package ru.emdev.cef;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.time.ZonedDateTime;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.logging.log4j.core.LogEvent;
import org.apache.logging.log4j.core.layout.AbstractStringLayout;
import org.apache.logging.log4j.core.lookup.StrSubstitutor;
import org.apache.logging.log4j.util.Strings;

/* loaded from: input_file:ru/emdev/cef/AuditLayout.class */
public class AuditLayout extends AbstractStringLayout {
    public static final String EXTENSION = "extension";
    public static final String CEF_FORMAT = "CEF:${cefVersion}|${vendor}|${product}|${version}|${typ}|${eventName}|${severity}|${extension}";
    private final String pattern;
    public static final String ANY_NOT_WORD_SYMBOLS = "\\W";
    public static final String CEF_VERSION = "cefVersion";
    public static final String VENDOR = "vendor";
    public static final String PRODUCT = "product";
    public static final String VERSION = "version";
    public static final String EVENT_TYPE = "typ";
    public static final String EVENT_NAME = "eventName";
    public static final String SEVERITY = "severity";
    public static final List<String> HEADER_FIELDS = Arrays.asList(CEF_VERSION, VENDOR, PRODUCT, VERSION, EVENT_TYPE, EVENT_NAME, SEVERITY);
    public static final String EXT_SRC = "src";
    public static final String EXT_DST = "dst";
    public static final String EXT_SHOST = "shost";
    public static final String EXT_SUID = "suid";
    public static final String EXT_SOURCE_USER_NAME = "suser";
    public static final String EXT_MSG = "msg";
    public static final String EXT_END = "end";
    public static final List<String> EXT_FIELDS = Arrays.asList(EXT_SRC, EXT_DST, EXT_SHOST, EXT_SUID, EXT_SOURCE_USER_NAME, EXT_MSG, EXT_END);
    public static final List<String> ALL_FIELDS = (List) Stream.concat(HEADER_FIELDS.stream(), EXT_FIELDS.stream()).collect(Collectors.toList());
    public static final Map<String, String> DEFAULTS = new HashMap<String, String>() { // from class: ru.emdev.cef.AuditLayout.1
        {
            put(AuditLayout.CEF_VERSION, "0");
            put(AuditLayout.VENDOR, "EMDEV");
            put(AuditLayout.PRODUCT, "ENTAXY");
            put(AuditLayout.VERSION, "1.10.0");
            put(AuditLayout.EVENT_TYPE, "common");
            put(AuditLayout.EVENT_NAME, "common event");
            put(AuditLayout.EXT_SRC, "");
            put(AuditLayout.EXT_DST, "");
            put(AuditLayout.EXT_SHOST, "");
            put(AuditLayout.EXT_SUID, "");
            put(AuditLayout.EXT_SOURCE_USER_NAME, "");
            put(AuditLayout.EXT_MSG, "");
            put(AuditLayout.EXT_END, "");
        }
    };
    public static final Map<String, String> SEVERITY_BY_EVENT_NAME = new HashMap<String, String>() { // from class: ru.emdev.cef.AuditLayout.2
        {
            put("Add-User", "6");
            put("Delete-User", "8");
            put("Delete-User-Claim-Values", "8");
            put("Delete-User-Claim-Value", "8");
            put("Disable user account", "8");
            put("Enable user account", "6");
            put("bulk_user_import", "6");
            put("Remove local user account association with federated account", "6");
            put("Change-Password-by-User", "6");
            put("Change-Password-by-Administrator", "6");
            put("Login", "6");
            put("Login success", "6");
            put("LoginStepSuccess", "6");
            put("Login success from ip", "6");
            put("Unauthorized login attempt", "8");
            put("Null domain login attempt", "8");
            put("User authenticated to JMX", "6");
            put("User authorized to JMX", "6");
            put("Unauthorized access attempt to JMX", "8");
            put("Unauthorized attempt to read the resource", "8");
            put("DELETED", "8");
            put("PRODUCT_DELETED", "8");
            put("APIPRODUCT_DELETED", "8");
            put("APPLICATION_DELETED", "8");
            put("SUBSCRIPTION_DELETED", "8");
            put("Owner of application updated", "6");
            put("Possible Signature Wrapping Attack", "9");
            put("Possible CSRF attack", "9");
            put("Delete-Role", "8");
            put("delete", "8");
            put("Add-Role", "3");
            put("Update-Role-Name", "3");
            put("Update-Users-of-Role", "3");
            put("Update-Roles-of-User", "3");
            put("Threat detected", "9");
        }
    };
    private static final ObjectMapper objectMapper = new ObjectMapper();

    public AuditLayout(String str) {
        super(StandardCharsets.UTF_8);
        this.pattern = str;
    }

    public static AuditLayout createLayout(String str) {
        return new AuditLayout(str);
    }

    /* renamed from: toSerializable, reason: merged with bridge method [inline-methods] */
    public String m2toSerializable(LogEvent logEvent) {
        return (String) Optional.ofNullable(logEvent).map((v0) -> {
            return v0.getMessage();
        }).map((v0) -> {
            return v0.getFormattedMessage();
        }).map(this::convert).orElse(null);
    }

    public Map<String, String> jsonMap(LogEvent logEvent) {
        return (Map) Optional.ofNullable(logEvent).map((v0) -> {
            return v0.getMessage();
        }).map((v0) -> {
            return v0.getFormattedMessage();
        }).map(this::asMap).orElse(Collections.emptyMap());
    }

    private Map<String, String> asMap(String str) {
        HashMap hashMap = new HashMap();
        parseByRegexp(str, hashMap);
        if (hashMap.isEmpty()) {
            parseByJackson(str, hashMap);
        }
        if (!hashMap.isEmpty()) {
            prepareAllFields(hashMap);
            prepareExtension(hashMap);
            prepareHeader(hashMap);
            enhance(hashMap);
        }
        return hashMap;
    }

    private String convert(String str) {
        Map<String, String> asMap = asMap(str);
        parseByRegexp(str, asMap);
        if (asMap.isEmpty()) {
            parseByJackson(str, asMap);
        }
        if (!asMap.isEmpty()) {
            str = StrSubstitutor.replace(this.pattern, asMap);
        }
        return str + Strings.LINE_SEPARATOR;
    }

    private void prepareAllFields(Map<String, String> map) {
        ALL_FIELDS.forEach(str -> {
            String str = (String) map.get(str);
            if (!Objects.nonNull(str) || str.isEmpty()) {
                return;
            }
            if (HEADER_FIELDS.contains(str)) {
                str = str.replace("|", "\\|");
            }
            if (EXT_FIELDS.contains(str)) {
                str = str.replace("\\", "\\\\").replace(CEFRecord.EQUALS, "\\=").replaceAll("\\n", CEFRecord.SPACE);
            }
            if (str.equals(EXT_SRC)) {
                str = DnsResolver.tryResolve(str);
            }
            map.put(str, str);
        });
    }

    private void prepareExtension(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        EXT_FIELDS.stream().filter(str -> {
            return !str.equals(EXT_END);
        }).forEach(str2 -> {
            String str2 = (String) map.get(str2);
            if (!Objects.nonNull(str2) || str2.isEmpty()) {
                return;
            }
            sb.append(str2).append(CEFRecord.EQUALS).append(str2).append(CEFRecord.SPACE);
        });
        sb.append(EXT_END).append(CEFRecord.EQUALS).append(ZonedDateTime.now().toInstant().toEpochMilli());
        map.put(EXTENSION, sb.toString().trim());
    }

    private void prepareHeader(Map<String, String> map) {
        HEADER_FIELDS.forEach(str -> {
            map.put(str, (String) Optional.ofNullable((String) map.get(str)).orElse(DEFAULTS.get(str)));
        });
    }

    private void enhance(Map<String, String> map) {
        String str = map.get(EVENT_NAME);
        Optional<U> map2 = SEVERITY_BY_EVENT_NAME.keySet().stream().filter(str2 -> {
            return eventEquals(str, str2);
        }).findFirst().map(str3 -> {
            map.put(EVENT_NAME, str3);
            return str3;
        });
        Map<String, String> map3 = SEVERITY_BY_EVENT_NAME;
        Objects.requireNonNull(map3);
        map.put(SEVERITY, (String) map2.map((v1) -> {
            return r1.get(v1);
        }).orElse("3"));
        if (eventEquals(str, "Login") && Objects.nonNull(map.get(EXT_MSG))) {
            String lowerCase = map.get(EXT_MSG).toLowerCase();
            if (lowerCase.contains("result : success")) {
                map.put(SEVERITY, "6");
            } else if (lowerCase.contains("result : failed")) {
                map.put(SEVERITY, "8");
            }
        }
    }

    private boolean eventEquals(String str, String str2) {
        if (str != null) {
            str = str.replaceAll(ANY_NOT_WORD_SYMBOLS, "").toUpperCase();
        }
        if (str2 != null) {
            str2 = str2.replaceAll(ANY_NOT_WORD_SYMBOLS, "").toUpperCase();
        }
        return Objects.equals(str, str2);
    }

    private void parseByJackson(String str, Map<String, String> map) {
        try {
            JsonNode readTree = objectMapper.readTree(str);
            if (readTree.isObject()) {
                String str2 = (String) Optional.ofNullable(readTree.get(EVENT_TYPE)).map((v0) -> {
                    return v0.asText();
                }).orElse("");
                String str3 = (String) Optional.ofNullable(readTree.get("action")).map((v0) -> {
                    return v0.asText();
                }).orElse("");
                if (!str2.isEmpty() && !str3.isEmpty()) {
                    map.put(EVENT_TYPE, "API");
                    if (!str2.equalsIgnoreCase("api")) {
                        str3 = str2 + "_" + str3;
                    }
                }
                if (!str3.isEmpty()) {
                    map.put(EVENT_NAME, str3.toUpperCase());
                }
                Optional.ofNullable(readTree.get("performedBy")).map((v0) -> {
                    return v0.asText();
                }).ifPresent(str4 -> {
                    map.put(EXT_SOURCE_USER_NAME, str4);
                });
                Optional.ofNullable(readTree.get("info")).map((v0) -> {
                    return v0.toString();
                }).ifPresent(str5 -> {
                    map.put(EXT_MSG, str5);
                });
            }
        } catch (IOException e) {
        }
    }

    public static void reverse(Object[] objArr) {
        if (objArr == null || objArr.length == 0) {
            return;
        }
        int length = objArr.length - 1;
        for (int i = 0; length > i; i++) {
            Object obj = objArr[length];
            objArr[length] = objArr[i];
            objArr[i] = obj;
            length--;
        }
    }

    private void parseByRegexp(String str, Map<String, String> map) {
        AuditEvent[] values = AuditEvent.values();
        reverse(values);
        for (AuditEvent auditEvent : values) {
            Matcher matcher = auditEvent.getPattern().matcher(str);
            if (matcher.matches()) {
                ALL_FIELDS.forEach(str2 -> {
                    String str2 = "";
                    try {
                        str2 = matcher.group(str2);
                    } catch (IllegalArgumentException e) {
                    }
                    if (!str2.isEmpty()) {
                        map.put(str2, str2);
                        map.put(EVENT_TYPE, auditEvent.getEventType());
                        if (Strings.isEmpty((CharSequence) map.get(EVENT_NAME))) {
                            map.put(EVENT_NAME, auditEvent.getEventName());
                        }
                    }
                    if (map.containsKey(EXT_SRC)) {
                        map.replace(EXT_SRC, DnsResolver.tryResolve((String) map.get(EXT_SRC)));
                    }
                });
                return;
            }
        }
    }

    public void addOverrides(Map<String, String> map) {
        DEFAULTS.putAll(map);
    }
}
