package io.confluent.security.auth.client;

import com.fasterxml.jackson.core.type.TypeReference;
import io.confluent.security.auth.client.provider.HttpCredentialProvider;
import io.confluent.security.auth.client.rest.RestClient;
import io.confluent.security.auth.client.rest.RestRequest;
import io.confluent.security.auth.client.rest.entities.AuthorizeRequest;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Authorizer;
import io.confluent.security.authorizer.RequestContext;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/security/auth/client/RestAuthorizer.class */
public class RestAuthorizer implements Authorizer {
    private static final String AUTHORIZE_ENDPOINT = "/authorize";
    private static final String AUTHORIZE_METHOD = "PUT";
    private RestClient restClient;
    private static final Logger log = LoggerFactory.getLogger(RestAuthorizer.class);
    private static final TypeReference<List<String>> AUTHORIZE_RESPONSE_TYPE = new TypeReference<List<String>>() { // from class: io.confluent.security.auth.client.RestAuthorizer.1
    };

    public RestAuthorizer() {
    }

    public RestAuthorizer(RestClient restClient) {
        this.restClient = restClient;
    }

    public void configure(Map<String, ?> map) {
        if (this.restClient != null) {
            log.warn("Using the existing RestClient instance");
        } else {
            this.restClient = new RestClient(map);
        }
    }

    public List<AuthorizeResult> authorize(KafkaPrincipal kafkaPrincipal, String str, List<Action> list) {
        return doAuthorize(newAuthorizeRequest(kafkaPrincipal, str, list));
    }

    public List<AuthorizeResult> authorize(RequestContext requestContext, List<Action> list) {
        return doAuthorize(newAuthorizeRequest(requestContext.principal(), requestContext.clientAddress().getHostAddress(), list));
    }

    public List<AuthorizeResult> authorize(HttpCredentialProvider httpCredentialProvider, KafkaPrincipal kafkaPrincipal, String str, List<Action> list) {
        return doAuthorize(httpCredentialProvider, newAuthorizeRequest(kafkaPrincipal, str, list));
    }

    private RestRequest newAuthorizeRequest(KafkaPrincipal kafkaPrincipal, String str, List<Action> list) {
        if (this.restClient == null) {
            throw new IllegalStateException("RestClient has not been initialized.");
        }
        RestRequest newRequest = this.restClient.newRequest(AUTHORIZE_ENDPOINT);
        newRequest.setRequest(new AuthorizeRequest(kafkaPrincipal.toString(), str, list));
        newRequest.setRequestMethod(AUTHORIZE_METHOD);
        newRequest.setResponse(AUTHORIZE_RESPONSE_TYPE);
        return newRequest;
    }

    private List<AuthorizeResult> doAuthorize(HttpCredentialProvider httpCredentialProvider, RestRequest restRequest) {
        restRequest.setCredentialProvider(httpCredentialProvider);
        return doAuthorize(restRequest);
    }

    private List<AuthorizeResult> doAuthorize(RestRequest restRequest) {
        try {
            return (List) ((List) doRequest(restRequest)).stream().map(AuthorizeResult::valueOf).collect(Collectors.toList());
        } catch (Exception e) {
            throw new RuntimeException("Error occurred while executing authorize operation", e);
        }
    }

    private <T> T doRequest(RestRequest restRequest) throws Exception {
        return (T) this.restClient.sendRequest(restRequest);
    }

    public void close() throws IOException {
        if (this.restClient != null) {
            this.restClient.close();
        }
    }
}
