package org.apache.ranger.audit.destination;

import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.security.auth.login.Configuration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.audit.model.AuditEventBase;
import org.apache.ranger.audit.model.AuthzAuditEvent;
import org.apache.ranger.audit.provider.MiscUtil;
import org.apache.ranger.audit.utils.InMemoryJAASConfiguration;
import org.apache.ranger.rest.TagRESTConstants;
import org.apache.solr.client.solrj.SolrClient;
import org.apache.solr.client.solrj.impl.CloudSolrClient;
import org.apache.solr.client.solrj.impl.HttpClientUtil;
import org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer;
import org.apache.solr.client.solrj.impl.LBHttpSolrClient;
import org.apache.solr.client.solrj.response.UpdateResponse;
import org.apache.solr.common.SolrException;
import org.apache.solr.common.SolrInputDocument;
import org.eclipse.persistence.jpa.rs.util.StreamingOutputMarshaller;
import org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader;

/* loaded from: input_file:WEB-INF/lib/ranger-plugins-audit-0.6.3.jar:org/apache/ranger/audit/destination/SolrAuditDestination.class */
public class SolrAuditDestination extends AuditDestination {
    private static final Log LOG = LogFactory.getLog(SolrAuditDestination.class);
    public static final String PROP_SOLR_URLS = "urls";
    public static final String PROP_SOLR_ZK = "zookeepers";
    public static final String PROP_SOLR_COLLECTION = "collection";
    public static final String PROP_SOLR_FORCE_USE_INMEMORY_JAAS_CONFIG = "force.use.inmemory.jaas.config";
    public static final String DEFAULT_COLLECTION_NAME = "ranger_audits";
    public static final String PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG = "java.security.auth.login.config";
    private volatile SolrClient solrClient = null;

    @Override // org.apache.ranger.audit.destination.AuditDestination, org.apache.ranger.audit.provider.BaseAuditHandler, org.apache.ranger.audit.provider.AuditHandler
    public void init(Properties properties, String str) {
        LOG.info("init() called");
        super.init(properties, str);
        init();
        connect();
    }

    @Override // org.apache.ranger.audit.destination.AuditDestination, org.apache.ranger.audit.provider.AuditHandler
    public void stop() {
        super.stop();
        logStatus();
    }

    synchronized void connect() {
        if (this.solrClient == null) {
            synchronized (SolrAuditDestination.class) {
                SolrClient solrClient = this.solrClient;
                if (this.solrClient == null) {
                    String stringProperty = MiscUtil.getStringProperty(this.props, this.propPrefix + "." + PROP_SOLR_URLS);
                    if (stringProperty != null) {
                        stringProperty = stringProperty.trim();
                    }
                    if (stringProperty != null && stringProperty.equalsIgnoreCase("NONE")) {
                        stringProperty = null;
                    }
                    new ArrayList();
                    List<String> array = MiscUtil.toArray(stringProperty, ",");
                    String stringProperty2 = MiscUtil.getStringProperty(this.props, this.propPrefix + "." + PROP_SOLR_ZK);
                    if (stringProperty2 != null && stringProperty2.equalsIgnoreCase("NONE")) {
                        stringProperty2 = null;
                    }
                    String stringProperty3 = MiscUtil.getStringProperty(this.props, this.propPrefix + ".collection");
                    if (stringProperty3 == null || stringProperty3.equalsIgnoreCase("none")) {
                        stringProperty3 = "ranger_audits";
                    }
                    LOG.info("Solr zkHosts=" + stringProperty2 + ", solrURLs=" + stringProperty + ", collectionName=" + stringProperty3);
                    if (stringProperty2 != null && !stringProperty2.isEmpty()) {
                        LOG.info("Connecting to solr cloud using zkHosts=" + stringProperty2);
                        try {
                            try {
                                HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
                                CloudSolrClient cloudSolrClient = new CloudSolrClient(stringProperty2);
                                cloudSolrClient.setDefaultCollection(stringProperty3);
                                this.solrClient = cloudSolrClient;
                                resetInitializerInSOLR();
                            } finally {
                            }
                        } catch (Throwable th) {
                            LOG.fatal("Can't connect to Solr server. ZooKeepers=" + stringProperty2, th);
                            resetInitializerInSOLR();
                        }
                    } else if (array != null) {
                        try {
                            if (!array.isEmpty()) {
                                try {
                                    LOG.info("Connecting to Solr using URLs=" + array);
                                    HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
                                    LBHttpSolrClient lBHttpSolrClient = new LBHttpSolrClient(array.get(0));
                                    lBHttpSolrClient.setConnectionTimeout(1000);
                                    for (int i = 1; i < array.size(); i++) {
                                        lBHttpSolrClient.addSolrServer(array.get(i));
                                    }
                                    this.solrClient = lBHttpSolrClient;
                                    resetInitializerInSOLR();
                                } catch (Throwable th2) {
                                    LOG.fatal("Can't connect to Solr server. URL=" + array, th2);
                                    resetInitializerInSOLR();
                                }
                            }
                        } finally {
                        }
                    }
                }
            }
        }
    }

    private void resetInitializerInSOLR() {
        Configuration configuration = Configuration.getConfiguration();
        String name = configuration.getClass().getName();
        if (!name.endsWith("SolrJaasConfiguration")) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("resetInitializerInSOLR: not applying on class [" + name + "] as it does not endwith [SolrJaasConfiguration]");
                return;
            }
            return;
        }
        try {
            Field declaredField = configuration.getClass().getDeclaredField("initiateAppNames");
            if (declaredField != null) {
                declaredField.setAccessible(true);
                declaredField.set(configuration, new HashSet());
                if (LOG.isDebugEnabled()) {
                    LOG.debug("resetInitializerInSOLR: successfully reset the initiateAppNames");
                }
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("resetInitializerInSOLR: not applying on class [" + name + "] as it does not have initiateAppNames variable name.");
            }
        } catch (Throwable th) {
            logError("resetInitializerInSOLR: Unable to reset SOLRCONFIG.initiateAppNames to be empty", th);
        }
    }

    @Override // org.apache.ranger.audit.provider.AuditHandler
    public boolean log(Collection<AuditEventBase> collection) {
        try {
            logStatusIfRequired();
            addTotalCount(collection.size());
            if (this.solrClient == null) {
                connect();
                if (this.solrClient == null) {
                    addDeferredCount(collection.size());
                    return false;
                }
            }
            ArrayList arrayList = new ArrayList();
            Iterator<AuditEventBase> it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(toSolrDoc((AuthzAuditEvent) it.next()));
            }
            try {
                UpdateResponse add = this.solrClient.add(arrayList);
                if (add.getStatus() != 0) {
                    addFailedCount(collection.size());
                    logFailedEvent(collection, add.toString());
                } else {
                    addSuccessCount(collection.size());
                }
            } catch (SolrException e) {
                addFailedCount(collection.size());
                logFailedEvent(collection, e);
            }
            return true;
        } catch (Throwable th) {
            addDeferredCount(collection.size());
            logError("Error sending message to Solr", th);
            return false;
        }
    }

    @Override // org.apache.ranger.audit.destination.AuditDestination, org.apache.ranger.audit.provider.AuditHandler
    public void flush() {
    }

    SolrInputDocument toSolrDoc(AuthzAuditEvent authzAuditEvent) {
        SolrInputDocument solrInputDocument = new SolrInputDocument();
        solrInputDocument.addField("id", authzAuditEvent.getEventId());
        solrInputDocument.addField("access", authzAuditEvent.getAccessType());
        solrInputDocument.addField("enforcer", authzAuditEvent.getAclEnforcer());
        solrInputDocument.addField("agent", authzAuditEvent.getAgentId());
        solrInputDocument.addField("repo", authzAuditEvent.getRepositoryName());
        solrInputDocument.addField("sess", authzAuditEvent.getSessionId());
        solrInputDocument.addField("reqUser", authzAuditEvent.getUser());
        solrInputDocument.addField("reqData", authzAuditEvent.getRequestData());
        solrInputDocument.addField(DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE, authzAuditEvent.getResourcePath());
        solrInputDocument.addField("cliIP", authzAuditEvent.getClientIP());
        solrInputDocument.addField("logType", authzAuditEvent.getLogType());
        solrInputDocument.addField(StreamingOutputMarshaller.NO_ROUTE_JAXB_ELEMENT_LABEL, Short.valueOf(authzAuditEvent.getAccessResult()));
        solrInputDocument.addField("policy", Long.valueOf(authzAuditEvent.getPolicyId()));
        solrInputDocument.addField("repoType", Integer.valueOf(authzAuditEvent.getRepositoryType()));
        solrInputDocument.addField("resType", authzAuditEvent.getResourceType());
        solrInputDocument.addField("reason", authzAuditEvent.getResultReason());
        solrInputDocument.addField("action", authzAuditEvent.getAction());
        solrInputDocument.addField("evtTime", authzAuditEvent.getEventTime());
        solrInputDocument.addField("seq_num", Long.valueOf(authzAuditEvent.getSeqNum()));
        solrInputDocument.setField("event_count", Long.valueOf(authzAuditEvent.getEventCount()));
        solrInputDocument.setField("event_dur_ms", Long.valueOf(authzAuditEvent.getEventDurationMS()));
        solrInputDocument.setField(TagRESTConstants.TAGDEF_NAME_AND_VERSION, authzAuditEvent.getTags());
        return solrInputDocument;
    }

    public boolean isAsync() {
        return true;
    }

    private void init() {
        LOG.info("==>SolrAuditDestination.init()");
        try {
            try {
                LOG.info("In solrAuditDestination.init() : JAAS Configuration set as [" + System.getProperty("java.security.auth.login.config") + "]");
                if (System.getProperty("java.security.auth.login.config") == null) {
                    if (MiscUtil.getBooleanProperty(this.props, this.propPrefix + "." + PROP_SOLR_FORCE_USE_INMEMORY_JAAS_CONFIG, false)) {
                        System.setProperty("java.security.auth.login.config", "/dev/null");
                    } else {
                        LOG.warn("No Client JAAS config present in solr audit config. Ranger Audit to Kerberized Solr will fail...");
                    }
                }
                LOG.info("Loading SolrClient JAAS config from Ranger audit config if present...");
                InMemoryJAASConfiguration.init(this.props);
                LOG.info("In solrAuditDestination.init() (finally) : JAAS Configuration set as [" + System.getProperty("java.security.auth.login.config") + "]");
            } catch (Exception e) {
                LOG.error("ERROR: Unable to load SolrClient JAAS config from Audit config file. Audit to Kerberized Solr will fail...", e);
                LOG.info("In solrAuditDestination.init() (finally) : JAAS Configuration set as [" + System.getProperty("java.security.auth.login.config") + "]");
            }
            LOG.info("<==SolrAuditDestination.init()");
        } catch (Throwable th) {
            LOG.info("In solrAuditDestination.init() (finally) : JAAS Configuration set as [" + System.getProperty("java.security.auth.login.config") + "]");
            throw th;
        }
    }
}
