package kafka.security.authorizer;

import java.net.InetAddress;
import kafka.network.RequestChannel;
import kafka.security.auth.Acl;
import kafka.security.auth.Operation$;
import kafka.security.auth.PermissionType$;
import kafka.security.auth.Resource;
import kafka.security.auth.Resource$;
import kafka.security.auth.ResourceType$;
import org.apache.kafka.common.acl.AccessControlEntry;
import org.apache.kafka.common.acl.AclBinding;
import org.apache.kafka.common.acl.AclBindingFilter;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.protocol.Errors;
import org.apache.kafka.common.requests.ApiError;
import org.apache.kafka.common.resource.ResourcePattern;
import org.apache.kafka.common.resource.ResourceType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.utils.SecurityUtils;
import org.apache.kafka.server.authorizer.AuthorizableRequestContext;
import scala.MatchError;
import scala.Tuple2;
import scala.collection.immutable.Set;
import scala.collection.immutable.Set$;
import scala.package$;
import scala.util.Either;
import scala.util.Failure;
import scala.util.Left;
import scala.util.Success;
import scala.util.Try$;

/* compiled from: AuthorizerUtils.scala */
/* loaded from: input_file:kafka/security/authorizer/AuthorizerUtils$.class */
public final class AuthorizerUtils$ {
    public static final AuthorizerUtils$ MODULE$ = null;
    private final String WildcardPrincipal;
    private final String WildcardHost;

    static {
        new AuthorizerUtils$();
    }

    public String WildcardPrincipal() {
        return this.WildcardPrincipal;
    }

    public String WildcardHost() {
        return this.WildcardHost;
    }

    public Either<ApiError, Tuple2<Resource, Acl>> convertToResourceAndAcl(AclBindingFilter aclBindingFilter) {
        Left apply;
        Failure flatMap = Try$.MODULE$.apply(new AuthorizerUtils$$anonfun$1(aclBindingFilter)).flatMap(new AuthorizerUtils$$anonfun$2(aclBindingFilter));
        if (flatMap instanceof Failure) {
            apply = package$.MODULE$.Left().apply(new ApiError(Errors.INVALID_REQUEST, flatMap.exception().getMessage()));
        } else {
            if (!(flatMap instanceof Success)) {
                throw new MatchError(flatMap);
            }
            apply = package$.MODULE$.Right().apply((Tuple2) ((Success) flatMap).value());
        }
        return apply;
    }

    public AclBinding convertToAclBinding(Resource resource, Acl acl) {
        return new AclBinding(new ResourcePattern(resource.resourceType().toJava(), resource.name(), resource.patternType()), convertToAccessControlEntry(acl));
    }

    public AccessControlEntry convertToAccessControlEntry(Acl acl) {
        return new AccessControlEntry(acl.principal().toString(), acl.host().toString(), acl.operation().toJava(), acl.permissionType().toJava());
    }

    public Acl convertToAcl(AccessControlEntry accessControlEntry) {
        return new Acl(SecurityUtils.parseKafkaPrincipal(accessControlEntry.principal()), PermissionType$.MODULE$.fromJava(accessControlEntry.permissionType()), accessControlEntry.host(), Operation$.MODULE$.fromJava(accessControlEntry.operation()));
    }

    public Resource convertToResource(ResourcePattern resourcePattern) {
        return new Resource(ResourceType$.MODULE$.fromJava(resourcePattern.resourceType()), resourcePattern.name(), resourcePattern.patternType());
    }

    public void validateAclBinding(AclBinding aclBinding) {
        if (aclBinding.isUnknown()) {
            throw new IllegalArgumentException("ACL binding contains unknown elements");
        }
    }

    public Set<AclOperation> supportedOperations(ResourceType resourceType) {
        return (Set) ResourceType$.MODULE$.fromJava(resourceType).supportedOperations().map(new AuthorizerUtils$$anonfun$supportedOperations$1(), Set$.MODULE$.canBuildFrom());
    }

    public boolean isClusterResource(String str) {
        return str.endsWith(Resource$.MODULE$.ClusterResourceName());
    }

    public AuthorizableRequestContext sessionToRequestContext(final RequestChannel.Session session) {
        return new AuthorizableRequestContext(session) { // from class: kafka.security.authorizer.AuthorizerUtils$$anon$1
            private final RequestChannel.Session session$1;

            public String clientId() {
                return "";
            }

            public int requestType() {
                return -1;
            }

            public String listenerName() {
                return "";
            }

            public InetAddress clientAddress() {
                return this.session$1.clientAddress();
            }

            public KafkaPrincipal principal() {
                return this.session$1.principal();
            }

            public SecurityProtocol securityProtocol() {
                return null;
            }

            public int correlationId() {
                return -1;
            }

            public int requestVersion() {
                return -1;
            }

            {
                this.session$1 = session;
            }
        };
    }

    private AuthorizerUtils$() {
        MODULE$ = this;
        this.WildcardPrincipal = "User:*";
        this.WildcardHost = "*";
    }
}
