package org.wso2.carbon.user.mgt.listeners;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.logging.Log;
import org.json.JSONArray;
import org.json.JSONObject;
import org.slf4j.MDC;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.mgt.listeners.utils.ListenerUtils;
import org.wso2.carbon.utils.CarbonUtils;

/* loaded from: input_file:org/wso2/carbon/user/mgt/listeners/UserManagementAuditLogger.class */
public class UserManagementAuditLogger extends AbstractIdentityUserOperationEventListener {
    private static final Log audit = CarbonConstants.AUDIT_LOG;
    private static final String SUCCESS = "Success";
    private static final String IN_PROGRESS = "In-Progress";
    public static final String USER_AGENT_QUERY_KEY = "User-Agent";
    public static final String USER_AGENT_KEY = "User Agent";
    public static final String REMOTE_ADDRESS_QUERY_KEY = "remoteAddress";
    public static final String REMOTE_ADDRESS_KEY = "RemoteAddress";
    public static final String SERVICE_PROVIDER_KEY = "ServiceProviderName";
    public static final String SERVICE_PROVIDER_QUERY_KEY = "serviceProvider";
    private final String USER_NAME_KEY = "UserName";
    private final String USER_NAME_QUERY_KEY = "userName";

    public boolean isEnable() {
        return super.isEnable() && !CarbonUtils.isLegacyAuditLogsDisabled();
    }

    public boolean doPostAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(ListenerUtils.PROFILE_FIELD, str2);
        if (ArrayUtils.isNotEmpty(strArr)) {
            jSONObject.put(ListenerUtils.ROLES_FIELD, new JSONArray(strArr));
        }
        maskClaimsInAuditLog(map, jSONObject);
        audit.warn(createAuditMessage(ListenerUtils.ADD_USER_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), jSONObject, SUCCESS));
        return true;
    }

    public boolean doPostDeleteUser(String str, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        audit.warn(createAuditMessage(ListenerUtils.DELETE_USER_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), null, SUCCESS));
        return true;
    }

    public boolean doPreSetUserClaimValue(String str, String str2, String str3, String str4, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        if (LoggerUtils.isLogMaskingEnable) {
            jSONObject.put(ListenerUtils.CLAIM_VALUE_FIELD, LoggerUtils.getMaskedClaimValue(str2, str3));
        } else {
            jSONObject.put(ListenerUtils.CLAIM_VALUE_FIELD, str3);
        }
        jSONObject.put(ListenerUtils.CLAIM_URI_FIELD, str2);
        jSONObject.put(ListenerUtils.PROFILE_FIELD, str4);
        audit.info(createAuditMessage(ListenerUtils.SET_USER_CLAIM_VALUE_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), jSONObject, IN_PROGRESS));
        return true;
    }

    public boolean doPostSetUserClaimValue(String str, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        audit.warn(createAuditMessage(ListenerUtils.SET_USER_CLAIM_VALUE_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), null, SUCCESS));
        return true;
    }

    public boolean doPostSetUserClaimValues(String str, Map<String, String> map, String str2, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(ListenerUtils.PROFILE_FIELD, str2);
        maskClaimsInAuditLog(map, jSONObject);
        audit.warn(createAuditMessage(ListenerUtils.SET_USER_CLAIM_VALUES_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), jSONObject, SUCCESS));
        return true;
    }

    public boolean doPreDeleteUserClaimValues(String str, String[] strArr, String str2, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(ListenerUtils.PROFILE_FIELD, str2);
        jSONObject.put(ListenerUtils.CLAIMS_FIELD, new JSONObject(strArr));
        audit.warn(createAuditMessage(ListenerUtils.DELETE_USER_CLAIM_VALUES_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), jSONObject, IN_PROGRESS));
        return true;
    }

    public boolean doPostDeleteUserClaimValues(String str, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        audit.warn(createAuditMessage(ListenerUtils.DELETE_USER_CLAIM_VALUES_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), null, SUCCESS));
        return true;
    }

    public boolean doPreDeleteUserClaimValue(String str, String str2, String str3, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        if (LoggerUtils.isLogMaskingEnable) {
            str3 = LoggerUtils.getMaskedContent(str3);
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(ListenerUtils.CLAIM_URI_FIELD, str2);
        jSONObject.put(ListenerUtils.PROFILE_FIELD, str3);
        audit.warn(createAuditMessage(ListenerUtils.DELETE_USER_CLAIM_VALUE_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), jSONObject, IN_PROGRESS));
        return true;
    }

    public boolean doPostDeleteUserClaimValue(String str, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        audit.warn(createAuditMessage(ListenerUtils.DELETE_USER_CLAIM_VALUE_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), null, SUCCESS));
        return true;
    }

    public boolean doPostUpdateCredential(String str, Object obj, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        audit.warn(createAuditMessage(ListenerUtils.CHANGE_PASSWORD_BY_USER_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), null, SUCCESS));
        return true;
    }

    public boolean doPostUpdateCredentialByAdmin(String str, Object obj, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        audit.info(createAuditMessage(ListenerUtils.CHANGE_PASSWORD_BY_ADMIN_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), null, SUCCESS));
        return true;
    }

    public boolean doPostDeleteRole(String str, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        audit.warn(createAuditMessage(ListenerUtils.DELETE_ROLE_ACTION, ListenerUtils.getEntityWithUserStoreDomain(str, userStoreManager), null, SUCCESS));
        return true;
    }

    public boolean doPostAddRole(String str, String[] strArr, Permission[] permissionArr, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        if (ArrayUtils.isNotEmpty(strArr)) {
            if (LoggerUtils.isLogMaskingEnable) {
                jSONObject.put(ListenerUtils.USERS_FIELD, new JSONArray(LoggerUtils.getMaskedArraysOfValues(strArr)));
            } else {
                jSONObject.put(ListenerUtils.USERS_FIELD, new JSONArray(strArr));
            }
        }
        if (ArrayUtils.isNotEmpty(permissionArr)) {
            jSONObject.put(ListenerUtils.PERMISSIONS_FIELD, new JSONArray(permissionArr));
        }
        if (IdentityUtil.isGroupsVsRolesSeparationImprovementsEnabled()) {
            audit.warn(createAuditMessage(ListenerUtils.ADD_GROUP_ACTION, ListenerUtils.getEntityWithUserStoreDomain(str, userStoreManager), jSONObject, SUCCESS));
            return true;
        }
        audit.warn(createAuditMessage(ListenerUtils.ADD_ROLE_ACTION, ListenerUtils.getEntityWithUserStoreDomain(str, userStoreManager), jSONObject, SUCCESS));
        return true;
    }

    public boolean doPostAddInternalRoleWithID(String str, String[] strArr, Permission[] permissionArr, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        if (ArrayUtils.isNotEmpty(strArr)) {
            jSONObject.put(ListenerUtils.USERS_FIELD, new JSONArray(strArr));
        }
        if (ArrayUtils.isNotEmpty(permissionArr)) {
            jSONObject.put(ListenerUtils.PERMISSIONS_FIELD, new JSONArray(permissionArr));
        }
        audit.warn(createAuditMessage(ListenerUtils.ADD_ROLE_ACTION, ListenerUtils.getEntityWithUserStoreDomain(str, userStoreManager), jSONObject, SUCCESS));
        return true;
    }

    public boolean doPostUpdateRoleName(String str, String str2, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(ListenerUtils.NEW_ROLE_NAME, str2);
        audit.warn(createAuditMessage(ListenerUtils.UPDATE_ROLE_NAME_ACTION, ListenerUtils.getEntityWithUserStoreDomain(str, userStoreManager), jSONObject, SUCCESS));
        return true;
    }

    public boolean doPostUpdatePermissionsOfRole(String str, Permission[] permissionArr, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        if (ArrayUtils.isNotEmpty(permissionArr)) {
            jSONObject.put(ListenerUtils.PERMISSIONS_FIELD, new JSONArray(permissionArr));
        }
        audit.warn(createAuditMessage(ListenerUtils.UPDATE_PERMISSIONS_OF_ROLE_ACTION, ListenerUtils.getEntityWithUserStoreDomain(str, userStoreManager), jSONObject, SUCCESS));
        return true;
    }

    public boolean doPostUpdateUserListOfRole(String str, String[] strArr, String[] strArr2, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        if (ArrayUtils.isNotEmpty(strArr)) {
            if (LoggerUtils.isLogMaskingEnable) {
                jSONObject.put(ListenerUtils.USERS_FIELD, new JSONArray(LoggerUtils.getMaskedArraysOfValues(strArr)));
            } else {
                jSONObject.put(ListenerUtils.USERS_FIELD, new JSONArray(strArr));
            }
        }
        if (ArrayUtils.isNotEmpty(strArr2)) {
            if (LoggerUtils.isLogMaskingEnable) {
                jSONObject.put(ListenerUtils.USERS_FIELD, new JSONArray(LoggerUtils.getMaskedArraysOfValues(strArr2)));
            } else {
                jSONObject.put(ListenerUtils.USERS_FIELD, new JSONArray(strArr2));
            }
        }
        audit.info(createAuditMessage(ListenerUtils.UPDATE_USERS_OF_ROLE_ACTION, ListenerUtils.getEntityWithUserStoreDomain(str, userStoreManager), jSONObject, SUCCESS));
        return true;
    }

    public boolean doPostUpdateRoleListOfUser(String str, String[] strArr, String[] strArr2, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        if (ArrayUtils.isNotEmpty(strArr)) {
            jSONObject.put(ListenerUtils.DELETED_ROLES, new JSONArray(strArr));
        }
        if (ArrayUtils.isNotEmpty(strArr2)) {
            jSONObject.put(ListenerUtils.NEW_ROLES, new JSONArray(strArr2));
        }
        audit.info(createAuditMessage(ListenerUtils.UPDATE_ROLES_OF_USER_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), jSONObject, SUCCESS));
        return true;
    }

    public boolean doPostGetUserClaimValue(String str, String str2, List<String> list, String str3, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(ListenerUtils.CLAIM_URI_FIELD, str2);
        if (LoggerUtils.isLogMaskingEnable) {
            ArrayList arrayList = new ArrayList();
            if (CollectionUtils.isNotEmpty(list)) {
                Iterator<String> it = list.iterator();
                while (it.hasNext()) {
                    arrayList.add(LoggerUtils.getMaskedClaimValue(str2, it.next()));
                }
                jSONObject.put(ListenerUtils.CLAIM_VALUE_FIELD, new JSONArray((Collection) arrayList));
            }
        } else if (CollectionUtils.isNotEmpty(list)) {
            jSONObject.put(ListenerUtils.CLAIM_VALUE_FIELD, new JSONArray((Collection) list));
        }
        jSONObject.put(ListenerUtils.PROFILE_FIELD, str3);
        audit.info(createAuditMessage(ListenerUtils.GET_USER_CLAIM_VALUE_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), jSONObject, SUCCESS));
        return true;
    }

    public boolean doPostGetUserClaimValues(String str, String[] strArr, String str2, Map<String, String> map, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        maskClaimsInAuditLog(map, jSONObject);
        jSONObject.put(ListenerUtils.PROFILE_FIELD, str2);
        audit.info(createAuditMessage(ListenerUtils.GET_USER_CLAIM_VALUES_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), jSONObject, SUCCESS));
        return true;
    }

    public boolean doPostGetUserList(String str, String str2, List<String> list, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        if (LoggerUtils.isLogMaskingEnable) {
            ArrayList arrayList = new ArrayList();
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(LoggerUtils.getMaskedContent(it.next()));
            }
            if (CollectionUtils.isNotEmpty(arrayList)) {
                jSONObject.put(ListenerUtils.USERS_FIELD, new JSONArray((Collection) arrayList));
            }
            jSONObject.put(ListenerUtils.CLAIM_VALUE_FIELD, LoggerUtils.getMaskedClaimValue(str, str2));
        } else {
            jSONObject.put(ListenerUtils.CLAIM_VALUE_FIELD, str2);
            if (CollectionUtils.isNotEmpty(list)) {
                jSONObject.put(ListenerUtils.USERS_FIELD, new JSONArray((Collection) list));
            }
        }
        jSONObject.put(ListenerUtils.CLAIM_URI_FIELD, str);
        audit.info(createAuditMessage(ListenerUtils.GET_USER_LIST_ACTION, null, jSONObject, SUCCESS));
        return true;
    }

    public boolean doPostGetRoleListOfUser(String str, String str2, String[] strArr, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(ListenerUtils.FILTER_FIELD, str2);
        if (ArrayUtils.isNotEmpty(strArr)) {
            jSONObject.put(ListenerUtils.ROLES_FIELD, new JSONArray(strArr));
        }
        audit.info(createAuditMessage(ListenerUtils.GET_ROLES_OF_USER_ACTION, ListenerUtils.getTargetForAuditLog(str, userStoreManager), jSONObject, SUCCESS));
        return true;
    }

    public boolean doPostGetUserListOfRole(String str, String[] strArr, UserStoreManager userStoreManager) {
        if (!isEnable()) {
            return true;
        }
        JSONObject jSONObject = new JSONObject();
        if (ArrayUtils.isNotEmpty(strArr)) {
            if (LoggerUtils.isLogMaskingEnable) {
                jSONObject.put(ListenerUtils.USERS_FIELD, new JSONArray(LoggerUtils.getMaskedArraysOfValues(strArr)));
            } else {
                jSONObject.put(ListenerUtils.USERS_FIELD, new JSONArray(strArr));
            }
        }
        audit.info(createAuditMessage(ListenerUtils.GET_USERS_OF_ROLE_ACTION, ListenerUtils.getEntityWithUserStoreDomain(str, userStoreManager), jSONObject, SUCCESS));
        return true;
    }

    public int getExecutionOrderId() {
        int orderId = getOrderId();
        if (orderId != -1) {
            return orderId;
        }
        return 1;
    }

    private String createAuditMessage(String str, String str2, JSONObject jSONObject, String str3) {
        if (jSONObject == null) {
            jSONObject = new JSONObject();
        }
        addContextualAuditParams(jSONObject);
        return String.format("Initiator=%s Action=%s Target=%s Data=%s Outcome=%s", ListenerUtils.getInitiator(), str, str2, jSONObject, str3);
    }

    private void addContextualAuditParams(JSONObject jSONObject) {
        jSONObject.put(REMOTE_ADDRESS_KEY, MDC.get(REMOTE_ADDRESS_QUERY_KEY));
        jSONObject.put(USER_AGENT_KEY, MDC.get(USER_AGENT_QUERY_KEY));
        jSONObject.put("UserName", MDC.get("userName"));
        jSONObject.put(SERVICE_PROVIDER_KEY, MDC.get(SERVICE_PROVIDER_QUERY_KEY));
    }

    private void maskClaimsInAuditLog(Map<String, String> map, JSONObject jSONObject) {
        if (LoggerUtils.isLogMaskingEnable) {
            jSONObject.put(ListenerUtils.CLAIMS_FIELD, new JSONObject(LoggerUtils.getMaskedClaimsMap(map)));
        } else {
            jSONObject.put(ListenerUtils.CLAIMS_FIELD, new JSONObject(map));
        }
    }
}
