package io.confluent.kafkarest.security.config;

import com.sun.security.auth.module.Krb5LoginModule;
import io.confluent.common.security.auth.RestSecurityContext;
import io.confluent.common.security.sasl.JaasConfigProvider;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import org.apache.kafka.common.security.plain.PlainLoginModule;
import org.apache.kafka.common.security.scram.ScramLoginModule;

/* loaded from: input_file:io/confluent/kafkarest/security/config/SaslSecureConfigProvider.class */
public final class SaslSecureConfigProvider implements SecureConfigProvider {
    private static final Map<String, String> loginModuleToMechanismMap = new HashMap();

    private static void populateLoginModuleToMechanismMap() {
        loginModuleToMechanismMap.put(Krb5LoginModule.class.getName(), "GSSAPI");
        loginModuleToMechanismMap.put(PlainLoginModule.class.getName(), "PLAIN");
        loginModuleToMechanismMap.put(ScramLoginModule.class.getName(), "SCRAM-SHA-512");
    }

    public SaslSecureConfigProvider() {
        JaasConfigProvider.getInstance().initialize();
    }

    @Override // io.confluent.kafkarest.security.config.SecureConfigProvider
    public Properties getProducerProperties(ConfluentSecureKafkaRestConfig confluentSecureKafkaRestConfig) {
        return getSaslClientProperties(confluentSecureKafkaRestConfig);
    }

    @Override // io.confluent.kafkarest.security.config.SecureConfigProvider
    public Properties getConsumerProperties(ConfluentSecureKafkaRestConfig confluentSecureKafkaRestConfig) {
        return getSaslClientProperties(confluentSecureKafkaRestConfig);
    }

    @Override // io.confluent.kafkarest.security.config.SecureConfigProvider
    public boolean isPrincipalAvailable(Principal principal, ConfluentSecureKafkaRestConfig confluentSecureKafkaRestConfig, String str) {
        return JaasConfigProvider.getInstance().getJaasConfig(principal.getName()) != null;
    }

    private Properties getSaslClientProperties(ConfluentSecureKafkaRestConfig confluentSecureKafkaRestConfig) {
        Properties properties = new Properties();
        if (RestSecurityContext.getCurrentSecurityContext() != null && RestSecurityContext.getCurrentSecurityContext().getUserPrincipal() != null) {
            JaasConfigProvider.JaasConfig jaasConfig = JaasConfigProvider.getInstance().getJaasConfig(RestSecurityContext.getCurrentSecurityContext().getUserPrincipal().getName());
            if (jaasConfig != null) {
                properties.setProperty("sasl.jaas.config", jaasConfig.getConfiguration());
                if (jaasConfig.getOption("mechanism") != null) {
                    properties.put("sasl.mechanism", jaasConfig.getOption("mechanism"));
                } else {
                    properties.put("sasl.mechanism", loginModuleToMechanismMap.get(jaasConfig.getLoginModule()));
                }
            }
        }
        return properties;
    }

    static {
        populateLoginModuleToMechanismMap();
    }
}
