package com.purbon.kafka.topology.api.mds;

import com.purbon.kafka.topology.Configuration;
import com.purbon.kafka.topology.clients.JulieHttpClient;
import com.purbon.kafka.topology.roles.TopologyAclBinding;
import com.purbon.kafka.topology.roles.rbac.ClusterLevelRoleBuilder;
import com.purbon.kafka.topology.roles.rbac.RBACBindingsBuilder;
import com.purbon.kafka.topology.roles.rbac.RBACPredefinedRoles;
import com.purbon.kafka.topology.utils.JSON;
import io.confluent.security.authorizer.Scope;
import java.io.IOException;
import java.net.http.HttpClient;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.kafka.common.resource.ResourceType;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/purbon/kafka/topology/api/mds/MDSApiClient.class */
public class MDSApiClient extends JulieHttpClient {
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) MDSApiClient.class);
    private AuthenticationCredentials authenticationCredentials;
    private final ClusterIDs clusterIDs;

    public MDSApiClient(String str) throws IOException {
        this(str, Optional.empty());
    }

    public MDSApiClient(String str, Optional<Configuration> optional) throws IOException {
        super(str, optional);
        this.clusterIDs = new ClusterIDs(optional);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.purbon.kafka.topology.clients.JulieHttpClient
    public HttpClient configureHttpOrHttpsClient(Optional<Configuration> optional) throws IOException {
        return optional.isEmpty() ? HttpClient.newBuilder().build() : !optional.get().mdsInsecureAllowed().booleanValue() ? super.configureHttpOrHttpsClient(optional) : trustAllClient();
    }

    private HttpClient trustAllClient() {
        LOGGER.info("MDS running with trust all connections");
        System.getProperties().setProperty("jdk.internal.httpclient.disableHostnameVerification", Boolean.TRUE.toString());
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.purbon.kafka.topology.api.mds.MDSApiClient.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        }};
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        return HttpClient.newBuilder().sslContext(sSLContext).build();
    }

    public AuthenticationCredentials getCredentials() {
        return this.authenticationCredentials;
    }

    public void authenticate() throws IOException {
        try {
            Response doGet = doGet("/security/1.0/authenticate");
            if (doGet.getStatus().intValue() < 200 || doGet.getStatus().intValue() > 204) {
                throw new IOException("MDS Authentication error: " + doGet.getResponseAsString());
            }
            this.authenticationCredentials = new AuthenticationCredentials(doGet.getField("auth_token").toString(), doGet.getField("token_type").toString(), Integer.valueOf(doGet.getField("expires_in").toString()));
        } catch (Exception e) {
            LOGGER.error(e);
            throw new IOException(e);
        }
    }

    public ClusterLevelRoleBuilder bind(String str, String str2) {
        return new ClusterLevelRoleBuilder(str, str2, this);
    }

    public TopologyAclBinding bind(String str, String str2, String str3, String str4) {
        return bind(str, str2, str3, "Topic", str4);
    }

    public TopologyAclBinding bindClusterRole(String str, String str2, RequestScope requestScope) {
        return bindClusterRole(str, ResourceType.CLUSTER.name(), Scope.CLUSTER_BINDING_SCOPE, str2, requestScope);
    }

    public TopologyAclBinding bindClusterRole(String str, String str2, String str3, String str4, RequestScope requestScope) {
        return bindClusterRole(str, str2, str3, str4, requestScope, RBACBindingsBuilder.LITERAL);
    }

    public TopologyAclBinding bindClusterRole(String str, String str2, String str3, String str4, RequestScope requestScope, String str5) {
        TopologyAclBinding topologyAclBinding = new TopologyAclBinding(str2, str3, "*", str4, str, str5);
        topologyAclBinding.setScope(requestScope);
        return topologyAclBinding;
    }

    private boolean isBindingWithResources(TopologyAclBinding topologyAclBinding) {
        return !topologyAclBinding.getScope().getResources().isEmpty();
    }

    MDSRequest buildRequest(TopologyAclBinding topologyAclBinding) {
        String clustersAsJson;
        String str = topologyAclBinding.getPrincipal() + "/roles/" + topologyAclBinding.getOperation();
        if (!isBindingWithResources(topologyAclBinding) || RBACPredefinedRoles.isClusterScopedRole(topologyAclBinding.getOperation())) {
            clustersAsJson = topologyAclBinding.getScope().clustersAsJson();
        } else {
            str = str + "/bindings";
            clustersAsJson = topologyAclBinding.getScope().asJson();
        }
        LOGGER.debug("bind.entity: " + clustersAsJson);
        return new MDSRequest(str, clustersAsJson);
    }

    public void bindRequest(TopologyAclBinding topologyAclBinding) throws IOException {
        MDSRequest buildRequest = buildRequest(topologyAclBinding);
        try {
            LOGGER.debug("bind.entity: " + buildRequest.getJsonEntity());
            doPost("/security/1.0/principals/" + buildRequest.getUrl(), buildRequest.getJsonEntity());
        } catch (IOException e) {
            LOGGER.error(e);
            throw e;
        }
    }

    public TopologyAclBinding bind(String str, String str2, String str3, String str4, String str5) {
        RequestScope requestScope = new RequestScope();
        requestScope.setClusters(this.clusterIDs.getKafkaClusterIds());
        requestScope.addResource(str4, str3, str5);
        requestScope.build();
        return bind(str, str2, requestScope);
    }

    private TopologyAclBinding bind(String str, String str2, RequestScope requestScope) {
        ResourceType fromString = ResourceType.fromString(requestScope.getResource(0).get(RequestScope.RESOURCE_TYPE));
        TopologyAclBinding topologyAclBinding = new TopologyAclBinding(fromString.name(), requestScope.getResource(0).get("name"), "*", str2, str, requestScope.getResource(0).get(RequestScope.RESOURCE_PATTERN_TYPE));
        topologyAclBinding.setScope(requestScope);
        return topologyAclBinding;
    }

    public void deleteRole(String str, String str2, RequestScope requestScope) {
        try {
            doDelete("/security/1.0/principals/" + str + "/roles/" + str2 + "/bindings", requestScope.asJson());
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    public List<String> lookupKafkaPrincipalsByRoleForKafka(String str) {
        return lookupKafkaPrincipalsByRole(str, this.clusterIDs.forKafka().asMap());
    }

    public List<String> lookupKafkaPrincipalsByRoleForConnect(String str) {
        return lookupKafkaPrincipalsByRole(str, this.clusterIDs.forKafka().forKafkaConnect().asMap());
    }

    public List<String> lookupKafkaPrincipalsByRoleForSchemaRegistry(String str) {
        return lookupKafkaPrincipalsByRole(str, this.clusterIDs.forKafka().forSchemaRegistry().asMap());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public List<String> lookupKafkaPrincipalsByRole(String str, Map<String, Map<String, String>> map) {
        List arrayList = new ArrayList();
        try {
            String doPost = doPost("/security/1.0/lookup/role/" + str, JSON.asString((Map) map));
            if (!doPost.isEmpty()) {
                arrayList = JSON.toArray(doPost);
            }
        } catch (IOException e) {
            LOGGER.error(e);
        }
        return arrayList;
    }

    public List<String> lookupRoles(String str) {
        return lookupRoles(str, this.clusterIDs.getKafkaClusterIds());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public List<String> lookupRoles(String str, Map<String, Map<String, String>> map) {
        List arrayList = new ArrayList();
        try {
            String doPost = doPost("/security/1.0/lookup/principals/" + str + "/roleNames", JSON.asString((Map) map));
            if (!doPost.isEmpty()) {
                arrayList = JSON.toArray(doPost);
            }
        } catch (IOException e) {
            LOGGER.error(e);
        }
        return arrayList;
    }

    public List<RbacResourceType> lookupResourcesForKafka(String str, String str2) {
        return lookupResources(str, str2, this.clusterIDs.forKafka().asMap());
    }

    public List<RbacResourceType> lookupResourcesForConnect(String str, String str2) {
        return lookupResources(str, str2, this.clusterIDs.forKafka().forKafkaConnect().asMap());
    }

    public List<RbacResourceType> lookupResourcesForSchemaRegistry(String str, String str2) {
        return lookupResources(str, str2, this.clusterIDs.forKafka().forSchemaRegistry().asMap());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v11, types: [java.util.List] */
    public List<RbacResourceType> lookupResources(String str, String str2, Map<String, Map<String, String>> map) {
        ArrayList arrayList = new ArrayList();
        try {
            String doPost = doPost("/security/1.0/principals/" + str + "/roles/" + str2 + "/resources", JSON.asString((Map) map));
            if (!doPost.isEmpty()) {
                arrayList = (List) JSON.toObjectList(doPost, RbacResourceType.class);
            }
        } catch (IOException e) {
            LOGGER.error(e);
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v11, types: [java.util.List] */
    public List<String> getRoleNames() {
        ArrayList arrayList = new ArrayList();
        try {
            arrayList = Arrays.asList((String[]) JSON.toObject(doGet("/security/1.0/roleNames").getResponseAsString(), String[].class));
        } catch (IOException e) {
            LOGGER.error(e);
        }
        return arrayList;
    }

    public void setKafkaClusterId(String str) {
        this.clusterIDs.setKafkaClusterId(str);
    }

    public void setConnectClusterID(String str) {
        this.clusterIDs.setConnectClusterID(str);
    }

    public void setSchemaRegistryClusterID(String str) {
        this.clusterIDs.setSchemaRegistryClusterID(str);
    }

    public void setKSqlClusterID(String str) {
        this.clusterIDs.setKsqlClusterID(str);
    }

    public ClusterIDs withClusterIDs() {
        return this.clusterIDs.m1462clone().clear();
    }
}
