package org.elasticsearch.shield.audit.logfile;

import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.component.Lifecycle;
import org.elasticsearch.common.component.LifecycleListener;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.shield.InternalShieldUser;
import org.elasticsearch.shield.InternalSystemUser;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.audit.AuditTrail;
import org.elasticsearch.shield.audit.AuditUtil;
import org.elasticsearch.shield.authc.AuthenticationToken;
import org.elasticsearch.shield.authz.Privilege;
import org.elasticsearch.shield.rest.RemoteHostHeader;
import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportMessage;

/* loaded from: input_file:org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.class */
public class LoggingAuditTrail extends AbstractLifecycleComponent<LoggingAuditTrail> implements AuditTrail {
    public static final String NAME = "logfile";
    private final ESLogger logger;
    private final Transport transport;
    private String prefix;

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public String name() {
        return NAME;
    }

    @Inject
    public LoggingAuditTrail(Settings settings, Transport transport) {
        this(settings, transport, Loggers.getLogger(LoggingAuditTrail.class));
    }

    LoggingAuditTrail(Settings settings, Transport transport, ESLogger eSLogger) {
        this("", settings, transport, eSLogger);
    }

    LoggingAuditTrail(String str, Settings settings, Transport transport, ESLogger eSLogger) {
        super(settings);
        this.logger = eSLogger;
        this.prefix = str;
        this.transport = transport;
    }

    protected void doStart() {
        if (this.transport.lifecycleState() == Lifecycle.State.STARTED) {
            this.prefix = resolvePrefix(this.settings, this.transport);
        } else {
            this.transport.addLifecycleListener(new LifecycleListener() { // from class: org.elasticsearch.shield.audit.logfile.LoggingAuditTrail.1
                public void afterStart() {
                    LoggingAuditTrail.this.prefix = LoggingAuditTrail.resolvePrefix(LoggingAuditTrail.this.settings, LoggingAuditTrail.this.transport);
                }
            });
        }
    }

    protected void doStop() {
    }

    protected void doClose() {
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void anonymousAccessDenied(String str, TransportMessage<?> transportMessage) {
        String indicesString = indicesString(transportMessage);
        if (indicesString != null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), str, indicesString, transportMessage.getClass().getSimpleName()});
                return;
            } else {
                this.logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), str, indicesString});
                return;
            }
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), str, transportMessage.getClass().getSimpleName()});
        } else {
            this.logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), str});
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void anonymousAccessDenied(RestRequest restRequest) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("{}[rest] [anonymous_access_denied]\t{}, uri=[{}], request_body=[{}]", new Object[]{this.prefix, hostAttributes(restRequest), restRequest.uri(), AuditUtil.restRequestContent(restRequest)});
        } else {
            this.logger.warn("{}[rest] [anonymous_access_denied]\t{}, uri=[{}]", new Object[]{this.prefix, hostAttributes(restRequest), restRequest.uri()});
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void authenticationFailed(AuthenticationToken authenticationToken, String str, TransportMessage<?> transportMessage) {
        String indicesString = indicesString(transportMessage);
        if (indicesString != null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], indices=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), authenticationToken.principal(), str, indicesString, transportMessage.getClass().getSimpleName()});
                return;
            } else {
                this.logger.error("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], indices=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), authenticationToken.principal(), str, indicesString});
                return;
            }
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), authenticationToken.principal(), str, transportMessage.getClass().getSimpleName()});
        } else {
            this.logger.error("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), authenticationToken.principal(), str});
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void authenticationFailed(RestRequest restRequest) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("{}[rest] [authentication_failed]\t{}, uri=[{}], request_body=[{}]", new Object[]{this.prefix, hostAttributes(restRequest), restRequest.uri(), AuditUtil.restRequestContent(restRequest)});
        } else {
            this.logger.error("{}[rest] [authentication_failed]\t{}, uri=[{}]", new Object[]{this.prefix, hostAttributes(restRequest), restRequest.uri()});
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void authenticationFailed(String str, TransportMessage<?> transportMessage) {
        String indicesString = indicesString(transportMessage);
        if (indicesString != null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("{}[transport] [authentication_failed]\t{}, action=[{}], indices=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), str, indicesString, transportMessage.getClass().getSimpleName()});
                return;
            } else {
                this.logger.error("{}[transport] [authentication_failed]\t{}, action=[{}], indices=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), str, indicesString});
                return;
            }
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("{}[transport] [authentication_failed]\t{}, action=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), str, transportMessage.getClass().getSimpleName()});
        } else {
            this.logger.error("{}[transport] [authentication_failed]\t{}, action=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), str});
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void authenticationFailed(AuthenticationToken authenticationToken, RestRequest restRequest) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("{}[rest] [authentication_failed]\t{}, principal=[{}], uri=[{}], request_body=[{}]", new Object[]{this.prefix, hostAttributes(restRequest), authenticationToken.principal(), restRequest.uri(), AuditUtil.restRequestContent(restRequest)});
        } else {
            this.logger.error("{}[rest] [authentication_failed]\t{}, principal=[{}], uri=[{}]", new Object[]{this.prefix, hostAttributes(restRequest), authenticationToken.principal(), restRequest.uri()});
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void authenticationFailed(String str, AuthenticationToken authenticationToken, String str2, TransportMessage<?> transportMessage) {
        if (this.logger.isTraceEnabled()) {
            String indicesString = indicesString(transportMessage);
            if (indicesString != null) {
                this.logger.trace("{}[transport] [authentication_failed]\trealm=[{}], {}, principal=[{}], action=[{}], indices=[{}], request=[{}]", new Object[]{this.prefix, str, originAttributes(transportMessage, this.transport), authenticationToken.principal(), str2, indicesString, transportMessage.getClass().getSimpleName()});
            } else {
                this.logger.trace("{}[transport] [authentication_failed]\trealm=[{}], {}, principal=[{}], action=[{}], request=[{}]", new Object[]{this.prefix, str, originAttributes(transportMessage, this.transport), authenticationToken.principal(), str2, transportMessage.getClass().getSimpleName()});
            }
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void authenticationFailed(String str, AuthenticationToken authenticationToken, RestRequest restRequest) {
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("{}[rest] [authentication_failed]\trealm=[{}], {}, principal=[{}], uri=[{}], request_body=[{}]", new Object[]{this.prefix, str, hostAttributes(restRequest), authenticationToken.principal(), restRequest.uri(), AuditUtil.restRequestContent(restRequest)});
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void accessGranted(User user, String str, TransportMessage<?> transportMessage) {
        String indicesString = indicesString(transportMessage);
        if ((InternalSystemUser.is(user) && Privilege.SYSTEM.predicate().apply(str)) || InternalShieldUser.is(user)) {
            if (this.logger.isTraceEnabled()) {
                if (indicesString != null) {
                    this.logger.trace("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), principal(user), str, indicesString, transportMessage.getClass().getSimpleName()});
                    return;
                } else {
                    this.logger.trace("{}[transport] [access_granted]\t{}, {}, action=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), principal(user), str, transportMessage.getClass().getSimpleName()});
                    return;
                }
            }
            return;
        }
        if (indicesString != null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), principal(user), str, indicesString, transportMessage.getClass().getSimpleName()});
                return;
            } else {
                this.logger.info("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), principal(user), str, indicesString});
                return;
            }
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("{}[transport] [access_granted]\t{}, {}, action=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), principal(user), str, transportMessage.getClass().getSimpleName()});
        } else {
            this.logger.info("{}[transport] [access_granted]\t{}, {}, action=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), principal(user), str});
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void accessDenied(User user, String str, TransportMessage<?> transportMessage) {
        String indicesString = indicesString(transportMessage);
        if (indicesString != null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("{}[transport] [access_denied]\t{}, {}, action=[{}], indices=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), principal(user), str, indicesString, transportMessage.getClass().getSimpleName()});
                return;
            } else {
                this.logger.error("{}[transport] [access_denied]\t{}, {}, action=[{}], indices=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), principal(user), str, indicesString});
                return;
            }
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("{}[transport] [access_denied]\t{}, {}, action=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), principal(user), str, transportMessage.getClass().getSimpleName()});
        } else {
            this.logger.error("{}[transport] [access_denied]\t{}, {}, action=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), principal(user), str});
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void tamperedRequest(String str, TransportMessage<?> transportMessage) {
        String indicesString = indicesString(transportMessage);
        if (indicesString != null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("{}[transport] [tampered_request]\t{}, action=[{}], indices=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), str, indicesString, transportMessage.getClass().getSimpleName()});
                return;
            } else {
                this.logger.error("{}[transport] [tampered_request]\t{}, action=[{}], indices=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), str, indicesString});
                return;
            }
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("{}[transport] [tampered_request]\t{}, action=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), str, transportMessage.getClass().getSimpleName()});
        } else {
            this.logger.error("{}[transport] [tampered_request]\t{}, action=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), str});
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void tamperedRequest(User user, String str, TransportMessage<?> transportMessage) {
        String indicesString = indicesString(transportMessage);
        if (indicesString != null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("{}[transport] [tampered_request]\t{}, {}, action=[{}], indices=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), principal(user), str, indicesString, transportMessage.getClass().getSimpleName()});
                return;
            } else {
                this.logger.error("{}[transport] [tampered_request]\t{}, {}, action=[{}], indices=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), principal(user), str, indicesString});
                return;
            }
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("{}[transport] [tampered_request]\t{}, {}, action=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), principal(user), str, transportMessage.getClass().getSimpleName()});
        } else {
            this.logger.error("{}[transport] [tampered_request]\t{}, {}, action=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), principal(user), str});
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void connectionGranted(InetAddress inetAddress, String str, ShieldIpFilterRule shieldIpFilterRule) {
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("{}[ip_filter] [connection_granted]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", new Object[]{this.prefix, NetworkAddress.formatAddress(inetAddress), str, shieldIpFilterRule});
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void connectionDenied(InetAddress inetAddress, String str, ShieldIpFilterRule shieldIpFilterRule) {
        this.logger.error("{}[ip_filter] [connection_denied]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", new Object[]{this.prefix, NetworkAddress.formatAddress(inetAddress), str, shieldIpFilterRule});
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void runAsGranted(User user, String str, TransportMessage<?> transportMessage) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("{}[transport] [run_as_granted]\t{}, principal=[{}], run_as_principal=[{}], action=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), user.principal(), user.runAs().principal(), str, transportMessage.getClass().getSimpleName()});
        } else {
            this.logger.info("{}[transport] [run_as_granted]\t{}, principal=[{}], run_as_principal=[{}], action=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), user.principal(), user.runAs().principal(), str});
        }
    }

    @Override // org.elasticsearch.shield.audit.AuditTrail
    public void runAsDenied(User user, String str, TransportMessage<?> transportMessage) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("{}[transport] [run_as_denied]\t{}, principal=[{}], run_as_principal=[{}], action=[{}], request=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), user.principal(), user.runAs().principal(), str, transportMessage.getClass().getSimpleName()});
        } else {
            this.logger.info("{}[transport] [run_as_denied]\t{}, principal=[{}], run_as_principal=[{}], action=[{}]", new Object[]{this.prefix, originAttributes(transportMessage, this.transport), user.principal(), user.runAs().principal(), str});
        }
    }

    private static String hostAttributes(RestRequest restRequest) {
        SocketAddress remoteAddress = restRequest.getRemoteAddress();
        return "origin_address=[" + (remoteAddress instanceof InetSocketAddress ? NetworkAddress.formatAddress(((InetSocketAddress) remoteAddress).getAddress()) : remoteAddress.toString()) + "]";
    }

    static String originAttributes(TransportMessage transportMessage, Transport transport) {
        StringBuilder sb = new StringBuilder();
        InetSocketAddress restRemoteAddress = RemoteHostHeader.restRemoteAddress(transportMessage);
        if (restRemoteAddress != null) {
            sb.append("origin_type=[rest], origin_address=[").append(NetworkAddress.formatAddress(restRemoteAddress.getAddress())).append("]");
            return sb.toString();
        }
        InetSocketTransportAddress remoteAddress = transportMessage.remoteAddress();
        if (remoteAddress == null) {
            return sb.append("origin_type=[local_node], origin_address=[").append(transport.boundAddress().publishAddress().getAddress()).append("]").toString();
        }
        sb.append("origin_type=[transport], ");
        if (remoteAddress instanceof InetSocketTransportAddress) {
            sb.append("origin_address=[").append(NetworkAddress.formatAddress(remoteAddress.address().getAddress())).append("]");
        } else {
            sb.append("origin_address=[").append(remoteAddress).append("]");
        }
        return sb.toString();
    }

    static String resolvePrefix(Settings settings, Transport transport) {
        String str;
        String host;
        String address;
        StringBuilder sb = new StringBuilder();
        if (settings.getAsBoolean("shield.audit.logfile.prefix.emit_node_host_address", false).booleanValue() && (address = transport.boundAddress().publishAddress().getAddress()) != null) {
            sb.append("[").append(address).append("] ");
        }
        if (settings.getAsBoolean("shield.audit.logfile.prefix.emit_node_host_name", false).booleanValue() && (host = transport.boundAddress().publishAddress().getHost()) != null) {
            sb.append("[").append(host).append("] ");
        }
        if (settings.getAsBoolean("shield.audit.logfile.prefix.emit_node_name", true).booleanValue() && (str = settings.get("name")) != null) {
            sb.append("[").append(str).append("] ");
        }
        return sb.toString();
    }

    static String indicesString(TransportMessage<?> transportMessage) {
        String[] indices = AuditUtil.indices(transportMessage);
        if (indices == null) {
            return null;
        }
        return Strings.arrayToCommaDelimitedString(indices);
    }

    static String principal(User user) {
        StringBuilder sb = new StringBuilder("principal=[");
        if (user.runAs() != null) {
            sb.append(user.runAs().principal()).append("], run_by_principal=[");
        }
        return sb.append(user.principal()).append("]").toString();
    }
}
