package com.expedia.www.haystack.commons.secretDetector.span;

import com.expedia.open.tracing.Log;
import com.expedia.open.tracing.Span;
import com.expedia.open.tracing.Tag;
import com.expedia.www.haystack.commons.config.Configuration;
import com.expedia.www.haystack.commons.secretDetector.DetectorBase;
import com.expedia.www.haystack.commons.secretDetector.FinderNameAndServiceName;
import com.expedia.www.haystack.commons.secretDetector.HaystackFinderEngine;
import com.expedia.www.haystack.metrics.MetricObjects;
import com.google.common.base.Strings;
import com.netflix.servo.monitor.Counter;
import com.netflix.servo.util.VisibleForTesting;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.kafka.streams.kstream.ValueMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/expedia/www/haystack/commons/secretDetector/span/SpanDetector.class */
public class SpanDetector extends DetectorBase implements ValueMapper<Span, Iterable<String>> {
    private static final String TEXT_TEMPLATE = "Confidential data has been found in a span: service [%s] operation [%s] span [%s] trace [%s] tag(s) [%s]";

    @VisibleForTesting
    static final String ERRORS_METRIC_GROUP = "errors";

    @VisibleForTesting
    static final String COUNTER_NAME = "SECRETS";
    private final Logger logger;
    private final Factory factory;
    private final String application;

    @VisibleForTesting
    static final Set<String> FINDERS_TO_LOG = Collections.singleton("Credit_Card");

    @VisibleForTesting
    static final Map<FinderNameAndServiceName, Counter> COUNTERS = Collections.synchronizedMap(new HashMap());
    private static final Map<String, Map<String, FinderNameAndServiceName>> CACHED_FINDER_NAME_AND_SECRET_NAME_OBJECTS = new ConcurrentHashMap();

    /* loaded from: input_file:com/expedia/www/haystack/commons/secretDetector/span/SpanDetector$Factory.class */
    public static class Factory {
        private final MetricObjects metricObjects;

        public Factory() {
            this(new MetricObjects());
        }

        public Factory(MetricObjects metricObjects) {
            this.metricObjects = metricObjects;
        }

        Counter createCounter(FinderNameAndServiceName finderNameAndServiceName, String str) {
            return this.metricObjects.createAndRegisterResettingCounter(SpanDetector.ERRORS_METRIC_GROUP, str, finderNameAndServiceName.getFinderName(), finderNameAndServiceName.getServiceName(), SpanDetector.COUNTER_NAME);
        }
    }

    public SpanDetector(String str, String str2, String str3) {
        this(LoggerFactory.getLogger(SpanDetector.class), new HaystackFinderEngine(new MetricObjects(), str2, str3), new Factory(), new SpanS3ConfigFetcher(str, Configuration.WHITELIST_S3_ITEM_NAME), str3);
    }

    public SpanDetector(Logger logger, HaystackFinderEngine haystackFinderEngine, Factory factory, SpanS3ConfigFetcher spanS3ConfigFetcher, String str) {
        super(haystackFinderEngine, spanS3ConfigFetcher);
        this.logger = logger;
        this.factory = factory;
        this.application = str;
    }

    public Map<String, List<String>> findSecrets(Span span) {
        HashMap hashMap = new HashMap();
        findSecretsInTags(hashMap, span);
        findSecretsInLogFields(hashMap, span);
        return hashMap;
    }

    private void findSecretsInTags(Map<String, List<String>> map, Span span) {
        findSecrets(map, span.getTagsList());
    }

    private void findSecretsInLogFields(Map<String, List<String>> map, Span span) {
        Iterator<Log> it = span.getLogsList().iterator();
        while (it.hasNext()) {
            findSecrets(map, it.next().getFieldsList());
        }
    }

    private void findSecrets(Map<String, List<String>> map, List<Tag> list) {
        for (Tag tag : list) {
            if (!Strings.isNullOrEmpty(tag.getVStr())) {
                putKeysOfSecretsIntoMap(map, tag.getKey(), this.haystackFinderEngine.findWithType(tag.getVStr()));
            } else if (!tag.getVBytes().isEmpty()) {
                putKeysOfSecretsIntoMap(map, tag.getKey(), this.haystackFinderEngine.findWithType(new String(tag.getVBytes().toByteArray())));
            }
        }
    }

    public Iterable<String> apply(Span span) {
        Map<String, List<String>> findSecrets = findSecrets(span);
        String serviceName = span.getServiceName();
        String operationName = span.getOperationName();
        if (findSecrets.isEmpty()) {
            return Collections.emptyList();
        }
        String emailText = getEmailText(span, findSecrets);
        Iterator<Map.Entry<String, List<String>>> it = findSecrets.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<String, List<String>> next = it.next();
            String key = next.getKey();
            next.getValue().removeIf(str -> {
                return this.s3ConfigFetcher.isInWhiteList(key, serviceName, operationName, str);
            });
            if (next.getValue().isEmpty()) {
                it.remove();
            } else {
                if (FINDERS_TO_LOG.contains(key)) {
                    this.logger.info(emailText);
                }
                incrementCounter(serviceName, key, this.application);
            }
        }
        return findSecrets.isEmpty() ? Collections.emptyList() : Collections.singleton(emailText);
    }

    public static String getEmailText(Span span, Map<String, List<String>> map) {
        return String.format(TEXT_TEMPLATE, span.getServiceName(), span.getOperationName(), span.getSpanId(), span.getTraceId(), map.toString());
    }

    private void incrementCounter(String str, String str2, String str3) {
        FinderNameAndServiceName computeIfAbsent = CACHED_FINDER_NAME_AND_SECRET_NAME_OBJECTS.computeIfAbsent(str2, str4 -> {
            return new HashMap();
        }).computeIfAbsent(str, str5 -> {
            return new FinderNameAndServiceName(str2, str);
        });
        COUNTERS.computeIfAbsent(computeIfAbsent, finderNameAndServiceName -> {
            return this.factory.createCounter(computeIfAbsent, str3);
        }).increment();
    }
}
