get auditing file configuration", e, new Object[0]);
                    }
                }
            } catch (Exception e2) {
                str = "{}";
                OLogManager.instance().error(this, "Cannot get auditing file configuration", e2, new Object[0]);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e3) {
                        OLogManager.instance().error(this, "Cannot get auditing file configuration", e3, new Object[0]);
                    }
                }
            }
            return str;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                    OLogManager.instance().error(this, "Cannot get auditing file configuration", e4, new Object[0]);
                }
            }
            throw th;
        }
    }

    public String getString(InputStream inputStream) {
        try {
            StringBuilder sb = new StringBuilder();
            while (true) {
                int read = inputStream.read();
                if (read == -1) {
                    return sb.toString();
                }
                sb.append((char) read);
            }
        } catch (IOException e) {
            OLogManager.instance().error(this, "Cannot get default auditing file configuration", e, new Object[0]);
            return "{}";
        }
    }

    public void onOpen(ODatabaseInternal oDatabaseInternal) {
        if (!oDatabaseInternal.getName().equalsIgnoreCase("OSystem") && oDatabaseInternal.getProperty(IMPORTER_FLAG) == null) {
            OAuditingHook oAuditingHook = this.hooks.get(oDatabaseInternal.getName());
            if (oAuditingHook == null) {
                oAuditingHook = defaultHook(oDatabaseInternal);
                this.hooks.put(oDatabaseInternal.getName(), oAuditingHook);
            }
            oDatabaseInternal.registerHook(oAuditingHook);
            oDatabaseInternal.registerListener(oAuditingHook);
        }
    }

    public void onClose(ODatabaseInternal oDatabaseInternal) {
        OAuditingHook oAuditingHook = this.hooks.get(oDatabaseInternal.getName());
        if (oAuditingHook != null) {
            oDatabaseInternal.unregisterHook(oAuditingHook);
            oDatabaseInternal.unregisterListener(oAuditingHook);
        }
    }

    public void onDrop(ODatabaseInternal oDatabaseInternal) {
        onClose(oDatabaseInternal);
        OAuditingHook oAuditingHook = this.hooks.get(oDatabaseInternal.getName());
        if (oAuditingHook != null) {
            oAuditingHook.shutdown(false);
        }
        File configFile = getConfigFile(oDatabaseInternal.getName());
        if (configFile == null || !configFile.exists()) {
            return;
        }
        OLogManager.instance().info(this, "Removing Auditing config for db : %s", new Object[]{oDatabaseInternal.getName()});
        configFile.delete();
    }

    private File getConfigFile(String str) {
        return new File(this.security.getContext().getBasePath() + File.separator + str + File.separator + FILE_AUDITING_DB_CONFIG);
    }

    public void onCreateClass(ODatabaseInternal oDatabaseInternal, OClass oClass) {
        OAuditingHook oAuditingHook = this.hooks.get(oDatabaseInternal.getName());
        if (oAuditingHook != null) {
            oAuditingHook.onCreateClass(oClass);
        }
    }

    public void onDropClass(ODatabaseInternal oDatabaseInternal, OClass oClass) {
        OAuditingHook oAuditingHook = this.hooks.get(oDatabaseInternal.getName());
        if (oAuditingHook != null) {
            oAuditingHook.onDropClass(oClass);
        }
    }

    public void onLocalNodeConfigurationRequest(ODocument oDocument) {
    }

    protected void updateConfigOnDisk(String str, ODocument oDocument) throws IOException {
        File configFile = getConfigFile(str);
        if (configFile != null) {
            FileOutputStream fileOutputStream = new FileOutputStream(configFile);
            try {
                fileOutputStream.write(oDocument.toJSON("prettyPrint=true").getBytes());
                fileOutputStream.flush();
                fileOutputStream.close();
            } catch (Throwable th) {
                fileOutputStream.close();
                throw th;
            }
        }
    }

    public boolean onNodeJoining(String str) {
        return true;
    }

    public void onNodeJoined(String str) {
        if (this.distribConfig == null || !this.distribConfig.isEnabled(OAuditingOperation.NODEJOINED)) {
            return;
        }
        log(OAuditingOperation.NODEJOINED, this.distribConfig.formatMessage(OAuditingOperation.NODEJOINED, str));
    }

    public void onNodeLeft(String str) {
        if (this.distribConfig == null || !this.distribConfig.isEnabled(OAuditingOperation.NODELEFT)) {
            return;
        }
        log(OAuditingOperation.NODELEFT, this.distribConfig.formatMessage(OAuditingOperation.NODELEFT, str));
    }

    public void onDatabaseChangeStatus(String str, String str2, ODistributedServerManager.DB_STATUS db_status) {
    }

    @Deprecated
    public static String getClusterName(String str) {
        return str + "_auditing";
    }

    public static String getClassName(String str) {
        return str + AUDITING_LOG_CLASSNAME;
    }

    public void changeConfig(OSecurityUser oSecurityUser, String str, ODocument oDocument) throws IOException {
        if (str == null || !str.equalsIgnoreCase("OSystem")) {
            this.hooks.put(str, new OAuditingHook(oDocument, this.security));
            updateConfigOnDisk(str, oDocument);
            log(OAuditingOperation.CHANGEDCONFIG, oSecurityUser, String.format("The auditing configuration for the database '%s' has been changed", str));
        }
    }

    public ODocument getConfig(String str) {
        return this.hooks.get(str).getConfiguration();
    }

    public void log(OAuditingOperation oAuditingOperation, String str) {
        log(oAuditingOperation, null, null, str);
    }

    public void log(OAuditingOperation oAuditingOperation, OSecurityUser oSecurityUser, String str) {
        log(oAuditingOperation, null, oSecurityUser, str);
    }

    public void log(OAuditingOperation oAuditingOperation, String str, OSecurityUser oSecurityUser, String str2) {
        if (str != null) {
            OAuditingHook oAuditingHook = this.hooks.get(str);
            if (oAuditingHook != null) {
                oAuditingHook.log(oAuditingOperation, str, oSecurityUser, str2);
                return;
            } else {
                this.globalHook.log(oAuditingOperation, str, oSecurityUser, str2);
                return;
            }
        }
        String str3 = null;
        if (oSecurityUser != null) {
            str3 = oSecurityUser.getName();
        }
        if (this.globalHook == null) {
            OLogManager.instance().error(this, "Default Auditing is disabled, cannot log: op=%s db='%s' user=%s message='%s'", (Throwable) null, new Object[]{oAuditingOperation, str, str3, str2});
        } else {
            this.globalHook.log(oAuditingOperation, str, oSecurityUser, str2);
        }
    }

    private void createClassIfNotExists() {
        ODatabaseDocumentInternal ifDefined = ODatabaseRecordThreadLocal.instance().getIfDefined();
        ODatabaseDocumentInternal oDatabaseDocumentInternal = null;
        try {
            try {
                oDatabaseDocumentInternal = this.context.getSystemDatabase().openSystemDatabase();
                if (oDatabaseDocumentInternal.getMetadata().getSchema().getClass(AUDITING_LOG_CLASSNAME) == null) {
                    OClass createClass = oDatabaseDocumentInternal.getMetadata().getSchema().createClass(AUDITING_LOG_CLASSNAME);
                    createClass.createProperty("date", OType.DATETIME);
                    createClass.createProperty("user", OType.STRING);
                    createClass.createProperty("operation", OType.BYTE);
                    createClass.createProperty("record", OType.LINK);
                    createClass.createProperty("changes", OType.EMBEDDED);
                    createClass.createProperty("note", OType.STRING);
                    createClass.createProperty("database", OType.STRING);
                }
                if (oDatabaseDocumentInternal != null) {
                    oDatabaseDocumentInternal.close();
                }
                if (ifDefined != null) {
                    ODatabaseRecordThreadLocal.instance().set(ifDefined);
                } else {
                    ODatabaseRecordThreadLocal.instance().remove();
                }
            } catch (Exception e) {
                OLogManager.instance().error(this, "Creating auditing class exception", e, new Object[0]);
                if (oDatabaseDocumentInternal != null) {
                    oDatabaseDocumentInternal.close();
                }
                if (ifDefined != null) {
                    ODatabaseRecordThreadLocal.instance().set(ifDefined);
                } else {
                    ODatabaseRecordThreadLocal.instance().remove();
                }
            }
        } catch (Throwable th) {
            if (oDatabaseDocumentInternal != null) {
                oDatabaseDocumentInternal.close();
            }
            if (ifDefined != null) {
                ODatabaseRecordThreadLocal.instance().set(ifDefined);
            } else {
                ODatabaseRecordThreadLocal.instance().remove();
            }
            throw th;
        }
    }

    public void active() {
        createClassIfNotExists();
        this.globalHook = new OAuditingHook(this.security);
        this.retainTask = new TimerTask() { // from class: com.orientechnologies.security.auditing.ODefaultAuditing.1
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                ODefaultAuditing.this.retainLogs();
            }
        };
        this.timer.scheduleAtFixedRate(this.retainTask, 1000L, 86400000L);
        Orient.instance().addDbLifecycleListener(this);
        if ((this.context instanceof OServerAware) && this.context.getDistributedManager() != null) {
            this.context.getDistributedManager().registerLifecycleListener(this);
        }
        if (this.systemDbImporter == null || !this.systemDbImporter.isEnabled()) {
            return;
        }
        this.systemDbImporter.start();
    }

    public void retainLogs() {
        if (this.globalRetentionDays.intValue() > 0) {
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(new Date());
            calendar.add(5, (-1) * this.globalRetentionDays.intValue());
            retainLogs(calendar.getTime());
        }
    }

    public void retainLogs(Date date) {
        long time = date.getTime();
        this.context.getSystemDatabase().executeWithDB(oDatabaseSession -> {
            oDatabaseSession.command("delete from OAuditingLog where date < ?", new Object[]{Long.valueOf(time)}).close();
            return null;
        });
    }

    public void config(ODocument oDocument, OSecuritySystem oSecuritySystem) {
        this.context = oSecuritySystem.getContext();
        this.security = oSecuritySystem;
        try {
            if (oDocument.containsField("enabled")) {
                this.enabled = ((Boolean) oDocument.field("enabled")).booleanValue();
            }
            if (oDocument.containsField("retentionDays")) {
                this.globalRetentionDays = (Integer) oDocument.field("retentionDays");
            }
            if (oDocument.containsField("distributed")) {
                this.distribConfig = new OAuditingDistribConfig((ODocument) oDocument.field("distributed"));
            }
            if (oDocument.containsField("systemImport")) {
                this.systemDbImporter = new OSystemDBImporter(this.context, (ODocument) oDocument.field("systemImport"));
            }
        } catch (Exception e) {
            OLogManager.instance().error(this, "config()", e, new Object[0]);
        }
    }

    public void dispose() {
        if (this.systemDbImporter != null && this.systemDbImporter.isEnabled()) {
            this.systemDbImporter.shutdown();
        }
        if ((this.context instanceof OServerAware) && this.context.getDistributedManager() != null) {
            this.context.getDistributedManager().unregisterLifecycleListener(this);
        }
        Orient.instance().removeDbLifecycleListener(this);
        if (this.globalHook != null) {
            this.globalHook.shutdown(false);
            this.globalHook = null;
        }
        if (this.retainTask != null) {
            this.retainTask.cancel();
        }
        if (this.timer != null) {
            this.timer.cancel();
        }
    }

    public boolean isEnabled() {
        return this.enabled;
    }
}
