package io.confluent.kafka.server.plugins.auth;

import com.google.common.base.Ticker;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.gson.Gson;
import com.google.gson.JsonSyntaxException;
import com.google.gson.reflect.TypeToken;
import com.google.gson.stream.JsonReader;
import io.confluent.kafka.multitenant.MultiTenantPrincipal;
import io.confluent.kafka.multitenant.TenantMetadata;
import io.confluent.kafka.server.plugins.auth.stats.TenantAuthenticationStats;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.lang.reflect.Type;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.apache.kafka.common.config.ConfigException;

/* loaded from: input_file:io/confluent/kafka/server/plugins/auth/SecretsLoader.class */
public class SecretsLoader {
    static final String KEY = "key";
    private final LoadingCache<String, Map<String, KeyConfigEntry>> cache;

    /* loaded from: input_file:io/confluent/kafka/server/plugins/auth/SecretsLoader$SecretsCacheLoader.class */
    static class SecretsCacheLoader extends CacheLoader<String, Map<String, KeyConfigEntry>> {
        private final String filePath;

        SecretsCacheLoader(String str) {
            this.filePath = str;
        }

        public Map<String, KeyConfigEntry> load(String str) throws Exception {
            if (!str.equals(SecretsLoader.KEY)) {
                throw new IllegalArgumentException("Unexpected key: " + str);
            }
            Map<String, KeyConfigEntry> loadFile = SecretsLoader.loadFile(this.filePath);
            removeUnusedStatsMbeans(loadFile);
            return loadFile;
        }

        private void removeUnusedStatsMbeans(Map<String, KeyConfigEntry> map) {
            HashSet hashSet = new HashSet();
            for (KeyConfigEntry keyConfigEntry : map.values()) {
                hashSet.add(new MultiTenantPrincipal(keyConfigEntry.userId, new TenantMetadata(keyConfigEntry.logicalClusterId, keyConfigEntry.logicalClusterId)));
            }
            TenantAuthenticationStats.instance().removeUnusedMBeans(hashSet);
        }
    }

    public SecretsLoader(String str, long j) {
        this(str, j, Ticker.systemTicker());
    }

    SecretsLoader(String str, long j, Ticker ticker) {
        this.cache = CacheBuilder.newBuilder().ticker(ticker).expireAfterWrite(j, TimeUnit.MILLISECONDS).build(new SecretsCacheLoader(str));
    }

    public Map<String, KeyConfigEntry> get() throws ExecutionException {
        return (Map) this.cache.get(KEY);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [io.confluent.kafka.server.plugins.auth.SecretsLoader$1] */
    static Map<String, KeyConfigEntry> loadFile(String str) {
        Gson gson = new Gson();
        Type type = new TypeToken<Map<String, Map<String, KeyConfigEntry>>>() { // from class: io.confluent.kafka.server.plugins.auth.SecretsLoader.1
        }.getType();
        try {
            JsonReader jsonReader = new JsonReader(new FileReader(str));
            Throwable th = null;
            try {
                try {
                    Map<String, KeyConfigEntry> validateConfig = validateConfig((Map) gson.fromJson(jsonReader, type));
                    if (jsonReader != null) {
                        if (0 != 0) {
                            try {
                                jsonReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            jsonReader.close();
                        }
                    }
                    return validateConfig;
                } finally {
                }
            } finally {
            }
        } catch (FileNotFoundException e) {
            throw new ConfigException("Config file not found: " + str, e);
        } catch (JsonSyntaxException e2) {
            throw new ConfigException("Error parsing secret file " + str, e2);
        } catch (IOException e3) {
            throw new ConfigException("Error reading secret file: " + str, e3);
        }
    }

    static Map<String, KeyConfigEntry> validateConfig(Map<String, Map<String, KeyConfigEntry>> map) {
        if (!map.containsKey("keys")) {
            throw new ConfigException("Missing top level \"keys\"");
        }
        Map<String, KeyConfigEntry> map2 = map.get("keys");
        Iterator<Map.Entry<String, KeyConfigEntry>> it = map2.entrySet().iterator();
        while (it.hasNext()) {
            validateKeyEntry(it.next());
        }
        return map2;
    }

    private static void validateKeyEntry(Map.Entry<String, KeyConfigEntry> entry) {
        KeyConfigEntry value = entry.getValue();
        if (value == null) {
            throw new ConfigException("Missing value for key " + entry.getKey());
        }
        if (isEmpty(value.userId)) {
            throw new ConfigException("user_id field is missing for key " + entry.getKey());
        }
        if (isEmpty(value.logicalClusterId)) {
            throw new ConfigException("logical_cluster_id field is missing for key " + entry.getKey());
        }
        if (isEmpty(value.hashedSecret)) {
            throw new ConfigException("hashed_secret field is missing for key " + entry.getKey());
        }
        if (isEmpty(value.hashFunction)) {
            throw new ConfigException("hash_function field is missing for key " + entry.getKey());
        }
        if (isEmpty(value.saslMechanism)) {
            throw new ConfigException("sasl_mechanism field is missing for key " + entry.getKey());
        }
    }

    private static boolean isEmpty(String str) {
        return str == null || str.isEmpty();
    }
}
