package io.confluent.kafka.schemaregistry.security.tools;

import io.confluent.kafka.schemaregistry.security.authorizer.SchemaRegistryResourceOperation;
import io.confluent.kafka.schemaregistry.security.authorizer.schemaregistryacl.AclMessageSerializer;
import io.confluent.kafka.schemaregistry.security.authorizer.schemaregistryacl.GlobalAclKey;
import io.confluent.kafka.schemaregistry.security.authorizer.schemaregistryacl.GlobalAclValue;
import io.confluent.kafka.schemaregistry.security.authorizer.schemaregistryacl.NoopKey;
import io.confluent.kafka.schemaregistry.security.authorizer.schemaregistryacl.SchemaRegistryAclAuthorizerUtils;
import io.confluent.kafka.schemaregistry.security.authorizer.schemaregistryacl.SchemaRegistryAclKey;
import io.confluent.kafka.schemaregistry.security.authorizer.schemaregistryacl.SchemaRegistryAclReaderThread;
import io.confluent.kafka.schemaregistry.security.authorizer.schemaregistryacl.SchemaRegistryAclValue;
import io.confluent.kafka.schemaregistry.security.authorizer.schemaregistryacl.SubjectAclKey;
import io.confluent.kafka.schemaregistry.security.authorizer.schemaregistryacl.SubjectAclValue;
import io.confluent.kafka.schemaregistry.security.config.SecureSchemaRegistryConfig;
import io.confluent.kafka.schemaregistry.storage.KafkaStore;
import io.confluent.kafka.schemaregistry.storage.exceptions.StoreException;
import io.confluent.kafka.schemaregistry.storage.exceptions.StoreInitializationException;
import java.util.Collection;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import org.apache.kafka.clients.producer.KafkaProducer;
import org.apache.kafka.clients.producer.ProducerRecord;
import org.apache.kafka.clients.producer.RecordMetadata;
import org.apache.kafka.common.serialization.ByteArraySerializer;
import org.glassfish.jersey.internal.util.ExceptionUtils;

/* loaded from: input_file:io/confluent/kafka/schemaregistry/security/tools/SchemaRegistryAclCommand.class */
public class SchemaRegistryAclCommand {
    static final Map<String, Set<SchemaRegistryResourceOperation>> EMPTY_MAP = new HashMap();
    static final Set<SchemaRegistryResourceOperation> EMPTY_SET = EnumSet.noneOf(SchemaRegistryResourceOperation.class);
    Map<String, Map<String, Set<SchemaRegistryResourceOperation>>> subjectAllowedOperations = new ConcurrentHashMap();
    Map<String, Set<SchemaRegistryResourceOperation>> globalAllowedOperations = new ConcurrentHashMap();
    SchemaRegistryAclReaderThread aclReaderThread;
    SchemaRegistryAclAuthorizerUtils aclAuthorizerUtils;

    public static void main(String[] strArr) throws Exception {
        SchemaRegistryAclCommand schemaRegistryAclCommand = new SchemaRegistryAclCommand();
        SchemaRegistryAclCommandOptions schemaRegistryAclCommandOptions = new SchemaRegistryAclCommandOptions(strArr);
        schemaRegistryAclCommandOptions.parseAndValidateArgs();
        schemaRegistryAclCommand.processCommand(schemaRegistryAclCommandOptions);
    }

    void processCommand(SchemaRegistryAclCommandOptions schemaRegistryAclCommandOptions) throws Exception {
        try {
            readAcl(schemaRegistryAclCommandOptions, this.subjectAllowedOperations, this.globalAllowedOperations);
            if (schemaRegistryAclCommandOptions.isListCommand()) {
                listAcl();
            } else if (schemaRegistryAclCommandOptions.isAddCommand()) {
                addAcl(schemaRegistryAclCommandOptions);
            } else if (schemaRegistryAclCommandOptions.isRemoveCommand()) {
                removeAcl(schemaRegistryAclCommandOptions);
            }
            this.aclReaderThread.shutdown();
            this.aclAuthorizerUtils.shutdown();
        } catch (Exception e) {
            schemaRegistryAclCommandOptions.printUsageAndDie("Error processing the ACL command:" + e.getMessage() + System.lineSeparator() + ExceptionUtils.exceptionStackTraceAsString(e));
        }
    }

    void addAcl(SchemaRegistryAclCommandOptions schemaRegistryAclCommandOptions) throws Exception {
        HashMap hashMap = new HashMap();
        processSubjectOperations(schemaRegistryAclCommandOptions, this.subjectAllowedOperations, hashMap, true);
        processGlobalOperations(schemaRegistryAclCommandOptions, this.globalAllowedOperations, hashMap, true);
        publishAcl(schemaRegistryAclCommandOptions.getConfig(), hashMap);
    }

    void removeAcl(SchemaRegistryAclCommandOptions schemaRegistryAclCommandOptions) throws Exception {
        HashMap hashMap = new HashMap();
        processSubjectOperations(schemaRegistryAclCommandOptions, this.subjectAllowedOperations, hashMap, false);
        processGlobalOperations(schemaRegistryAclCommandOptions, this.globalAllowedOperations, hashMap, false);
        publishAcl(schemaRegistryAclCommandOptions.getConfig(), hashMap);
    }

    void listAcl() {
        System.out.println("Current ACL's for Subject Operations are " + System.lineSeparator() + this.subjectAllowedOperations);
        System.out.println("Current ACL's for Global Operations are " + System.lineSeparator() + this.globalAllowedOperations);
    }

    void publishAcl(SecureSchemaRegistryConfig secureSchemaRegistryConfig, Map<SchemaRegistryAclKey, SchemaRegistryAclValue> map) throws Exception {
        String aclTopic = secureSchemaRegistryConfig.aclTopic();
        AclMessageSerializer aclMessageSerializer = new AclMessageSerializer();
        Properties properties = new Properties();
        KafkaStore.addSchemaRegistryConfigsToClientProperties(secureSchemaRegistryConfig, properties);
        properties.put("bootstrap.servers", secureSchemaRegistryConfig.bootstrapBrokers());
        properties.put("acks", "-1");
        properties.put("key.serializer", ByteArraySerializer.class);
        properties.put("value.serializer", ByteArraySerializer.class);
        properties.put("retries", 0);
        properties.put("security.protocol", secureSchemaRegistryConfig.getString("kafkastore.security.protocol"));
        KafkaProducer kafkaProducer = new KafkaProducer(properties);
        Future future = null;
        for (Map.Entry<SchemaRegistryAclKey, SchemaRegistryAclValue> entry : map.entrySet()) {
            future = kafkaProducer.send(new ProducerRecord(aclTopic, 0, aclMessageSerializer.serializeSchemaRegistryAclKey(entry.getKey()), aclMessageSerializer.serializeSchemaRegistryAclValue(entry.getValue())));
        }
        if (future != null) {
            int intValue = secureSchemaRegistryConfig.getInt("kafkastore.init.timeout.ms").intValue();
            this.aclReaderThread.waitUntilOffset(((RecordMetadata) future.get(intValue, TimeUnit.MILLISECONDS)).offset(), intValue, TimeUnit.MILLISECONDS);
        }
        kafkaProducer.close();
    }

    void readAcl(SchemaRegistryAclCommandOptions schemaRegistryAclCommandOptions, Map<String, Map<String, Set<SchemaRegistryResourceOperation>>> map, Map<String, Set<SchemaRegistryResourceOperation>> map2) throws StoreInitializationException, StoreException {
        NoopKey noopKey = new NoopKey();
        AclMessageSerializer aclMessageSerializer = new AclMessageSerializer();
        SecureSchemaRegistryConfig config = schemaRegistryAclCommandOptions.getConfig();
        int intValue = config.getInt("kafkastore.init.timeout.ms").intValue();
        this.aclAuthorizerUtils = new SchemaRegistryAclAuthorizerUtils(config, config.aclTopic(), intValue, config.bootstrapBrokers(), aclMessageSerializer, noopKey);
        this.aclAuthorizerUtils.createOrVerifySchemaTopic();
        this.aclReaderThread = new SchemaRegistryAclReaderThread(config, config.bootstrapBrokers(), config.aclTopic(), noopKey, aclMessageSerializer, "sr-acl-cli", map, map2);
        this.aclReaderThread.start();
        waitUntilKafkaReaderReachesLastOffset(intValue, this.aclAuthorizerUtils);
    }

    private void processSubjectOperations(SchemaRegistryAclCommandOptions schemaRegistryAclCommandOptions, Map<String, Map<String, Set<SchemaRegistryResourceOperation>>> map, Map<SchemaRegistryAclKey, SchemaRegistryAclValue> map2, boolean z) {
        if (schemaRegistryAclCommandOptions.hasSubjectOperations()) {
            for (String str : schemaRegistryAclCommandOptions.getPrincipals()) {
                for (String str2 : schemaRegistryAclCommandOptions.getSubjects()) {
                    Set set = (Set) getOrDefault((Map) getOrDefault(map, str, EMPTY_MAP), str2, EMPTY_SET);
                    HashSet hashSet = new HashSet(schemaRegistryAclCommandOptions.getRequestedOperations());
                    hashSet.retainAll(SchemaRegistryResourceOperation.SUBJECT_RESOURCE_OPERATIONS);
                    EnumSet copyOf = EnumSet.copyOf((Collection) set);
                    if (z) {
                        copyOf.addAll(hashSet);
                    } else {
                        copyOf.removeAll(hashSet);
                    }
                    map2.put(new SubjectAclKey(str, str2), new SubjectAclValue(str, str2, copyOf));
                }
            }
        }
    }

    private void processGlobalOperations(SchemaRegistryAclCommandOptions schemaRegistryAclCommandOptions, Map<String, Set<SchemaRegistryResourceOperation>> map, Map<SchemaRegistryAclKey, SchemaRegistryAclValue> map2, boolean z) {
        if (schemaRegistryAclCommandOptions.hasGlobalOperations()) {
            for (String str : schemaRegistryAclCommandOptions.getPrincipals()) {
                EnumSet copyOf = EnumSet.copyOf((Collection) getOrDefault(map, str, EMPTY_SET));
                HashSet hashSet = new HashSet(schemaRegistryAclCommandOptions.getRequestedOperations());
                hashSet.retainAll(SchemaRegistryResourceOperation.GLOBAL_RESOURCE_OPERATIONS);
                if (z) {
                    copyOf.addAll(hashSet);
                } else {
                    copyOf.removeAll(hashSet);
                }
                map2.put(new GlobalAclKey(str), new GlobalAclValue(str, copyOf));
            }
        }
    }

    private void waitUntilKafkaReaderReachesLastOffset(int i, SchemaRegistryAclAuthorizerUtils schemaRegistryAclAuthorizerUtils) throws StoreException {
        this.aclReaderThread.waitUntilOffset(schemaRegistryAclAuthorizerUtils.getLatestOffset(i), i, TimeUnit.MILLISECONDS);
    }

    <T> T getOrDefault(Map<String, T> map, String str, T t) {
        return map.containsKey(str) ? map.get(str) : t;
    }
}
