package org.wso2.carbon.user.mgt.listeners;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener;
import org.wso2.carbon.identity.core.util.IdentityConfigParser;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.utils.CarbonUtils;

/* loaded from: input_file:org/wso2/carbon/user/mgt/listeners/UserClaimsAuditLogger.class */
public class UserClaimsAuditLogger extends AbstractIdentityUserOperationEventListener {
    private static final int DEFAULT_EXECUTION_ORDER = 9;
    private static final String CONFIG_CHANGE_LOG_CLAIMS = "LoggableUserClaims.LoggableUserClaim";
    private static final String LOG_UPDATED_CLAIMS_ONLY_PROPERTY = "LogUpdatedClaimsOnly";
    private static final String EVENT_LISTENER_TYPE = "org.wso2.carbon.user.core.listener.UserOperationEventListener";
    private String[] loggableClaimURIs;
    private static final String DEFAULT = "default";
    private static final String ROLE_CLAIM_URI = "http://wso2.org/claims/role";
    private static Log log = LogFactory.getLog(UserClaimsAuditLogger.class);
    private static final Log audit = CarbonConstants.AUDIT_LOG;
    private static String AUDIT_MESSAGE = "Initiator : %s | Action : %s | Target : %s | Claims : { %s }";
    private static String AUDIT_MESSAGE_FOR_UPDATED_CLAIMS = "Initiator : %s | Action : %s | Target : %s | Added Claims : { %s } | Updated Claims : { %s } | Removed Claims : { %s }";

    public boolean isEnable() {
        return super.isEnable() && !CarbonUtils.isLegacyAuditLogsDisabled();
    }

    public int getExecutionOrderId() {
        int executionOrderId = super.getExecutionOrderId();
        return executionOrderId <= 0 ? DEFAULT_EXECUTION_ORDER : executionOrderId;
    }

    public void init() {
        Object obj = IdentityConfigParser.getInstance().getConfiguration().get(CONFIG_CHANGE_LOG_CLAIMS);
        ArrayList arrayList = new ArrayList();
        if (obj instanceof ArrayList) {
            arrayList = (ArrayList) obj;
        } else if (obj instanceof String) {
            arrayList.add((String) obj);
        }
        if (CollectionUtils.isEmpty(arrayList)) {
            if (log.isDebugEnabled()) {
                log.debug("No Claim filters configured under LoggableUserClaims.LoggableUserClaim. User claim changes will not be logged.");
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Some Claim filters configured under LoggableUserClaims.LoggableUserClaim. User claim changes will be logged.");
            }
            this.loggableClaimURIs = StringUtils.stripAll((String[]) arrayList.toArray(new String[arrayList.size()]));
        }
    }

    public boolean doPreSetUserClaimValue(String str, String str2, String str3, String str4, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        logClaims(str, "doPreSetUserClaimValue", userStoreManager);
        return true;
    }

    public boolean doPostSetUserClaimValue(String str, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        logClaims(str, "doPostSetUserClaimValue", userStoreManager);
        return true;
    }

    public boolean doPreSetUserClaimValues(String str, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        if (isLogUpdatedClaimsOnlyPropertyEnabled()) {
            logUpdatedClaims(str, map, "doPreSetUserClaimValues", userStoreManager);
            return true;
        }
        logClaims(str, "doPreSetUserClaimValues", userStoreManager);
        return true;
    }

    public boolean doPostSetUserClaimValues(String str, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable() || isLogUpdatedClaimsOnlyPropertyEnabled()) {
            return true;
        }
        logClaims(str, "doPostSetUserClaimValues", userStoreManager);
        return true;
    }

    private boolean isLogUpdatedClaimsOnlyPropertyEnabled() {
        Object obj = IdentityUtil.readEventListenerProperty(EVENT_LISTENER_TYPE, getClass().getName()).getProperties().get(LOG_UPDATED_CLAIMS_ONLY_PROPERTY);
        if (obj != null) {
            return Boolean.parseBoolean(obj.toString());
        }
        return false;
    }

    private void logUpdatedClaims(String str, Map<String, String> map, String str2, UserStoreManager userStoreManager) {
        try {
            Map<String, String> hashMap = new HashMap<>();
            Map<String, String> hashMap2 = new HashMap<>();
            Map<String, String> hashMap3 = new HashMap<>();
            Map<String, String> userClaimValues = userStoreManager.getUserClaimValues(str, this.loggableClaimURIs, DEFAULT);
            resolveLoggableClaims(userClaimValues);
            for (Map.Entry<String, String> entry : userClaimValues.entrySet()) {
                String key = entry.getKey();
                String value = entry.getValue();
                String str3 = map.get(key);
                if (StringUtils.isNotEmpty(str3) && !str3.equals(value)) {
                    hashMap2.put(key, str3);
                }
                if (StringUtils.isEmpty(str3) && StringUtils.isNotEmpty(value)) {
                    hashMap3.put(key, value);
                }
            }
            for (String str4 : this.loggableClaimURIs) {
                String str5 = userClaimValues.get(str4);
                String str6 = map.get(str4);
                if (StringUtils.isNotEmpty(str6) && StringUtils.isEmpty(str5)) {
                    hashMap.put(str4, str6);
                }
            }
            if (MapUtils.isNotEmpty(hashMap) || MapUtils.isNotEmpty(hashMap2) || MapUtils.isNotEmpty(hashMap3)) {
                audit.info(String.format(AUDIT_MESSAGE_FOR_UPDATED_CLAIMS, getUser(), str2, str, formatClaims(hashMap), formatClaims(hashMap2), formatClaims(hashMap3)));
            } else if (log.isDebugEnabled()) {
                log.debug("Updated claims are not configured under the user: " + str);
            }
        } catch (UserStoreException e) {
            log.error("Error occurred while logging updated user claim changes.", e);
        }
    }

    private void resolveLoggableClaims(Map<String, String> map) {
        map.remove(ROLE_CLAIM_URI);
        if (log.isDebugEnabled()) {
            log.debug("http://wso2.org/claims/role claim is removed from the loggable claims as it is a read-only claim.");
        }
    }

    private void logClaims(String str, String str2, UserStoreManager userStoreManager) {
        try {
            Map<String, String> userClaimValues = userStoreManager.getUserClaimValues(str, this.loggableClaimURIs, DEFAULT);
            if (MapUtils.isNotEmpty(userClaimValues)) {
                audit.info(String.format(AUDIT_MESSAGE, getUser(), str2, str, formatClaims(userClaimValues)));
            } else if (log.isDebugEnabled()) {
                log.debug("No claims are configured under the user : " + str);
            }
        } catch (UserStoreException e) {
            log.error("Error occurred while logging user claim changes.", e);
        }
    }

    private String formatClaims(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        boolean z = false;
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (z) {
                sb.append(" , ");
            }
            if (StringUtils.isNotEmpty(entry.getValue())) {
                sb.append("\"").append(entry.getKey()).append("\"");
                sb.append(" : ");
                sb.append("\"").append(entry.getValue()).append("\"");
                z = true;
            }
        }
        return sb.toString();
    }

    private String getUser() {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        return username != null ? username + "@" + CarbonContext.getThreadLocalCarbonContext().getTenantDomain() : "wso2.system.user";
    }
}
