package io.confluent.security.audit.kafka;

import com.fasterxml.jackson.databind.node.JsonNodeFactory;
import com.fasterxml.jackson.databind.node.NullNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.fasterxml.jackson.databind.node.ShortNode;
import com.fasterxml.jackson.databind.node.TextNode;
import com.google.protobuf.InvalidProtocolBufferException;
import com.google.protobuf.Struct;
import com.google.protobuf.util.JsonFormat;
import io.confluent.protobuf.events.auditlog.v2.AuditLog;
import io.confluent.protobuf.events.auditlog.v2.Result;
import io.confluent.protobuf.events.auditlog.v2.TypedCloudResourceRef;
import io.confluent.security.audit.AuditLogUtils;
import io.confluent.security.authorizer.ResourcePattern;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.kafka.clients.producer.ProducerConfig;
import org.apache.kafka.common.Uuid;
import org.apache.kafka.common.message.ProduceRequestData;
import org.apache.kafka.common.message.ProduceRequestDataJsonConverter;
import org.apache.kafka.common.message.ProduceResponseData;
import org.apache.kafka.common.message.ProduceResponseDataJsonConverter;
import org.apache.kafka.common.network.ProduceConsumeAuditLogTracker;
import org.apache.kafka.common.protocol.Errors;
import org.apache.kafka.common.requests.RequestContext;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.connect.runtime.tracing.TraceRecordBuilderImpl;
import org.apache.kafka.server.audit.KafkaRequestEvent;
import org.hibernate.validator.internal.metadata.core.ConstraintHelper;

/* loaded from: input_file:io/confluent/security/audit/kafka/ProduceRequestAuditExtractor.class */
public class ProduceRequestAuditExtractor {
    public static List<AuditLog> extract(KafkaRequestEvent kafkaRequestEvent, AuditExtractorOptions auditExtractorOptions) throws Exception {
        ArrayList arrayList = new ArrayList();
        RequestContext requestContext = (RequestContext) kafkaRequestEvent.requestContext();
        ProduceResponseData read = ProduceResponseDataJsonConverter.read(kafkaRequestEvent.responsePayload(), (short) kafkaRequestEvent.requestContext().requestVersion());
        kafkaRequestEvent.requestPayload().path("topicData").forEach(jsonNode -> {
            jsonNode.path("partitionData").forEach(jsonNode -> {
                ((ObjectNode) jsonNode).putIfAbsent("records", null);
            });
        });
        ProduceRequestData read2 = ProduceRequestDataJsonConverter.read(kafkaRequestEvent.requestPayload(), (short) kafkaRequestEvent.requestContext().requestVersion());
        Iterator<E> it = read.responses().iterator();
        while (it.hasNext()) {
            ProduceResponseData.TopicProduceResponse topicProduceResponse = (ProduceResponseData.TopicProduceResponse) it.next();
            String name = topicProduceResponse.name();
            String str = (requestContext.tenantPrefix().isPresent() ? requestContext.tenantPrefix().get() : "") + name;
            Uuid uuid = Uuid.ZERO_UUID;
            for (ProduceResponseData.PartitionProduceResponse partitionProduceResponse : topicProduceResponse.partitionResponses()) {
                ProduceConsumeAuditLogTracker.TopicDetails topicDetails = new ProduceConsumeAuditLogTracker.TopicDetails(uuid, name);
                ProduceConsumeAuditLogTracker.TopicDetails topicDetails2 = new ProduceConsumeAuditLogTracker.TopicDetails(uuid, str);
                if (!requestContext.produceConsumeAuditLogTracker.hasProduceTopic(topicDetails2).booleanValue()) {
                    if (Errors.forCode(partitionProduceResponse.errorCode()).equals(Errors.NONE)) {
                        requestContext.produceConsumeAuditLogTracker.addProduceTopic(topicDetails2);
                    }
                    arrayList.add(AuditLogUtils.auditLog(kafkaRequestEvent, auditExtractorOptions, AuditLogUtils.hasAuthorizationFailure(partitionProduceResponse.errorCode()), false, requestData(topicDetails, read2), status(partitionProduceResponse), resultData(partitionProduceResponse), typedCloudResourceRefList(kafkaRequestEvent, name), AuditLogUtils.requestResourceCrn(auditExtractorOptions.crnAuthority(), kafkaRequestEvent, new ResourcePattern("Topic", name, PatternType.LITERAL))));
                }
            }
        }
        return arrayList;
    }

    private static List<TypedCloudResourceRef> typedCloudResourceRefList(KafkaRequestEvent kafkaRequestEvent, String str) {
        List<TypedCloudResourceRef> typedCloudResourceRefList = AuditLogUtils.typedCloudResourceRefList(kafkaRequestEvent);
        typedCloudResourceRefList.add(TypedCloudResourceRef.newBuilder().setType(TypedCloudResourceRef.ResourceType.TOPIC).setResourceId(str).build());
        return typedCloudResourceRefList;
    }

    private static Struct requestData(ProduceConsumeAuditLogTracker.TopicDetails topicDetails, ProduceRequestData produceRequestData) throws InvalidProtocolBufferException {
        Struct.Builder newBuilder = Struct.newBuilder();
        ObjectNode objectNode = new ObjectNode(JsonNodeFactory.instance);
        objectNode.set("transactionalId", new TextNode(produceRequestData.transactionalId()));
        objectNode.set(ProducerConfig.ACKS_CONFIG, new ShortNode(produceRequestData.acks()));
        objectNode.set("topic", new TextNode(topicDetails.topicName()));
        objectNode.set("partition", NullNode.getInstance());
        JsonFormat.parser().merge(objectNode.toString(), newBuilder);
        return newBuilder.build();
    }

    private static Result.Status status(ProduceResponseData.PartitionProduceResponse partitionProduceResponse) {
        return partitionProduceResponse.errorCode() == Errors.NONE.code() ? Result.Status.SUCCESS : Result.Status.FAILURE;
    }

    private static Struct resultData(ProduceResponseData.PartitionProduceResponse partitionProduceResponse) throws InvalidProtocolBufferException {
        Struct.Builder newBuilder = Struct.newBuilder();
        ObjectNode objectNode = new ObjectNode(JsonNodeFactory.instance);
        objectNode.set(TraceRecordBuilderImpl.OFFSET, NullNode.getInstance());
        objectNode.set(ConstraintHelper.MESSAGE, new TextNode(partitionProduceResponse.errorMessage()));
        objectNode.set("errorCode", new ShortNode(partitionProduceResponse.errorCode()));
        objectNode.set("errorType", new TextNode(Errors.forCode(partitionProduceResponse.errorCode()).name()));
        JsonFormat.parser().merge(objectNode.toString(), newBuilder);
        return newBuilder.build();
    }
}
