package io.confluent.rbacdb.provider;

import io.confluent.rbacdb.config.DbAuthStoreConfig;
import io.confluent.rbacdb.exception.DbAuthStoreException;
import io.confluent.rbacdb.kafka.DbAuthStore;
import io.confluent.rbacdb.orm.RbacOrmDbService;
import io.confluent.rbacdb.orm.RbacOrmService;
import io.confluent.security.auth.metadata.AuthStore;
import io.confluent.security.auth.provider.ConfluentProvider;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.rbac.RbacRoles;
import java.util.List;
import java.util.Map;
import org.apache.kafka.common.utils.Utils;
import org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo;

/* loaded from: input_file:io/confluent/rbacdb/provider/ControlPlaneDBProvider.class */
public class ControlPlaneDBProvider extends ConfluentProvider {
    public static final String PROVIDER_NAME = "CC_CONTROL_PLANE_MDS_DB";
    RbacOrmService ormService;

    public String providerName() {
        return PROVIDER_NAME;
    }

    protected AuthStore createAuthStore(Scope scope, ConfluentAuthorizerServerInfo confluentAuthorizerServerInfo, Map<String, ?> map) {
        DbAuthStoreConfig dbAuthStoreConfig = new DbAuthStoreConfig(map);
        String string = dbAuthStoreConfig.getString(DbAuthStoreConfig.DB_URL_CONFIG);
        String string2 = dbAuthStoreConfig.getString(DbAuthStoreConfig.DB_USERNAME_CONFIG);
        String value = dbAuthStoreConfig.getPassword(DbAuthStoreConfig.DB_PASSWORD_CONFIG).value();
        if (string == null || string2 == null || value == null) {
            throw new DbAuthStoreException("Missing configuration for DB Auth Store");
        }
        int intValue = dbAuthStoreConfig.getInt(DbAuthStoreConfig.DB_CONNECTION_POOL_SIZE_CONFIG).intValue();
        boolean booleanValue = dbAuthStoreConfig.getBoolean(DbAuthStoreConfig.DB_SKIP_HEALTHCHECK_CONFIG).booleanValue();
        RbacRoles loadRbacRoles = loadRbacRoles(confluentAuthorizerServerInfo);
        try {
            this.ormService = new RbacOrmDbService(loadRbacRoles, string, string2, value, booleanValue, intValue);
            DbAuthStore dbAuthStore = new DbAuthStore(loadRbacRoles, scope, dbAuthStoreConfig, this.ormService, confluentAuthorizerServerInfo.metrics());
            dbAuthStore.configure(map);
            return dbAuthStore;
        } catch (Exception e) {
            throw new DbAuthStoreException("Unable to create RbacOrmDbService", e);
        }
    }

    public void close() {
        Utils.closeQuietly(this.ormService, "RbacOrmDbService");
        super.close();
    }

    private static RbacRoles loadRbacRoles(ConfluentAuthorizerServerInfo confluentAuthorizerServerInfo) {
        List additionalRoleDefFiles = confluentAuthorizerServerInfo.additionalRoleDefFiles();
        return (additionalRoleDefFiles == null || additionalRoleDefFiles.size() <= 0) ? RbacRoles.loadDefaultPolicy(true) : RbacRoles.loadCloudPolicyWith(additionalRoleDefFiles);
    }
}
