package org.graylog.integrations.aws.service;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.Maps;
import jakarta.inject.Inject;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.InternalServerErrorException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.stream.Collectors;
import org.graylog.integrations.aws.AWSMessageType;
import org.graylog.integrations.aws.AWSPolicy;
import org.graylog.integrations.aws.AWSPolicyStatement;
import org.graylog.integrations.aws.codecs.AWSCodec;
import org.graylog.integrations.aws.inputs.AWSInput;
import org.graylog.integrations.aws.resources.requests.AWSInputCreateRequest;
import org.graylog.integrations.aws.resources.responses.AWSRegion;
import org.graylog.integrations.aws.resources.responses.AvailableService;
import org.graylog.integrations.aws.resources.responses.AvailableServiceResponse;
import org.graylog.integrations.aws.resources.responses.KinesisPermissionsResponse;
import org.graylog.integrations.aws.resources.responses.RegionsResponse;
import org.graylog.integrations.aws.transports.KinesisTransport;
import org.graylog.plugins.views.search.rest.scriptingapi.request.SearchRequestSpec;
import org.graylog2.database.NotFoundException;
import org.graylog2.inputs.Input;
import org.graylog2.inputs.InputService;
import org.graylog2.plugin.configuration.ConfigurationException;
import org.graylog2.plugin.database.users.User;
import org.graylog2.plugin.inputs.MessageInput;
import org.graylog2.plugin.inputs.transports.ThrottleableTransport;
import org.graylog2.plugin.system.NodeId;
import org.graylog2.rest.models.system.inputs.requests.InputCreateRequest;
import org.graylog2.shared.inputs.MessageInputFactory;
import org.graylog2.shared.inputs.NoSuchInputTypeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.regions.RegionMetadata;

/* loaded from: input_file:org/graylog/integrations/aws/service/AWSService.class */
public class AWSService {
    private static final Logger LOG = LoggerFactory.getLogger(AWSService.class);
    private static final String AWS_POLICY_VERSION = "2012-10-17";
    public static final String POLICY_ENCODING_ERROR = "An error occurred encoding the policy JSON";
    private final InputService inputService;
    private final MessageInputFactory messageInputFactory;
    private final NodeId nodeId;
    private final ObjectMapper objectMapper;

    @Inject
    public AWSService(InputService inputService, MessageInputFactory messageInputFactory, NodeId nodeId, ObjectMapper objectMapper) {
        this.inputService = inputService;
        this.messageInputFactory = messageInputFactory;
        this.nodeId = nodeId;
        this.objectMapper = objectMapper;
    }

    public RegionsResponse getAvailableRegions() {
        return RegionsResponse.create((List) Region.regions().stream().filter(region -> {
            return !region.isGlobalRegion();
        }).map(region2 -> {
            RegionMetadata metadata = region2.metadata();
            return AWSRegion.create(metadata.id(), String.format(Locale.ROOT, "%s: %s", metadata.description(), metadata.id()));
        }).sorted(Comparator.comparing((v0) -> {
            return v0.regionId();
        })).collect(Collectors.toList()), r0.size());
    }

    public static Map<String, String> buildRegionChoices() {
        HashMap newHashMap = Maps.newHashMap();
        for (Region region : Region.regions()) {
            if (!region.isGlobalRegion()) {
                newHashMap.put(region.id(), String.format(Locale.ROOT, "%s: %s", RegionMetadata.of(region).description(), region.id()));
            }
        }
        return newHashMap;
    }

    public AvailableServiceResponse getAvailableServices() {
        AWSPolicy buildAwsSetupPolicy = buildAwsSetupPolicy();
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.add(AvailableService.create("CloudWatch", "Retrieve CloudWatch logs via Kinesis. Kinesis allows streaming of the logs in real time. AWS CloudWatch is a monitoring and management service built for developers, system operators, site reliability engineers (SRE), and IT managers.", this.objectMapper.writeValueAsString(buildAwsSetupPolicy), "Requires Kinesis", "https://aws.amazon.com/cloudwatch/"));
            return AvailableServiceResponse.create(arrayList, arrayList.size());
        } catch (JsonProcessingException e) {
            LOG.error(POLICY_ENCODING_ERROR, e);
            throw new InternalServerErrorException(POLICY_ENCODING_ERROR, e);
        }
    }

    public KinesisPermissionsResponse getPermissions() {
        return KinesisPermissionsResponse.create(policyAsJsonString(buildAwsSetupPolicy()), policyAsJsonString(buildAwsAutoSetupPolicy()));
    }

    private String policyAsJsonString(AWSPolicy aWSPolicy) {
        try {
            return this.objectMapper.writeValueAsString(aWSPolicy);
        } catch (JsonProcessingException e) {
            LOG.error(POLICY_ENCODING_ERROR, e);
            throw new InternalServerErrorException(POLICY_ENCODING_ERROR, e);
        }
    }

    private AWSPolicy buildAwsSetupPolicy() {
        return AWSPolicy.create(AWS_POLICY_VERSION, Collections.singletonList(AWSPolicyStatement.create("GraylogKinesisSetup", "Allow", Arrays.asList("cloudwatch:PutMetricData", "dynamodb:CreateTable", "dynamodb:DescribeTable", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Scan", "dynamodb:UpdateItem", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancers", "iam:CreateRole", "iam:GetRole", "iam:PassRole", "iam:PutRolePolicy", "kinesis:CreateStream", "kinesis:DescribeStream", "kinesis:GetRecords", "kinesis:GetShardIterator", "kinesis:ListShards", "kinesis:ListStreams", "logs:DescribeLogGroups", "logs:PutSubscriptionFilter"), SearchRequestSpec.DEFAULT_QUERY_STRING)));
    }

    private AWSPolicy buildAwsAutoSetupPolicy() {
        return AWSPolicy.create(AWS_POLICY_VERSION, Collections.singletonList(AWSPolicyStatement.create("GraylogKinesisAutoSetup", "Allow", Arrays.asList("iam:PassRole", "logs:DescribeSubscriptionFilters", "logs:PutLogEvents", "kinesis:CreateStream", "kinesis:DescribeStreamConsumer", "kinesis:PutRecord", "kinesis:RegisterStreamConsumer"), SearchRequestSpec.DEFAULT_QUERY_STRING)));
    }

    public Input saveInput(AWSInputCreateRequest aWSInputCreateRequest, User user) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put(AWSCodec.CK_AWS_MESSAGE_TYPE, aWSInputCreateRequest.awsMessageType());
        hashMap.put(ThrottleableTransport.CK_THROTTLING_ALLOWED, Boolean.valueOf(aWSInputCreateRequest.throttlingAllowed()));
        hashMap.put(AWSCodec.CK_FLOW_LOG_PREFIX, Boolean.valueOf(aWSInputCreateRequest.addFlowLogPrefix()));
        hashMap.put(AWSInput.CK_AWS_REGION, aWSInputCreateRequest.region());
        hashMap.put(AWSInput.CK_ACCESS_KEY, aWSInputCreateRequest.awsAccessKeyId());
        hashMap.put(AWSInput.CK_SECRET_KEY, aWSInputCreateRequest.awsSecretAccessKey());
        hashMap.put(AWSInput.CK_ASSUME_ROLE_ARN, aWSInputCreateRequest.assumeRoleArn());
        hashMap.put("cloudwatch_endpoint", aWSInputCreateRequest.cloudwatchEndpoint());
        hashMap.put("dynamodb_endpoint", aWSInputCreateRequest.dynamodbEndpoint());
        hashMap.put("iam_endpoint", aWSInputCreateRequest.iamEndpoint());
        hashMap.put("kinesis_endpoint", aWSInputCreateRequest.kinesisEndpoint());
        if (!AWSMessageType.valueOf(aWSInputCreateRequest.awsMessageType()).isKinesis()) {
            throw new Exception("The specified input type is not supported.");
        }
        hashMap.put(KinesisTransport.CK_KINESIS_STREAM_NAME, aWSInputCreateRequest.streamName());
        hashMap.put(KinesisTransport.CK_KINESIS_RECORD_BATCH_SIZE, Integer.valueOf(aWSInputCreateRequest.batchSize()));
        try {
            MessageInput create = this.messageInputFactory.create(InputCreateRequest.create(aWSInputCreateRequest.name(), AWSInput.TYPE, true, hashMap, this.nodeId.getNodeId()), user.getName(), this.nodeId.getNodeId());
            create.checkConfiguration();
            Input create2 = this.inputService.create(create.asMap());
            LOG.debug("New AWS input created. id [{}] request [{}]", this.inputService.save(create2), aWSInputCreateRequest);
            return create2;
        } catch (ConfigurationException e) {
            LOG.error("Missing or invalid input configuration.", e);
            throw new BadRequestException("Missing or invalid input configuration.", e);
        } catch (NoSuchInputTypeException e2) {
            LOG.error("There is no such input type registered.", e2);
            throw new NotFoundException("There is no such input type registered.", e2);
        }
    }
}
