package org.forgerock.openam.saml2.audit;

import com.iplanet.sso.SSOToken;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import org.forgerock.audit.events.AccessAuditEventBuilder;
import org.forgerock.json.JsonValue;
import org.forgerock.openam.audit.AMAccessAuditEventBuilder;
import org.forgerock.openam.audit.AMAuditEventBuilderUtils;
import org.forgerock.openam.audit.AuditConstants;
import org.forgerock.openam.audit.AuditEventFactory;
import org.forgerock.openam.audit.AuditEventPublisher;
import org.forgerock.openam.audit.context.AuditRequestContext;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;

/* loaded from: input_file:org/forgerock/openam/saml2/audit/SAML2Auditor.class */
public class SAML2Auditor implements SAML2EventLogger {
    private static final String PROXY_MESSAGE = "Forwarding request to a proxy";
    private static final String LOCAL_USER_LOGIN_MESSAGE = "Forwarding request to local user login";
    private String trackingId;
    private String userId;
    private String realm;
    private String method;
    private boolean accessAttemptAudited = false;
    private long startTime = Time.currentTimeMillis();
    private final HttpServletRequest request;
    private final AuditEventPublisher auditEventPublisher;
    private final AuditEventFactory auditEventFactory;
    private String message;
    private String SSOTokenId;
    private String authnRequestId;
    private String authTokenId;

    public SAML2Auditor(AuditEventPublisher auditEventPublisher, AuditEventFactory auditEventFactory, HttpServletRequest httpServletRequest) {
        this.request = httpServletRequest;
        this.auditEventPublisher = auditEventPublisher;
        this.auditEventFactory = auditEventFactory;
    }

    @Override // org.forgerock.openam.saml2.audit.SAML2EventLogger
    public void auditAccessAttempt() {
        if (this.auditEventPublisher.isAuditing(this.realm, "access", AuditConstants.EventName.AM_ACCESS_ATTEMPT)) {
            this.auditEventPublisher.tryPublish("access", getDefaultSAML2AccessAuditEventBuilder().timestamp(this.startTime).eventName(AuditConstants.EventName.AM_ACCESS_ATTEMPT).toEvent());
        }
        this.accessAttemptAudited = true;
    }

    private Set<String> collateTrackingIds() {
        HashSet hashSet = new HashSet(AMAuditEventBuilderUtils.getAllAvailableTrackingIds());
        if (StringUtils.isNotEmpty(this.trackingId)) {
            hashSet.add(this.trackingId);
        }
        if (StringUtils.isNotEmpty(this.SSOTokenId)) {
            hashSet.add(this.SSOTokenId);
        }
        if (StringUtils.isNotEmpty(this.authTokenId)) {
            hashSet.add(this.authTokenId);
        }
        if (StringUtils.isNotEmpty(this.authnRequestId)) {
            hashSet.add(this.authnRequestId);
        }
        return hashSet;
    }

    @Override // org.forgerock.openam.saml2.audit.SAML2EventLogger
    public void auditAccessSuccess() {
        if (!this.accessAttemptAudited) {
            auditAccessAttempt();
        }
        if (this.auditEventPublisher.isAuditing(this.realm, "access", AuditConstants.EventName.AM_ACCESS_OUTCOME)) {
            long currentTimeMillis = Time.currentTimeMillis();
            this.auditEventPublisher.tryPublish("access", getDefaultSAML2AccessAuditEventBuilder().timestamp(currentTimeMillis).eventName(AuditConstants.EventName.AM_ACCESS_OUTCOME).response(AccessAuditEventBuilder.ResponseStatus.SUCCESSFUL, this.message, currentTimeMillis - this.startTime, TimeUnit.MILLISECONDS).toEvent());
        }
    }

    @Override // org.forgerock.openam.saml2.audit.SAML2EventLogger
    public void auditAccessFailure(String str, String str2) {
        if (!this.accessAttemptAudited) {
            auditAccessAttempt();
        }
        if (this.auditEventPublisher.isAuditing(this.realm, "access", AuditConstants.EventName.AM_ACCESS_OUTCOME)) {
            long currentTimeMillis = Time.currentTimeMillis();
            this.auditEventPublisher.tryPublish("access", getDefaultSAML2AccessAuditEventBuilder().timestamp(currentTimeMillis).eventName(AuditConstants.EventName.AM_ACCESS_OUTCOME).responseWithDetail(AccessAuditEventBuilder.ResponseStatus.FAILED, str, currentTimeMillis - this.startTime, TimeUnit.MILLISECONDS, JsonValue.json(JsonValue.object(new Map.Entry[]{JsonValue.field("reason", str2)}))).toEvent());
        }
    }

    private AMAccessAuditEventBuilder getDefaultSAML2AccessAuditEventBuilder() {
        return this.auditEventFactory.accessEvent(this.realm).forHttpServletRequest(this.request).transactionId(AuditRequestContext.getTransactionIdValue()).component(AuditConstants.Component.SAML2).userId(this.userId).request(AuditConstants.Component.SAML2.toString(), this.method).trackingIds(collateTrackingIds());
    }

    @Override // org.forgerock.openam.saml2.audit.SAML2EventLogger
    public void setSessionTrackingId(String str) {
        this.trackingId = str;
    }

    @Override // org.forgerock.openam.saml2.audit.SAML2EventLogger
    public void setUserId(String str) {
        this.userId = str;
    }

    @Override // org.forgerock.openam.saml2.audit.SAML2EventLogger
    public void setRealm(String str) {
        this.realm = StringUtils.isEmpty(str) ? null : str;
    }

    @Override // org.forgerock.openam.saml2.audit.SAML2EventLogger
    public void setMethod(String str) {
        this.method = str;
    }

    @Override // org.forgerock.openam.saml2.audit.SAML2EventLogger
    public void auditForwardToProxy() {
        this.message = PROXY_MESSAGE;
        auditAccessSuccess();
    }

    @Override // org.forgerock.openam.saml2.audit.SAML2EventLogger
    public void auditForwardToLocalUserLogin() {
        this.message = LOCAL_USER_LOGIN_MESSAGE;
        auditAccessSuccess();
    }

    @Override // org.forgerock.openam.saml2.audit.SAML2EventLogger
    public void setRequestId(String str) {
        this.authnRequestId = str;
    }

    @Override // org.forgerock.openam.saml2.audit.SAML2EventLogger
    public void setSSOTokenId(Object obj) {
        if (null == obj || !(obj instanceof SSOToken)) {
            return;
        }
        this.SSOTokenId = AMAuditEventBuilderUtils.getTrackingIdFromSSOToken((SSOToken) obj);
    }

    @Override // org.forgerock.openam.saml2.audit.SAML2EventLogger
    public void setAuthTokenId(Object obj) {
        if (null == obj || !(obj instanceof SSOToken)) {
            return;
        }
        this.authTokenId = AMAuditEventBuilderUtils.getTrackingIdFromSSOToken((SSOToken) obj);
    }
}
