package org.apache.ranger.plugin.audit;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.audit.model.AuthzAuditEvent;
import org.apache.ranger.audit.provider.AuditProviderFactory;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
import org.apache.ranger.plugin.model.RangerTag;
import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
import org.apache.ranger.plugin.policyengine.RangerAccessResource;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor;
import org.apache.ranger.plugin.util.RangerAccessRequestUtil;

/* loaded from: input_file:WEB-INF/lib/ranger-plugins-common-0.6.0.jar:org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.class */
public class RangerDefaultAuditHandler implements RangerAccessResultProcessor {
    protected static final String RangerModuleName = RangerConfiguration.getInstance().get(RangerHadoopConstants.AUDITLOG_RANGER_MODULE_ACL_NAME_PROP, RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME);
    private static final Log LOG = LogFactory.getLog(RangerDefaultAuditHandler.class);
    static long sequenceNumber = 0;

    @Override // org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor
    public void processResult(RangerAccessResult rangerAccessResult) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultAuditHandler.processResult(" + rangerAccessResult + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        logAuthzAudit(getAuthzEvents(rangerAccessResult));
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultAuditHandler.processResult(" + rangerAccessResult + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
    }

    @Override // org.apache.ranger.plugin.policyengine.RangerAccessResultProcessor
    public void processResults(Collection<RangerAccessResult> collection) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultAuditHandler.processResults(" + collection + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        logAuthzAudits(getAuthzEvents(collection));
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultAuditHandler.processResults(" + collection + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
    }

    public AuthzAuditEvent getAuthzEvents(RangerAccessResult rangerAccessResult) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultAuditHandler.getAuthzEvents(" + rangerAccessResult + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        AuthzAuditEvent authzAuditEvent = null;
        RangerAccessRequest accessRequest = rangerAccessResult != null ? rangerAccessResult.getAccessRequest() : null;
        if (accessRequest != null && rangerAccessResult != null && rangerAccessResult.getIsAudited()) {
            RangerAccessResource resource = accessRequest.getResource();
            String leafName = resource == null ? null : resource.getLeafName();
            String asString = resource == null ? null : resource.getAsString();
            authzAuditEvent = createAuthzAuditEvent();
            authzAuditEvent.setRepositoryName(rangerAccessResult.getServiceName());
            authzAuditEvent.setRepositoryType(rangerAccessResult.getServiceType());
            authzAuditEvent.setResourceType(leafName);
            authzAuditEvent.setResourcePath(asString);
            authzAuditEvent.setRequestData(accessRequest.getRequestData());
            authzAuditEvent.setEventTime(accessRequest.getAccessTime());
            authzAuditEvent.setUser(accessRequest.getUser());
            authzAuditEvent.setAction(accessRequest.getAccessType());
            authzAuditEvent.setAccessResult((short) (rangerAccessResult.getIsAllowed() ? 1 : 0));
            authzAuditEvent.setPolicyId(rangerAccessResult.getPolicyId());
            authzAuditEvent.setAccessType(accessRequest.getAction());
            authzAuditEvent.setClientIP(accessRequest.getClientIPAddress());
            authzAuditEvent.setClientType(accessRequest.getClientType());
            authzAuditEvent.setSessionId(accessRequest.getSessionId());
            authzAuditEvent.setAclEnforcer(RangerModuleName);
            Set<String> tags = getTags(accessRequest);
            if (tags != null) {
                authzAuditEvent.setTags(tags);
            }
            authzAuditEvent.setAdditionalInfo(getAdditionalInfo(accessRequest));
            populateDefaults(authzAuditEvent);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultAuditHandler.getAuthzEvents(" + rangerAccessResult + "): " + authzAuditEvent);
        }
        return authzAuditEvent;
    }

    public Collection<AuthzAuditEvent> getAuthzEvents(Collection<RangerAccessResult> collection) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultAuditHandler.getAuthzEvents(" + collection + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        ArrayList arrayList = null;
        if (collection != null) {
            Iterator<RangerAccessResult> it = collection.iterator();
            while (it.hasNext()) {
                AuthzAuditEvent authzEvents = getAuthzEvents(it.next());
                if (authzEvents != null) {
                    if (arrayList == null) {
                        arrayList = new ArrayList();
                    }
                    arrayList.add(authzEvents);
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultAuditHandler.getAuthzEvents(" + collection + "): " + arrayList);
        }
        return arrayList;
    }

    public void logAuthzAudit(AuthzAuditEvent authzAuditEvent) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultAuditHandler.logAuthzAudit(" + authzAuditEvent + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        if (authzAuditEvent != null) {
            populateDefaults(authzAuditEvent);
            AuditProviderFactory.getAuditProvider().log(authzAuditEvent);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultAuditHandler.logAuthzAudit(" + authzAuditEvent + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
    }

    private void populateDefaults(AuthzAuditEvent authzAuditEvent) {
        if (authzAuditEvent.getAclEnforcer() == null || authzAuditEvent.getAclEnforcer().isEmpty()) {
            authzAuditEvent.setAclEnforcer(RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME);
        }
        if (authzAuditEvent.getAgentHostname() == null || authzAuditEvent.getAgentHostname().isEmpty()) {
            authzAuditEvent.setAgentHostname(MiscUtil.getHostname());
        }
        if (authzAuditEvent.getLogType() == null || authzAuditEvent.getLogType().isEmpty()) {
            authzAuditEvent.setLogType("RangerAudit");
        }
        if (authzAuditEvent.getEventId() == null || authzAuditEvent.getEventId().isEmpty()) {
            authzAuditEvent.setEventId(MiscUtil.generateUniqueId());
        }
        long j = sequenceNumber;
        sequenceNumber = j + 1;
        authzAuditEvent.setSeqNum(j);
    }

    public void logAuthzAudits(Collection<AuthzAuditEvent> collection) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerDefaultAuditHandler.logAuthzAudits(" + collection + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
        if (collection != null) {
            Iterator<AuthzAuditEvent> it = collection.iterator();
            while (it.hasNext()) {
                logAuthzAudit(it.next());
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerDefaultAuditHandler.logAuthzAudits(" + collection + DefaultExpressionEngine.DEFAULT_INDEX_END);
        }
    }

    public AuthzAuditEvent createAuthzAuditEvent() {
        return new AuthzAuditEvent();
    }

    protected final Set<String> getTags(RangerAccessRequest rangerAccessRequest) {
        HashSet hashSet = null;
        List<RangerTag> requestTagsFromContext = RangerAccessRequestUtil.getRequestTagsFromContext(rangerAccessRequest.getContext());
        if (CollectionUtils.isNotEmpty(requestTagsFromContext)) {
            hashSet = new HashSet();
            Iterator<RangerTag> it = requestTagsFromContext.iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().getType());
            }
        }
        return hashSet;
    }

    public String getAdditionalInfo(RangerAccessRequest rangerAccessRequest) {
        if (StringUtils.isBlank(rangerAccessRequest.getRemoteIPAddress()) && CollectionUtils.isEmpty(rangerAccessRequest.getForwardedAddresses())) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("{\"remote-ip-address\":").append(rangerAccessRequest.getRemoteIPAddress()).append(", \"forwarded-ip-addresses\":[").append(StringUtils.join(rangerAccessRequest.getForwardedAddresses(), ", ")).append("]");
        return sb.toString();
    }
}
