package io.confluent.security.audit;

import io.confluent.crn.ConfluentResourceName;
import io.confluent.crn.CrnAuthority;
import io.confluent.crn.CrnSyntaxException;
import io.confluent.kafka.multitenant.IdentityMetadata;
import io.confluent.kafka.multitenant.MultiTenantPrincipal;
import io.confluent.security.audit.AuthenticationInfo;
import io.confluent.security.authentication.oauthbearer.CloudJwtPrincipal;
import java.util.Optional;
import java.util.function.Function;
import org.apache.kafka.common.errors.AuthenticationException;
import org.apache.kafka.common.security.auth.KafkaPrincipal;

/* loaded from: input_file:io/confluent/security/audit/AuditLogOAuthUtils.class */
public class AuditLogOAuthUtils {
    public static final String IDENTITY_POOL_ID_KEY = "identityPoolId";
    private static final String ORGANIZATION_ID_TYPE = "organization";
    private static final String IDENTITY_PROVIDER_TYPE = "identity-provider";
    private static final String IDENTITY_TYPE = "identity";
    private static final String NOT_AVAILABLE = "NA";

    public static void setIdentityInformation(AuthenticationInfo.Builder builder, KafkaPrincipal kafkaPrincipal, KafkaPrincipal kafkaPrincipal2, CrnAuthority crnAuthority) {
        KafkaPrincipal kafkaPrincipal3 = kafkaPrincipal2 != null ? kafkaPrincipal2 : kafkaPrincipal;
        Optional<U> map = maybeFetchIdentityInfo(kafkaPrincipal3, (v0) -> {
            return v0.maybeGetPoolId();
        }).map(str -> {
            return "User:" + str;
        });
        builder.getClass();
        map.ifPresent(builder::setPrincipal);
        setIdentityField(builder, kafkaPrincipal3, crnAuthority.name());
    }

    public static Optional<String> maybeFetchIdentityInfo(KafkaPrincipal kafkaPrincipal, Function<IdentityMetadata, Optional<String>> function) {
        return kafkaPrincipal instanceof MultiTenantPrincipal ? ((MultiTenantPrincipal) kafkaPrincipal).maybeGetIdentityMetadata().flatMap(function) : Optional.empty();
    }

    public static void setIdentityField(AuthenticationInfo.Builder builder, KafkaPrincipal kafkaPrincipal, String str) {
        Optional<String> externalIdentityId = externalIdentityId(kafkaPrincipal);
        if (externalIdentityId.isPresent()) {
            builder.setIdentity(externalIdentityId.get());
        } else {
            builder.setIdentity((String) maybeGetIdentityCRN(kafkaPrincipal, str).map((v0) -> {
                return v0.toString();
            }).orElse(""));
        }
    }

    public static Optional<String> externalIdentityId(KafkaPrincipal kafkaPrincipal) {
        if (kafkaPrincipal instanceof MultiTenantPrincipal) {
            Optional<IdentityMetadata> maybeGetIdentityMetadata = ((MultiTenantPrincipal) kafkaPrincipal).maybeGetIdentityMetadata();
            if (maybeGetIdentityMetadata.isPresent()) {
                return Optional.ofNullable(maybeGetIdentityMetadata.get().externalIdentityId());
            }
        }
        return Optional.empty();
    }

    public static Optional<ConfluentResourceName> maybeGetIdentityCRN(KafkaPrincipal kafkaPrincipal, String str) {
        if (!(kafkaPrincipal instanceof MultiTenantPrincipal)) {
            return Optional.empty();
        }
        MultiTenantPrincipal multiTenantPrincipal = (MultiTenantPrincipal) kafkaPrincipal;
        ConfluentResourceName.Builder newBuilder = ConfluentResourceName.newBuilder();
        newBuilder.setAuthority(str);
        String str2 = multiTenantPrincipal.tenantMetadata().organizationId;
        addElement(newBuilder, "organization", str2 == null ? NOT_AVAILABLE : str2);
        addElement(newBuilder, "identity-provider", (String) multiTenantPrincipal.maybeGetIdentityMetadata().flatMap((v0) -> {
            return v0.maybeGetProviderId();
        }).orElse(NOT_AVAILABLE));
        addElement(newBuilder, "identity", (String) multiTenantPrincipal.maybeGetIdentityMetadata().flatMap((v0) -> {
            return v0.maybeGetIdentity();
        }).orElse(NOT_AVAILABLE));
        try {
            return Optional.of(newBuilder.build());
        } catch (CrnSyntaxException e) {
            e.printStackTrace();
            return Optional.empty();
        }
    }

    public static void setIdentityInformation(AuthenticationInfo.Builder builder, AuthenticationException authenticationException, CrnAuthority crnAuthority) {
        Optional map = Optional.ofNullable(authenticationException).filter(authenticationException2 -> {
            return authenticationException2.errorInfo().saslExtensions().containsKey("identityPoolId");
        }).map(authenticationException3 -> {
            return "User:" + authenticationException3.errorInfo().saslExtensions().get("identityPoolId");
        });
        builder.getClass();
        map.ifPresent(builder::setPrincipal);
        Optional map2 = Optional.ofNullable(authenticationException).flatMap(authenticationException4 -> {
            return maybeGetIdentityCRN(authenticationException4, crnAuthority.name());
        }).map((v0) -> {
            return v0.toString();
        });
        builder.getClass();
        map2.ifPresent(builder::setIdentity);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Optional<ConfluentResourceName> maybeGetIdentityCRN(AuthenticationException authenticationException, String str) {
        ConfluentResourceName.Builder newBuilder = ConfluentResourceName.newBuilder();
        newBuilder.setAuthority(str);
        addElement(newBuilder, "organization", (String) Optional.of(authenticationException).filter(authenticationException2 -> {
            return authenticationException2.errorInfo().data().containsKey(CloudJwtPrincipal.CLAIM_ORGANIZATION_ID);
        }).map(authenticationException3 -> {
            return authenticationException3.errorInfo().data().get(CloudJwtPrincipal.CLAIM_ORGANIZATION_ID);
        }).orElse(NOT_AVAILABLE));
        addElement(newBuilder, "identity-provider", (String) Optional.of(authenticationException).filter(authenticationException4 -> {
            return authenticationException4.errorInfo().data().containsKey("providerId");
        }).map(authenticationException5 -> {
            return authenticationException5.errorInfo().data().get("providerId");
        }).orElse(NOT_AVAILABLE));
        addElement(newBuilder, "identity", (String) Optional.of(authenticationException).filter(authenticationException6 -> {
            return authenticationException6.errorInfo().data().containsKey("identity");
        }).map(authenticationException7 -> {
            return authenticationException7.errorInfo().data().get("identity");
        }).orElse(NOT_AVAILABLE));
        try {
            return Optional.of(newBuilder.build());
        } catch (CrnSyntaxException e) {
            e.printStackTrace();
            return Optional.empty();
        }
    }

    private static void addElement(ConfluentResourceName.Builder builder, String str, String str2) {
        try {
            builder.addElement(str, str2);
        } catch (CrnSyntaxException e) {
            e.printStackTrace();
        }
    }
}
