package com.sap.cds.feature.auditlog.v2;

import com.google.common.annotations.VisibleForTesting;
import com.sap.cds.CdsData;
import com.sap.cds.repackaged.audit.api.AuditLogMessage;
import com.sap.cds.repackaged.audit.api.exception.AuditLogNotAvailableException;
import com.sap.cds.repackaged.audit.api.exception.AuditLogWriteException;
import com.sap.cds.repackaged.audit.api.v2.AuditLogMessageFactory;
import com.sap.cds.repackaged.audit.api.v2.AuditedDataSubject;
import com.sap.cds.repackaged.audit.api.v2.AuditedObject;
import com.sap.cds.repackaged.audit.api.v2.ConfigurationChangeAuditMessage;
import com.sap.cds.repackaged.audit.api.v2.DataAccessAuditMessage;
import com.sap.cds.repackaged.audit.api.v2.DataModificationAuditMessage;
import com.sap.cds.repackaged.audit.api.v2.SecurityEventAuditMessage;
import com.sap.cds.repackaged.audit.client.impl.Utils;
import com.sap.cds.services.EventContext;
import com.sap.cds.services.auditlog.Access;
import com.sap.cds.services.auditlog.AuditLogService;
import com.sap.cds.services.auditlog.ConfigChange;
import com.sap.cds.services.auditlog.ConfigChangeLogContext;
import com.sap.cds.services.auditlog.DataAccessLogContext;
import com.sap.cds.services.auditlog.DataModification;
import com.sap.cds.services.auditlog.DataModificationLogContext;
import com.sap.cds.services.auditlog.DataObject;
import com.sap.cds.services.auditlog.DataSubject;
import com.sap.cds.services.auditlog.KeyValuePair;
import com.sap.cds.services.auditlog.SecurityLog;
import com.sap.cds.services.auditlog.SecurityLogContext;
import com.sap.cds.services.auditlog.event.TenantOffboardedEventContext;
import com.sap.cds.services.auditlog.event.TenantOnboardedEventContext;
import com.sap.cds.services.auditlog.event.UnauthorizedRequestEventContext;
import com.sap.cds.services.handler.EventHandler;
import com.sap.cds.services.handler.annotations.On;
import com.sap.cds.services.handler.annotations.ServiceName;
import com.sap.cds.services.mt.TenantProviderService;
import com.sap.cds.services.request.UserInfo;
import com.sap.cds.services.utils.CdsErrorStatuses;
import com.sap.cds.services.utils.ErrorStatusException;
import com.sap.cds.services.utils.StringUtils;
import java.time.Instant;
import java.util.Collection;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ServiceName(value = {"*"}, type = {AuditLogService.class})
/* loaded from: input_file:com/sap/cds/feature/auditlog/v2/AuditLogV2Handler.class */
public class AuditLogV2Handler implements EventHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuditLogV2Handler.class);
    private static final String ACTION_DETAILS = "action";
    private final AuditLogMessageFactory factory;
    private final boolean usesOAuth2;
    private final TenantProviderService tenantService;
    private static final String SPECIAL_ATTRIBUTE_LOGON_NAME = "logonName";
    private final String clientId;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuditLogV2Handler(AuditLogMessageFactory auditLogMessageFactory, boolean z, TenantProviderService tenantProviderService, String str) {
        this.factory = (AuditLogMessageFactory) Objects.requireNonNull(auditLogMessageFactory, "factory must not be null");
        this.usesOAuth2 = z;
        this.tenantService = tenantProviderService;
        this.clientId = str;
    }

    @On
    public void handleDataAccessEvent(DataAccessLogContext dataAccessLogContext) {
        Collection<Access> accesses = dataAccessLogContext.getData().getAccesses();
        if (accesses != null) {
            for (Access access : accesses) {
                DataAccessAuditMessage createDataAccessAuditMessage = this.factory.createDataAccessAuditMessage();
                createDataAccessAuditMessage.setDataSubject(getAuditedDataSubject(this.factory, access.getDataSubject()));
                createDataAccessAuditMessage.setObject(getAuditedObject(this.factory, access.getDataObject()));
                Collection attachments = access.getAttachments();
                if (attachments != null) {
                    attachments.forEach(attachment -> {
                        createDataAccessAuditMessage.addAttachment(attachment.getId(), attachment.getName());
                    });
                }
                Collection attributes = access.getAttributes();
                if (attributes != null) {
                    attributes.forEach(attribute -> {
                        createDataAccessAuditMessage.addAttribute(attribute.getName());
                    });
                }
                logMessage(createDataAccessAuditMessage, dataAccessLogContext.getCreatedAt(), dataAccessLogContext);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Logged data access with DataObject '{}' and DataSubject '{}'", access.getDataObject().toJson(), access.getDataSubject().toJson());
                }
            }
        }
    }

    @On
    public void handleDataModificationEvent(DataModificationLogContext dataModificationLogContext) {
        Collection<DataModification> modifications = dataModificationLogContext.getData().getModifications();
        if (modifications != null) {
            for (DataModification dataModification : modifications) {
                DataModificationAuditMessage createDataModificationAuditMessage = this.factory.createDataModificationAuditMessage();
                createDataModificationAuditMessage.setDataSubject(getAuditedDataSubject(this.factory, dataModification.getDataSubject()));
                createDataModificationAuditMessage.setObject(getAuditedObject(this.factory, dataModification.getDataObject()));
                Collection attributes = dataModification.getAttributes();
                if (attributes != null) {
                    attributes.forEach(changedAttribute -> {
                        createDataModificationAuditMessage.addAttribute(changedAttribute.getName(), changedAttribute.getOldValue(), changedAttribute.getNewValue());
                    });
                    createDataModificationAuditMessage.addCustomDetails(ACTION_DETAILS, dataModification.getAction().toString());
                }
                logMessage(createDataModificationAuditMessage, dataModificationLogContext.getCreatedAt(), dataModificationLogContext);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Logged data modification with DataObject '{}' and DataSubject '{}'", dataModification.getDataObject().toJson(), dataModification.getDataSubject().toJson());
                }
            }
        }
    }

    @On
    public void handleConfigChangeEvent(ConfigChangeLogContext configChangeLogContext) {
        Collection<ConfigChange> configurations = configChangeLogContext.getData().getConfigurations();
        if (configurations != null) {
            for (ConfigChange configChange : configurations) {
                ConfigurationChangeAuditMessage createConfigurationChangeAuditMessage = this.factory.createConfigurationChangeAuditMessage();
                createConfigurationChangeAuditMessage.setObject(getAuditedObject(this.factory, configChange.getDataObject()));
                Collection attributes = configChange.getAttributes();
                if (attributes != null) {
                    attributes.forEach(changedAttribute -> {
                        createConfigurationChangeAuditMessage.addValue(changedAttribute.getName(), changedAttribute.getOldValue(), changedAttribute.getNewValue());
                    });
                    createConfigurationChangeAuditMessage.addCustomDetails(ACTION_DETAILS, configChangeLogContext.getData().getAction().toString());
                }
                logMessage(createConfigurationChangeAuditMessage, configChangeLogContext.getCreatedAt(), configChangeLogContext);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Logged config change with DataObject '{}'", configChange.getDataObject().toJson());
                }
            }
        }
    }

    @On
    public void handleSecurityEvent(SecurityLogContext securityLogContext) {
        SecurityEventAuditMessage createSecurityEventAuditMessage = this.factory.createSecurityEventAuditMessage();
        SecurityLog data = securityLogContext.getData();
        createSecurityEventAuditMessage.setData("action: %s, data: %s".formatted(data.getAction(), data.getData()));
        createSecurityEventAuditMessage.setIp(null);
        logMessage(createSecurityEventAuditMessage, securityLogContext.getCreatedAt(), securityLogContext);
        LOGGER.debug("Logged security event with action '{}'", data.getAction());
    }

    @On
    public void handleTenantOnboardedEvent(TenantOnboardedEventContext tenantOnboardedEventContext) {
        Object obj = tenantOnboardedEventContext.get("data");
        if (obj != null) {
            CdsData cdsData = (CdsData) obj;
            ConfigurationChangeAuditMessage createConfigurationChangeAuditMessage = this.factory.createConfigurationChangeAuditMessage();
            addCustomDetails(createConfigurationChangeAuditMessage, cdsData);
            logMessage(createConfigurationChangeAuditMessage, (Instant) tenantOnboardedEventContext.get("createdAt"), tenantOnboardedEventContext);
            LOGGER.debug("Logged tenant onboarded event '{}'", obj);
        }
    }

    @On
    public void handleTenantOffboardedEvent(TenantOffboardedEventContext tenantOffboardedEventContext) {
        Object obj = tenantOffboardedEventContext.get("data");
        if (obj != null) {
            CdsData cdsData = (CdsData) obj;
            ConfigurationChangeAuditMessage createConfigurationChangeAuditMessage = this.factory.createConfigurationChangeAuditMessage();
            addCustomDetails(createConfigurationChangeAuditMessage, cdsData);
            logMessage(createConfigurationChangeAuditMessage, (Instant) tenantOffboardedEventContext.get("createdAt"), tenantOffboardedEventContext);
            LOGGER.debug("Logged tenant offboarded event '{}'", obj);
        }
    }

    @On
    public void handleUnauthorizedEvent(UnauthorizedRequestEventContext unauthorizedRequestEventContext) {
        Object obj = unauthorizedRequestEventContext.get("data");
        if (obj != null) {
            CdsData cdsData = (CdsData) obj;
            SecurityEventAuditMessage createSecurityEventAuditMessage = this.factory.createSecurityEventAuditMessage();
            createSecurityEventAuditMessage.setData(((CdsData) cdsData.get("data")).toJson());
            addCustomDetails(createSecurityEventAuditMessage, cdsData);
            logMessage(createSecurityEventAuditMessage, (Instant) unauthorizedRequestEventContext.get("createdAt"), unauthorizedRequestEventContext);
            LOGGER.debug("Logged unauthorized event '{}'", obj);
        }
    }

    private void addCustomDetails(AuditLogMessage auditLogMessage, CdsData cdsData) {
        cdsData.entrySet().forEach(entry -> {
            auditLogMessage.addCustomDetails((String) entry.getKey(), entry.getValue());
        });
    }

    @VisibleForTesting
    boolean usesOAuth2() {
        return this.usesOAuth2;
    }

    private void logMessage(AuditLogMessage auditLogMessage, Instant instant, EventContext eventContext) {
        auditLogMessage.setEventTime(instant);
        UserInfo userInfo = eventContext.getUserInfo();
        String tenant = userInfo.getTenant();
        String name = userInfo.getName();
        if (this.usesOAuth2) {
            if (StringUtils.isEmpty(tenant) || userInfo.isSystemUser() || !userInfo.isAuthenticated()) {
                auditLogMessage.setUser(this.clientId);
            } else {
                boolean isUseLogonName = eventContext.getCdsRuntime().getEnvironment().getCdsProperties().getAuditLog().getV2().isUseLogonName();
                String str = (String) userInfo.getAdditionalAttribute(SPECIAL_ATTRIBUTE_LOGON_NAME);
                if (isUseLogonName && !StringUtils.isEmpty(str)) {
                    auditLogMessage.setUser(str);
                } else {
                    if (StringUtils.isEmpty(name)) {
                        throw new ErrorStatusException(CdsErrorStatuses.AUDITLOG_SERVICE_NO_USER, new Object[0]);
                    }
                    auditLogMessage.setUser(name);
                }
            }
            if (StringUtils.isEmpty(tenant)) {
                LOGGER.debug("User tenant is not set, using the provider tenant.");
                auditLogMessage.setTenant(Utils.PROVIDER_VALUE);
            } else {
                LOGGER.debug("User tenant is set, using the subscriber tenant '{}'.", tenant);
                auditLogMessage.setTenant(Utils.SUBSCRIBER_VALUE);
            }
            auditLogMessage.setIdentityProvider(Utils.IDP_VALUE);
        } else {
            if (StringUtils.isEmpty(name)) {
                throw new ErrorStatusException(CdsErrorStatuses.AUDITLOG_SERVICE_NO_USER, new Object[0]);
            }
            if (StringUtils.isEmpty(tenant)) {
                tenant = this.tenantService.readProviderTenant();
            }
            LOGGER.debug("Using user '{}' and tenant '{}' to call AuditLog v2 server.", name, tenant);
            auditLogMessage.setUser(name);
            auditLogMessage.setTenant(tenant);
        }
        try {
            auditLogMessage.log();
        } catch (AuditLogNotAvailableException e) {
            throw new ErrorStatusException(CdsErrorStatuses.AUDITLOG_SERVICE_NOT_AVAILABLE, new Object[]{e.getMessage(), e});
        } catch (AuditLogWriteException e2) {
            throw new ErrorStatusException(CdsErrorStatuses.AUDITLOG_SERVICE_INVALID_MESSAGE, new Object[]{String.join(", ", e2.getErrors().values()), e2});
        }
    }

    private static AuditedDataSubject getAuditedDataSubject(AuditLogMessageFactory auditLogMessageFactory, DataSubject dataSubject) {
        AuditedDataSubject createAuditedDataSubject = auditLogMessageFactory.createAuditedDataSubject();
        for (KeyValuePair keyValuePair : dataSubject.getId()) {
            createAuditedDataSubject.addIdentifier(keyValuePair.getKeyName(), keyValuePair.getValue());
        }
        createAuditedDataSubject.setType(dataSubject.getType());
        createAuditedDataSubject.setRole(dataSubject.getRole());
        return createAuditedDataSubject;
    }

    private static AuditedObject getAuditedObject(AuditLogMessageFactory auditLogMessageFactory, DataObject dataObject) {
        AuditedObject createAuditedObject = auditLogMessageFactory.createAuditedObject();
        for (KeyValuePair keyValuePair : dataObject.getId()) {
            createAuditedObject.addIdentifier(keyValuePair.getKeyName(), keyValuePair.getValue());
        }
        createAuditedObject.setType(dataObject.getType());
        return createAuditedObject;
    }
}
