package uk.co.gresearch.siembol.alerts.correlationengine;

import java.util.ArrayList;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.lang3.exception.ExceptionUtils;
import uk.co.gresearch.siembol.alerts.common.AlertingAttributes;
import uk.co.gresearch.siembol.alerts.common.AlertingFields;
import uk.co.gresearch.siembol.alerts.common.AlertingResult;
import uk.co.gresearch.siembol.alerts.common.AlertingTags;
import uk.co.gresearch.siembol.alerts.common.EvaluationResult;
import uk.co.gresearch.siembol.alerts.correlationengine.AlertCounterMetadata;
import uk.co.gresearch.siembol.alerts.engine.AbstractRule;

/* loaded from: input_file:uk/co/gresearch/siembol/alerts/correlationengine/CorrelationRule.class */
public class CorrelationRule extends AbstractRule {
    private static final String EVENT_TIMESTAMP_FIELD = "timestamp";
    private final EnumSet<Flags> flags;
    private final int alertsThresholds;
    private final long timeWindowInMs;
    private final long maxLagTimeInMs;
    private final ArrayList<AlertCounterMetadata> alertCountersMetadata;
    private final Map<String, Integer> alertToCounterIndex;
    private final Map<String, ArrayList<AlertCounter>> alertCounters;

    /* loaded from: input_file:uk/co/gresearch/siembol/alerts/correlationengine/CorrelationRule$Builder.class */
    public static abstract class Builder<T extends CorrelationRule> extends AbstractRule.Builder<T> {
        protected static final String ALERT_ALREADY_EXISTS_MSG = "Duplicate alert names for correlation";
        protected static final String INVALID_ALERT_COUNTER = "Invalid alert counter specification";
        protected static final String EMTPY_ALERT_COUNTERS_MSG = "Missing alert counters";
        protected static final String MISSING_REQUIRED_ATTRIBUTES = "Missing required attributes for alert correlation";
        protected static final String WRONG_ALERT_THRESHOLDS = "wrong alert thresholds";
        protected static final Integer PROCESSING_TIME_MAX_LAG_TIME = 0;
        protected static final long MILLI_MULTIPLIER = 1000;
        protected static final int MAX_ALERT_THRESHOLD = 1000;
        protected Integer alertsThresholds;
        protected Long timeWindowInMs;
        protected Integer maxLagTimeInSec;
        protected long maxLagTimeInMs;
        protected ArrayList<AlertCounterMetadata> alertCountersMetadataTemp = new ArrayList<>();
        protected ArrayList<AlertCounterMetadata> alertCountersMetadata = new ArrayList<>();
        protected Map<String, Integer> alertToCounterIndex = new HashMap();
        protected EnumSet<Flags> flags = EnumSet.noneOf(Flags.class);

        public Builder<T> alertsThresholds(Integer num) {
            this.alertsThresholds = num;
            return this;
        }

        public Builder<T> timeWindowInMs(long j) {
            this.timeWindowInMs = Long.valueOf(j);
            return this;
        }

        public Builder<T> maxLagTimeInSec(Integer num) {
            this.maxLagTimeInSec = num;
            return this;
        }

        public Builder<T> flags(EnumSet<Flags> enumSet) {
            this.flags = enumSet;
            return this;
        }

        public Builder<T> addAlertCounter(String str, int i, EnumSet<AlertCounterMetadata.Flags> enumSet) {
            if (i <= 0 || i > 1000 || str == null) {
                throw new IllegalArgumentException(INVALID_ALERT_COUNTER);
            }
            this.alertCountersMetadataTemp.add(new AlertCounterMetadata(str, i, 0L, enumSet));
            return this;
        }
    }

    /* loaded from: input_file:uk/co/gresearch/siembol/alerts/correlationengine/CorrelationRule$Flags.class */
    public enum Flags {
        USE_EVENT_TIME
    }

    protected CorrelationRule(Builder<?> builder) {
        super(builder);
        this.alertCounters = new HashMap();
        this.alertsThresholds = builder.alertsThresholds.intValue();
        this.timeWindowInMs = builder.timeWindowInMs.longValue();
        this.maxLagTimeInMs = builder.maxLagTimeInMs;
        this.flags = builder.flags;
        this.alertCountersMetadata = builder.alertCountersMetadata;
        this.alertToCounterIndex = builder.alertToCounterIndex;
    }

    @Override // uk.co.gresearch.siembol.alerts.engine.AbstractRule
    public AlertingResult match(Map<String, Object> map) {
        String str = (String) map.get(AlertingFields.RULE_NAME.getAlertingName());
        String str2 = (String) map.get(AlertingTags.CORRELATION_KEY_TAG_NAME.toString());
        long longValue = ((Long) map.get(AlertingFields.PROCESSING_TIME.getCorrelationAlertingName())).longValue();
        try {
            if (EvaluationResult.NO_MATCH == evaluate(str2, str, (this.flags.contains(Flags.USE_EVENT_TIME) && (map.get(EVENT_TIMESTAMP_FIELD) instanceof Number)) ? ((Number) map.get(EVENT_TIMESTAMP_FIELD)).longValue() : longValue, longValue)) {
                return AlertingResult.fromEvaluationResult(EvaluationResult.NO_MATCH, map);
            }
            Map<String, Object> createOutputAlert = createOutputAlert(map);
            this.alertCounters.remove(str2);
            return AlertingResult.fromEvaluationResult(EvaluationResult.MATCH, createOutputAlert);
        } catch (Exception e) {
            AlertingAttributes alertingAttributes = new AlertingAttributes();
            Map<String, Object> createOutputAlert2 = createOutputAlert(map);
            createOutputAlert2.put(AlertingFields.EXCEPTION.getCorrelationAlertingName(), ExceptionUtils.getStackTrace(e));
            alertingAttributes.setEvent(createOutputAlert2);
            return new AlertingResult(AlertingResult.StatusCode.ERROR, alertingAttributes);
        }
    }

    public void clean(long j) {
        long j2 = (j - this.timeWindowInMs) - this.maxLagTimeInMs;
        this.alertCounters.keySet().removeIf(str -> {
            return cleanAlertCounters(this.alertCounters.get(str), j2);
        });
    }

    public List<String> getAlertNames() {
        return (List) this.alertToCounterIndex.keySet().stream().collect(Collectors.toList());
    }

    private EvaluationResult evaluate(String str, String str2, long j, long j2) {
        ArrayList<AlertCounter> arrayList = this.alertCounters.get(str);
        if (arrayList == null) {
            arrayList = createAlertCounters();
            this.alertCounters.put(str, arrayList);
        } else {
            cleanAlertCounters(arrayList, (j2 - this.timeWindowInMs) - this.maxLagTimeInMs);
        }
        AlertCounter alertCounter = arrayList.get(this.alertToCounterIndex.get(str2).intValue());
        alertCounter.update(j);
        return alertCounter.matchThreshold() ? evaluateRule(arrayList) : EvaluationResult.NO_MATCH;
    }

    private Map<String, Object> createOutputAlert(Map<String, Object> map) {
        HashMap hashMap = new HashMap(map);
        hashMap.put(AlertingFields.RULE_NAME.getCorrelationAlertingName(), getRuleName());
        hashMap.put(AlertingFields.FULL_RULE_NAME.getCorrelationAlertingName(), getFullRuleName());
        return hashMap;
    }

    private EvaluationResult evaluateRule(ArrayList<AlertCounter> arrayList) {
        int i = 0;
        Iterator<AlertCounter> it = arrayList.iterator();
        while (it.hasNext()) {
            AlertCounter next = it.next();
            if (next.matchThreshold()) {
                i++;
            } else if (next.isMandatory()) {
                return EvaluationResult.NO_MATCH;
            }
        }
        return i >= this.alertsThresholds ? EvaluationResult.MATCH : EvaluationResult.NO_MATCH;
    }

    private boolean cleanAlertCounters(ArrayList<AlertCounter> arrayList, long j) {
        boolean z = true;
        Iterator<AlertCounter> it = arrayList.iterator();
        while (it.hasNext()) {
            AlertCounter next = it.next();
            next.clean(j);
            z = z && next.isEmpty();
        }
        return z;
    }

    private ArrayList<AlertCounter> createAlertCounters() {
        ArrayList<AlertCounter> arrayList = new ArrayList<>(this.alertCountersMetadata.size());
        Iterator<AlertCounterMetadata> it = this.alertCountersMetadata.iterator();
        while (it.hasNext()) {
            arrayList.add(new AlertCounter(it.next()));
        }
        return arrayList;
    }

    public static Builder<CorrelationRule> builder() {
        return new Builder<CorrelationRule>() { // from class: uk.co.gresearch.siembol.alerts.correlationengine.CorrelationRule.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // uk.co.gresearch.siembol.alerts.engine.AbstractRule.Builder
            public CorrelationRule buildInternally() {
                if (!this.flags.contains(Flags.USE_EVENT_TIME)) {
                    this.maxLagTimeInSec = PROCESSING_TIME_MAX_LAG_TIME;
                }
                if (this.alertCountersMetadataTemp.isEmpty()) {
                    throw new IllegalArgumentException("Missing alert counters");
                }
                if (this.timeWindowInMs == null || this.maxLagTimeInSec == null) {
                    throw new IllegalArgumentException("Missing required attributes for alert correlation");
                }
                this.maxLagTimeInMs = this.maxLagTimeInSec.intValue() * 1000;
                Iterator<AlertCounterMetadata> it = this.alertCountersMetadataTemp.iterator();
                while (it.hasNext()) {
                    AlertCounterMetadata next = it.next();
                    AlertCounterMetadata alertCounterMetadata = new AlertCounterMetadata(next.getAlertName(), next.getThreshold(), this.maxLagTimeInMs + this.timeWindowInMs.longValue(), next.getFlags());
                    if (this.alertToCounterIndex.containsKey(alertCounterMetadata.getAlertName())) {
                        throw new IllegalArgumentException("Duplicate alert names for correlation");
                    }
                    this.alertToCounterIndex.put(alertCounterMetadata.getAlertName(), Integer.valueOf(this.alertCountersMetadata.size()));
                    this.alertCountersMetadata.add(alertCounterMetadata);
                }
                if (this.alertsThresholds == null) {
                    this.alertsThresholds = Integer.valueOf(this.alertCountersMetadata.size());
                }
                if (this.alertsThresholds.intValue() > this.alertCountersMetadata.size() || this.alertsThresholds.intValue() <= 0) {
                    throw new IllegalArgumentException("wrong alert thresholds");
                }
                return new CorrelationRule(this);
            }
        };
    }
}
