package io.confluent.rbacapi.app;

import io.confluent.kafka.clients.plugins.auth.jwt.JwtAuthenticatorConfig;
import io.confluent.kafka.multitenant.MultiTenantPrincipalBuilder;
import io.confluent.rbacdb.config.DbAuthStoreConfig;
import io.confluent.rbacdb.provider.NoKafkaDBConfluentProvider;
import io.confluent.rest.RestConfig;
import io.confluent.rest.RestConfigException;
import io.confluent.tokenapi.jwt.JwsConfig;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import org.apache.kafka.common.config.AbstractConfig;
import org.apache.kafka.common.config.ConfigDef;
import org.apache.log4j.helpers.DateLayout;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/rbacapi/app/CCRbacConfig.class */
public class CCRbacConfig extends AbstractConfig {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CCRbacConfig.class);
    private static ConfigDef config = baseConfigDef();
    public static final String ACCESS_RULE_PROVIDERS = "confluent.authorizer.access.rule.providers";
    public static final String ACCESS_RULE_PROVIDERS_DOC = "Which ConfluentProvider to use";
    public static final String EVENT_LOGGER_ENABLE = "confluent.security.event.logger.enable";
    public static final String EVENT_LOGGER_ENABLE_DOC = "Whether to enable Audit Logging in Cloud";
    public static final String JWKS_LOCATION_DOC = "Location of public key to verify JWS signatures";
    public static final String KEY_RESOLVER_DOC = "Method of resolving JWKS location";
    public static final String LDAP_JAVA_NAMING_PROVIDER_URL = "ldap.java.naming.provider.url";
    public static final String LDAP_JAVA_NAMING_PROVIDER_URL_DOC = "(TESTING ONLY) URL of LDAP server";
    public static final String LDAP_REFRESH_INTERVAL_MS = "ldap.refresh.interval.ms";
    public static final String LDAP_REFRESH_INTERVAL_MS_DOC = "(TESTING ONLY) How frequently to refresh user to group mappings obtained from LDAP";
    public static final String LDAP_JAVA_NAMING_SECURITY_PRINCIPAL = "ldap.java.naming.security.principal";
    public static final String LDAP_JAVA_NAMING_SECURITY_PRINCIPAL_DOC = "(TESTING ONLY) Identify of the principal to be authenticated";
    public static final String LDAP_JAVA_NAMING_SECURITY_CREDS = "ldap.java.naming.security.credentials";
    public static final String LDAP_JAVA_NAMING_SECURITY_CREDS_DOC = "(TESTING ONLY) Credentials of the principal to be authenticated";
    public static final String LDAP_JAVA_NAMING_SECURITY_AUTH = "ldap.java.naming.security.authentication";
    public static final String LDAP_JAVA_NAMING_SECURITY_AUTH_DOC = "(TESTING ONLY) Which LDAP security authentication protocol to use";
    public static final String LDAP_GROUP_NAME_ATTRIBUTE = "ldap.group.name.attribute";
    public static final String LDAP_GROUP_NAME_ATTRIBUTE_DOC = "(TESTING ONLY) Name of attribute that contains the name of the group in a group entry obtained using an LDAP search";
    public static final String LDAP_GROUP_MEMBER_ATTRIBUTE_PATTERN = "ldap.group.member.attribute.pattern";
    public static final String LDAP_GROUP_MEMBER_ATTRIBUTE_PATTERN_DOC = "(TESTING ONLY) Regex pattern to use to search for group member attribute";

    public static ConfigDef baseConfigDef() {
        return new ConfigDef().define("confluent.authorizer.access.rule.providers", ConfigDef.Type.STRING, NoKafkaDBConfluentProvider.NO_KAFKA_DB_PROVIDER_NAME, ConfigDef.Importance.HIGH, ACCESS_RULE_PROVIDERS_DOC).define("confluent.security.event.logger.enable", ConfigDef.Type.BOOLEAN, false, ConfigDef.Importance.HIGH, EVENT_LOGGER_ENABLE_DOC).define(DbAuthStoreConfig.DB_URL_CONFIG, ConfigDef.Type.STRING, "jdbc:postgresql://localhost:5432/test?loggerLevel=OFF", ConfigDef.Importance.HIGH, DbAuthStoreConfig.DB_URL_DOC).define(DbAuthStoreConfig.DB_USERNAME_CONFIG, ConfigDef.Type.STRING, ConfigDef.Importance.HIGH, DbAuthStoreConfig.DB_USERNAME_DOC).define(DbAuthStoreConfig.DB_PASSWORD_CONFIG, ConfigDef.Type.STRING, ConfigDef.Importance.HIGH, DbAuthStoreConfig.DB_PASSWORD_DOC).define(DbAuthStoreConfig.DB_AUTH_CACHE_MAX_SIZE_CONFIG, ConfigDef.Type.INT, "10", ConfigDef.Importance.HIGH, DbAuthStoreConfig.DB_AUTH_CACHE_MAX_SIZE_DOC).define(DbAuthStoreConfig.DB_AUTH_CACHE_TTL_MS_CONFIG, ConfigDef.Type.INT, MultiTenantPrincipalBuilder.CCLOUD_INTERNAL_USER, ConfigDef.Importance.HIGH, DbAuthStoreConfig.DB_AUTH_CACHE_TTL_MS_DOC).define(RbacApiAppConfig.MDS_API_FLAVOR_PROP, ConfigDef.Type.STRING, RbacApiAppConfig.MDS_API_FLAVOR_CC_V2_TRANSITIONAL, ConfigDef.Importance.HIGH, RbacApiAppConfig.MDS_API_FLAVOR_DOC).define(RbacApiAppConfig.MDS_OPENAPI_ENABLE_CONFIG, ConfigDef.Type.BOOLEAN, false, ConfigDef.Importance.HIGH, RbacApiAppConfig.MDS_OPENAPI_ENABLE_DOC).define("listeners", ConfigDef.Type.STRING, "http://0.0.0.0:8090", ConfigDef.Importance.HIGH, "").define(RestConfig.AUTHENTICATION_METHOD_CONFIG, ConfigDef.Type.STRING, RestConfig.AUTHENTICATION_METHOD_BEARER, ConfigDef.Importance.HIGH, "").define(RbacApiAppConfig.MDS_USER_STORE_CONFIG, ConfigDef.Type.STRING, RbacApiAppConfig.MDS_USER_STORE_FILE, ConfigDef.Importance.HIGH, RbacApiAppConfig.MDS_USER_STORE_DOC).define(LDAP_JAVA_NAMING_PROVIDER_URL, ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, LDAP_JAVA_NAMING_PROVIDER_URL_DOC).define("ldap.refresh.interval.ms", ConfigDef.Type.INT, 0, ConfigDef.Importance.HIGH, LDAP_REFRESH_INTERVAL_MS_DOC).define(LDAP_JAVA_NAMING_SECURITY_PRINCIPAL, ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, LDAP_JAVA_NAMING_SECURITY_PRINCIPAL_DOC).define(LDAP_JAVA_NAMING_SECURITY_CREDS, ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, LDAP_JAVA_NAMING_SECURITY_CREDS_DOC).define(LDAP_JAVA_NAMING_SECURITY_AUTH, ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, LDAP_JAVA_NAMING_SECURITY_AUTH_DOC).define("ldap.group.name.attribute", ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, LDAP_GROUP_NAME_ATTRIBUTE_DOC).define("ldap.group.member.attribute.pattern", ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, LDAP_GROUP_MEMBER_ATTRIBUTE_PATTERN_DOC).define(RbacApiAppConfig.FILE_LOGIN_PATH_PROP, ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, RbacApiAppConfig.FILE_LOGIN_PROP_PATH_DOC).define(JwsConfig.TOKEN_KEY_PATH_PROP, ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, JwsConfig.TOKEN_KEY_PATH_DOC).define(JwtAuthenticatorConfig.JWKS_LOCATION_CONFIG, ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, JWKS_LOCATION_DOC).define(JwtAuthenticatorConfig.KEY_RESOLVER_CONFIG, ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, KEY_RESOLVER_DOC);
    }

    private static Properties getPropsFromFile(String str) throws RestConfigException {
        Properties properties = new Properties();
        if (str == null) {
            return properties;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                try {
                    properties.load(fileInputStream);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    return properties;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RestConfigException("Couldn't load properties from " + str, e);
        }
    }

    public CCRbacConfig(String str) throws RestConfigException {
        super(config, getPropsFromFile(str));
    }

    public CCRbacConfig(Properties properties) {
        super(config, properties);
    }

    public static CCRbacConfig loadFromFileAndEnvironment(String str) throws IOException {
        Properties properties = new Properties();
        if (!str.isEmpty()) {
            properties.load(new FileInputStream(str));
        }
        Map<String, String> map = System.getenv();
        log.info("Environment: {}", getValue(map.get("ENVIRONMENT")));
        log.info("Svc_param: {}", getValue(map.get("SVC_PARAM")));
        for (String str2 : map.keySet()) {
            if (str2.startsWith("CCRBAC_")) {
                properties.setProperty(propertyNameForEnvKey(str2.substring("CCRBAC_".length())), getValue(map.get(str2)));
            }
        }
        return new CCRbacConfig(properties);
    }

    private static String propertyNameForEnvKey(String str) {
        return str.replace('_', '.');
    }

    private static String getValue(Object obj) {
        return obj == null ? DateLayout.NULL_DATE_FORMAT : (String) obj;
    }

    public String getUserStore() {
        return getString(RbacApiAppConfig.MDS_USER_STORE_CONFIG);
    }

    public Map<String, Object> getMdsProps() {
        HashMap hashMap = new HashMap();
        hashMap.put("confluent.authorizer.access.rule.providers", getString("confluent.authorizer.access.rule.providers"));
        hashMap.put("confluent.security.event.logger.enable", getBoolean("confluent.security.event.logger.enable"));
        hashMap.put(DbAuthStoreConfig.DB_URL_CONFIG, getString(DbAuthStoreConfig.DB_URL_CONFIG));
        hashMap.put(DbAuthStoreConfig.DB_USERNAME_CONFIG, getString(DbAuthStoreConfig.DB_USERNAME_CONFIG));
        hashMap.put(DbAuthStoreConfig.DB_PASSWORD_CONFIG, getString(DbAuthStoreConfig.DB_PASSWORD_CONFIG));
        hashMap.put(DbAuthStoreConfig.DB_AUTH_CACHE_MAX_SIZE_CONFIG, getInt(DbAuthStoreConfig.DB_AUTH_CACHE_MAX_SIZE_CONFIG));
        hashMap.put(DbAuthStoreConfig.DB_AUTH_CACHE_TTL_MS_CONFIG, getInt(DbAuthStoreConfig.DB_AUTH_CACHE_TTL_MS_CONFIG));
        hashMap.put(RbacApiAppConfig.MDS_API_FLAVOR_PROP, getString(RbacApiAppConfig.MDS_API_FLAVOR_PROP));
        hashMap.put(RbacApiAppConfig.MDS_OPENAPI_ENABLE_CONFIG, getBoolean(RbacApiAppConfig.MDS_OPENAPI_ENABLE_CONFIG));
        hashMap.put("listeners", getString("listeners"));
        hashMap.put(RestConfig.AUTHENTICATION_METHOD_CONFIG, getString(RestConfig.AUTHENTICATION_METHOD_CONFIG));
        hashMap.put(RbacApiAppConfig.MDS_USER_STORE_CONFIG, getString(RbacApiAppConfig.MDS_USER_STORE_CONFIG));
        if (getString(RbacApiAppConfig.MDS_USER_STORE_CONFIG).equals(RbacApiAppConfig.MDS_USER_STORE_FILE)) {
            hashMap.put(RbacApiAppConfig.FILE_LOGIN_PATH_PROP, getString(RbacApiAppConfig.FILE_LOGIN_PATH_PROP));
        } else if (getString(RbacApiAppConfig.MDS_USER_STORE_CONFIG).equals("NONE")) {
            hashMap.put(JwtAuthenticatorConfig.JWKS_LOCATION_CONFIG, getString(JwtAuthenticatorConfig.JWKS_LOCATION_CONFIG));
            hashMap.put(JwtAuthenticatorConfig.KEY_RESOLVER_CONFIG, getString(JwtAuthenticatorConfig.KEY_RESOLVER_CONFIG));
        }
        if (getString(RestConfig.AUTHENTICATION_METHOD_CONFIG).equals(RestConfig.AUTHENTICATION_METHOD_BEARER)) {
            hashMap.put(JwsConfig.TOKEN_KEY_PATH_PROP, getString(JwsConfig.TOKEN_KEY_PATH_PROP));
        }
        return hashMap;
    }

    public Map<String, Object> getLdapProps() {
        HashMap hashMap = new HashMap();
        hashMap.put(LDAP_JAVA_NAMING_PROVIDER_URL, getString(LDAP_JAVA_NAMING_PROVIDER_URL));
        hashMap.put("ldap.refresh.interval.ms", getInt("ldap.refresh.interval.ms"));
        hashMap.put(LDAP_JAVA_NAMING_SECURITY_PRINCIPAL, getString(LDAP_JAVA_NAMING_SECURITY_PRINCIPAL));
        hashMap.put(LDAP_JAVA_NAMING_SECURITY_CREDS, getString(LDAP_JAVA_NAMING_SECURITY_CREDS));
        hashMap.put(LDAP_JAVA_NAMING_SECURITY_AUTH, getString(LDAP_JAVA_NAMING_SECURITY_AUTH));
        hashMap.put("ldap.group.name.attribute", getString("ldap.group.name.attribute"));
        hashMap.put("ldap.group.member.attribute.pattern", getString("ldap.group.member.attribute.pattern"));
        return hashMap;
    }
}
