package io.confluent.rbacapi.services;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableSet;
import io.confluent.mds.DynamicConfigurator;
import io.confluent.rbacapi.app.RbacApiAppConfig;
import io.confluent.rbacapi.entities.ClusterInfo;
import io.confluent.rbacapi.exceptions.ClusterRegistryConflictException;
import io.confluent.rbacapi.exceptions.ClusterRegistryGenericClientErrorException;
import io.confluent.rbacapi.exceptions.ClusterRegistryNoAccessException;
import io.confluent.rbacapi.exceptions.ClusterRegistryNotFoundException;
import io.confluent.rbacapi.exceptions.ClusterRegistryUpdateException;
import io.confluent.rbacapi.exceptions.ClusterRegistryVerifyException;
import io.confluent.rbacapi.utils.ClusterType;
import io.confluent.rbacapi.validation.v1.V1ValidationUtil;
import io.confluent.security.authorizer.Scope;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.stream.Collectors;
import javax.validation.ConstraintViolationException;
import org.apache.commons.lang3.StringUtils;
import org.apache.kafka.clients.admin.AlterConfigsResult;
import org.apache.kafka.clients.admin.ConfigEntry;
import org.apache.kafka.common.Reconfigurable;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/rbacapi/services/ClusterRegistryService.class */
public class ClusterRegistryService implements Reconfigurable {
    private final ObjectMapper objectMapper;
    private final ClusterRegistryGatekeeper clusterRegistryGatekeeper;
    private final DynamicConfigurator dynamicConfigurator;
    private long dynamicConfigUpdateTimeoutMs = 29000;
    private volatile ClusterRegistryList volatileClusterRegistryList = new ClusterRegistryList(Collections.emptyList());
    private static final Set<String> CLUSTER_REGISTRY_CONFIG_SET = ImmutableSet.of("confluent.metadata.server.cluster.registry.clusters");
    private static final Logger log = LoggerFactory.getLogger(ClusterRegistryService.class);
    private static final V1ValidationUtil validationUtil = new V1ValidationUtil();

    public ClusterRegistryService(ObjectMapper objectMapper, ClusterRegistryGatekeeper clusterRegistryGatekeeper, DynamicConfigurator dynamicConfigurator) {
        this.objectMapper = objectMapper;
        this.clusterRegistryGatekeeper = clusterRegistryGatekeeper;
        this.dynamicConfigurator = dynamicConfigurator;
    }

    public List<ClusterInfo> getClusters(KafkaPrincipal kafkaPrincipal, ClusterType clusterType) {
        return this.clusterRegistryGatekeeper.filterClusterInfosBasedOnReadAuthorization(kafkaPrincipal, this.volatileClusterRegistryList.clustersByType(clusterType));
    }

    public ClusterInfo getNamedCluster(KafkaPrincipal kafkaPrincipal, String str) {
        Optional<ClusterInfo> clusterByName = this.volatileClusterRegistryList.clusterByName(str);
        if (clusterByName.isPresent()) {
            List<ClusterInfo> filterClusterInfosBasedOnReadAuthorization = this.clusterRegistryGatekeeper.filterClusterInfosBasedOnReadAuthorization(kafkaPrincipal, Collections.singletonList(clusterByName.get()));
            if (filterClusterInfosBasedOnReadAuthorization.size() == 1) {
                return filterClusterInfosBasedOnReadAuthorization.get(0);
            }
        }
        throw new ClusterRegistryNotFoundException(str);
    }

    public Scope lookupScopeByClusterName(String str, KafkaPrincipal kafkaPrincipal) {
        ClusterInfo namedCluster = getNamedCluster(kafkaPrincipal, str);
        if (namedCluster == null) {
            return null;
        }
        return namedCluster.getScope();
    }

    public String lookupClusterNameByScope(Scope scope, KafkaPrincipal kafkaPrincipal) {
        ClusterInfo orElse = getClusters(kafkaPrincipal, ClusterType.NOT_SPECIFIED).stream().filter(clusterInfo -> {
            return clusterInfo.getScope().equals(scope);
        }).findFirst().orElse(null);
        if (orElse == null) {
            return null;
        }
        return orElse.getClusterName();
    }

    public synchronized void overwriteClusters(KafkaPrincipal kafkaPrincipal, List<ClusterInfo> list) {
        ClusterRegistryList clusterRegistryList = this.volatileClusterRegistryList;
        Iterator<ClusterInfo> it = list.iterator();
        while (it.hasNext()) {
            try {
                validationUtil.verifyClusterInfo(it.next());
            } catch (ConstraintViolationException e) {
                throw new ClusterRegistryGenericClientErrorException((String) e.getConstraintViolations().stream().map((v0) -> {
                    return v0.getMessage();
                }).collect(Collectors.joining(",")));
            }
        }
        for (ClusterInfo clusterInfo : list) {
            if (!this.clusterRegistryGatekeeper.canWrite(kafkaPrincipal, clusterInfo.getScope())) {
                throw new ClusterRegistryNoAccessException(clusterInfo.getClusterName());
            }
        }
        for (ClusterInfo clusterInfo2 : list) {
            Optional<ClusterInfo> clusterByName = clusterRegistryList.clusterByName(clusterInfo2.getClusterName());
            if (clusterByName.isPresent() && !clusterByName.get().getScope().equals(clusterInfo2.getScope())) {
                throw new ClusterRegistryConflictException(String.format("Cluster with name %s already exists with a different scope. Please register with a different name OR unregister the other cluster.", clusterInfo2.getClusterName()));
            }
            Optional<ClusterInfo> clustersByScope = clusterRegistryList.clustersByScope(clusterInfo2.getScope());
            if (clustersByScope.isPresent()) {
                String clusterName = clustersByScope.get().getClusterName();
                if (!clusterName.equals(clusterInfo2.getClusterName())) {
                    throw new ClusterRegistryConflictException(String.format("Scope %s is already registered with name %s. Please unregister cluster name %s and try again.", clusterInfo2.getScope(), clusterName, clusterName));
                }
            }
        }
        try {
            ArrayList arrayList = new ArrayList(clusterRegistryList.clusters());
            for (ClusterInfo clusterInfo3 : list) {
                arrayList.removeIf(clusterInfo4 -> {
                    return clusterInfo4.getClusterName().equals(clusterInfo3.getClusterName());
                });
            }
            arrayList.addAll(list);
            updateDynamicConfig(new ClusterRegistryList(arrayList));
        } catch (ConstraintViolationException e2) {
            throw new ClusterRegistryGenericClientErrorException((String) e2.getConstraintViolations().stream().map((v0) -> {
                return v0.getMessage();
            }).collect(Collectors.joining(",")));
        }
    }

    public synchronized void deleteNamedCluster(KafkaPrincipal kafkaPrincipal, String str) {
        ClusterRegistryList clusterRegistryList = this.volatileClusterRegistryList;
        Optional<ClusterInfo> clusterByName = clusterRegistryList.clusterByName(str);
        if (clusterByName.isPresent()) {
            if (!this.clusterRegistryGatekeeper.canWrite(kafkaPrincipal, clusterByName.get().getScope())) {
                throw new ClusterRegistryNoAccessException(str);
            }
            ArrayList arrayList = new ArrayList(clusterRegistryList.clusters());
            arrayList.removeIf(clusterInfo -> {
                return clusterInfo.getClusterName().equals(str);
            });
            updateDynamicConfig(new ClusterRegistryList(arrayList));
        }
    }

    public Set<String> reconfigurableConfigs() {
        return CLUSTER_REGISTRY_CONFIG_SET;
    }

    public void configure(Map<String, ?> map) {
        this.volatileClusterRegistryList = parseJson(extractClusterRegString(map.get(RbacApiAppConfig.CLUSTER_REGISTRY_MDS_PROP)));
    }

    public void validateReconfiguration(Map<String, ?> map) throws ConfigException {
        parseJson(extractClusterRegString(map.get("confluent.metadata.server.cluster.registry.clusters")));
    }

    public void reconfigure(Map<String, ?> map) {
        this.volatileClusterRegistryList = parseJson(extractClusterRegString(map.get("confluent.metadata.server.cluster.registry.clusters")));
    }

    private String extractClusterRegString(Object obj) {
        if (!(obj instanceof String)) {
            throw new ConfigException(RbacApiAppConfig.CLUSTER_REGISTRY_MDS_PROP, obj, "Expected a non-null JSON String");
        }
        String str = (String) obj;
        if (StringUtils.isBlank(str)) {
            throw new ConfigException(RbacApiAppConfig.CLUSTER_REGISTRY_MDS_PROP, obj, "Expected a non-blank JSON String");
        }
        return str;
    }

    private ClusterRegistryList parseJson(String str) {
        try {
            return new ClusterRegistryList((List) this.objectMapper.readValue(str, new TypeReference<List<ClusterInfo>>() { // from class: io.confluent.rbacapi.services.ClusterRegistryService.1
            }));
        } catch (ConstraintViolationException e) {
            throw new ConfigException(RbacApiAppConfig.CLUSTER_REGISTRY_MDS_PROP, str, (String) e.getConstraintViolations().stream().map((v0) -> {
                return v0.getMessage();
            }).collect(Collectors.joining(",")));
        } catch (IOException e2) {
            throw new ConfigException(RbacApiAppConfig.CLUSTER_REGISTRY_MDS_PROP, str, e2.getMessage());
        }
    }

    private void updateDynamicConfig(ClusterRegistryList clusterRegistryList) {
        if (this.volatileClusterRegistryList.equals(clusterRegistryList)) {
            log.debug("Update to cluster registry is a no-op. Exiting early.");
            return;
        }
        try {
            AlterConfigsResult clusterConfig = this.dynamicConfigurator.setClusterConfig(Collections.singleton(new ConfigEntry("confluent.metadata.server.cluster.registry.clusters", this.objectMapper.writeValueAsString(clusterRegistryList.clusters()))));
            long currentTimeMillis = System.currentTimeMillis();
            try {
                clusterConfig.all().get(this.dynamicConfigUpdateTimeoutMs, TimeUnit.MILLISECONDS);
                try {
                    pollForBackgroundUpdateToDynamicConfig(clusterRegistryList, this.dynamicConfigUpdateTimeoutMs - (System.currentTimeMillis() - currentTimeMillis));
                } catch (TimeoutException e) {
                    throw new ClusterRegistryVerifyException("Timeout in verifying that local Cluster Registry state was updated by a dynamic config reconfigure.", e);
                }
            } catch (InterruptedException | ExecutionException e2) {
                throw new ClusterRegistryUpdateException("Dynamic config update failed.", e2);
            } catch (TimeoutException e3) {
                log.debug("Timeout for updates to dynamic config.", e3);
                if (!this.volatileClusterRegistryList.equals(clusterRegistryList)) {
                    throw new ClusterRegistryUpdateException("Dynamic config update failed becauseof a timeout in future.get().", e3);
                }
                log.debug("Local cluster registry state updated by a dynamic config reconfigure.");
            }
        } catch (JsonProcessingException e4) {
            log.debug("Unexpected JSON error in ClusterRegistry update.", e4);
        }
    }

    private void pollForBackgroundUpdateToDynamicConfig(ClusterRegistryList clusterRegistryList, long j) throws TimeoutException {
        long currentTimeMillis = System.currentTimeMillis();
        while (System.currentTimeMillis() - currentTimeMillis < j && !this.volatileClusterRegistryList.equals(clusterRegistryList)) {
            try {
                Thread.sleep(20L);
            } catch (InterruptedException e) {
            }
        }
        if (!this.volatileClusterRegistryList.equals(clusterRegistryList)) {
            throw new TimeoutException(String.format("Timed out after %dms trying to verify Cluster Registry update.", Long.valueOf(j)));
        }
    }

    @VisibleForTesting
    public List<ClusterInfo> getAllClusters() {
        return this.volatileClusterRegistryList.clusters();
    }

    @VisibleForTesting
    public void resetClusters() {
        this.volatileClusterRegistryList = new ClusterRegistryList(Collections.emptyList());
    }

    @VisibleForTesting
    public void setDynamicConfigUpdateTimeoutMs(long j) {
        this.dynamicConfigUpdateTimeoutMs = j;
    }

    public List<ClusterInfo> getUnrestrictedClusters(ClusterType clusterType) {
        return this.volatileClusterRegistryList.clustersByType(clusterType);
    }
}
