package uk.co.gresearch.siembol.configeditor.service.alerts.sigma;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectReader;
import com.fasterxml.jackson.databind.ObjectWriter;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import java.lang.invoke.MethodHandles;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import uk.co.gresearch.siembol.alerts.model.MatcherDto;
import uk.co.gresearch.siembol.alerts.model.RuleDto;
import uk.co.gresearch.siembol.common.jsonschema.SiembolJsonSchemaValidator;
import uk.co.gresearch.siembol.common.result.SiembolResult;
import uk.co.gresearch.siembol.common.utils.EvaluationLibrary;
import uk.co.gresearch.siembol.configeditor.common.ConfigEditorUtils;
import uk.co.gresearch.siembol.configeditor.common.ConfigImporter;
import uk.co.gresearch.siembol.configeditor.common.UserInfo;
import uk.co.gresearch.siembol.configeditor.model.ConfigEditorAttributes;
import uk.co.gresearch.siembol.configeditor.model.ConfigEditorResult;
import uk.co.gresearch.siembol.configeditor.model.ConfigEditorUiLayout;
import uk.co.gresearch.siembol.configeditor.service.alerts.sigma.SigmaSearch;
import uk.co.gresearch.siembol.configeditor.service.alerts.sigma.model.SigmaDetectionDto;
import uk.co.gresearch.siembol.configeditor.service.alerts.sigma.model.SigmaImporterAttributesDto;
import uk.co.gresearch.siembol.configeditor.service.alerts.sigma.model.SigmaRuleDto;

/* loaded from: input_file:uk/co/gresearch/siembol/configeditor/service/alerts/sigma/SigmaRuleImporter.class */
public class SigmaRuleImporter implements ConfigImporter {
    private static final Logger LOG = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private static final ObjectReader IMPORTER_ATTRIBUTES_READER = new ObjectMapper().readerFor(SigmaImporterAttributesDto.class);
    private static final ObjectReader SIGMA_RULE_READER = new ObjectMapper(new YAMLFactory()).configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false).readerFor(SigmaRuleDto.class);
    private static final ObjectReader SIGMA_RULE_MAP_READER = new ObjectMapper(new YAMLFactory()).readerFor(new TypeReference<Map<String, Object>>() { // from class: uk.co.gresearch.siembol.configeditor.service.alerts.sigma.SigmaRuleImporter.1
    });
    private static final ObjectWriter ALERTING_RULE_WRITER = new ObjectMapper().setSerializationInclusion(JsonInclude.Include.NON_NULL).writerFor(RuleDto.class).with(SerializationFeature.INDENT_OUTPUT);
    private static final String ERROR_ATTRIBUTES_INIT_LOG = "Error in initialising sigma importer attributes schema";
    private static final String ERROR_IMPORT_CONFIG_LOG = "Error during importing sigma rule: {}, attributes: {}, user:{}, exception: {}";
    private static final String ERROR_TOKENS_PARSING = "Problem during parsing of condition tokens";
    private static final String RULE_UNKNOWN_FIELD_VALUE = "unknown";
    private final String importerAttributesSchema;
    private final SiembolJsonSchemaValidator importerAttributesValidator;

    /* loaded from: input_file:uk/co/gresearch/siembol/configeditor/service/alerts/sigma/SigmaRuleImporter$Builder.class */
    public static class Builder {
        ConfigEditorUiLayout configEditorUiLayout = new ConfigEditorUiLayout();
        String importerAttributesSchema;
        SiembolJsonSchemaValidator importerAttributesValidator;

        public Builder configEditorUiLayout(ConfigEditorUiLayout configEditorUiLayout) {
            this.configEditorUiLayout = configEditorUiLayout;
            return this;
        }

        public SigmaRuleImporter build() throws Exception {
            this.importerAttributesValidator = new SiembolJsonSchemaValidator(SigmaImporterAttributesDto.class);
            Optional patchJsonSchema = ConfigEditorUtils.patchJsonSchema(this.importerAttributesValidator.getJsonSchema().getAttributes().getJsonSchema(), this.configEditorUiLayout.getImportersLayout());
            if (patchJsonSchema.isPresent()) {
                this.importerAttributesSchema = (String) patchJsonSchema.get();
                return new SigmaRuleImporter(this);
            }
            SigmaRuleImporter.LOG.error(SigmaRuleImporter.ERROR_ATTRIBUTES_INIT_LOG);
            throw new IllegalStateException(SigmaRuleImporter.ERROR_ATTRIBUTES_INIT_LOG);
        }
    }

    public SigmaRuleImporter(Builder builder) {
        this.importerAttributesSchema = builder.importerAttributesSchema;
        this.importerAttributesValidator = builder.importerAttributesValidator;
    }

    public ConfigEditorResult getImporterAttributesSchema() {
        ConfigEditorAttributes configEditorAttributes = new ConfigEditorAttributes();
        configEditorAttributes.setConfigImporterAttributesSchema(this.importerAttributesSchema);
        return new ConfigEditorResult(ConfigEditorResult.StatusCode.OK, configEditorAttributes);
    }

    public ConfigEditorResult validateImporterAttributes(String str) {
        return ConfigEditorResult.fromValidationResult(this.importerAttributesValidator.validate(str));
    }

    public ConfigEditorResult importConfig(UserInfo userInfo, String str, String str2) {
        SiembolResult validate = this.importerAttributesValidator.validate(str);
        if (validate.getStatusCode() != SiembolResult.StatusCode.OK) {
            return ConfigEditorResult.fromValidationResult(validate);
        }
        try {
            SigmaImporterAttributesDto sigmaImporterAttributesDto = (SigmaImporterAttributesDto) IMPORTER_ATTRIBUTES_READER.readValue(str);
            SigmaRuleDto sigmaRuleDto = (SigmaRuleDto) SIGMA_RULE_READER.readValue(str2);
            RuleDto createRule = createRule(sigmaImporterAttributesDto, (Map) SIGMA_RULE_MAP_READER.readValue(str2));
            createRule.setRuleAuthor(userInfo.getUserName());
            createRule.setMatchers(createMatchers(sigmaImporterAttributesDto, sigmaRuleDto));
            String writeValueAsString = ALERTING_RULE_WRITER.writeValueAsString(createRule);
            ConfigEditorAttributes configEditorAttributes = new ConfigEditorAttributes();
            configEditorAttributes.setImportedConfiguration(writeValueAsString);
            return new ConfigEditorResult(ConfigEditorResult.StatusCode.OK, configEditorAttributes);
        } catch (Exception e) {
            LOG.error(ERROR_IMPORT_CONFIG_LOG, new Object[]{str2, str, userInfo.getUserName(), ExceptionUtils.getStackTrace(e)});
            return ConfigEditorResult.fromException(ConfigEditorResult.StatusCode.BAD_REQUEST, e);
        }
    }

    private RuleDto createRule(SigmaImporterAttributesDto sigmaImporterAttributesDto, Map<String, Object> map) throws Exception {
        RuleDto ruleDto = new RuleDto();
        BeanUtils.copyProperties(ruleDto, sigmaImporterAttributesDto.getRuleMetadataMapping());
        EvaluationLibrary.substituteBean(ruleDto, map, RULE_UNKNOWN_FIELD_VALUE);
        ruleDto.setRuleName(ConfigEditorUtils.getNormalisedConfigName(ruleDto.getRuleName()));
        return ruleDto;
    }

    private List<MatcherDto> createMatchers(SigmaImporterAttributesDto sigmaImporterAttributesDto, SigmaRuleDto sigmaRuleDto) {
        HashMap hashMap = new HashMap();
        if (sigmaImporterAttributesDto.getFieldMapping() != null) {
            sigmaImporterAttributesDto.getFieldMapping().forEach(sigmaFieldMappingItemDto -> {
                hashMap.put(sigmaFieldMappingItemDto.getSigmaField(), sigmaFieldMappingItemDto.getSiembolField());
            });
        }
        return getMatchers(getSigmaSearches(sigmaRuleDto.getDetection(), hashMap), SigmaConditionToken.tokenize(sigmaRuleDto.getDetection().getCondition()));
    }

    private Map<String, SigmaSearch> getSigmaSearches(SigmaDetectionDto sigmaDetectionDto, Map<String, String> map) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, JsonNode> entry : sigmaDetectionDto.getSearchesMap().entrySet()) {
            SigmaSearch.Builder fieldMapping = new SigmaSearch.Builder(entry.getValue().isArray() ? SigmaSearch.SearchType.LIST : SigmaSearch.SearchType.MAP, entry.getKey()).fieldMapping(map);
            if (entry.getValue().isArray()) {
                fieldMapping.addList(entry.getValue());
            } else {
                entry.getValue().fieldNames().forEachRemaining(str -> {
                    fieldMapping.addMapEntry(str, ((JsonNode) entry.getValue()).get(str));
                });
            }
            hashMap.put(entry.getKey(), fieldMapping.build());
        }
        return hashMap;
    }

    private List<MatcherDto> getMatchers(Map<String, SigmaSearch> map, List<Pair<SigmaConditionToken, String>> list) {
        SigmaConditionTokenNode generateConditionSyntaxTree = generateConditionSyntaxTree(map, list);
        return generateConditionSyntaxTree.getToken().getMatchers(generateConditionSyntaxTree);
    }

    private boolean isConditionInBrackets(List<Pair<SigmaConditionToken, String>> list) {
        if (!SigmaConditionToken.TOKEN_LEFT_BRACKET.equals(list.get(0).getLeft()) || !SigmaConditionToken.TOKEN_RIGHT_BRACKET.equals(list.get(list.size() - 1).getLeft())) {
            return false;
        }
        int i = 0;
        for (int i2 = 0; i2 < list.size() - 1; i2++) {
            switch ((SigmaConditionToken) list.get(i2).getLeft()) {
                case TOKEN_LEFT_BRACKET:
                    i++;
                    break;
                case TOKEN_RIGHT_BRACKET:
                    i--;
                    if (i == 0) {
                        return false;
                    }
                    break;
            }
        }
        return i == 1;
    }

    private Optional<Integer> getBinaryOperatorIndex(List<Pair<SigmaConditionToken, String>> list) {
        int i = 0;
        Optional<Integer> empty = Optional.empty();
        for (int i2 = 0; i2 < list.size(); i2++) {
            switch ((SigmaConditionToken) list.get(i2).getLeft()) {
                case TOKEN_LEFT_BRACKET:
                    i++;
                    break;
                case TOKEN_RIGHT_BRACKET:
                    i--;
                    break;
                case TOKEN_OR:
                    if (i == 0) {
                        return Optional.of(Integer.valueOf(i2));
                    }
                    break;
                case TOKEN_AND:
                    if (i == 0 && !empty.isPresent()) {
                        empty = Optional.of(Integer.valueOf(i2));
                        break;
                    }
                    break;
            }
        }
        return empty;
    }

    private SigmaConditionTokenNode generateConditionBinaryOperatorTree(Map<String, SigmaSearch> map, List<Pair<SigmaConditionToken, String>> list, int i) {
        SigmaConditionTokenNode sigmaConditionTokenNode = new SigmaConditionTokenNode(list.get(i), map);
        sigmaConditionTokenNode.setFirstOperand(generateConditionSyntaxTree(map, list.subList(0, i)));
        sigmaConditionTokenNode.setSecondOperand(generateConditionSyntaxTree(map, list.subList(i + 1, list.size())));
        return sigmaConditionTokenNode;
    }

    private SigmaConditionTokenNode generateConditionUnaryOperatorTree(Map<String, SigmaSearch> map, List<Pair<SigmaConditionToken, String>> list) {
        SigmaConditionTokenNode sigmaConditionTokenNode = new SigmaConditionTokenNode(list.get(0), map);
        sigmaConditionTokenNode.setFirstOperand(generateConditionSyntaxTree(map, list.subList(1, list.size())));
        return sigmaConditionTokenNode;
    }

    private SigmaConditionTokenNode generateConditionSyntaxTree(Map<String, SigmaSearch> map, List<Pair<SigmaConditionToken, String>> list) {
        if (list.isEmpty()) {
            throw new IllegalArgumentException(ERROR_TOKENS_PARSING);
        }
        if (isConditionInBrackets(list)) {
            return generateConditionSyntaxTree(map, list.subList(1, list.size() - 1));
        }
        Optional<Integer> binaryOperatorIndex = getBinaryOperatorIndex(list);
        if (binaryOperatorIndex.isPresent()) {
            return generateConditionBinaryOperatorTree(map, list, binaryOperatorIndex.get().intValue());
        }
        if (SigmaConditionTokenType.UNARY_OPERATOR.equals(((SigmaConditionToken) list.get(0).getLeft()).getType())) {
            return generateConditionUnaryOperatorTree(map, list);
        }
        if (SigmaConditionToken.TOKEN_ID.equals(list.get(0).getLeft()) && list.size() == 1) {
            return new SigmaConditionTokenNode(list.get(0), map);
        }
        throw new IllegalStateException(ERROR_TOKENS_PARSING);
    }
}
