package org.apache.kafka.security.authorizer;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.kafka.common.acl.AccessControlEntry;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.protocol.Errors;
import org.apache.kafka.common.resource.ResourceType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.utils.SecurityUtils;
import org.apache.kafka.common.utils.Utils;
import org.apache.kafka.server.config.ShareGroupConfig;
import org.apache.kafka.server.metrics.MetricConfigs;
import org.apache.kafka.server.util.Json;
import org.apache.kafka.server.util.json.DecodeJson;
import org.apache.kafka.server.util.json.JsonObject;
import org.apache.kafka.server.util.json.JsonValue;

/* loaded from: input_file:org/apache/kafka/security/authorizer/AclEntry.class */
public class AclEntry extends AccessControlEntry {
    public static final String WILDCARD_HOST = "*";
    public static final String WILDCARD_RESOURCE = "*";
    public static final String RESOURCE_SEPARATOR = ":";
    private static final String PRINCIPAL_KEY = "principal";
    private static final String PERMISSION_TYPE_KEY = "permissionType";
    private static final String OPERATION_KEY = "operation";
    private static final String HOSTS_KEY = "host";
    public static final String VERSION_KEY = "version";
    public static final int CURRENT_VERSION = 1;
    private static final String ACLS_KEY = "acls";
    public final AccessControlEntry ace;
    public final KafkaPrincipal kafkaPrincipal;
    private static final DecodeJson.DecodeInteger INT = new DecodeJson.DecodeInteger();
    private static final DecodeJson.DecodeString STRING = new DecodeJson.DecodeString();
    public static final KafkaPrincipal WILDCARD_PRINCIPAL = new KafkaPrincipal("User", "*");
    public static final String WILDCARD_PRINCIPAL_STRING = WILDCARD_PRINCIPAL.toString();
    public static final Set<ResourceType> RESOURCE_TYPES = (Set) Arrays.stream(ResourceType.values()).filter(resourceType -> {
        return (resourceType == ResourceType.UNKNOWN || resourceType == ResourceType.ANY) ? false : true;
    }).collect(Collectors.toSet());
    public static final Set<AclOperation> ACL_OPERATIONS = (Set) Arrays.stream(AclOperation.values()).filter(aclOperation -> {
        return (aclOperation == AclOperation.UNKNOWN || aclOperation == AclOperation.ANY) ? false : true;
    }).collect(Collectors.toSet());

    /* renamed from: org.apache.kafka.security.authorizer.AclEntry$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/kafka/security/authorizer/AclEntry$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$kafka$common$resource$ResourceType = new int[ResourceType.values().length];

        static {
            try {
                $SwitchMap$org$apache$kafka$common$resource$ResourceType[ResourceType.TOPIC.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$kafka$common$resource$ResourceType[ResourceType.GROUP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$kafka$common$resource$ResourceType[ResourceType.CLUSTER.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$kafka$common$resource$ResourceType[ResourceType.TRANSACTIONAL_ID.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$kafka$common$resource$ResourceType[ResourceType.DELEGATION_TOKEN.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$kafka$common$resource$ResourceType[ResourceType.USER.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    public AclEntry(AccessControlEntry accessControlEntry) {
        super(accessControlEntry.principal(), accessControlEntry.host(), accessControlEntry.operation(), accessControlEntry.permissionType());
        this.ace = accessControlEntry;
        this.kafkaPrincipal = accessControlEntry.principal() == null ? null : SecurityUtils.parseKafkaPrincipal(accessControlEntry.principal());
    }

    public static Set<AclEntry> fromBytes(byte[] bArr) throws IOException {
        if (bArr == null || bArr.length == 0) {
            return Collections.emptySet();
        }
        Optional parseBytes = Json.parseBytes(bArr);
        if (!parseBytes.isPresent()) {
            return Collections.emptySet();
        }
        JsonObject asJsonObject = ((JsonValue) parseBytes.get()).asJsonObject();
        Utils.require(((Integer) asJsonObject.apply(VERSION_KEY).to(INT)).intValue() == 1);
        HashSet hashSet = new HashSet();
        Iterator it = asJsonObject.apply(ACLS_KEY).asJsonArray().iterator();
        while (it.hasNext()) {
            JsonObject asJsonObject2 = ((JsonValue) it.next()).asJsonObject();
            KafkaPrincipal parseKafkaPrincipal = SecurityUtils.parseKafkaPrincipal((String) asJsonObject2.apply(PRINCIPAL_KEY).to(STRING));
            hashSet.add(new AclEntry(new AccessControlEntry(parseKafkaPrincipal.toString(), (String) asJsonObject2.apply(HOSTS_KEY).to(STRING), SecurityUtils.operation((String) asJsonObject2.apply(OPERATION_KEY).to(STRING)), SecurityUtils.permissionType((String) asJsonObject2.apply(PERMISSION_TYPE_KEY).to(STRING)))));
        }
        return hashSet;
    }

    public static Map<String, Object> toJsonCompatibleMap(Set<AclEntry> set) {
        HashMap hashMap = new HashMap();
        hashMap.put(VERSION_KEY, 1);
        hashMap.put(ACLS_KEY, set.stream().map((v0) -> {
            return v0.toMap();
        }).collect(Collectors.toList()));
        return hashMap;
    }

    public static Set<AclOperation> supportedOperations(ResourceType resourceType) {
        switch (AnonymousClass1.$SwitchMap$org$apache$kafka$common$resource$ResourceType[resourceType.ordinal()]) {
            case 1:
                return new HashSet(Arrays.asList(AclOperation.READ, AclOperation.WRITE, AclOperation.CREATE, AclOperation.DESCRIBE, AclOperation.DELETE, AclOperation.ALTER, AclOperation.DESCRIBE_CONFIGS, AclOperation.ALTER_CONFIGS));
            case MetricConfigs.METRIC_NUM_SAMPLES_DEFAULT /* 2 */:
                return new HashSet(Arrays.asList(AclOperation.READ, AclOperation.DESCRIBE, AclOperation.DELETE));
            case 3:
                return new HashSet(Arrays.asList(AclOperation.CREATE, AclOperation.CLUSTER_ACTION, AclOperation.DESCRIBE_CONFIGS, AclOperation.ALTER_CONFIGS, AclOperation.IDEMPOTENT_WRITE, AclOperation.ALTER, AclOperation.DESCRIBE));
            case 4:
                return new HashSet(Arrays.asList(AclOperation.DESCRIBE, AclOperation.WRITE));
            case ShareGroupConfig.SHARE_GROUP_DELIVERY_COUNT_LIMIT_DEFAULT /* 5 */:
                return Collections.singleton(AclOperation.DESCRIBE);
            case 6:
                return new HashSet(Arrays.asList(AclOperation.CREATE_TOKENS, AclOperation.DESCRIBE_TOKENS));
            default:
                throw new IllegalArgumentException("Not a concrete resource type");
        }
    }

    public static Errors authorizationError(ResourceType resourceType) {
        switch (AnonymousClass1.$SwitchMap$org$apache$kafka$common$resource$ResourceType[resourceType.ordinal()]) {
            case 1:
                return Errors.TOPIC_AUTHORIZATION_FAILED;
            case MetricConfigs.METRIC_NUM_SAMPLES_DEFAULT /* 2 */:
                return Errors.GROUP_AUTHORIZATION_FAILED;
            case 3:
                return Errors.CLUSTER_AUTHORIZATION_FAILED;
            case 4:
                return Errors.TRANSACTIONAL_ID_AUTHORIZATION_FAILED;
            case ShareGroupConfig.SHARE_GROUP_DELIVERY_COUNT_LIMIT_DEFAULT /* 5 */:
                return Errors.DELEGATION_TOKEN_AUTHORIZATION_FAILED;
            default:
                throw new IllegalArgumentException("Authorization error type not known");
        }
    }

    public Map<String, Object> toMap() {
        HashMap hashMap = new HashMap();
        hashMap.put(PRINCIPAL_KEY, principal());
        hashMap.put(PERMISSION_TYPE_KEY, SecurityUtils.permissionTypeName(permissionType()));
        hashMap.put(OPERATION_KEY, SecurityUtils.operationName(operation()));
        hashMap.put(HOSTS_KEY, host());
        return hashMap;
    }

    public int hashCode() {
        return this.ace.hashCode();
    }

    public boolean equals(Object obj) {
        return super.equals(obj);
    }

    public String toString() {
        return String.format("%s has %s permission for operations: %s from hosts: %s", principal(), permissionType().name(), operation(), host());
    }
}
