package io.confluent.kafkarest.controllers;

import io.confluent.kafkarest.common.KafkaFutures;
import io.confluent.kafkarest.entities.Acl;
import io.confluent.kafkarest.entities.Cluster;
import io.confluent.kafkarest.entities.v3.CreateAclRequest;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.ws.rs.BadRequestException;
import org.apache.kafka.clients.admin.Admin;
import org.apache.kafka.common.KafkaFuture;
import org.apache.kafka.common.acl.AccessControlEntry;
import org.apache.kafka.common.acl.AccessControlEntryFilter;
import org.apache.kafka.common.acl.AclBinding;
import org.apache.kafka.common.acl.AclBindingFilter;
import org.apache.kafka.common.resource.ResourcePattern;
import org.apache.kafka.common.resource.ResourcePatternFilter;

/* loaded from: input_file:io/confluent/kafkarest/controllers/AclManagerImpl.class */
final class AclManagerImpl implements AclManager {
    private final Admin adminClient;
    private final ClusterManager clusterManager;

    @Inject
    AclManagerImpl(Admin admin, ClusterManager clusterManager) {
        this.adminClient = (Admin) Objects.requireNonNull(admin);
        this.clusterManager = (ClusterManager) Objects.requireNonNull(clusterManager);
    }

    @Override // io.confluent.kafkarest.controllers.AclManager
    public CompletableFuture<List<Acl>> searchAcls(String str, Acl.ResourceType resourceType, @Nullable String str2, Acl.PatternType patternType, @Nullable String str3, @Nullable String str4, Acl.Operation operation, Acl.Permission permission) {
        AclBindingFilter aclBindingFilter = new AclBindingFilter(new ResourcePatternFilter(resourceType.toAdminResourceType(), str2, patternType.toAdminPatternType()), new AccessControlEntryFilter(str3, str4, operation.toAclOperation(), permission.toAclPermissionType()));
        return this.clusterManager.getCluster(str).thenApply(optional -> {
            return (Cluster) Entities.checkEntityExists(optional, "Cluster %s cannot be found.", str);
        }).thenApply((Function<? super U, ? extends U>) cluster -> {
            return this.adminClient.describeAcls(aclBindingFilter);
        }).thenCompose(describeAclsResult -> {
            return KafkaFutures.toCompletableFuture(describeAclsResult.values());
        }).thenApply(collection -> {
            return (List) collection.stream().map(aclBinding -> {
                return toAcl(str, aclBinding);
            }).collect(Collectors.toList());
        });
    }

    @Override // io.confluent.kafkarest.controllers.AclManager
    public CompletableFuture<Void> createAcl(String str, Acl.ResourceType resourceType, String str2, Acl.PatternType patternType, String str3, String str4, Acl.Operation operation, Acl.Permission permission) {
        return submitBindings(str, Collections.singletonList(new AclBinding(new ResourcePattern(resourceType.toAdminResourceType(), str2, patternType.toAdminPatternType()), new AccessControlEntry(str3, str4, operation.toAclOperation(), permission.toAclPermissionType()))));
    }

    @Override // io.confluent.kafkarest.controllers.AclManager
    public CompletableFuture<Void> createAcls(String str, List<Acl> list) {
        return submitBindings(str, (List) list.stream().map(acl -> {
            return new AclBinding(new ResourcePattern(acl.getResourceType().toAdminResourceType(), acl.getResourceName(), acl.getPatternType().toAdminPatternType()), new AccessControlEntry(acl.getPrincipal(), acl.getHost(), acl.getOperation().toAclOperation(), acl.getPermission().toAclPermissionType()));
        }).collect(Collectors.toList()));
    }

    @Override // io.confluent.kafkarest.controllers.AclManager
    public CompletableFuture<List<Acl>> deleteAcls(String str, Acl.ResourceType resourceType, String str2, Acl.PatternType patternType, String str3, String str4, Acl.Operation operation, Acl.Permission permission) {
        AclBindingFilter aclBindingFilter = new AclBindingFilter(new ResourcePatternFilter(resourceType.toAdminResourceType(), str2, patternType.toAdminPatternType()), new AccessControlEntryFilter(str3, str4, operation.toAclOperation(), permission.toAclPermissionType()));
        return this.clusterManager.getCluster(str).thenApply(optional -> {
            return (Cluster) Entities.checkEntityExists(optional, "Cluster %s cannot be found.", str);
        }).thenApply((Function<? super U, ? extends U>) cluster -> {
            return this.adminClient.deleteAcls(Collections.singletonList(aclBindingFilter));
        }).thenCompose(deleteAclsResult -> {
            return KafkaFutures.toCompletableFuture(deleteAclsResult.values().get(aclBindingFilter));
        }).thenApply(filterResults -> {
            return (List) filterResults.values().stream().map((v0) -> {
                return v0.binding();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).map(aclBinding -> {
                return toAcl(str, aclBinding);
            }).collect(Collectors.toList());
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Acl toAcl(String str, AclBinding aclBinding) {
        return Acl.fromAclBinding(aclBinding).setClusterId(str).build();
    }

    private CompletableFuture<Void> submitBindings(String str, List<AclBinding> list) {
        return this.clusterManager.getCluster(str).thenApply(optional -> {
            return (Cluster) Entities.checkEntityExists(optional, "Cluster %s cannot be found.", str);
        }).thenApply((Function<? super U, ? extends U>) cluster -> {
            return this.adminClient.createAcls(list);
        }).thenCompose(createAclsResult -> {
            Collection<KafkaFuture<Void>> values = createAclsResult.values().values();
            return CompletableFuture.allOf((CompletableFuture[]) ((List) values.stream().map(kafkaFuture -> {
                return KafkaFutures.toCompletableFuture(kafkaFuture);
            }).collect(Collectors.toList())).toArray(new CompletableFuture[values.size()]));
        });
    }

    @Override // io.confluent.kafkarest.controllers.AclManager
    public AclManager validateAclCreateParameters(List<CreateAclRequest> list) throws BadRequestException {
        list.forEach(createAclRequest -> {
            if (createAclRequest.getResourceType() == Acl.ResourceType.ANY || createAclRequest.getResourceType() == Acl.ResourceType.UNKNOWN) {
                throw new BadRequestException("resource_type cannot be ANY");
            }
            if (createAclRequest.getPatternType() == Acl.PatternType.ANY || createAclRequest.getPatternType() == Acl.PatternType.MATCH || createAclRequest.getPatternType() == Acl.PatternType.UNKNOWN) {
                throw new BadRequestException(String.format("pattern_type cannot be %s", createAclRequest.getPatternType()));
            }
            if (createAclRequest.getOperation() == Acl.Operation.ANY || createAclRequest.getOperation() == Acl.Operation.UNKNOWN) {
                throw new BadRequestException("operation cannot be ANY");
            }
            if (createAclRequest.getPermission() == Acl.Permission.ANY || createAclRequest.getPermission() == Acl.Permission.UNKNOWN) {
                throw new BadRequestException("permission cannot be ANY");
            }
        });
        return this;
    }
}
