package io.confluent.rbacapi.utils;

import io.confluent.rbacapi.login.initializer.InstallHashLoginServiceSecurityHandler;
import io.confluent.rbacapi.utils.KafkaConfigSetupHelper;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.tokenapi.jwt.JwsProvider;
import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
import java.nio.file.Files;
import java.nio.file.StandardOpenOption;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:io/confluent/rbacapi/utils/HashLoginSetupHelper.class */
public class HashLoginSetupHelper {
    public static String DEFAULT_HASH_USER = "hashUser";
    public static String DEFAULT_HASH_PASSWORD = "hashPassword";
    private static String tokenPublicKeyPath;

    public static RbacClusters.Config newBaseConfig() {
        return new RbacClusters.Config().overrideMetadataBrokerConfig("confluent.metadata.server.listeners", MdsConfigUtil.DEFAULT_HTTP_LISTENER).overrideMetadataBrokerConfig("confluent.metadata.server.advertised.listeners", MdsConfigUtil.DEFAULT_HTTP_ADVERTISED_LISTENER);
    }

    public static RbacClusters.Config newDefaultHashLoginConfig() {
        return newHashLoginConfig(Arrays.asList(DEFAULT_HASH_USER, DEFAULT_HASH_PASSWORD));
    }

    public static RbacClusters.Config newHashLoginConfig(List<String> list) {
        RbacClusters.Config newBaseConfig = newBaseConfig();
        enableHashService(newBaseConfig, createHashLoginPropFile(list));
        setupTokens(newBaseConfig);
        return newBaseConfig;
    }

    public static void withBrokerTokenValidationEnabled(RbacClusters.Config config) {
        config.withTokenLogin(tokenPublicKeyPath);
    }

    private static void enableHashService(RbacClusters.Config config, File file) {
        config.overrideMetadataBrokerConfig(MdsConfigUtil.withPrefix("rest.servlet.initializor.classes"), InstallHashLoginServiceSecurityHandler.class.getName());
        config.overrideMetadataBrokerConfig("confluent.metadata.server.authentication.roles", "**");
        config.overrideMetadataBrokerConfig(MdsConfigUtil.withPrefix("hash.login.path"), file.getPath());
    }

    private static void setupTokens(RbacClusters.Config config) {
        KafkaConfigSetupHelper.TokenPemFiles createTokenPemFiles = KafkaConfigSetupHelper.createTokenPemFiles();
        tokenPublicKeyPath = createTokenPemFiles.tokenPublicKey;
        config.overrideMetadataBrokerConfig("token.signature.algorithm", JwsProvider.Algorithm.RS256.name());
        config.overrideMetadataBrokerConfig(MdsConfigUtil.withPrefix("public.key.path"), createTokenPemFiles.tokenPublicKey);
        config.overrideMetadataBrokerConfig(MdsConfigUtil.withPrefix("token.key.path"), createTokenPemFiles.tokenKeyPair);
        config.overrideMetadataBrokerConfig("confluent.metadata.server.token.auth.enable", "true");
    }

    private static File createHashLoginPropFile(List<String> list) {
        try {
            File createTempFile = File.createTempFile("integTest-hashLoginService-", ".properties");
            createTempFile.deleteOnExit();
            PrintStream printStream = new PrintStream(Files.newOutputStream(createTempFile.toPath(), StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING));
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                printStream.println(it.next() + ": " + it.next());
            }
            printStream.close();
            return createTempFile;
        } catch (IOException e) {
            throw new RuntimeException("Failed to create HashLogin property file", e);
        }
    }
}
