package org.owasp.appsensor.integration.cef.syslog;

import java.nio.charset.StandardCharsets;
import javax.inject.Named;
import org.owasp.appsensor.core.Attack;
import org.owasp.appsensor.core.Event;
import org.owasp.appsensor.core.Response;
import org.owasp.appsensor.core.listener.SystemListener;
import org.owasp.appsensor.core.logging.Loggable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Loggable
@Named
/* loaded from: input_file:org/owasp/appsensor/integration/cef/syslog/CefSyslogEmitter.class */
public class CefSyslogEmitter extends SystemListener {
    Logger syslog = LoggerFactory.getLogger("appsensor_syslog");
    private static final String SYSLOG_FIELD_DELIMETER = "|";
    private static final String SPACE = " ";
    private Logger logger;

    public void onAdd(Event event) {
        this.logger.info("Security event " + event.getDetectionPoint().getLabel() + " triggered by user: " + event.getUser().getUsername());
        this.syslog.info(toCef(event));
    }

    public void onAdd(Attack attack) {
        this.logger.info("Security attack " + attack.getDetectionPoint().getLabel() + " triggered by user: " + attack.getUser().getUsername());
        this.syslog.info(toCef(attack));
    }

    public void onAdd(Response response) {
        this.logger.info("Security response " + response.getAction() + " created for user: " + response.getUser().getUsername());
        this.syslog.info(toCef(response));
    }

    protected String toCef(Event event) {
        StringBuilder sb = new StringBuilder();
        sb.append("CEF:0");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("OWASP");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("appsensor");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("1.0");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append(encodeCEFHeader(event.getDetectionPoint().getLabel()));
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append(encodeCEFHeader(event.getDetectionPoint().getCategory()));
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("3");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("cat=event_detection");
        sb.append(SPACE);
        if (event.getResource() != null && event.getResource().getLocation() != null) {
            sb.append("cs1Label=resourceLocation");
            sb.append(SPACE);
            sb.append("cs1=");
            sb.append(encodeCEFExtension(event.getResource().getLocation()));
            sb.append(SPACE);
        }
        sb.append("deviceExternalId=");
        sb.append(encodeCEFExtension(event.getDetectionSystem().getDetectionSystemId()));
        sb.append(SPACE);
        if (event.getUser().getIPAddress() != null && event.getUser().getIPAddress().getAddressAsString() != null) {
            sb.append("src=");
            sb.append(encodeCEFExtension(event.getUser().getIPAddress().getAddressAsString()));
            sb.append(SPACE);
        }
        if (event.getDetectionSystem().getIPAddress() != null && event.getDetectionSystem().getIPAddress().getAddressAsString() != null) {
            sb.append("dst=");
            sb.append(encodeCEFExtension(event.getDetectionSystem().getIPAddress().getAddressAsString()));
            sb.append(SPACE);
        }
        sb.append("suser=");
        sb.append(encodeCEFExtension(event.getUser().getUsername()));
        sb.append(SPACE);
        if (event.getResource() != null && event.getResource().getLocation() != null) {
            sb.append("request=");
            sb.append(encodeCEFExtension(event.getResource().getLocation()));
            sb.append(SPACE);
        }
        return new String(sb.toString().getBytes(StandardCharsets.UTF_8), StandardCharsets.UTF_8);
    }

    protected String toCef(Attack attack) {
        StringBuilder sb = new StringBuilder();
        sb.append("CEF:0");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("OWASP");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("appsensor");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("1.0");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append(encodeCEFHeader(attack.getDetectionPoint().getLabel()));
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append(encodeCEFHeader(attack.getDetectionPoint().getCategory()));
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("7");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("cat=attack_detection");
        sb.append(SPACE);
        if (attack.getResource() != null && attack.getResource().getLocation() != null) {
            sb.append("cs1Label=resourceLocation");
            sb.append(SPACE);
            sb.append("cs1=");
            sb.append(encodeCEFExtension(attack.getResource().getLocation()));
            sb.append(SPACE);
        }
        sb.append("deviceExternalId=");
        sb.append(encodeCEFExtension(attack.getDetectionSystem().getDetectionSystemId()));
        sb.append(SPACE);
        if (attack.getUser().getIPAddress() != null && attack.getUser().getIPAddress().getAddressAsString() != null) {
            sb.append("src=");
            sb.append(encodeCEFExtension(attack.getUser().getIPAddress().getAddressAsString()));
            sb.append(SPACE);
        }
        if (attack.getDetectionSystem().getIPAddress() != null && attack.getDetectionSystem().getIPAddress().getAddressAsString() != null) {
            sb.append("dst=");
            sb.append(encodeCEFExtension(attack.getDetectionSystem().getIPAddress().getAddressAsString()));
            sb.append(SPACE);
        }
        sb.append("suser=");
        sb.append(encodeCEFExtension(attack.getUser().getUsername()));
        sb.append(SPACE);
        if (attack.getResource() != null && attack.getResource().getLocation() != null) {
            sb.append("request=");
            sb.append(encodeCEFExtension(attack.getResource().getLocation()));
            sb.append(SPACE);
        }
        sb.append("cn1Label=thresholdCount");
        sb.append(SPACE);
        sb.append("cn1=");
        sb.append(encodeCEFExtension(attack.getDetectionPoint().getThreshold().getCount()));
        sb.append(SPACE);
        sb.append("cn2Label=intervalDuration");
        sb.append(SPACE);
        sb.append("cn2=");
        sb.append(encodeCEFExtension(attack.getDetectionPoint().getThreshold().getInterval().getDuration()));
        sb.append(SPACE);
        sb.append("cs1Label=intervalUnit");
        sb.append(SPACE);
        sb.append("cs1=");
        sb.append(encodeCEFExtension(attack.getDetectionPoint().getThreshold().getInterval().getUnit()));
        sb.append(SPACE);
        return new String(sb.toString().getBytes(StandardCharsets.UTF_8), StandardCharsets.UTF_8);
    }

    protected String toCef(Response response) {
        StringBuilder sb = new StringBuilder();
        sb.append("CEF:0");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("OWASP");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("appsensor");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("1.0");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append(encodeCEFHeader(response.getAction()));
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append(encodeCEFHeader("appsensor_response"));
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("7");
        sb.append(SYSLOG_FIELD_DELIMETER);
        sb.append("cat=response_creation");
        sb.append(SPACE);
        sb.append("act=");
        sb.append(encodeCEFExtension(response.getAction()));
        sb.append(SPACE);
        sb.append("deviceExternalId=");
        sb.append(encodeCEFExtension(response.getDetectionSystem().getDetectionSystemId()));
        sb.append(SPACE);
        if (response.getUser().getIPAddress() != null && response.getUser().getIPAddress().getAddressAsString() != null) {
            sb.append("dst=");
            sb.append(encodeCEFExtension(response.getUser().getIPAddress().getAddressAsString()));
            sb.append(SPACE);
        }
        if (response.getDetectionSystem().getIPAddress() != null && response.getDetectionSystem().getIPAddress().getAddressAsString() != null) {
            sb.append("src=");
            sb.append(encodeCEFExtension(response.getDetectionSystem().getIPAddress().getAddressAsString()));
            sb.append(SPACE);
        }
        sb.append("suser=");
        sb.append(encodeCEFExtension(response.getUser().getUsername()));
        sb.append(SPACE);
        if (response.getInterval() != null) {
            sb.append("cn1Label=intervalDuration");
            sb.append(SPACE);
            sb.append("cn1=");
            sb.append(encodeCEFExtension(response.getInterval().getDuration()));
            sb.append(SPACE);
            sb.append("cs1Label=intervalUnit");
            sb.append(SPACE);
            sb.append("cs1=");
            sb.append(encodeCEFExtension(response.getInterval().getUnit()));
            sb.append(SPACE);
        }
        return new String(sb.toString().getBytes(StandardCharsets.UTF_8), StandardCharsets.UTF_8);
    }

    protected String encodeCEFHeader(String str) {
        return str.replace("\\", "\\\\").replace(SYSLOG_FIELD_DELIMETER, "\\|").replace("\r", "").replace("\n", "");
    }

    protected String encodeCEFExtension(String str) {
        return str.replace("\\", "\\\\").replace("=", "\\=").replace("\r", "").replace("\n", "");
    }

    protected int encodeCEFExtension(int i) {
        return i;
    }
}
