package org.forgerock.openam.rest.fluent;

import com.iplanet.sso.SSOToken;
import com.sun.identity.shared.configuration.SystemPropertiesManager;
import com.sun.identity.shared.debug.Debug;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.forgerock.audit.events.AccessAuditEventBuilder;
import org.forgerock.audit.events.AuditEvent;
import org.forgerock.json.JsonValue;
import org.forgerock.json.resource.Request;
import org.forgerock.json.resource.http.HttpContext;
import org.forgerock.openam.audit.AMAccessAuditEventBuilder;
import org.forgerock.openam.audit.AMAuditEventBuilderUtils;
import org.forgerock.openam.audit.AuditConstants;
import org.forgerock.openam.audit.AuditEventFactory;
import org.forgerock.openam.audit.AuditEventPublisher;
import org.forgerock.openam.audit.context.AuditRequestContext;
import org.forgerock.openam.forgerockrest.utils.ServerContextUtils;
import org.forgerock.openam.rest.RealmContext;
import org.forgerock.openam.rest.resource.AuditInfoContext;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;
import org.forgerock.services.context.Context;
import org.forgerock.services.context.RequestAuditContext;
import org.forgerock.util.Reject;

/* loaded from: input_file:org/forgerock/openam/rest/fluent/CrestAuditor.class */
class CrestAuditor {
    private final Debug debug;
    private final AuditEventPublisher auditEventPublisher;
    private final AuditEventFactory auditEventFactory;
    private final Context context;
    private final AuditConstants.Component component;
    private final Request request;
    private final long startTime;
    private final String realm;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CrestAuditor(Debug debug, AuditEventPublisher auditEventPublisher, AuditEventFactory auditEventFactory, Context context, Request request) {
        Reject.ifFalse(context.containsContext(AuditInfoContext.class), "CREST auditing expects the audit context");
        this.component = context.asContext(AuditInfoContext.class).getComponent();
        this.debug = debug;
        this.auditEventPublisher = auditEventPublisher;
        this.auditEventFactory = auditEventFactory;
        this.context = context;
        this.request = request;
        this.startTime = context.asContext(RequestAuditContext.class).getRequestReceivedTime();
        if (context.containsContext(RealmContext.class)) {
            this.realm = context.asContext(RealmContext.class).getRealm().asPath();
        } else {
            this.realm = AuditConstants.NO_REALM;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void auditAccessAttempt() {
        if (this.auditEventPublisher.isAuditing(this.realm, "access", AuditConstants.EventName.AM_ACCESS_ATTEMPT)) {
            AMAccessAuditEventBuilder component = this.auditEventFactory.accessEvent(this.realm).forHttpRequest(this.context, this.request).timestamp(this.startTime).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(AuditConstants.EventName.AM_ACCESS_ATTEMPT).component(this.component);
            addSessionDetailsFromSSOTokenContextIfNotNull(component, this.context);
            if (ipAddressHeaderPropertyIsSet()) {
                setClientFromHttpContextHeaderIfExists(component, this.context);
            }
            AuditEvent event = component.toEvent();
            postProcessEvent(event);
            this.auditEventPublisher.tryPublish("access", event);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void auditAccessSuccess(JsonValue jsonValue) {
        if (this.auditEventPublisher.isAuditing(this.realm, "access", AuditConstants.EventName.AM_ACCESS_OUTCOME)) {
            long currentTimeMillis = Time.currentTimeMillis();
            long j = currentTimeMillis - this.startTime;
            AMAccessAuditEventBuilder component = this.auditEventFactory.accessEvent(this.realm).forHttpRequest(this.context, this.request).timestamp(currentTimeMillis).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(AuditConstants.EventName.AM_ACCESS_OUTCOME).component(this.component);
            if (jsonValue == null) {
                component.response(AccessAuditEventBuilder.ResponseStatus.SUCCESSFUL, "", j, TimeUnit.MILLISECONDS);
            } else {
                component.responseWithDetail(AccessAuditEventBuilder.ResponseStatus.SUCCESSFUL, "", j, TimeUnit.MILLISECONDS, jsonValue);
            }
            addSessionDetailsFromSSOTokenContextIfNotNull(component, this.context);
            if (ipAddressHeaderPropertyIsSet()) {
                setClientFromHttpContextHeaderIfExists(component, this.context);
            }
            AuditEvent event = component.toEvent();
            postProcessEvent(event);
            this.auditEventPublisher.tryPublish("access", event);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void auditAccessFailure(int i, String str) {
        if (this.auditEventPublisher.isAuditing(this.realm, "access", AuditConstants.EventName.AM_ACCESS_OUTCOME)) {
            long currentTimeMillis = Time.currentTimeMillis();
            AMAccessAuditEventBuilder aMAccessAuditEventBuilder = (AMAccessAuditEventBuilder) this.auditEventFactory.accessEvent(this.realm).forHttpRequest(this.context, this.request).timestamp(currentTimeMillis).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(AuditConstants.EventName.AM_ACCESS_OUTCOME).component(this.component).responseWithDetail(AccessAuditEventBuilder.ResponseStatus.FAILED, Integer.toString(i), currentTimeMillis - this.startTime, TimeUnit.MILLISECONDS, JsonValue.json(JsonValue.object(new Map.Entry[]{JsonValue.field("reason", str)})));
            addSessionDetailsFromSSOTokenContextIfNotNull(aMAccessAuditEventBuilder, this.context);
            if (ipAddressHeaderPropertyIsSet()) {
                setClientFromHttpContextHeaderIfExists(aMAccessAuditEventBuilder, this.context);
            }
            AuditEvent event = aMAccessAuditEventBuilder.toEvent();
            postProcessEvent(event);
            this.auditEventPublisher.tryPublish("access", event);
        }
    }

    private void addSessionDetailsFromSSOTokenContextIfNotNull(AMAccessAuditEventBuilder aMAccessAuditEventBuilder, Context context) {
        SSOToken tokenFromContext = ServerContextUtils.getTokenFromContext(context, this.debug);
        if (tokenFromContext != null) {
            aMAccessAuditEventBuilder.trackingIdFromSSOToken(tokenFromContext);
            aMAccessAuditEventBuilder.userId(AMAuditEventBuilderUtils.getUserId(tokenFromContext));
        }
    }

    private void setClientFromHttpContextHeaderIfExists(AMAccessAuditEventBuilder aMAccessAuditEventBuilder, Context context) {
        List header;
        if (!context.containsContext(HttpContext.class) || (header = context.asContext(HttpContext.class).getHeader(SystemPropertiesManager.get("com.sun.identity.authentication.client.ipAddressHeader"))) == null || header.size() <= 0) {
            return;
        }
        aMAccessAuditEventBuilder.client((String) header.get(0));
    }

    private boolean ipAddressHeaderPropertyIsSet() {
        return StringUtils.isNotBlank(SystemPropertiesManager.get("com.sun.identity.authentication.client.ipAddressHeader"));
    }

    protected void postProcessEvent(AuditEvent auditEvent) {
    }
}
