package org.kuali.kfs.kns.service.impl;

import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.kuali.kfs.datadictionary.legacy.DataDictionaryService;
import org.kuali.kfs.kns.document.authorization.BusinessObjectRestrictions;
import org.kuali.kfs.kns.document.authorization.FieldRestriction;
import org.kuali.kfs.kns.service.KNSServiceLocator;
import org.kuali.kfs.kns.service.SecurityLoggingService;
import org.kuali.kfs.kns.util.KNSGlobalVariables;
import org.kuali.kfs.krad.bo.BusinessObject;
import org.kuali.kfs.krad.bo.PersistableBusinessObject;
import org.kuali.kfs.krad.datadictionary.AttributeSecurity;
import org.kuali.kfs.krad.document.Document;
import org.kuali.kfs.krad.util.GlobalVariables;
import org.kuali.kfs.krad.util.ObjectUtils;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2024-02-07.jar:org/kuali/kfs/kns/service/impl/SecurityLoggingServiceImpl.class */
public class SecurityLoggingServiceImpl implements SecurityLoggingService {
    private static final Logger LOG = LogManager.getLogger();
    private DataDictionaryService dataDictionaryService;

    @Override // org.kuali.kfs.kns.service.SecurityLoggingService
    public void logFullUnmask(BusinessObject businessObject, String str, Document document, boolean z, String str2) {
        logFieldAccessRequested(businessObject, str, "FullUnmask", document, z, str2);
    }

    @Override // org.kuali.kfs.kns.service.SecurityLoggingService
    public void logPartialUnmask(BusinessObject businessObject, String str, Document document, boolean z, String str2) {
        logFieldAccessRequested(businessObject, str, "PartialUnmask", document, z, str2);
    }

    @Override // org.kuali.kfs.kns.service.SecurityLoggingService
    public void logView(BusinessObject businessObject, String str, Document document, boolean z, String str2) {
        logFieldAccessRequested(businessObject, str, "View", document, z, str2);
    }

    @Override // org.kuali.kfs.kns.service.SecurityLoggingService
    public void logFieldAccess(BusinessObject businessObject, String str, Document document, BusinessObjectRestrictions businessObjectRestrictions, boolean z, String str2) {
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        boolean z6 = false;
        boolean z7 = false;
        AttributeSecurity attributeSecurity = getDataDictionaryService().getAttributeSecurity(businessObject.getClass().getName(), str);
        if (attributeSecurity != null) {
            z2 = attributeSecurity.isMask();
            z3 = attributeSecurity.isPartialMask();
            z4 = attributeSecurity.isHide();
            if (businessObjectRestrictions == null) {
                z5 = attributeSecurity.isMask();
                z6 = attributeSecurity.isPartialMask();
                z4 = attributeSecurity.isHide();
            } else {
                FieldRestriction fieldRestriction = businessObjectRestrictions.getFieldRestriction(str);
                if (fieldRestriction == null) {
                    z5 = attributeSecurity.isMask();
                    z6 = attributeSecurity.isPartialMask();
                    z7 = attributeSecurity.isHide();
                } else {
                    z5 = attributeSecurity.isMask() && !fieldRestriction.isMasked();
                    z6 = attributeSecurity.isPartialMask() && !fieldRestriction.isPartiallyMasked();
                    z7 = attributeSecurity.isHide() && !fieldRestriction.isViewable();
                }
            }
        }
        if (z2) {
            logFullUnmask(businessObject, str, document, z5, str2);
        }
        if (z3) {
            logPartialUnmask(businessObject, str, document, z6, str2);
        }
        if (z && z4) {
            logView(businessObject, str, document, z7, str2);
        }
    }

    @Override // org.kuali.kfs.kns.service.SecurityLoggingService
    public void logCustomString(String str) {
        StringBuilder sb = new StringBuilder(300);
        appendSecurityLogPrefix(sb);
        sb.append(str);
        writeStringToLog(sb.toString());
    }

    protected void logFieldAccessRequested(BusinessObject businessObject, String str, String str2, Document document, boolean z, String str3) {
        Class materializeClassForProxiedObject = ObjectUtils.materializeClassForProxiedObject(businessObject);
        String str4 = null;
        if (materializeClassForProxiedObject != null) {
            str4 = materializeClassForProxiedObject.getSimpleName();
        }
        StringBuilder sb = new StringBuilder(120);
        appendSecurityLogPrefix(sb);
        appendFieldAccessMessage(sb, str2, str4, str, z, businessObject, document, str3);
        writeStringToLog(sb.toString());
    }

    protected void appendSecurityLogPrefix(StringBuilder sb) {
        sb.append(KNSGlobalVariables.getRemoteIpAddress()).append(",").append(GlobalVariables.getUserSession().getUserToLog()).append(",");
    }

    protected void appendFieldAccessMessage(StringBuilder sb, String str, String str2, String str3, boolean z, BusinessObject businessObject, Document document, String str4) {
        sb.append(str).append(",").append(str2).append(".").append(str3);
        if (z) {
            sb.append(",SUCCESS");
        } else {
            sb.append(",DENY");
        }
        if (!ObjectUtils.isNotNull(businessObject)) {
            sb.append(",null");
        } else if (businessObject instanceof PersistableBusinessObject) {
            sb.append(",objectId=").append(((PersistableBusinessObject) businessObject).getObjectId());
        } else {
            sb.append(",TransientBusinessObject");
        }
        if (StringUtils.isNotBlank(str4)) {
            sb.append(",").append(str4);
        }
        if (ObjectUtils.isNull(document)) {
            sb.append(",null");
        } else {
            sb.append(",docNbr=").append(document.getDocumentNumber());
        }
    }

    protected void writeStringToLog(String str) {
        LOG.info(str);
    }

    protected DataDictionaryService getDataDictionaryService() {
        if (this.dataDictionaryService == null) {
            this.dataDictionaryService = KNSServiceLocator.getDataDictionaryService();
        }
        return this.dataDictionaryService;
    }
}
