package com.purbon.kafka.topology.roles.acls;

import com.purbon.kafka.topology.BindingsBuilderProvider;
import com.purbon.kafka.topology.Configuration;
import com.purbon.kafka.topology.api.adminclient.AclBuilder;
import com.purbon.kafka.topology.model.DynamicUser;
import com.purbon.kafka.topology.model.JulieRoleAcl;
import com.purbon.kafka.topology.model.users.Connector;
import com.purbon.kafka.topology.model.users.Consumer;
import com.purbon.kafka.topology.model.users.KSqlApp;
import com.purbon.kafka.topology.model.users.Other;
import com.purbon.kafka.topology.model.users.Producer;
import com.purbon.kafka.topology.model.users.platform.KsqlServerInstance;
import com.purbon.kafka.topology.model.users.platform.SchemaRegistryInstance;
import com.purbon.kafka.topology.roles.TopologyAclBinding;
import com.purbon.kafka.topology.utils.Utils;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.kafka.common.acl.AccessControlEntry;
import org.apache.kafka.common.acl.AclBinding;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.acl.AclPermissionType;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.resource.ResourcePattern;
import org.apache.kafka.common.resource.ResourceType;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/purbon/kafka/topology/roles/acls/AclsBindingsBuilder.class */
public class AclsBindingsBuilder implements BindingsBuilderProvider {
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) AclsBindingsBuilder.class);
    private static final String KAFKA_CLUSTER_NAME = "kafka-cluster";
    private final Configuration config;

    public AclsBindingsBuilder(Configuration configuration) {
        this.config = configuration;
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> buildBindingsForConnect(Connector connector, String str) {
        String principal = connector.getPrincipal();
        Stream<String> asNullableStream = Utils.asNullableStream(connector.getTopics().get(DynamicUser.READ_TOPICS));
        Stream<String> asNullableStream2 = Utils.asNullableStream(connector.getTopics().get(DynamicUser.WRITE_TOPICS));
        ArrayList arrayList = new ArrayList();
        for (String str2 : Arrays.asList(connector.statusTopicString(), connector.offsetTopicString(), connector.configsTopicString())) {
            arrayList.add(buildTopicLevelAcl(principal, str2, PatternType.LITERAL, AclOperation.READ));
            arrayList.add(buildTopicLevelAcl(principal, str2, PatternType.LITERAL, AclOperation.WRITE));
        }
        if (this.config.enabledConnectorTopicCreateAcl()) {
            arrayList.add(new AclBinding(new ResourcePattern(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL), new AccessControlEntry(principal, "*", AclOperation.CREATE, AclPermissionType.ALLOW)));
        }
        arrayList.add(new AclBinding(new ResourcePattern(ResourceType.GROUP, connector.groupString(), PatternType.LITERAL), new AccessControlEntry(principal, "*", AclOperation.READ, AclPermissionType.ALLOW)));
        Stream<R> map = asNullableStream.map(str3 -> {
            return buildTopicLevelAcl(principal, str3, PatternType.LITERAL, AclOperation.READ);
        });
        Objects.requireNonNull(arrayList);
        map.forEach((v1) -> {
            r1.add(v1);
        });
        Stream<R> map2 = asNullableStream2.map(str4 -> {
            return buildTopicLevelAcl(principal, str4, PatternType.LITERAL, AclOperation.WRITE);
        });
        Objects.requireNonNull(arrayList);
        map2.forEach((v1) -> {
            r1.add(v1);
        });
        return toList(arrayList.stream());
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> buildBindingsForStreamsApp(String str, String str2, List<String> list, List<String> list2, boolean z) {
        return toList(streamsAppStream(str, str2, list, list2, z));
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> buildBindingsForConsumers(Collection<Consumer> collection, String str, boolean z) {
        return toList(collection.stream().flatMap(consumer -> {
            return consumerAclsStream(consumer, str, z);
        }));
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> buildBindingsForProducers(Collection<Producer> collection, String str, boolean z) {
        return toList(collection.stream().flatMap(producer -> {
            return producerAclsStream(producer, str, z);
        }));
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> buildBindingsForSchemaRegistry(SchemaRegistryInstance schemaRegistryInstance) {
        return toList(schemaRegistryAclsStream(schemaRegistryInstance));
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> buildBindingsForControlCenter(String str, String str2) {
        return toList(controlCenterStream(str, str2));
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public Collection<TopologyAclBinding> buildBindingsForKSqlServer(KsqlServerInstance ksqlServerInstance) {
        return toList(ksqlServerStream(ksqlServerInstance));
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public Collection<TopologyAclBinding> buildBindingsForKSqlApp(KSqlApp kSqlApp, String str) {
        return toList(ksqlAppStream(kSqlApp, str));
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public Collection<TopologyAclBinding> buildBindingsForJulieRole(Other other, String str, List<JulieRoleAcl> list) throws IOException {
        ArrayList arrayList = new ArrayList();
        for (JulieRoleAcl julieRoleAcl : list) {
            ResourceType fromString = ResourceType.fromString(julieRoleAcl.getResourceType());
            PatternType fromString2 = PatternType.fromString(julieRoleAcl.getPatternType());
            AclOperation fromString3 = AclOperation.fromString(julieRoleAcl.getOperation());
            if (fromString.isUnknown() || fromString2.isUnknown() || fromString3.isUnknown()) {
                throw new IOException("Unknown ACL setting being used resourceType=" + julieRoleAcl.getResourceType() + " (" + fromString + "), patternType=" + julieRoleAcl.getPatternType() + " (" + fromString2 + "), aclOperation=" + julieRoleAcl.getOperation() + " (" + fromString3 + ")");
            }
            arrayList.add(new TopologyAclBinding(new AclBuilder(other.getPrincipal()).addResource(fromString, julieRoleAcl.getResourceName(), fromString2).addControlEntry(julieRoleAcl.getHost(), fromString3, AclPermissionType.ALLOW).build()));
        }
        return arrayList;
    }

    private List<TopologyAclBinding> toList(Stream<AclBinding> stream) {
        return (List) stream.map(TopologyAclBinding::new).collect(Collectors.toList());
    }

    private Stream<AclBinding> producerAclsStream(Producer producer, String str, boolean z) {
        PatternType patternType = z ? PatternType.PREFIXED : PatternType.LITERAL;
        ArrayList arrayList = new ArrayList();
        String principal = producer.getPrincipal();
        Stream map = Stream.of((Object[]) new AclOperation[]{AclOperation.DESCRIBE, AclOperation.WRITE}).map(aclOperation -> {
            return buildTopicLevelAcl(principal, str, patternType, aclOperation);
        });
        Objects.requireNonNull(arrayList);
        map.forEach((v1) -> {
            r1.add(v1);
        });
        producer.getTransactionId().ifPresent(str2 -> {
            arrayList.add(buildTransactionIdLevelAcl(producer.getPrincipal(), evaluateResourcePattern(str2), evaluateResourcePatternType(str2), AclOperation.DESCRIBE));
            arrayList.add(buildTransactionIdLevelAcl(producer.getPrincipal(), evaluateResourcePattern(str2), evaluateResourcePatternType(str2), AclOperation.WRITE));
        });
        if (producer.getTransactionId().isPresent() || producer.getIdempotence().isPresent()) {
            arrayList.add(new AclBinding(new ResourcePattern(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL), new AccessControlEntry(producer.getPrincipal(), "*", AclOperation.IDEMPOTENT_WRITE, AclPermissionType.ALLOW)));
        }
        return arrayList.stream();
    }

    private Stream<AclBinding> consumerAclsStream(Consumer consumer, String str, boolean z) {
        PatternType patternType = z ? PatternType.PREFIXED : PatternType.LITERAL;
        String principal = consumer.getPrincipal();
        return Stream.of((Object[]) new AclBinding[]{buildTopicLevelAcl(principal, str, patternType, AclOperation.DESCRIBE), buildTopicLevelAcl(principal, str, patternType, AclOperation.READ), buildGroupLevelAcl(principal, evaluateResourcePattern(consumer.groupString()), evaluateResourcePatternType(consumer.groupString()), AclOperation.READ)});
    }

    private Stream<AclBinding> streamsAppStream(String str, String str2, List<String> list, List<String> list2, boolean z) {
        ArrayList arrayList = new ArrayList();
        list.forEach(str3 -> {
            arrayList.add(buildTopicLevelAcl(str, str3, PatternType.LITERAL, AclOperation.READ));
        });
        list2.forEach(str4 -> {
            arrayList.add(buildTopicLevelAcl(str, str4, PatternType.LITERAL, AclOperation.WRITE));
        });
        arrayList.add(buildTopicLevelAcl(str, str2, PatternType.PREFIXED, AclOperation.ALL));
        arrayList.add(buildGroupLevelAcl(str, str2, PatternType.PREFIXED, AclOperation.READ));
        if (z) {
            arrayList.add(buildTransactionIdLevelAcl(str, str2, PatternType.PREFIXED, AclOperation.WRITE));
            arrayList.add(buildTransactionIdLevelAcl(str, str2, PatternType.PREFIXED, AclOperation.DESCRIBE));
        }
        return arrayList.stream();
    }

    private Stream<AclBinding> schemaRegistryAclsStream(SchemaRegistryInstance schemaRegistryInstance) {
        String principal = schemaRegistryInstance.getPrincipal();
        List list = (List) Stream.of((Object[]) new AclOperation[]{AclOperation.CREATE, AclOperation.DESCRIBE_CONFIGS, AclOperation.DESCRIBE, AclOperation.WRITE, AclOperation.READ}).map(aclOperation -> {
            return buildTopicLevelAcl(principal, schemaRegistryInstance.topicString(), PatternType.LITERAL, aclOperation);
        }).collect(Collectors.toList());
        list.add(buildTopicLevelAcl(principal, schemaRegistryInstance.consumerOffsetsTopicString(), PatternType.LITERAL, AclOperation.DESCRIBE));
        list.add(buildGroupLevelAcl(principal, schemaRegistryInstance.groupString(), PatternType.LITERAL, AclOperation.READ));
        return list.stream();
    }

    private Stream<AclBinding> controlCenterStream(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(buildGroupLevelAcl(str, str2, PatternType.PREFIXED, AclOperation.READ));
        arrayList.add(buildGroupLevelAcl(str, str2 + "-command", PatternType.PREFIXED, AclOperation.READ));
        arrayList.add(buildGroupLevelAcl(str, "*", PatternType.LITERAL, AclOperation.DESCRIBE));
        Arrays.asList(this.config.getConfluentMonitoringTopic(), this.config.getConfluentCommandTopic(), this.config.getConfluentMetricsTopic()).forEach(str3 -> {
            Stream map = Stream.of((Object[]) new AclOperation[]{AclOperation.WRITE, AclOperation.READ, AclOperation.CREATE, AclOperation.DESCRIBE}).map(aclOperation -> {
                return buildTopicLevelAcl(str, str3, PatternType.LITERAL, aclOperation);
            });
            Objects.requireNonNull(arrayList);
            map.forEach((v1) -> {
                r1.add(v1);
            });
        });
        Stream map = Stream.of((Object[]) new AclOperation[]{AclOperation.WRITE, AclOperation.READ, AclOperation.CREATE, AclOperation.DESCRIBE}).map(aclOperation -> {
            return buildTopicLevelAcl(str, "_confluent-controlcenter", PatternType.PREFIXED, aclOperation);
        });
        Objects.requireNonNull(arrayList);
        map.forEach((v1) -> {
            r1.add(v1);
        });
        arrayList.add(buildTopicLevelAcl(str, "*", PatternType.LITERAL, AclOperation.CREATE));
        ResourcePattern resourcePattern = new ResourcePattern(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL);
        arrayList.add(new AclBinding(resourcePattern, new AccessControlEntry(str, "*", AclOperation.DESCRIBE, AclPermissionType.ALLOW)));
        arrayList.add(new AclBinding(resourcePattern, new AccessControlEntry(str, "*", AclOperation.DESCRIBE_CONFIGS, AclPermissionType.ALLOW)));
        return arrayList.stream();
    }

    private Stream<AclBinding> ksqlServerStream(KsqlServerInstance ksqlServerInstance) {
        String principal = ksqlServerInstance.getPrincipal();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AclBinding(new ResourcePattern(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL), new AccessControlEntry(principal, "*", AclOperation.DESCRIBE_CONFIGS, AclPermissionType.ALLOW)));
        arrayList.add(buildTopicLevelAcl(principal, ksqlServerInstance.internalTopics(), PatternType.PREFIXED, AclOperation.ALL));
        arrayList.add(buildTopicLevelAcl(principal, ksqlServerInstance.processingLogTopic(), PatternType.LITERAL, AclOperation.ALL));
        arrayList.add(buildGroupLevelAcl(principal, ksqlServerInstance.consumerGroupPrefix(), PatternType.PREFIXED, AclOperation.ALL));
        return arrayList.stream();
    }

    private Stream<AclBinding> ksqlAppStream(KSqlApp kSqlApp, String str) {
        String principal = kSqlApp.getPrincipal();
        ArrayList arrayList = new ArrayList();
        Optional.ofNullable(kSqlApp.getTopics().get(DynamicUser.READ_TOPICS)).ifPresent(list -> {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(buildTopicLevelAcl(principal, (String) it.next(), PatternType.LITERAL, AclOperation.READ));
            }
        });
        Optional.ofNullable(kSqlApp.getTopics().get(DynamicUser.WRITE_TOPICS)).ifPresent(list2 -> {
            Iterator it = list2.iterator();
            while (it.hasNext()) {
                arrayList.add(buildTopicLevelAcl(principal, (String) it.next(), PatternType.LITERAL, AclOperation.WRITE));
            }
        });
        arrayList.add(buildTopicLevelAcl(principal, str, PatternType.PREFIXED, AclOperation.ALL));
        arrayList.add(buildGroupLevelAcl(principal, str, PatternType.PREFIXED, AclOperation.ALL));
        return arrayList.stream();
    }

    private AclBinding buildTopicLevelAcl(String str, String str2, PatternType patternType, AclOperation aclOperation) {
        return new AclBuilder(str).addResource(ResourceType.TOPIC, str2, patternType).addControlEntry("*", aclOperation, AclPermissionType.ALLOW).build();
    }

    private AclBinding buildTransactionIdLevelAcl(String str, String str2, PatternType patternType, AclOperation aclOperation) {
        return new AclBuilder(str).addResource(ResourceType.TRANSACTIONAL_ID, str2, patternType).addControlEntry("*", aclOperation, AclPermissionType.ALLOW).build();
    }

    private AclBinding buildGroupLevelAcl(String str, String str2, PatternType patternType, AclOperation aclOperation) {
        return new AclBuilder(str).addResource(ResourceType.GROUP, str2, patternType).addControlEntry("*", aclOperation, AclPermissionType.ALLOW).build();
    }

    private boolean isResourcePrefixed(String str) {
        return str.length() > 1 && str.endsWith("*");
    }

    private String evaluateResourcePattern(String str) {
        return isResourcePrefixed(str) ? str.replaceFirst(".$", "") : str;
    }

    private PatternType evaluateResourcePatternType(String str) {
        return isResourcePrefixed(str) ? PatternType.PREFIXED : PatternType.LITERAL;
    }
}
