package org.sonatype.nexus.security.internal;

import com.google.common.collect.Sets;
import com.google.common.eventbus.AllowConcurrentEvents;
import com.google.common.eventbus.Subscribe;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.inject.Named;
import javax.inject.Singleton;
import org.sonatype.nexus.audit.AuditData;
import org.sonatype.nexus.audit.AuditorSupport;
import org.sonatype.nexus.common.event.EventAware;
import org.sonatype.nexus.security.ClientInfo;
import org.sonatype.nexus.security.UserIdMdcHelper;
import org.sonatype.nexus.security.authc.AuthenticationFailureReason;
import org.sonatype.nexus.security.authc.NexusAuthenticationEvent;

@Singleton
@Named
/* loaded from: input_file:org/sonatype/nexus/security/internal/NexusAuthenticationEventAuditor.class */
public class NexusAuthenticationEventAuditor extends AuditorSupport implements EventAware {
    private static final String DOMAIN = "security.user";
    private static Set<AuthenticationFailureReason> AUDITABLE_FAILURE_REASONS = new HashSet();

    @Subscribe
    @AllowConcurrentEvents
    public void on(NexusAuthenticationEvent nexusAuthenticationEvent) {
        Set<AuthenticationFailureReason> failureReasonsToLog = getFailureReasonsToLog(nexusAuthenticationEvent);
        if (!isRecording() || failureReasonsToLog.isEmpty()) {
            return;
        }
        AuditData auditData = new AuditData();
        auditData.setType("authentication");
        auditData.setDomain("security.user");
        auditData.setTimestamp(nexusAuthenticationEvent.getEventDate());
        Map<String, Object> attributes = auditData.getAttributes();
        attributes.put("failureReasons", failureReasonsToLog);
        attributes.put("wasSuccessful", Boolean.valueOf(nexusAuthenticationEvent.isSuccessful()));
        if (nexusAuthenticationEvent.getClientInfo() != null) {
            ClientInfo clientInfo = nexusAuthenticationEvent.getClientInfo();
            attributes.put(UserIdMdcHelper.KEY, clientInfo.getUserid());
            attributes.put("remoteIp", clientInfo.getRemoteIP());
            attributes.put("userAgent", clientInfo.getUserAgent());
            attributes.put("path", clientInfo.getPath());
        }
        record(auditData);
    }

    private Set<AuthenticationFailureReason> getFailureReasonsToLog(NexusAuthenticationEvent nexusAuthenticationEvent) {
        return Sets.intersection(nexusAuthenticationEvent.getAuthenticationFailureReasons(), AUDITABLE_FAILURE_REASONS);
    }

    static {
        AUDITABLE_FAILURE_REASONS.add(AuthenticationFailureReason.INCORRECT_CREDENTIALS);
    }
}
