package kafka.security;

import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Optional;
import java.util.Properties;
import java.util.stream.Collectors;
import kafka.utils.TestUtils;
import org.apache.kafka.clients.admin.ScramMechanism;
import org.apache.kafka.common.network.ConnectionMode;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.utils.Java;
import org.apache.kafka.test.TestSslUtils;

/* loaded from: input_file:kafka/security/JaasTestUtils.class */
public class JaasTestUtils {
    private static final boolean IS_IBM_SECURITY;
    public static final String KAFKA_SERVER_CONTEXT_NAME = "KafkaServer";
    public static final String KAFKA_SERVER_PRINCIPAL_UNQUALIFIED_NAME = "kafka";
    private static final String KAFKA_SERVER_PRINCIPAL = "kafka/localhost@EXAMPLE.COM";
    public static final String KAFKA_CLIENT_CONTEXT_NAME = "KafkaClient";
    public static final String KAFKA_CLIENT_PRINCIPAL_UNQUALIFIED_NAME = "client";
    private static final String KAFKA_CLIENT_PRINCIPAL = "client@EXAMPLE.COM";
    public static final String KAFKA_CLIENT_PRINCIPAL_UNQUALIFIED_NAME_2 = "client2";
    private static final String KAFKA_CLIENT_PRINCIPAL_2 = "client2@EXAMPLE.COM";
    public static final String KAFKA_PLAIN_USER = "plain-user";
    private static final String KAFKA_PLAIN_PASSWORD = "plain-user-secret";
    public static final String KAFKA_PLAIN_USER_2 = "plain-user2";
    public static final String KAFKA_PLAIN_PASSWORD_2 = "plain-user2-secret";
    public static final String KAFKA_PLAIN_ADMIN = "plain-admin";
    private static final String KAFKA_PLAIN_ADMIN_PASSWORD = "plain-admin-secret";
    public static final String KAFKA_SCRAM_USER = "scram-user";
    public static final String KAFKA_SCRAM_PASSWORD = "scram-user-secret";
    public static final String KAFKA_SCRAM_USER_2 = "scram-user2";
    public static final String KAFKA_SCRAM_PASSWORD_2 = "scram-user2-secret";
    public static final String KAFKA_SCRAM_ADMIN = "scram-admin";
    public static final String KAFKA_SCRAM_ADMIN_PASSWORD = "scram-admin-secret";
    public static final String KAFKA_OAUTH_BEARER_USER = "oauthbearer-user";
    public static final String KAFKA_OAUTH_BEARER_USER_2 = "oauthbearer-user2";
    public static final String KAFKA_OAUTH_BEARER_ADMIN = "oauthbearer-admin";
    public static final String SERVICE_NAME = "kafka";
    public static final String SSL_CERTIFICATE_CN = "localhost";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: kafka.security.JaasTestUtils$1, reason: invalid class name */
    /* loaded from: input_file:kafka/security/JaasTestUtils$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$kafka$common$security$auth$SecurityProtocol = new int[SecurityProtocol.values().length];

        static {
            try {
                $SwitchMap$org$apache$kafka$common$security$auth$SecurityProtocol[SecurityProtocol.SSL.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$kafka$common$security$auth$SecurityProtocol[SecurityProtocol.SASL_SSL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$kafka$common$security$auth$SecurityProtocol[SecurityProtocol.SASL_PLAINTEXT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:kafka/security/JaasTestUtils$JaasSection.class */
    public static class JaasSection {
        private final String contextName;
        private final List<JaasModule> modules;

        public JaasSection(String str, List<JaasModule> list) {
            this.contextName = str;
            this.modules = list;
        }

        public List<JaasModule> getModules() {
            return this.modules;
        }

        public String getContextName() {
            return this.contextName;
        }

        public String toString() {
            return String.format("%s {\n  %s\n};\n", this.contextName, this.modules.stream().map((v0) -> {
                return v0.toString();
            }).collect(Collectors.joining("\n  ")));
        }
    }

    public static Properties saslConfigs(Optional<Properties> optional) {
        Properties orElse = optional.orElse(new Properties());
        if (IS_IBM_SECURITY && !orElse.containsKey("sasl.kerberos.service.name")) {
            orElse.put("sasl.kerberos.service.name", "kafka");
        }
        return orElse;
    }

    public static File writeJaasContextsToFile(List<JaasSection> list) throws IOException {
        File tempFile = TestUtils.tempFile();
        writeToFile(tempFile, list);
        return tempFile;
    }

    public static String scramClientLoginModule(String str, String str2, String str3) {
        if (ScramMechanism.fromMechanismName(str) == ScramMechanism.UNKNOWN) {
            throw new IllegalArgumentException("Unsupported SCRAM mechanism " + str);
        }
        return JaasModule.scramLoginModule(str2, str3, false, new HashMap()).toString();
    }

    public static String clientLoginModule(String str, Optional<File> optional, String str2) {
        return kafkaClientModule(str, optional, KAFKA_CLIENT_PRINCIPAL, KAFKA_PLAIN_USER, KAFKA_PLAIN_PASSWORD, KAFKA_SCRAM_USER, KAFKA_SCRAM_PASSWORD, KAFKA_OAUTH_BEARER_USER, str2).toString();
    }

    public static String clientLoginModule(String str, Optional<File> optional) {
        return clientLoginModule(str, optional, "kafka");
    }

    public static String adminLoginModule(String str, Optional<File> optional, String str2) {
        return kafkaClientModule(str, optional, KAFKA_SERVER_PRINCIPAL, KAFKA_PLAIN_ADMIN, KAFKA_PLAIN_ADMIN_PASSWORD, KAFKA_SCRAM_ADMIN, KAFKA_SCRAM_ADMIN_PASSWORD, KAFKA_OAUTH_BEARER_ADMIN, str2).toString();
    }

    public static String adminLoginModule(String str, Optional<File> optional) {
        return adminLoginModule(str, optional, "kafka");
    }

    public static String tokenClientLoginModule(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("tokenauth", "true");
        return JaasModule.scramLoginModule(str, str2, false, hashMap).toString();
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x00c5 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:21:0x0106 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:24:0x0116 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:33:0x009c A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static kafka.security.JaasTestUtils.JaasSection kafkaServerSection(java.lang.String r9, java.util.List<java.lang.String> r10, java.util.Optional<java.io.File> r11) {
        /*
            Method dump skipped, instructions count: 342
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: kafka.security.JaasTestUtils.kafkaServerSection(java.lang.String, java.util.List, java.util.Optional):kafka.security.JaasTestUtils$JaasSection");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static JaasModule kafkaClientModule(String str, Optional<File> optional, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1625286504:
                if (str.equals("OAUTHBEARER")) {
                    z = 2;
                    break;
                }
                break;
            case 76210602:
                if (str.equals("PLAIN")) {
                    z = true;
                    break;
                }
                break;
            case 2111859635:
                if (str.equals("GSSAPI")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return JaasModule.krb5LoginModule(true, true, optional.orElseThrow(() -> {
                    return new IllegalArgumentException("Keytab location not specified for GSSAPI");
                }).getAbsolutePath(), str2, true, Optional.of(str8), IS_IBM_SECURITY);
            case true:
                return JaasModule.plainLoginModule(str3, str4, false, new HashMap());
            case true:
                return JaasModule.oAuthBearerLoginModule(str7, false);
            default:
                if (ScramMechanism.fromMechanismName(str) != ScramMechanism.UNKNOWN) {
                    return JaasModule.scramLoginModule(str5, str6, false, new HashMap());
                }
                throw new IllegalArgumentException("Unsupported client mechanism " + str);
        }
    }

    public static JaasSection kafkaClientSection(Optional<String> optional, Optional<File> optional2) {
        return new JaasSection(KAFKA_CLIENT_CONTEXT_NAME, (List) optional.map(str -> {
            return kafkaClientModule(str, optional2, KAFKA_CLIENT_PRINCIPAL_2, KAFKA_PLAIN_USER_2, KAFKA_PLAIN_PASSWORD_2, KAFKA_SCRAM_USER_2, KAFKA_SCRAM_PASSWORD_2, KAFKA_OAUTH_BEARER_USER_2, "kafka");
        }).map((v0) -> {
            return Collections.singletonList(v0);
        }).orElse(Collections.emptyList()));
    }

    private static void writeToFile(File file, List<JaasSection> list) throws IOException {
        BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(file));
        try {
            bufferedWriter.write(String.join("", (CharSequence[]) list.stream().map((v0) -> {
                return v0.toString();
            }).toArray(i -> {
                return new String[i];
            })));
            bufferedWriter.close();
        } catch (Throwable th) {
            try {
                bufferedWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static boolean usesSslTransportLayer(SecurityProtocol securityProtocol) {
        switch (AnonymousClass1.$SwitchMap$org$apache$kafka$common$security$auth$SecurityProtocol[securityProtocol.ordinal()]) {
            case 1:
            case 2:
                return true;
            default:
                return false;
        }
    }

    public static boolean usesSaslAuthentication(SecurityProtocol securityProtocol) {
        switch (AnonymousClass1.$SwitchMap$org$apache$kafka$common$security$auth$SecurityProtocol[securityProtocol.ordinal()]) {
            case 2:
            case 3:
                return true;
            default:
                return false;
        }
    }

    public static Properties sslConfigs(ConnectionMode connectionMode, boolean z, Optional<File> optional, String str) throws Exception {
        return sslConfigs(connectionMode, z, optional, str, SSL_CERTIFICATE_CN, "TLSv1.3");
    }

    public static Properties sslConfigs(ConnectionMode connectionMode, boolean z, Optional<File> optional, String str, String str2, String str3) throws Exception {
        File orElseThrow = optional.orElseThrow(() -> {
            return new Exception("SSL enabled but no trustStoreFile provided");
        });
        Properties properties = new Properties();
        properties.putAll(new TestSslUtils.SslConfigsBuilder(connectionMode).useClientCert(z).createNewTrustStore(orElseThrow).certAlias(str).cn(str2).tlsProtocol(str3).build());
        return properties;
    }

    public static Properties producerSecurityConfigs(SecurityProtocol securityProtocol, Optional<File> optional, Optional<Properties> optional2) throws Exception {
        return securityConfigs(ConnectionMode.CLIENT, securityProtocol, optional, "producer", SSL_CERTIFICATE_CN, optional2);
    }

    public static Properties consumerSecurityConfigs(SecurityProtocol securityProtocol, Optional<File> optional, Optional<Properties> optional2) throws Exception {
        return securityConfigs(ConnectionMode.CLIENT, securityProtocol, optional, "consumer", SSL_CERTIFICATE_CN, optional2);
    }

    public static Properties adminClientSecurityConfigs(SecurityProtocol securityProtocol, Optional<File> optional, Optional<Properties> optional2) throws Exception {
        return securityConfigs(ConnectionMode.CLIENT, securityProtocol, optional, "admin-client", SSL_CERTIFICATE_CN, optional2);
    }

    public static Properties securityConfigs(ConnectionMode connectionMode, SecurityProtocol securityProtocol, Optional<File> optional, String str, String str2, Optional<Properties> optional2) throws Exception {
        return securityConfigs(connectionMode, securityProtocol, optional, str, str2, optional2, "TLSv1.3", Optional.empty());
    }

    public static Properties securityConfigs(ConnectionMode connectionMode, SecurityProtocol securityProtocol, Optional<File> optional, String str, String str2, Optional<Properties> optional2, String str3, Optional<Boolean> optional3) throws Exception {
        Properties properties = new Properties();
        if (usesSslTransportLayer(securityProtocol)) {
            properties.putAll(sslConfigs(connectionMode, optional3.orElse(Boolean.valueOf(securityProtocol == SecurityProtocol.SSL)).booleanValue(), optional, str, str2, str3));
        }
        if (usesSaslAuthentication(securityProtocol)) {
            properties.putAll(saslConfigs(optional2));
        }
        properties.put("security.protocol", securityProtocol.name());
        return properties;
    }

    static {
        IS_IBM_SECURITY = Java.isIbmJdk() && !Java.isIbmJdkSemeru();
    }
}
