package io.confluent.controlcenter;

import com.amazonaws.util.StringUtils;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableMap;
import java.util.List;
import java.util.Map;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.config.SaslConfigs;

/* loaded from: input_file:io/confluent/controlcenter/ControlCenterRbacConfig.class */
public class ControlCenterRbacConfig {
    private final List<String> metadataServiceUrls;
    private final String username;
    private final String password;
    private final Map<String, Object> saslConfigs;

    public static ControlCenterRbacConfig fromControlCenterConfig(ControlCenterConfig controlCenterConfig) {
        List<String> list = controlCenterConfig.getList(ControlCenterConfig.CONFLUENT_CONTROLCENTER_METADATA_URLS_CONFIG);
        String str = null;
        String str2 = null;
        ImmutableMap of = ImmutableMap.of();
        if (!list.isEmpty()) {
            str = controlCenterConfig.getString(ControlCenterConfig.CONTROL_CENTER_METADATA_USERNAME);
            str2 = controlCenterConfig.getPassword(ControlCenterConfig.CONTROL_CENTER_METADATA_PASSWORD).value();
            if (Strings.isNullOrEmpty(str) || Strings.isNullOrEmpty(str2)) {
                throw new ConfigException("You specified a metadata service but did not specify a username/password for using it. Please specify confluent.controlcenter.metadata.username and confluent.controlcenter.metadata.password.");
            }
            of = ImmutableMap.of(SaslConfigs.SASL_MECHANISM, "OAUTHBEARER", SaslConfigs.SASL_JAAS_CONFIG, "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required username=\"" + str + "\" password=\"" + str2 + "\" metadataServerUrls=\"" + String.join(StringUtils.COMMA_SEPARATOR, list) + "\";", SaslConfigs.SASL_LOGIN_CALLBACK_HANDLER_CLASS, "io.confluent.kafka.clients.plugins.auth.token.TokenUserLoginCallbackHandler");
        }
        return new ControlCenterRbacConfig(list, str, str2, of);
    }

    public ControlCenterRbacConfig(List<String> list, String str, String str2, Map<String, Object> map) {
        this.metadataServiceUrls = list;
        this.username = str;
        this.password = str2;
        this.saslConfigs = map;
    }

    public List<String> getMetadataServiceUrls() {
        return this.metadataServiceUrls;
    }

    public String getUsername() {
        return this.username;
    }

    public String getPassword() {
        return this.password;
    }

    public Map<String, Object> getSaslConfigs() {
        return this.saslConfigs;
    }

    public boolean isRbacEnabled() {
        return !this.metadataServiceUrls.isEmpty();
    }
}
