package org.apache.kafka.tools;

import java.io.IOException;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.stream.Collectors;
import joptsimple.OptionException;
import joptsimple.OptionSpec;
import joptsimple.OptionSpecBuilder;
import joptsimple.ValueConversionException;
import joptsimple.util.EnumConverter;
import org.apache.kafka.clients.admin.Admin;
import org.apache.kafka.common.acl.AccessControlEntry;
import org.apache.kafka.common.acl.AccessControlEntryFilter;
import org.apache.kafka.common.acl.AclBinding;
import org.apache.kafka.common.acl.AclBindingFilter;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.acl.AclPermissionType;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.resource.ResourcePattern;
import org.apache.kafka.common.resource.ResourcePatternFilter;
import org.apache.kafka.common.resource.ResourceType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.utils.Exit;
import org.apache.kafka.common.utils.SecurityUtils;
import org.apache.kafka.common.utils.Utils;
import org.apache.kafka.security.authorizer.AclEntry;
import org.apache.kafka.server.util.CommandDefaultOptions;
import org.apache.kafka.server.util.CommandLineUtils;

/* loaded from: input_file:org/apache/kafka/tools/AclCommand.class */
public class AclCommand {
    private static final ResourcePatternFilter CLUSTER_RESOURCE_FILTER = new ResourcePatternFilter(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL);
    private static final String NL = System.lineSeparator();

    /* loaded from: input_file:org/apache/kafka/tools/AclCommand$AclCommandOptions.class */
    public static class AclCommandOptions extends CommandDefaultOptions {
        private final OptionSpec<String> bootstrapServerOpt;
        private final OptionSpec<String> bootstrapControllerOpt;
        private final OptionSpec<String> commandConfigOpt;
        private final OptionSpec<String> topicOpt;
        private final OptionSpecBuilder clusterOpt;
        private final OptionSpec<String> groupOpt;
        private final OptionSpec<String> transactionalIdOpt;
        private final OptionSpecBuilder idempotentOpt;
        private final OptionSpec<String> delegationTokenOpt;
        private final OptionSpec<PatternType> resourcePatternType;
        private final OptionSpecBuilder addOpt;
        private final OptionSpecBuilder removeOpt;
        private final OptionSpecBuilder listOpt;
        private final OptionSpec<String> operationsOpt;
        private final OptionSpec<String> allowPrincipalsOpt;
        private final OptionSpec<String> denyPrincipalsOpt;
        private final OptionSpec<String> listPrincipalsOpt;
        private final OptionSpec<String> allowHostsOpt;
        private final OptionSpec<String> denyHostsOpt;
        private final OptionSpecBuilder producerOpt;
        private final OptionSpecBuilder consumerOpt;
        private final OptionSpecBuilder forceOpt;
        private final OptionSpec<String> userPrincipalOpt;

        public AclCommandOptions(String[] strArr) {
            super(strArr);
            this.bootstrapServerOpt = this.parser.accepts("bootstrap-server", "A list of host/port pairs to use for establishing the connection to the Kafka cluster. This list should be in the form host1:port1,host2:port2,... This config is required for acl management using admin client API.").withRequiredArg().describedAs("server to connect to").ofType(String.class);
            this.bootstrapControllerOpt = this.parser.accepts("bootstrap-controller", "A list of host/port pairs to use for establishing the connection to the Kafka cluster. This list should be in the form host1:port1,host2:port2,... This config is required for acl management using admin client API.").withRequiredArg().describedAs("controller to connect to").ofType(String.class);
            this.commandConfigOpt = this.parser.accepts("command-config", "A property file containing configs to be passed to Admin Client.").withOptionalArg().describedAs("command-config").ofType(String.class);
            this.topicOpt = this.parser.accepts("topic", "topic to which ACLs should be added or removed. A value of '*' indicates ACL should apply to all topics.").withRequiredArg().describedAs("topic").ofType(String.class);
            this.clusterOpt = this.parser.accepts("cluster", "Add/Remove cluster ACLs.");
            this.groupOpt = this.parser.accepts("group", "Consumer Group to which the ACLs should be added or removed. A value of '*' indicates the ACLs should apply to all groups.").withRequiredArg().describedAs("group").ofType(String.class);
            this.transactionalIdOpt = this.parser.accepts("transactional-id", "The transactionalId to which ACLs should be added or removed. A value of '*' indicates the ACLs should apply to all transactionalIds.").withRequiredArg().describedAs("transactional-id").ofType(String.class);
            this.idempotentOpt = this.parser.accepts("idempotent", "Enable idempotence for the producer. This should be used in combination with the --producer option. Note that idempotence is enabled automatically if the producer is authorized to a particular transactional-id.");
            this.delegationTokenOpt = this.parser.accepts("delegation-token", "Delegation token to which ACLs should be added or removed. A value of '*' indicates ACL should apply to all tokens.").withRequiredArg().describedAs("delegation-token").ofType(String.class);
            this.resourcePatternType = this.parser.accepts("resource-pattern-type", "The type of the resource pattern or pattern filter. When adding acls, this should be a specific pattern type, e.g. 'literal' or 'prefixed'. When listing or removing acls, a specific pattern type can be used to list or remove acls from specific resource patterns, or use the filter values of 'any' or 'match', where 'any' will match any pattern type, but will match the resource name exactly, where as 'match' will perform pattern matching to list or remove all acls that affect the supplied resource(s). WARNING: 'match', when used in combination with the '--remove' switch, should be used with care.").withRequiredArg().ofType(String.class).withValuesConvertedBy(new PatternTypeConverter()).defaultsTo(PatternType.LITERAL, new PatternType[0]);
            this.addOpt = this.parser.accepts("add", "Indicates you are trying to add ACLs.");
            this.removeOpt = this.parser.accepts("remove", "Indicates you are trying to remove ACLs.");
            this.listOpt = this.parser.accepts("list", "List ACLs for the specified resource, use --topic <topic> or --group <group> or --cluster to specify a resource.");
            this.operationsOpt = this.parser.accepts("operation", "Operation that is being allowed or denied. Valid operation names are: " + AclCommand.NL + ((String) AclEntry.ACL_OPERATIONS.stream().map(aclOperation -> {
                return "\t" + SecurityUtils.operationName(aclOperation);
            }).collect(Collectors.joining(AclCommand.NL))) + AclCommand.NL).withRequiredArg().ofType(String.class).defaultsTo(SecurityUtils.operationName(AclOperation.ALL), new String[0]);
            this.allowPrincipalsOpt = this.parser.accepts("allow-principal", "principal is in principalType:name format. Note that principalType must be supported by the Authorizer being used. For example, User:'*' is the wild card indicating all users.").withRequiredArg().describedAs("allow-principal").ofType(String.class);
            this.denyPrincipalsOpt = this.parser.accepts("deny-principal", "principal is in principalType:name format. By default anyone not added through --allow-principal is denied access. You only need to use this option as negation to already allowed set. Note that principalType must be supported by the Authorizer being used. For example if you wanted to allow access to all users in the system but not test-user you can define an ACL that allows access to User:'*' and specify --deny-principal=User:test@EXAMPLE.COM. AND PLEASE REMEMBER DENY RULES TAKES PRECEDENCE OVER ALLOW RULES.").withRequiredArg().describedAs("deny-principal").ofType(String.class);
            this.listPrincipalsOpt = this.parser.accepts("principal", "List ACLs for the specified principal. principal is in principalType:name format. Note that principalType must be supported by the Authorizer being used. Multiple --principal option can be passed.").withOptionalArg().describedAs("principal").ofType(String.class);
            this.allowHostsOpt = this.parser.accepts("allow-host", "Host from which principals listed in --allow-principal will have access. If you have specified --allow-principal then the default for this option will be set to '*' which allows access from all hosts.").withRequiredArg().describedAs("allow-host").ofType(String.class);
            this.denyHostsOpt = this.parser.accepts("deny-host", "Host from which principals listed in --deny-principal will be denied access. If you have specified --deny-principal then the default for this option will be set to '*' which denies access from all hosts.").withRequiredArg().describedAs("deny-host").ofType(String.class);
            this.producerOpt = this.parser.accepts("producer", "Convenience option to add/remove ACLs for producer role. This will generate ACLs that allows WRITE,DESCRIBE and CREATE on topic.");
            this.consumerOpt = this.parser.accepts("consumer", "Convenience option to add/remove ACLs for consumer role. This will generate ACLs that allows READ,DESCRIBE on topic and READ on group.");
            this.forceOpt = this.parser.accepts("force", "Assume Yes to all queries and do not prompt.");
            this.userPrincipalOpt = this.parser.accepts("user-principal", "Specifies a user principal as a resource in relation with the operation. For instance one could grant CreateTokens or DescribeTokens permission on a given user principal.").withRequiredArg().describedAs("user-principal").ofType(String.class);
            try {
                this.options = this.parser.parse(strArr);
            } catch (OptionException e) {
                CommandLineUtils.printUsageAndExit(this.parser, e.getMessage());
            }
            checkArgs();
        }

        void checkArgs() {
            CommandLineUtils.maybePrintHelpOrVersion(this, "This tool helps to manage acls on kafka.");
            if (this.options.has(this.bootstrapServerOpt) && this.options.has(this.bootstrapControllerOpt)) {
                CommandLineUtils.printUsageAndExit(this.parser, "Only one of --bootstrap-server or --bootstrap-controller must be specified");
            }
            if (!this.options.has(this.bootstrapServerOpt) && !this.options.has(this.bootstrapControllerOpt)) {
                CommandLineUtils.printUsageAndExit(this.parser, "One of --bootstrap-server or --bootstrap-controller must be specified");
            }
            if (Arrays.asList(this.addOpt, this.removeOpt, this.listOpt).stream().filter(abstractOptionSpec -> {
                return this.options.has(abstractOptionSpec);
            }).count() != 1) {
                CommandLineUtils.printUsageAndExit(this.parser, "Command must include exactly one action: --list, --add, --remove. ");
            }
            CommandLineUtils.checkInvalidArgs(this.parser, this.options, this.listOpt, new OptionSpec[]{this.producerOpt, this.consumerOpt, this.allowHostsOpt, this.allowPrincipalsOpt, this.denyHostsOpt, this.denyPrincipalsOpt});
            CommandLineUtils.checkInvalidArgs(this.parser, this.options, this.producerOpt, new OptionSpec[]{this.operationsOpt, this.denyPrincipalsOpt, this.denyHostsOpt});
            CommandLineUtils.checkInvalidArgs(this.parser, this.options, this.consumerOpt, new OptionSpec[]{this.operationsOpt, this.denyPrincipalsOpt, this.denyHostsOpt});
            if (this.options.has(this.listPrincipalsOpt) && !this.options.has(this.listOpt)) {
                CommandLineUtils.printUsageAndExit(this.parser, "The --principal option is only available if --list is set");
            }
            if (this.options.has(this.producerOpt) && !this.options.has(this.topicOpt)) {
                CommandLineUtils.printUsageAndExit(this.parser, "With --producer you must specify a --topic");
            }
            if (this.options.has(this.idempotentOpt) && !this.options.has(this.producerOpt)) {
                CommandLineUtils.printUsageAndExit(this.parser, "The --idempotent option is only available if --producer is set");
            }
            if (this.options.has(this.consumerOpt)) {
                if (this.options.has(this.topicOpt) && this.options.has(this.groupOpt)) {
                    if (this.options.has(this.producerOpt)) {
                        return;
                    }
                    if (!this.options.has(this.clusterOpt) && !this.options.has(this.transactionalIdOpt)) {
                        return;
                    }
                }
                CommandLineUtils.printUsageAndExit(this.parser, "With --consumer you must specify a --topic and a --group and no --cluster or --transactional-id option should be specified.");
            }
        }
    }

    /* loaded from: input_file:org/apache/kafka/tools/AclCommand$AdminClientService.class */
    private static class AdminClientService {
        private final AclCommandOptions opts;

        AdminClientService(AclCommandOptions aclCommandOptions) {
            this.opts = aclCommandOptions;
        }

        void addAcls(Admin admin) throws ExecutionException, InterruptedException {
            for (Map.Entry<ResourcePattern, Set<AccessControlEntry>> entry : AclCommand.getResourceToAcls(this.opts).entrySet()) {
                ResourcePattern key = entry.getKey();
                Set<AccessControlEntry> value = entry.getValue();
                System.out.println("Adding ACLs for resource `" + String.valueOf(key) + "`: " + AclCommand.NL + " " + ((String) value.stream().map(accessControlEntry -> {
                    return "\t" + String.valueOf(accessControlEntry);
                }).collect(Collectors.joining(AclCommand.NL))) + AclCommand.NL);
                admin.createAcls((Collection) value.stream().map(accessControlEntry2 -> {
                    return new AclBinding(key, accessControlEntry2);
                }).collect(Collectors.toList())).all().get();
            }
        }

        void removeAcls(Admin admin) throws ExecutionException, InterruptedException {
            for (Map.Entry<ResourcePatternFilter, Set<AccessControlEntry>> entry : AclCommand.getResourceFilterToAcls(this.opts).entrySet()) {
                ResourcePatternFilter key = entry.getKey();
                Set<AccessControlEntry> value = entry.getValue();
                if (!value.isEmpty()) {
                    if (AclCommand.confirmAction(this.opts, "Are you sure you want to remove ACLs: " + AclCommand.NL + " " + ((String) value.stream().map(accessControlEntry -> {
                        return "\t" + String.valueOf(accessControlEntry);
                    }).collect(Collectors.joining(AclCommand.NL))) + AclCommand.NL + " from resource filter `" + String.valueOf(key) + "`? (y/n)")) {
                        removeAcls(admin, value, key);
                    }
                } else if (AclCommand.confirmAction(this.opts, "Are you sure you want to delete all ACLs for resource filter `" + String.valueOf(key) + "`? (y/n)")) {
                    removeAcls(admin, value, key);
                }
            }
        }

        private void listAcls(Admin admin) throws ExecutionException, InterruptedException {
            Set<ResourcePatternFilter> resourceFilter = AclCommand.getResourceFilter(this.opts, false);
            Set<KafkaPrincipal> principals = AclCommand.getPrincipals(this.opts, this.opts.listPrincipalsOpt);
            Map<ResourcePattern, Set<AccessControlEntry>> acls = getAcls(admin, resourceFilter);
            if (principals.isEmpty()) {
                printResourceAcls(acls);
            } else {
                principals.forEach(kafkaPrincipal -> {
                    System.out.println("ACLs for principal `" + String.valueOf(kafkaPrincipal) + "`");
                    printResourceAcls((Map) acls.entrySet().stream().map(entry -> {
                        return new AbstractMap.SimpleEntry((ResourcePattern) entry.getKey(), (Set) ((Set) entry.getValue()).stream().filter(accessControlEntry -> {
                            return kafkaPrincipal.toString().equals(accessControlEntry.principal());
                        }).collect(Collectors.toSet()));
                    }).filter(simpleEntry -> {
                        return !((Set) simpleEntry.getValue()).isEmpty();
                    }).collect(Collectors.toMap((v0) -> {
                        return v0.getKey();
                    }, (v0) -> {
                        return v0.getValue();
                    })));
                });
            }
        }

        private static void printResourceAcls(Map<ResourcePattern, Set<AccessControlEntry>> map) {
            map.forEach((resourcePattern, set) -> {
                System.out.println("Current ACLs for resource `" + String.valueOf(resourcePattern) + "`:" + AclCommand.NL + ((String) set.stream().map(accessControlEntry -> {
                    return "\t" + String.valueOf(accessControlEntry);
                }).collect(Collectors.joining(AclCommand.NL))) + AclCommand.NL);
            });
        }

        private static void removeAcls(Admin admin, Set<AccessControlEntry> set, ResourcePatternFilter resourcePatternFilter) throws ExecutionException, InterruptedException {
            if (set.isEmpty()) {
                admin.deleteAcls(Collections.singletonList(new AclBindingFilter(resourcePatternFilter, AccessControlEntryFilter.ANY))).all().get();
            } else {
                admin.deleteAcls((List) set.stream().map(accessControlEntry -> {
                    return new AclBindingFilter(resourcePatternFilter, accessControlEntry.toFilter());
                }).collect(Collectors.toList())).all().get();
            }
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v34, types: [java.util.Collection] */
        private Map<ResourcePattern, Set<AccessControlEntry>> getAcls(Admin admin, Set<ResourcePatternFilter> set) throws ExecutionException, InterruptedException {
            ArrayList<AclBinding> arrayList;
            if (set.isEmpty()) {
                arrayList = (Collection) admin.describeAcls(AclBindingFilter.ANY).values().get();
            } else {
                arrayList = new ArrayList();
                Iterator<ResourcePatternFilter> it = set.iterator();
                while (it.hasNext()) {
                    arrayList.addAll((Collection) admin.describeAcls(new AclBindingFilter(it.next(), AccessControlEntryFilter.ANY)).values().get());
                }
            }
            HashMap hashMap = new HashMap();
            for (AclBinding aclBinding : arrayList) {
                ResourcePattern pattern = aclBinding.pattern();
                Set set2 = (Set) hashMap.getOrDefault(pattern, new HashSet());
                set2.add(aclBinding.entry());
                hashMap.put(pattern, set2);
            }
            return hashMap;
        }
    }

    /* loaded from: input_file:org/apache/kafka/tools/AclCommand$PatternTypeConverter.class */
    static class PatternTypeConverter extends EnumConverter<PatternType> {
        PatternTypeConverter() {
            super(PatternType.class);
        }

        /* renamed from: convert, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
        public PatternType m2convert(String str) {
            PatternType convert = super.convert(str);
            if (convert.isUnknown()) {
                throw new ValueConversionException("Unknown resource-pattern-type: " + str);
            }
            return convert;
        }

        public String valuePattern() {
            return (String) ((List) Arrays.asList(PatternType.values()).stream().filter(patternType -> {
                return patternType != PatternType.UNKNOWN;
            }).collect(Collectors.toList())).stream().map((v0) -> {
                return v0.toString();
            }).collect(Collectors.joining("|"));
        }
    }

    public static void main(String[] strArr) {
        AclCommandOptions aclCommandOptions = new AclCommandOptions(strArr);
        AdminClientService adminClientService = new AdminClientService(aclCommandOptions);
        try {
            Admin create = Admin.create(adminConfigs(aclCommandOptions));
            try {
                if (aclCommandOptions.options.has(aclCommandOptions.addOpt)) {
                    adminClientService.addAcls(create);
                } else if (aclCommandOptions.options.has(aclCommandOptions.removeOpt)) {
                    adminClientService.removeAcls(create);
                } else if (aclCommandOptions.options.has(aclCommandOptions.listOpt)) {
                    adminClientService.listAcls(create);
                }
                if (create != null) {
                    create.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            System.out.println("Error while executing ACL command: " + th.getMessage());
            System.out.println(Utils.stackTrace(th));
            Exit.exit(1);
        }
    }

    private static Properties adminConfigs(AclCommandOptions aclCommandOptions) throws IOException {
        Properties properties = new Properties();
        if (aclCommandOptions.options.has(aclCommandOptions.commandConfigOpt)) {
            properties = Utils.loadProps((String) aclCommandOptions.options.valueOf(aclCommandOptions.commandConfigOpt));
        }
        if (aclCommandOptions.options.has(aclCommandOptions.bootstrapServerOpt)) {
            properties.put("bootstrap.servers", aclCommandOptions.options.valueOf(aclCommandOptions.bootstrapServerOpt));
        } else {
            properties.put("bootstrap.controllers", aclCommandOptions.options.valueOf(aclCommandOptions.bootstrapControllerOpt));
        }
        return properties;
    }

    private static Map<ResourcePattern, Set<AccessControlEntry>> getResourceToAcls(AclCommandOptions aclCommandOptions) {
        PatternType patternType = (PatternType) aclCommandOptions.options.valueOf(aclCommandOptions.resourcePatternType);
        if (!patternType.isSpecific()) {
            CommandLineUtils.printUsageAndExit(aclCommandOptions.parser, "A '--resource-pattern-type' value of '" + String.valueOf(patternType) + "' is not valid when adding acls.");
        }
        Map<ResourcePattern, Set<AccessControlEntry>> map = (Map) getResourceFilterToAcls(aclCommandOptions).entrySet().stream().collect(Collectors.toMap(entry -> {
            return new ResourcePattern(((ResourcePatternFilter) entry.getKey()).resourceType(), ((ResourcePatternFilter) entry.getKey()).name(), ((ResourcePatternFilter) entry.getKey()).patternType());
        }, (v0) -> {
            return v0.getValue();
        }));
        if (map.values().stream().anyMatch((v0) -> {
            return v0.isEmpty();
        })) {
            CommandLineUtils.printUsageAndExit(aclCommandOptions.parser, "You must specify one of: --allow-principal, --deny-principal when trying to add ACLs.");
        }
        return map;
    }

    private static Map<ResourcePatternFilter, Set<AccessControlEntry>> getResourceFilterToAcls(AclCommandOptions aclCommandOptions) {
        HashMap hashMap = new HashMap();
        if (!aclCommandOptions.options.has(aclCommandOptions.producerOpt) && !aclCommandOptions.options.has(aclCommandOptions.consumerOpt)) {
            hashMap.putAll(getCliResourceFilterToAcls(aclCommandOptions));
        }
        if (aclCommandOptions.options.has(aclCommandOptions.producerOpt)) {
            hashMap.putAll(getProducerResourceFilterToAcls(aclCommandOptions));
        }
        if (aclCommandOptions.options.has(aclCommandOptions.consumerOpt)) {
            getConsumerResourceFilterToAcls(aclCommandOptions).forEach((resourcePatternFilter, set) -> {
                Set set = (Set) hashMap.getOrDefault(resourcePatternFilter, new HashSet());
                set.addAll(set);
                hashMap.put(resourcePatternFilter, set);
            });
        }
        validateOperation(aclCommandOptions, hashMap);
        return hashMap;
    }

    private static Map<ResourcePatternFilter, Set<AccessControlEntry>> getProducerResourceFilterToAcls(AclCommandOptions aclCommandOptions) {
        Set<ResourcePatternFilter> resourceFilter = getResourceFilter(aclCommandOptions, true);
        Set set = (Set) resourceFilter.stream().filter(resourcePatternFilter -> {
            return resourcePatternFilter.resourceType() == ResourceType.TOPIC;
        }).collect(Collectors.toSet());
        Set set2 = (Set) resourceFilter.stream().filter(resourcePatternFilter2 -> {
            return resourcePatternFilter2.resourceType() == ResourceType.TRANSACTIONAL_ID;
        }).collect(Collectors.toSet());
        boolean has = aclCommandOptions.options.has(aclCommandOptions.idempotentOpt);
        Set<AccessControlEntry> acl = getAcl(aclCommandOptions, new HashSet(Arrays.asList(AclOperation.WRITE, AclOperation.DESCRIBE, AclOperation.CREATE)));
        Set<AccessControlEntry> acl2 = getAcl(aclCommandOptions, new HashSet(Arrays.asList(AclOperation.WRITE, AclOperation.DESCRIBE)));
        HashMap hashMap = new HashMap();
        Iterator it = set.iterator();
        while (it.hasNext()) {
            hashMap.put((ResourcePatternFilter) it.next(), acl);
        }
        Iterator it2 = set2.iterator();
        while (it2.hasNext()) {
            hashMap.put((ResourcePatternFilter) it2.next(), acl2);
        }
        if (has) {
            hashMap.put(CLUSTER_RESOURCE_FILTER, getAcl(aclCommandOptions, Collections.singleton(AclOperation.IDEMPOTENT_WRITE)));
        }
        return hashMap;
    }

    private static Map<ResourcePatternFilter, Set<AccessControlEntry>> getConsumerResourceFilterToAcls(AclCommandOptions aclCommandOptions) {
        Set<ResourcePatternFilter> resourceFilter = getResourceFilter(aclCommandOptions, true);
        Set set = (Set) resourceFilter.stream().filter(resourcePatternFilter -> {
            return resourcePatternFilter.resourceType() == ResourceType.TOPIC;
        }).collect(Collectors.toSet());
        Set set2 = (Set) resourceFilter.stream().filter(resourcePatternFilter2 -> {
            return resourcePatternFilter2.resourceType() == ResourceType.GROUP;
        }).collect(Collectors.toSet());
        Set<AccessControlEntry> acl = getAcl(aclCommandOptions, new HashSet(Arrays.asList(AclOperation.READ, AclOperation.DESCRIBE)));
        Set<AccessControlEntry> acl2 = getAcl(aclCommandOptions, Collections.singleton(AclOperation.READ));
        HashMap hashMap = new HashMap();
        Iterator it = set.iterator();
        while (it.hasNext()) {
            hashMap.put((ResourcePatternFilter) it.next(), acl);
        }
        Iterator it2 = set2.iterator();
        while (it2.hasNext()) {
            hashMap.put((ResourcePatternFilter) it2.next(), acl2);
        }
        return hashMap;
    }

    private static Map<ResourcePatternFilter, Set<AccessControlEntry>> getCliResourceFilterToAcls(AclCommandOptions aclCommandOptions) {
        Set<AccessControlEntry> acl = getAcl(aclCommandOptions);
        return (Map) getResourceFilter(aclCommandOptions, true).stream().collect(Collectors.toMap(resourcePatternFilter -> {
            return resourcePatternFilter;
        }, resourcePatternFilter2 -> {
            return acl;
        }));
    }

    private static Set<AccessControlEntry> getAcl(AclCommandOptions aclCommandOptions, Set<AclOperation> set) {
        Set<KafkaPrincipal> principals = getPrincipals(aclCommandOptions, aclCommandOptions.allowPrincipalsOpt);
        Set<KafkaPrincipal> principals2 = getPrincipals(aclCommandOptions, aclCommandOptions.denyPrincipalsOpt);
        Set<String> hosts = getHosts(aclCommandOptions, aclCommandOptions.allowHostsOpt, aclCommandOptions.allowPrincipalsOpt);
        Set<String> hosts2 = getHosts(aclCommandOptions, aclCommandOptions.denyHostsOpt, aclCommandOptions.denyPrincipalsOpt);
        HashSet hashSet = new HashSet();
        if (!hosts.isEmpty() && !principals.isEmpty()) {
            hashSet.addAll(getAcls(principals, AclPermissionType.ALLOW, set, hosts));
        }
        if (!hosts2.isEmpty() && !principals2.isEmpty()) {
            hashSet.addAll(getAcls(principals2, AclPermissionType.DENY, set, hosts2));
        }
        return hashSet;
    }

    private static Set<AccessControlEntry> getAcl(AclCommandOptions aclCommandOptions) {
        return getAcl(aclCommandOptions, (Set) aclCommandOptions.options.valuesOf(aclCommandOptions.operationsOpt).stream().map(str -> {
            return SecurityUtils.operation(str.trim());
        }).collect(Collectors.toSet()));
    }

    static Set<AccessControlEntry> getAcls(Set<KafkaPrincipal> set, AclPermissionType aclPermissionType, Set<AclOperation> set2, Set<String> set3) {
        HashSet hashSet = new HashSet();
        for (KafkaPrincipal kafkaPrincipal : set) {
            for (AclOperation aclOperation : set2) {
                Iterator<String> it = set3.iterator();
                while (it.hasNext()) {
                    hashSet.add(new AccessControlEntry(kafkaPrincipal.toString(), it.next(), aclOperation, aclPermissionType));
                }
            }
        }
        return hashSet;
    }

    private static Set<String> getHosts(AclCommandOptions aclCommandOptions, OptionSpec<String> optionSpec, OptionSpec<String> optionSpec2) {
        return aclCommandOptions.options.has(optionSpec) ? (Set) aclCommandOptions.options.valuesOf(optionSpec).stream().map((v0) -> {
            return v0.trim();
        }).collect(Collectors.toSet()) : aclCommandOptions.options.has(optionSpec2) ? Collections.singleton("*") : Collections.emptySet();
    }

    private static Set<KafkaPrincipal> getPrincipals(AclCommandOptions aclCommandOptions, OptionSpec<String> optionSpec) {
        return aclCommandOptions.options.has(optionSpec) ? (Set) aclCommandOptions.options.valuesOf(optionSpec).stream().map(str -> {
            return SecurityUtils.parseKafkaPrincipal(str.trim());
        }).collect(Collectors.toSet()) : Collections.emptySet();
    }

    private static Set<ResourcePatternFilter> getResourceFilter(AclCommandOptions aclCommandOptions, boolean z) {
        PatternType patternType = (PatternType) aclCommandOptions.options.valueOf(aclCommandOptions.resourcePatternType);
        HashSet hashSet = new HashSet();
        if (aclCommandOptions.options.has(aclCommandOptions.topicOpt)) {
            aclCommandOptions.options.valuesOf(aclCommandOptions.topicOpt).forEach(str -> {
                hashSet.add(new ResourcePatternFilter(ResourceType.TOPIC, str.trim(), patternType));
            });
        }
        if (patternType == PatternType.LITERAL && (aclCommandOptions.options.has(aclCommandOptions.clusterOpt) || aclCommandOptions.options.has(aclCommandOptions.idempotentOpt))) {
            hashSet.add(CLUSTER_RESOURCE_FILTER);
        }
        if (aclCommandOptions.options.has(aclCommandOptions.groupOpt)) {
            aclCommandOptions.options.valuesOf(aclCommandOptions.groupOpt).forEach(str2 -> {
                hashSet.add(new ResourcePatternFilter(ResourceType.GROUP, str2.trim(), patternType));
            });
        }
        if (aclCommandOptions.options.has(aclCommandOptions.transactionalIdOpt)) {
            aclCommandOptions.options.valuesOf(aclCommandOptions.transactionalIdOpt).forEach(str3 -> {
                hashSet.add(new ResourcePatternFilter(ResourceType.TRANSACTIONAL_ID, str3, patternType));
            });
        }
        if (aclCommandOptions.options.has(aclCommandOptions.delegationTokenOpt)) {
            aclCommandOptions.options.valuesOf(aclCommandOptions.delegationTokenOpt).forEach(str4 -> {
                hashSet.add(new ResourcePatternFilter(ResourceType.DELEGATION_TOKEN, str4.trim(), patternType));
            });
        }
        if (aclCommandOptions.options.has(aclCommandOptions.userPrincipalOpt)) {
            aclCommandOptions.options.valuesOf(aclCommandOptions.userPrincipalOpt).forEach(str5 -> {
                hashSet.add(new ResourcePatternFilter(ResourceType.USER, str5.trim(), patternType));
            });
        }
        if (hashSet.isEmpty() && z) {
            CommandLineUtils.printUsageAndExit(aclCommandOptions.parser, "You must provide at least one resource: --topic <topic> or --cluster or --group <group> or --delegation-token <Delegation Token ID>");
        }
        return hashSet;
    }

    private static boolean confirmAction(AclCommandOptions aclCommandOptions, String str) {
        if (aclCommandOptions.options.has(aclCommandOptions.forceOpt)) {
            return true;
        }
        System.out.println(str);
        return System.console().readLine().equalsIgnoreCase("y");
    }

    private static void validateOperation(AclCommandOptions aclCommandOptions, Map<ResourcePatternFilter, Set<AccessControlEntry>> map) {
        for (Map.Entry<ResourcePatternFilter, Set<AccessControlEntry>> entry : map.entrySet()) {
            ResourcePatternFilter key = entry.getKey();
            Set<AccessControlEntry> value = entry.getValue();
            HashSet hashSet = new HashSet(AclEntry.supportedOperations(key.resourceType()));
            hashSet.add(AclOperation.ALL);
            HashSet hashSet2 = new HashSet();
            for (AccessControlEntry accessControlEntry : value) {
                if (!hashSet.contains(accessControlEntry.operation())) {
                    hashSet2.add(accessControlEntry.operation());
                }
            }
            if (!hashSet2.isEmpty()) {
                CommandLineUtils.printUsageAndExit(aclCommandOptions.parser, String.format("ResourceType %s only supports operations %s", key.resourceType(), hashSet));
            }
        }
    }
}
