package com.appiancorp.security.authz;

import com.appiancorp.security.SecurityConstants;
import com.appiancorp.security.auth.SecurityContext;
import com.appiancorp.security.authz.AuthorizationEventMetadata;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableSet;
import java.sql.Timestamp;
import java.util.Set;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/appiancorp/security/authz/AuthorizationEventLogger.class */
public class AuthorizationEventLogger {

    @VisibleForTesting
    static final String AUTHZ_AUDIT_LOG_NAME = "com.appian.authz-audit";
    private static final Logger AUTHZ_AUDIT_LOG = Logger.getLogger(AUTHZ_AUDIT_LOG_NAME);
    private static final ImmutableSet<String> ACTIONS_FILTERED_FROM_AUDIT_LOG = ImmutableSet.of("com.appiancorp.process.workpoller.WorkService.acceptWorkBulk");

    public void logAllowed(SecurityContext securityContext, String str, String str2, Set<String> set) {
        Level logLevelForDecision = getLogLevelForDecision(AuthorizationEventMetadata.Decision.ALLOWED);
        if (AUTHZ_AUDIT_LOG.isEnabledFor(logLevelForDecision)) {
            if (ACTIONS_FILTERED_FROM_AUDIT_LOG.contains(str2) && SecurityConstants.ADMIN_USERNAME.equals(securityContext.getName())) {
                return;
            }
            AUTHZ_AUDIT_LOG.log(logLevelForDecision, new AuthorizationEventMetadata(now(), securityContext.getName(), securityContext.getGrantorName(), str, str2, set));
        }
    }

    public void logDenied(SecurityContext securityContext, String str, String str2, AuthorizationException authorizationException) {
        Level logLevelForDecision = getLogLevelForDecision(AuthorizationEventMetadata.Decision.DENIED);
        if (AUTHZ_AUDIT_LOG.isEnabledFor(logLevelForDecision)) {
            AUTHZ_AUDIT_LOG.log(logLevelForDecision, new AuthorizationEventMetadata(now(), securityContext.getName(), securityContext.getGrantorName(), str, str2, authorizationException));
        }
    }

    public void logError(SecurityContext securityContext, String str, String str2, RuntimeException runtimeException) {
        Level logLevelForDecision = getLogLevelForDecision(AuthorizationEventMetadata.Decision.ERROR);
        if (AUTHZ_AUDIT_LOG.isEnabledFor(logLevelForDecision)) {
            AUTHZ_AUDIT_LOG.log(logLevelForDecision, new AuthorizationEventMetadata(now(), securityContext.getName(), securityContext.getGrantorName(), str, str2, runtimeException));
        }
    }

    public void log(AuthorizationEventMetadata authorizationEventMetadata) {
        Level logLevelForDecision = getLogLevelForDecision(authorizationEventMetadata.getDecision());
        if (AUTHZ_AUDIT_LOG.isEnabledFor(logLevelForDecision)) {
            AUTHZ_AUDIT_LOG.log(logLevelForDecision, authorizationEventMetadata);
        }
    }

    private static Level getLogLevelForDecision(AuthorizationEventMetadata.Decision decision) {
        switch (decision) {
            case ALLOWED:
                return Level.DEBUG;
            case DENIED:
                return Level.INFO;
            case ERROR:
                return Level.ERROR;
            default:
                throw new IllegalArgumentException("Unknown authorization decision type: " + decision);
        }
    }

    private static Timestamp now() {
        return new Timestamp(System.currentTimeMillis());
    }
}
