package io.confluent.security.auth.provider.ldap;

import io.confluent.security.auth.utils.ConfigurableSslSocketFactory;
import io.confluent.shaded.org.asynchttpclient.netty.channel.ChannelManager;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.kafka.common.config.AbstractConfig;
import org.apache.kafka.common.config.ConfigDef;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.config.SslConfigs;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.utils.Utils;

/* loaded from: input_file:io/confluent/security/auth/provider/ldap/LdapConfig.class */
public class LdapConfig extends AbstractConfig {
    private static final String LDAP_AUTHORIZER_PREFIX = "ldap.authorizer.";
    public static final String CONFIG_PREFIX = "ldap.";
    public static final String JAVA_NAMING_SOCKET_FACTORY_PROP = "java.naming.ldap.factory.socket";
    public static final int REFRESH_INTERVAL_MS_DEFAULT = 60000;
    public static final int PERSISTENT_REFRESH = 0;
    public static final int SEARCH_PAGE_SIZE_DEFAULT = 0;
    public static final int RETRY_BACKOFF_MS_DEFAULT = 100;
    public static final int RETRY_BACKOFF_MAX_MS_DEFAULT = 1000;
    public static final String GROUP_SEARCH_FILTER_DEFAULT = "";
    public static final int GROUP_SEARCH_SCOPE_DEFAULT = 1;
    public static final String GROUP_NAME_ATTRIBUTE_PATTERN_DEFAULT = "";
    public static final String GROUP_MEMBER_ATTRIBUTE_PATTERN_DEFAULT = "";
    public static final String GROUP_DN_NAME_PATTERN_DEFAULT = "";
    public static final String USER_SEARCH_FILTER_DEFAULT = "";
    public static final int USER_SEARCH_SCOPE_DEFAULT = 1;
    public static final String USER_NAME_ATTRIBUTE_PATTERN_DEFAULT = "";
    public static final String USER_MEMBEROF_ATTRIBUTE_PATTERN_DEFAULT = "";
    public static final String USER_DN_NAME_PATTERN_DEFAULT = "";
    private static final String JNDI_CONNECT_TIMEOUT_MS_PROP = "com.sun.jndi.ldap.connect.timeout";
    public static final String JNDI_READ_TIMEOUT_MS_PROP = "com.sun.jndi.ldap.read.timeout";
    public static final long JNDI_CONNECT_TIMEOUT_MS_DEFAULT = 30000;
    public static final long JNDI_READ_TIMEOUT_MS_DEFAULT = 30000;
    final boolean persistentSearch;
    final int refreshIntervalMs;
    final int searchPageSize;
    final long retryTimeoutMs;
    final int retryBackoffMs;
    final int retryMaxBackoffMs;
    final SearchMode searchMode;
    final String groupSearchBase;
    final String groupSearchFilter;
    final int groupSearchScope;
    final String groupNameAttribute;
    final Pattern groupNameAttributePattern;
    final String groupMemberAttribute;
    final Pattern groupMemberAttributePattern;
    final Pattern groupDnNamePattern;
    final String userSearchBase;
    final String userSearchFilter;
    final int userSearchScope;
    final String userNameAttribute;
    final Pattern userNameAttributePattern;
    final String userMemberOfAttribute;
    final Pattern userMemberOfAttributePattern;
    final Pattern userDnNamePattern;
    final String userDnSearchFilter;
    final String userPasswordAttribute;
    final Hashtable<String, String> ldapContextEnvironment;
    public static final String SEARCH_MODE_DEFAULT = SearchMode.GROUPS.name();
    public static final String REFRESH_INTERVAL_MS_PROP = "ldap.refresh.interval.ms";
    public static final String REFRESH_INTERVAL_MS_DOC = "LDAP group cache refresh interval in milliseconds. If set to zero, persistent LDAP search is used.";
    public static final String SEARCH_PAGE_SIZE_PROP = "ldap.search.page.size";
    public static final String SEARCH_PAGE_SIZE_DOC = "Page size for LDAP search if persistent search is disabled (refresh interval is greater than zero). Paging is disabled by default.";
    public static final String RETRY_BACKOFF_MS_PROP = "ldap.retry.backoff.ms";
    public static final String RETRY_BACKOFF_MS_DOC = "Initial retry backoff in milliseconds. Exponential backoff is used if 'ldap.retry.backoff.max.ms' is set to a higher value.";
    public static final String RETRY_BACKOFF_MAX_MS_PROP = "ldap.retry.backoff.max.ms";
    public static final String RETRY_BACKOFF_MAX_MS_DOC = "Maximum retry backoff in milliseconds. Exponential backoff is used if 'ldap.retry.backoff.ms' is set to a lower value.";
    public static final String RETRY_TIMEOUT_MS_PROP = "ldap.retry.timeout.ms";
    public static final int RETRY_TIMEOUT_MS_DEFAULT = 86400000;
    public static final String RETRY_TIMEOUT_MS_DOC = "Timeout for LDAP search retries after which the LDAP authorizer is marked as failed. All requests are denied access if a successful cache refresh cannot be performed within this time.";
    public static final String SEARCH_MODE_PROP = "ldap.search.mode";
    public static final String SEARCH_MODE_DOC = "LDAP search mode that indicates if user to group mapping is retrieved by searching for group or user entries. Valid values are USERS and GROUPS.";
    public static final String GROUP_SEARCH_BASE_PROP = "ldap.group.search.base";
    public static final String GROUP_SEARCH_BASE_DEFAULT = "ou=groups";
    public static final String GROUP_SEARCH_BASE_DOC = "LDAP search base for group-based search.";
    public static final String GROUP_SEARCH_FILTER_PROP = "ldap.group.search.filter";
    public static final String GROUP_SEARCH_FILTER_DOC = "LDAP search filter for group-based search.";
    public static final String GROUP_SEARCH_SCOPE_PROP = "ldap.group.search.scope";
    public static final String GROUP_SEARCH_SCOPE_DOC = "LDAP search scope for group-based search. Valid values are 0 (OBJECT), 1 (ONELEVEL) and 2 (SUBTREE).";
    public static final String GROUP_OBJECT_CLASS_PROP = "ldap.group.object.class";
    public static final String GROUP_OBJECT_CLASS_DEFAULT = "groupOfNames";
    public static final String GROUP_OBJECT_CLASS_DOC = "LDAP object class for groups.";
    public static final String GROUP_NAME_ATTRIBUTE_PROP = "ldap.group.name.attribute";
    public static final String GROUP_NAME_ATTRIBUTE_DEFAULT = "cn";
    public static final String GROUP_NAME_ATTRIBUTE_DOC = "Name of attribute that contains the name of the group in a group entry obtained using an LDAP search. A regex pattern may be specified to extract the group name used in ACLs from this attribute by configuring 'ldap.group.name.attribute.pattern'.";
    public static final String GROUP_NAME_ATTRIBUTE_PATTERN_PROP = "ldap.group.name.attribute.pattern";
    public static final String GROUP_NAME_ATTRIBUTE_PATTERN_DOC = "Java regular expression pattern used to extract the group name used in ACLs from the name of the group obtained from the LDAP attribute specified using  'ldap.group.name.attribute`. By default the full value of the attribute is used";
    public static final String GROUP_MEMBER_ATTRIBUTE_PROP = "ldap.group.member.attribute";
    public static final String GROUP_MEMBER_ATTRIBUTE_DEFAULT = "member";
    public static final String GROUP_MEMBER_ATTRIBUTE_DOC = "Name of attribute that contains the members of the group in a group entry obtained using an LDAP search. A regex pattern may be specified to extract the user principals from this attribute by configuring 'ldap.group.member.attribute.pattern'.";
    public static final String GROUP_MEMBER_ATTRIBUTE_PATTERN_PROP = "ldap.group.member.attribute.pattern";
    public static final String GROUP_MEMBER_ATTRIBUTE_PATTERN_DOC = "Java regular expression pattern used to extract the user principals of group members from group member entries obtained from the LDAP attribute specified using 'ldap.group.member.attribute`. By default the full value of the attribute is used";
    public static final String GROUP_DN_NAME_PATTERN_PROP = "ldap.group.dn.name.pattern";
    public static final String GROUP_DN_NAME_PATTERN_DOC = "Java regular expression pattern used to extract group name from the distinguished name of the group when group is renamed. This is used only when persistent search is enabled. By default the 'ldap.group.name.attribute' is extracted from the DN";
    public static final String USER_SEARCH_BASE_PROP = "ldap.user.search.base";
    public static final String USER_SEARCH_BASE_DEFAULT = "ou=users";
    public static final String USER_SEARCH_BASE_DOC = "LDAP search base for user-based search.";
    public static final String USER_SEARCH_FILTER_PROP = "ldap.user.search.filter";
    public static final String USER_SEARCH_FILTER_DOC = "LDAP search filter for user-based search.";
    public static final String USER_SEARCH_SCOPE_PROP = "ldap.user.search.scope";
    public static final String USER_SEARCH_SCOPE_DOC = "LDAP search scope for user-based search. Valid values are 0 (OBJECT), 1 (ONELEVEL) and 2 (SUBTREE).";
    public static final String USER_OBJECT_CLASS_PROP = "ldap.user.object.class";
    public static final String USER_OBJECT_CLASS_DEFAULT = "person";
    public static final String USER_OBJECT_CLASS_DOC = "LDAP object class for users.";
    public static final String USER_NAME_ATTRIBUTE_PROP = "ldap.user.name.attribute";
    public static final String USER_NAME_ATTRIBUTE_DEFAULT = "uid";
    public static final String USER_NAME_ATTRIBUTE_DOC = "Name of attribute that contains the user principal in a user entry obtained using an LDAP search. A regex pattern may be specified to extract the user principal from this attribute by configuring 'ldap.user.name.attribute.pattern'.";
    public static final String USER_NAME_ATTRIBUTE_PATTERN_PROP = "ldap.user.name.attribute.pattern";
    public static final String USER_NAME_ATTRIBUTE_PATTERN_DOC = "Java regular expression pattern used to extract the user principal from the name of the user obtained from the LDAP attribute specified using 'ldap.user.name.attribute`. By default the full value of the attribute is used";
    public static final String USER_MEMBEROF_ATTRIBUTE_PROP = "ldap.user.memberof.attribute";
    public static final String USER_MEMBEROF_ATTRIBUTE_DEFAULT = "memberof";
    public static final String USER_MEMBEROF_ATTRIBUTE_DOC = "Name of attribute that contains the groups in a user entry obtained using an LDAP search. A regex pattern may be specified to extract the group names used in ACLs from this attribute by configuring 'ldap.user.memberof.attribute.pattern'.";
    public static final String USER_MEMBEROF_ATTRIBUTE_PATTERN_PROP = "ldap.user.memberof.attribute.pattern";
    public static final String USER_MEMBEROF_ATTRIBUTE_PATTERN_DOC = "Java regular expression pattern used to extract the names of groups from user entries obtained from the LDAP attribute specified using  'ldap.user.memberof.attribute`. By default the full value of the attribute is used";
    public static final String USER_DN_NAME_PATTERN_PROP = "ldap.user.dn.name.pattern";
    public static final String USER_DN_NAME_PATTERN_DOC = "Java regular expression pattern used to extract user name from the distinguished name of the user when user is renamed. This is used only when persistent search is enabled. By default the 'ldap.user.name.attribute' is extracted from the DN";
    public static final String USER_PASSWORD_ATTRIBUTE_PROP = "ldap.user.password.attribute";
    public static final String USER_PASSWORD_ATTRIBUTE_DOC = "Name of attribute that contains the password in a user entry obtained using an LDAP search for simple username/password authentication. By default, authentication is performed using simple binding with the provided credentials. This config may be used in deployments where simple binding is disabled for some users.";
    private static final String SASL_KERBEROS_LDAP_SERVICE_NAME_DOC = "The Kerberos principal name that LDAP service runs as. The value is 'ldap' in all standard LDAP deployments.";
    private static final ConfigDef CONFIG = new ConfigDef().define(REFRESH_INTERVAL_MS_PROP, ConfigDef.Type.INT, 60000, ConfigDef.Importance.MEDIUM, REFRESH_INTERVAL_MS_DOC).define(SEARCH_PAGE_SIZE_PROP, ConfigDef.Type.INT, 0, ConfigDef.Importance.MEDIUM, SEARCH_PAGE_SIZE_DOC).define(RETRY_BACKOFF_MS_PROP, ConfigDef.Type.INT, 100, ConfigDef.Importance.MEDIUM, RETRY_BACKOFF_MS_DOC).define(RETRY_BACKOFF_MAX_MS_PROP, ConfigDef.Type.INT, 1000, ConfigDef.Importance.MEDIUM, RETRY_BACKOFF_MAX_MS_DOC).define(RETRY_TIMEOUT_MS_PROP, ConfigDef.Type.LONG, Integer.valueOf(RETRY_TIMEOUT_MS_DEFAULT), ConfigDef.Importance.MEDIUM, RETRY_TIMEOUT_MS_DOC).define(SEARCH_MODE_PROP, ConfigDef.Type.STRING, SEARCH_MODE_DEFAULT, ConfigDef.ValidString.in(SearchMode.GROUPS.name(), SearchMode.USERS.name()), ConfigDef.Importance.MEDIUM, SEARCH_MODE_DOC).define(GROUP_SEARCH_BASE_PROP, ConfigDef.Type.STRING, GROUP_SEARCH_BASE_DEFAULT, ConfigDef.Importance.HIGH, GROUP_SEARCH_BASE_DOC).define(GROUP_SEARCH_FILTER_PROP, ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, GROUP_SEARCH_FILTER_DOC).define(GROUP_SEARCH_SCOPE_PROP, ConfigDef.Type.INT, 1, ConfigDef.Importance.MEDIUM, GROUP_SEARCH_SCOPE_DOC).define(GROUP_OBJECT_CLASS_PROP, ConfigDef.Type.STRING, GROUP_OBJECT_CLASS_DEFAULT, ConfigDef.Importance.MEDIUM, GROUP_OBJECT_CLASS_DOC).define(GROUP_NAME_ATTRIBUTE_PROP, ConfigDef.Type.STRING, GROUP_NAME_ATTRIBUTE_DEFAULT, ConfigDef.Importance.HIGH, GROUP_NAME_ATTRIBUTE_DOC).define(GROUP_NAME_ATTRIBUTE_PATTERN_PROP, ConfigDef.Type.STRING, "", ConfigDef.Importance.LOW, GROUP_NAME_ATTRIBUTE_PATTERN_DOC).define(GROUP_MEMBER_ATTRIBUTE_PROP, ConfigDef.Type.STRING, GROUP_MEMBER_ATTRIBUTE_DEFAULT, ConfigDef.Importance.HIGH, GROUP_MEMBER_ATTRIBUTE_DOC).define(GROUP_MEMBER_ATTRIBUTE_PATTERN_PROP, ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, GROUP_MEMBER_ATTRIBUTE_PATTERN_DOC).define(GROUP_DN_NAME_PATTERN_PROP, ConfigDef.Type.STRING, "", ConfigDef.Importance.LOW, GROUP_DN_NAME_PATTERN_DOC).define(USER_SEARCH_BASE_PROP, ConfigDef.Type.STRING, USER_SEARCH_BASE_DEFAULT, ConfigDef.Importance.MEDIUM, USER_SEARCH_BASE_DOC).define(USER_SEARCH_FILTER_PROP, ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, USER_SEARCH_FILTER_DOC).define(USER_SEARCH_SCOPE_PROP, ConfigDef.Type.INT, 1, ConfigDef.Importance.MEDIUM, USER_SEARCH_SCOPE_DOC).define(USER_OBJECT_CLASS_PROP, ConfigDef.Type.STRING, USER_OBJECT_CLASS_DEFAULT, ConfigDef.Importance.MEDIUM, USER_OBJECT_CLASS_DOC).define(USER_NAME_ATTRIBUTE_PROP, ConfigDef.Type.STRING, USER_NAME_ATTRIBUTE_DEFAULT, ConfigDef.Importance.MEDIUM, USER_NAME_ATTRIBUTE_DOC).define(USER_NAME_ATTRIBUTE_PATTERN_PROP, ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, USER_NAME_ATTRIBUTE_PATTERN_DOC).define(USER_MEMBEROF_ATTRIBUTE_PROP, ConfigDef.Type.STRING, USER_MEMBEROF_ATTRIBUTE_DEFAULT, ConfigDef.Importance.MEDIUM, USER_MEMBEROF_ATTRIBUTE_DOC).define(USER_MEMBEROF_ATTRIBUTE_PATTERN_PROP, ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, USER_MEMBEROF_ATTRIBUTE_PATTERN_DOC).define(USER_DN_NAME_PATTERN_PROP, ConfigDef.Type.STRING, "", ConfigDef.Importance.LOW, USER_DN_NAME_PATTERN_DOC).define(USER_PASSWORD_ATTRIBUTE_PROP, ConfigDef.Type.STRING, null, ConfigDef.Importance.LOW, USER_PASSWORD_ATTRIBUTE_DOC).define("ldap.sasl.kerberos.service.name", ConfigDef.Type.STRING, "ldap", ConfigDef.Importance.LOW, SASL_KERBEROS_LDAP_SERVICE_NAME_DOC);

    /* loaded from: input_file:io/confluent/security/auth/provider/ldap/LdapConfig$SearchMode.class */
    public enum SearchMode {
        GROUPS,
        USERS
    }

    public LdapConfig(Map<?, ?> map) {
        super(CONFIG, ldapAuthorizerToLdapProps(map));
        this.refreshIntervalMs = getInt(REFRESH_INTERVAL_MS_PROP).intValue();
        this.retryTimeoutMs = getLong(RETRY_TIMEOUT_MS_PROP).longValue();
        this.retryBackoffMs = getInt(RETRY_BACKOFF_MS_PROP).intValue();
        this.retryMaxBackoffMs = getInt(RETRY_BACKOFF_MAX_MS_PROP).intValue();
        this.persistentSearch = this.refreshIntervalMs == 0;
        this.searchMode = SearchMode.valueOf(getString(SEARCH_MODE_PROP).toUpperCase(Locale.ROOT));
        this.searchPageSize = getInt(SEARCH_PAGE_SIZE_PROP).intValue();
        this.groupSearchBase = getString(GROUP_SEARCH_BASE_PROP);
        this.groupSearchFilter = searchFilter(GROUP_OBJECT_CLASS_PROP, getString(GROUP_SEARCH_FILTER_PROP));
        this.groupSearchScope = getInt(GROUP_SEARCH_SCOPE_PROP).intValue();
        this.groupNameAttribute = getString(GROUP_NAME_ATTRIBUTE_PROP);
        this.groupNameAttributePattern = attributePattern(GROUP_NAME_ATTRIBUTE_PATTERN_PROP);
        this.groupMemberAttribute = getString(GROUP_MEMBER_ATTRIBUTE_PROP);
        this.groupMemberAttributePattern = attributePattern(GROUP_MEMBER_ATTRIBUTE_PATTERN_PROP);
        String string = getString(GROUP_DN_NAME_PATTERN_PROP);
        this.groupDnNamePattern = string.isEmpty() ? null : Pattern.compile(string);
        this.userSearchBase = getString(USER_SEARCH_BASE_PROP);
        this.userSearchFilter = searchFilter(USER_OBJECT_CLASS_PROP, getString(USER_SEARCH_FILTER_PROP));
        this.userSearchScope = getInt(USER_SEARCH_SCOPE_PROP).intValue();
        this.userNameAttribute = getString(USER_NAME_ATTRIBUTE_PROP);
        this.userNameAttributePattern = attributePattern(USER_NAME_ATTRIBUTE_PATTERN_PROP);
        this.userMemberOfAttribute = getString(USER_MEMBEROF_ATTRIBUTE_PROP);
        this.userMemberOfAttributePattern = attributePattern(USER_MEMBEROF_ATTRIBUTE_PATTERN_PROP);
        String string2 = getString(USER_DN_NAME_PATTERN_PROP);
        this.userDnNamePattern = string2.isEmpty() ? null : Pattern.compile(string2);
        this.userDnSearchFilter = searchFilter(USER_OBJECT_CLASS_PROP, String.format("%s(%s={0})", this.userSearchFilter, this.userNameAttribute));
        this.userPasswordAttribute = getString(USER_PASSWORD_ATTRIBUTE_PROP);
        validate();
        this.ldapContextEnvironment = createLdapContextEnvironment();
    }

    private boolean sslEnabled() {
        return "ldaps".equals(URI.create((String) originals().get("ldap.java.naming.provider.url")).getScheme()) || ChannelManager.SSL_HANDLER.equalsIgnoreCase((String) originals().get("ldap.java.naming.security.protocol"));
    }

    private Hashtable<String, String> createLdapContextEnvironment() {
        Hashtable<String, String> hashtable = new Hashtable<>();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        unprefix(originals()).entrySet().stream().filter(entry -> {
            return ((String) entry.getKey()).startsWith("java.naming.") || ((String) entry.getKey()).startsWith("com.sun.jndi.");
        }).forEach(entry2 -> {
        });
        Map<String, Object> unprefix = unprefix(values());
        if (sslEnabled() && !unprefix.containsKey(JAVA_NAMING_SOCKET_FACTORY_PROP)) {
            ConfigurableSslSocketFactory.createSslFactory(unprefix);
            hashtable.put(JAVA_NAMING_SOCKET_FACTORY_PROP, ConfigurableSslSocketFactory.class.getName());
        }
        if (!hashtable.containsKey(JNDI_CONNECT_TIMEOUT_MS_PROP)) {
            hashtable.put(JNDI_CONNECT_TIMEOUT_MS_PROP, String.valueOf(30000L));
        }
        if (!hashtable.containsKey(JNDI_READ_TIMEOUT_MS_PROP)) {
            hashtable.put(JNDI_READ_TIMEOUT_MS_PROP, String.valueOf(30000L));
        }
        return hashtable;
    }

    private Map<String, Object> unprefix(Map<String, ?> map) {
        return (Map) map.entrySet().stream().filter(entry -> {
            return ((String) entry.getKey()).startsWith(CONFIG_PREFIX) && entry.getValue() != null;
        }).collect(Collectors.toMap(entry2 -> {
            return ((String) entry2.getKey()).substring(CONFIG_PREFIX.length());
        }, (v0) -> {
            return v0.getValue();
        }));
    }

    private String searchFilter(String str, String str2) {
        String str3 = "(objectClass=" + getString(str) + ")";
        return str2.isEmpty() ? str3 : String.format("(&%s%s)", str3, str2);
    }

    private Pattern attributePattern(String str) {
        String string = getString(str);
        if (string == null || string.isEmpty()) {
            return null;
        }
        return Pattern.compile(string);
    }

    private void validate() {
        if (!originals().containsKey("ldap.java.naming.provider.url")) {
            throw new ConfigException("LDAP provider URL must be specified using the config ldap.java.naming.provider.url");
        }
        if (this.retryTimeoutMs < this.refreshIntervalMs * 2) {
            throw new ConfigException(String.format("Retry timeout %s=%d should be at least twice %s=%d", RETRY_TIMEOUT_MS_PROP, Long.valueOf(this.retryTimeoutMs), REFRESH_INTERVAL_MS_PROP, Integer.valueOf(this.refreshIntervalMs)));
        }
        if (this.retryTimeoutMs < this.retryMaxBackoffMs) {
            throw new ConfigException(String.format("Retry timeout %s=%d should be at least %s=%d", RETRY_BACKOFF_MAX_MS_PROP, Integer.valueOf(this.retryMaxBackoffMs), RETRY_TIMEOUT_MS_PROP, Long.valueOf(this.retryTimeoutMs)));
        }
        if (this.retryMaxBackoffMs < this.retryBackoffMs) {
            throw new ConfigException(String.format("Retry max backoff %s=%d should be at least %s=%d", RETRY_BACKOFF_MAX_MS_PROP, Integer.valueOf(this.retryMaxBackoffMs), RETRY_BACKOFF_MS_PROP, Integer.valueOf(this.retryBackoffMs)));
        }
    }

    public static boolean ldapEnabled(Map<String, ?> map) {
        return map.containsKey("ldap.java.naming.provider.url") || map.containsKey("ldap.authorizer.java.naming.provider.url");
    }

    public String toString() {
        HashMap hashMap = new HashMap(this.ldapContextEnvironment);
        if (hashMap.containsKey("java.naming.security.credentials")) {
            hashMap.put("java.naming.security.credentials", Password.HIDDEN);
        }
        return String.format("LdapAuthorizerConfig: %n\t%s%n\t%s", Utils.mkString(values(), "", "", "=", "%n\t"), Utils.mkString(hashMap, "", "", "=", "%n\t"));
    }

    private static Map<?, ?> ldapAuthorizerToLdapProps(Map<?, ?> map) {
        HashMap hashMap = new HashMap(map.size());
        for (Map.Entry<?, ?> entry : map.entrySet()) {
            String str = (String) entry.getKey();
            if (str.startsWith(LDAP_AUTHORIZER_PREFIX)) {
                str = CONFIG_PREFIX + str.substring(LDAP_AUTHORIZER_PREFIX.length());
            }
            hashMap.put(str, entry.getValue());
        }
        return hashMap;
    }

    public static void main(String[] strArr) throws Exception {
        PrintStream printStream = strArr.length == 0 ? System.out : new PrintStream((OutputStream) new FileOutputStream(strArr[0]), false, StandardCharsets.UTF_8.name());
        Throwable th = null;
        try {
            try {
                printStream.println(CONFIG.toHtmlTable());
                if (printStream != System.out) {
                    printStream.close();
                }
                if (printStream != null) {
                    if (0 == 0) {
                        printStream.close();
                        return;
                    }
                    try {
                        printStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (printStream != null) {
                if (th != null) {
                    try {
                        printStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    printStream.close();
                }
            }
            throw th4;
        }
    }

    static {
        ConfigDef configDef = new ConfigDef();
        SslConfigs.addClientSslSupport(configDef);
        SaslConfigs.addClientSaslSupport(configDef);
        Set mkSet = Utils.mkSet(SaslConfigs.SASL_KERBEROS_SERVICE_NAME, SaslConfigs.SASL_MECHANISM, SaslConfigs.SASL_CLIENT_CALLBACK_HANDLER_CLASS, SaslConfigs.SASL_LOGIN_REFRESH_BUFFER_SECONDS, SaslConfigs.SASL_LOGIN_REFRESH_MIN_PERIOD_SECONDS, SaslConfigs.SASL_LOGIN_REFRESH_WINDOW_FACTOR, SaslConfigs.SASL_LOGIN_REFRESH_WINDOW_JITTER);
        configDef.configKeys().values().stream().filter(configKey -> {
            return !mkSet.contains(configKey.name);
        }).forEach(configKey2 -> {
            CONFIG.define(CONFIG_PREFIX + configKey2.name, configKey2.type, configKey2.defaultValue, configKey2.validator, configKey2.importance, configKey2.documentation);
        });
    }
}
