package io.confluent.ksql.security.utils;

import com.google.common.collect.ImmutableMap;
import io.confluent.common.security.auth.JwtPrincipal;
import io.confluent.common.security.sasl.ConfluentOAuthConfigs;
import io.confluent.ksql.security.DefaultKsqlPrincipal;
import io.confluent.ksql.util.KsqlConfig;
import io.confluent.ksql.util.KsqlException;
import java.security.Principal;
import java.util.Map;
import org.apache.kafka.clients.admin.AdminClient;

/* loaded from: input_file:io/confluent/ksql/security/utils/KsqlSecurityUtils.class */
public final class KsqlSecurityUtils {
    private static String principalType(Principal principal) {
        return principal == null ? "null" : principal.getClass().getName();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static <T> T toPrincipalType(Principal principal, Class<T> cls) {
        if (cls.isInstance(principal)) {
            return principal;
        }
        if (principal instanceof DefaultKsqlPrincipal) {
            return (T) toPrincipalType(((DefaultKsqlPrincipal) principal).getOriginalPrincipal(), cls);
        }
        throw new KsqlException(String.format("Invalid user principal found. Got: %s Expected: %s.", principalType(principal), cls.getName()));
    }

    public static String getKafkaClusterId(KsqlConfig ksqlConfig) {
        try {
            AdminClient create = AdminClient.create(ksqlConfig.getKsqlAdminClientConfigProps());
            Throwable th = null;
            try {
                try {
                    String str = (String) create.describeCluster().clusterId().get();
                    if (create != null) {
                        if (0 != 0) {
                            try {
                                create.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            create.close();
                        }
                    }
                    return str;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new KsqlException("Failed to determine Kafka cluster ID", e);
        }
    }

    public static Map<String, Object> getKafkaClientSupplierOAuthProperties(String str, JwtPrincipal jwtPrincipal) {
        return ImmutableMap.builder().put("sasl.mechanism", "OAUTHBEARER").put("sasl.login.callback.handler.class", "io.confluent.kafka.clients.plugins.auth.token.TokenBearerLoginCallbackHandler").put("sasl.jaas.config", ConfluentOAuthConfigs.getOAuthBearerLoginModuleJaasConfig(jwtPrincipal, str)).build();
    }

    public static Map<String, String> getSchemaRegistryClientHttpHeaders(JwtPrincipal jwtPrincipal) {
        return ImmutableMap.builder().put("Authorization", "Bearer " + jwtPrincipal.getJwt()).build();
    }
}
