package io.confluent.connect.secretregistry;

import io.confluent.connect.secretregistry.util.Version;
import io.confluent.kafka.secretregistry.exceptions.SecretRegistryException;
import io.confluent.kafka.secretregistry.exceptions.SecretRegistryInitializationException;
import io.confluent.kafka.secretregistry.rest.SslFactory;
import io.confluent.kafka.secretregistry.rest.resources.PathKeyResource;
import io.confluent.kafka.secretregistry.rest.resources.PathKeyVersionResource;
import io.confluent.kafka.secretregistry.rest.resources.PathResource;
import io.confluent.kafka.secretregistry.storage.KafkaSecretRegistry;
import io.confluent.security.auth.client.RestAuthorizer;
import io.confluent.security.authorizer.Scope;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.locks.Condition;
import java.util.concurrent.locks.ReentrantLock;
import org.apache.kafka.connect.errors.ConnectException;
import org.apache.kafka.connect.health.ConnectClusterState;
import org.apache.kafka.connect.rest.ConnectRestExtension;
import org.apache.kafka.connect.rest.ConnectRestExtensionContext;
import org.apache.kafka.connect.runtime.WorkerConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/connect/secretregistry/ConnectSecretRegistryExtension.class */
public class ConnectSecretRegistryExtension implements ConnectRestExtension {
    public static final String CONNECT_CLUSTER_TYPE = "connect-cluster";
    private static final String PROTOCOL_HTTP = "http";
    private static final String PROTOCOL_HTTPS = "https";
    private static final String STANDALONE_CLUSTER = "STANDALONE";
    private static KafkaSecretRegistry secretRegistry;
    private WorkerConfig workerConfig;
    private Map<String, ?> configs;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ConnectSecretRegistryExtension.class);
    private static ReentrantLock lock = new ReentrantLock();
    private static Condition isInit = lock.newCondition();

    /* loaded from: input_file:io/confluent/connect/secretregistry/ConnectSecretRegistryExtension$ConcreteWorkerConfig.class */
    private static class ConcreteWorkerConfig extends WorkerConfig {
        public ConcreteWorkerConfig(Map<String, String> map) {
            super(baseConfigDef(), map);
        }
    }

    @Override // org.apache.kafka.common.Configurable
    public void configure(Map<String, ?> map) {
        this.configs = map;
        this.workerConfig = new ConcreteWorkerConfig(map);
    }

    private void initSecretRegistry(KafkaSecretRegistry kafkaSecretRegistry) throws SecretRegistryException {
        kafkaSecretRegistry.initRest(new SslFactory(this.workerConfig.originalsStrings()), KafkaSecretRegistry.getUriInfoForIdentity(this.workerConfig.getString(WorkerConfig.REST_ADVERTISED_HOST_NAME_CONFIG), this.workerConfig.getInt(WorkerConfig.REST_ADVERTISED_PORT_CONFIG), this.workerConfig.getList("listeners"), determineAdvertisedProtocol()));
    }

    private String determineAdvertisedProtocol() {
        String string = this.workerConfig.getString(WorkerConfig.REST_ADVERTISED_LISTENER_CONFIG);
        if (string != null) {
            return string.toLowerCase(Locale.ENGLISH);
        }
        String str = (String) this.workerConfig.originals().get("listeners");
        if (str == null) {
            return "http";
        }
        String lowerCase = str.toLowerCase(Locale.ENGLISH);
        return (!lowerCase.contains(String.format("%s://", "http")) && lowerCase.contains(String.format("%s://", "https"))) ? "https" : "http";
    }

    @Override // org.apache.kafka.connect.rest.ConnectRestExtension
    public void register(ConnectRestExtensionContext connectRestExtensionContext) {
        try {
            KafkaSecretRegistry secretRegistry2 = secretRegistry();
            initSecretRegistry(secretRegistry2);
            Scope determineScope = determineScope(this.configs, connectRestExtensionContext.clusterState());
            log.info("Registering RBAC authorizer on cluster with scope '{}'", determineScope);
            RestAuthorizer restAuthorizer = new RestAuthorizer();
            restAuthorizer.configure(this.workerConfig.originals());
            connectRestExtensionContext.configurable().register2(new ConnectSecretRegistryFilter(determineScope, restAuthorizer, connectRestExtensionContext.clusterState()));
            connectRestExtensionContext.configurable().register2(new PathResource(secretRegistry2));
            connectRestExtensionContext.configurable().register2(new PathKeyResource(secretRegistry2));
            connectRestExtensionContext.configurable().register2(new PathKeyVersionResource(secretRegistry2));
        } catch (SecretRegistryException e) {
            log.error("Error initializing the secret registry", (Throwable) e);
            close();
            throw new ConnectException("Error initializing the secret registry", e);
        }
    }

    static Scope determineScope(Map<String, ?> map, ConnectClusterState connectClusterState) {
        String kafkaClusterId = connectClusterState.clusterDetails().kafkaClusterId();
        Object obj = map.get("group.id");
        return new Scope.Builder(new String[0]).withKafkaCluster(kafkaClusterId).withCluster("connect-cluster", obj != null ? obj.toString() : STANDALONE_CLUSTER).build();
    }

    @Override // org.apache.kafka.connect.components.Versioned
    public String version() {
        return Version.getVersion();
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        closeSecretRegistry();
    }

    public static void configureSecretRegistry(KafkaSecretRegistry kafkaSecretRegistry) {
        lock.lock();
        try {
            secretRegistry = kafkaSecretRegistry;
            isInit.signal();
            lock.unlock();
        } catch (Throwable th) {
            lock.unlock();
            throw th;
        }
    }

    protected static KafkaSecretRegistry secretRegistry() throws SecretRegistryInitializationException {
        lock.lock();
        while (secretRegistry == null) {
            try {
                try {
                    isInit.await();
                } catch (InterruptedException e) {
                    Thread.currentThread().interrupt();
                    log.error("Interrupted waiting for initialization of InternalSecretConfigProvider");
                    throw new SecretRegistryInitializationException("Interrupted waiting for initialization of InternalSecretConfigProvider");
                }
            } catch (Throwable th) {
                lock.unlock();
                throw th;
            }
        }
        lock.unlock();
        return secretRegistry;
    }

    private static void closeSecretRegistry() {
        lock.lock();
        try {
            if (secretRegistry != null) {
                secretRegistry.close();
                secretRegistry = null;
            }
            lock.unlock();
        } catch (Throwable th) {
            lock.unlock();
            throw th;
        }
    }
}
