package io.confluent.ksql.api.impl;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.confluent.kafka.schemaregistry.client.SchemaRegistryClient;
import io.confluent.ksql.api.auth.ApiSecurityContext;
import io.confluent.ksql.rest.client.KsqlClient;
import io.confluent.ksql.rest.server.services.RestServiceContextFactory;
import io.confluent.ksql.security.KsqlPrincipal;
import io.confluent.ksql.security.KsqlSecurityContext;
import io.confluent.ksql.security.KsqlSecurityExtension;
import io.confluent.ksql.services.ConnectClientFactory;
import io.confluent.ksql.util.KsqlConfig;
import java.security.Principal;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.Supplier;

/* loaded from: input_file:io/confluent/ksql/api/impl/DefaultKsqlSecurityContextProvider.class */
public class DefaultKsqlSecurityContextProvider implements KsqlSecurityContextProvider {
    private final KsqlSecurityExtension securityExtension;
    private final RestServiceContextFactory.DefaultServiceContextFactory defaultServiceContextFactory;
    private final RestServiceContextFactory.UserServiceContextFactory userServiceContextFactory;
    private final KsqlConfig ksqlConfig;
    private final Supplier<SchemaRegistryClient> schemaRegistryClientFactory;
    private final ConnectClientFactory connectClientFactory;
    private final KsqlClient sharedClient;

    @SuppressFBWarnings({"EI_EXPOSE_REP2"})
    public DefaultKsqlSecurityContextProvider(KsqlSecurityExtension ksqlSecurityExtension, RestServiceContextFactory.DefaultServiceContextFactory defaultServiceContextFactory, RestServiceContextFactory.UserServiceContextFactory userServiceContextFactory, KsqlConfig ksqlConfig, Supplier<SchemaRegistryClient> supplier, ConnectClientFactory connectClientFactory, KsqlClient ksqlClient) {
        this.securityExtension = ksqlSecurityExtension;
        this.defaultServiceContextFactory = defaultServiceContextFactory;
        this.userServiceContextFactory = userServiceContextFactory;
        this.ksqlConfig = ksqlConfig;
        this.schemaRegistryClientFactory = supplier;
        this.connectClientFactory = connectClientFactory;
        this.sharedClient = ksqlClient;
    }

    @Override // io.confluent.ksql.api.impl.KsqlSecurityContextProvider
    public KsqlSecurityContext provide(ApiSecurityContext apiSecurityContext) {
        Optional<KsqlPrincipal> principal = apiSecurityContext.getPrincipal();
        Optional<String> authHeader = apiSecurityContext.getAuthHeader();
        List<Map.Entry<String, String>> requestHeaders = apiSecurityContext.getRequestHeaders();
        return !(this.securityExtension != null && this.securityExtension.getUserContextProvider().isPresent() && principal.isPresent()) ? new KsqlSecurityContext(principal, this.defaultServiceContextFactory.create(this.ksqlConfig, authHeader, this.schemaRegistryClientFactory, this.connectClientFactory, this.sharedClient, requestHeaders, principal)) : (KsqlSecurityContext) this.securityExtension.getUserContextProvider().map(ksqlUserContextProvider -> {
            return new KsqlSecurityContext(principal, this.userServiceContextFactory.create(this.ksqlConfig, authHeader, ksqlUserContextProvider.getKafkaClientSupplier((Principal) principal.get()), ksqlUserContextProvider.getSchemaRegistryClientFactory((Principal) principal.get()), this.connectClientFactory, this.sharedClient, requestHeaders, principal));
        }).get();
    }

    @Override // io.confluent.ksql.api.impl.KsqlSecurityContextProvider
    public void close() {
        this.connectClientFactory.close();
    }
}
