package io.confluent.kafka.schemaregistry.security.config;

import io.confluent.common.security.auth.RestAuthType;
import io.confluent.kafka.schemaregistry.rest.SchemaRegistryConfig;
import io.confluent.kafka.secretregistry.rest.SecretRegistryConfig;
import io.confluent.rest.RestConfigException;
import java.util.Properties;
import org.apache.kafka.common.config.ConfigDef;
import org.apache.kafka.common.config.internals.BrokerSecurityConfigs;
import org.apache.kafka.common.security.auth.KafkaPrincipal;

/* loaded from: input_file:io/confluent/kafka/schemaregistry/security/config/SecureSchemaRegistryConfig.class */
public final class SecureSchemaRegistryConfig extends SchemaRegistryConfig {
    public static final String CONFLUENT_SSL_PRINCIPAL_MAPPING_RULES_CONFIG = "confluent.schema.registry.auth.ssl.principal.mapping.rules";
    private static final String CONFLUENT_SSL_PRINCIPAL_MAPPING_RULES_DOC = "A list of rules to map from the distinguished name (DN) in the client certificate to a short name principal for authentication with the Kafka broker. Rules are tested from left to right. The first rule that matches will be applied.";
    public static final String CONFLUENT_AUTH_MECHANISM_CONFIG = "confluent.schema.registry.auth.mechanism";
    private static final String CONFLUENT_AUTH_MECHANISM_DOC = "The mechanism used to authenticate SchemaRegistry requests.The principal from the authentication mechanism is then used to optionally authorize using a configured authorizer.";
    private static final String CONFLUENT_AUTH_MECHANISM_DEFAULT = "SSL";
    public static final String CONFLUENT_SCHEMA_REGISTRY_AUTHORIZER_CONFIG = "confluent.schema.registry.authorizer.class";
    private static final String CONFLUENT_SCHEMA_REGISTRY_AUTHORIZER_DOC = "The implementation used to authorize Schema Registry requests. Needs to be an implementation of the interface SchemaRegistryAuthorizer.";
    public static final String CONFLUENT_SCHEMA_REGISTRY_ACL_TOPIC_CONFIG = "confluent.schema.registry.acl.topic";
    private static final String CONFLUENT_SCHEMA_REGISTRY_ACL_TOPIC_DOC = "The topic used to store the ACL for the Schema Registry operations. This is optional and when not supplied the topic name is derived as ``kafkastore.topic`` suffixed with ``_acl`` ";
    public static final String CONFLUENT_TOPIC_ACL_SUPER_USERS_CONFIG = "confluent.topic.acl.super.users";
    public static final String CONFLUENT_TOPIC_ACL_SUPER_USERS_DOC = "Semicolon separated list of users who can be super users. One needs to be a super user to perform all global operations that doesn't involve a subject like read or write compatibility. For example ``admin1;admin2`` would make both admin1 and admin2 as super users.";
    public static final String CONFLUENT_TOPIC_ACL_SUPER_USERS_DEFAULT = "";
    public static final String CONFLUENT_LICENSE_CONFIG = "confluent.license";
    public static final String CONFLUENT_LICENSE_DEFAULT = "";
    protected static final String CONFLUENT_LICENSE_DOC = "Confluent will issue a license key to each subscriber. The license key will be a short snippet of text that you can copy and paste. Without the license key, you can use Confluent Security Plugins for a 30-day trial period. If you are a subscriber and don't have a license key, please contact Confluent Support at support@confluent.io.";
    public static final String CONFLUENT_ANONYMOUS_PRINCIPAL_CONFIG = "confluent.schema.registry.anonymous.principal";
    private static final String CONFLUENT_ANONYMOUS_PRINCIPAL_DOC = "Whether to provide an anonymous principal for requests that lack authentication. The name of the anonymous principal is '" + KafkaPrincipal.ANONYMOUS.getName() + "'";
    private static final ConfigDef confluentConfigDef = initConfigDef();

    public boolean isTrial() {
        return getString("confluent.license").equals("");
    }

    public String licenseString() {
        return getString("confluent.license");
    }

    public SecureSchemaRegistryConfig(Properties properties) throws RestConfigException {
        super(confluentConfigDef, properties);
    }

    private static ConfigDef initConfigDef() {
        return baseSchemaRegistryConfigDef().define(CONFLUENT_AUTH_MECHANISM_CONFIG, ConfigDef.Type.STRING, "SSL", ConfigDef.ValidString.in((String[]) RestAuthType.NAMES.toArray(new String[RestAuthType.NAMES.size()])), ConfigDef.Importance.LOW, CONFLUENT_AUTH_MECHANISM_DOC).define(CONFLUENT_SCHEMA_REGISTRY_AUTHORIZER_CONFIG, ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, CONFLUENT_SCHEMA_REGISTRY_AUTHORIZER_DOC).define(CONFLUENT_SCHEMA_REGISTRY_ACL_TOPIC_CONFIG, ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, CONFLUENT_SCHEMA_REGISTRY_ACL_TOPIC_DOC).define(CONFLUENT_TOPIC_ACL_SUPER_USERS_CONFIG, ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, CONFLUENT_TOPIC_ACL_SUPER_USERS_DOC).define("confluent.license", ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, CONFLUENT_LICENSE_DOC).define(CONFLUENT_SSL_PRINCIPAL_MAPPING_RULES_CONFIG, ConfigDef.Type.STRING, BrokerSecurityConfigs.DEFAULT_SSL_PRINCIPAL_MAPPING_RULES, ConfigDef.Importance.LOW, CONFLUENT_SSL_PRINCIPAL_MAPPING_RULES_DOC).define(CONFLUENT_ANONYMOUS_PRINCIPAL_CONFIG, ConfigDef.Type.BOOLEAN, false, ConfigDef.Importance.LOW, CONFLUENT_ANONYMOUS_PRINCIPAL_DOC);
    }

    public String aclTopic() {
        return getString(CONFLUENT_SCHEMA_REGISTRY_ACL_TOPIC_CONFIG).isEmpty() ? getString(SecretRegistryConfig.KAFKASTORE_TOPIC_CONFIG).concat("_acl") : getString(CONFLUENT_SCHEMA_REGISTRY_ACL_TOPIC_CONFIG);
    }
}
