package org.forgerock.openam.rest.audit;

import com.sun.identity.shared.debug.Debug;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import org.forgerock.audit.AuditException;
import org.forgerock.audit.events.AccessAuditEventBuilder;
import org.forgerock.json.JsonValue;
import org.forgerock.openam.audit.AMAccessAuditEventBuilder;
import org.forgerock.openam.audit.AMAuditEventBuilderUtils;
import org.forgerock.openam.audit.AuditConstants;
import org.forgerock.openam.audit.AuditEventFactory;
import org.forgerock.openam.audit.AuditEventPublisher;
import org.forgerock.openam.audit.context.AuditRequestContext;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.Restlet;
import org.restlet.ext.servlet.ServletUtils;
import org.restlet.representation.BufferingRepresentation;
import org.restlet.representation.Representation;
import org.restlet.routing.Filter;

/* loaded from: input_file:org/forgerock/openam/rest/audit/AbstractRestletAccessAuditFilter.class */
public abstract class AbstractRestletAccessAuditFilter extends Filter {
    private static Debug debug = Debug.getInstance("amAudit");
    private final AuditEventPublisher auditEventPublisher;
    private final AuditEventFactory auditEventFactory;
    private final AuditConstants.Component component;
    private final RestletBodyAuditor<?> requestDetailCreator;
    private final RestletBodyAuditor<?> responseDetailCreator;

    public AbstractRestletAccessAuditFilter(AuditConstants.Component component, Restlet restlet, AuditEventPublisher auditEventPublisher, AuditEventFactory auditEventFactory, RestletBodyAuditor<?> restletBodyAuditor, RestletBodyAuditor<?> restletBodyAuditor2) {
        this.requestDetailCreator = restletBodyAuditor;
        this.responseDetailCreator = restletBodyAuditor2;
        this.auditEventPublisher = auditEventPublisher;
        this.auditEventFactory = auditEventFactory;
        this.component = component;
        setNext(restlet);
    }

    protected int beforeHandle(Request request, Response response) {
        try {
            if (request.getEntity().isTransient()) {
                request.setEntity(new BufferingRepresentation(request.getEntity()));
            }
            auditAccessAttempt(request);
            return 0;
        } catch (AuditException e) {
            debug.error("Unable to publish {} audit event '{}' due to error: {} [{}]", new Object[]{"access", AuditConstants.EventName.AM_ACCESS_ATTEMPT, e.getMessage(), e});
            return 0;
        }
    }

    protected void afterHandle(Request request, Response response) {
        super.afterHandle(request, response);
        if (response.getStatus().isError()) {
            auditAccessFailure(request, response);
        } else {
            auditAccessSuccess(request, response);
        }
    }

    private void auditAccessAttempt(Request request) throws AuditException {
        String realmFromRequest = getRealmFromRequest(request);
        if (this.auditEventPublisher.isAuditing(realmFromRequest, "access", AuditConstants.EventName.AM_ACCESS_ATTEMPT)) {
            AMAccessAuditEventBuilder aMAccessAuditEventBuilder = (AMAccessAuditEventBuilder) this.auditEventFactory.accessEvent(realmFromRequest).timestamp(request.getDate().getTime()).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(AuditConstants.EventName.AM_ACCESS_ATTEMPT).component(this.component).userId(getUserIdForAccessAttempt(request)).trackingIds(getTrackingIdsForAccessAttempt(request));
            if (this.requestDetailCreator != null) {
                aMAccessAuditEventBuilder.requestDetail((JsonValue) this.requestDetailCreator.apply(request.getEntity()));
            }
            addHttpData(request, aMAccessAuditEventBuilder);
            this.auditEventPublisher.tryPublish("access", aMAccessAuditEventBuilder.toEvent());
        }
    }

    private void auditAccessSuccess(Request request, Response response) {
        String realmFromRequest = getRealmFromRequest(request);
        if (this.auditEventPublisher.isAuditing(realmFromRequest, "access", AuditConstants.EventName.AM_ACCESS_OUTCOME)) {
            long currentTimeMillis = Time.currentTimeMillis();
            long time = currentTimeMillis - request.getDate().getTime();
            Representation entity = response.getEntity();
            AMAccessAuditEventBuilder aMAccessAuditEventBuilder = (AMAccessAuditEventBuilder) this.auditEventFactory.accessEvent(realmFromRequest).timestamp(currentTimeMillis).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(AuditConstants.EventName.AM_ACCESS_OUTCOME).component(this.component).userId(getUserIdForAccessOutcome(request, response)).trackingIds(getTrackingIdsForAccessOutcome(request, response));
            JsonValue jsonValue = null;
            if (this.responseDetailCreator != null) {
                try {
                    jsonValue = (JsonValue) this.responseDetailCreator.apply(entity);
                } catch (AuditException e) {
                    debug.warning("An error occurred when fetching response body details for audit", e);
                }
            }
            if (jsonValue == null) {
                aMAccessAuditEventBuilder.response(AccessAuditEventBuilder.ResponseStatus.SUCCESSFUL, "", time, TimeUnit.MILLISECONDS);
            } else {
                aMAccessAuditEventBuilder.responseWithDetail(AccessAuditEventBuilder.ResponseStatus.SUCCESSFUL, "", time, TimeUnit.MILLISECONDS, jsonValue);
            }
            addHttpData(request, aMAccessAuditEventBuilder);
            this.auditEventPublisher.tryPublish("access", aMAccessAuditEventBuilder.toEvent());
        }
    }

    private void auditAccessFailure(Request request, Response response) {
        String realmFromRequest = getRealmFromRequest(request);
        if (this.auditEventPublisher.isAuditing(realmFromRequest, "access", AuditConstants.EventName.AM_ACCESS_OUTCOME)) {
            long currentTimeMillis = Time.currentTimeMillis();
            AMAccessAuditEventBuilder aMAccessAuditEventBuilder = (AMAccessAuditEventBuilder) this.auditEventFactory.accessEvent(realmFromRequest).timestamp(currentTimeMillis).transactionId(AuditRequestContext.getTransactionIdValue()).eventName(AuditConstants.EventName.AM_ACCESS_OUTCOME).component(this.component).userId(getUserIdForAccessOutcome(request, response)).trackingIds(getTrackingIdsForAccessOutcome(request, response)).responseWithDetail(AccessAuditEventBuilder.ResponseStatus.FAILED, Integer.toString(response.getStatus().getCode()), currentTimeMillis - request.getDate().getTime(), TimeUnit.MILLISECONDS, JsonValue.json(JsonValue.object(new Map.Entry[]{JsonValue.field("reason", response.getStatus().getDescription())})));
            addHttpData(request, aMAccessAuditEventBuilder);
            this.auditEventPublisher.tryPublish("access", aMAccessAuditEventBuilder.toEvent());
        }
    }

    private void addHttpData(Request request, AMAccessAuditEventBuilder aMAccessAuditEventBuilder) {
        HttpServletRequest request2 = ServletUtils.getRequest(request);
        if (request2 != null) {
            aMAccessAuditEventBuilder.forHttpServletRequest(request2);
        }
    }

    private String getRealmFromRequest(Request request) {
        String str = (String) request.getAttributes().get("realm");
        return StringUtils.isBlank(str) ? AuditConstants.NO_REALM : str;
    }

    protected String getUserIdForAccessAttempt(Request request) {
        String property = AuditRequestContext.getProperty("userId");
        return property == null ? "" : property;
    }

    protected Set<String> getTrackingIdsForAccessAttempt(Request request) {
        return AMAuditEventBuilderUtils.getAllAvailableTrackingIds();
    }

    protected String getUserIdForAccessOutcome(Request request, Response response) {
        String property = AuditRequestContext.getProperty("userId");
        return property == null ? "" : property;
    }

    protected Set<String> getTrackingIdsForAccessOutcome(Request request, Response response) {
        return AMAuditEventBuilderUtils.getAllAvailableTrackingIds();
    }
}
