package io.confluent.security.auth.client;

import io.confluent.security.auth.client.provider.BuiltInAuthProviders;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import org.apache.kafka.common.config.AbstractConfig;
import org.apache.kafka.common.config.ConfigDef;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.utils.Utils;
import org.eclipse.jetty.server.session.HouseKeeper;

/* loaded from: input_file:io/confluent/security/auth/client/RestClientConfig.class */
public class RestClientConfig extends AbstractConfig {
    public static final String CONFIG_PREFIX = "confluent.metadata.";
    private static final String HTTP_AUTH_CREDENTIALS_PROVIDER_DEFAULT = "";
    private static final String TOKEN_AUTH_CREDENTIAL_DEFAULT = "";
    private static final String LOGIN_EXPONENTIAL_BACKOFF_NOTE = "Oauth/OIDC Login uses an exponential backoff algorithm with an initial wait based on the confluent.metadata.oauthbearer.login.retry.backoff.ms setting and will double in wait length between attempts up to a maximum wait length specified by the confluent.metadata.oauthbearer.sasl.login.retry.backoff.max.ms setting.";
    public static final long DEFAULT_OAUTH_LOGIN_RETRY_BACKOFF_MS = 100;
    public static final long DEFAULT_OAUTH_LOGIN_RETRY_BACKOFF_MAX_MS = 10000;
    public static final Long METADATA_SERVER_URL_MAX_AGE_DEFAULT = Long.valueOf(HouseKeeper.DEFAULT_PERIOD_MS);
    public static final Integer METADATA_SERVER_URL_MAX_RETRIES_DEFAULT = 5;
    public static final Boolean METADATA_SERVER_URL_FAIL_ON_401_DEFAULT = false;
    private static final String HTTP_AUTH_CREDENTIALS_PROVIDER_DOC = "HTTP authentication scheme. Supported schemes are " + BuiltInAuthProviders.builtInHttpCredentialProviders();
    private static final String BASIC_AUTH_CREDENTIALS_PROVIDER_DEFAULT = BuiltInAuthProviders.BasicAuthCredentialProviders.USER_INFO.name();
    private static final String BASIC_AUTH_CREDENTIALS_PROVIDER_PROP_DOC = "User credentials provider for the HTTP basic authentication. Supported providers are " + BuiltInAuthProviders.builtInBasicAuthCredentialProviders();
    private static final String BASIC_AUTH_USER_INFO_PROP_DOC = "Basic user credentials info in the format user:password. This is required for " + BuiltInAuthProviders.BasicAuthCredentialProviders.USER_INFO.name() + " provider.";
    public static final String BOOTSTRAP_METADATA_SERVER_URLS_PROP = "confluent.metadata.bootstrap.server.urls";
    private static final String BOOTSTRAP_METADATA_SERVER_URLS_DOC = "Comma separated list of bootstrap metadata servers urls to which this client connects to. For ex: http://localhost:8080,http://localhost:8081";
    public static final String HTTP_AUTH_CREDENTIALS_PROVIDER_PROP = "confluent.metadata.http.auth.credentials.provider";
    public static final String BASIC_AUTH_CREDENTIALS_PROVIDER_PROP = "confluent.metadata.basic.auth.credentials.provider";
    public static final String BASIC_AUTH_USER_INFO_PROP = "confluent.metadata.basic.auth.user.info";
    public static final String BASIC_AUTH_CREDENTIALS_PATH_PROP = "confluent.metadata.basic.auth.credentials.path";
    private static final String BASIC_AUTH_CREDENTIALS_PATH_DOC = "Path name of user credentials file in Java properties file format or JSON format with the properties 'username' and 'password'.";
    public static final String ENABLE_METADATA_SERVER_URL_REFRESH = "confluent.metadata.enable.server.urls.refresh";
    public static final String ENABLE_METADATA_SERVER_URL_REFRESH_DOC = "enables periodic refresh of metadata server urls.";
    public static final String METADATA_SERVER_URL_MAX_AGE_PROP = "confluent.metadata.server.urls.max.age.ms";
    public static final String METADATA_SERVER_URL_MAX_AGE_DOC = "The period of time in milliseconds after which we force a refresh of metadata server urls.";
    public static final String METADATA_SERVER_URL_MAX_RETRIES_PROP = "confluent.metadata.server.urls.max.retries";
    public static final String METADATA_SERVER_URL_MAX_RETRIES_DOC = "The number of retries to force a refresh of metadata server urls.";
    public static final String METADATA_SERVER_URL_FAIL_ON_401_PROP = "confluent.metadata.server.urls.fail.on.401";
    public static final String METADATA_SERVER_URL_FAIL_ON_401_DOC = "When set to true, the client will fail immediately on receipt of 401 when trying to refresh metadata server urls. This might be useful if repeated 401 cause issues in the backing LDAP server.";
    public static final String REQUEST_TIMEOUT_MS_CONFIG = "confluent.metadata.request.timeout.ms";
    public static final String REQUEST_TIMEOUT_MS_DOC = "The configuration controls the maximum amount of time the client will wait for the response of a each authorizer request.";
    public static final String HTTP_REQUEST_TIMEOUT_MS_CONFIG = "confluent.metadata.http.request.timeout.ms";
    public static final String HTTP_REQUEST_TIMEOUT_MS_DOC = "The configuration controls the maximum amount of time the client will wait for the response of a http request. If the response is not received before the timeout elapses the client will resend the request if necessary or fail the request if all urls are exhausted. This value should less than or equal to confluent.metadata.request.timeout.ms config";
    public static final String TOKEN_AUTH_CREDENTIAL_PROP = "confluent.metadata.token.auth.credential";
    private static final String TOKEN_AUTH_CREDENTIAL_DOC = "String representation of an Authentication Token";
    public static final String OAUTH_TOKEN_ENDPOINT_URL = "confluent.metadata.oauthbearer.token.endpoint.url";
    public static final String OAUTH_TOKEN_ENDPOINT_URL_DOC = "The URL for the OAuth/OIDC identity provider. If the URL is HTTP(S)-based, it is the issuer's token endpoint URL to which requests will be made to login with the specified confluent.metadata.ssl configs.";
    public static final String OAUTH_LOGIN_CONNECT_TIMEOUT_MS = "confluent.metadata.oauthbearer.login.connect.timeout.ms";
    public static final String OAUTH_LOGIN_CONNECT_TIMEOUT_MS_DOC = "The (optional) value in milliseconds for the external authentication provider connection timeout.";
    public static final String OAUTH_LOGIN_READ_TIMEOUT_MS = "confluent.metadata.oauthbearer.login.read.timeout.ms";
    public static final String OAUTH_LOGIN_READ_TIMEOUT_MS_DOC = "The (optional) value in milliseconds for the external authentication provider read timeout.";
    public static final String OAUTH_LOGIN_RETRY_BACKOFF_MAX_MS = "confluent.metadata.oauthbearer.login.retry.backoff.max.ms";
    public static final String OAUTH_LOGIN_RETRY_BACKOFF_MAX_MS_DOC = "The (optional) value in milliseconds for the maximum wait between login attempts to the external authentication provider.Oauth/OIDC Login uses an exponential backoff algorithm with an initial wait based on the confluent.metadata.oauthbearer.login.retry.backoff.ms setting and will double in wait length between attempts up to a maximum wait length specified by the confluent.metadata.oauthbearer.sasl.login.retry.backoff.max.ms setting.";
    public static final String OAUTH_LOGIN_RETRY_BACKOFF_MS = "confluent.metadata.oauthbearer.login.retry.backoff.ms";
    public static final String OAUTH_LOGIN_RETRY_BACKOFF_MS_DOC = "The (optional) value in milliseconds for the initial wait between login attempts to the external authentication provider.Oauth/OIDC Login uses an exponential backoff algorithm with an initial wait based on the confluent.metadata.oauthbearer.login.retry.backoff.ms setting and will double in wait length between attempts up to a maximum wait length specified by the confluent.metadata.oauthbearer.sasl.login.retry.backoff.max.ms setting.";
    public static final String OAUTH_LOGIN_CLIENT_ID = "confluent.metadata.oauthbearer.login.client.id";
    public static final String OAUTH_LOGIN_CLIENT_ID_MS_DOC = "The OAuth/OIDC identity provider-issued client ID to uniquely identify the service account to use for authentication for this client. The value must be paired with a corresponding confluent.metadata.oauthbearer.login.client.secret value and is provided to the OAuth provider using the OAuth clientcredentials grant type.";
    public static final String OAUTH_LOGIN_CLIENT_SECRET = "confluent.metadata.oauthbearer.login.client.secret";
    public static final String OAUTH_LOGIN_CLIENT_SECRET_MS_DOC = "The OAuth/OIDC identity provider-issued client secret serves a similar function as a password to the confluent.metadata.oauthbearer.login.client.id account and identifies the service account to use for authentication for this client. The value must be paired with a corresponding confluent.metadata.oauthbearer.login.client.id value and is provided to the OAuth provider using the OAuth clientcredentials grant type.";
    public static final String OAUTH_LOGIN_CLIENT_SCOPE = "confluent.metadata.oauthbearer.login.oauth.scope";
    public static final String OAUTH_LOGIN_CLIENT_SCOPE_MS_DOC = "The (optional) HTTP/HTTPS login request to the token endpoint (confluent.metadata.oauthbearer.token.endpoint.url) may need to specify an OAuth \"scope\". If so, the confluent.metadata.oauthbearer.login.oauth.scope is used to provide the value to include with the login request.";
    private static final ConfigDef CONFIG = new ConfigDef().define(BOOTSTRAP_METADATA_SERVER_URLS_PROP, ConfigDef.Type.LIST, "", ConfigDef.Importance.HIGH, BOOTSTRAP_METADATA_SERVER_URLS_DOC).define(HTTP_AUTH_CREDENTIALS_PROVIDER_PROP, ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, HTTP_AUTH_CREDENTIALS_PROVIDER_DOC).define(BASIC_AUTH_CREDENTIALS_PROVIDER_PROP, ConfigDef.Type.STRING, BASIC_AUTH_CREDENTIALS_PROVIDER_DEFAULT, ConfigDef.Importance.HIGH, BASIC_AUTH_CREDENTIALS_PROVIDER_PROP_DOC).define(BASIC_AUTH_USER_INFO_PROP, ConfigDef.Type.PASSWORD, "", ConfigDef.Importance.MEDIUM, BASIC_AUTH_USER_INFO_PROP_DOC).define(BASIC_AUTH_CREDENTIALS_PATH_PROP, ConfigDef.Type.STRING, null, ConfigDef.Importance.MEDIUM, BASIC_AUTH_CREDENTIALS_PATH_DOC).define(ENABLE_METADATA_SERVER_URL_REFRESH, ConfigDef.Type.BOOLEAN, true, ConfigDef.Importance.LOW, ENABLE_METADATA_SERVER_URL_REFRESH_DOC).define(METADATA_SERVER_URL_MAX_AGE_PROP, ConfigDef.Type.LONG, METADATA_SERVER_URL_MAX_AGE_DEFAULT, ConfigDef.Range.atLeast(0), ConfigDef.Importance.LOW, METADATA_SERVER_URL_MAX_AGE_DOC).define(METADATA_SERVER_URL_MAX_RETRIES_PROP, ConfigDef.Type.INT, METADATA_SERVER_URL_MAX_RETRIES_DEFAULT, ConfigDef.Range.atLeast(0), ConfigDef.Importance.LOW, METADATA_SERVER_URL_MAX_RETRIES_DOC).define(METADATA_SERVER_URL_FAIL_ON_401_PROP, ConfigDef.Type.BOOLEAN, METADATA_SERVER_URL_FAIL_ON_401_DEFAULT, ConfigDef.Importance.LOW, METADATA_SERVER_URL_FAIL_ON_401_DOC).define(REQUEST_TIMEOUT_MS_CONFIG, ConfigDef.Type.INT, 30000, ConfigDef.Range.atLeast(0), ConfigDef.Importance.MEDIUM, REQUEST_TIMEOUT_MS_DOC).define(HTTP_REQUEST_TIMEOUT_MS_CONFIG, ConfigDef.Type.INT, 10000, ConfigDef.Range.atLeast(0), ConfigDef.Importance.MEDIUM, HTTP_REQUEST_TIMEOUT_MS_DOC).define(TOKEN_AUTH_CREDENTIAL_PROP, ConfigDef.Type.PASSWORD, "", ConfigDef.Importance.LOW, TOKEN_AUTH_CREDENTIAL_DOC).define(OAUTH_TOKEN_ENDPOINT_URL, ConfigDef.Type.STRING, null, ConfigDef.Importance.MEDIUM, OAUTH_TOKEN_ENDPOINT_URL_DOC).define(OAUTH_LOGIN_CONNECT_TIMEOUT_MS, ConfigDef.Type.INT, null, ConfigDef.Importance.LOW, OAUTH_LOGIN_CONNECT_TIMEOUT_MS_DOC).define(OAUTH_LOGIN_READ_TIMEOUT_MS, ConfigDef.Type.INT, null, ConfigDef.Importance.LOW, OAUTH_LOGIN_READ_TIMEOUT_MS_DOC).define(OAUTH_LOGIN_RETRY_BACKOFF_MAX_MS, ConfigDef.Type.LONG, 10000L, ConfigDef.Importance.LOW, OAUTH_LOGIN_RETRY_BACKOFF_MAX_MS_DOC).define(OAUTH_LOGIN_RETRY_BACKOFF_MS, ConfigDef.Type.LONG, 100L, ConfigDef.Importance.LOW, OAUTH_LOGIN_RETRY_BACKOFF_MS_DOC).define(OAUTH_LOGIN_CLIENT_ID, ConfigDef.Type.STRING, null, ConfigDef.Importance.MEDIUM, OAUTH_LOGIN_CLIENT_ID_MS_DOC).define(OAUTH_LOGIN_CLIENT_SECRET, ConfigDef.Type.PASSWORD, null, ConfigDef.Importance.MEDIUM, OAUTH_LOGIN_CLIENT_SECRET_MS_DOC).define(OAUTH_LOGIN_CLIENT_SCOPE, ConfigDef.Type.STRING, null, ConfigDef.Importance.MEDIUM, OAUTH_LOGIN_CLIENT_SCOPE_MS_DOC);

    /* loaded from: input_file:io/confluent/security/auth/client/RestClientConfig$SslClientConfig.class */
    private static class SslClientConfig extends AbstractConfig {
        SslClientConfig(ConfigDef configDef, Map<String, Object> map) {
            super(configDef, map);
        }
    }

    public RestClientConfig(Map<?, ?> map) {
        super(CONFIG, map);
        validate();
    }

    public Map<String, ?> saslClientConfigs() {
        Map<String, Object> originals = originals();
        originals.putAll(originalsWithPrefix(CONFIG_PREFIX));
        originals.keySet().removeAll(originalsWithPrefix(CONFIG_PREFIX, false).keySet());
        ConfigDef configDef = new ConfigDef();
        configDef.withClientSaslSupport();
        return new AbstractConfig(configDef, originals).values();
    }

    public Map<String, ?> sslClientConfigs() {
        Map<String, Object> originals = originals();
        originals.putAll(originalsWithPrefix(CONFIG_PREFIX));
        originals.keySet().removeAll(originalsWithPrefix(CONFIG_PREFIX, false).keySet());
        ConfigDef configDef = new ConfigDef();
        configDef.withClientSslSupport();
        return new SslClientConfig(configDef, originals).values();
    }

    private void validate() {
        if (getInt(HTTP_REQUEST_TIMEOUT_MS_CONFIG).intValue() > getInt(REQUEST_TIMEOUT_MS_CONFIG).intValue()) {
            throw new ConfigException("confluent.metadata.http.request.timeout.ms config value should be less than or equal to confluent.metadata.request.timeout.ms");
        }
    }

    public String toString() {
        return Utils.mkString(values(), "", "", "=", "%n\t");
    }

    public static void main(String[] strArr) throws Exception {
        PrintStream printStream = strArr.length == 0 ? System.out : new PrintStream((OutputStream) new FileOutputStream(strArr[0]), false, StandardCharsets.UTF_8.name());
        Throwable th = null;
        try {
            try {
                printStream.println(CONFIG.toHtmlTable());
                if (printStream != System.out) {
                    printStream.close();
                }
                if (printStream != null) {
                    if (0 == 0) {
                        printStream.close();
                        return;
                    }
                    try {
                        printStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (printStream != null) {
                if (th != null) {
                    try {
                        printStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    printStream.close();
                }
            }
            throw th4;
        }
    }
}
