package org.apache.ranger.solr;

import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.SearchField;
import org.apache.ranger.common.SortField;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.rest.TagRESTConstants;
import org.apache.ranger.view.VXAccessAudit;
import org.apache.ranger.view.VXAccessAuditList;
import org.apache.ranger.view.VXLong;
import org.apache.solr.client.solrj.SolrClient;
import org.apache.solr.client.solrj.cloud.autoscaling.Policy;
import org.apache.solr.common.SolrDocument;
import org.apache.solr.common.SolrDocumentList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Service;

@Scope("singleton")
@Service
/* loaded from: input_file:WEB-INF/classes/org/apache/ranger/solr/SolrAccessAuditsService.class */
public class SolrAccessAuditsService {
    private static final Logger LOGGER = Logger.getLogger(SolrAccessAuditsService.class);

    @Autowired
    SolrMgr solrMgr;

    @Autowired
    SolrUtil solrUtil;

    @Autowired
    RESTErrorUtil restErrorUtil;

    @Autowired
    StringUtil stringUtil;

    @Autowired
    RangerDaoManager daoManager;
    private List<SortField> sortFields = new ArrayList();
    private List<SearchField> searchFields = new ArrayList();

    public SolrAccessAuditsService() {
        this.searchFields.add(new SearchField("id", "id", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("accessType", "access", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("aclEnforcer", "enforcer", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("agentId", "agent", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("repoName", "repo", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("sessionId", "sess", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("requestUser", "reqUser", SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("excludeUser", "exlUser", SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("requestData", "reqData", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
        this.searchFields.add(new SearchField("resourcePath", DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE, SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
        this.searchFields.add(new SearchField("clientIP", "cliIP", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("auditType", "logType", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("accessResult", "result", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("policyId", Policy.POLICY, SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("repoType", "repoType", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("-repoType", "-repoType", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("-requestUser", "-reqUser", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("resourceType", "resType", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("reason", "reason", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("action", "action", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("startDate", "evtTime", SearchField.DATA_TYPE.DATE, SearchField.SEARCH_TYPE.GREATER_EQUAL_THAN));
        this.searchFields.add(new SearchField("endDate", "evtTime", SearchField.DATA_TYPE.DATE, SearchField.SEARCH_TYPE.LESS_EQUAL_THAN));
        this.searchFields.add(new SearchField(TagRESTConstants.TAGDEF_NAME_AND_VERSION, TagRESTConstants.TAGDEF_NAME_AND_VERSION, SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
        this.searchFields.add(new SearchField("cluster", "cluster", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("zoneName", "zoneName", SearchField.DATA_TYPE.STR_LIST, SearchField.SEARCH_TYPE.FULL));
        this.searchFields.add(new SearchField("agentHost", "agentHost", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
        this.sortFields.add(new SortField("eventTime", "evtTime", true, SortField.SORT_ORDER.DESC));
    }

    public VXAccessAuditList searchXAccessAudits(SearchCriteria searchCriteria) {
        SolrClient solrClient = this.solrMgr.getSolrClient();
        boolean booleanProperty = PropertiesUtil.getBooleanProperty("ranger.audit.hive.query.visibility", true);
        if (solrClient == null) {
            LOGGER.warn("Solr client is null, so not running the query.");
            throw this.restErrorUtil.createRESTException("Error connecting to search engine", MessageEnums.ERROR_SYSTEM);
        }
        ArrayList arrayList = new ArrayList();
        updateUserExclusion(searchCriteria.getParamList());
        SolrDocumentList results = this.solrUtil.searchResources(searchCriteria, this.searchFields, this.sortFields, solrClient).getResults();
        for (int i = 0; i < results.size(); i++) {
            VXAccessAudit populateViewBean = populateViewBean(results.get(i));
            if (populateViewBean != null) {
                if (!booleanProperty && "hive".equalsIgnoreCase(populateViewBean.getServiceType())) {
                    populateViewBean.setRequestData(null);
                } else if ("hive".equalsIgnoreCase(populateViewBean.getServiceType()) && ("grant".equalsIgnoreCase(populateViewBean.getAccessType()) || "revoke".equalsIgnoreCase(populateViewBean.getAccessType()))) {
                    try {
                        if (populateViewBean.getRequestData() != null) {
                            populateViewBean.setRequestData(URLDecoder.decode(populateViewBean.getRequestData(), "UTF-8"));
                        } else {
                            LOGGER.warn("Error in request data of audit from solr. AuditData: " + populateViewBean.toString());
                        }
                    } catch (UnsupportedEncodingException e) {
                        LOGGER.warn("Error while encoding request data");
                    }
                }
            }
            arrayList.add(populateViewBean);
        }
        VXAccessAuditList vXAccessAuditList = new VXAccessAuditList();
        vXAccessAuditList.setPageSize(searchCriteria.getMaxRows());
        vXAccessAuditList.setResultSize(results.size());
        vXAccessAuditList.setTotalCount((int) results.getNumFound());
        vXAccessAuditList.setStartIndex((int) results.getStart());
        vXAccessAuditList.setVXAccessAudits(arrayList);
        return vXAccessAuditList;
    }

    private void updateUserExclusion(Map<String, Object> map) {
        String str = (String) map.get("excludeServiceUser");
        if (str == null || !Boolean.valueOf(str.trim()).booleanValue()) {
            return;
        }
        List<String> excludeUsersList = getExcludeUsersList();
        if (CollectionUtils.isNotEmpty(excludeUsersList)) {
            Object obj = map.get("-requestUser");
            if (!(obj instanceof Collection) || ((Collection) obj).isEmpty()) {
                map.put("-requestUser", excludeUsersList);
            } else {
                excludeUsersList.addAll((Collection) obj);
                map.put("-requestUser", excludeUsersList);
            }
        }
    }

    private List<String> getExcludeUsersList() {
        ArrayList arrayList = new ArrayList(getServiceUserList());
        String property = PropertiesUtil.getProperty("ranger.accesslogs.exclude.users.list");
        if (StringUtils.isNotBlank(property)) {
            for (String str : new ArrayList(Arrays.asList(StringUtils.split(property, ",")))) {
                if (StringUtils.isNotBlank(str) && !arrayList.contains(str.trim())) {
                    arrayList.add(str);
                }
            }
        }
        return arrayList;
    }

    private List<String> getServiceUserList() {
        ArrayList arrayList = new ArrayList();
        Iterator it = Arrays.asList(StringUtils.split(EmbeddedServiceDefsUtil.DEFAULT_BOOTSTRAP_SERVICEDEF_LIST, ",")).iterator();
        while (it.hasNext()) {
            String property = PropertiesUtil.getProperty("ranger.plugins." + ((String) it.next()) + ".serviceuser");
            if (StringUtils.isNotBlank(property)) {
                arrayList.add(property);
            }
        }
        return arrayList;
    }

    private VXAccessAudit populateViewBean(SolrDocument solrDocument) {
        VXAccessAudit vXAccessAudit = new VXAccessAudit();
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("doc=" + solrDocument.toString());
        }
        if (solrDocument.getFieldValue("id") != null) {
            vXAccessAudit.setId(Long.valueOf(r0.hashCode()));
        }
        Object fieldValue = solrDocument.getFieldValue("cluster");
        if (fieldValue != null) {
            vXAccessAudit.setClusterName(fieldValue.toString());
        }
        Object fieldValue2 = solrDocument.getFieldValue("zoneName");
        if (fieldValue2 != null) {
            vXAccessAudit.setZoneName(fieldValue2.toString());
        }
        Object fieldValue3 = solrDocument.getFieldValue("agentHost");
        if (fieldValue3 != null) {
            vXAccessAudit.setAgentHost(fieldValue3.toString());
        }
        Object fieldValue4 = solrDocument.getFieldValue("policyVersion");
        if (fieldValue4 != null) {
            vXAccessAudit.setPolicyVersion(Long.valueOf(this.solrUtil.toLong(fieldValue4)));
        }
        Object fieldValue5 = solrDocument.getFieldValue("access");
        if (fieldValue5 != null) {
            vXAccessAudit.setAccessType(fieldValue5.toString());
        }
        Object fieldValue6 = solrDocument.getFieldValue("enforcer");
        if (fieldValue6 != null) {
            vXAccessAudit.setAclEnforcer(fieldValue6.toString());
        }
        Object fieldValue7 = solrDocument.getFieldValue("agent");
        if (fieldValue7 != null) {
            vXAccessAudit.setAgentId(fieldValue7.toString());
        }
        Object fieldValue8 = solrDocument.getFieldValue("repo");
        if (fieldValue8 != null) {
            vXAccessAudit.setRepoName(fieldValue8.toString());
        }
        Object fieldValue9 = solrDocument.getFieldValue("sess");
        if (fieldValue9 != null) {
            vXAccessAudit.setSessionId(fieldValue9.toString());
        }
        Object fieldValue10 = solrDocument.getFieldValue("reqUser");
        if (fieldValue10 != null) {
            vXAccessAudit.setRequestUser(fieldValue10.toString());
        }
        Object fieldValue11 = solrDocument.getFieldValue("reqData");
        if (fieldValue11 != null) {
            vXAccessAudit.setRequestData(fieldValue11.toString());
        }
        Object fieldValue12 = solrDocument.getFieldValue(DefaultBeanDefinitionDocumentReader.RESOURCE_ATTRIBUTE);
        if (fieldValue12 != null) {
            vXAccessAudit.setResourcePath(fieldValue12.toString());
        }
        Object fieldValue13 = solrDocument.getFieldValue("cliIP");
        if (fieldValue13 != null) {
            vXAccessAudit.setClientIP(fieldValue13.toString());
        }
        solrDocument.getFieldValue("logType");
        Object fieldValue14 = solrDocument.getFieldValue("result");
        if (fieldValue14 != null) {
            vXAccessAudit.setAccessResult(this.solrUtil.toInt(fieldValue14));
        }
        Object fieldValue15 = solrDocument.getFieldValue(Policy.POLICY);
        if (fieldValue15 != null) {
            vXAccessAudit.setPolicyId(this.solrUtil.toLong(fieldValue15));
        }
        Object fieldValue16 = solrDocument.getFieldValue("repoType");
        if (fieldValue16 != null) {
            vXAccessAudit.setRepoType(this.solrUtil.toInt(fieldValue16));
            XXServiceDef byId = this.daoManager.getXXServiceDef().getById(Long.valueOf(vXAccessAudit.getRepoType()));
            if (byId != null) {
                vXAccessAudit.setServiceType(byId.getName());
            }
        }
        Object fieldValue17 = solrDocument.getFieldValue("resType");
        if (fieldValue17 != null) {
            vXAccessAudit.setResourceType(fieldValue17.toString());
        }
        Object fieldValue18 = solrDocument.getFieldValue("reason");
        if (fieldValue18 != null) {
            vXAccessAudit.setResultReason(fieldValue18.toString());
        }
        Object fieldValue19 = solrDocument.getFieldValue("action");
        if (fieldValue19 != null) {
            vXAccessAudit.setAction(fieldValue19.toString());
        }
        Object fieldValue20 = solrDocument.getFieldValue("evtTime");
        if (fieldValue20 != null) {
            vXAccessAudit.setEventTime(this.solrUtil.toDate(fieldValue20));
        }
        Object fieldValue21 = solrDocument.getFieldValue("seq_num");
        if (fieldValue21 != null) {
            vXAccessAudit.setSequenceNumber(this.solrUtil.toLong(fieldValue21));
        }
        Object fieldValue22 = solrDocument.getFieldValue("event_count");
        if (fieldValue22 != null) {
            vXAccessAudit.setEventCount(this.solrUtil.toLong(fieldValue22));
        }
        Object fieldValue23 = solrDocument.getFieldValue("event_dur_ms");
        if (fieldValue23 != null) {
            vXAccessAudit.setEventDuration(this.solrUtil.toLong(fieldValue23));
        }
        Object fieldValue24 = solrDocument.getFieldValue(TagRESTConstants.TAGDEF_NAME_AND_VERSION);
        if (fieldValue24 != null) {
            vXAccessAudit.setTags(fieldValue24.toString());
        }
        return vXAccessAudit;
    }

    public VXLong getXAccessAuditSearchCount(SearchCriteria searchCriteria) {
        VXLong vXLong = new VXLong();
        vXLong.setValue(100L);
        return vXLong;
    }
}
