package com.purbon.kafka.topology.roles.rbac;

import com.purbon.kafka.topology.BindingsBuilderProvider;
import com.purbon.kafka.topology.api.mds.ClusterIDs;
import com.purbon.kafka.topology.api.mds.MDSApiClient;
import com.purbon.kafka.topology.model.Component;
import com.purbon.kafka.topology.model.DynamicUser;
import com.purbon.kafka.topology.model.JulieRoleAcl;
import com.purbon.kafka.topology.model.users.Connector;
import com.purbon.kafka.topology.model.users.Consumer;
import com.purbon.kafka.topology.model.users.KSqlApp;
import com.purbon.kafka.topology.model.users.Other;
import com.purbon.kafka.topology.model.users.Producer;
import com.purbon.kafka.topology.model.users.platform.KsqlServerInstance;
import com.purbon.kafka.topology.model.users.platform.SchemaRegistryInstance;
import com.purbon.kafka.topology.roles.TopologyAclBinding;
import io.confluent.security.authorizer.AccessRule;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.kafka.common.resource.PatternType;

/* loaded from: input_file:com/purbon/kafka/topology/roles/rbac/RBACBindingsBuilder.class */
public class RBACBindingsBuilder implements BindingsBuilderProvider {
    public static final String LITERAL = "LITERAL";
    public static final String PREFIX = "PREFIXED";
    private final MDSApiClient apiClient;

    public RBACBindingsBuilder(MDSApiClient mDSApiClient) {
        this.apiClient = mDSApiClient;
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> buildBindingsForConnect(Connector connector, String str) {
        String principal = connector.getPrincipal();
        List<String> list = connector.getTopics().get(DynamicUser.READ_TOPICS);
        List<String> list2 = connector.getTopics().get(DynamicUser.WRITE_TOPICS);
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.apiClient.bind(principal, RBACPredefinedRoles.SECURITY_ADMIN).forKafkaConnect(connector).apply());
        arrayList.add(this.apiClient.bind(principal, RBACPredefinedRoles.DEVELOPER_READ, str, PREFIX));
        if (list != null && !list.isEmpty()) {
            list.forEach(str2 -> {
                arrayList.add(this.apiClient.bind(principal, RBACPredefinedRoles.DEVELOPER_READ, str2, LITERAL));
            });
        }
        if (list2 != null && !list2.isEmpty()) {
            list2.forEach(str3 -> {
                arrayList.add(this.apiClient.bind(principal, RBACPredefinedRoles.DEVELOPER_WRITE, str3, LITERAL));
            });
        }
        Arrays.asList("Topic:" + connector.configsTopicString(), "Topic:" + connector.offsetTopicString(), "Topic:" + connector.statusTopicString(), "Group:" + connector.groupString(), "Group:secret-registry", "Topic:_confluent-secrets").forEach(str4 -> {
            String[] split = str4.split(":");
            arrayList.add(this.apiClient.bind(principal, RBACPredefinedRoles.RESOURCE_OWNER, split[1], split[0], LITERAL));
        });
        return arrayList;
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> buildBindingsForStreamsApp(String str, String str2, List<String> list, List<String> list2, boolean z) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.apiClient.bind(str, RBACPredefinedRoles.DEVELOPER_READ, str2, PREFIX));
        list.forEach(str3 -> {
            arrayList.add(this.apiClient.bind(str, RBACPredefinedRoles.DEVELOPER_READ, str3, LITERAL));
        });
        list2.forEach(str4 -> {
            arrayList.add(this.apiClient.bind(str, RBACPredefinedRoles.DEVELOPER_WRITE, str4, LITERAL));
        });
        if (z) {
            arrayList.add(this.apiClient.bind(str, RBACPredefinedRoles.DEVELOPER_WRITE, str2, "TransactionalId", PREFIX));
        }
        arrayList.add(this.apiClient.bind(str, RBACPredefinedRoles.RESOURCE_OWNER, str2, PREFIX));
        arrayList.add(this.apiClient.bind(str, RBACPredefinedRoles.RESOURCE_OWNER, str2, AccessRule.GROUP_PRINCIPAL_TYPE, PREFIX));
        return arrayList;
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> buildBindingsForConsumers(Collection<Consumer> collection, String str, boolean z) {
        String str2 = z ? PREFIX : LITERAL;
        ArrayList arrayList = new ArrayList();
        collection.forEach(consumer -> {
            arrayList.add(this.apiClient.bind(consumer.getPrincipal(), RBACPredefinedRoles.DEVELOPER_READ, str, str2));
            arrayList.add(this.apiClient.bind(consumer.getPrincipal(), RBACPredefinedRoles.RESOURCE_OWNER, evaluateResourcePattern(consumer.groupString()), AccessRule.GROUP_PRINCIPAL_TYPE, evaluateResourcePatternType(consumer.groupString())));
        });
        return arrayList;
    }

    private boolean isResourcePrefixed(String str) {
        return str.length() > 1 && str.endsWith("*");
    }

    private String evaluateResourcePattern(String str) {
        return isResourcePrefixed(str) ? str.replaceFirst(".$", "") : str;
    }

    private String evaluateResourcePatternType(String str) {
        return isResourcePrefixed(str) ? PREFIX : LITERAL;
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> buildBindingsForProducers(Collection<Producer> collection, String str, boolean z) {
        String str2 = z ? PREFIX : LITERAL;
        ArrayList arrayList = new ArrayList();
        collection.forEach(producer -> {
            arrayList.add(this.apiClient.bind(producer.getPrincipal(), RBACPredefinedRoles.DEVELOPER_WRITE, str, str2));
            if (producer.isIdempotent()) {
                arrayList.add(this.apiClient.bind(producer.getPrincipal(), RBACPredefinedRoles.DEVELOPER_WRITE, "kafka-cluster", "Cluster", LITERAL));
            }
            if (producer.hasTransactionId()) {
                arrayList.add(this.apiClient.bind(producer.getPrincipal(), RBACPredefinedRoles.DEVELOPER_WRITE, producer.getTransactionId().get(), "TransactionalId", LITERAL));
            }
        });
        return arrayList;
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public TopologyAclBinding setPredefinedRole(String str, String str2, String str3) {
        return this.apiClient.bind(str, str2, str3, PREFIX);
    }

    public String toString() {
        return super.toString();
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> buildBindingsForSchemaRegistry(SchemaRegistryInstance schemaRegistryInstance) {
        String principal = schemaRegistryInstance.getPrincipal();
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.apiClient.bind(principal, RBACPredefinedRoles.RESOURCE_OWNER, schemaRegistryInstance.topicString(), LITERAL));
        arrayList.add(this.apiClient.bind(principal, RBACPredefinedRoles.RESOURCE_OWNER, schemaRegistryInstance.groupString(), AccessRule.GROUP_PRINCIPAL_TYPE, LITERAL));
        arrayList.add(this.apiClient.bind(principal, RBACPredefinedRoles.SECURITY_ADMIN).forSchemaRegistry().apply());
        return arrayList;
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> buildBindingsForControlCenter(String str, String str2) {
        return Collections.singletonList(this.apiClient.bind(str, RBACPredefinedRoles.SYSTEM_ADMIN).forControlCenter().apply());
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public Collection<TopologyAclBinding> buildBindingsForKSqlServer(KsqlServerInstance ksqlServerInstance) {
        ArrayList arrayList = new ArrayList();
        String ksqlDbId = ksqlServerInstance.getKsqlDbId();
        arrayList.add(this.apiClient.bind(ksqlServerInstance.getOwner(), RBACPredefinedRoles.RESOURCE_OWNER).forKSqlServer(ksqlDbId).apply());
        arrayList.add(this.apiClient.bind(ksqlServerInstance.getOwner(), RBACPredefinedRoles.SECURITY_ADMIN).forKSqlServer(ksqlDbId).apply());
        arrayList.add(this.apiClient.bind(ksqlServerInstance.getPrincipal(), RBACPredefinedRoles.RESOURCE_OWNER).forKSqlServer(ksqlDbId).apply());
        Iterator it = Arrays.asList(ksqlServerInstance.commandTopic(), ksqlServerInstance.processingLogTopic(), ksqlServerInstance.consumerGroupPrefix()).iterator();
        while (it.hasNext()) {
            arrayList.add(this.apiClient.bind(ksqlServerInstance.getPrincipal(), RBACPredefinedRoles.RESOURCE_OWNER, (String) it.next(), LITERAL));
        }
        arrayList.add(this.apiClient.bind(ksqlServerInstance.getPrincipal(), RBACPredefinedRoles.RESOURCE_OWNER, String.format("_confluent-ksql-%stransient", ksqlDbId), "Topic", PREFIX));
        arrayList.add(this.apiClient.bind(ksqlServerInstance.getPrincipal(), RBACPredefinedRoles.DEVELOPER_WRITE, ksqlServerInstance.TransactionId(), LITERAL));
        arrayList.add(this.apiClient.bind(ksqlServerInstance.getPrincipal(), RBACPredefinedRoles.DEVELOPER_WRITE, "Cluster:kafka-cluster", LITERAL));
        this.apiClient.bind(ksqlServerInstance.getPrincipal(), RBACPredefinedRoles.RESOURCE_OWNER).forSchemaSubject(String.format("_confluent-ksql-%s", ksqlDbId), PREFIX).apply();
        return arrayList;
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public Collection<TopologyAclBinding> buildBindingsForKSqlApp(KSqlApp kSqlApp, String str) {
        ArrayList arrayList = new ArrayList();
        String ksqlDbId = kSqlApp.getKsqlDbId();
        arrayList.add(this.apiClient.bind(kSqlApp.getPrincipal(), RBACPredefinedRoles.DEVELOPER_WRITE).forKSqlServer(ksqlDbId).apply("KsqlCluster", "ksql-cluster"));
        arrayList.add(this.apiClient.bind(kSqlApp.getPrincipal(), RBACPredefinedRoles.DEVELOPER_READ, String.format("_confluent-ksql-%s", ksqlDbId), AccessRule.GROUP_PRINCIPAL_TYPE, PREFIX));
        arrayList.add(this.apiClient.bind(kSqlApp.getPrincipal(), RBACPredefinedRoles.DEVELOPER_READ, String.format("%sksql_processing_log", ksqlDbId), "Topic", LITERAL));
        Optional ofNullable = Optional.ofNullable(kSqlApp.getTopics().get(DynamicUser.READ_TOPICS));
        ofNullable.ifPresent(list -> {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(this.apiClient.bind(kSqlApp.getPrincipal(), RBACPredefinedRoles.DEVELOPER_READ, (String) it.next(), LITERAL));
            }
        });
        Optional ofNullable2 = Optional.ofNullable(kSqlApp.getTopics().get(DynamicUser.WRITE_TOPICS));
        ofNullable2.ifPresent(list2 -> {
            Iterator it = list2.iterator();
            while (it.hasNext()) {
                arrayList.add(this.apiClient.bind(kSqlApp.getPrincipal(), RBACPredefinedRoles.DEVELOPER_WRITE, (String) it.next(), LITERAL));
            }
        });
        ((List) ofNullable.stream().flatMap((v0) -> {
            return v0.stream();
        }).map(str2 -> {
            return String.format("%s-value", str2);
        }).collect(Collectors.toList())).stream().map(str3 -> {
            return this.apiClient.bind(kSqlApp.getPrincipal(), RBACPredefinedRoles.DEVELOPER_READ).forSchemaSubject(str3).apply("Subject", str3);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
        Stream filter = ((List) ofNullable2.stream().flatMap(list3 -> {
            return list3.stream();
        }).map(str4 -> {
            return String.format("%s-value", str4);
        }).collect(Collectors.toList())).stream().map(str5 -> {
            return this.apiClient.bind(kSqlApp.getPrincipal(), RBACPredefinedRoles.RESOURCE_OWNER).forSchemaSubject(str5).apply("Subject", str5);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        });
        Objects.requireNonNull(arrayList);
        filter.forEach((v1) -> {
            r1.add(v1);
        });
        arrayList.add(this.apiClient.bind(kSqlApp.getPrincipal(), RBACPredefinedRoles.RESOURCE_OWNER, String.format("_confluent-ksql-%stransient", ksqlDbId), "Topic", PREFIX));
        return arrayList;
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public Collection<TopologyAclBinding> buildBindingsForJulieRole(Other other, String str, List<JulieRoleAcl> list) {
        return (Collection) list.stream().map(julieRoleAcl -> {
            return julieRoleToBinding(other, julieRoleAcl);
        }).collect(Collectors.toList());
    }

    private TopologyAclBinding julieRoleToBinding(Other other, JulieRoleAcl julieRoleAcl) {
        String resourceType = julieRoleAcl.getResourceType();
        if (resourceType.equalsIgnoreCase("Subject")) {
            String trim = julieRoleAcl.getResourceName().replaceFirst("Subject:", "").trim();
            return this.apiClient.bind(other.getPrincipal(), julieRoleAcl.getRole()).forSchemaSubject(trim, julieRoleAcl.getPatternType()).apply("Subject", trim, julieRoleAcl.getPatternType());
        }
        if (resourceType.equalsIgnoreCase("Connector")) {
            String trim2 = julieRoleAcl.getResourceName().replaceFirst("Connector:", "").trim();
            return this.apiClient.bind(other.getPrincipal(), julieRoleAcl.getRole()).forAKafkaConnector(trim2, julieRoleAcl.getPatternType()).apply(julieRoleAcl.getResourceType(), trim2, julieRoleAcl.getPatternType());
        }
        if (resourceType.equalsIgnoreCase("KsqlCluster")) {
            String str = this.apiClient.withClusterIDs().forKsql().asMap().get("clusters").get(ClusterIDs.KSQL_CLUSTER_ID_LABEL);
            return this.apiClient.bind(other.getPrincipal(), julieRoleAcl.getRole()).forKSqlServer(str).apply(julieRoleAcl.getResourceType(), julieRoleAcl.getResourceName().replaceFirst("KsqlCluster:", "").trim());
        }
        String resourceName = julieRoleAcl.getResourceName();
        if (resourceName.contains(":")) {
            resourceName = resourceName.substring(resourceName.indexOf(":") + 1);
        }
        return this.apiClient.bind(other.getPrincipal(), julieRoleAcl.getRole(), resourceName, julieRoleAcl.getResourceType(), julieRoleAcl.getPatternType());
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> setClusterLevelRole(String str, String str2, Component component) throws IOException {
        TopologyAclBinding apply;
        ClusterLevelRoleBuilder bind = this.apiClient.bind(str2, str);
        switch (component) {
            case KAFKA:
                apply = bind.forKafka().apply();
                break;
            case SCHEMA_REGISTRY:
                apply = bind.forSchemaRegistry().apply();
                break;
            case KAFKA_CONNECT:
                apply = bind.forKafkaConnect().apply();
                break;
            default:
                throw new IOException("Non valid component selected");
        }
        return Collections.singletonList(apply);
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> setSchemaAuthorization(String str, List<String> list, String str2, boolean z, Boolean bool, String str3) {
        return bool.booleanValue() ? setDetailedSchemaAuthorization(str, str2, str3) : setOptimizedSchemaAuthorization(str, list, str2, z);
    }

    private List<TopologyAclBinding> setDetailedSchemaAuthorization(String str, String str2, String str3) {
        return List.of(this.apiClient.bind(str, str2).forSchemaSubject(str3, PatternType.PREFIXED.name()).apply("SUBJECT", str3, PatternType.PREFIXED.name()));
    }

    private List<TopologyAclBinding> setOptimizedSchemaAuthorization(String str, List<String> list, String str2, boolean z) {
        String name = z ? PatternType.PREFIXED.name() : PatternType.LITERAL.name();
        return (List) list.stream().map(str3 -> {
            return this.apiClient.bind(str, str2).forSchemaSubject(str3, name).apply("Subject", str3);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }

    @Override // com.purbon.kafka.topology.BindingsBuilderProvider
    public List<TopologyAclBinding> setConnectorAuthorization(String str, List<String> list) {
        return (List) list.stream().map(str2 -> {
            return this.apiClient.bind(str, RBACPredefinedRoles.RESOURCE_OWNER).forAKafkaConnector(str2).apply("Connector", str2);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }
}
