package org.apache.kafka.metadata;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.kafka.common.Uuid;
import org.apache.kafka.common.errors.InvalidConfigurationException;
import org.apache.kafka.common.metadata.InstallMetadataEncryptorRecord;

/* loaded from: input_file:org/apache/kafka/metadata/MetadataEncryptorFactory.class */
public class MetadataEncryptorFactory {
    public static final String ACTIVE = "confluent.metadata.active.encryptor";
    public static final String CLASSES = "confluent.metadata.encryptor.classes";
    public static final String SECRETS = "confluent.metadata.encryptor.secrets";
    public static final long NO_OP_ENCRYPTOR_CREATE_TIME_MILLIS_SINCE_EPOCH = -62125920000000L;
    private final Map<Uuid, MetadataEncryptorConfig> configs;
    private final Set<Uuid> legacyEncryptorIds;
    private final Uuid activeIdFromLegacyConfig;
    public static final MetadataEncryptorFactory NO_ENCRYPTION_FACTORY = new MetadataEncryptorFactory();
    public static final OffsetDateTime UNIX_EPOCH = OffsetDateTime.of(1970, 1, 1, 0, 0, 0, 0, ZoneOffset.UTC);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/kafka/metadata/MetadataEncryptorFactory$MetadataEncryptorConfig.class */
    public static class MetadataEncryptorConfig {
        final OffsetDateTime created;
        final String className;
        final byte[] secret;

        MetadataEncryptorConfig(OffsetDateTime offsetDateTime, String str, byte[] bArr) {
            this.created = offsetDateTime;
            this.className = str;
            this.secret = bArr;
        }
    }

    private static Uuid parseUuid(String str) {
        try {
            return Uuid.fromString(str);
        } catch (Exception e) {
            throw new InvalidConfigurationException("Unable to parse confluent.metadata.active.encryptor", e);
        }
    }

    private static Map<Uuid, String> parseKeyMap(String str, String str2) {
        try {
            return parseCompoundConfigValue(str2);
        } catch (Exception e) {
            throw new InvalidConfigurationException("Unable to parse " + str, e);
        }
    }

    private static MetadataEncryptorSecrets parseFile(String str) {
        if (str.equals("")) {
            return null;
        }
        try {
            return (MetadataEncryptorSecrets) getNewObjectMapper().readValue(new File(str), MetadataEncryptorSecrets.class);
        } catch (Exception e) {
            throw new InvalidConfigurationException("Metadata encryption secrets could not be loaded from " + str, e);
        }
    }

    private static byte[] decodeSecret(String str) {
        try {
            return Base64.getUrlDecoder().decode(str);
        } catch (Exception e) {
            throw new InvalidConfigurationException("Unable to base64 decode secretString " + str, e);
        }
    }

    public MetadataEncryptorFactory() {
        this(Collections.emptyMap());
    }

    public MetadataEncryptorFactory(Map<String, Object> map) {
        this(parseUuid(map.getOrDefault(ACTIVE, Uuid.ZERO_UUID).toString()), parseKeyMap(CLASSES, map.getOrDefault(CLASSES, "").toString()), parseKeyMap(SECRETS, map.getOrDefault(SECRETS, "").toString()), parseFile(map.getOrDefault("confluent.metadata.encryptor.secret.file", "").toString()));
    }

    public static MetadataEncryptorFactory fromProperties(Properties properties) {
        return new MetadataEncryptorFactory(parseUuid(properties.getOrDefault(ACTIVE, Uuid.ZERO_UUID).toString()), parseKeyMap(CLASSES, properties.getOrDefault(CLASSES, "").toString()), parseKeyMap(SECRETS, properties.getOrDefault(SECRETS, "").toString()), parseFile(properties.getOrDefault("confluent.metadata.encryptor.secret.file", "").toString()));
    }

    static ObjectMapper getNewObjectMapper() {
        return new ObjectMapper();
    }

    private MetadataEncryptorFactory(Uuid uuid, Map<Uuid, String> map, Map<Uuid, String> map2, MetadataEncryptorSecrets metadataEncryptorSecrets) {
        this.activeIdFromLegacyConfig = uuid;
        HashMap hashMap = new HashMap();
        for (Map.Entry<Uuid, String> entry : map.entrySet()) {
            Uuid key = entry.getKey();
            String value = entry.getValue();
            String str = map2.get(key);
            if (str == null) {
                throw new InvalidConfigurationException("No secret configured for " + String.valueOf(key));
            }
            hashMap.put(key, new MetadataEncryptorConfig(UNIX_EPOCH, value, decodeSecret(str)));
        }
        this.legacyEncryptorIds = Collections.unmodifiableSet(map.keySet());
        if (metadataEncryptorSecrets != null && metadataEncryptorSecrets.entries().size() != 0) {
            for (Map.Entry<String, MetadataEncryptorConfigEntry> entry2 : metadataEncryptorSecrets.entries().entrySet()) {
                MetadataEncryptorConfigEntry value2 = entry2.getValue();
                hashMap.put(parseUuid(entry2.getKey()), new MetadataEncryptorConfig(value2.getCreated().toInstant().atOffset(ZoneOffset.UTC), value2.getClassName(), decodeSecret(value2.getBytes())));
            }
        }
        this.configs = Collections.unmodifiableMap(hashMap);
    }

    private static Map<Uuid, String> parseCompoundConfigValue(String str) {
        String[] split = str.split(",");
        HashMap hashMap = new HashMap();
        for (String str2 : split) {
            String trim = str2.trim();
            if (!trim.isEmpty()) {
                int indexOf = trim.indexOf(61);
                if (indexOf < 0) {
                    throw new RuntimeException("Invalid format: no equals sign found in entry.");
                }
                hashMap.put(Uuid.fromString(trim.substring(0, indexOf)), trim.substring(indexOf + 1));
            }
        }
        return hashMap;
    }

    public MetadataEncryptor createFromConfig(InstallMetadataEncryptorRecord installMetadataEncryptorRecord) {
        return createFromConfig(installMetadataEncryptorRecord.keyId());
    }

    public boolean hasKeyConfiguration(Uuid uuid) {
        return this.configs.containsKey(uuid);
    }

    public MetadataEncryptor createFromConfig(Uuid uuid) {
        if (uuid == null) {
            throw new IllegalStateException("encryptor Id can't be null");
        }
        if (uuid.equals(Uuid.ZERO_UUID)) {
            return NoOpMetadataEncryptor.INSTANCE;
        }
        MetadataEncryptorConfig metadataEncryptorConfig = this.configs.get(uuid);
        if (metadataEncryptorConfig == null) {
            throw new InvalidConfigurationException("No configuration found for metadata encryptor " + String.valueOf(uuid));
        }
        try {
            try {
                try {
                    return (MetadataEncryptor) Class.forName(metadataEncryptorConfig.className).getConstructor(Uuid.class, byte[].class).newInstance(uuid, metadataEncryptorConfig.secret);
                } catch (ClassCastException | ReflectiveOperationException e) {
                    throw new RuntimeException("Problem invoking constructor for " + metadataEncryptorConfig.className + " for metadata encryptor " + String.valueOf(uuid), e);
                }
            } catch (ReflectiveOperationException e2) {
                throw new RuntimeException("Unable to load constructor for " + metadataEncryptorConfig.className + " for metadata encryptor " + String.valueOf(uuid), e2);
            }
        } catch (ReflectiveOperationException e3) {
            throw new RuntimeException("Unable to load class " + metadataEncryptorConfig.className + " for metadata encryptor " + String.valueOf(uuid), e3);
        }
    }

    public MetadataEncryptor createRandom(String str) {
        try {
            try {
                try {
                    return (MetadataEncryptor) Class.forName(str).getConstructor(new Class[0]).newInstance(new Object[0]);
                } catch (ClassCastException | ReflectiveOperationException e) {
                    throw new RuntimeException("Problem invoking constructor for " + str + " for new random metadata encryptor.", e);
                }
            } catch (ReflectiveOperationException e2) {
                throw new RuntimeException("Unable to load constructor for " + str + " for new random metadata encryptor.", e2);
            }
        } catch (ReflectiveOperationException e3) {
            throw new RuntimeException("Unable to load class " + str + " for new random metadata encryptor.", e3);
        }
    }

    public boolean isAwareOfAtLeastOneEncryptor() {
        return (this.activeIdFromLegacyConfig.equals(Uuid.ZERO_UUID) && this.configs.size() == 0) ? false : true;
    }

    public Uuid activeIdFromLegacyConfig() {
        return this.activeIdFromLegacyConfig;
    }

    public Set<Uuid> legacyEncryptorIds() {
        return this.legacyEncryptorIds;
    }

    public Set<Uuid> getAllKnownEncryptorIds() {
        return Collections.unmodifiableSet(this.configs.keySet());
    }

    public long getCreateTimeMillisSinceEpoch(Uuid uuid) {
        if (uuid.equals(Uuid.ZERO_UUID)) {
            return NO_OP_ENCRYPTOR_CREATE_TIME_MILLIS_SINCE_EPOCH;
        }
        MetadataEncryptorConfig metadataEncryptorConfig = this.configs.get(uuid);
        if (metadataEncryptorConfig == null) {
            throw new IllegalArgumentException("Unknown encryptor ID " + String.valueOf(uuid));
        }
        return metadataEncryptorConfig.created.toInstant().toEpochMilli();
    }

    public Set<Uuid> getNewerKnownEncryptorIds(Set<Uuid> set, Uuid uuid) {
        if (uuid.equals(Uuid.ZERO_UUID)) {
            return Collections.unmodifiableSet((Set) set.stream().filter(this::hasKeyConfiguration).collect(Collectors.toSet()));
        }
        MetadataEncryptorConfig metadataEncryptorConfig = this.configs.get(uuid);
        if (metadataEncryptorConfig == null) {
            throw new IllegalStateException("Unknown supposedly-active encryptor ID " + String.valueOf(uuid) + " (should never happen)");
        }
        OffsetDateTime offsetDateTime = metadataEncryptorConfig.created;
        if (offsetDateTime == null) {
            throw new IllegalStateException("Unknown creation date for encryptor " + String.valueOf(uuid) + " (should never happen)");
        }
        return Collections.unmodifiableSet((Set) set.stream().filter(uuid2 -> {
            return hasKeyConfiguration(uuid2) && offsetDateTime.isBefore(this.configs.get(uuid2).created);
        }).collect(Collectors.toSet()));
    }

    public OffsetDateTime getCreateDateForEncryptor(Uuid uuid) {
        MetadataEncryptorConfig metadataEncryptorConfig = this.configs.get(uuid);
        if (metadataEncryptorConfig == null) {
            return null;
        }
        return metadataEncryptorConfig.created;
    }
}
