package io.confluent.kafkarest.auth;

import com.google.common.collect.ImmutableMap;
import io.confluent.kafka.clients.plugins.auth.jwt.UnverifiedJwtBearerToken;
import io.confluent.kafka.clients.plugins.auth.oauth.OAuthBearerLoginCallbackHandler;
import io.confluent.kafkarest.auth.AuthorizationHeader;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.Base64;
import java.util.Objects;
import java.util.regex.Pattern;
import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken;
import org.apache.kafka.common.security.oauthbearer.internals.OAuthBearerSaslClientCallbackHandler;

/* loaded from: input_file:io/confluent/kafkarest/auth/CloudPrincipal.class */
public abstract class CloudPrincipal implements Principal {
    private final String clusterId;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/confluent/kafkarest/auth/CloudPrincipal$BasicCloudPrincipal.class */
    public static final class BasicCloudPrincipal extends CloudPrincipal {
        private static final Pattern JAAS_INPUT_PATTERN = Pattern.compile("(\"|\n|\r|\\$\\{)");
        private final String apiKey;
        private final String apiSecret;

        private BasicCloudPrincipal(String str, String str2, String str3) {
            super(str);
            this.apiKey = str2;
            this.apiSecret = str3;
        }

        @Override // java.security.Principal
        public String getName() {
            return this.apiKey;
        }

        @Override // io.confluent.kafkarest.auth.CloudPrincipal
        public AuthorizationHeader.Scheme getScheme() {
            return AuthorizationHeader.Scheme.BASIC;
        }

        @Override // io.confluent.kafkarest.auth.CloudPrincipal
        public ImmutableMap<String, String> getClientConfigs() {
            return ImmutableMap.builder().put("client.id", getClientId()).put("security.protocol", getSecurityProtocol()).put(SaslConfigs.SASL_MECHANISM, getSaslMechanism()).put(SaslConfigs.SASL_JAAS_CONFIG, getSaslJaasConfig()).build();
        }

        private String getSaslMechanism() {
            return "PLAIN";
        }

        private String getSaslJaasConfig() {
            return "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"" + JAAS_INPUT_PATTERN.matcher(this.apiKey).replaceAll("") + "\" password=\"" + JAAS_INPUT_PATTERN.matcher(this.apiSecret).replaceAll("") + "\";";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/confluent/kafkarest/auth/CloudPrincipal$BearerCloudPrincipal.class */
    public static final class BearerCloudPrincipal extends CloudPrincipal {
        private final OAuthBearerToken token;

        private BearerCloudPrincipal(String str, OAuthBearerToken oAuthBearerToken) {
            super(str);
            this.token = (OAuthBearerToken) Objects.requireNonNull(oAuthBearerToken);
        }

        @Override // java.security.Principal
        public String getName() {
            return this.token.principalName();
        }

        @Override // io.confluent.kafkarest.auth.CloudPrincipal
        public AuthorizationHeader.Scheme getScheme() {
            return AuthorizationHeader.Scheme.BEARER;
        }

        @Override // io.confluent.kafkarest.auth.CloudPrincipal
        public ImmutableMap<String, String> getClientConfigs() {
            return ImmutableMap.builder().put("client.id", getClientId()).put("security.protocol", getSecurityProtocol()).put(SaslConfigs.SASL_MECHANISM, getSaslMechanism()).put(SaslConfigs.SASL_CLIENT_CALLBACK_HANDLER_CLASS, getSaslClientCallbackHandlerClass()).put(SaslConfigs.SASL_LOGIN_CALLBACK_HANDLER_CLASS, getSaslLoginCallbackHandlerClass()).put(SaslConfigs.SASL_JAAS_CONFIG, getSaslJaasConfig()).build();
        }

        private String getSaslMechanism() {
            return "OAUTHBEARER";
        }

        private String getSaslClientCallbackHandlerClass() {
            return OAuthBearerSaslClientCallbackHandler.class.getName();
        }

        private String getSaslLoginCallbackHandlerClass() {
            return OAuthBearerLoginCallbackHandler.class.getName();
        }

        private String getSaslJaasConfig() {
            return "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required token=\"" + this.token.value() + "\" cluster=\"" + getClusterId() + "\";";
        }
    }

    private CloudPrincipal(String str) {
        this.clusterId = (String) Objects.requireNonNull(str);
    }

    public static CloudPrincipal create(String str, AuthorizationHeader authorizationHeader) {
        switch (authorizationHeader.getScheme()) {
            case BASIC:
                return fromBasicCredentials(str, authorizationHeader.getCredentials());
            case BEARER:
                return fromBearerCredentials(str, authorizationHeader.getCredentials());
            default:
                throw new AssertionError(String.format("Unknown scheme: %s", authorizationHeader.getScheme()));
        }
    }

    private static BasicCloudPrincipal fromBasicCredentials(String str, String str2) {
        String str3 = new String(Base64.getDecoder().decode(str2), StandardCharsets.ISO_8859_1);
        int indexOf = str3.indexOf(58);
        return new BasicCloudPrincipal(str, str3.substring(0, indexOf), str3.substring(indexOf + 1));
    }

    private static BearerCloudPrincipal fromBearerCredentials(String str, String str2) {
        return new BearerCloudPrincipal(str, new UnverifiedJwtBearerToken(str2));
    }

    final String getClusterId() {
        return this.clusterId;
    }

    final String getClientId() {
        return "proxy:" + getName();
    }

    final String getSecurityProtocol() {
        return SecurityProtocol.SASL_SSL.name();
    }

    public abstract ImmutableMap<String, String> getClientConfigs();

    public abstract AuthorizationHeader.Scheme getScheme();

    @Override // java.security.Principal
    public final boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        CloudPrincipal cloudPrincipal = (CloudPrincipal) obj;
        return getClusterId().equals(cloudPrincipal.getClusterId()) && getName().equals(cloudPrincipal.getName());
    }

    @Override // java.security.Principal
    public final int hashCode() {
        return Objects.hash(getClusterId(), getName());
    }

    @Override // java.security.Principal
    public String toString() {
        return String.format("CloudPrincipal[name=%s, clusterId=%s]", getName(), getClusterId());
    }
}
