package io.streamthoughts.jikkou.kafka.reconciler.service;

import io.streamthoughts.jikkou.common.utils.Encoding;
import io.streamthoughts.jikkou.common.utils.Pair;
import io.streamthoughts.jikkou.common.utils.SecurePasswordGenerator;
import io.streamthoughts.jikkou.common.utils.Strings;
import io.streamthoughts.jikkou.core.exceptions.InterruptedException;
import io.streamthoughts.jikkou.core.exceptions.JikkouRuntimeException;
import io.streamthoughts.jikkou.core.models.ObjectMeta;
import io.streamthoughts.jikkou.kafka.model.user.V1KafkaUser;
import io.streamthoughts.jikkou.kafka.model.user.V1KafkaUserAuthentication;
import io.streamthoughts.jikkou.kafka.model.user.V1KafkaUserSpec;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.ExecutionException;
import org.apache.kafka.clients.admin.AdminClient;
import org.apache.kafka.clients.admin.ScramCredentialInfo;
import org.apache.kafka.clients.admin.ScramMechanism;
import org.apache.kafka.clients.admin.UserScramCredentialAlteration;
import org.apache.kafka.clients.admin.UserScramCredentialUpsertion;
import org.apache.kafka.clients.admin.UserScramCredentialsDescription;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:io/streamthoughts/jikkou/kafka/reconciler/service/KafkaUserService.class */
public class KafkaUserService {
    private final AdminClient client;

    /* renamed from: io.streamthoughts.jikkou.kafka.reconciler.service.KafkaUserService$1, reason: invalid class name */
    /* loaded from: input_file:io/streamthoughts/jikkou/kafka/reconciler/service/KafkaUserService$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$kafka$clients$admin$ScramMechanism = new int[ScramMechanism.values().length];

        static {
            try {
                $SwitchMap$org$apache$kafka$clients$admin$ScramMechanism[ScramMechanism.UNKNOWN.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$kafka$clients$admin$ScramMechanism[ScramMechanism.SCRAM_SHA_256.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$kafka$clients$admin$ScramMechanism[ScramMechanism.SCRAM_SHA_512.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public KafkaUserService(AdminClient adminClient) {
        this.client = (AdminClient) Objects.requireNonNull(adminClient, "client cannot be null");
    }

    public Optional<V1KafkaUser> findUserScramCredentials(String str) {
        try {
            return Optional.ofNullable((UserScramCredentialsDescription) ((Map) this.client.describeUserScramCredentials(List.of(str)).all().get()).get(str)).map(userScramCredentialsDescription -> {
                return toKafkaUser(str, userScramCredentialsDescription);
            });
        } catch (InterruptedException e) {
            throw new InterruptedException(e);
        } catch (ExecutionException e2) {
            throw new JikkouRuntimeException(e2.getCause() != null ? e2.getCause() : e2);
        }
    }

    public List<V1KafkaUser> listUserScramCredentials() {
        try {
            return ((Map) this.client.describeUserScramCredentials().all().get()).entrySet().stream().map(entry -> {
                return toKafkaUser((String) entry.getKey(), (UserScramCredentialsDescription) entry.getValue());
            }).toList();
        } catch (InterruptedException e) {
            throw new InterruptedException(e);
        } catch (ExecutionException e2) {
            throw new JikkouRuntimeException(e2.getCause() != null ? e2.getCause() : e2);
        }
    }

    @NotNull
    private V1KafkaUser toKafkaUser(String str, UserScramCredentialsDescription userScramCredentialsDescription) {
        return ((V1KafkaUser.Builder) ((V1KafkaUser.Builder) V1KafkaUser.builder().withMetadata(new ObjectMeta(str))).withSpec(V1KafkaUserSpec.builder().withAuthentications(userScramCredentialsDescription.credentialInfos().stream().map(this::map).filter((v0) -> {
            return Objects.nonNull(v0);
        }).toList()).build())).m28build();
    }

    public static Pair<V1KafkaUserAuthentication, UserScramCredentialAlteration> handleScramSha512(String str, V1KafkaUserAuthentication.ScramSha512 scramSha512) {
        ScramCredentialInfo scramCredentialInfo = new ScramCredentialInfo(ScramMechanism.SCRAM_SHA_512, ((Integer) Optional.ofNullable(scramSha512.iterations()).orElse(Integer.valueOf(V1KafkaUserAuthentication.DEFAULT_ITERATIONS))).intValue());
        String password = scramSha512.password();
        if (Strings.isBlank(scramSha512.password())) {
            password = SecurePasswordGenerator.getDefault().generate(32);
        }
        UserScramCredentialUpsertion userScramCredentialUpsertion = new UserScramCredentialUpsertion(str, scramCredentialInfo, password);
        return Pair.of(scramSha512.toBuilder().withIterations(Integer.valueOf(scramCredentialInfo.iterations())).withPassword(password).withSalt(Encoding.BASE64.encode(userScramCredentialUpsertion.salt())).build(), userScramCredentialUpsertion);
    }

    public static Pair<V1KafkaUserAuthentication, UserScramCredentialAlteration> handleScramSha256(String str, V1KafkaUserAuthentication.ScramSha256 scramSha256) {
        ScramCredentialInfo scramCredentialInfo = new ScramCredentialInfo(ScramMechanism.SCRAM_SHA_256, ((Integer) Optional.ofNullable(scramSha256.iterations()).orElse(Integer.valueOf(V1KafkaUserAuthentication.DEFAULT_ITERATIONS))).intValue());
        String password = scramSha256.password();
        if (Strings.isBlank(scramSha256.password())) {
            password = SecurePasswordGenerator.getDefault().generate(32);
        }
        UserScramCredentialUpsertion userScramCredentialUpsertion = new UserScramCredentialUpsertion(str, scramCredentialInfo, password);
        return Pair.of(scramSha256.toBuilder().withIterations(Integer.valueOf(scramCredentialInfo.iterations())).withPassword(password).withSalt(Encoding.BASE64.encode(userScramCredentialUpsertion.salt())).build(), userScramCredentialUpsertion);
    }

    private V1KafkaUserAuthentication map(ScramCredentialInfo scramCredentialInfo) {
        switch (AnonymousClass1.$SwitchMap$org$apache$kafka$clients$admin$ScramMechanism[scramCredentialInfo.mechanism().ordinal()]) {
            case 1:
                return null;
            case 2:
                return new V1KafkaUserAuthentication.ScramSha256(null, Integer.valueOf(scramCredentialInfo.iterations()), null);
            case 3:
                return new V1KafkaUserAuthentication.ScramSha512(null, Integer.valueOf(scramCredentialInfo.iterations()), null);
            default:
                throw new MatchException((String) null, (Throwable) null);
        }
    }
}
