package io.confluent.connect.security.config.manipulation;

import io.confluent.connect.avro.AvroConverter;
import io.confluent.connect.security.ConnectSecurityExtensionConfig;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.kafka.common.config.ConfigDef;
import org.apache.kafka.connect.runtime.rest.entities.ConfigInfo;
import org.apache.kafka.connect.runtime.rest.entities.ConfigInfos;
import org.apache.kafka.connect.runtime.rest.entities.ConfigKeyInfo;
import org.apache.kafka.connect.runtime.rest.entities.ConfigValueInfo;

/* loaded from: input_file:io/confluent/connect/security/config/manipulation/RbacBasicCredentialsManipulator.class */
public class RbacBasicCredentialsManipulator implements ConfigManipulator {
    private final ConnectSecurityExtensionConfig config;
    private final String metadataServerUrls;
    private final Map<String, String> avroKeyConverterWorkerConfigs = avroConverterWorkerConfigs("key.converter");
    private final Map<String, String> avroValueConverterWorkerConfigs = avroConverterWorkerConfigs("value.converter");
    public static final String RBAC_USERNAME_CONFIG = "principal.service.name";
    public static final String RBAC_GROUP = "RBAC";
    public static final ConfigInfo RBAC_USERNAME_CONFIG_INFO = new ConfigInfo(new ConfigKeyInfo(RBAC_USERNAME_CONFIG, ConfigDef.Type.PASSWORD.name(), false, "[hidden]", ConfigDef.Importance.HIGH.name(), "The username of the principal for this connector", RBAC_GROUP, 0, ConfigDef.Width.NONE.name(), "Connector Username", Collections.emptyList()), new ConfigValueInfo(RBAC_USERNAME_CONFIG, "[hidden]", Collections.emptyList(), Collections.emptyList(), true));
    public static final String RBAC_PASSWORD_CONFIG = "principal.service.password";
    public static final ConfigInfo RBAC_PASSWORD_CONFIG_INFO = new ConfigInfo(new ConfigKeyInfo(RBAC_PASSWORD_CONFIG, ConfigDef.Type.PASSWORD.name(), false, "[hidden]", ConfigDef.Importance.HIGH.name(), "The password of the principal for this connector", RBAC_GROUP, 0, ConfigDef.Width.NONE.name(), "Connector Password", Collections.emptyList()), new ConfigValueInfo(RBAC_PASSWORD_CONFIG, "[hidden]", Collections.emptyList(), Collections.emptyList(), true));
    public static final Set<String> CONNECTOR_CLIENT_SASL_JAAS_CONFIGS = (Set) Stream.of((Object[]) new String[]{"admin.override.", "consumer.override.", "producer.override."}).map(str -> {
        return str + "sasl.jaas.config";
    }).collect(Collectors.toSet());

    public RbacBasicCredentialsManipulator(ConnectSecurityExtensionConfig connectSecurityExtensionConfig) {
        this.config = connectSecurityExtensionConfig;
        this.metadataServerUrls = connectSecurityExtensionConfig.metadataServerUrls();
    }

    @Override // io.confluent.connect.security.config.manipulation.ConfigManipulator
    public ConfigInfos transformConfigValidateResponse(ConfigInfos configInfos) {
        ConfigInfos mutableConfigInfosCopy = mutableConfigInfosCopy(configInfos);
        mutableConfigInfosCopy.groups().add(RBAC_GROUP);
        mutableConfigInfosCopy.values().add(RBAC_USERNAME_CONFIG_INFO);
        mutableConfigInfosCopy.values().add(RBAC_PASSWORD_CONFIG_INFO);
        return mutableConfigInfosCopy;
    }

    @Override // io.confluent.connect.security.config.manipulation.ConfigManipulator
    public Map<String, String> transformIncomingConnectorConfig(Map<String, String> map) {
        String str = map.get(RBAC_USERNAME_CONFIG);
        String str2 = map.get(RBAC_PASSWORD_CONFIG);
        if (str == null || str2 == null) {
            return map;
        }
        HashMap hashMap = new HashMap(map);
        addSaslJaasConfigs(str, str2, hashMap);
        maybeAddAvroConverterCredentials("key.converter", str, str2, hashMap, this.avroKeyConverterWorkerConfigs);
        maybeAddAvroConverterCredentials("value.converter", str, str2, hashMap, this.avroValueConverterWorkerConfigs);
        return hashMap;
    }

    @Override // io.confluent.connect.security.config.manipulation.ConfigManipulator
    public Map<String, String> transformOutgoingConnectorConfig(Map<String, String> map) {
        if (!map.containsKey(RBAC_USERNAME_CONFIG) || !map.containsKey(RBAC_PASSWORD_CONFIG)) {
            return map;
        }
        HashMap hashMap = new HashMap(map);
        stripAvroConverterSecurityConfigs(hashMap);
        stripSaslJaasConfigs(hashMap);
        return hashMap;
    }

    private Map<String, String> avroConverterWorkerConfigs(String str) {
        String string = this.config.getString(str);
        if (!isAvroConverter(string)) {
            return null;
        }
        HashMap hashMap = new HashMap();
        this.config.originalsWithPrefix(str + ".", false).forEach((str2, obj) -> {
        });
        hashMap.put(str, string);
        stripAvroConverterSecurityConfigs(hashMap, str);
        return hashMap;
    }

    private static boolean isAvroConverter(String str) {
        return "Avro".equals(str) || AvroConverter.class.getName().equals(str) || AvroConverter.class.getSimpleName().equals(str);
    }

    private void addSaslJaasConfigs(String str, String str2, Map<String, String> map) {
        String rbacSaslJaasConfig = rbacSaslJaasConfig(str, str2);
        CONNECTOR_CLIENT_SASL_JAAS_CONFIGS.forEach(str3 -> {
        });
    }

    private static void maybeAddAvroConverterCredentials(String str, String str2, String str3, Map<String, String> map, Map<String, String> map2) {
        String str4 = map.get(str);
        if (isAvroConverter(str4)) {
            stripAvroConverterSecurityConfigs(map, str);
        } else if (str4 != null || map2 == null) {
            return;
        } else {
            map.putAll(map2);
        }
        map.put(str + ".basic.auth.credentials.source", "USER_INFO");
        map.put(str + ".basic.auth.user.info", str2 + ":" + str3);
    }

    private static void stripAvroConverterSecurityConfigs(Map<String, String> map) {
        stripAvroConverterSecurityConfigs(map, "key.converter", "value.converter");
    }

    private static void stripAvroConverterSecurityConfigs(Map<String, String> map, String... strArr) {
        Stream flatMap = Stream.of((Object[]) strArr).flatMap(str -> {
            return Stream.of((Object[]) new String[]{"basic.auth.credentials.source", "bearer.auth.credentials.source", "basic.auth.user.info"}).map(str -> {
                return str + "." + str;
            });
        });
        map.getClass();
        flatMap.forEach((v1) -> {
            r1.remove(v1);
        });
    }

    private static void stripSaslJaasConfigs(Map<String, String> map) {
        Set<String> set = CONNECTOR_CLIENT_SASL_JAAS_CONFIGS;
        map.getClass();
        set.forEach((v1) -> {
            r1.remove(v1);
        });
    }

    private String rbacSaslJaasConfig(String str, String str2) {
        return String.format("org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required username=\"%s\" password=\"%s\" metadataServerUrls=\"%s\";", str, str2, this.metadataServerUrls);
    }

    private static ConfigInfos mutableConfigInfosCopy(ConfigInfos configInfos) {
        return new ConfigInfos(configInfos.name(), configInfos.errorCount(), new ArrayList(configInfos.groups()), new ArrayList(configInfos.values()));
    }
}
