package org.apache.nifi.framework.cluster.leader.zookeeper;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.curator.framework.api.ACLProvider;
import org.apache.curator.framework.imps.DefaultACLProvider;
import org.apache.nifi.framework.cluster.zookeeper.ZooKeeperClientConfig;
import org.apache.zookeeper.ZooDefs;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;

/* loaded from: input_file:org/apache/nifi/framework/cluster/leader/zookeeper/CuratorACLProviderFactory.class */
public class CuratorACLProviderFactory {
    public static final String SASL_AUTH_SCHEME = "sasl";

    /* loaded from: input_file:org/apache/nifi/framework/cluster/leader/zookeeper/CuratorACLProviderFactory$SaslACLProvider.class */
    private class SaslACLProvider implements ACLProvider {
        private final List<ACL> acls;

        private SaslACLProvider(CuratorACLProviderFactory curatorACLProviderFactory, ZooKeeperClientConfig zooKeeperClientConfig) {
            if (StringUtils.isEmpty(zooKeeperClientConfig.getAuthPrincipal())) {
                throw new IllegalArgumentException("No Kerberos Principal configured for use with SASL Authentication Scheme");
            }
            String substring = zooKeeperClientConfig.getAuthPrincipal().substring(zooKeeperClientConfig.getAuthPrincipal().indexOf(64) + 1, zooKeeperClientConfig.getAuthPrincipal().length());
            String[] split = zooKeeperClientConfig.getAuthPrincipal().substring(0, zooKeeperClientConfig.getAuthPrincipal().indexOf(64)).split("/");
            String str = split.length == 2 ? split[1] : null;
            StringBuilder sb = new StringBuilder(split[0]);
            if (!zooKeeperClientConfig.getRemoveHostFromPrincipal().equalsIgnoreCase("true")) {
                sb.append("/");
                sb.append(str);
            }
            if (!zooKeeperClientConfig.getRemoveRealmFromPrincipal().equalsIgnoreCase("true")) {
                sb.append("@");
                sb.append(substring);
            }
            this.acls = new ArrayList(Arrays.asList(new ACL(31, new Id(CuratorACLProviderFactory.SASL_AUTH_SCHEME, sb.toString()))));
            this.acls.addAll(ZooDefs.Ids.READ_ACL_UNSAFE);
        }

        public List<ACL> getDefaultAcl() {
            return this.acls;
        }

        public List<ACL> getAclForPath(String str) {
            return this.acls;
        }
    }

    public ACLProvider create(ZooKeeperClientConfig zooKeeperClientConfig) {
        return StringUtils.equalsIgnoreCase(zooKeeperClientConfig.getAuthType(), SASL_AUTH_SCHEME) ? new SaslACLProvider(this, zooKeeperClientConfig) : new DefaultACLProvider();
    }
}
