package io.confluent.security.audit.kafka;

import com.fasterxml.jackson.databind.node.ObjectNode;
import com.google.protobuf.InvalidProtocolBufferException;
import com.google.protobuf.Struct;
import com.google.protobuf.util.JsonFormat;
import io.confluent.protobuf.events.auditlog.v2.AuditLog;
import io.confluent.protobuf.events.auditlog.v2.Result;
import io.confluent.security.audit.AuditLogUtils;
import java.util.ArrayList;
import java.util.List;
import org.apache.kafka.common.message.CreateAclsRequestData;
import org.apache.kafka.common.message.CreateAclsRequestDataJsonConverter;
import org.apache.kafka.common.message.CreateAclsResponseData;
import org.apache.kafka.common.message.CreateAclsResponseDataJsonConverter;
import org.apache.kafka.common.protocol.Errors;
import org.apache.kafka.server.audit.KafkaRequestEvent;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/security/audit/kafka/CreateAclsRequestAuditExtractor.class */
public class CreateAclsRequestAuditExtractor {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CreateAclsRequestAuditExtractor.class);

    public static List<AuditLog> extract(KafkaRequestEvent kafkaRequestEvent, AuditExtractorOptions auditExtractorOptions) {
        ArrayList arrayList = new ArrayList();
        try {
            CreateAclsRequestData read = CreateAclsRequestDataJsonConverter.read(kafkaRequestEvent.requestPayload(), (short) kafkaRequestEvent.requestContext().requestVersion());
            CreateAclsResponseData read2 = CreateAclsResponseDataJsonConverter.read(kafkaRequestEvent.responsePayload(), (short) kafkaRequestEvent.requestContext().requestVersion());
            arrayList.add(AuditLogUtils.auditLog(kafkaRequestEvent, auditExtractorOptions, hasAuthorizationFailure(read2), false, requestData(read, kafkaRequestEvent), status(read2), resultData(read2, kafkaRequestEvent), AuditLogUtils.typedCloudResourceRefList(kafkaRequestEvent), AuditLogUtils.requestCrn(auditExtractorOptions.crnAuthority(), kafkaRequestEvent)));
        } catch (Exception e) {
            log.error("Error while extracting Audit logs", (Throwable) e);
        }
        return arrayList;
    }

    private static boolean hasAuthorizationFailure(CreateAclsResponseData createAclsResponseData) {
        return createAclsResponseData.results().stream().anyMatch(aclCreationResult -> {
            return AuditLogUtils.hasAuthorizationFailure(aclCreationResult.errorCode());
        });
    }

    private static Struct requestData(CreateAclsRequestData createAclsRequestData, KafkaRequestEvent kafkaRequestEvent) throws Exception {
        Struct.Builder newBuilder = Struct.newBuilder();
        JsonFormat.parser().merge(((ObjectNode) CreateAclsRequestDataJsonConverter.write(createAclsRequestData, (short) kafkaRequestEvent.requestContext().requestVersion(), true)).toString(), newBuilder);
        return newBuilder.build();
    }

    private static Result.Status status(CreateAclsResponseData createAclsResponseData) {
        return createAclsResponseData.results().stream().anyMatch(aclCreationResult -> {
            return aclCreationResult.errorCode() != Errors.NONE.code();
        }) ? Result.Status.FAILURE : Result.Status.SUCCESS;
    }

    private static Struct resultData(CreateAclsResponseData createAclsResponseData, KafkaRequestEvent kafkaRequestEvent) throws InvalidProtocolBufferException {
        Struct.Builder newBuilder = Struct.newBuilder();
        ObjectNode objectNode = (ObjectNode) CreateAclsResponseDataJsonConverter.write(createAclsResponseData, (short) kafkaRequestEvent.requestContext().requestVersion(), true);
        objectNode.remove("throttleTimeMs");
        JsonFormat.parser().merge(objectNode.toString(), newBuilder);
        return newBuilder.build();
    }
}
