package io.confluent.controlcenter.kafka;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.eventbus.EventBus;
import com.google.common.util.concurrent.ListenableFuture;
import com.google.common.util.concurrent.SettableFuture;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import io.confluent.controlcenter.ControlCenterRbacConfig;
import io.confluent.controlcenter.kafka.ClusterManagementModule;
import io.confluent.controlcenter.rest.TokenCredential;
import io.confluent.controlcenter.util.RetryUtils;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ConcurrentSkipListSet;
import org.apache.kafka.clients.admin.AdminClient;
import org.apache.kafka.common.KafkaFuture;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:io/confluent/controlcenter/kafka/StaticClusterManager.class */
public class StaticClusterManager implements ClusterManager {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) StaticClusterManager.class);
    private static final int CONFIG_RETRY_BACKOFF = 1000;
    private final ConcurrentMap<String, Map<String, Object>> configurations = new ConcurrentHashMap();
    private final ConcurrentSkipListSet<String> clusterNames = new ConcurrentSkipListSet<>();
    private final AdminClientFactory clientFactory;
    private final Provider<EventBus> eventBusProvider;
    private final ControlCenterRbacConfig rbacConfig;

    @Inject
    public StaticClusterManager(@ClusterManagementModule.ClusterChangeEventBus Provider<EventBus> provider, AdminClientFactory adminClientFactory, ControlCenterRbacConfig controlCenterRbacConfig) {
        this.eventBusProvider = provider;
        this.clientFactory = adminClientFactory;
        this.rbacConfig = controlCenterRbacConfig;
    }

    @Override // io.confluent.controlcenter.kafka.ClusterManager
    public Map<String, Object> getConfiguration(TokenCredential tokenCredential) {
        return this.rbacConfig.injectRbacConfigs((Map) Preconditions.checkNotNull(this.configurations.get(tokenCredential.cluster), "Unknown configuration for cluster id %s", tokenCredential.cluster), tokenCredential.token);
    }

    @Override // io.confluent.controlcenter.kafka.ClusterManager
    public Map<String, Map<String, Object>> getConfigurations() {
        return this.configurations;
    }

    @VisibleForTesting
    public ListenableFuture<String> register(String str, Map<String, Object> map) {
        Preconditions.checkNotNull(str, "Cluster name must not be null");
        Preconditions.checkNotNull(map, "Configuration must not be null");
        Preconditions.checkArgument(this.clusterNames.add(str), "Cluster configuration %s already exists", str);
        HashMap hashMap = new HashMap(map);
        if (this.rbacConfig.isRbacEnabled()) {
            if (!configUsesOauthBearerOrDefault(hashMap)) {
                throw new ConfigException("When RBAC is enabled, you must use the OAUTHBEARER SASL mechanism.");
            }
            hashMap.putIfAbsent("security.protocol", SecurityProtocol.SASL_PLAINTEXT.name);
        }
        Map<String, Object> injectRbacConfigs = this.rbacConfig.injectRbacConfigs(hashMap);
        return RetryUtils.retryWithJitter(() -> {
            SettableFuture create = SettableFuture.create();
            lookupClusterId(injectRbacConfigs).whenComplete((str2, th) -> {
                if (th != null) {
                    create.setException(th);
                } else {
                    postLookupClusterId(str, str2, hashMap);
                    create.set(str2);
                }
            });
            return create;
        }, 1000);
    }

    @VisibleForTesting
    public KafkaFuture<String> lookupClusterId(Map<String, Object> map) {
        AdminClient createClient = this.clientFactory.createClient(map);
        Throwable th = null;
        try {
            try {
                KafkaFuture<String> clusterId = createClient.describeCluster().clusterId();
                if (createClient != null) {
                    if (0 != 0) {
                        try {
                            createClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        createClient.close();
                    }
                }
                return clusterId;
            } finally {
            }
        } catch (Throwable th3) {
            if (createClient != null) {
                if (th != null) {
                    try {
                        createClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    createClient.close();
                }
            }
            throw th3;
        }
    }

    private void postLookupClusterId(String str, String str2, Map<String, Object> map) {
        try {
            this.configurations.put(str2, map);
            this.eventBusProvider.get().post(new ClusterChangeEvent(str, str2, map, this.eventBusProvider.get()));
            this.clusterNames.remove(str);
        } catch (Throwable th) {
            log.warn("Failure during post-processing of cluster id", th);
        }
    }

    private boolean configUsesOauthBearerOrDefault(Map<String, Object> map) {
        Object obj = map.get("security.protocol");
        Object obj2 = map.get(SaslConfigs.SASL_MECHANISM);
        if (obj == null || obj.equals(SecurityProtocol.SASL_PLAINTEXT.name) || obj.equals(SecurityProtocol.SASL_SSL.name)) {
            return obj2 == null || obj2.equals("OAUTHBEARER");
        }
        return false;
    }
}
