package org.apache.sentry.kafka.authorizer;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import kafka.network.RequestChannel;
import kafka.security.auth.Acl;
import kafka.security.auth.Authorizer;
import kafka.security.auth.Operation;
import kafka.security.auth.Resource;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.sentry.kafka.binding.KafkaAuthBinding;
import org.apache.sentry.kafka.binding.KafkaAuthBindingSingleton;
import org.apache.sentry.kafka.conf.KafkaAuthConf;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.collection.immutable.Map;
import scala.collection.immutable.Set;

/* loaded from: input_file:org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizer.class */
public class SentryKafkaAuthorizer implements Authorizer {
    private static final Logger LOG = LoggerFactory.getLogger(SentryKafkaAuthorizer.class);
    private static final String INSTANCE_NAME = KafkaAuthConf.AuthzConfVars.getDefault(KafkaAuthConf.KAFKA_SERVICE_INSTANCE_NAME);
    private KafkaAuthBinding binding;
    private String kafkaServiceInstanceName = INSTANCE_NAME;
    private String requestorName = KafkaAuthConf.AuthzConfVars.getDefault(KafkaAuthConf.KAFKA_SERVICE_USER_NAME);
    String sentry_site = null;
    List<KafkaPrincipal> super_users = null;

    public boolean authorize(RequestChannel.Session session, Operation operation, Resource resource) {
        LOG.debug("Authorizing Session: " + session + " for Operation: " + operation + " on Resource: " + resource);
        KafkaPrincipal principal = session.principal();
        if (isSuperUser(principal)) {
            LOG.debug("Allowing SuperUser: " + principal + " in " + session + " for Operation: " + operation + " on Resource: " + resource);
            return true;
        }
        LOG.debug("User: " + principal + " is not a SuperUser");
        return this.binding.authorize(session, operation, resource);
    }

    public void addAcls(Set<Acl> set, Resource resource) {
        this.binding.addAcls(set, resource);
    }

    public boolean removeAcls(Set<Acl> set, Resource resource) {
        return this.binding.removeAcls(set, resource);
    }

    public boolean removeAcls(Resource resource) {
        return this.binding.removeAcls(resource);
    }

    public Set<Acl> getAcls(Resource resource) {
        return this.binding.getAcls(resource);
    }

    public Map<Resource, Set<Acl>> getAcls(KafkaPrincipal kafkaPrincipal) {
        return this.binding.getAcls(kafkaPrincipal);
    }

    public Map<Resource, Set<Acl>> getAcls() {
        return this.binding.getAcls();
    }

    public void close() {
    }

    public void configure(java.util.Map<String, ?> map) {
        Object obj = map.get(KafkaAuthConf.SENTRY_KAFKA_SITE_URL);
        if (obj != null) {
            this.sentry_site = obj.toString();
        }
        Object obj2 = map.get(KafkaAuthConf.KAFKA_SUPER_USERS);
        if (obj2 != null) {
            getSuperUsers(obj2.toString());
        }
        Object obj3 = map.get(KafkaAuthConf.KAFKA_SERVICE_INSTANCE_NAME);
        if (obj3 != null) {
            this.kafkaServiceInstanceName = obj3.toString();
        }
        Object obj4 = map.get(KafkaAuthConf.KAFKA_SERVICE_USER_NAME);
        if (obj4 != null) {
            this.requestorName = obj4.toString();
        }
        LOG.info("Configuring Sentry KafkaAuthorizer: " + this.sentry_site);
        KafkaAuthBindingSingleton kafkaAuthBindingSingleton = KafkaAuthBindingSingleton.getInstance();
        kafkaAuthBindingSingleton.configure(this.kafkaServiceInstanceName, this.requestorName, this.sentry_site, map);
        this.binding = kafkaAuthBindingSingleton.getAuthBinding();
    }

    private void getSuperUsers(String str) {
        this.super_users = new ArrayList();
        for (String str2 : str.split(";")) {
            if (!str2.isEmpty()) {
                String trim = str2.trim();
                this.super_users.add(KafkaPrincipal.fromString(trim));
                LOG.debug("Adding " + trim + " to list of Kafka SuperUsers.");
            }
        }
    }

    private boolean isSuperUser(KafkaPrincipal kafkaPrincipal) {
        if (this.super_users == null) {
            return false;
        }
        Iterator<KafkaPrincipal> it = this.super_users.iterator();
        while (it.hasNext()) {
            if (it.next().equals(kafkaPrincipal)) {
                return true;
            }
        }
        return false;
    }

    public void addRole(String str) {
        this.binding.addRole(str);
    }

    public void addRoleToGroups(String str, java.util.Set<String> set) {
        this.binding.addRoleToGroups(str, set);
    }

    public void dropAllRoles() {
        this.binding.dropAllRoles();
    }
}
