package io.confluent.kafkarest.security.config;

import io.confluent.common.security.ssl.PrincipalAliasKeyManagerSpi;
import io.confluent.common.security.ssl.PrincipalAliasProvider;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Properties;

/* loaded from: input_file:io/confluent/kafkarest/security/config/SslSecureConfigProvider.class */
public final class SslSecureConfigProvider implements SecureConfigProvider {
    Properties sslClientProperties = new Properties();

    public SslSecureConfigProvider() {
        this.sslClientProperties.put("ssl.keymanager.algorithm", "PrincipalAlias");
    }

    @Override // io.confluent.kafkarest.security.config.SecureConfigProvider
    public Properties getProducerProperties(ConfluentSecureKafkaRestConfig confluentSecureKafkaRestConfig) {
        return this.sslClientProperties;
    }

    @Override // io.confluent.kafkarest.security.config.SecureConfigProvider
    public Properties getConsumerProperties(ConfluentSecureKafkaRestConfig confluentSecureKafkaRestConfig) {
        return this.sslClientProperties;
    }

    @Override // io.confluent.kafkarest.security.config.SecureConfigProvider
    public boolean isPrincipalAvailable(Principal principal, ConfluentSecureKafkaRestConfig confluentSecureKafkaRestConfig, String str) {
        try {
            KeyStore keyStore = getKeyStore(confluentSecureKafkaRestConfig, str);
            HashMap hashMap = new HashMap();
            PrincipalAliasKeyManagerSpi.KeyStoreParser.parse(keyStore, hashMap);
            return hashMap.containsKey(principal.getName());
        } catch (Exception e) {
            return false;
        }
    }

    private KeyStore getKeyStore(ConfluentSecureKafkaRestConfig confluentSecureKafkaRestConfig, String str) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        Properties originalProperties = confluentSecureKafkaRestConfig.getOriginalProperties();
        String propertyWithPrefix = getPropertyWithPrefix(originalProperties, "ssl.keystore.location", str + ".");
        String propertyWithPrefix2 = getPropertyWithPrefix(originalProperties, "ssl.keystore.type", str + ".");
        String propertyWithPrefix3 = getPropertyWithPrefix(originalProperties, "ssl.keystore.password", str + ".");
        KeyStore keyStore = KeyStore.getInstance(propertyWithPrefix2);
        keyStore.load(Files.newInputStream(Paths.get(propertyWithPrefix, new String[0]), StandardOpenOption.READ), propertyWithPrefix3.toCharArray());
        return keyStore;
    }

    private String getPropertyWithPrefix(Properties properties, String str, String str2) {
        return properties.containsKey(new StringBuilder().append(str2).append(str).toString()) ? (String) properties.get(str2 + str) : properties.containsKey(new StringBuilder().append("client.").append(str).toString()) ? (String) properties.get("client." + str) : (String) properties.get(str);
    }

    static {
        PrincipalAliasProvider.initialize();
    }
}
