package org.apache.hadoop.crypto.key.kms.server;

import com.google.common.base.Joiner;
import com.google.common.base.Strings;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.RemovalListener;
import com.google.common.cache.RemovalNotification;
import com.google.common.collect.Sets;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import java.util.LinkedList;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicLong;
import org.apache.hadoop.crypto.key.kms.server.KMS;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-kms-2.7.0-mapr-1703.jar:org/apache/hadoop/crypto/key/kms/server/KMSAudit.class */
public class KMSAudit {
    private Cache<String, AuditEvent> cache;
    private ScheduledExecutorService executor = Executors.newScheduledThreadPool(1, new ThreadFactoryBuilder().setDaemon(true).setNameFormat("kms-audit_thread").build());
    private static Set<KMS.KMSOp> AGGREGATE_OPS_WHITELIST = Sets.newHashSet(KMS.KMSOp.GET_KEY_VERSION, KMS.KMSOp.GET_CURRENT_KEY, KMS.KMSOp.DECRYPT_EEK, KMS.KMSOp.GENERATE_EEK);
    public static final String KMS_LOGGER_NAME = "kms-audit";
    private static Logger AUDIT_LOG = LoggerFactory.getLogger(KMS_LOGGER_NAME);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-kms-2.7.0-mapr-1703.jar:org/apache/hadoop/crypto/key/kms/server/KMSAudit$AuditEvent.class */
    public static class AuditEvent {
        private final AtomicLong accessCount;
        private final String keyName;
        private final String user;
        private final KMS.KMSOp op;
        private final String extraMsg;
        private final long startTime;

        private AuditEvent(String str, String str2, KMS.KMSOp kMSOp, String str3) {
            this.accessCount = new AtomicLong(-1L);
            this.startTime = System.currentTimeMillis();
            this.keyName = str;
            this.user = str2;
            this.op = kMSOp;
            this.extraMsg = str3;
        }

        public String getExtraMsg() {
            return this.extraMsg;
        }

        public AtomicLong getAccessCount() {
            return this.accessCount;
        }

        public String getKeyName() {
            return this.keyName;
        }

        public String getUser() {
            return this.user;
        }

        public KMS.KMSOp getOp() {
            return this.op;
        }

        public long getStartTime() {
            return this.startTime;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/hadoop-kms-2.7.0-mapr-1703.jar:org/apache/hadoop/crypto/key/kms/server/KMSAudit$OpStatus.class */
    public enum OpStatus {
        OK,
        UNAUTHORIZED,
        UNAUTHENTICATED,
        ERROR
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KMSAudit(long j) {
        this.cache = CacheBuilder.newBuilder().expireAfterWrite(j, TimeUnit.MILLISECONDS).removalListener(new RemovalListener<String, AuditEvent>() { // from class: org.apache.hadoop.crypto.key.kms.server.KMSAudit.1
            @Override // com.google.common.cache.RemovalListener
            public void onRemoval(RemovalNotification<String, AuditEvent> removalNotification) {
                AuditEvent value = removalNotification.getValue();
                if (value.getAccessCount().get() > 0) {
                    KMSAudit.this.logEvent(value);
                    value.getAccessCount().set(0L);
                    KMSAudit.this.cache.put(removalNotification.getKey(), value);
                }
            }
        }).build();
        this.executor.scheduleAtFixedRate(new Runnable() { // from class: org.apache.hadoop.crypto.key.kms.server.KMSAudit.2
            @Override // java.lang.Runnable
            public void run() {
                KMSAudit.this.cache.cleanUp();
            }
        }, j / 10, j / 10, TimeUnit.MILLISECONDS);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void logEvent(AuditEvent auditEvent) {
        AUDIT_LOG.info("OK[op={}, key={}, user={}, accessCount={}, interval={}ms] {}", auditEvent.getOp(), auditEvent.getKeyName(), auditEvent.getUser(), Long.valueOf(auditEvent.getAccessCount().get()), Long.valueOf(System.currentTimeMillis() - auditEvent.getStartTime()), auditEvent.getExtraMsg());
    }

    private void op(OpStatus opStatus, final KMS.KMSOp kMSOp, final String str, final String str2, final String str3) {
        if (!Strings.isNullOrEmpty(str) && !Strings.isNullOrEmpty(str2) && kMSOp != null && AGGREGATE_OPS_WHITELIST.contains(kMSOp)) {
            String createCacheKey = createCacheKey(str, str2, kMSOp);
            if (opStatus == OpStatus.UNAUTHORIZED) {
                this.cache.invalidate(createCacheKey);
                AUDIT_LOG.info("UNAUTHORIZED[op={}, key={}, user={}] {}", kMSOp, str2, str, str3);
                return;
            }
            try {
                AuditEvent auditEvent = this.cache.get(createCacheKey, new Callable<AuditEvent>() { // from class: org.apache.hadoop.crypto.key.kms.server.KMSAudit.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public AuditEvent call() throws Exception {
                        return new AuditEvent(str2, str, kMSOp, str3);
                    }
                });
                if (auditEvent.getAccessCount().incrementAndGet() == 0) {
                    auditEvent.getAccessCount().incrementAndGet();
                    logEvent(auditEvent);
                }
                return;
            } catch (ExecutionException e) {
                throw new RuntimeException(e);
            }
        }
        LinkedList linkedList = new LinkedList();
        if (kMSOp != null) {
            linkedList.add("op=" + kMSOp);
        }
        if (!Strings.isNullOrEmpty(str2)) {
            linkedList.add("key=" + str2);
        }
        if (!Strings.isNullOrEmpty(str)) {
            linkedList.add("user=" + str);
        }
        if (linkedList.size() == 0) {
            AUDIT_LOG.info("{} {}", opStatus.toString(), str3);
        } else {
            AUDIT_LOG.info("{}[{}] {}", opStatus.toString(), Joiner.on(", ").join((Iterable<?>) linkedList), str3);
        }
    }

    public void ok(UserGroupInformation userGroupInformation, KMS.KMSOp kMSOp, String str, String str2) {
        op(OpStatus.OK, kMSOp, userGroupInformation.getShortUserName(), str, str2);
    }

    public void ok(UserGroupInformation userGroupInformation, KMS.KMSOp kMSOp, String str) {
        op(OpStatus.OK, kMSOp, userGroupInformation.getShortUserName(), null, str);
    }

    public void unauthorized(UserGroupInformation userGroupInformation, KMS.KMSOp kMSOp, String str) {
        op(OpStatus.UNAUTHORIZED, kMSOp, userGroupInformation.getShortUserName(), str, "");
    }

    public void error(UserGroupInformation userGroupInformation, String str, String str2, String str3) {
        op(OpStatus.ERROR, null, userGroupInformation.getShortUserName(), null, "Method:'" + str + "' Exception:'" + str3 + "'");
    }

    public void unauthenticated(String str, String str2, String str3, String str4) {
        op(OpStatus.UNAUTHENTICATED, null, null, null, "RemoteHost:" + str + " Method:" + str2 + " URL:" + str3 + " ErrorMsg:'" + str4 + "'");
    }

    private static String createCacheKey(String str, String str2, KMS.KMSOp kMSOp) {
        return str + "#" + str2 + "#" + kMSOp;
    }

    public void shutdown() {
        this.executor.shutdownNow();
    }
}
