package io.confluent.kafka.multitenant.integration.cluster;

import io.confluent.kafka.server.plugins.auth.DefaultDataPolicyValidationMode;
import io.confluent.kafka.server.plugins.auth.MultiTenantSaslConfigEntry;
import io.confluent.kafka.server.plugins.auth.MultiTenantSaslSecrets;
import io.confluent.kafka.server.plugins.auth.SniValidationMode;
import io.confluent.kafka.server.plugins.auth.TopicBasedPlainSaslAuthenticator;
import io.confluent.kafka.server.plugins.auth.TrafficNetworkIdValidationMode;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import org.mindrot.jbcrypt.BCrypt;

/* loaded from: input_file:io/confluent/kafka/multitenant/integration/cluster/TestPlainSaslAuthenticator.class */
public class TestPlainSaslAuthenticator extends TopicBasedPlainSaslAuthenticator {
    private static Map<String, Map<String, MultiTenantSaslConfigEntry>> brokersCredentials = new HashMap();

    public TestPlainSaslAuthenticator(Map<String, ?> map) {
        super(map);
    }

    public static void addUser(String str, UserMetadata userMetadata, String str2) {
        Map<String, MultiTenantSaslConfigEntry> map = brokersCredentials.get(str);
        if (map == null) {
            map = new HashMap();
            brokersCredentials.put(str, map);
        }
        String hashpw = BCrypt.hashpw(userMetadata.apiSecret(), BCrypt.gensalt(10));
        String str3 = str2 + "_" + userMetadata.apiKey();
        map.put(str3, new MultiTenantSaslConfigEntry("PLAIN", hashpw, "bcrypt", str3, str2, userMetadata.isServiceAccount(), userMetadata.userResourceId()));
    }

    public static void removeUser(String str, UserMetadata userMetadata, String str2) {
        Map<String, MultiTenantSaslConfigEntry> map = brokersCredentials.get(str);
        if (map == null) {
            return;
        }
        map.remove(str2 + "_" + userMetadata.apiKey());
    }

    public void initialize(List<AppConfigurationEntry> list) {
        this.mode = SniValidationMode.fromString(configEntryOption(list, "sni_host_name_validation_mode", TestPlainLoginModule.class.getName()));
        this.networkIdValidationMode = TrafficNetworkIdValidationMode.fromConfigs(this.trafficType, () -> {
            return configEntryOption(list, "traffic_network_id_validation_mode", TestPlainLoginModule.class.getName());
        });
        this.defaultDataPolicyValidationMode = DefaultDataPolicyValidationMode.fromConfigs(() -> {
            return configEntryOption(list, "default_data_policy_validation_mode", TestPlainLoginModule.class.getName());
        });
        this.log.debug("TestPlainSaslAuthenticator initialized with mode: {}, networkIdValidationMode:{}, defaultDataPolicyValidationMode:{}", new Object[]{this.mode.getText(), this.networkIdValidationMode.name(), this.defaultDataPolicyValidationMode.name()});
    }

    protected MultiTenantSaslSecrets loadSecrets() {
        Map<String, MultiTenantSaslConfigEntry> map = brokersCredentials.get(this.brokerSessionUuid);
        return map == null ? new MultiTenantSaslSecrets(Collections.emptyMap()) : new MultiTenantSaslSecrets(map);
    }
}
