package org.graylog.aws.inputs.cloudtrail;

import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.codahale.metrics.MetricSet;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.eventbus.EventBus;
import com.google.common.eventbus.Subscribe;
import com.google.inject.assistedinject.Assisted;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import java.net.URI;
import java.util.Map;
import javax.annotation.Nullable;
import okhttp3.HttpUrl;
import org.graylog.aws.AWS;
import org.graylog.aws.AWSObjectMapper;
import org.graylog.aws.auth.AWSAuthProvider;
import org.graylog.aws.config.AWSPluginConfiguration;
import org.graylog2.Configuration;
import org.graylog2.plugin.InputFailureRecorder;
import org.graylog2.plugin.LocalMetricRegistry;
import org.graylog2.plugin.ServerStatus;
import org.graylog2.plugin.cluster.ClusterConfigService;
import org.graylog2.plugin.configuration.ConfigurationRequest;
import org.graylog2.plugin.configuration.fields.ConfigurationField;
import org.graylog2.plugin.configuration.fields.DropdownField;
import org.graylog2.plugin.configuration.fields.TextField;
import org.graylog2.plugin.inputs.MessageInput;
import org.graylog2.plugin.inputs.MisfireException;
import org.graylog2.plugin.inputs.annotations.ConfigClass;
import org.graylog2.plugin.inputs.annotations.FactoryClass;
import org.graylog2.plugin.inputs.codecs.CodecAggregator;
import org.graylog2.plugin.inputs.transports.ThrottleableTransport;
import org.graylog2.plugin.inputs.transports.ThrottleableTransport2;
import org.graylog2.plugin.inputs.transports.Transport;
import org.graylog2.plugin.lifecycles.Lifecycle;
import org.graylog2.security.encryption.EncryptedValueService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog/aws/inputs/cloudtrail/CloudTrailTransport.class */
public class CloudTrailTransport extends ThrottleableTransport2 {
    public static final String NAME = "cloudtrail";
    private static final String CK_LEGACY_AWS_REGION = "aws_region";
    private static final String CK_AWS_SQS_REGION = "aws_sqs_region";
    private static final String CK_AWS_S3_REGION = "aws_s3_region";
    private static final String CK_SQS_NAME = "aws_sqs_queue_name";
    private static final String CK_ACCESS_KEY = "aws_access_key";
    private static final String CK_SECRET_KEY = "aws_secret_key";
    private static final String CK_ASSUME_ROLE_ARN = "aws_assume_role_arn";
    private final ServerStatus serverStatus;
    private final URI httpProxyUri;
    private final LocalMetricRegistry localRegistry;
    private final Configuration systemConfiguration;
    private final ClusterConfigService clusterConfigService;
    private final ObjectMapper objectMapper;
    private final EncryptedValueService encryptedValueService;
    private CloudTrailSubscriber subscriber;
    private static final Logger LOG = LoggerFactory.getLogger(CloudTrailTransport.class);
    private static final Regions DEFAULT_REGION = Regions.US_EAST_1;

    @ConfigClass
    /* loaded from: input_file:org/graylog/aws/inputs/cloudtrail/CloudTrailTransport$Config.class */
    public static class Config extends ThrottleableTransport.Config {
        private final boolean isCloud;

        @Inject
        public Config(Configuration configuration) {
            this.isCloud = configuration.isCloud();
        }

        @Override // org.graylog2.plugin.inputs.transports.ThrottleableTransport.Config, org.graylog2.plugin.inputs.transports.Transport.Config
        public ConfigurationRequest getRequestedConfiguration() {
            ConfigurationRequest requestedConfiguration = super.getRequestedConfiguration();
            Map<String, String> buildRegionChoices = AWS.buildRegionChoices();
            requestedConfiguration.addField(new DropdownField(CloudTrailTransport.CK_AWS_SQS_REGION, "AWS SQS Region", CloudTrailTransport.DEFAULT_REGION.getName(), buildRegionChoices, "The AWS region the SQS queue is in.", ConfigurationField.Optional.NOT_OPTIONAL));
            requestedConfiguration.addField(new DropdownField(CloudTrailTransport.CK_AWS_S3_REGION, "AWS S3 Region", CloudTrailTransport.DEFAULT_REGION.getName(), buildRegionChoices, "The AWS region the S3 bucket containing CloudTrail logs is in.", ConfigurationField.Optional.NOT_OPTIONAL));
            requestedConfiguration.addField(new TextField(CloudTrailTransport.CK_SQS_NAME, "SQS queue name", "cloudtrail-notifications", "The SQS queue that SNS is writing CloudTrail notifications to.", ConfigurationField.Optional.NOT_OPTIONAL));
            requestedConfiguration.addField(new TextField("aws_access_key", "AWS access key", "", "Access key of an AWS user with sufficient permissions. (See documentation)", this.isCloud ? ConfigurationField.Optional.NOT_OPTIONAL : ConfigurationField.Optional.OPTIONAL));
            requestedConfiguration.addField(new TextField("aws_secret_key", "AWS secret key", "", "Secret key of an AWS user with sufficient permissions. (See documentation)", this.isCloud ? ConfigurationField.Optional.NOT_OPTIONAL : ConfigurationField.Optional.OPTIONAL, true, TextField.Attribute.IS_PASSWORD));
            requestedConfiguration.addField(new TextField("aws_assume_role_arn", "AWS assume role ARN", "", "The role ARN with required permissions (cross account access)", ConfigurationField.Optional.OPTIONAL));
            return requestedConfiguration;
        }
    }

    @FactoryClass
    /* loaded from: input_file:org/graylog/aws/inputs/cloudtrail/CloudTrailTransport$Factory.class */
    public interface Factory extends Transport.Factory<CloudTrailTransport> {
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.graylog2.plugin.inputs.transports.Transport.Factory
        CloudTrailTransport create(org.graylog2.plugin.configuration.Configuration configuration);

        @Override // org.graylog2.plugin.inputs.transports.Transport.Factory
        Config getConfig();
    }

    @Inject
    public CloudTrailTransport(@Assisted org.graylog2.plugin.configuration.Configuration configuration, Configuration configuration2, ClusterConfigService clusterConfigService, EventBus eventBus, ServerStatus serverStatus, @AWSObjectMapper ObjectMapper objectMapper, @Named("http_proxy_uri") @Nullable URI uri, LocalMetricRegistry localMetricRegistry, EncryptedValueService encryptedValueService) {
        super(eventBus, configuration);
        this.systemConfiguration = configuration2;
        this.clusterConfigService = clusterConfigService;
        this.serverStatus = serverStatus;
        this.objectMapper = objectMapper;
        this.httpProxyUri = uri;
        this.localRegistry = localMetricRegistry;
        this.encryptedValueService = encryptedValueService;
    }

    @Override // org.graylog2.plugin.inputs.transports.Transport
    public void setMessageAggregator(CodecAggregator codecAggregator) {
    }

    @Subscribe
    public void lifecycleStateChange(Lifecycle lifecycle) {
        LOG.debug("Lifecycle changed to {}", lifecycle);
        switch (lifecycle) {
            case PAUSED:
            case FAILED:
            case HALTING:
                if (this.subscriber != null) {
                    this.subscriber.pause();
                    return;
                }
                return;
            default:
                if (this.subscriber != null) {
                    this.subscriber.unpause();
                    return;
                }
                return;
        }
    }

    @Override // org.graylog2.plugin.inputs.transports.ThrottleableTransport2
    public void doLaunch(MessageInput messageInput, InputFailureRecorder inputFailureRecorder) throws MisfireException {
        this.serverStatus.awaitRunning(() -> {
            lifecycleStateChange(Lifecycle.RUNNING);
        });
        AWSPluginConfiguration aWSPluginConfiguration = (AWSPluginConfiguration) this.clusterConfigService.getOrDefault(AWSPluginConfiguration.class, AWSPluginConfiguration.createDefault());
        LOG.info("Starting cloud trail subscriber");
        String string = messageInput.getConfiguration().getString("aws_region", DEFAULT_REGION.getName());
        String string2 = messageInput.getConfiguration().getString(CK_AWS_SQS_REGION, string);
        String string3 = messageInput.getConfiguration().getString(CK_AWS_S3_REGION, string);
        this.subscriber = new CloudTrailSubscriber(Region.getRegion(Regions.fromName(string2)), Region.getRegion(Regions.fromName(string3)), messageInput.getConfiguration().getString(CK_SQS_NAME), messageInput, new AWSAuthProvider(this.systemConfiguration, aWSPluginConfiguration, messageInput.getConfiguration().getString("aws_access_key"), this.encryptedValueService.decrypt(messageInput.getConfiguration().getEncryptedValue("aws_secret_key")), messageInput.getConfiguration().getString(CK_AWS_SQS_REGION), messageInput.getConfiguration().getString("aws_assume_role_arn")), (!aWSPluginConfiguration.proxyEnabled() || this.httpProxyUri == null) ? null : HttpUrl.get(this.httpProxyUri), this.objectMapper, inputFailureRecorder);
        this.subscriber.start();
    }

    @Override // org.graylog2.plugin.inputs.transports.ThrottleableTransport
    public void doStop() {
        LOG.info("Stopping cloud trail subscriber");
        if (this.subscriber != null) {
            this.subscriber.terminate();
        }
    }

    @Override // org.graylog2.plugin.inputs.transports.Transport
    public MetricSet getMetricSet() {
        return this.localRegistry;
    }
}
