package io.confluent.controlcenter.acl;

import com.google.common.collect.Lists;
import com.google.inject.Guice;
import com.google.inject.Injector;
import io.confluent.controlcenter.BootstrapClientSupplier;
import io.confluent.controlcenter.ControlCenterConfig;
import io.confluent.controlcenter.ControlCenterConfigModule;
import io.confluent.controlcenter.serialization.SerializationModule;
import io.confluent.controlcenter.streams.StreamsConfigModule;
import io.confluent.controlcenter.streams.TopicStoreMaster;
import io.confluent.controlcenter.streams.TopicStoreModule;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.kafka.clients.admin.AdminClient;
import org.apache.kafka.common.KafkaFuture;
import org.apache.kafka.common.acl.AccessControlEntry;
import org.apache.kafka.common.acl.AclBinding;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.acl.AclPermissionType;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.resource.Resource;
import org.apache.kafka.common.resource.ResourcePattern;
import org.apache.kafka.common.resource.ResourceType;
import org.apache.kafka.streams.StreamsConfig;
import org.apache.log4j.BasicConfigurator;
import org.apache.log4j.ConsoleAppender;
import org.apache.log4j.PatternLayout;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/controlcenter/acl/StartupAcl.class */
public class StartupAcl {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) StartupAcl.class);
    private static final String C3USERNAME_OPT = "c3Username";
    private static final String CONFIG_OPT = "config";

    /* loaded from: input_file:io/confluent/controlcenter/acl/StartupAcl$AclInfo.class */
    static class AclInfo {
        public List<AclBinding> acls = new ArrayList();
        public AdminClient adminClient;

        AclInfo(ControlCenterConfig controlCenterConfig, String str) {
            Injector makeInjections = makeInjections(controlCenterConfig);
            TopicStoreMaster topicStoreMaster = (TopicStoreMaster) makeInjections.getInstance(TopicStoreMaster.class);
            StreamsConfig streamsConfig = (StreamsConfig) makeInjections.getInstance(StreamsConfig.class);
            this.adminClient = ((BootstrapClientSupplier) makeInjections.getInstance(BootstrapClientSupplier.class)).get();
            Set<String> allTopics = getAllTopics(topicStoreMaster);
            addAclForGroups(streamsConfig, str);
            addAclForTopics(allTopics, str);
            addAclForClusters(str);
        }

        private Injector makeInjections(ControlCenterConfig controlCenterConfig) {
            return Guice.createInjector(new ControlCenterConfigModule(controlCenterConfig, false, null), new StreamsConfigModule(), new TopicStoreModule(), new SerializationModule());
        }

        private void addAclForGroups(StreamsConfig streamsConfig, String str) {
            String string = streamsConfig.getString(StreamsConfig.APPLICATION_ID_CONFIG);
            StartupAcl.log.info("Set acl for group " + string);
            AclBinding aclBinding = new AclBinding(new ResourcePattern(ResourceType.GROUP, string, PatternType.LITERAL), new AccessControlEntry("User:" + str, "*", AclOperation.READ, AclPermissionType.ALLOW));
            StartupAcl.log.info("Set acl for group " + string + "-command");
            this.acls.addAll(Lists.newArrayList(aclBinding, new AclBinding(new ResourcePattern(ResourceType.GROUP, string + "-command", PatternType.LITERAL), new AccessControlEntry("User:" + str, "*", AclOperation.READ, AclPermissionType.ALLOW))));
        }

        private Set<String> getAllTopics(TopicStoreMaster topicStoreMaster) {
            TreeSet treeSet = new TreeSet();
            treeSet.addAll(topicStoreMaster.getInputTopicNames());
            treeSet.addAll(topicStoreMaster.getInternalTopicNames());
            return treeSet;
        }

        private void addAclForTopics(Set<String> set, String str) {
            for (String str2 : set) {
                StartupAcl.log.info("Set acl for topic " + str2);
                this.acls.addAll(Lists.newArrayList(new AclBinding(new ResourcePattern(ResourceType.TOPIC, str2, PatternType.LITERAL), new AccessControlEntry("User:" + str, "*", AclOperation.WRITE, AclPermissionType.ALLOW)), new AclBinding(new ResourcePattern(ResourceType.TOPIC, str2, PatternType.LITERAL), new AccessControlEntry("User:" + str, "*", AclOperation.CREATE, AclPermissionType.ALLOW)), new AclBinding(new ResourcePattern(ResourceType.TOPIC, str2, PatternType.LITERAL), new AccessControlEntry("User:" + str, "*", AclOperation.DESCRIBE, AclPermissionType.ALLOW)), new AclBinding(new ResourcePattern(ResourceType.TOPIC, str2, PatternType.LITERAL), new AccessControlEntry("User:" + str, "*", AclOperation.READ, AclPermissionType.ALLOW))));
            }
        }

        private void addAclForClusters(String str) {
            StartupAcl.log.info("Set acl for kafka-cluster");
            this.acls.addAll(Lists.newArrayList(new AclBinding(new ResourcePattern(ResourceType.CLUSTER, Resource.CLUSTER_NAME, PatternType.LITERAL), new AccessControlEntry("User:" + str, "*", AclOperation.DESCRIBE, AclPermissionType.ALLOW)), new AclBinding(new ResourcePattern(ResourceType.CLUSTER, Resource.CLUSTER_NAME, PatternType.LITERAL), new AccessControlEntry("User:" + str, "*", AclOperation.DESCRIBE_CONFIGS, AclPermissionType.ALLOW))));
        }
    }

    public static void main(String[] strArr) throws Exception {
        BasicConfigurator.configure(new ConsoleAppender(new PatternLayout(), ConsoleAppender.SYSTEM_ERR));
        CommandLine cmdLine = getCmdLine(strArr);
        AclInfo aclInfo = new AclInfo(new ControlCenterConfig(cmdLine.getOptionValue("config")), cmdLine.getOptionValue(C3USERNAME_OPT).trim());
        KafkaFuture<Void> all = aclInfo.adminClient.createAcls(aclInfo.acls).all();
        try {
            try {
                all.get(30000L, TimeUnit.MILLISECONDS);
                log.info("Completed all the ACL setting for C3 startup.");
                aclInfo.adminClient.close();
            } catch (TimeoutException e) {
                log.error("ACL setup time out. (30s)", (Throwable) e);
                all.cancel(true);
                aclInfo.adminClient.close();
            } catch (Exception e2) {
                log.error("Unexpected error.", (Throwable) e2);
                aclInfo.adminClient.close();
            }
        } catch (Throwable th) {
            aclInfo.adminClient.close();
            throw th;
        }
    }

    private static CommandLine getCmdLine(String[] strArr) throws ParseException {
        Options options = new Options();
        options.addOption(Option.builder(C3USERNAME_OPT).hasArg().required(true).longOpt("c3-username").desc("Username that C3 is used for authentication and authorization.").build());
        options.addOption(Option.builder("config").hasArg().required(true).longOpt("config-file").desc("C3 Configuration file's path and name.").build());
        return new DefaultParser().parse(options, strArr);
    }
}
