package org.apache.nifi.processors.kafka.pubsub;

import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.function.Supplier;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.apache.kafka.clients.CommonClientConfigs;
import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.config.SslConfigs;
import org.apache.kafka.common.serialization.ByteArrayDeserializer;
import org.apache.kafka.common.serialization.ByteArraySerializer;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.components.Validator;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.kerberos.KerberosCredentialsService;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.FormatUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/processors/kafka/pubsub/KafkaProcessorUtils.class */
public final class KafkaProcessorUtils {
    private static final String ALLOW_EXPLICIT_KEYTAB = "NIFI_ALLOW_EXPLICIT_KEYTAB";
    final Logger logger = LoggerFactory.getLogger(getClass());
    static final String KAFKA_KEY = "kafka.key";
    static final String KAFKA_TOPIC = "kafka.topic";
    static final String KAFKA_PARTITION = "kafka.partition";
    static final String KAFKA_OFFSET = "kafka.offset";
    static final String KAFKA_TIMESTAMP = "kafka.timestamp";
    static final String KAFKA_COUNT = "kafka.count";
    static final AllowableValue UTF8_ENCODING = new AllowableValue("utf-8", "UTF-8 Encoded", "The key is interpreted as a UTF-8 Encoded string.");
    static final AllowableValue HEX_ENCODING = new AllowableValue("hex", "Hex Encoded", "The key is interpreted as arbitrary binary data and is encoded using hexadecimal characters with uppercase letters");
    static final Pattern HEX_KEY_PATTERN = Pattern.compile("(?:[0123456789abcdefABCDEF]{2})+");
    static final AllowableValue SEC_PLAINTEXT = new AllowableValue("PLAINTEXT", "PLAINTEXT", "PLAINTEXT");
    static final AllowableValue SEC_SSL = new AllowableValue("SSL", "SSL", "SSL");
    public static final AllowableValue SEC_SASL_PLAINTEXT = new AllowableValue("SASL_PLAINTEXT", "SASL_PLAINTEXT", "SASL_PLAINTEXT");
    public static final AllowableValue SEC_SASL_SSL = new AllowableValue("SASL_SSL", "SASL_SSL", "SASL_SSL");
    static final String GSSAPI_VALUE = "GSSAPI";
    static final AllowableValue SASL_MECHANISM_GSSAPI = new AllowableValue(GSSAPI_VALUE, GSSAPI_VALUE, "The mechanism for authentication via Kerberos. The principal and keytab must be provided to the processor by using a Keytab Credential service, or by specifying the properties directly in the processor.");
    static final String PLAIN_VALUE = "PLAIN";
    static final AllowableValue SASL_MECHANISM_PLAIN = new AllowableValue(PLAIN_VALUE, PLAIN_VALUE, "The mechanism for authentication via username and password. The username and password properties must be populated when using this mechanism.");
    static final String SCRAM_SHA256_VALUE = "SCRAM-SHA-256";
    static final AllowableValue SASL_MECHANISM_SCRAM_SHA256 = new AllowableValue(SCRAM_SHA256_VALUE, SCRAM_SHA256_VALUE, "The Salted Challenge Response Authentication Mechanism using SHA-256. The username and password properties must be set when using this mechanism.");
    static final String SCRAM_SHA512_VALUE = "SCRAM-SHA-512";
    static final AllowableValue SASL_MECHANISM_SCRAM_SHA512 = new AllowableValue(SCRAM_SHA512_VALUE, SCRAM_SHA512_VALUE, "The Salted Challenge Response Authentication Mechanism using SHA-512. The username and password properties must be set when using this mechanism.");
    public static final PropertyDescriptor BOOTSTRAP_SERVERS = new PropertyDescriptor.Builder().name("bootstrap.servers").displayName("Kafka Brokers").description("A comma-separated list of known Kafka Brokers in the format <host>:<port>").required(true).addValidator(StandardValidators.HOSTNAME_PORT_LIST_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).defaultValue("localhost:9092").build();
    public static final PropertyDescriptor SECURITY_PROTOCOL = new PropertyDescriptor.Builder().name("security.protocol").displayName("Security Protocol").description("Protocol used to communicate with brokers. Corresponds to Kafka's 'security.protocol' property.").required(true).expressionLanguageSupported(ExpressionLanguageScope.NONE).allowableValues(new AllowableValue[]{SEC_PLAINTEXT, SEC_SSL, SEC_SASL_PLAINTEXT, SEC_SASL_SSL}).defaultValue(SEC_PLAINTEXT.getValue()).build();
    static final PropertyDescriptor SASL_MECHANISM = new PropertyDescriptor.Builder().name("sasl.mechanism").displayName("SASL Mechanism").description("The SASL mechanism to use for authentication. Corresponds to Kafka's 'sasl.mechanism' property.").required(true).expressionLanguageSupported(ExpressionLanguageScope.NONE).allowableValues(new AllowableValue[]{SASL_MECHANISM_GSSAPI, SASL_MECHANISM_PLAIN, SASL_MECHANISM_SCRAM_SHA256, SASL_MECHANISM_SCRAM_SHA512}).defaultValue(GSSAPI_VALUE).build();
    public static final PropertyDescriptor JAAS_SERVICE_NAME = new PropertyDescriptor.Builder().name("sasl.kerberos.service.name").displayName("Kerberos Service Name").description("The service name that matches the primary name of the Kafka server configured in the broker JAAS file.This can be defined either in Kafka's JAAS config or in Kafka's config. Corresponds to Kafka's 'security.protocol' property.It is ignored unless one of the SASL options of the <Security Protocol> are selected.").required(false).addValidator(StandardValidators.NON_BLANK_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    static final PropertyDescriptor USER_PRINCIPAL = new PropertyDescriptor.Builder().name("sasl.kerberos.principal").displayName("Kerberos Principal").description("The Kerberos principal that will be used to connect to brokers. If not set, it is expected to set a JAAS configuration file in the JVM properties defined in the bootstrap.conf file. This principal will be set into 'sasl.jaas.config' Kafka's property.").required(false).addValidator(StandardValidators.NON_BLANK_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    static final PropertyDescriptor USER_KEYTAB = new PropertyDescriptor.Builder().name("sasl.kerberos.keytab").displayName("Kerberos Keytab").description("The Kerberos keytab that will be used to connect to brokers. If not set, it is expected to set a JAAS configuration file in the JVM properties defined in the bootstrap.conf file. This principal will be set into 'sasl.jaas.config' Kafka's property.").required(false).addValidator(StandardValidators.FILE_EXISTS_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    static final PropertyDescriptor USERNAME = new PropertyDescriptor.Builder().name("sasl.username").displayName("Username").description("The username when the SASL Mechanism is PLAIN or SCRAM-SHA-256/SCRAM-SHA-512").required(false).addValidator(StandardValidators.NON_BLANK_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    static final PropertyDescriptor PASSWORD = new PropertyDescriptor.Builder().name("sasl.password").displayName("Password").description("The password for the given username when the SASL Mechanism is PLAIN or SCRAM-SHA-256/SCRAM-SHA-512").required(false).sensitive(true).addValidator(StandardValidators.NON_BLANK_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).build();
    static final PropertyDescriptor TOKEN_AUTH = new PropertyDescriptor.Builder().name("sasl.token.auth").displayName("Token Auth").description("When " + SASL_MECHANISM.getDisplayName() + " is " + SCRAM_SHA256_VALUE + " or " + SCRAM_SHA512_VALUE + ", this property indicates if token authentication should be used.").required(false).allowableValues(new String[]{"true", "false"}).defaultValue("false").build();
    public static final PropertyDescriptor SSL_CONTEXT_SERVICE = new PropertyDescriptor.Builder().name("ssl.context.service").displayName("SSL Context Service").description("Specifies the SSL Context Service to use for communicating with Kafka.").required(false).identifiesControllerService(SSLContextService.class).build();
    public static final PropertyDescriptor KERBEROS_CREDENTIALS_SERVICE = new PropertyDescriptor.Builder().name("kerberos-credentials-service").displayName("Kerberos Credentials Service").description("Specifies the Kerberos Credentials Controller Service that should be used for authenticating with Kerberos").identifiesControllerService(KerberosCredentialsService.class).required(false).build();

    /* loaded from: input_file:org/apache/nifi/processors/kafka/pubsub/KafkaProcessorUtils$KafkaConfigValidator.class */
    public static final class KafkaConfigValidator implements Validator {
        final Class<?> classType;

        public KafkaConfigValidator(Class<?> cls) {
            this.classType = cls;
        }

        public ValidationResult validate(String str, String str2, ValidationContext validationContext) {
            return new ValidationResult.Builder().subject(str).explanation("Must be a known configuration parameter for this kafka client").valid(KafkaProcessorUtils.isStaticStringFieldNamePresent(str, this.classType, CommonClientConfigs.class, SslConfigs.class, SaslConfigs.class)).build();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<PropertyDescriptor> getCommonPropertyDescriptors() {
        return Arrays.asList(BOOTSTRAP_SERVERS, SECURITY_PROTOCOL, SASL_MECHANISM, JAAS_SERVICE_NAME, KERBEROS_CREDENTIALS_SERVICE, USER_PRINCIPAL, USER_KEYTAB, USERNAME, PASSWORD, TOKEN_AUTH, SSL_CONTEXT_SERVICE);
    }

    public static Collection<ValidationResult> validateCommonProperties(ValidationContext validationContext) {
        String principal;
        String keytab;
        ArrayList arrayList = new ArrayList();
        String value = validationContext.getProperty(SECURITY_PROTOCOL).getValue();
        String value2 = validationContext.getProperty(SASL_MECHANISM).getValue();
        String value3 = validationContext.getProperty(USER_PRINCIPAL).evaluateAttributeExpressions().getValue();
        String value4 = validationContext.getProperty(USER_KEYTAB).evaluateAttributeExpressions().getValue();
        KerberosCredentialsService asControllerService = validationContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
        if (asControllerService == null) {
            principal = value3;
            keytab = value4;
        } else {
            principal = asControllerService.getPrincipal();
            keytab = asControllerService.getKeytab();
        }
        if (asControllerService != null && (value3 != null || value4 != null)) {
            arrayList.add(new ValidationResult.Builder().subject("Kerberos Credentials").valid(false).explanation("Cannot specify both a Kerberos Credentials Service and a principal/keytab").build());
        }
        if ("false".equalsIgnoreCase(System.getenv(ALLOW_EXPLICIT_KEYTAB)) && (value3 != null || value4 != null)) {
            arrayList.add(new ValidationResult.Builder().subject("Kerberos Credentials").valid(false).explanation("The 'NIFI_ALLOW_EXPLICIT_KEYTAB' system environment variable is configured to forbid explicitly configuring principal/keytab in processors. The Kerberos Credentials Service should be used instead of setting the Kerberos Keytab or Kerberos Principal property.").build());
        }
        if (SASL_MECHANISM_GSSAPI.getValue().equals(value2) && (SEC_SASL_PLAINTEXT.getValue().equals(value) || SEC_SASL_SSL.getValue().equals(value))) {
            String value5 = validationContext.getProperty(JAAS_SERVICE_NAME).evaluateAttributeExpressions().getValue();
            if (value5 == null || value5.trim().length() == 0) {
                arrayList.add(new ValidationResult.Builder().subject(JAAS_SERVICE_NAME.getDisplayName()).valid(false).explanation("The <" + JAAS_SERVICE_NAME.getDisplayName() + "> property must be set when <" + SECURITY_PROTOCOL.getDisplayName() + "> is configured as '" + SEC_SASL_PLAINTEXT.getValue() + "' or '" + SEC_SASL_SSL.getValue() + "'.").build());
            }
            if ((keytab == null && principal != null) || (keytab != null && principal == null)) {
                arrayList.add(new ValidationResult.Builder().subject(JAAS_SERVICE_NAME.getDisplayName()).valid(false).explanation("Both <" + USER_KEYTAB.getDisplayName() + "> and <" + USER_PRINCIPAL.getDisplayName() + "> must be set or neither must be set.").build());
            }
        }
        if (SASL_MECHANISM_PLAIN.getValue().equals(value2) || SASL_MECHANISM_SCRAM_SHA256.getValue().equals(value2) || SASL_MECHANISM_SCRAM_SHA512.getValue().equals(value2)) {
            if (StringUtils.isBlank(validationContext.getProperty(USERNAME).evaluateAttributeExpressions().getValue())) {
                arrayList.add(new ValidationResult.Builder().subject(USERNAME.getDisplayName()).valid(false).explanation("A username is required when " + SASL_MECHANISM.getDisplayName() + " is " + PLAIN_VALUE + " or " + SCRAM_SHA256_VALUE + "/" + SCRAM_SHA512_VALUE).build());
            }
            if (StringUtils.isBlank(validationContext.getProperty(PASSWORD).evaluateAttributeExpressions().getValue())) {
                arrayList.add(new ValidationResult.Builder().subject(PASSWORD.getDisplayName()).valid(false).explanation("A password is required when " + SASL_MECHANISM.getDisplayName() + " is " + PLAIN_VALUE + " or " + SCRAM_SHA256_VALUE + "/" + SCRAM_SHA512_VALUE).build());
            }
        }
        boolean z = SEC_SSL.getValue().equals(value) || SEC_SASL_SSL.getValue().equals(value);
        boolean isSet = validationContext.getProperty(SSL_CONTEXT_SERVICE).isSet();
        if (isSet && !z) {
            arrayList.add(new ValidationResult.Builder().subject(SECURITY_PROTOCOL.getDisplayName()).valid(false).explanation("If you set the SSL Controller Service you should also choose an SSL based security protocol.").build());
        }
        if (!isSet && z) {
            arrayList.add(new ValidationResult.Builder().subject(SSL_CONTEXT_SERVICE.getDisplayName()).valid(false).explanation("If you set to an SSL based protocol you need to set the SSL Controller Service").build());
        }
        String value6 = validationContext.getProperty(new PropertyDescriptor.Builder().name("enable.auto.commit").build()).getValue();
        if (value6 != null && !value6.toLowerCase().equals("false")) {
            arrayList.add(new ValidationResult.Builder().subject("enable.auto.commit").explanation("Enable auto commit must be false. It is managed by the processor.").build());
        }
        String value7 = validationContext.getProperty(new PropertyDescriptor.Builder().name("key.serializer").build()).getValue();
        if (value7 != null && !ByteArraySerializer.class.getName().equals(value7)) {
            arrayList.add(new ValidationResult.Builder().subject("key.serializer").explanation("Key Serializer must be " + ByteArraySerializer.class.getName() + "' was '" + value7 + "'").build());
        }
        String value8 = validationContext.getProperty(new PropertyDescriptor.Builder().name("value.serializer").build()).getValue();
        if (value8 != null && !ByteArraySerializer.class.getName().equals(value8)) {
            arrayList.add(new ValidationResult.Builder().subject("value.serializer").explanation("Value Serializer must be " + ByteArraySerializer.class.getName() + "' was '" + value8 + "'").build());
        }
        String value9 = validationContext.getProperty(new PropertyDescriptor.Builder().name("key.deserializer").build()).getValue();
        if (value9 != null && !ByteArrayDeserializer.class.getName().equals(value9)) {
            arrayList.add(new ValidationResult.Builder().subject("key.deserializer").explanation("Key De-Serializer must be '" + ByteArrayDeserializer.class.getName() + "' was '" + value9 + "'").build());
        }
        String value10 = validationContext.getProperty(new PropertyDescriptor.Builder().name("value.deserializer").build()).getValue();
        if (value10 != null && !ByteArrayDeserializer.class.getName().equals(value10)) {
            arrayList.add(new ValidationResult.Builder().subject("value.deserializer").explanation("Value De-Serializer must be " + ByteArrayDeserializer.class.getName() + "' was '" + value10 + "'").build());
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String buildTransitURI(String str, String str2, String str3) {
        return str + "://" + str2 + "/" + str3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void buildCommonKafkaProperties(ProcessContext processContext, Class<?> cls, Map<String, Object> map) {
        for (PropertyDescriptor propertyDescriptor : processContext.getProperties().keySet()) {
            if (propertyDescriptor.equals(SSL_CONTEXT_SERVICE)) {
                SSLContextService asControllerService = processContext.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
                if (asControllerService != null && asControllerService.isKeyStoreConfigured()) {
                    map.put("ssl.keystore.location", asControllerService.getKeyStoreFile());
                    map.put("ssl.keystore.password", asControllerService.getKeyStorePassword());
                    map.put("ssl.key.password", asControllerService.getKeyPassword() == null ? asControllerService.getKeyStorePassword() : asControllerService.getKeyPassword());
                    map.put("ssl.keystore.type", asControllerService.getKeyStoreType());
                }
                if (asControllerService != null && asControllerService.isTrustStoreConfigured()) {
                    map.put("ssl.truststore.location", asControllerService.getTrustStoreFile());
                    map.put("ssl.truststore.password", asControllerService.getTrustStorePassword());
                    map.put("ssl.truststore.type", asControllerService.getTrustStoreType());
                }
            }
            String name = propertyDescriptor.getName();
            String value = propertyDescriptor.isExpressionLanguageSupported() ? processContext.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue() : processContext.getProperty(propertyDescriptor).getValue();
            if (value != null && !name.equals(USER_PRINCIPAL.getName()) && !name.equals(USER_KEYTAB.getName())) {
                if (name.endsWith(".ms") && !StringUtils.isNumeric(value.trim())) {
                    value = String.valueOf(FormatUtils.getTimeDuration(value.trim(), TimeUnit.MILLISECONDS));
                }
                if (isStaticStringFieldNamePresent(name, cls, CommonClientConfigs.class, SslConfigs.class, SaslConfigs.class)) {
                    map.put(name, value);
                }
            }
        }
        String value2 = processContext.getProperty(SECURITY_PROTOCOL).getValue();
        if (SEC_SASL_PLAINTEXT.getValue().equals(value2) || SEC_SASL_SSL.getValue().equals(value2)) {
            setJaasConfig(map, processContext);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Supplier<String> getTransactionalIdSupplier(String str) {
        return () -> {
            return (str == null ? "" : str) + UUID.randomUUID().toString();
        };
    }

    private static void setJaasConfig(Map<String, Object> map, ProcessContext processContext) {
        String value = processContext.getProperty(SASL_MECHANISM).getValue();
        boolean z = -1;
        switch (value.hashCode()) {
            case -1875511693:
                if (value.equals(SCRAM_SHA256_VALUE)) {
                    z = 2;
                    break;
                }
                break;
            case -1875508938:
                if (value.equals(SCRAM_SHA512_VALUE)) {
                    z = 3;
                    break;
                }
                break;
            case 76210602:
                if (value.equals(PLAIN_VALUE)) {
                    z = true;
                    break;
                }
                break;
            case 2111859635:
                if (value.equals(GSSAPI_VALUE)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                setGssApiJaasConfig(map, processContext);
                return;
            case true:
                setPlainJaasConfig(map, processContext);
                return;
            case true:
            case true:
                setScramJaasConfig(map, processContext);
                return;
            default:
                throw new IllegalStateException("Unknown " + SASL_MECHANISM.getDisplayName() + ": " + value);
        }
    }

    private static void setGssApiJaasConfig(Map<String, Object> map, ProcessContext processContext) {
        String value = processContext.getProperty(USER_KEYTAB).evaluateAttributeExpressions().getValue();
        String value2 = processContext.getProperty(USER_PRINCIPAL).evaluateAttributeExpressions().getValue();
        KerberosCredentialsService asControllerService = processContext.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
        if (asControllerService != null) {
            value2 = asControllerService.getPrincipal();
            value = asControllerService.getKeytab();
        }
        String value3 = processContext.getProperty(JAAS_SERVICE_NAME).evaluateAttributeExpressions().getValue();
        if (StringUtils.isNotBlank(value) && StringUtils.isNotBlank(value2) && StringUtils.isNotBlank(value3)) {
            map.put("sasl.jaas.config", "com.sun.security.auth.module.Krb5LoginModule required useTicketCache=false renewTicket=true serviceName=\"" + value3 + "\" useKeyTab=true keyTab=\"" + value + "\" principal=\"" + value2 + "\";");
        }
    }

    private static void setPlainJaasConfig(Map<String, Object> map, ProcessContext processContext) {
        map.put("sasl.jaas.config", "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"" + processContext.getProperty(USERNAME).evaluateAttributeExpressions().getValue() + "\" password=\"" + processContext.getProperty(PASSWORD).evaluateAttributeExpressions().getValue() + "\";");
    }

    private static void setScramJaasConfig(Map<String, Object> map, ProcessContext processContext) {
        StringBuilder append = new StringBuilder("org.apache.kafka.common.security.scram.ScramLoginModule required ").append("username=\"" + processContext.getProperty(USERNAME).evaluateAttributeExpressions().getValue() + "\" ").append("password=\"" + processContext.getProperty(PASSWORD).evaluateAttributeExpressions().getValue() + "\"");
        Boolean asBoolean = processContext.getProperty(TOKEN_AUTH).asBoolean();
        if (asBoolean != null && asBoolean.booleanValue()) {
            append.append(" tokenauth=\"true\"");
        }
        append.append(";");
        map.put("sasl.jaas.config", append.toString());
    }

    public static boolean isStaticStringFieldNamePresent(String str, Class<?>... clsArr) {
        return getPublicStaticStringFieldValues(clsArr).contains(str);
    }

    private static Set<String> getPublicStaticStringFieldValues(Class<?>... clsArr) {
        HashSet hashSet = new HashSet();
        for (Class<?> cls : clsArr) {
            for (Field field : cls.getDeclaredFields()) {
                if (Modifier.isPublic(field.getModifiers()) && Modifier.isStatic(field.getModifiers()) && field.getType().equals(String.class)) {
                    try {
                        hashSet.add(String.valueOf(field.get(null)));
                    } catch (IllegalAccessException | IllegalArgumentException e) {
                    }
                }
            }
        }
        return hashSet;
    }
}
