package com.atlassian.audit.rest.v1;

import com.atlassian.audit.api.AuditEntityCursor;
import com.atlassian.audit.api.AuditQuery;
import com.atlassian.audit.api.AuditRetentionConfigService;
import com.atlassian.audit.api.AuditSearchService;
import com.atlassian.audit.api.util.pagination.Page;
import com.atlassian.audit.api.util.pagination.PageRequest;
import com.atlassian.audit.coverage.InternalAuditCoverageConfigService;
import com.atlassian.audit.coverage.ProductLicenseChecker;
import com.atlassian.audit.csv.AuditCsvExportService;
import com.atlassian.audit.csv.AuditCsvExporter;
import com.atlassian.audit.denylist.ExcludedActionsService;
import com.atlassian.audit.entity.AuditEntity;
import com.atlassian.audit.file.AuditRetentionFileConfig;
import com.atlassian.audit.file.AuditRetentionFileConfigService;
import com.atlassian.audit.plugin.configuration.PermissionsEnforced;
import com.atlassian.audit.plugin.configuration.PropertiesProvider;
import com.atlassian.audit.rest.model.AuditCoverageConfigJson;
import com.atlassian.audit.rest.model.AuditEntitiesResponseJson;
import com.atlassian.audit.rest.model.AuditExcludedActionsJson;
import com.atlassian.audit.rest.model.AuditExcludedActionsModifyRequestJson;
import com.atlassian.audit.rest.model.AuditRetentionConfigJson;
import com.atlassian.audit.rest.model.AuditRetentionFileConfigJson;
import com.atlassian.audit.rest.model.ResponseErrorJson;
import com.atlassian.audit.rest.v1.utils.AuditEntitySerializer;
import com.atlassian.audit.rest.v1.validation.AuditRestValidator;
import com.atlassian.audit.rest.v1.validation.ValidationInterceptor;
import com.atlassian.audit.rest.v1.validation.Validator;
import com.atlassian.audit.spi.entity.AuditEntityTransformationService;
import com.atlassian.plugins.rest.common.interceptor.InterceptorChain;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.atlassian.sal.api.timezone.TimeZoneManager;
import com.sun.jersey.core.header.ContentDisposition;
import io.swagger.v3.oas.annotations.OpenAPIDefinition;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.enums.Explode;
import io.swagger.v3.oas.annotations.enums.ParameterStyle;
import io.swagger.v3.oas.annotations.info.Info;
import io.swagger.v3.oas.annotations.media.ArraySchema;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.Date;
import java.util.concurrent.TimeoutException;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.ws.rs.Consumes;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
import org.apache.batik.util.SVGConstants;

@Path("/")
@Consumes({"application/json"})
@Produces({"application/json"})
@OpenAPIDefinition(info = @Info(title = "Audit", version = "1.0.0", description = "Cross-product audit feature APIs. The root path is /rest/auditing/1.0"))
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-audit-plugin-1.15.0.jar:com/atlassian/audit/rest/v1/AuditRestResource.class */
public class AuditRestResource {
    public static final String FORMAT_CSV_FILE = "csv";
    public static final String FORMAT_JSON = "json";
    private static final String TEXT_CSV = "text/csv";
    private static final String CONTENT_DISPOSITION = "Content-Disposition";
    private final AuditSearchService searchService;
    private final InternalAuditCoverageConfigService coverageConfigService;
    private final AuditRetentionConfigService retentionConfigService;
    private final AuditRetentionFileConfigService retentionFileConfigService;
    private final AuditEntityTransformationService transformationService;
    private final AuditCsvExportService auditCsvExportService;
    private final TimeZoneManager timeZoneManager;
    private final ApplicationProperties applicationProperties;
    private final ProductLicenseChecker licenseChecker;
    private final PropertiesProvider propertiesProvider;
    private final ExcludedActionsService excludedActionsService;

    public AuditRestResource(ApplicationProperties applicationProperties, AuditCsvExportService auditCsvExportService, AuditSearchService auditSearchService, @PermissionsEnforced InternalAuditCoverageConfigService internalAuditCoverageConfigService, @PermissionsEnforced AuditRetentionConfigService auditRetentionConfigService, @PermissionsEnforced AuditRetentionFileConfigService auditRetentionFileConfigService, AuditEntityTransformationService auditEntityTransformationService, TimeZoneManager timeZoneManager, ProductLicenseChecker productLicenseChecker, PropertiesProvider propertiesProvider, ExcludedActionsService excludedActionsService) {
        this.applicationProperties = applicationProperties;
        this.auditCsvExportService = auditCsvExportService;
        this.searchService = auditSearchService;
        this.coverageConfigService = internalAuditCoverageConfigService;
        this.licenseChecker = productLicenseChecker;
        this.propertiesProvider = propertiesProvider;
        this.retentionConfigService = auditRetentionConfigService;
        this.retentionFileConfigService = auditRetentionFileConfigService;
        this.timeZoneManager = timeZoneManager;
        this.transformationService = auditEntityTransformationService;
        this.excludedActionsService = excludedActionsService;
    }

    @GET
    @Path("/events")
    @Operation(summary = "Get a paginated list of audit events", tags = {"audit"})
    @Produces({"application/json", TEXT_CSV})
    @InterceptorChain({ValidationInterceptor.class})
    @ApiResponses({@ApiResponse(responseCode = SVGConstants.SVG_200_VALUE, description = "Successful operation", content = {@Content(schema = @Schema(implementation = AuditEntitiesResponseJson.class))}), @ApiResponse(responseCode = SVGConstants.SVG_400_VALUE, description = "Bad request", content = {@Content(array = @ArraySchema(schema = @Schema(implementation = ResponseErrorJson.class)))})})
    public Response getAuditEvents(@Schema(type = "string", format = "date-time") @QueryParam("from") @Parameter(description = "The start timestamp in ISO8601 format", example = "2019-11-01T01:00:00.000Z") @Validator(AuditRestValidator.FromValidator.class) String str, @Schema(type = "string", format = "date-time") @QueryParam("to") @Parameter(description = "The end timestamp in ISO8601 format", example = "2019-12-01T01:00:00.000Z") @Validator(AuditRestValidator.ToValidator.class) String str2, @Schema(minimum = "0", type = "integer", format = "int32") @QueryParam("offset") @DefaultValue("0") @Parameter(description = "The number of records to skip") @Validator(AuditRestValidator.OffsetValidator.class) String str3, @Parameter(description = "Location of last result returned in format of timestamp,ID. For making a request for page X, the value of this field can be obtained from pagingInfo->nextPageCursor in response for page X-1", example = "1577437517322,9") @QueryParam("pageCursor") @Validator(AuditRestValidator.CursorValidator.class) String str4, @Schema(minimum = "1", maximum = "100000", type = "integer", format = "int32") @QueryParam("limit") @DefaultValue("200") @Parameter(description = "The maximum number of records returned") @Validator(AuditRestValidator.LimitValidator.class) String str5, @Parameter(description = "Audit event author identifiers separated by comma", example = "42,46", style = ParameterStyle.FORM, explode = Explode.FALSE) @QueryParam("userIds") @Validator(AuditRestValidator.UserIdsValidator.class) String str6, @Parameter(description = "Audit categories separated by comma", example = "Global settings changed,Group deleted", style = ParameterStyle.FORM, explode = Explode.FALSE) @QueryParam("categories") @Validator(AuditRestValidator.CategoriesValidator.class) String str7, @Parameter(description = "Comma-separated list of actions which triggered the audit record", example = "Permissions,Apps", style = ParameterStyle.FORM, explode = Explode.FALSE) @QueryParam("actions") @Validator(AuditRestValidator.ActionsValidator.class) String str8, @Parameter(description = "A list of affected objects separated by semicolon. Each affected object is a pair of object type and id separated by comma. Administrator permission of all affected objects is required when specified. Global administrator permission is required when no affected object is specified.", example = "space,42;space,46") @QueryParam("affectedObject") @Validator(AuditRestValidator.AffectedObjectsValidator.class) String str9, @Parameter(description = "Search expression, this parameter may have negative performance impact. It's recommended to use scanLimit when this parameter is specified.") @QueryParam("search") @Validator(AuditRestValidator.SearchValidator.class) String str10, @QueryParam("outputFormat") @DefaultValue("json") @Parameter(description = "What format output should the server create") @Validator(AuditRestValidator.FormatValidator.class) String str11, @QueryParam("scanLimit") @Schema(minimum = "1", maximum = "2147483647", type = "integer", format = "int32") @DefaultValue("2147483647") @Parameter(description = "The maximum number of records to be scanned in the inverse insertion order with from and to filters taking precedence, the default value is 2147483647 which means there is no limit") @Validator(AuditRestValidator.ScanLimitValidator.class) String str12, @Context HttpHeaders httpHeaders, @Context SecurityContext securityContext, @Context UriInfo uriInfo) {
        int parseInt = Integer.parseInt(str3);
        int parseInt2 = Integer.parseInt(str5);
        int parseInt3 = Integer.parseInt(str12);
        AuditQuery generateAuditQuery = generateAuditQuery(str, str2, str6, str7, str8, str9, str10);
        PageRequest<AuditEntityCursor> generatePageRequest = generatePageRequest(str4, parseInt, parseInt2);
        checkDcOnlyFilters(generateAuditQuery);
        if (str11.equals(FORMAT_CSV_FILE)) {
            return generateCsvResponse(parseInt, parseInt2, generateAuditQuery);
        }
        if (str11.equals(FORMAT_JSON)) {
            return generateJsonResponse(this.applicationProperties.getBaseUrl(UrlMode.CANONICAL), uriInfo, generatePageRequest, generateAuditQuery, parseInt3);
        }
        throw new IllegalStateException("Unexpected outputFormat was provided and was not caught by validation");
    }

    private void checkDcOnlyFilters(AuditQuery auditQuery) {
        if (!(auditQuery.getCategories().isEmpty() && auditQuery.getActions().isEmpty()) && this.licenseChecker.isNotDcLicense()) {
            throw new IllegalArgumentException("categories and actions are only supported for Datacenter license.");
        }
    }

    @Nonnull
    private PageRequest<AuditEntityCursor> generatePageRequest(String str, int i, int i2) {
        AuditEntityCursor auditEntityCursor = null;
        if (str != null && !str.trim().isEmpty()) {
            String[] split = str.split(",\\s*");
            if (split.length == 2) {
                auditEntityCursor = new AuditEntityCursor(Instant.ofEpochMilli(Long.parseLong(split[0])), Long.parseLong(split[1]));
            }
        }
        return new PageRequest.Builder().offset(i).limit(i2).cursor(auditEntityCursor).build();
    }

    private AuditQuery generateAuditQuery(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        ArrayList arrayList = new ArrayList();
        if (str6 != null) {
            Stream.of((Object[]) str6.split(";\\s*")).forEach(str8 -> {
                String[] split = str8.split(",\\s*");
                arrayList.add(new AuditQuery.AuditResourceIdentifier(split[0], split[1]));
            });
        }
        return AuditQuery.builder().actions(split(str5)).userIds(split(str3)).categories(split(str4)).searchText(str7).from(parseTime(str)).to(parseTime(str2)).resources(arrayList).build();
    }

    private Response generateJsonResponse(String str, @Context UriInfo uriInfo, PageRequest<AuditEntityCursor> pageRequest, AuditQuery auditQuery, int i) {
        try {
            return Response.ok(new AuditEntitiesResponseJson(retrieveQuery(pageRequest, auditQuery, i), auditEntity -> {
                return AuditEntitySerializer.toJson(auditEntity, this.timeZoneManager.getDefaultTimeZone());
            }, str, uriInfo)).type("application/json").build();
        } catch (TimeoutException e) {
            return Response.serverError().entity(e.getMessage()).build();
        }
    }

    private Response generateCsvResponse(int i, int i2, AuditQuery auditQuery) {
        AuditCsvExporter createExporter = this.auditCsvExportService.createExporter(auditQuery);
        return Response.ok(outputStream -> {
            createExporter.export(outputStream, i, i2);
        }).type(TEXT_CSV).header("Content-Disposition", ContentDisposition.type("attachment").fileName(String.format("Auditing Export %s.csv", DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH_mm_ss'Z'").format(LocalDateTime.now(ZoneId.systemDefault())))).creationDate(new Date(Instant.now().toEpochMilli())).build()).build();
    }

    private Page<AuditEntity, AuditEntityCursor> retrieveQuery(PageRequest<AuditEntityCursor> pageRequest, AuditQuery auditQuery, int i) throws TimeoutException {
        Page<AuditEntity, AuditEntityCursor> findBy = this.searchService.findBy(auditQuery, pageRequest, i);
        return new Page.Builder(this.transformationService.transform(findBy.getValues()), findBy.getIsLastPage()).nextPageRequest(findBy.getNextPageRequest().orElse(null)).build();
    }

    @Nullable
    private String[] split(String str) {
        if (str == null || str.trim().isEmpty()) {
            return null;
        }
        return str.split(",\\s*");
    }

    @Nullable
    private Instant parseTime(String str) {
        if (str == null) {
            return null;
        }
        return Instant.parse(str);
    }

    @GET
    @Path("/configuration/retention")
    @Operation(summary = "Get current audit log retention database configuration", tags = {"configuration"})
    @ApiResponses({@ApiResponse(responseCode = SVGConstants.SVG_200_VALUE, description = "Successful operation", content = {@Content(schema = @Schema(implementation = AuditRetentionConfigJson.class))}), @ApiResponse(responseCode = SVGConstants.SVG_400_VALUE, description = "Bad request", content = {@Content(array = @ArraySchema(schema = @Schema(implementation = ResponseErrorJson.class)))})})
    public Response getAuditRetentionConfiguration(@Context SecurityContext securityContext) {
        return Response.ok(new AuditRetentionConfigJson(this.retentionConfigService.getConfig())).build();
    }

    @Path("/configuration/retention")
    @Operation(summary = "Set current audit log retention database configuration", tags = {"configuration"})
    @PUT
    @ApiResponses({@ApiResponse(responseCode = SVGConstants.SVG_200_VALUE, description = "Successful operation", content = {@Content(schema = @Schema(implementation = AuditRetentionConfigJson.class))}), @ApiResponse(responseCode = SVGConstants.SVG_400_VALUE, description = "Bad request", content = {@Content(array = @ArraySchema(schema = @Schema(implementation = ResponseErrorJson.class)))})})
    public Response updateAuditRetentionConfiguration(@Parameter(required = true) AuditRetentionConfigJson auditRetentionConfigJson, @Context SecurityContext securityContext) {
        this.retentionConfigService.updateConfig(auditRetentionConfigJson.toRetentionConfig());
        return getAuditRetentionConfiguration(securityContext);
    }

    @GET
    @Path("/configuration/retention/file")
    @Operation(summary = "Get current audit log retention file configuration", tags = {"configuration"})
    @ApiResponses({@ApiResponse(responseCode = SVGConstants.SVG_200_VALUE, description = "Successful operation", content = {@Content(schema = @Schema(implementation = AuditRetentionFileConfigJson.class))}), @ApiResponse(responseCode = SVGConstants.SVG_400_VALUE, description = "Bad request", content = {@Content(array = @ArraySchema(schema = @Schema(implementation = ResponseErrorJson.class)))})})
    public Response getAuditRetentionFileConfiguration(@Context SecurityContext securityContext) {
        return Response.ok(this.retentionFileConfigService.getConfig().toJson()).build();
    }

    @Path("/configuration/retention/file")
    @Operation(summary = "Set current audit log retention file configuration", tags = {"configuration"})
    @PUT
    @ApiResponses({@ApiResponse(responseCode = SVGConstants.SVG_200_VALUE, description = "Successful operation", content = {@Content(schema = @Schema(implementation = AuditRetentionFileConfigJson.class))}), @ApiResponse(responseCode = SVGConstants.SVG_400_VALUE, description = "Bad request", content = {@Content(array = @ArraySchema(schema = @Schema(implementation = ResponseErrorJson.class)))})})
    public Response updateAuditRetentionFileConfiguration(@Parameter(required = true) AuditRetentionFileConfigJson auditRetentionFileConfigJson, @Context SecurityContext securityContext) {
        this.retentionFileConfigService.updateConfig(AuditRetentionFileConfig.fromJson(auditRetentionFileConfigJson, this.propertiesProvider.getInteger("plugin.audit.file.max.file.size", 100)));
        return getAuditRetentionFileConfiguration(securityContext);
    }

    @GET
    @Path("/configuration/coverage")
    @Operation(summary = "Get current audit log coverage configuration", tags = {"configuration"})
    @ApiResponses({@ApiResponse(responseCode = SVGConstants.SVG_200_VALUE, description = "Successful operation", content = {@Content(schema = @Schema(implementation = AuditCoverageConfigJson.class))}), @ApiResponse(responseCode = SVGConstants.SVG_400_VALUE, description = "Bad request", content = {@Content(array = @ArraySchema(schema = @Schema(implementation = ResponseErrorJson.class)))})})
    public Response getAuditCoverageConfiguration(@Context SecurityContext securityContext) {
        return Response.ok(new AuditCoverageConfigJson(this.coverageConfigService.getConfig())).build();
    }

    @Path("/configuration/coverage")
    @Operation(summary = "Set current audit log coverage configuration", tags = {"configuration"})
    @PUT
    @ApiResponses({@ApiResponse(responseCode = SVGConstants.SVG_200_VALUE, description = "Successful operation", content = {@Content(schema = @Schema(implementation = AuditCoverageConfigJson.class))}), @ApiResponse(responseCode = SVGConstants.SVG_400_VALUE, description = "Bad request", content = {@Content(array = @ArraySchema(schema = @Schema(implementation = ResponseErrorJson.class)))})})
    public Response updateAuditCoverageConfiguration(@Parameter(required = true) AuditCoverageConfigJson auditCoverageConfigJson, @Context SecurityContext securityContext) {
        this.coverageConfigService.updateConfig(auditCoverageConfigJson.toCoverageConfig());
        return getAuditCoverageConfiguration(securityContext);
    }

    @GET
    @Path("/configuration/denylist")
    @Operation(summary = "Get current excluded actions configuration", tags = {"configuration"})
    @ApiResponses({@ApiResponse(responseCode = SVGConstants.SVG_200_VALUE, description = "Successful operation", content = {@Content(schema = @Schema(implementation = AuditExcludedActionsJson.class))}), @ApiResponse(responseCode = SVGConstants.SVG_400_VALUE, description = "Bad request", content = {@Content(array = @ArraySchema(schema = @Schema(implementation = ResponseErrorJson.class)))})})
    public Response getExcludedActions(@Context SecurityContext securityContext) {
        checkDcOnly();
        return Response.ok(new AuditExcludedActionsJson(this.excludedActionsService.getExcludedActions())).build();
    }

    @Path("/configuration/denylist")
    @Operation(summary = "Modify existing excluded actions configuration", tags = {"configuration"})
    @POST
    @ApiResponses({@ApiResponse(responseCode = SVGConstants.SVG_200_VALUE, description = "Successful operation", content = {@Content(schema = @Schema(implementation = AuditExcludedActionsModifyRequestJson.class))}), @ApiResponse(responseCode = SVGConstants.SVG_400_VALUE, description = "Bad request", content = {@Content(array = @ArraySchema(schema = @Schema(implementation = ResponseErrorJson.class)))})})
    public Response modifyExcludedActions(@Parameter(required = true) AuditExcludedActionsModifyRequestJson auditExcludedActionsModifyRequestJson, @Context SecurityContext securityContext) {
        checkDcOnly();
        this.excludedActionsService.updateExcludedActions(auditExcludedActionsModifyRequestJson.getActionsToAdd(), auditExcludedActionsModifyRequestJson.getActionsToDelete());
        return getExcludedActions(securityContext);
    }

    @Path("/configuration/denylist")
    @Operation(summary = "Replace existing exclude actions configuration", tags = {"configuration"})
    @PUT
    @ApiResponses({@ApiResponse(responseCode = SVGConstants.SVG_200_VALUE, description = "Successful operation", content = {@Content(schema = @Schema(implementation = AuditExcludedActionsJson.class))}), @ApiResponse(responseCode = SVGConstants.SVG_400_VALUE, description = "Bad request", content = {@Content(array = @ArraySchema(schema = @Schema(implementation = ResponseErrorJson.class)))})})
    public Response replaceExcludedActions(@Parameter(required = true) AuditExcludedActionsJson auditExcludedActionsJson, @Context SecurityContext securityContext) {
        checkDcOnly();
        this.excludedActionsService.replaceExcludedActions(auditExcludedActionsJson.getActions());
        return getExcludedActions(securityContext);
    }

    private void checkDcOnly() {
        if (this.licenseChecker.isNotDcLicense()) {
            throw new IllegalArgumentException("Excluded events is only supported for Datacenter license.");
        }
    }
}
