package io.confluent.controlcenter.data;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.UnmodifiableIterator;
import io.confluent.controlcenter.ControlCenterRbacConfig;
import io.confluent.controlcenter.data.PermissionsService;
import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.VisibilityRequest;
import io.confluent.rbacapi.entities.VisibilityResponse;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.Scope;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import javax.validation.constraints.NotNull;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.GenericType;
import javax.ws.rs.core.MediaType;
import org.apache.kafka.streams.StreamsConfig;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.glassfish.jersey.client.ClientConfig;
import org.glassfish.jersey.jackson.internal.jackson.jaxrs.json.JacksonJaxbJsonProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/controlcenter/data/MetadataServiceClient.class */
public class MetadataServiceClient {
    private static final long MDS_CONNECT_TIMEOUT_SEC = 15;
    private static final long MDS_READ_TIMEOUT_SEC = 15;
    private static final String ALLOWED = "ALLOWED";
    private final Random random = new Random();
    private final ControlCenterRbacConfig rbacConfig;
    private final ClientBuilder clientBuilder;
    private WebTarget baseTarget;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) MetadataServiceClient.class);
    private static int MDS_RETRIES_EACH = 2;

    public MetadataServiceClient(ControlCenterRbacConfig controlCenterRbacConfig, ObjectMapper objectMapper) {
        this.rbacConfig = controlCenterRbacConfig;
        JacksonJaxbJsonProvider jacksonJaxbJsonProvider = new JacksonJaxbJsonProvider();
        jacksonJaxbJsonProvider.setMapper(objectMapper);
        this.clientBuilder = ClientBuilder.newBuilder().withConfig(new ClientConfig(jacksonJaxbJsonProvider)).connectTimeout(15L, TimeUnit.SECONDS).readTimeout(15L, TimeUnit.SECONDS);
    }

    public void setSslContextFactory(@NotNull SslContextFactory sslContextFactory) {
        if (this.baseTarget != null) {
            throw new IllegalStateException("trying to set SslContextFactory but Client is already built!");
        }
        Preconditions.checkNotNull(sslContextFactory);
        if (sslContextFactory.getSslContext() != null) {
            this.clientBuilder.sslContext(sslContextFactory.getSslContext());
        }
    }

    public boolean isKafkaClusterVisible(String str, String str2, String str3) {
        return visibility(str, str2, ImmutableList.of(new VisibilityRequest(str3, null, null, null))).get(0).kafkaCluster.visible;
    }

    public String getMetadataServiceKafkaId(String str) {
        return (String) makeRequestWithRetries(str2 -> {
            return (String) getBaseTarget(str2).path("metadataClusterId").request().header("Authorization", "Bearer " + str).get().readEntity(String.class);
        });
    }

    public Map<PermissionsService.ControlCenterOperation, Boolean> authorize(String str, String str2, Scope scope, ImmutableMap<PermissionsService.ControlCenterOperation, PermissionsService.ResourceTypeOperation> immutableMap) {
        ArrayList arrayList = new ArrayList();
        UnmodifiableIterator<PermissionsService.ResourceTypeOperation> it = immutableMap.values().iterator();
        while (it.hasNext()) {
            PermissionsService.ResourceTypeOperation next = it.next();
            arrayList.add(new Action(scope, next.resourceType, next.resourceType.name(), next.operation));
        }
        List list = (List) makeRequestWithRetries(str3 -> {
            return (List) getBaseTarget(str3).path("authorize").request().header("Authorization", "Bearer " + str2).put(Entity.entity(new AuthorizeRequest("User:" + str, arrayList), MediaType.APPLICATION_JSON_TYPE)).readEntity(new GenericType<List<String>>() { // from class: io.confluent.controlcenter.data.MetadataServiceClient.1
            });
        });
        if (list.size() != immutableMap.size()) {
            log.error("expected list size {}, actual, {}", Integer.valueOf(immutableMap.size()), Integer.valueOf(list.size()));
            throw new InternalServerErrorException();
        }
        HashMap hashMap = new HashMap();
        int i = 0;
        UnmodifiableIterator<PermissionsService.ControlCenterOperation> it2 = immutableMap.keySet().iterator();
        while (it2.hasNext()) {
            int i2 = i;
            i++;
            hashMap.put(it2.next(), Boolean.valueOf(((String) list.get(i2)).equals(ALLOWED)));
        }
        return hashMap;
    }

    public List<VisibilityResponse> visibility(String str, String str2, List<VisibilityRequest> list) {
        return (List) makeRequestWithRetries(str3 -> {
            return (List) getBaseTarget(str3).path("principals").path("User:" + urlEncode(str)).path("visibility").request().header("Authorization", "Bearer " + str2).post(Entity.entity(list, MediaType.APPLICATION_JSON_TYPE)).readEntity(new GenericType<List<VisibilityResponse>>() { // from class: io.confluent.controlcenter.data.MetadataServiceClient.2
            });
        });
    }

    private <T> T makeRequestWithRetries(Function<String, T> function) {
        int nextInt = this.random.nextInt(this.rbacConfig.getMetadataServiceUrls().size());
        for (int i = 0; i < MDS_RETRIES_EACH * this.rbacConfig.getMetadataServiceUrls().size(); i++) {
            String str = this.rbacConfig.getMetadataServiceUrls().get((nextInt + i) % this.rbacConfig.getMetadataServiceUrls().size());
            try {
                return function.apply(str);
            } catch (Exception e) {
                log.warn("failed to make metadata service request to {} : {}", str, e.getMessage());
            }
        }
        throw new InternalServerErrorException("failed to connect to any MDS server");
    }

    private WebTarget getBaseTarget(String str) {
        if (this.baseTarget == null) {
            this.baseTarget = this.clientBuilder.build().target(str).path("security").path(StreamsConfig.UPGRADE_FROM_10);
        }
        return this.baseTarget;
    }

    private static String urlEncode(String str) {
        try {
            return URLEncoder.encode(str, StandardCharsets.UTF_8.name());
        } catch (UnsupportedEncodingException e) {
            throw new InternalServerErrorException();
        }
    }
}
