package io.confluent.security.audit.kafka;

import com.fasterxml.jackson.databind.node.JsonNodeFactory;
import com.fasterxml.jackson.databind.node.NullNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.fasterxml.jackson.databind.node.ShortNode;
import com.fasterxml.jackson.databind.node.TextNode;
import com.google.protobuf.InvalidProtocolBufferException;
import com.google.protobuf.Struct;
import com.google.protobuf.util.JsonFormat;
import io.confluent.protobuf.events.auditlog.v2.AuditLog;
import io.confluent.protobuf.events.auditlog.v2.Result;
import io.confluent.protobuf.events.auditlog.v2.TypedCloudResourceRef;
import io.confluent.security.audit.AuditLogUtils;
import io.confluent.security.authorizer.ResourcePattern;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import org.apache.kafka.common.Uuid;
import org.apache.kafka.common.message.FetchRequestData;
import org.apache.kafka.common.message.FetchRequestDataJsonConverter;
import org.apache.kafka.common.message.FetchResponseData;
import org.apache.kafka.common.message.FetchResponseDataJsonConverter;
import org.apache.kafka.common.network.ProduceConsumeAuditLogTracker;
import org.apache.kafka.common.protocol.Errors;
import org.apache.kafka.common.requests.RequestContext;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.connect.runtime.tracing.TraceRecordBuilderImpl;
import org.apache.kafka.server.audit.KafkaRequestEvent;
import org.hibernate.validator.internal.metadata.core.ConstraintHelper;

/* loaded from: input_file:io/confluent/security/audit/kafka/FetchRequestAuditExtractor.class */
public class FetchRequestAuditExtractor {
    public static List<AuditLog> extract(KafkaRequestEvent kafkaRequestEvent, AuditExtractorOptions auditExtractorOptions) throws Exception {
        ArrayList arrayList = new ArrayList();
        RequestContext requestContext = (RequestContext) kafkaRequestEvent.requestContext();
        for (FetchRequestData.FetchTopic fetchTopic : FetchRequestDataJsonConverter.read(kafkaRequestEvent.requestPayload(), (short) kafkaRequestEvent.requestContext().requestVersion()).topics()) {
            String str = fetchTopic.topic();
            String str2 = (requestContext.tenantPrefix().isPresent() ? requestContext.tenantPrefix().get() : "") + str;
            Uuid uuid = fetchTopic.topicId();
            boolean z = kafkaRequestEvent.requestContext().requestVersion() <= 12;
            ArrayList arrayList2 = new ArrayList();
            kafkaRequestEvent.responsePayload().get("responses").forEach(jsonNode -> {
                jsonNode.get("partitions").forEach(jsonNode -> {
                    if (!(z && jsonNode.get("topic").asText().equals(str2)) && (z || !jsonNode.get("topicId").asText().equals(uuid.toString()))) {
                        return;
                    }
                    ObjectNode objectNode = (ObjectNode) jsonNode.deepCopy();
                    objectNode.putIfAbsent("records", null);
                    arrayList2.add(FetchResponseDataJsonConverter.PartitionDataJsonConverter.read(objectNode, (short) kafkaRequestEvent.requestContext().requestVersion()));
                });
            });
            arrayList2.sort(Comparator.comparingInt((v0) -> {
                return v0.partitionIndex();
            }));
            fetchTopic.partitions().sort(Comparator.comparingInt((v0) -> {
                return v0.partition();
            }));
            Iterator<FetchRequestData.FetchPartition> it = fetchTopic.partitions().iterator();
            Iterator it2 = arrayList2.iterator();
            while (it.hasNext() && it2.hasNext()) {
                FetchResponseData.PartitionData partitionData = (FetchResponseData.PartitionData) it2.next();
                ProduceConsumeAuditLogTracker.TopicDetails topicDetails = new ProduceConsumeAuditLogTracker.TopicDetails(uuid, str2);
                if (!requestContext.produceConsumeAuditLogTracker.hasConsumeTopic(topicDetails).booleanValue()) {
                    if (Errors.forCode(partitionData.errorCode()).equals(Errors.NONE)) {
                        requestContext.produceConsumeAuditLogTracker.addConsumeTopic(topicDetails);
                    }
                    arrayList.add(AuditLogUtils.auditLog(kafkaRequestEvent, auditExtractorOptions, AuditLogUtils.hasAuthorizationFailure(partitionData.errorCode()), false, requestData(), status(partitionData), resultData(partitionData), typedCloudResourceRefList(kafkaRequestEvent, z ? str : uuid.toString()), AuditLogUtils.requestResourceCrn(auditExtractorOptions.crnAuthority(), kafkaRequestEvent, new ResourcePattern("Topic", z ? str : uuid.toString(), PatternType.LITERAL))));
                }
            }
        }
        return arrayList;
    }

    private static List<TypedCloudResourceRef> typedCloudResourceRefList(KafkaRequestEvent kafkaRequestEvent, String str) {
        List<TypedCloudResourceRef> typedCloudResourceRefList = AuditLogUtils.typedCloudResourceRefList(kafkaRequestEvent);
        typedCloudResourceRefList.add(TypedCloudResourceRef.newBuilder().setType(TypedCloudResourceRef.ResourceType.TOPIC).setResourceId(str).build());
        return typedCloudResourceRefList;
    }

    private static Struct requestData() throws InvalidProtocolBufferException {
        Struct.Builder newBuilder = Struct.newBuilder();
        ObjectNode objectNode = new ObjectNode(JsonNodeFactory.instance);
        objectNode.set("partition", NullNode.getInstance());
        objectNode.set(TraceRecordBuilderImpl.OFFSET, NullNode.getInstance());
        JsonFormat.parser().merge(objectNode.toString(), newBuilder);
        return newBuilder.build();
    }

    private static Result.Status status(FetchResponseData.PartitionData partitionData) {
        return partitionData.errorCode() == Errors.NONE.code() ? Result.Status.SUCCESS : Result.Status.FAILURE;
    }

    private static Struct resultData(FetchResponseData.PartitionData partitionData) throws InvalidProtocolBufferException {
        Struct.Builder newBuilder = Struct.newBuilder();
        ObjectNode objectNode = new ObjectNode(JsonNodeFactory.instance);
        objectNode.set(ConstraintHelper.MESSAGE, new TextNode(Errors.forCode(partitionData.errorCode()).message()));
        objectNode.set("errorCode", new ShortNode(partitionData.errorCode()));
        objectNode.set("errorType", new TextNode(Errors.forCode(partitionData.errorCode()).name()));
        JsonFormat.parser().merge(objectNode.toString(), newBuilder);
        return newBuilder.build();
    }
}
