package io.confluent.kafka.server.plugins.auth;

import java.util.Optional;
import java.util.function.Supplier;
import org.apache.kafka.common.security.authenticator.SaslInternalConfigs;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/kafka/server/plugins/auth/DefaultDataPolicyValidationMode.class */
public enum DefaultDataPolicyValidationMode {
    NONE { // from class: io.confluent.kafka.server.plugins.auth.DefaultDataPolicyValidationMode.1
        @Override // io.confluent.kafka.server.plugins.auth.DefaultDataPolicyValidationMode
        public boolean trafficAllowed(boolean z, Optional<String> optional, DefaultDataPolicyContext defaultDataPolicyContext) {
            return true;
        }
    },
    STRICT { // from class: io.confluent.kafka.server.plugins.auth.DefaultDataPolicyValidationMode.2
        @Override // io.confluent.kafka.server.plugins.auth.DefaultDataPolicyValidationMode
        public boolean trafficAllowed(boolean z, Optional<String> optional, DefaultDataPolicyContext defaultDataPolicyContext) {
            if (z) {
                DefaultDataPolicyValidationMode.log.debug("Not allowed because the organization is denied from flat networking");
                return false;
            }
            if (!defaultDataPolicyContext.hasSslPeerCertificate.orElse(false).booleanValue()) {
                DefaultDataPolicyValidationMode.log.debug("Not allowed because no SSL peer certificate");
                return false;
            }
            if (!optional.isPresent() || !defaultDataPolicyContext.organizationId.isPresent() || !defaultDataPolicyContext.networkType.isPresent()) {
                DefaultDataPolicyValidationMode.log.debug("Not allowed because because not all information is present: local lkc organization id {}, organization id {}, network type {}", new Object[]{optional, defaultDataPolicyContext.organizationId, defaultDataPolicyContext.networkType});
                return false;
            }
            if (defaultDataPolicyContext.networkType.get() != SaslInternalConfigs.NetworkType.PRIVATE) {
                DefaultDataPolicyValidationMode.log.debug("Not allowed because network type is not private");
                return false;
            }
            if (defaultDataPolicyContext.organizationId.get().equals(optional.get())) {
                return true;
            }
            DefaultDataPolicyValidationMode.log.debug("Not allowed because organization ids are different: local lkc organization id {}, organization id {}", optional.get(), defaultDataPolicyContext.organizationId);
            return false;
        }
    };

    public static final String DEFAULT_DATA_POLICY_VALIDATION_MODE_KEY = "default_data_policy_validation_mode";
    private static final Logger log = LoggerFactory.getLogger(DefaultDataPolicyValidationMode.class);

    public static DefaultDataPolicyValidationMode fromString(String str) {
        for (DefaultDataPolicyValidationMode defaultDataPolicyValidationMode : values()) {
            if (defaultDataPolicyValidationMode.name().equalsIgnoreCase(str)) {
                return defaultDataPolicyValidationMode;
            }
        }
        log.debug("Unknown default data policy validation mode: {}. Set it to none", str);
        return NONE;
    }

    public static DefaultDataPolicyValidationMode fromConfigs(Supplier<String> supplier) {
        return fromString(supplier.get());
    }

    public abstract boolean trafficAllowed(boolean z, Optional<String> optional, DefaultDataPolicyContext defaultDataPolicyContext);
}
