package org.graylog2.inputs.codecs;

import com.codahale.metrics.MetricRegistry;
import com.codahale.metrics.Timer;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import com.google.common.net.InetAddresses;
import com.google.inject.assistedinject.Assisted;
import com.google.inject.assistedinject.AssistedInject;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.inject.Inject;
import org.graylog.schema.ApplicationFields;
import org.graylog.schema.ProcessFields;
import org.graylog2.plugin.Message;
import org.graylog2.plugin.ResolvableInetSocketAddress;
import org.graylog2.plugin.Tools;
import org.graylog2.plugin.configuration.Configuration;
import org.graylog2.plugin.configuration.ConfigurationRequest;
import org.graylog2.plugin.configuration.fields.BooleanField;
import org.graylog2.plugin.inputs.annotations.Codec;
import org.graylog2.plugin.inputs.annotations.ConfigClass;
import org.graylog2.plugin.inputs.annotations.FactoryClass;
import org.graylog2.plugin.inputs.codecs.AbstractCodec;
import org.graylog2.plugin.inputs.codecs.Codec;
import org.graylog2.plugin.inputs.codecs.CodecAggregator;
import org.graylog2.plugin.journal.RawMessage;
import org.graylog2.syslog4j.server.SyslogServerEventIF;
import org.graylog2.syslog4j.server.impl.event.CiscoSyslogServerEvent;
import org.graylog2.syslog4j.server.impl.event.FortiGateSyslogEvent;
import org.graylog2.syslog4j.server.impl.event.SyslogServerEvent;
import org.graylog2.syslog4j.server.impl.event.structured.StructuredSyslogServerEvent;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Codec(name = "syslog", displayName = "Syslog")
/* loaded from: input_file:org/graylog2/inputs/codecs/SyslogCodec.class */
public class SyslogCodec extends AbstractCodec {
    private static final Logger LOG = LoggerFactory.getLogger(SyslogCodec.class);
    private static final Pattern STRUCTURED_SYSLOG_PATTERN = Pattern.compile("<\\d{1,3}>[0-9]\\d{0,2}\\s.*", 32);
    private static final Pattern CISCO_WITH_SEQUENCE_NUMBERS_PATTERN = Pattern.compile("<\\d{1,3}>\\d*:\\s.*", 32);
    private static final Pattern FORTIGATE_PATTERN = Pattern.compile("<\\d{1,3}>date=.*", 32);
    static final String CK_FORCE_RDNS = "force_rdns";
    static final String CK_ALLOW_OVERRIDE_DATE = "allow_override_date";
    static final String CK_EXPAND_STRUCTURED_DATA = "expand_structured_data";
    static final String CK_STORE_FULL_MESSAGE = "store_full_message";
    private final Timer resolveTime;
    private final Timer decodeTime;

    @ConfigClass
    /* loaded from: input_file:org/graylog2/inputs/codecs/SyslogCodec$Config.class */
    public static class Config extends AbstractCodec.Config {
        @Override // org.graylog2.plugin.inputs.codecs.AbstractCodec.Config, org.graylog2.plugin.inputs.codecs.Codec.Config
        public ConfigurationRequest getRequestedConfiguration() {
            ConfigurationRequest requestedConfiguration = super.getRequestedConfiguration();
            requestedConfiguration.addField(new BooleanField(SyslogCodec.CK_FORCE_RDNS, "Force rDNS?", false, "Force rDNS resolution of hostname? Use if hostname cannot be parsed. (Be careful if you are sending DNS logs into this input because it can cause a feedback loop.)"));
            requestedConfiguration.addField(new BooleanField(SyslogCodec.CK_ALLOW_OVERRIDE_DATE, "Allow overriding date?", true, "Allow to override with current date if date could not be parsed?"));
            requestedConfiguration.addField(new BooleanField(SyslogCodec.CK_STORE_FULL_MESSAGE, "Store full message?", false, "Store the full original syslog message as full_message?"));
            requestedConfiguration.addField(new BooleanField(SyslogCodec.CK_EXPAND_STRUCTURED_DATA, "Expand structured data?", false, "Expand structured data elements by prefixing attributes with their SD-ID?"));
            return requestedConfiguration;
        }

        @Override // org.graylog2.plugin.inputs.codecs.AbstractCodec.Config, org.graylog2.plugin.inputs.codecs.Codec.Config
        public void overrideDefaultValues(@Nonnull ConfigurationRequest configurationRequest) {
            if (configurationRequest.containsField("port")) {
                configurationRequest.getField("port").setDefaultValue(514);
            }
        }
    }

    /* loaded from: input_file:org/graylog2/inputs/codecs/SyslogCodec$Descriptor.class */
    public static class Descriptor extends AbstractCodec.Descriptor {
        @Inject
        public Descriptor() {
            super(((Codec) SyslogCodec.class.getAnnotation(Codec.class)).displayName());
        }
    }

    @FactoryClass
    /* loaded from: input_file:org/graylog2/inputs/codecs/SyslogCodec$Factory.class */
    public interface Factory extends Codec.Factory<SyslogCodec> {
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.graylog2.plugin.inputs.codecs.Codec.Factory
        SyslogCodec create(Configuration configuration);

        @Override // org.graylog2.plugin.inputs.codecs.Codec.Factory
        Config getConfig();

        @Override // org.graylog2.plugin.inputs.codecs.Codec.Factory
        Descriptor getDescriptor();
    }

    @AssistedInject
    public SyslogCodec(@Assisted Configuration configuration, MetricRegistry metricRegistry) {
        super(configuration);
        this.resolveTime = metricRegistry.timer(MetricRegistry.name(SyslogCodec.class, new String[]{"resolveTime"}));
        this.decodeTime = metricRegistry.timer(MetricRegistry.name(SyslogCodec.class, new String[]{"decodeTime"}));
    }

    @Override // org.graylog2.plugin.inputs.codecs.Codec
    @Nullable
    public Message decode(@Nonnull RawMessage rawMessage) {
        String str = new String(rawMessage.getPayload(), this.charset);
        Timer.Context time = this.decodeTime.time();
        try {
            ResolvableInetSocketAddress remoteAddress = rawMessage.getRemoteAddress();
            InetSocketAddress inetSocketAddress = remoteAddress == null ? null : remoteAddress.getInetSocketAddress();
            Message parse = parse(str, inetSocketAddress == null ? null : inetSocketAddress.getAddress(), rawMessage.getTimestamp());
            if (time != null) {
                time.close();
            }
            return parse;
        } catch (Throwable th) {
            if (time != null) {
                try {
                    time.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private Message parse(String str, InetAddress inetAddress, DateTime dateTime) {
        String message;
        StructuredSyslogServerEvent structuredSyslogServerEvent = STRUCTURED_SYSLOG_PATTERN.matcher(str).matches() ? new StructuredSyslogServerEvent(str, inetAddress) : CISCO_WITH_SEQUENCE_NUMBERS_PATTERN.matcher(str).matches() ? new CiscoSyslogServerEvent(str, inetAddress) : FORTIGATE_PATTERN.matcher(str).matches() ? new FortiGateSyslogEvent(str) : new SyslogServerEvent(str, inetAddress);
        if (structuredSyslogServerEvent instanceof StructuredSyslogServerEvent) {
            String message2 = structuredSyslogServerEvent.getStructuredMessage().getMessage();
            message = Strings.isNullOrEmpty(message2) ? structuredSyslogServerEvent.getMessage() : message2;
        } else {
            message = structuredSyslogServerEvent.getMessage();
        }
        Message message3 = new Message(message, parseHost(structuredSyslogServerEvent, inetAddress), parseDate(structuredSyslogServerEvent, dateTime));
        message3.addField("facility", Tools.syslogFacilityToReadable(structuredSyslogServerEvent.getFacility()));
        message3.addField(Message.FIELD_LEVEL, Integer.valueOf(structuredSyslogServerEvent.getLevel()));
        message3.addField("facility_num", Integer.valueOf(structuredSyslogServerEvent.getFacility()));
        if (structuredSyslogServerEvent instanceof CiscoSyslogServerEvent) {
            message3.addField("sequence_number", Integer.valueOf(((CiscoSyslogServerEvent) structuredSyslogServerEvent).getSequenceNumber()));
        }
        if (structuredSyslogServerEvent instanceof FortiGateSyslogEvent) {
            HashMap hashMap = new HashMap(((FortiGateSyslogEvent) structuredSyslogServerEvent).getFields());
            hashMap.remove(Message.FIELD_LEVEL);
            message3.addFields(hashMap);
        }
        if (this.configuration.getBoolean(CK_STORE_FULL_MESSAGE)) {
            message3.addField(Message.FIELD_FULL_MESSAGE, new String(structuredSyslogServerEvent.getRaw(), this.charset));
        }
        message3.addFields(parseAdditionalData(structuredSyslogServerEvent, this.configuration.getBoolean(CK_EXPAND_STRUCTURED_DATA)));
        return message3;
    }

    private Map<String, Object> parseAdditionalData(SyslogServerEventIF syslogServerEventIF, boolean z) {
        if (!(syslogServerEventIF instanceof StructuredSyslogServerEvent)) {
            return Collections.emptyMap();
        }
        StructuredSyslogServerEvent structuredSyslogServerEvent = (StructuredSyslogServerEvent) syslogServerEventIF;
        HashMap hashMap = new HashMap(extractFields(structuredSyslogServerEvent, z));
        if (!Strings.isNullOrEmpty(structuredSyslogServerEvent.getApplicationName())) {
            hashMap.put(ApplicationFields.APPLICATION_NAME, structuredSyslogServerEvent.getApplicationName());
        }
        if (!Strings.isNullOrEmpty(structuredSyslogServerEvent.getProcessId())) {
            hashMap.put(ProcessFields.PROCESS_ID, structuredSyslogServerEvent.getProcessId());
        }
        return hashMap;
    }

    private String parseHost(SyslogServerEventIF syslogServerEventIF, InetAddress inetAddress) {
        if (inetAddress != null && this.configuration.getBoolean(CK_FORCE_RDNS)) {
            try {
                Timer.Context time = this.resolveTime.time();
                try {
                    String rdnsLookup = Tools.rdnsLookup(inetAddress);
                    if (time != null) {
                        time.close();
                    }
                    return rdnsLookup;
                } finally {
                }
            } catch (UnknownHostException e) {
                LOG.warn("Reverse DNS lookup failed. Falling back to parsed hostname.", e);
            }
        }
        String host = syslogServerEventIF.getHost();
        return (!Strings.isNullOrEmpty(host) || inetAddress == null) ? host : InetAddresses.toAddrString(inetAddress);
    }

    private DateTime parseDate(SyslogServerEventIF syslogServerEventIF, DateTime dateTime) throws IllegalStateException {
        if (syslogServerEventIF.getDate() != null) {
            return new DateTime(syslogServerEventIF.getDate());
        }
        if (this.configuration.getBoolean(CK_ALLOW_OVERRIDE_DATE)) {
            LOG.debug("Date could not be parsed. Was set to NOW because {} is true.", CK_ALLOW_OVERRIDE_DATE);
            return dateTime;
        }
        LOG.warn("Syslog message is missing date or date could not be parsed. (Possibly set {} to true) Not further handling. Message was: {}", CK_ALLOW_OVERRIDE_DATE, new String(syslogServerEventIF.getRaw(), this.charset));
        throw new IllegalStateException("Syslog message is missing date or date could not be parsed.");
    }

    @Override // org.graylog2.plugin.inputs.codecs.AbstractCodec, org.graylog2.plugin.inputs.codecs.Codec
    @Nullable
    public CodecAggregator getAggregator() {
        return null;
    }

    @VisibleForTesting
    Map<String, Object> extractFields(StructuredSyslogServerEvent structuredSyslogServerEvent, boolean z) {
        try {
            Map structuredData = structuredSyslogServerEvent.getStructuredMessage().getStructuredData();
            if (structuredData != null && !structuredData.isEmpty()) {
                HashMap hashMap = new HashMap();
                for (Map.Entry entry : structuredData.entrySet()) {
                    if (z) {
                        hashMap.putAll(prefixElements((String) entry.getKey(), (Map) entry.getValue()));
                    } else {
                        hashMap.putAll((Map) entry.getValue());
                    }
                }
                return hashMap;
            }
        } catch (Exception e) {
            LOG.debug("Could not extract structured syslog", e);
        }
        return Collections.emptyMap();
    }

    private Map<String, String> prefixElements(String str, Map<String, String> map) {
        if (map == null || map.isEmpty()) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap(map.size());
        for (Map.Entry<String, String> entry : map.entrySet()) {
            hashMap.put(str.trim() + "_" + entry.getKey(), entry.getValue());
        }
        return hashMap;
    }
}
