package io.confluent.common.security.sasl;

import com.sun.security.auth.module.Krb5LoginModule;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.kafka.common.security.plain.PlainLoginModule;
import org.apache.kafka.common.security.scram.ScramLoginModule;
import org.eclipse.jetty.util.StringUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/common/security/sasl/JaasConfigProvider.class */
public final class JaasConfigProvider {
    private static final String SPACE = " ";
    private static final String EMPTY = "";
    private static final String EQUALS = "=";
    private static final String SEMICOLON = ";";
    private final Map<String, JaasConfig> principalToJaasConfigMap = new HashMap();
    private static final Logger log = LoggerFactory.getLogger((Class<?>) JaasConfigProvider.class);
    private static final JaasConfigProvider instance = new JaasConfigProvider();
    private static final Map<String, String> loginModuleToPrincipalKeyMap = new HashMap();
    private static final Map<AppConfigurationEntry.LoginModuleControlFlag, String> controlFlagStringMap = new HashMap();

    /* loaded from: input_file:io/confluent/common/security/sasl/JaasConfigProvider$JaasConfig.class */
    public class JaasConfig {
        private String loginModule;
        private String configuration;
        private final Map<String, ?> options;

        public JaasConfig(String str, String str2, Map<String, ?> map) {
            this.loginModule = str;
            this.configuration = str2;
            this.options = map;
        }

        public String getLoginModule() {
            return this.loginModule;
        }

        public String getConfiguration() {
            return this.configuration;
        }

        public Object getOption(String str) {
            if (this.options != null) {
                return this.options.get(str);
            }
            return null;
        }
    }

    private JaasConfigProvider() {
    }

    public static JaasConfigProvider getInstance() {
        return instance;
    }

    public void initialize() {
        this.principalToJaasConfigMap.clear();
        if (StringUtil.isBlank(System.getProperty("java.security.auth.login.config"))) {
            log.warn("Not initializing since the Jaas config file is not provided. Will attempt to use default settings and could fail in the broker.");
            return;
        }
        AppConfigurationEntry[] appConfigurationEntry = Configuration.getConfiguration().getAppConfigurationEntry("KafkaClient");
        if (appConfigurationEntry != null) {
            for (AppConfigurationEntry appConfigurationEntry2 : appConfigurationEntry) {
                String loginModuleName = appConfigurationEntry2.getLoginModuleName();
                if (!loginModuleToPrincipalKeyMap.containsKey(loginModuleName) || appConfigurationEntry2.getOptions() == null || appConfigurationEntry2.getOptions().isEmpty()) {
                    log.warn("Unsupported LoginModule for SASL {}", loginModuleName);
                } else {
                    StringBuilder append = new StringBuilder(loginModuleName).append(" ");
                    append.append(appConfigurationEntry2.getControlFlag() != null ? controlFlagStringMap.get(appConfigurationEntry2.getControlFlag()) : "");
                    for (Map.Entry entry : new TreeMap(appConfigurationEntry2.getOptions()).entrySet()) {
                        append.append(" ").append(entry.getKey()).append("=").append("\"").append(entry.getValue()).append("\"");
                    }
                    append.append(";");
                    this.principalToJaasConfigMap.put((String) appConfigurationEntry2.getOptions().get(loginModuleToPrincipalKeyMap.get(loginModuleName)), new JaasConfig(loginModuleName, append.toString(), appConfigurationEntry2.getOptions()));
                }
            }
        }
    }

    public JaasConfig getJaasConfig(String str) {
        return this.principalToJaasConfigMap.get(str);
    }

    static {
        loginModuleToPrincipalKeyMap.put(Krb5LoginModule.class.getName(), "principal");
        loginModuleToPrincipalKeyMap.put(PlainLoginModule.class.getName(), "username");
        loginModuleToPrincipalKeyMap.put(ScramLoginModule.class.getName(), "username");
        controlFlagStringMap.put(AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, "optional");
        controlFlagStringMap.put(AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, "required");
        controlFlagStringMap.put(AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, "requisite");
        controlFlagStringMap.put(AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, "requisite");
        controlFlagStringMap.put(AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, "sufficient");
    }
}
