package org.forgerock.openam.radius.server.audit;

import com.google.common.base.Strings;
import com.google.common.eventbus.EventBus;
import com.google.common.eventbus.Subscribe;
import com.sun.identity.shared.debug.Debug;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.util.HashSet;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.inject.Inject;
import javax.inject.Named;
import org.forgerock.audit.events.AccessAuditEventBuilder;
import org.forgerock.json.JsonValue;
import org.forgerock.openam.audit.AMAccessAuditEventBuilder;
import org.forgerock.openam.audit.AuditConstants;
import org.forgerock.openam.audit.AuditEventFactory;
import org.forgerock.openam.audit.AuditEventPublisher;
import org.forgerock.openam.audit.context.AuditRequestContext;
import org.forgerock.openam.radius.common.Packet;
import org.forgerock.openam.radius.common.PacketType;
import org.forgerock.openam.radius.server.RadiusRequest;
import org.forgerock.openam.radius.server.RadiusRequestContext;
import org.forgerock.openam.radius.server.RadiusResponse;
import org.forgerock.openam.radius.server.config.RadiusServerConstants;
import org.forgerock.openam.radius.server.events.AcceptedRadiusEvent;
import org.forgerock.openam.radius.server.events.AuthRequestAcceptedEvent;
import org.forgerock.openam.radius.server.events.AuthRequestChallengedEvent;
import org.forgerock.openam.radius.server.events.AuthRequestReceivedEvent;
import org.forgerock.openam.radius.server.events.AuthRequestRejectedEvent;
import org.forgerock.services.TransactionId;

/* loaded from: input_file:org/forgerock/openam/radius/server/audit/RadiusAuditLoggerEventBus.class */
public class RadiusAuditLoggerEventBus implements RadiusAuditor {
    private static final Debug LOG = Debug.getInstance(RadiusServerConstants.RADIUS_SERVER_LOGGER);
    private final AuditEventFactory auditEventFactory;
    private AuditEventPublisher auditEventPublisher;

    @Inject
    public RadiusAuditLoggerEventBus(@Named("RadiusEventBus") EventBus eventBus, AuditEventFactory auditEventFactory, AuditEventPublisher auditEventPublisher) {
        LOG.message("Entering RadiusAuditLogger.RadiusAuditLogger");
        LOG.message("Registering RadiusAuditLogger with the eventBus, hashCode; {}", new Object[]{Integer.valueOf(eventBus.hashCode())});
        eventBus.register(this);
        this.auditEventFactory = auditEventFactory;
        this.auditEventPublisher = auditEventPublisher;
        LOG.message("Leaving RadiusAuditLogger.RadiusAuditLogger");
    }

    @Override // org.forgerock.openam.radius.server.audit.RadiusAuditor
    @Subscribe
    public void recordAuthRequestReceivedEvent(AuthRequestReceivedEvent authRequestReceivedEvent) {
        LOG.message("Entering RadiusAuditLoggerEventBus.recordAuthRequestReceivedEvent()");
        makeLogEntry(AuditConstants.EventName.AM_ACCESS_ATTEMPT, authRequestReceivedEvent);
        LOG.message("Leaving RadiusAuditLoggerEventBus.recordAuthRequestReceivedEvent()");
    }

    @Override // org.forgerock.openam.radius.server.audit.RadiusAuditor
    @Subscribe
    public void recordAuthRequestAcceptedEvent(AuthRequestAcceptedEvent authRequestAcceptedEvent) {
        LOG.message("Entering RadiusAuditLoggerEventBus.recordAuthRequestAcceptedEvent()");
        makeLogEntry(AuditConstants.EventName.AM_ACCESS_OUTCOME, authRequestAcceptedEvent);
        LOG.message("Leaving RadiusAuditLoggerEventBus.recordAuthRequestAcceptedEvent()");
    }

    @Override // org.forgerock.openam.radius.server.audit.RadiusAuditor
    @Subscribe
    public void recordAuthRequestRejectedEvent(AuthRequestRejectedEvent authRequestRejectedEvent) {
        LOG.message("Entering RadiusAuditLoggerEventBus.recordAuthRequestRejectedEvent()");
        makeLogEntry(AuditConstants.EventName.AM_ACCESS_OUTCOME, authRequestRejectedEvent);
        LOG.message("Leaving RadiusAuditLoggerEventBus.recordAuthRequestRejectedEvent()");
    }

    @Override // org.forgerock.openam.radius.server.audit.RadiusAuditor
    @Subscribe
    public void recordAuthRequestChallengedEvent(AuthRequestChallengedEvent authRequestChallengedEvent) {
        LOG.message("Entering RadiusAuditLoggerEventBus.recordAuthRequestRejectedEvent()");
        makeLogEntry(AuditConstants.EventName.AM_ACCESS_OUTCOME, authRequestChallengedEvent);
        LOG.message("Leaving RadiusAuditLoggerEventBus.recordAuthRequestRejectedEvent()");
    }

    public void makeLogEntry(AuditConstants.EventName eventName, AcceptedRadiusEvent acceptedRadiusEvent) {
        LOG.message("Entering RadiusAuditLoggerEventBus.makeLogEntry()");
        HashSet hashSet = new HashSet();
        hashSet.add(acceptedRadiusEvent.getRequest().getContextHolderKey());
        AuditRequestContext.set(new AuditRequestContext(new TransactionId(acceptedRadiusEvent.getRequestId())));
        AMAccessAuditEventBuilder aMAccessAuditEventBuilder = (AMAccessAuditEventBuilder) this.auditEventFactory.accessEvent(acceptedRadiusEvent.getRealm()).timestamp(acceptedRadiusEvent.getTimeOfEvent()).transactionId(acceptedRadiusEvent.getRequestId()).eventName(eventName).component(AuditConstants.Component.RADIUS).trackingIds(hashSet);
        String universalId = acceptedRadiusEvent.getUniversalId();
        if (Strings.isNullOrEmpty(universalId)) {
            LOG.message("Not setting authentication to universal Id. None available.");
        } else {
            aMAccessAuditEventBuilder.userId(universalId);
        }
        setRequestDetails(aMAccessAuditEventBuilder, acceptedRadiusEvent);
        try {
            setClientDetails(aMAccessAuditEventBuilder, acceptedRadiusEvent.getRequestContext());
            RadiusResponse response = acceptedRadiusEvent.getResponse();
            if (response.getResponsePacket() != null) {
                setResponseDetails(aMAccessAuditEventBuilder, response);
            }
        } catch (RadiusAuditLoggingException e) {
            LOG.warning("Failed to set client details on access audit event. Reason; {}", new Object[]{e.getMessage()});
        }
        this.auditEventPublisher.tryPublish("access", aMAccessAuditEventBuilder.toEvent());
        LOG.message("Leaving RadiusAuditLoggerEventBus.makeLogEntry()");
    }

    private void setRequestDetails(AMAccessAuditEventBuilder aMAccessAuditEventBuilder, AcceptedRadiusEvent acceptedRadiusEvent) {
        Packet requestPacket;
        LOG.message("Entering RadiusAuditLoggerEventBus.setRequestDetails()");
        RadiusRequest request = acceptedRadiusEvent.getRequest();
        if (request != null && (requestPacket = request.getRequestPacket()) != null) {
            PacketType type = requestPacket.getType();
            Short valueOf = Short.valueOf(requestPacket.getIdentifier());
            if (type != null && valueOf != null) {
                aMAccessAuditEventBuilder.request("RADIUS", type.toString(), JsonValue.json(JsonValue.object(new Map.Entry[]{JsonValue.field("radiusId", valueOf)})));
            }
        }
        LOG.message("Leaving RadiusAuditLoggerEventBus.setRequestDetails()");
    }

    private void setClientDetails(AMAccessAuditEventBuilder aMAccessAuditEventBuilder, RadiusRequestContext radiusRequestContext) throws RadiusAuditLoggingException {
        InetSocketAddress source = radiusRequestContext.getSource();
        if (source == null) {
            throw new RadiusAuditLoggingException("Could not obtain the source address from the request context.");
        }
        int port = source.getPort();
        InetAddress address = source.getAddress();
        if (address == null) {
            throw new RadiusAuditLoggingException("Could not obtain the address from the InetSocketAddress.");
        }
        String inetAddress = address.toString();
        if (Strings.isNullOrEmpty(inetAddress)) {
            throw new RadiusAuditLoggingException("String representation of client's ip address is blank.");
        }
        aMAccessAuditEventBuilder.client(inetAddress, port);
    }

    private void setResponseDetails(AMAccessAuditEventBuilder aMAccessAuditEventBuilder, RadiusResponse radiusResponse) {
        LOG.message("Entering RadiusAuditLoggerEventBus.setResponseDetails()");
        AccessAuditEventBuilder.ResponseStatus responseStatus = null;
        PacketType type = radiusResponse.getResponsePacket().getType();
        if (type == PacketType.ACCESS_ACCEPT || type == PacketType.ACCESS_CHALLENGE) {
            responseStatus = AccessAuditEventBuilder.ResponseStatus.SUCCESSFUL;
        } else if (type == PacketType.ACCESS_REJECT) {
            responseStatus = AccessAuditEventBuilder.ResponseStatus.FAILED;
        } else {
            LOG.warning("Unexpected packet type in RadiusAuditLoggerEventBus.setResponseDetails()");
        }
        aMAccessAuditEventBuilder.response(responseStatus, type.toString(), radiusResponse.getTimeToServiceRequestInMilliSeconds(), TimeUnit.MILLISECONDS);
        LOG.message("Leaving RadiusAuditLoggerEventBus.setResponseDetails()");
    }
}
