package org.zowe.apiml.security.common.audit;

import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.reflect.Proxy;
import javax.annotation.PostConstruct;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.stereotype.Service;
import org.zowe.apiml.security.common.auth.saf.SafResourceAccessSaf;
import org.zowe.apiml.security.common.auth.saf.SafResourceAccessVerifying;
import org.zowe.apiml.util.ClassOrDefaultProxyUtils;

@Service
/* loaded from: input_file:BOOT-INF/lib/apiml-security-common-2.12.9.jar:org/zowe/apiml/security/common/audit/RauditxService.class */
public class RauditxService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) RauditxService.class);
    private static final int RELOCATED_RECORD_TYPE_BIND_USER = 103;

    @Value("${rauditx.fmid:AZWE001}")
    private String fmid;

    @Value("${rauditx.component:ZOWE}")
    private String component;

    @Value("${rauditx.subtype:2}")
    private int subtype;

    @Value("${rauditx.event:2}")
    private int event;

    @Value("${rauditx.qualifier.success:0}")
    private int qualifierSuccess;

    @Value("${rauditx.qualifier.failed:1}")
    private int qualifierFailed;

    /* loaded from: input_file:BOOT-INF/lib/apiml-security-common-2.12.9.jar:org/zowe/apiml/security/common/audit/RauditxService$RauditxBuilder.class */
    public class RauditxBuilder {
        final Rauditx rauditx;

        public RauditxBuilder success() {
            this.rauditx.setEventSuccess();
            qualifier(RauditxService.this.qualifierSuccess);
            return this;
        }

        public RauditxBuilder failure() {
            this.rauditx.setEventFailure();
            qualifier(RauditxService.this.qualifierFailed);
            return this;
        }

        public RauditxBuilder authentication() {
            this.rauditx.setAuthenticationEvent();
            return this;
        }

        public RauditxBuilder authorization() {
            this.rauditx.setAuthorizationEvent();
            return this;
        }

        public RauditxBuilder alwaysLogSuccesses() {
            this.rauditx.setAlwaysLogSuccesses();
            return this;
        }

        public RauditxBuilder neverLogSuccesses() {
            this.rauditx.setNeverLogSuccesses();
            return this;
        }

        public RauditxBuilder alwaysLogFailures() {
            this.rauditx.setAlwaysLogFailures();
            return this;
        }

        public RauditxBuilder neverLogFailures() {
            this.rauditx.setNeverLogFailures();
            return this;
        }

        public RauditxBuilder checkWarningMode() {
            this.rauditx.setCheckWarningMode();
            return this;
        }

        public RauditxBuilder ignoreSuccessWithNoAuditLogRecord(boolean z) {
            this.rauditx.setIgnoreSuccessWithNoAuditLogRecord(z);
            return this;
        }

        public RauditxBuilder logString(String str) {
            this.rauditx.setLogString(str);
            return this;
        }

        public RauditxBuilder messageSegment(String str) {
            this.rauditx.addMessageSegment(str);
            return this;
        }

        public RauditxBuilder userId(String str) {
            this.rauditx.addRelocateSection(103, str);
            return this;
        }

        public RauditxBuilder event(int i) {
            this.rauditx.setEvent(i);
            return this;
        }

        public RauditxBuilder qualifier(int i) {
            this.rauditx.setQualifier(i);
            return this;
        }

        public RauditxBuilder subtype(int i) {
            this.rauditx.setSubtype(i);
            return this;
        }

        public void issue() {
            try {
                this.rauditx.issue();
            } catch (RauditxException e) {
                RauditxService.log.debug("Cannot issue RAuditX record", (Throwable) e);
            }
        }

        @Generated
        public RauditxBuilder(Rauditx rauditx) {
            this.rauditx = rauditx;
        }
    }

    String getCurrentUser() {
        try {
            return (String) MethodHandles.publicLookup().findStatic(Class.forName("com.ibm.jzos.ZUtil"), "getCurrentUser", MethodType.methodType(String.class)).invoke();
        } catch (Throwable th) {
            log.debug("Cannot obtain current userId", th);
            return null;
        }
    }

    void logNoPrivileges(String str) {
        if (StringUtils.isBlank(str)) {
            log.debug("Cannot issue any Rauditx record off z/OS.");
        } else {
            log.warn("The calling userid ({}) must have READ authority to the IRR.RAUDITX profile in the FACILITY class to issue a Rauditx record.", str);
        }
    }

    SafResourceAccessVerifying getNativeSafResourceAccessVerifying() {
        try {
            return new SafResourceAccessSaf();
        } catch (Exception e) {
            log.debug("Cannot create instance of SafResourceAccessSaf");
            return null;
        }
    }

    @PostConstruct
    public void verifyPrivileges() {
        SafResourceAccessVerifying nativeSafResourceAccessVerifying;
        String currentUser = getCurrentUser();
        boolean z = false;
        if (!StringUtils.isBlank(currentUser) && (nativeSafResourceAccessVerifying = getNativeSafResourceAccessVerifying()) != null) {
            z = nativeSafResourceAccessVerifying.hasSafResourceAccess(new UsernamePasswordAuthenticationToken(currentUser, null), "FACILITY", "IRR.RAUDITX", "READ");
        }
        if (z) {
            return;
        }
        logNoPrivileges(currentUser);
    }

    void setDefault(RauditxBuilder rauditxBuilder) {
        rauditxBuilder.subtype(this.subtype).event(this.event);
        rauditxBuilder.rauditx.setComponent(this.component);
        rauditxBuilder.rauditx.setFmid(this.fmid);
    }

    Rauditx createMock() {
        return (Rauditx) Proxy.newProxyInstance(RauditxService.class.getClassLoader(), new Class[]{Rauditx.class}, (obj, method, objArr) -> {
            return null;
        });
    }

    public RauditxBuilder builder() {
        RauditxBuilder rauditxBuilder = new RauditxBuilder((Rauditx) ClassOrDefaultProxyUtils.createProxy(Rauditx.class, "com.ibm.jzos.Rauditx", this::createMock, new ClassOrDefaultProxyUtils.ByMethodName("com.ibm.jzos.RauditxException", RauditxException.class, "getSafReturnCode", "getRacfReturnCode", "getRacfReasonCode")));
        setDefault(rauditxBuilder);
        return rauditxBuilder;
    }
}
