package io.confluent.kafka.multitenant;

import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.apache.kafka.common.security.auth.ConfluentPrincipal;
import org.apache.kafka.common.security.auth.IdentityMetadata;
import org.apache.kafka.common.security.auth.KafkaPrincipal;

/* loaded from: input_file:io/confluent/kafka/multitenant/MultiTenantPrincipal.class */
public class MultiTenantPrincipal extends ConfluentPrincipal {
    public static final String TENANT_USER_TYPE = "TenantUser";
    public static final String WILDCARD_PRINCIPAL_NAME = "*";
    public static final String TENANT_WILDCARD_USER_TYPE = "TenantUser*";
    public static final String DELIMITER = "_";
    public static final String USERV2 = "UserV2";
    public static final KafkaPrincipal WILDCARD_USERV2_PRINCIPAL = new KafkaPrincipal(USERV2, "*");
    public static final String TENANT_USERV2_TYPE = "TenantUserV2";
    public static final String POOL_ID_PREFIX = "pool";
    public static final String GROUP_PREFIX = "group";
    public static final String SPIFFE_ID_PREFIX = "spiffe";
    public static final String REGEX_INTEGER_ID_PRINCIPAL = "[0-9]+";
    public static final String TENANT_WILDCARD_USERV2_TYPE = "TenantUserV2*";
    private final String user;
    private final TenantMetadata tenantMetadata;

    public MultiTenantPrincipal(String str, TenantMetadata tenantMetadata) {
        this(str, str, tenantMetadata);
    }

    public MultiTenantPrincipal(String str, String str2, TenantMetadata tenantMetadata) {
        this(str, str2, tenantMetadata, null);
    }

    public MultiTenantPrincipal(String str, TenantMetadata tenantMetadata, IdentityMetadata identityMetadata) {
        this(str, str, tenantMetadata, identityMetadata);
    }

    public MultiTenantPrincipal(String str, String str2, TenantMetadata tenantMetadata, IdentityMetadata identityMetadata) {
        this(str, str2, Optional.empty(), tenantMetadata, identityMetadata);
    }

    public MultiTenantPrincipal(String str, String str2, Optional<String> optional, TenantMetadata tenantMetadata, IdentityMetadata identityMetadata) {
        this(str, str2, optional, tenantMetadata, identityMetadata, tenantMetadata.userResourceId != null ? Collections.singletonList(tenantMetadata.userResourceId) : Collections.singletonList(str));
    }

    public MultiTenantPrincipal(String str, String str2, Optional<String> optional, TenantMetadata tenantMetadata, IdentityMetadata identityMetadata, List<String> list) {
        super(TENANT_USER_TYPE, tenantMetadata.tenantPrefix() + str, str2, optional, false, Collections.emptySet(), list, identityMetadata);
        this.user = str;
        this.tenantMetadata = tenantMetadata;
    }

    public TenantMetadata tenantMetadata() {
        return this.tenantMetadata;
    }

    public String user() {
        return this.user;
    }

    public boolean isSuperUser(boolean z, boolean z2) {
        if (this.tenantMetadata.isServiceAccount) {
            return false;
        }
        return this.tenantMetadata.isHealthcheckTenant || isInternalUser() || (this.tenantMetadata.isApiKeyAuthenticated && !z) || !(this.tenantMetadata.isApiKeyAuthenticated || z || z2);
    }

    public boolean isInternalUser() {
        return "0".equals(this.user);
    }

    @Override // org.apache.kafka.common.security.auth.ConfluentPrincipal, org.apache.kafka.common.security.auth.KafkaPrincipal, java.security.Principal
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj != null && getClass() == obj.getClass() && super.equals(obj)) {
            return Objects.equals(this.tenantMetadata, ((MultiTenantPrincipal) obj).tenantMetadata);
        }
        return false;
    }

    @Override // org.apache.kafka.common.security.auth.ConfluentPrincipal, org.apache.kafka.common.security.auth.KafkaPrincipal, java.security.Principal
    public int hashCode() {
        return (31 * super.hashCode()) + (this.tenantMetadata != null ? this.tenantMetadata.hashCode() : 0);
    }

    @Override // org.apache.kafka.common.security.auth.KafkaPrincipal, java.security.Principal
    public String toString() {
        return "MultiTenantPrincipal(tenantMetadata=" + this.tenantMetadata + ", identityMetadata=" + super.identityMetadata() + ", user=" + this.user + ", authorizationIds=" + super.authorizationIds() + ")";
    }

    public static boolean isTenantPrincipal(KafkaPrincipal kafkaPrincipal) {
        return kafkaPrincipal.getPrincipalType().startsWith(TENANT_USER_TYPE);
    }

    public static boolean isAuthorizationIdUserResourceId(String str) {
        return (str.contains(POOL_ID_PREFIX) || str.contains(SPIFFE_ID_PREFIX) || str.contains(GROUP_PREFIX)) ? false : true;
    }
}
