package io.confluent.controlcenter;

import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.apache.kafka.common.config.ConfigException;

/* loaded from: input_file:io/confluent/controlcenter/ControlCenterRbacConfig.class */
public class ControlCenterRbacConfig {
    public static final String OAUTHBEARER_MECHANISM = "OAUTHBEARER";
    public static final String OAUTHBEARER_LOGIN_MODULE_CLASS = "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule";
    public static final String JAAS_CONFIG_USERNAME_PASSWORD_FORMAT = "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required username=\"%s\" password=\"%s\" metadataServerUrls=\"%s\";";
    public static final String USERNAME_PASSWORD_LOGIN_CALLBACK_HANDLER_CLASS = "io.confluent.kafka.clients.plugins.auth.token.TokenUserLoginCallbackHandler";
    public static final String JAAS_CONFIG_TOKEN_FORMAT = "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required authenticationToken=\"%s\" metadataServerUrls=\"%s\";";
    public static final String TOKEN_LOGIN_CALLBACK_HANDLER_CLASS = "io.confluent.kafka.clients.plugins.auth.token.TokenBearerLoginCallbackHandler";
    private final List<String> metadataServiceUrls;
    private final String controlCenterUsername;
    private final String controlCenterPassword;

    public static ControlCenterRbacConfig rbacDisabledConfig() {
        return new ControlCenterRbacConfig(ImmutableList.of(), "", "");
    }

    public static Map<String, Object> getRbacUserConfigs(String str, String str2, List<String> list) {
        return list.isEmpty() ? ImmutableMap.of() : ImmutableMap.of("sasl.mechanism", OAUTHBEARER_MECHANISM, "sasl.jaas.config", String.format(JAAS_CONFIG_USERNAME_PASSWORD_FORMAT, str, str2, String.join(",", list)), "sasl.login.callback.handler.class", USERNAME_PASSWORD_LOGIN_CALLBACK_HANDLER_CLASS);
    }

    public static Map<String, Object> getRbacTokenConfigs(String str, List<String> list) {
        return list.isEmpty() ? ImmutableMap.of() : ImmutableMap.of("sasl.mechanism", OAUTHBEARER_MECHANISM, "sasl.jaas.config", String.format(JAAS_CONFIG_TOKEN_FORMAT, str, String.join(",", list)), "sasl.login.callback.handler.class", TOKEN_LOGIN_CALLBACK_HANDLER_CLASS);
    }

    public static ControlCenterRbacConfig fromControlCenterConfig(ControlCenterConfig controlCenterConfig) {
        List list = controlCenterConfig.getList(ControlCenterConfig.CONFLUENT_CONTROLCENTER_METADATA_URLS_CONFIG);
        String str = null;
        String str2 = null;
        if (!list.isEmpty()) {
            str = controlCenterConfig.getString(ControlCenterConfig.CONTROL_CENTER_METADATA_USERNAME);
            str2 = controlCenterConfig.getPassword(ControlCenterConfig.CONTROL_CENTER_METADATA_PASSWORD).value();
            if (Strings.isNullOrEmpty(str) || Strings.isNullOrEmpty(str2)) {
                throw new ConfigException("You specified a metadata service but did not specify a username/password for using it. Please specify confluent.controlcenter.metadata.username and confluent.controlcenter.metadata.password.");
            }
        }
        return new ControlCenterRbacConfig(list, str, str2);
    }

    public ControlCenterRbacConfig(List<String> list, String str, String str2) {
        this.metadataServiceUrls = list;
        this.controlCenterUsername = str;
        this.controlCenterPassword = str2;
    }

    public List<String> getMetadataServiceUrls() {
        return this.metadataServiceUrls;
    }

    public String getControlCenterUsername() {
        return this.controlCenterUsername;
    }

    public String getControlCenterPassword() {
        return this.controlCenterPassword;
    }

    public boolean isRbacEnabled() {
        return !this.metadataServiceUrls.isEmpty();
    }

    public void putAllIfAbsentRbacControlCenterConfigs(Map<String, Object> map) {
        Map<String, Object> rbacUserConfigs = getRbacUserConfigs(this.controlCenterUsername, this.controlCenterPassword, this.metadataServiceUrls);
        map.getClass();
        rbacUserConfigs.forEach((v1, v2) -> {
            r1.putIfAbsent(v1, v2);
        });
    }

    public void putAllIfAbsentRbacControlCenterConfigs(Properties properties) {
        Map<String, Object> rbacUserConfigs = getRbacUserConfigs(this.controlCenterUsername, this.controlCenterPassword, this.metadataServiceUrls);
        properties.getClass();
        rbacUserConfigs.forEach((v1, v2) -> {
            r1.putIfAbsent(v1, v2);
        });
    }

    public void putAllRbacTokenConfigs(Map<String, Object> map, String str) {
        map.putAll(getRbacTokenConfigs(str, this.metadataServiceUrls));
    }

    public void putAllRbacTokenConfigs(Properties properties, String str) {
        properties.putAll(getRbacTokenConfigs(str, this.metadataServiceUrls));
    }
}
