package kafka.security.authorizer;

import kafka.security.authorizer.AclAuthorizer;
import kafka.server.KafkaConfig;
import kafka.server.KafkaConfig$;
import kafka.server.KafkaServer$;
import kafka.utils.Implicits$;
import kafka.utils.Implicits$MapExtensionMethods$;
import kafka.utils.Logging;
import kafka.zk.KafkaZkClient;
import kafka.zk.ZkAclStore;
import kafka.zk.ZkAclStore$;
import kafka.zk.ZkVersion$;
import org.apache.kafka.common.acl.AclBinding;
import org.apache.kafka.common.resource.ResourcePattern;
import org.apache.kafka.common.resource.ResourceType;
import org.apache.kafka.common.utils.SecurityUtils;
import org.apache.zookeeper.client.ZKClientConfig;
import scala.Function2;
import scala.MatchError;
import scala.Predef$;
import scala.collection.compat.MapExtensionMethods$;
import scala.collection.compat.package$;
import scala.collection.immutable.StringOps;
import scala.collection.mutable.Map;
import scala.runtime.BoxedUnit;
import scala.util.Failure;
import scala.util.Success;
import scala.util.Try$;

/* compiled from: AclAuthorizer.scala */
/* loaded from: input_file:kafka/security/authorizer/AclAuthorizer$.class */
public final class AclAuthorizer$ {
    public static AclAuthorizer$ MODULE$;
    private final String configPrefix;
    private final String ZkUrlProp;
    private final String ZkConnectionTimeOutProp;
    private final String ZkSessionTimeOutProp;
    private final String ZkMaxInFlightRequests;
    private final String SuperUsersProp;
    private final String AllowEveryoneIfNoAclIsFoundProp;
    private final String KafkaAdminGroupNameProp;
    private final String KafkaUserGroupNameProp;
    private final String KafkaSuperUserGroupNameProp;
    private final String UserGroupCacheTimeoutSecProp;
    private final String UserGroupQueryRetry;
    private final String UserGroupQueryRetryBackoffMs;
    private final String IsSecurityModeProp;
    private final AclAuthorizer.VersionedAcls NoAcls;
    private final String WildcardHost;

    static {
        new AclAuthorizer$();
    }

    public String configPrefix() {
        return this.configPrefix;
    }

    public String ZkUrlProp() {
        return this.ZkUrlProp;
    }

    public String ZkConnectionTimeOutProp() {
        return this.ZkConnectionTimeOutProp;
    }

    public String ZkSessionTimeOutProp() {
        return this.ZkSessionTimeOutProp;
    }

    public String ZkMaxInFlightRequests() {
        return this.ZkMaxInFlightRequests;
    }

    public String SuperUsersProp() {
        return this.SuperUsersProp;
    }

    public String AllowEveryoneIfNoAclIsFoundProp() {
        return this.AllowEveryoneIfNoAclIsFoundProp;
    }

    public String KafkaAdminGroupNameProp() {
        return this.KafkaAdminGroupNameProp;
    }

    public String KafkaUserGroupNameProp() {
        return this.KafkaUserGroupNameProp;
    }

    public String KafkaSuperUserGroupNameProp() {
        return this.KafkaSuperUserGroupNameProp;
    }

    public String UserGroupCacheTimeoutSecProp() {
        return this.UserGroupCacheTimeoutSecProp;
    }

    public String UserGroupQueryRetry() {
        return this.UserGroupQueryRetry;
    }

    public String UserGroupQueryRetryBackoffMs() {
        return this.UserGroupQueryRetryBackoffMs;
    }

    public String IsSecurityModeProp() {
        return this.IsSecurityModeProp;
    }

    public AclAuthorizer.VersionedAcls NoAcls() {
        return this.NoAcls;
    }

    public String WildcardHost() {
        return this.WildcardHost;
    }

    public ZKClientConfig zkClientConfigFromKafkaConfigAndMap(KafkaConfig kafkaConfig, Map<String, ?> map) {
        if (!new StringOps(Predef$.MODULE$.augmentString((String) map.get(new StringBuilder(0).append(configPrefix()).append(KafkaConfig$.MODULE$.ZkSslClientEnableProp()).toString()).map(obj -> {
            return obj.toString().trim();
        }).getOrElse(() -> {
            return Boolean.toString(kafkaConfig.zkSslClientEnable());
        }))).toBoolean()) {
            return new ZKClientConfig();
        }
        ZKClientConfig zkClientConfigFromKafkaConfig = KafkaServer$.MODULE$.zkClientConfigFromKafkaConfig(kafkaConfig, true);
        Implicits$MapExtensionMethods$ implicits$MapExtensionMethods$ = Implicits$MapExtensionMethods$.MODULE$;
        scala.collection.Map MapExtensionMethods = Implicits$.MODULE$.MapExtensionMethods(KafkaConfig$.MODULE$.ZkSslConfigToSystemPropertyMap());
        Function2 function2 = (str, str2) -> {
            $anonfun$zkClientConfigFromKafkaConfigAndMap$3(map, zkClientConfigFromKafkaConfig, str, str2);
            return BoxedUnit.UNIT;
        };
        if (implicits$MapExtensionMethods$ == null) {
            throw null;
        }
        MapExtensionMethods$.MODULE$.foreachEntry$extension(package$.MODULE$.toMapExtensionMethods(MapExtensionMethods), (v1, v2) -> {
            return Implicits$MapExtensionMethods$.$anonfun$forKeyValue$1(r2, v1, v2);
        });
        return zkClientConfigFromKafkaConfig;
    }

    public void kafka$security$authorizer$AclAuthorizer$$validateAclBinding(AclBinding aclBinding) {
        if (aclBinding.isUnknown()) {
            throw new IllegalArgumentException("ACL binding contains unknown elements");
        }
        if (aclBinding.pattern().name().contains("/")) {
            throw new IllegalArgumentException(new StringBuilder(44).append("ACL binding contains invalid resource name: ").append(aclBinding.pattern().name()).toString());
        }
    }

    public void loadAllAcls(KafkaZkClient kafkaZkClient, Logging logging, Function2<ResourcePattern, AclAuthorizer.VersionedAcls, BoxedUnit> function2) {
        ZkAclStore$.MODULE$.stores().foreach(zkAclStore -> {
            kafkaZkClient.getResourceTypes(zkAclStore.patternType()).foreach(str -> {
                Success apply = Try$.MODULE$.apply(() -> {
                    return SecurityUtils.resourceType(str);
                });
                if (apply instanceof Success) {
                    ResourceType resourceType = (ResourceType) apply.value();
                    kafkaZkClient.getResourceNames(zkAclStore.patternType(), resourceType).foreach(str -> {
                        ResourcePattern resourcePattern = new ResourcePattern(resourceType, str, zkAclStore.patternType());
                        function2.apply(resourcePattern, MODULE$.getAclsFromZk(kafkaZkClient, resourcePattern));
                        return BoxedUnit.UNIT;
                    });
                } else {
                    if (!(apply instanceof Failure)) {
                        throw new MatchError(apply);
                    }
                    logging.warn(() -> {
                        return new StringBuilder(31).append("Ignoring unknown ResourceType: ").append(str).toString();
                    });
                }
                return BoxedUnit.UNIT;
            });
            return BoxedUnit.UNIT;
        });
    }

    public AclAuthorizer.VersionedAcls getAclsFromZk(KafkaZkClient kafkaZkClient, ResourcePattern resourcePattern) {
        return kafkaZkClient.getVersionedAclsForResource(resourcePattern);
    }

    public static final /* synthetic */ void $anonfun$zkClientConfigFromKafkaConfigAndMap$4(ZKClientConfig zKClientConfig, String str, String str2, Object obj) {
        String trim;
        String ZkSslEndpointIdentificationAlgorithmProp = KafkaConfig$.MODULE$.ZkSslEndpointIdentificationAlgorithmProp();
        if (str2 != null ? !str2.equals(ZkSslEndpointIdentificationAlgorithmProp) : ZkSslEndpointIdentificationAlgorithmProp != null) {
            trim = obj.toString().trim();
        } else {
            String upperCase = obj.toString().trim().toUpperCase();
            trim = Boolean.toString(upperCase != null && upperCase.equals("HTTPS"));
        }
        zKClientConfig.setProperty(str, trim);
    }

    public static final /* synthetic */ void $anonfun$zkClientConfigFromKafkaConfigAndMap$3(Map map, ZKClientConfig zKClientConfig, String str, String str2) {
        map.get(new StringBuilder(0).append(MODULE$.configPrefix()).append(str).toString()).foreach(obj -> {
            $anonfun$zkClientConfigFromKafkaConfigAndMap$4(zKClientConfig, str2, str, obj);
            return BoxedUnit.UNIT;
        });
    }

    public static final /* synthetic */ void $anonfun$loadAllAcls$4(ResourceType resourceType, ZkAclStore zkAclStore, KafkaZkClient kafkaZkClient, Function2 function2, String str) {
        ResourcePattern resourcePattern = new ResourcePattern(resourceType, str, zkAclStore.patternType());
        function2.apply(resourcePattern, MODULE$.getAclsFromZk(kafkaZkClient, resourcePattern));
    }

    public static final /* synthetic */ void $anonfun$loadAllAcls$2(KafkaZkClient kafkaZkClient, ZkAclStore zkAclStore, Function2 function2, Logging logging, String str) {
        Success apply = Try$.MODULE$.apply(() -> {
            return SecurityUtils.resourceType(str);
        });
        if (apply instanceof Success) {
            ResourceType resourceType = (ResourceType) apply.value();
            kafkaZkClient.getResourceNames(zkAclStore.patternType(), resourceType).foreach(str2 -> {
                ResourcePattern resourcePattern = new ResourcePattern(resourceType, str2, zkAclStore.patternType());
                function2.apply(resourcePattern, MODULE$.getAclsFromZk(kafkaZkClient, resourcePattern));
                return BoxedUnit.UNIT;
            });
        } else {
            if (!(apply instanceof Failure)) {
                throw new MatchError(apply);
            }
            logging.warn(() -> {
                return new StringBuilder(31).append("Ignoring unknown ResourceType: ").append(str).toString();
            });
        }
    }

    private AclAuthorizer$() {
        MODULE$ = this;
        this.configPrefix = "authorizer.";
        this.ZkUrlProp = new StringBuilder(13).append(configPrefix()).append("zookeeper.url").toString();
        this.ZkConnectionTimeOutProp = new StringBuilder(31).append(configPrefix()).append("zookeeper.connection.timeout.ms").toString();
        this.ZkSessionTimeOutProp = new StringBuilder(28).append(configPrefix()).append("zookeeper.session.timeout.ms").toString();
        this.ZkMaxInFlightRequests = new StringBuilder(32).append(configPrefix()).append("zookeeper.max.in.flight.requests").toString();
        this.SuperUsersProp = "super.users";
        this.AllowEveryoneIfNoAclIsFoundProp = "allow.everyone.if.no.acl.found";
        this.KafkaAdminGroupNameProp = "kafka.admin.group.name";
        this.KafkaUserGroupNameProp = "kafka.user.group.name";
        this.KafkaSuperUserGroupNameProp = "kafka.super.user.group.name";
        this.UserGroupCacheTimeoutSecProp = "user.group.cache.timeout.sec";
        this.UserGroupQueryRetry = "user.group.query.retry";
        this.UserGroupQueryRetryBackoffMs = "user.group.query.retry.backoff.ms";
        this.IsSecurityModeProp = "is.security.mode";
        this.NoAcls = new AclAuthorizer.VersionedAcls(Predef$.MODULE$.Set().empty(), ZkVersion$.MODULE$.UnknownVersion());
        this.WildcardHost = "*";
    }
}
