package io.confluent.kafka.security.authorizer;

import io.confluent.kafka.multitenant.utils.AuthUtils;
import io.confluent.kafka.security.audit.event.ConfluentAuthenticationEvent;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.authorizer.provider.ConfluentAuthorizationEvent;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.UnaryOperator;
import org.apache.kafka.common.ClusterResource;
import org.apache.kafka.common.ClusterResourceListener;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.server.audit.AuditEvent;
import org.apache.kafka.server.audit.AuditEventType;
import org.apache.kafka.server.audit.AuditLogProvider;
import org.apache.kafka.server.audit.AuthenticationEvent;
import org.apache.kafka.test.TestUtils;

/* loaded from: input_file:io/confluent/kafka/security/authorizer/MockAuditLogProvider.class */
public class MockAuditLogProvider implements AuditLogProvider, ClusterResourceListener {
    public static final String AUDIT_PROVIDER_CONFIG = "ce.broker.plugins.test.audit.provider.config";
    public static final Map<String, MockAuditLogProvider> INSTANCES = new HashMap();
    public final List<ConfluentAuthorizationEvent> authorizationLog = new ArrayList();
    public final List<AuthenticationEvent> authenticationLog = new ArrayList();
    private final ArrayList<String> states = new ArrayList<>();
    private boolean fail = false;
    private UnaryOperator<AuditEvent> santizer;
    private Scope scope;

    public Set<String> reconfigurableConfigs() {
        return Collections.emptySet();
    }

    public void validateReconfiguration(Map<String, ?> map) throws ConfigException {
    }

    public void reconfigure(Map<String, ?> map) {
    }

    public void configure(Map<String, ?> map) {
        String brokerSessionUuid = AuthUtils.getBrokerSessionUuid(map);
        synchronized (INSTANCES) {
            MockAuditLogProvider mockAuditLogProvider = INSTANCES.get(brokerSessionUuid);
            if (mockAuditLogProvider == null) {
                INSTANCES.put(brokerSessionUuid, this);
            } else if (this != mockAuditLogProvider) {
                throw new UnsupportedOperationException("MockAuditLogProvider instance already exists for broker session " + brokerSessionUuid);
            }
        }
        this.states.add("configured");
    }

    public CompletionStage<Void> start(Map<String, ?> map) {
        this.states.add("started");
        return new CompletableFuture();
    }

    public boolean providerConfigured(Map<String, ?> map) {
        if ("TEST".equals(map.get(AUDIT_PROVIDER_CONFIG))) {
            return (map.containsKey("confluent.security.event.logger.enable") && "false".equals(map.get("confluent.security.event.logger.enable"))) ? false : true;
        }
        return false;
    }

    public void setSanitizer(UnaryOperator<AuditEvent> unaryOperator) {
        this.santizer = unaryOperator;
    }

    public boolean usesMetadataFromThisKafkaCluster() {
        return false;
    }

    public void logEvent(AuditEvent auditEvent) {
        if (this.fail) {
            throw new RuntimeException("MockAuditLogProvider intentional failure");
        }
        if (auditEvent.type() == AuditEventType.AUTHORIZATION) {
            handleAuthorizationEvent((ConfluentAuthorizationEvent) auditEvent);
        } else {
            if (auditEvent.type() != AuditEventType.AUTHENTICATION) {
                throw new UnsupportedOperationException("Event type is not supported: " + String.valueOf(auditEvent.type()));
            }
            handleAuthenticationEvent((AuthenticationEvent) auditEvent);
        }
    }

    public void logEvent(AuditEvent auditEvent, boolean z) {
        logEvent(auditEvent);
    }

    private void handleAuthenticationEvent(AuthenticationEvent authenticationEvent) {
        ConfluentAuthenticationEvent confluentAuthenticationEvent = authenticationEvent instanceof ConfluentAuthenticationEvent ? (ConfluentAuthenticationEvent) authenticationEvent : new ConfluentAuthenticationEvent(authenticationEvent, this.scope);
        if (this.santizer != null) {
            confluentAuthenticationEvent = (ConfluentAuthenticationEvent) this.santizer.apply(confluentAuthenticationEvent);
        }
        this.authenticationLog.add(confluentAuthenticationEvent);
    }

    private void handleAuthorizationEvent(ConfluentAuthorizationEvent confluentAuthorizationEvent) {
        if (this.santizer != null) {
            confluentAuthorizationEvent = (ConfluentAuthorizationEvent) this.santizer.apply(confluentAuthorizationEvent);
        }
        if ((confluentAuthorizationEvent.action().logIfAllowed() && confluentAuthorizationEvent.authorizeResult() == AuthorizeResult.ALLOWED) || (confluentAuthorizationEvent.action().logIfDenied() && confluentAuthorizationEvent.authorizeResult() == AuthorizeResult.DENIED)) {
            this.authorizationLog.add(confluentAuthorizationEvent);
        }
    }

    public void close(String str) throws Exception {
        synchronized (INSTANCES) {
            MockAuditLogProvider mockAuditLogProvider = INSTANCES.get(str);
            if (mockAuditLogProvider == this) {
                mockAuditLogProvider.close();
                INSTANCES.remove(str);
            }
        }
    }

    public void close() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConfluentAuthorizationEvent lastAuthorizationEntry() {
        return this.authorizationLog.get(this.authorizationLog.size() - 1);
    }

    public AuthenticationEvent lastAuthenticationEntry() {
        return this.authenticationLog.get(this.authenticationLog.size() - 1);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void ensureStarted() throws Exception {
        TestUtils.waitForCondition(() -> {
            return this.states.equals(Arrays.asList("configured", "started"));
        }, "Audit log provider not started, states=" + String.valueOf(this.states));
    }

    public static MockAuditLogProvider getInstance(String str) {
        MockAuditLogProvider mockAuditLogProvider;
        synchronized (INSTANCES) {
            mockAuditLogProvider = INSTANCES.get(str);
        }
        return mockAuditLogProvider;
    }

    public static void reset() {
        synchronized (INSTANCES) {
            INSTANCES.clear();
        }
    }

    public void resetEvents() {
        this.authenticationLog.clear();
        this.authorizationLog.clear();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setFail(boolean z) {
        this.fail = z;
    }

    public void onUpdate(ClusterResource clusterResource) {
        this.scope = Scope.kafkaClusterScope(clusterResource.clusterId());
    }
}
