package io.confluent.kafka.schemaregistry.security;

import io.confluent.common.security.auth.AuthenticationCleanupFilter;
import io.confluent.common.security.auth.AuthenticationFilter;
import io.confluent.common.security.license.LicenseUtil;
import io.confluent.common.security.ssl.SslPrincipalMapper;
import io.confluent.kafka.schemaregistry.exceptions.SchemaRegistryException;
import io.confluent.kafka.schemaregistry.rest.SchemaRegistryConfig;
import io.confluent.kafka.schemaregistry.rest.extensions.SchemaRegistryResourceExtension;
import io.confluent.kafka.schemaregistry.security.config.SecureSchemaRegistryConfig;
import io.confluent.kafka.schemaregistry.security.filter.AuthorizationFilter;
import io.confluent.kafka.schemaregistry.storage.SchemaRegistry;
import io.confluent.rest.RestConfigException;
import java.util.List;
import java.util.Optional;
import javax.ws.rs.core.Configurable;

/* loaded from: input_file:io/confluent/kafka/schemaregistry/security/SchemaRegistrySecurityResourceExtension.class */
public class SchemaRegistrySecurityResourceExtension implements SchemaRegistryResourceExtension {
    private AuthorizationFilter authorizationFilter;

    public void register(Configurable<?> configurable, SchemaRegistryConfig schemaRegistryConfig, SchemaRegistry schemaRegistry) throws SchemaRegistryException {
        try {
            SecureSchemaRegistryConfig secureSchemaRegistryConfig = new SecureSchemaRegistryConfig(schemaRegistryConfig.originalProperties());
            String string = secureSchemaRegistryConfig.getString(SecureSchemaRegistryConfig.CONFLUENT_AUTH_MECHANISM_CONFIG);
            List list = secureSchemaRegistryConfig.getList(SecureSchemaRegistryConfig.CONFLUENT_SSL_PRINCIPAL_MAPPING_RULES_CONFIG);
            Optional empty = Optional.empty();
            if (list != null) {
                empty = Optional.of(SslPrincipalMapper.fromRules(list));
            }
            configurable.register(AuthenticationCleanupFilter.class);
            configurable.register(new AuthenticationFilter(string, empty));
            this.authorizationFilter = new AuthorizationFilter(secureSchemaRegistryConfig, schemaRegistry);
            configurable.register(this.authorizationFilter);
            LicenseUtil.registerLicenseValidationFilter(configurable, secureSchemaRegistryConfig.isTrial(), secureSchemaRegistryConfig.getString("kafkastore.connection.url"), secureSchemaRegistryConfig.licenseString());
        } catch (RestConfigException e) {
            throw new SchemaRegistryException(e);
        }
    }

    public void close() {
        this.authorizationFilter.shutdown();
    }
}
