package com.floragunn.searchguard.auditlog.impl;

import com.floragunn.searchguard.auditlog.AuditLog;
import com.floragunn.searchguard.auditlog.impl.AuditMessage;
import com.floragunn.searchguard.support.WildcardMatcher;
import java.util.Arrays;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.inject.Provider;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.TransportRequest;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.joda.time.format.DateTimeFormatter;

/* loaded from: input_file:com/floragunn/searchguard/auditlog/impl/AbstractAuditLog.class */
public abstract class AbstractAuditLog implements AuditLog {
    protected final Logger log = LogManager.getLogger(getClass());
    protected final ThreadPool threadPool;
    protected final IndexNameExpressionResolver resolver;
    protected final Provider<ClusterService> clusterService;
    protected final Settings settings;
    protected final boolean withRequestDetails;
    private final String[] ignoreAuditUsers;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuditLog(Settings settings, ThreadPool threadPool, IndexNameExpressionResolver indexNameExpressionResolver, Provider<ClusterService> provider) {
        this.threadPool = threadPool;
        this.settings = settings;
        this.resolver = indexNameExpressionResolver;
        this.clusterService = provider;
        String[] asArray = settings.getAsArray("searchguard.audit.config.disabled_categories", new String[0]);
        this.withRequestDetails = settings.getAsBoolean("searchguard.audit.enable_request_details", false).booleanValue();
        this.ignoreAuditUsers = settings.getAsArray("searchguard.audit.ignore_users", new String[0]);
        if (this.ignoreAuditUsers.length > 0) {
            this.log.info("Configured Users to ignore: {}", Arrays.toString(this.ignoreAuditUsers));
        }
        for (String str : asArray) {
            try {
                AuditMessage.Category.valueOf(str.toUpperCase()).setEnabled(false);
            } catch (IllegalArgumentException e) {
                this.log.error("Unkown category {}, please check searchguard.audit.config.disabled_categories settings", str);
            }
        }
    }

    public void logFailedLogin(String str, TransportRequest transportRequest) {
        checkAndSave(transportRequest, (String) null, new AuditMessage(AuditMessage.Category.FAILED_LOGIN, "User: " + str, str, transportRequest, this.threadPool.getThreadContext(), this.withRequestDetails, this.resolver, this.clusterService, this.settings));
    }

    public void logFailedLogin(String str, RestRequest restRequest) {
        checkAndSave(restRequest, (String) null, new AuditMessage(AuditMessage.Category.FAILED_LOGIN, "User: " + str, str, restRequest, this.threadPool.getThreadContext(), this.withRequestDetails, this.resolver, this.clusterService, this.settings));
    }

    public void logMissingPrivileges(String str, TransportRequest transportRequest) {
        checkAndSave(transportRequest, (String) null, new AuditMessage(AuditMessage.Category.MISSING_PRIVILEGES, "Privilege: " + str, str, transportRequest, this.threadPool.getThreadContext(), this.withRequestDetails, this.resolver, this.clusterService, this.settings));
    }

    public void logBadHeaders(TransportRequest transportRequest) {
        checkAndSave(transportRequest, (String) null, new AuditMessage(AuditMessage.Category.BAD_HEADERS, (Object) null, (Object) null, transportRequest, this.threadPool.getThreadContext(), this.withRequestDetails, this.resolver, this.clusterService, this.settings));
    }

    public void logBadHeaders(RestRequest restRequest) {
        checkAndSave(restRequest, (String) null, new AuditMessage(AuditMessage.Category.BAD_HEADERS, (Object) null, (Object) null, restRequest, this.threadPool.getThreadContext(), this.withRequestDetails, this.resolver, this.clusterService, this.settings));
    }

    public void logSgIndexAttempt(TransportRequest transportRequest, String str) {
        checkAndSave(transportRequest, str, new AuditMessage(AuditMessage.Category.SG_INDEX_ATTEMPT, "Action: " + str, str, transportRequest, this.threadPool.getThreadContext(), this.withRequestDetails, this.resolver, this.clusterService, this.settings));
    }

    public void logSSLException(TransportRequest transportRequest, Throwable th, String str) {
        checkAndSave(transportRequest, str, new AuditMessage(AuditMessage.Category.SSL_EXCEPTION, str, th, transportRequest, this.threadPool.getThreadContext(), this.withRequestDetails, this.resolver, this.clusterService, this.settings));
    }

    public void logSSLException(RestRequest restRequest, Throwable th, String str) {
        checkAndSave(restRequest, str, new AuditMessage(AuditMessage.Category.SSL_EXCEPTION, str, th, restRequest, this.threadPool.getThreadContext(), this.withRequestDetails, this.resolver, this.clusterService, this.settings));
    }

    public void logAuthenticatedRequest(TransportRequest transportRequest, String str) {
        checkAndSave(transportRequest, str, new AuditMessage(AuditMessage.Category.AUTHENTICATED, "Action: " + str, str, transportRequest, this.threadPool.getThreadContext(), this.withRequestDetails, this.resolver, this.clusterService, this.settings));
    }

    protected boolean checkActionAndCategory(String str, AuditMessage auditMessage) {
        if (str != null && ((str.startsWith("internal:") || str.contains("]") || str.startsWith("cluster:monitor") || str.startsWith("indices:monitor")) && auditMessage.category != AuditMessage.Category.MISSING_PRIVILEGES && auditMessage.category != AuditMessage.Category.FAILED_LOGIN && auditMessage.category != AuditMessage.Category.SG_INDEX_ATTEMPT)) {
            if (!this.log.isTraceEnabled()) {
                return false;
            }
            this.log.trace("Skipped audit log message {}", auditMessage.toPrettyString());
            return false;
        }
        if (this.ignoreAuditUsers.length > 0 && WildcardMatcher.matchAny(this.ignoreAuditUsers, auditMessage.getUser())) {
            if (!this.log.isTraceEnabled()) {
                return false;
            }
            this.log.trace("Skipped audit log message {} because user {} is ignored", auditMessage.toPrettyString(), auditMessage.getUser());
            return false;
        }
        if (auditMessage.getCategory().isEnabled()) {
            return true;
        }
        if (!this.log.isTraceEnabled()) {
            return false;
        }
        this.log.trace(auditMessage.getCategory() + " not enabled");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkAndSave(TransportRequest transportRequest, String str, AuditMessage auditMessage) {
        if (checkActionAndCategory(str, auditMessage)) {
            save(auditMessage);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkAndSave(RestRequest restRequest, String str, AuditMessage auditMessage) {
        if (checkActionAndCategory(str, auditMessage)) {
            save(auditMessage);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract void save(AuditMessage auditMessage);

    /* JADX INFO: Access modifiers changed from: protected */
    public String getExpandedIndexName(DateTimeFormatter dateTimeFormatter, String str) {
        return dateTimeFormatter == null ? str : dateTimeFormatter.print(DateTime.now(DateTimeZone.UTC));
    }
}
