package io.confluent.security.audit;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.confluent.crn.CrnAuthorityConfig;
import io.confluent.security.audit.router.AuditLogRouterJsonConfig;
import io.confluent.security.audit.telemetry.exporter.NonBlockingKafkaExporter;
import io.confluent.security.audit.telemetry.exporter.NonBlockingKafkaExporterConfig;
import io.confluent.security.audit.telemetry.exporter.TopicSpec;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import org.apache.kafka.clients.admin.AdminClientConfig;
import org.apache.kafka.clients.producer.ProducerConfig;
import org.apache.kafka.common.config.AbstractConfig;
import org.apache.kafka.common.config.ConfigDef;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.config.SslConfigs;
import org.apache.kafka.common.config.internals.ConfluentConfigs;
import org.apache.kafka.common.serialization.ByteArraySerializer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/security/audit/AuditLogConfig.class */
public class AuditLogConfig extends AbstractConfig {
    public static final String DEFAULT_AUDIT_CLOUD_EVENT_ENCODING_CONFIG = "structured";
    public static final String AUDIT_CLOUD_EVENT_ENCODING_DOC = "Which cloudevent encoding to use. Use structured encoding by default";
    public static final String BOOTSTRAP_SERVERS_CONFIG = "confluent.security.event.logger.exporter.kafka.bootstrap.servers";
    public static final boolean DEFAULT_TOPIC_CREATE_CONFIG = true;
    public static final int DEFAULT_TOPIC_PARTITIONS_CONFIG = 12;
    public static final long DEFAULT_TOPIC_RETENTION_BYTES_CONFIG = -1;
    private static final String DEFAULT_PRODUCER_ACKS_CONFIG = "all";
    private static final String DEFAULT_PRODUCER_COMPRESSION_TYPE_CONFIG = "lz4";
    private static final String DEFAULT_PRODUCER_INTERCEPTOR_CLASSES_CONFIG = "";
    private static final String DEFAULT_PRODUCER_LINGER_MS_CONFIG = "500";
    private static final int DEFAULT_PRODUCER_RETRIES_CONFIG = 10;
    private static final long DEFAULT_PRODUCER_RETRY_BACKOFF_MS_CONFIG = 500;
    private static final int DEFAULT_PRODUCER_MAX_BLOCK_MS_CONFIG = 0;
    public static final int DEFAULT_ROUTER_CACHE_ENTRIES = 10000;
    protected static final Logger log = LoggerFactory.getLogger((Class<?>) AuditLogConfig.class);
    public static final String DEFAULT_EVENT_EXPORTER_CLASS_CONFIG = NonBlockingKafkaExporter.class.getCanonicalName();
    public static final long DEFAULT_TOPIC_RETENTION_MS_CONFIG = TimeUnit.DAYS.toMillis(30);
    public static final long DEFAULT_TOPIC_ROLL_MS_CONFIG = TimeUnit.HOURS.toMillis(4);
    private static final String DEFAULT_PRODUCER_KEY_SERIALIZER_CLASS_CONFIG = ByteArraySerializer.class.getName();
    private static final String DEFAULT_PRODUCER_VALUE_SERIALIZER_CLASS_CONFIG = ByteArraySerializer.class.getName();
    public static final String EVENT_EXPORTER_CLASS_CONFIG = "confluent.security.event.logger.exporter.class";
    public static final String TOPIC_CREATE_CONFIG = "confluent.security.event.logger.exporter.kafka.topic.create";
    public static final String TOPIC_PARTITIONS_CONFIG = "confluent.security.event.logger.exporter.kafka.topic.partitions";
    public static final String TOPIC_RETENTION_MS_CONFIG = "confluent.security.event.logger.exporter.kafka.topic.retention.ms";
    public static final String TOPIC_RETENTION_BYTES_CONFIG = "confluent.security.event.logger.exporter.kafka.topic.retention.bytes";
    public static final String TOPIC_ROLL_MS_CONFIG = "confluent.security.event.logger.exporter.kafka.topic.roll.ms";
    public static final String ROUTER_CACHE_ENTRIES_CONFIG = "confluent.security.event.router.cache.entries";
    public static final String ROUTER_CACHE_ENTRIES_DOC = "Number of Resource entries that the router cache should support";
    public static final String AUDIT_CLOUD_EVENT_ENCODING_CONFIG = "confluent.security.event.logger.cloudevent.codec";
    private static final ConfigDef CONFIG = new ConfigDef().define(ConfluentConfigs.AUDIT_LOGGER_ENABLE_CONFIG, ConfigDef.Type.BOOLEAN, "true", ConfigDef.Importance.HIGH, ConfluentConfigs.AUDIT_LOGGER_ENABLE_DOC).define(EVENT_EXPORTER_CLASS_CONFIG, ConfigDef.Type.CLASS, DEFAULT_EVENT_EXPORTER_CLASS_CONFIG, ConfigDef.Importance.HIGH, "Class to use for delivering event logs.").define(TOPIC_CREATE_CONFIG, ConfigDef.Type.BOOLEAN, true, ConfigDef.Importance.LOW, NonBlockingKafkaExporterConfig.TOPIC_CREATE_DOC).define(TOPIC_PARTITIONS_CONFIG, ConfigDef.Type.INT, 12, ConfigDef.Importance.LOW, NonBlockingKafkaExporterConfig.TOPIC_PARTITIONS_DOC).define(ConfluentConfigs.AUDIT_LOGGER_REPLICATION_FACTOR_CONFIG, ConfigDef.Type.INT, ConfluentConfigs.AUDIT_LOGGER_REPLICATION_FACTOR_DEFAULT, ConfigDef.Importance.LOW, ConfluentConfigs.AUDIT_LOGGER_REPLICATION_FACTOR_DOC).define(TOPIC_RETENTION_MS_CONFIG, ConfigDef.Type.LONG, Long.valueOf(DEFAULT_TOPIC_RETENTION_MS_CONFIG), ConfigDef.Importance.LOW, NonBlockingKafkaExporterConfig.TOPIC_RETENTION_MS_DOC).define(TOPIC_RETENTION_BYTES_CONFIG, ConfigDef.Type.LONG, -1L, ConfigDef.Importance.LOW, NonBlockingKafkaExporterConfig.TOPIC_RETENTION_BYTES_DOC).define(TOPIC_ROLL_MS_CONFIG, ConfigDef.Type.LONG, Long.valueOf(DEFAULT_TOPIC_ROLL_MS_CONFIG), ConfigDef.Importance.LOW, NonBlockingKafkaExporterConfig.TOPIC_ROLL_MS_DOC).define(ConfluentConfigs.AUDIT_EVENT_ROUTER_CONFIG, ConfigDef.Type.STRING, "", ConfigDef.Importance.LOW, ConfluentConfigs.AUDIT_EVENT_ROUTER_DOC).define(ROUTER_CACHE_ENTRIES_CONFIG, ConfigDef.Type.INT, 10000, ConfigDef.Importance.LOW, ROUTER_CACHE_ENTRIES_DOC).define(AUDIT_CLOUD_EVENT_ENCODING_CONFIG, ConfigDef.Type.STRING, "structured", ConfigDef.Importance.LOW, "Which cloudevent encoding to use. Use structured encoding by default").define(ConfluentConfigs.ENABLE_AUTHENTICATION_AUDIT_LOGS, ConfigDef.Type.BOOLEAN, "false", ConfigDef.Importance.HIGH, ConfluentConfigs.ENABLE_AUTHENTICATION_AUDIT_LOGS_DOC);

    public AuditLogConfig(Map<String, ?> map) {
        super(CONFIG, map);
    }

    public static Properties kafkaProducerOverrides() {
        Properties properties = new Properties();
        properties.put(ProducerConfig.ACKS_CONFIG, "all");
        properties.put("compression.type", "lz4");
        properties.put(ProducerConfig.KEY_SERIALIZER_CLASS_CONFIG, DEFAULT_PRODUCER_KEY_SERIALIZER_CLASS_CONFIG);
        properties.put(ProducerConfig.VALUE_SERIALIZER_CLASS_CONFIG, DEFAULT_PRODUCER_VALUE_SERIALIZER_CLASS_CONFIG);
        properties.put(ProducerConfig.LINGER_MS_CONFIG, DEFAULT_PRODUCER_LINGER_MS_CONFIG);
        properties.put("retries", 10);
        properties.put("interceptor.classes", "");
        properties.put("retry.backoff.ms", 500L);
        properties.put(ProducerConfig.MAX_BLOCK_MS_CONFIG, 0);
        return properties;
    }

    public static Map<String, ?> kafkaInterBrokerClientConfig(Map<String, ?> map) {
        HashMap hashMap = new HashMap();
        if (map.get("bootstrap.servers") != null) {
            hashMap.put("bootstrap.servers", map.get("bootstrap.servers"));
        }
        ConfigDef configDef = new ConfigDef();
        SaslConfigs.addClientSaslSupport(configDef);
        SslConfigs.addClientSslSupport(configDef);
        map.entrySet().stream().filter(entry -> {
            return !((String) entry.getKey()).startsWith(ConfluentConfigs.AUDIT_PREFIX);
        }).filter(entry2 -> {
            return configDef.names().contains(entry2.getKey()) || AdminClientConfig.configNames().contains(entry2.getKey());
        }).filter(entry3 -> {
            return entry3.getValue() != null;
        }).forEach(entry4 -> {
            hashMap.put(entry4.getKey(), entry4.getValue());
        });
        hashMap.remove("metric.reporters");
        ConfluentConfigs.enableSslDynamicStoreUpdate(map, hashMap);
        return hashMap;
    }

    public AuditLogRouterJsonConfig routerJsonConfig() throws ConfigException {
        try {
            String string = getString(ConfluentConfigs.AUDIT_EVENT_ROUTER_CONFIG);
            return (string == null || string.isEmpty()) ? AuditLogRouterJsonConfig.defaultConfig() : AuditLogRouterJsonConfig.load(getString(ConfluentConfigs.AUDIT_EVENT_ROUTER_CONFIG));
        } catch (IOException | IllegalArgumentException e) {
            throw new ConfigException("Invalid router config", e);
        }
    }

    public static Map<String, Object> toEventLoggerConfig(Map<String, ?> map) throws ConfigException {
        AuditLogConfig auditLogConfig = new AuditLogConfig(map);
        AuditLogRouterJsonConfig routerJsonConfig = auditLogConfig.routerJsonConfig();
        HashMap hashMap = new HashMap();
        if (!map.containsKey(CrnAuthorityConfig.CRN_AUTHORITY_TYPE_CONFIG) || map.get(CrnAuthorityConfig.CRN_AUTHORITY_TYPE_CONFIG).toString().equals(CrnAuthorityConfig.CRN_AUTHORITY_TYPE_DEFAULT)) {
            kafkaInterBrokerClientConfig(map).forEach((str, obj) -> {
                hashMap.put(NonBlockingKafkaExporterConfig.KAFKA_EXPORTER_PREFIX + str, obj);
            });
        }
        kafkaProducerOverrides().forEach((obj2, obj3) -> {
            hashMap.put(NonBlockingKafkaExporterConfig.KAFKA_EXPORTER_PREFIX + obj2, obj3);
        });
        auditLogConfig.values().entrySet().stream().filter(entry -> {
            return ((String) entry.getKey()).startsWith(ConfluentConfigs.AUDIT_EVENT_LOGGER_PREFIX);
        }).forEach(entry2 -> {
            hashMap.put(((String) entry2.getKey()).substring(ConfluentConfigs.AUDIT_PREFIX.length()), entry2.getValue());
        });
        map.entrySet().stream().filter(entry3 -> {
            return ((String) entry3.getKey()).startsWith(ConfluentConfigs.AUDIT_EVENT_LOGGER_PREFIX);
        }).forEach(entry4 -> {
            hashMap.put(((String) entry4.getKey()).substring(ConfluentConfigs.AUDIT_PREFIX.length()), entry4.getValue());
        });
        if (routerJsonConfig.bootstrapServers() != null && !routerJsonConfig.bootstrapServers().isEmpty()) {
            hashMap.put(NonBlockingKafkaExporterConfig.BOOTSTRAP_SERVERS_CONFIG, routerJsonConfig.bootstrapServers());
        }
        if (!hashMap.containsKey(NonBlockingKafkaExporterConfig.BOOTSTRAP_SERVERS_CONFIG)) {
            throw new ConfigException("Missing required property confluent.security.event.logger.exporter.kafka.bootstrap.servers. Either specify bootstrap brokers in either 'confluent.security.event.router.config' or 'confluent.security.event.logger.exporter.kafka.bootstrap.servers' or 'bootstrap.servers'");
        }
        HashMap hashMap2 = new HashMap();
        try {
            ObjectMapper objectMapper = new ObjectMapper();
            TopicSpec.Topics topics = new TopicSpec.Topics();
            String str2 = (String) map.get("confluent.security.event.logger.exporter.kafka.topic.config");
            if (str2 != null) {
                topics = (TopicSpec.Topics) objectMapper.readValue(str2, TopicSpec.Topics.class);
                topics.topics.forEach(topicSpec -> {
                });
            }
            routerJsonConfig.destinations.topics.entrySet().stream().forEach(entry5 -> {
                TopicSpec build = TopicSpec.builder().setName((String) entry5.getKey()).setTopicConfig("retention.ms", "" + ((AuditLogRouterJsonConfig.DestinationTopic) entry5.getValue()).retentionMs).build();
                if (hashMap2.containsKey(build.name())) {
                    log.warn("Overriding spec {} from {} with {} from {}", hashMap2.get(build.name()), "confluent.security.event.logger.exporter.kafka.topic.config", build, ConfluentConfigs.AUDIT_EVENT_ROUTER_CONFIG);
                }
                hashMap2.put(build.name(), build);
            });
            topics.setTopics(new ArrayList(hashMap2.values()));
            hashMap.put(NonBlockingKafkaExporterConfig.TOPIC_CONFIG, objectMapper.writeValueAsString(topics));
            hashMap.put(NonBlockingKafkaExporterConfig.EVENT_LOGGER_LOG_BLOCKING_CONFIG, false);
            return hashMap;
        } catch (IOException | IllegalArgumentException e) {
            throw new ConfigException("Invalid router config", e);
        }
    }
}
