package utils;

import io.confluent.security.test.utils.RbacClusters;
import io.confluent.tokenapi.jwt.JwtProvider;
import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
import java.nio.file.Files;
import java.nio.file.StandardOpenOption;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.logging.LogManager;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.jose4j.lang.JoseException;
import org.slf4j.bridge.SLF4JBridgeHandler;

/* loaded from: input_file:utils/KafkaConfigTool.class */
public class KafkaConfigTool {

    /* loaded from: input_file:utils/KafkaConfigTool$TokenPemFiles.class */
    public static class TokenPemFiles {
        public final String tokenKeyPair;
        public final String tokenPublicKey;

        public TokenPemFiles(String str, String str2) {
            this.tokenPublicKey = str2;
            this.tokenKeyPair = str;
        }
    }

    public static RbacClusters.Config noAuth() {
        return noAuth("mds");
    }

    public static RbacClusters.Config noAuth(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("super.users", "User:" + str + ";User:ANONYMOUS");
        String acquirePort = MdsTestUtil.acquirePort(8090);
        hashMap.put("confluent.metadata.server.listeners", MdsTestUtil.DEFAULT_HTTP_HOST + ":" + acquirePort);
        hashMap.put("confluent.metadata.server.advertised.listeners", MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST + ":" + acquirePort);
        hashMap.put("confluent.security.event.logger.exporter.kafka.topic.replicas", "1");
        hashMap.put("confluent.metadata.server.authentication.method", "NONE");
        RbacClusters.Config users = new RbacClusters.Config().users("mds", Collections.emptyList());
        applyProperties(hashMap, users);
        turnOffAuditLogs(users);
        users.withManagedCluster(false);
        return users;
    }

    public static RbacClusters.Config justLDAPv1(int i, String str) {
        return justLDAPv1(i, str, (List<String>) Collections.emptyList());
    }

    public static RbacClusters.Config justLDAPv1(int i, int i2, String str) {
        return justLDAP(i, i2, str, Collections.emptyList());
    }

    public static RbacClusters.Config justLDAPv1(int i, String str, List<String> list) {
        return justLDAP(i, 8090, str, list);
    }

    public static RbacClusters.Config justLDAPv1(int i, int i2, String str, List<String> list) {
        return justLDAP(i, i2, str, list);
    }

    private static RbacClusters.Config justLDAP(int i, int i2, String str, List<String> list) {
        HashMap hashMap = new HashMap();
        hashMap.put("super.users", "User:" + str);
        String acquirePort = MdsTestUtil.acquirePort(i2);
        hashMap.put("confluent.metadata.server.listeners", MdsTestUtil.DEFAULT_HTTP_HOST + ":" + acquirePort);
        hashMap.put("confluent.metadata.server.advertised.listeners", MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST + ":" + acquirePort);
        hashMap.put("confluent.metadata.server.authentication.method", "BASIC");
        hashMap.put("ldap.java.naming.provider.url", "ldap://localhost:" + i + "/dc=example,dc=com");
        hashMap.put("ldap.refresh.interval.ms", "50");
        hashMap.put("ldap.java.naming.security.principal", "uid=admin,ou=system");
        hashMap.put("ldap.java.naming.security.credentials", "secret");
        hashMap.put("ldap.java.naming.security.authentication", "simple");
        hashMap.put("ldap.group.name.attribute", "cn");
        hashMap.put("ldap.group.member.attribute.pattern", "uid=(.*),ou=users,dc=example,dc=com");
        hashMap.put("confluent.security.event.logger.exporter.kafka.topic.replicas", "1");
        RbacClusters.Config users = new RbacClusters.Config().users(str, list);
        applyProperties(hashMap, users);
        turnOffAuditLogs(users);
        users.withManagedCluster(false);
        return users;
    }

    public static RbacClusters.Config justHash(String str) {
        return justHash(8090, str, Collections.emptyList());
    }

    public static RbacClusters.Config justHash(String str, String... strArr) {
        return justHash(8090, str, Arrays.asList(strArr));
    }

    public static RbacClusters.Config justHash(String str, List<String> list) {
        return justHash(8090, str, list);
    }

    public static RbacClusters.Config justHash(int i, String str, List<String> list) {
        HashMap hashMap = new HashMap();
        hashMap.put("super.users", "User:" + str);
        String acquirePort = MdsTestUtil.acquirePort(i);
        hashMap.put("confluent.metadata.server.listeners", MdsTestUtil.DEFAULT_HTTP_HOST + ":" + acquirePort);
        hashMap.put("confluent.metadata.server.advertised.listeners", MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST + ":" + acquirePort);
        hashMap.put("confluent.metadata.server.authentication.method", "BASIC");
        hashMap.put("confluent.metadata.server.user.store", "FILE");
        hashMap.put("confluent.security.event.logger.exporter.kafka.topic.replicas", "1");
        ArrayList arrayList = new ArrayList(list);
        arrayList.add(str);
        hashMap.put("confluent.metadata.server.user.store.file.path", createHashLoginPropFile(arrayList).getPath());
        RbacClusters.Config users = new RbacClusters.Config().users(str, Collections.emptyList());
        applyProperties(hashMap, users);
        turnOffAuditLogs(users);
        users.withManagedCluster(false);
        return users;
    }

    public static RbacClusters.Config ldapWithTokens(String str) {
        return ldapWithTokens(8389, str);
    }

    public static RbacClusters.Config ldapWithTokensTwoNodes(int i, String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("super.users", "User:" + str);
        hashMap.put("confluent.metadata.server.authentication.method", "BEARER");
        hashMap.put("ldap.java.naming.provider.url", "ldap://localhost:" + i + "/dc=example,dc=com");
        hashMap.put("ldap.refresh.interval.ms", "50");
        hashMap.put("ldap.java.naming.security.principal", "uid=admin,ou=system");
        hashMap.put("ldap.java.naming.security.credentials", "secret");
        hashMap.put("ldap.java.naming.security.authentication", "simple");
        hashMap.put("ldap.group.name.attribute", "cn");
        hashMap.put("ldap.group.member.attribute.pattern", "uid=(.*),ou=users,dc=example,dc=com");
        TokenPemFiles createTokenPemFiles = createTokenPemFiles();
        hashMap.put("confluent.metadata.server.token.key.path", createTokenPemFiles.tokenKeyPair);
        hashMap.put("confluent.security.event.logger.exporter.kafka.topic.replicas", "1");
        RbacClusters.Config users = new RbacClusters.Config().users(str, Collections.emptyList());
        applyProperties(hashMap, users);
        users.withTokenLogin(createTokenPemFiles.tokenPublicKey);
        users.addMetadataServer();
        return users;
    }

    public static RbacClusters.Config ldapWithTokens(int i, String str) {
        return ldapWithTokens(i, str, -1);
    }

    public static RbacClusters.Config ldapWithTokens(int i, String str, int i2) {
        HashMap hashMap = new HashMap();
        hashMap.put("super.users", "User:" + str);
        String acquirePort = MdsTestUtil.acquirePort(8090);
        hashMap.put("confluent.metadata.server.listeners", MdsTestUtil.DEFAULT_HTTP_HOST + ":" + acquirePort);
        hashMap.put("confluent.metadata.server.advertised.listeners", MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST + ":" + acquirePort);
        hashMap.put("confluent.metadata.server.authentication.method", "BEARER");
        hashMap.put("ldap.java.naming.provider.url", "ldap://localhost:" + i + "/dc=example,dc=com");
        hashMap.put("ldap.refresh.interval.ms", "50");
        hashMap.put("ldap.java.naming.security.principal", "uid=admin,ou=system");
        hashMap.put("ldap.java.naming.security.credentials", "secret");
        hashMap.put("ldap.java.naming.security.authentication", "simple");
        hashMap.put("ldap.group.name.attribute", "cn");
        hashMap.put("ldap.group.member.attribute.pattern", "uid=(.*),ou=users,dc=example,dc=com");
        TokenPemFiles createTokenPemFiles = createTokenPemFiles();
        hashMap.put("confluent.metadata.server.token.key.path", createTokenPemFiles.tokenKeyPair);
        hashMap.put("confluent.security.event.logger.exporter.kafka.topic.replicas", "1");
        if (i2 != -1) {
            hashMap.put("listeners", String.format("EXTERNAL://localhost:%d,INTERNAL://localhost:%d", Integer.valueOf(i2), Integer.valueOf(i2 + 1)));
        }
        RbacClusters.Config users = new RbacClusters.Config().users(str, Collections.emptyList());
        applyProperties(hashMap, users);
        turnOffAuditLogs(users);
        users.withTokenLogin(createTokenPemFiles.tokenPublicKey);
        users.withManagedCluster(false);
        return users;
    }

    public static RbacClusters.Config hashWithTokens(String str, List<String> list) {
        return hashWithTokens(str, list, 8090);
    }

    public static RbacClusters.Config hashWithTokens(String str, List<String> list, int i) {
        HashMap hashMap = new HashMap();
        hashMap.put("super.users", "User:" + str);
        String acquirePort = MdsTestUtil.acquirePort(i);
        hashMap.put("confluent.metadata.server.listeners", MdsTestUtil.DEFAULT_HTTP_HOST + ":" + acquirePort);
        hashMap.put("confluent.metadata.server.advertised.listeners", MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST + ":" + acquirePort);
        hashMap.put("confluent.metadata.server.authentication.method", "BEARER");
        hashMap.put("confluent.metadata.server.user.store", "FILE");
        hashMap.put("confluent.metadata.server.user.store.file.path", createHashLoginPropFile(list).getPath());
        TokenPemFiles createTokenPemFiles = createTokenPemFiles();
        hashMap.put("confluent.metadata.server.token.key.path", createTokenPemFiles.tokenKeyPair);
        RbacClusters.Config users = new RbacClusters.Config().users(str, Collections.emptyList());
        applyProperties(hashMap, users);
        turnOffAuditLogs(users);
        users.withTokenLogin(createTokenPemFiles.tokenPublicKey);
        users.withManagedCluster(false);
        return users;
    }

    public static RbacClusters.Config actualCloudConfig(String str, int i, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("super.users", "User:ANONYMOUS;User:" + str);
        String acquirePort = MdsTestUtil.acquirePort(i);
        hashMap.put("confluent.metadata.server.listeners", MdsTestUtil.DEFAULT_HTTP_HOST + ":" + acquirePort);
        hashMap.put("confluent.metadata.server.advertised.listeners", MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST + ":" + acquirePort);
        hashMap.put("authorizer.class.name", "io.confluent.kafka.multitenant.authorizer.MultiTenantAuthorizer");
        hashMap.put("confluent.authorizer.access.rule.providers", "MULTI_TENANT,CONFLUENT");
        hashMap.put("confluent.metadata.server.authentication.method", "BEARER");
        hashMap.put("confluent.metadata.server.api.flavor", "CP");
        hashMap.put("confluent.metadata.server.user.store", "NONE");
        hashMap.put("confluent.metadata.server.issuer", "Confluent");
        hashMap.put("confluent.metadata.server.jwksLocation", str2);
        hashMap.put("confluent.metadata.server.verificationKeyResolver", "pemFile");
        RbacClusters.Config users = new RbacClusters.Config().users(str, Collections.emptyList());
        applyProperties(hashMap, users);
        turnOffAuditLogs(users);
        users.withTokenLogin(str2);
        users.withManagedCluster(false);
        return users;
    }

    public static void turnOffAuditLogs(RbacClusters.Config config) {
        config.overrideMetadataBrokerConfig("confluent.security.event.logger.enable", "false");
    }

    private static void applyProperties(Map<String, String> map, RbacClusters.Config config) {
        for (Map.Entry<String, String> entry : map.entrySet()) {
            config.overrideMetadataBrokerConfig(entry.getKey(), entry.getValue());
        }
    }

    public static File createHashLoginPropFile(List<String> list) {
        try {
            File createTempFile = File.createTempFile("intTest-hashLoginService-", ".properties");
            createTempFile.deleteOnExit();
            PrintStream printStream = new PrintStream(Files.newOutputStream(createTempFile.toPath(), StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING));
            for (String str : list) {
                printStream.println(str + ": " + str);
            }
            printStream.close();
            return createTempFile;
        } catch (IOException e) {
            throw new RuntimeException("Failed to create HashLogin property file", e);
        }
    }

    public static void minimizeBackgroundServices(RbacClusters.Config config) {
        config.overrideMetadataBrokerConfig("confluent.security.event.logger.enable", "false");
        config.overrideMetadataBrokerConfig("confluent.telemetry.events.enable", "false");
    }

    public static TokenPemFiles createTokenPemFiles() {
        try {
            File createTempFile = File.createTempFile("integTest-token-public", ".pem");
            createTempFile.deleteOnExit();
            File createTempFile2 = File.createTempFile("integTest-token-keypair", ".pem");
            createTempFile2.deleteOnExit();
            JwtTestHelper.writeKeys(createTempFile2.toPath(), createTempFile.toPath());
            return new TokenPemFiles(createTempFile2.getPath(), createTempFile.getPath());
        } catch (IOException e) {
            throw new ConfigException("Failed to generate required pem file", e);
        }
    }

    public static String generateToken(String str, String str2) throws JoseException {
        JwtProvider jwtProvider = new JwtProvider();
        jwtProvider.configure(Collections.singletonMap("token.key.path", str));
        return jwtProvider.newJwsToken(new KafkaPrincipal("User", str2), new String[0]);
    }

    public static void turnOnAuditLogs(RbacClusters.Config config) {
        config.overrideMetadataBrokerConfig("confluent.security.event.logger.enable", "true");
        config.overrideMetadataBrokerConfig("confluent.security.event.logger.exporter.kafka.delivery.timeout.ms", "1000");
        config.overrideMetadataBrokerConfig("confluent.security.event.logger.exporter.kafka.request.timeout.ms", "500");
    }

    static {
        LogManager.getLogManager().reset();
        SLF4JBridgeHandler.install();
    }
}
