package com.amazon.opendistroforelasticsearch.security.auditlog.impl;

import com.amazon.opendistroforelasticsearch.security.DefaultObjectMapper;
import com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog;
import com.amazon.opendistroforelasticsearch.security.auditlog.config.AuditConfig;
import com.amazon.opendistroforelasticsearch.security.compliance.ComplianceConfig;
import com.amazon.opendistroforelasticsearch.security.dlic.rest.support.Utils;
import com.amazon.opendistroforelasticsearch.security.support.Base64Helper;
import com.amazon.opendistroforelasticsearch.security.support.ConfigConstants;
import com.amazon.opendistroforelasticsearch.security.user.User;
import com.fasterxml.jackson.databind.JsonNode;
import com.flipkart.zjsonpatch.JsonDiff;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.io.BaseEncoding;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.nio.file.Paths;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.stream.Collectors;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.SpecialPermission;
import org.elasticsearch.action.bulk.BulkRequest;
import org.elasticsearch.action.bulk.BulkShardRequest;
import org.elasticsearch.action.delete.DeleteRequest;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.update.UpdateRequest;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.common.xcontent.DeprecationHandler;
import org.elasticsearch.common.xcontent.NamedXContentRegistry;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.env.Environment;
import org.elasticsearch.index.engine.Engine;
import org.elasticsearch.index.get.GetResult;
import org.elasticsearch.index.shard.ShardId;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.TransportRequest;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/auditlog/impl/AbstractAuditLog.class */
public abstract class AbstractAuditLog implements AuditLog {
    private final ThreadPool threadPool;
    private final IndexNameExpressionResolver resolver;
    private final ClusterService clusterService;
    private final Settings settings;
    private volatile AuditConfig.Filter auditConfigFilter;
    private final String opendistrosecurityIndex;
    private volatile ComplianceConfig complianceConfig;
    private final Environment environment;
    private static final List<String> writeClasses = new ArrayList();
    protected final Logger log = LogManager.getLogger(getClass());
    private AtomicBoolean externalConfigLogged = new AtomicBoolean();

    protected abstract void enableRoutes();

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuditLog(Settings settings, ThreadPool threadPool, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService, Environment environment) {
        writeClasses.add(IndexRequest.class.getSimpleName());
        writeClasses.add(UpdateRequest.class.getSimpleName());
        writeClasses.add(BulkRequest.class.getSimpleName());
        writeClasses.add(BulkShardRequest.class.getSimpleName());
        writeClasses.add(DeleteRequest.class.getSimpleName());
        this.threadPool = threadPool;
        this.settings = settings;
        this.resolver = indexNameExpressionResolver;
        this.clusterService = clusterService;
        this.opendistrosecurityIndex = settings.get(ConfigConstants.OPENDISTRO_SECURITY_CONFIG_INDEX_NAME, ConfigConstants.OPENDISTRO_SECURITY_DEFAULT_CONFIG_INDEX);
        this.environment = environment;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void onAuditConfigFilterChanged(AuditConfig.Filter filter) {
        this.auditConfigFilter = filter;
        this.auditConfigFilter.log(this.log);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void onComplianceConfigChanged(ComplianceConfig complianceConfig) {
        this.complianceConfig = complianceConfig;
        enableRoutes();
        this.complianceConfig.log(this.log);
        logExternalConfig();
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public ComplianceConfig getComplianceConfig() {
        return this.complianceConfig;
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logFailedLogin(String str, boolean z, String str2, TransportRequest transportRequest, Task task) {
        if (checkTransportFilter(AuditCategory.FAILED_LOGIN, null, str, transportRequest)) {
            Iterator<AuditMessage> it = RequestResolver.resolve(AuditCategory.FAILED_LOGIN, getOrigin(), null, null, str, Boolean.valueOf(z), str2, getRemoteAddress(), transportRequest, getThreadContextHeaders(), task, this.resolver, this.clusterService, this.settings, this.auditConfigFilter.shouldLogRequestBody(), this.auditConfigFilter.shouldResolveIndices(), this.auditConfigFilter.shouldResolveBulkRequests(), this.opendistrosecurityIndex, this.auditConfigFilter.shouldExcludeSensitiveHeaders(), null).iterator();
            while (it.hasNext()) {
                save(it.next());
            }
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logFailedLogin(String str, boolean z, String str2, RestRequest restRequest) {
        if (checkRestFilter(AuditCategory.FAILED_LOGIN, str, restRequest)) {
            AuditMessage auditMessage = new AuditMessage(AuditCategory.FAILED_LOGIN, this.clusterService, getOrigin(), AuditLog.Origin.REST);
            auditMessage.addRemoteAddress(getRemoteAddress());
            auditMessage.addRestRequestInfo(restRequest, this.auditConfigFilter);
            auditMessage.addInitiatingUser(str2);
            auditMessage.addEffectiveUser(str);
            auditMessage.addIsAdminDn(z);
            save(auditMessage);
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logSucceededLogin(String str, boolean z, String str2, TransportRequest transportRequest, String str3, Task task) {
        if (checkTransportFilter(AuditCategory.AUTHENTICATED, str3, str, transportRequest)) {
            Iterator<AuditMessage> it = RequestResolver.resolve(AuditCategory.AUTHENTICATED, getOrigin(), str3, null, str, Boolean.valueOf(z), str2, getRemoteAddress(), transportRequest, getThreadContextHeaders(), task, this.resolver, this.clusterService, this.settings, this.auditConfigFilter.shouldLogRequestBody(), this.auditConfigFilter.shouldResolveIndices(), this.auditConfigFilter.shouldResolveBulkRequests(), this.opendistrosecurityIndex, this.auditConfigFilter.shouldExcludeSensitiveHeaders(), null).iterator();
            while (it.hasNext()) {
                save(it.next());
            }
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logSucceededLogin(String str, boolean z, String str2, RestRequest restRequest) {
        if (checkRestFilter(AuditCategory.AUTHENTICATED, str, restRequest)) {
            AuditMessage auditMessage = new AuditMessage(AuditCategory.AUTHENTICATED, this.clusterService, getOrigin(), AuditLog.Origin.REST);
            auditMessage.addRemoteAddress(getRemoteAddress());
            auditMessage.addRestRequestInfo(restRequest, this.auditConfigFilter);
            auditMessage.addInitiatingUser(str2);
            auditMessage.addEffectiveUser(str);
            auditMessage.addIsAdminDn(z);
            save(auditMessage);
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logMissingPrivileges(String str, String str2, RestRequest restRequest) {
        if (checkRestFilter(AuditCategory.MISSING_PRIVILEGES, str2, restRequest)) {
            AuditMessage auditMessage = new AuditMessage(AuditCategory.MISSING_PRIVILEGES, this.clusterService, getOrigin(), AuditLog.Origin.REST);
            auditMessage.addRemoteAddress(getRemoteAddress());
            auditMessage.addRestRequestInfo(restRequest, this.auditConfigFilter);
            auditMessage.addEffectiveUser(str2);
            save(auditMessage);
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logGrantedPrivileges(String str, RestRequest restRequest) {
        if (checkRestFilter(AuditCategory.GRANTED_PRIVILEGES, str, restRequest)) {
            AuditMessage auditMessage = new AuditMessage(AuditCategory.GRANTED_PRIVILEGES, this.clusterService, getOrigin(), AuditLog.Origin.REST);
            auditMessage.addRemoteAddress(getRemoteAddress());
            auditMessage.addRestRequestInfo(restRequest, this.auditConfigFilter);
            auditMessage.addEffectiveUser(str);
            save(auditMessage);
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logMissingPrivileges(String str, TransportRequest transportRequest, Task task) {
        if (checkTransportFilter(AuditCategory.MISSING_PRIVILEGES, str, getUser(), transportRequest)) {
            Iterator<AuditMessage> it = RequestResolver.resolve(AuditCategory.MISSING_PRIVILEGES, getOrigin(), null, str, getUser(), null, null, getRemoteAddress(), transportRequest, getThreadContextHeaders(), task, this.resolver, this.clusterService, this.settings, this.auditConfigFilter.shouldLogRequestBody(), this.auditConfigFilter.shouldResolveIndices(), this.auditConfigFilter.shouldResolveBulkRequests(), this.opendistrosecurityIndex, this.auditConfigFilter.shouldExcludeSensitiveHeaders(), null).iterator();
            while (it.hasNext()) {
                save(it.next());
            }
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logGrantedPrivileges(String str, TransportRequest transportRequest, Task task) {
        if (checkTransportFilter(AuditCategory.GRANTED_PRIVILEGES, str, getUser(), transportRequest)) {
            Iterator<AuditMessage> it = RequestResolver.resolve(AuditCategory.GRANTED_PRIVILEGES, getOrigin(), null, str, getUser(), null, null, getRemoteAddress(), transportRequest, getThreadContextHeaders(), task, this.resolver, this.clusterService, this.settings, this.auditConfigFilter.shouldLogRequestBody(), this.auditConfigFilter.shouldResolveIndices(), this.auditConfigFilter.shouldResolveBulkRequests(), this.opendistrosecurityIndex, this.auditConfigFilter.shouldExcludeSensitiveHeaders(), null).iterator();
            while (it.hasNext()) {
                save(it.next());
            }
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logIndexEvent(String str, TransportRequest transportRequest, Task task) {
        if (checkTransportFilter(AuditCategory.INDEX_EVENT, str, getUser(), transportRequest) && str.startsWith("indices:admin/")) {
            RequestResolver.resolve(AuditCategory.INDEX_EVENT, getOrigin(), null, str, getUser(), null, null, getRemoteAddress(), transportRequest, getThreadContextHeaders(), task, this.resolver, this.clusterService, this.settings, this.auditConfigFilter.shouldLogRequestBody(), this.auditConfigFilter.shouldResolveIndices(), this.auditConfigFilter.shouldResolveBulkRequests(), this.opendistrosecurityIndex, this.auditConfigFilter.shouldExcludeSensitiveHeaders(), null).forEach(this::save);
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logBadHeaders(TransportRequest transportRequest, String str, Task task) {
        if (checkTransportFilter(AuditCategory.BAD_HEADERS, str, getUser(), transportRequest)) {
            Iterator<AuditMessage> it = RequestResolver.resolve(AuditCategory.BAD_HEADERS, getOrigin(), str, null, getUser(), null, null, getRemoteAddress(), transportRequest, getThreadContextHeaders(), task, this.resolver, this.clusterService, this.settings, this.auditConfigFilter.shouldLogRequestBody(), this.auditConfigFilter.shouldResolveIndices(), this.auditConfigFilter.shouldResolveBulkRequests(), this.opendistrosecurityIndex, this.auditConfigFilter.shouldExcludeSensitiveHeaders(), null).iterator();
            while (it.hasNext()) {
                save(it.next());
            }
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logBadHeaders(RestRequest restRequest) {
        if (checkRestFilter(AuditCategory.BAD_HEADERS, getUser(), restRequest)) {
            AuditMessage auditMessage = new AuditMessage(AuditCategory.BAD_HEADERS, this.clusterService, getOrigin(), AuditLog.Origin.REST);
            auditMessage.addRemoteAddress(getRemoteAddress());
            auditMessage.addRestRequestInfo(restRequest, this.auditConfigFilter);
            auditMessage.addEffectiveUser(getUser());
            save(auditMessage);
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logSecurityIndexAttempt(TransportRequest transportRequest, String str, Task task) {
        if (checkTransportFilter(AuditCategory.OPENDISTRO_SECURITY_INDEX_ATTEMPT, str, getUser(), transportRequest)) {
            Iterator<AuditMessage> it = RequestResolver.resolve(AuditCategory.OPENDISTRO_SECURITY_INDEX_ATTEMPT, getOrigin(), str, null, getUser(), false, null, getRemoteAddress(), transportRequest, getThreadContextHeaders(), task, this.resolver, this.clusterService, this.settings, this.auditConfigFilter.shouldLogRequestBody(), this.auditConfigFilter.shouldResolveIndices(), this.auditConfigFilter.shouldResolveBulkRequests(), this.opendistrosecurityIndex, this.auditConfigFilter.shouldExcludeSensitiveHeaders(), null).iterator();
            while (it.hasNext()) {
                save(it.next());
            }
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logSSLException(TransportRequest transportRequest, Throwable th, String str, Task task) {
        if (checkTransportFilter(AuditCategory.SSL_EXCEPTION, str, getUser(), transportRequest)) {
            Iterator<AuditMessage> it = RequestResolver.resolve(AuditCategory.SSL_EXCEPTION, AuditLog.Origin.TRANSPORT, str, null, getUser(), false, null, getRemoteAddress(), transportRequest, getThreadContextHeaders(), task, this.resolver, this.clusterService, this.settings, this.auditConfigFilter.shouldLogRequestBody(), this.auditConfigFilter.shouldResolveIndices(), this.auditConfigFilter.shouldResolveBulkRequests(), this.opendistrosecurityIndex, this.auditConfigFilter.shouldExcludeSensitiveHeaders(), th).iterator();
            while (it.hasNext()) {
                save(it.next());
            }
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logSSLException(RestRequest restRequest, Throwable th) {
        if (checkRestFilter(AuditCategory.SSL_EXCEPTION, getUser(), restRequest)) {
            AuditMessage auditMessage = new AuditMessage(AuditCategory.SSL_EXCEPTION, this.clusterService, AuditLog.Origin.REST, AuditLog.Origin.REST);
            auditMessage.addRemoteAddress(getRemoteAddress());
            auditMessage.addRestRequestInfo(restRequest, this.auditConfigFilter);
            auditMessage.addException(th);
            auditMessage.addEffectiveUser(getUser());
            save(auditMessage);
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logDocumentRead(String str, String str2, ShardId shardId, Map<String, String> map) {
        ComplianceConfig complianceConfig = getComplianceConfig();
        if (complianceConfig == null || !complianceConfig.readHistoryEnabledForIndex(str)) {
            return;
        }
        String header = this.threadPool.getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_INITIAL_ACTION_CLASS_HEADER);
        if (header == null || !writeClasses.contains(header)) {
            AuditCategory auditCategory = this.opendistrosecurityIndex.equals(str) ? AuditCategory.COMPLIANCE_INTERNAL_CONFIG_READ : AuditCategory.COMPLIANCE_DOC_READ;
            String user = getUser();
            if (!checkComplianceFilter(auditCategory, user, getOrigin(), complianceConfig) || map == null || map.isEmpty()) {
                return;
            }
            AuditMessage auditMessage = new AuditMessage(auditCategory, this.clusterService, getOrigin(), null);
            auditMessage.addRemoteAddress(getRemoteAddress());
            auditMessage.addEffectiveUser(user);
            auditMessage.addIndices(new String[]{str});
            auditMessage.addResolvedIndices(new String[]{str});
            auditMessage.addShardId(shardId);
            auditMessage.addId(str2);
            try {
            } catch (Exception e) {
                this.log.error("Unable to generate request body for {} and {}", auditMessage.toPrettyString(), map, e);
            }
            if (!complianceConfig.shouldLogReadMetadataOnly()) {
                if (!this.opendistrosecurityIndex.equals(str) || "tattr".equals(str2)) {
                    auditMessage.addMapToRequestBody(new HashMap(map));
                } else {
                    try {
                        auditMessage.addMapToRequestBody(Utils.convertJsonToxToStructuredMap((String) ((Map) map.entrySet().stream().collect(Collectors.toMap(entry -> {
                            return "id";
                        }, entry2 -> {
                            return new String(BaseEncoding.base64().decode((CharSequence) entry2.getValue()), StandardCharsets.UTF_8);
                        }))).get("id")));
                    } catch (Exception e2) {
                        auditMessage.addMapToRequestBody(new HashMap(map));
                    }
                }
                save(auditMessage);
            }
            try {
                XContentBuilder builder = XContentBuilder.builder(JsonXContent.jsonXContent);
                builder.startObject();
                builder.field("field_names", map.keySet());
                builder.endObject();
                builder.close();
                auditMessage.addUnescapedJsonToRequestBody(Strings.toString(builder));
            } catch (IOException e3) {
                this.log.error(e3.toString(), e3);
            }
            save(auditMessage);
            this.log.error("Unable to generate request body for {} and {}", auditMessage.toPrettyString(), map, e);
            save(auditMessage);
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logDocumentWritten(ShardId shardId, GetResult getResult, Engine.Index index, Engine.IndexResult indexResult) {
        XContentParser createParser;
        ComplianceConfig complianceConfig = getComplianceConfig();
        if (complianceConfig == null || !complianceConfig.writeHistoryEnabledForIndex(shardId.getIndexName())) {
            return;
        }
        AuditCategory auditCategory = this.opendistrosecurityIndex.equals(shardId.getIndexName()) ? AuditCategory.COMPLIANCE_INTERNAL_CONFIG_WRITE : AuditCategory.COMPLIANCE_DOC_WRITE;
        String user = getUser();
        if (checkComplianceFilter(auditCategory, user, getOrigin(), complianceConfig)) {
            AuditMessage auditMessage = new AuditMessage(auditCategory, this.clusterService, getOrigin(), null);
            auditMessage.addRemoteAddress(getRemoteAddress());
            auditMessage.addEffectiveUser(user);
            auditMessage.addIndices(new String[]{shardId.getIndexName()});
            auditMessage.addResolvedIndices(new String[]{shardId.getIndexName()});
            auditMessage.addId(index.id());
            auditMessage.addShardId(shardId);
            auditMessage.addComplianceDocVersion(indexResult.getVersion());
            auditMessage.addComplianceOperation(indexResult.isCreated() ? AuditLog.Operation.CREATE : AuditLog.Operation.UPDATE);
            if (complianceConfig.shouldLogDiffsForWrite() && getResult != null && getResult.isExists() && getResult.internalSourceRef() != null) {
                try {
                    String str = null;
                    String str2 = null;
                    if (this.opendistrosecurityIndex.equals(shardId.getIndexName())) {
                        try {
                            createParser = XContentHelper.createParser(NamedXContentRegistry.EMPTY, DeprecationHandler.THROW_UNSUPPORTED_OPERATION, getResult.internalSourceRef(), XContentType.JSON);
                            try {
                                Object next = createParser.map().values().iterator().next();
                                str = next instanceof String ? new String(BaseEncoding.base64().decode((String) next)) : XContentHelper.convertToJson(getResult.internalSourceRef(), false, XContentType.JSON);
                                if (createParser != null) {
                                    createParser.close();
                                }
                            } finally {
                            }
                        } catch (Exception e) {
                            this.log.error(e);
                        }
                        try {
                            createParser = XContentHelper.createParser(NamedXContentRegistry.EMPTY, DeprecationHandler.THROW_UNSUPPORTED_OPERATION, index.source(), XContentType.JSON);
                            try {
                                Object next2 = createParser.map().values().iterator().next();
                                str2 = next2 instanceof String ? new String(BaseEncoding.base64().decode((String) next2)) : XContentHelper.convertToJson(index.source(), false, XContentType.JSON);
                                if (createParser != null) {
                                    createParser.close();
                                }
                            } finally {
                            }
                        } catch (Exception e2) {
                            this.log.error(e2);
                        }
                    } else {
                        str = XContentHelper.convertToJson(getResult.internalSourceRef(), false, XContentType.JSON);
                        str2 = XContentHelper.convertToJson(index.source(), false, XContentType.JSON);
                    }
                    JsonNode asJson = JsonDiff.asJson(DefaultObjectMapper.objectMapper.readTree(str), DefaultObjectMapper.objectMapper.readTree(str2));
                    auditMessage.addComplianceWriteDiffSource(asJson.size() == 0 ? "" : asJson.toString());
                } catch (Exception e3) {
                    this.log.error("Unable to generate diff for {}", auditMessage.toPrettyString(), e3);
                }
            }
            if (!complianceConfig.shouldLogWriteMetadataOnly()) {
                if (this.opendistrosecurityIndex.equals(shardId.getIndexName())) {
                    try {
                        XContentParser createParser2 = XContentHelper.createParser(NamedXContentRegistry.EMPTY, DeprecationHandler.THROW_UNSUPPORTED_OPERATION, index.source(), XContentType.JSON);
                        try {
                            Object next3 = createParser2.map().values().iterator().next();
                            if (next3 instanceof String) {
                                auditMessage.addUnescapedJsonToRequestBody(new String(BaseEncoding.base64().decode((String) next3)));
                            } else {
                                auditMessage.addTupleToRequestBody(new Tuple<>(XContentType.JSON, index.source()));
                            }
                            if (createParser2 != null) {
                                createParser2.close();
                            }
                        } catch (Throwable th) {
                            if (createParser2 != null) {
                                try {
                                    createParser2.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            }
                            throw th;
                        }
                    } catch (Exception e4) {
                        this.log.error(e4);
                    }
                } else {
                    auditMessage.addTupleToRequestBody(new Tuple<>(XContentType.JSON, index.source()));
                }
            }
            save(auditMessage);
        }
    }

    @Override // com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog
    public void logDocumentDeleted(ShardId shardId, Engine.Delete delete, Engine.DeleteResult deleteResult) {
        String user = getUser();
        ComplianceConfig complianceConfig = getComplianceConfig();
        if (complianceConfig != null && complianceConfig.isEnabled() && checkComplianceFilter(AuditCategory.COMPLIANCE_DOC_WRITE, user, getOrigin(), complianceConfig)) {
            AuditMessage auditMessage = new AuditMessage(AuditCategory.COMPLIANCE_DOC_WRITE, this.clusterService, getOrigin(), null);
            auditMessage.addRemoteAddress(getRemoteAddress());
            auditMessage.addEffectiveUser(user);
            auditMessage.addIndices(new String[]{shardId.getIndexName()});
            auditMessage.addResolvedIndices(new String[]{shardId.getIndexName()});
            auditMessage.addId(delete.id());
            auditMessage.addShardId(shardId);
            auditMessage.addComplianceDocVersion(deleteResult.getVersion());
            auditMessage.addComplianceOperation(AuditLog.Operation.DELETE);
            save(auditMessage);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void logExternalConfig() {
        ComplianceConfig complianceConfig = getComplianceConfig();
        if (complianceConfig != null && complianceConfig.isEnabled() && complianceConfig.shouldLogExternalConfig() && checkComplianceFilter(AuditCategory.COMPLIANCE_EXTERNAL_CONFIG, null, getOrigin(), complianceConfig) && !this.externalConfigLogged.getAndSet(true)) {
            this.log.info("logging external config");
            Map<String, Object> convertJsonToxToStructuredMap = Utils.convertJsonToxToStructuredMap((ToXContent) this.settings);
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkPermission(new SpecialPermission());
            }
            Map map = (Map) AccessController.doPrivileged(new PrivilegedAction<Map<String, String>>() { // from class: com.amazon.opendistroforelasticsearch.security.auditlog.impl.AbstractAuditLog.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Map<String, String> run() {
                    return System.getenv();
                }
            });
            Map map2 = (Map) AccessController.doPrivileged(new PrivilegedAction<Map>() { // from class: com.amazon.opendistroforelasticsearch.security.auditlog.impl.AbstractAuditLog.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Map run() {
                    return System.getProperties();
                }
            });
            String sha256Hex = DigestUtils.sha256Hex(convertJsonToxToStructuredMap.toString() + map.toString() + map2.toString());
            AuditMessage auditMessage = new AuditMessage(AuditCategory.COMPLIANCE_EXTERNAL_CONFIG, this.clusterService, null, null);
            try {
                XContentBuilder builder = XContentBuilder.builder(XContentType.JSON.xContent());
                try {
                    builder.startObject();
                    builder.startObject("external_configuration");
                    builder.field("elasticsearch_yml", convertJsonToxToStructuredMap);
                    builder.field("os_environment", map);
                    builder.field("java_properties", map2);
                    builder.field("sha256_checksum", sha256Hex);
                    builder.endObject();
                    builder.endObject();
                    builder.close();
                    auditMessage.addUnescapedJsonToRequestBody(Strings.toString(builder));
                    if (builder != null) {
                        builder.close();
                    }
                } finally {
                }
            } catch (Exception e) {
                this.log.error("Unable to build message", e);
            }
            HashMap hashMap = new HashMap();
            for (String str : this.settings.keySet()) {
                if (str.startsWith("opendistro_security") && (str.contains("filepath") || str.contains("file_path"))) {
                    String str2 = this.settings.get(str);
                    if (str2 != null && !str2.isEmpty()) {
                        hashMap.put(str, str2.startsWith("/") ? Paths.get(str2, new String[0]) : this.environment.configFile().resolve(str2));
                    }
                }
            }
            auditMessage.addFileInfos(hashMap);
            save(auditMessage);
        }
    }

    private AuditLog.Origin getOrigin() {
        String str = (String) this.threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_ORIGIN);
        if (str == null && this.threadPool.getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_ORIGIN_HEADER) != null) {
            str = this.threadPool.getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_ORIGIN_HEADER);
        }
        if (str == null) {
            return null;
        }
        return AuditLog.Origin.valueOf(str);
    }

    private TransportAddress getRemoteAddress() {
        TransportAddress transportAddress = (TransportAddress) this.threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_REMOTE_ADDRESS);
        if (transportAddress == null && this.threadPool.getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_REMOTE_ADDRESS_HEADER) != null) {
            transportAddress = new TransportAddress((InetSocketAddress) Base64Helper.deserializeObject(this.threadPool.getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_REMOTE_ADDRESS_HEADER)));
        }
        return transportAddress;
    }

    private String getUser() {
        User user = (User) this.threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER);
        if (user == null && this.threadPool.getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_USER_HEADER) != null) {
            user = (User) Base64Helper.deserializeObject(this.threadPool.getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_USER_HEADER));
        }
        if (user == null) {
            return null;
        }
        return user.getName();
    }

    private Map<String, String> getThreadContextHeaders() {
        return this.threadPool.getThreadContext().getHeaders();
    }

    @VisibleForTesting
    boolean checkTransportFilter(AuditCategory auditCategory, String str, String str2, TransportRequest transportRequest) {
        if (this.log.isTraceEnabled()) {
            this.log.trace("Check category:{}, action:{}, effectiveUser:{}, request:{}", auditCategory, str, str2, transportRequest == null ? null : transportRequest.getClass().getSimpleName());
        }
        if (!this.auditConfigFilter.isTransportApiAuditEnabled()) {
            return false;
        }
        if (str != null && str.startsWith("internal:")) {
            return false;
        }
        if (this.auditConfigFilter.isAuditDisabled(str2)) {
            if (!this.log.isTraceEnabled()) {
                return false;
            }
            this.log.trace("Skipped audit log message because of user {} is ignored", str2);
            return false;
        }
        if (transportRequest != null && (this.auditConfigFilter.isRequestAuditDisabled(str) || this.auditConfigFilter.isRequestAuditDisabled(transportRequest.getClass().getSimpleName()))) {
            if (!this.log.isTraceEnabled()) {
                return false;
            }
            this.log.trace("Skipped audit log message because request {} is ignored", str + "#" + transportRequest.getClass().getSimpleName());
            return false;
        }
        if (!this.auditConfigFilter.getDisabledTransportCategories().contains(auditCategory)) {
            return true;
        }
        if (!this.log.isTraceEnabled()) {
            return false;
        }
        this.log.trace("Skipped audit log message because category {} not enabled", auditCategory);
        return false;
    }

    private boolean checkComplianceFilter(AuditCategory auditCategory, String str, AuditLog.Origin origin, ComplianceConfig complianceConfig) {
        if (this.log.isTraceEnabled()) {
            this.log.trace("Check for COMPLIANCE category:{}, effectiveUser:{}, origin: {}", auditCategory, str, origin);
        }
        if (origin == AuditLog.Origin.LOCAL && str == null && auditCategory != AuditCategory.COMPLIANCE_EXTERNAL_CONFIG) {
            if (!this.log.isTraceEnabled()) {
                return false;
            }
            this.log.trace("Skipped compliance log message because of null user and local origin");
            return false;
        }
        if ((auditCategory == AuditCategory.COMPLIANCE_DOC_READ || auditCategory == AuditCategory.COMPLIANCE_INTERNAL_CONFIG_READ) && str != null && complianceConfig.isComplianceReadAuditDisabled(str)) {
            if (!this.log.isTraceEnabled()) {
                return false;
            }
            this.log.trace("Skipped compliance log message because of user {} is ignored", str);
            return false;
        }
        if ((auditCategory != AuditCategory.COMPLIANCE_DOC_WRITE && auditCategory != AuditCategory.COMPLIANCE_INTERNAL_CONFIG_WRITE) || str == null || !complianceConfig.isComplianceWriteAuditDisabled(str)) {
            return true;
        }
        if (!this.log.isTraceEnabled()) {
            return false;
        }
        this.log.trace("Skipped compliance log message because of user {} is ignored", str);
        return false;
    }

    @VisibleForTesting
    boolean checkRestFilter(AuditCategory auditCategory, String str, RestRequest restRequest) {
        if (this.log.isTraceEnabled()) {
            this.log.trace("Check for REST category:{}, effectiveUser:{}, request:{}", auditCategory, str, restRequest == null ? null : restRequest.path());
        }
        if (!this.auditConfigFilter.isRestApiAuditEnabled()) {
            return false;
        }
        if (this.auditConfigFilter.isAuditDisabled(str)) {
            if (!this.log.isTraceEnabled()) {
                return false;
            }
            this.log.trace("Skipped audit log message because of user {} is ignored", str);
            return false;
        }
        if (restRequest != null && this.auditConfigFilter.isRequestAuditDisabled(restRequest.path())) {
            if (!this.log.isTraceEnabled()) {
                return false;
            }
            this.log.trace("Skipped audit log message because request {} is ignored", restRequest.path());
            return false;
        }
        if (!this.auditConfigFilter.getDisabledRestCategories().contains(auditCategory)) {
            return true;
        }
        if (!this.log.isTraceEnabled()) {
            return false;
        }
        this.log.trace("Skipped audit log message because category {} not enabled", auditCategory);
        return false;
    }

    protected abstract void save(AuditMessage auditMessage);
}
