package org.apache.kafka.metadata.authorizer;

import com.damnhandy.uri.template.UriTemplate;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import org.apache.kafka.common.Endpoint;
import org.apache.kafka.common.Uuid;
import org.apache.kafka.common.acl.AclBinding;
import org.apache.kafka.common.acl.AclBindingFilter;
import org.apache.kafka.common.errors.NotControllerException;
import org.apache.kafka.common.errors.TimeoutException;
import org.apache.kafka.common.utils.SecurityUtils;
import org.apache.kafka.server.authorizer.Action;
import org.apache.kafka.server.authorizer.AuthorizableRequestContext;
import org.apache.kafka.server.authorizer.AuthorizationResult;
import org.apache.kafka.server.authorizer.AuthorizerServerInfo;

/* loaded from: input_file:org/apache/kafka/metadata/authorizer/StandardAuthorizer.class */
public class StandardAuthorizer implements ClusterMetadataAuthorizer {
    public static final String SUPER_USERS_CONFIG = "super.users";
    public static final String ALLOW_EVERYONE_IF_NO_ACL_IS_FOUND_CONFIG = "allow.everyone.if.no.acl.found";
    private final CompletableFuture<Void> initialLoadFuture = new CompletableFuture<>();
    private volatile StandardAuthorizerData data = StandardAuthorizerData.createEmpty();

    @Override // org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer
    public void setAclMutator(AclMutator aclMutator) {
        this.data = this.data.copyWithNewAclMutator(aclMutator);
    }

    @Override // org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer
    public AclMutator aclMutatorOrException() {
        AclMutator aclMutator = this.data.aclMutator;
        if (aclMutator == null) {
            throw new NotControllerException("The current node is not the active controller.");
        }
        return aclMutator;
    }

    @Override // org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer
    public void completeInitialLoad() {
        this.data = this.data.copyWithNewLoadingComplete(true);
        this.data.log.info("Completed initial ACL load process.");
        this.initialLoadFuture.complete(null);
    }

    public CompletableFuture<Void> initialLoadFuture() {
        return this.initialLoadFuture;
    }

    @Override // org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer
    public void completeInitialLoad(Exception exc) {
        this.data.log.error("Failed to complete initial ACL load process.", (Throwable) exc);
        this.initialLoadFuture.completeExceptionally(exc);
    }

    @Override // org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer
    public void addAcl(Uuid uuid, StandardAcl standardAcl) {
        this.data.addAcl(uuid, standardAcl);
    }

    @Override // org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer
    public void removeAcl(Uuid uuid) {
        this.data.removeAcl(uuid);
    }

    @Override // org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer
    public void loadSnapshot(Map<Uuid, StandardAcl> map) {
        StandardAuthorizerData createEmpty = StandardAuthorizerData.createEmpty();
        for (Map.Entry<Uuid, StandardAcl> entry : map.entrySet()) {
            createEmpty.addAcl(entry.getKey(), entry.getValue());
        }
        this.data = this.data.copyWithNewAcls(createEmpty.getAclCache());
    }

    @Override // org.apache.kafka.server.authorizer.Authorizer
    public Map<Endpoint, ? extends CompletionStage<Void>> start(AuthorizerServerInfo authorizerServerInfo) {
        HashMap hashMap = new HashMap();
        for (Endpoint endpoint : authorizerServerInfo.endpoints()) {
            if (authorizerServerInfo.earlyStartListeners().contains(endpoint.listenerName().orElse(""))) {
                hashMap.put(endpoint, CompletableFuture.completedFuture(null));
            } else {
                hashMap.put(endpoint, this.initialLoadFuture);
            }
        }
        return hashMap;
    }

    @Override // org.apache.kafka.server.authorizer.Authorizer
    public List<AuthorizationResult> authorize(AuthorizableRequestContext authorizableRequestContext, List<Action> list) {
        ArrayList arrayList = new ArrayList(list.size());
        StandardAuthorizerData standardAuthorizerData = this.data;
        Iterator<Action> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(standardAuthorizerData.authorize(authorizableRequestContext, it.next()));
        }
        return arrayList;
    }

    @Override // org.apache.kafka.server.authorizer.Authorizer
    public Iterable<AclBinding> acls(AclBindingFilter aclBindingFilter) {
        return this.data.acls(aclBindingFilter);
    }

    @Override // org.apache.kafka.server.authorizer.Authorizer
    public int aclCount() {
        return this.data.aclCount();
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        this.initialLoadFuture.completeExceptionally(new TimeoutException("The authorizer was closed before the initial load could complete."));
    }

    @Override // org.apache.kafka.common.Configurable
    public void configure(Map<String, ?> map) {
        int i;
        Set<String> configuredSuperUsers = getConfiguredSuperUsers(map);
        AuthorizationResult defaultResult = getDefaultResult(map);
        try {
            i = Integer.parseInt(map.get("node.id").toString().trim());
        } catch (Exception e) {
            i = -1;
        }
        this.data = this.data.copyWithNewConfig(i, configuredSuperUsers, defaultResult);
        this.data.log.info("set super.users={}, default result={}", String.join(UriTemplate.DEFAULT_SEPARATOR, configuredSuperUsers), defaultResult);
    }

    Set<String> superUsers() {
        return new HashSet(this.data.superUsers());
    }

    AuthorizationResult defaultResult() {
        return this.data.defaultResult();
    }

    static Set<String> getConfiguredSuperUsers(Map<String, ?> map) {
        Object obj = map.get(SUPER_USERS_CONFIG);
        if (obj == null) {
            return Collections.emptySet();
        }
        String[] split = obj.toString().split(";");
        HashSet hashSet = new HashSet();
        for (String str : split) {
            String trim = str.trim();
            if (!trim.isEmpty()) {
                SecurityUtils.parseKafkaPrincipal(trim);
                hashSet.add(trim);
            }
        }
        return hashSet;
    }

    static AuthorizationResult getDefaultResult(Map<String, ?> map) {
        Object obj = map.get(ALLOW_EVERYONE_IF_NO_ACL_IS_FOUND_CONFIG);
        if (obj != null && Boolean.parseBoolean(obj.toString().trim())) {
            return AuthorizationResult.ALLOWED;
        }
        return AuthorizationResult.DENIED;
    }
}
