package kafka.server;

import com.linkedin.venice.controllerapi.ControllerApiConstants;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.util.Base64;
import java.util.Collection;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import kafka.utils.Json$;
import kafka.utils.json.DecodeJson$;
import kafka.utils.json.DecodeJson$DecodeInt$;
import kafka.utils.json.DecodeJson$DecodeLong$;
import kafka.utils.json.DecodeJson$DecodeString$;
import kafka.utils.json.JsonObject;
import kafka.utils.json.JsonValue;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.token.delegation.DelegationToken;
import org.apache.kafka.common.security.token.delegation.TokenInformation;
import org.apache.kafka.common.utils.Sanitizer;
import org.apache.kafka.common.utils.SecurityUtils;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.collection.Iterable;
import scala.collection.Iterable$;
import scala.collection.JavaConverters$;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.TraversableLike;
import scala.collection.immutable.List;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.collection.mutable.ArrayOps;
import scala.collection.mutable.Map$;
import scala.runtime.BoxesRunTime;

/* compiled from: DelegationTokenManager.scala */
/* loaded from: input_file:kafka/server/DelegationTokenManager$.class */
public final class DelegationTokenManager$ {
    public static DelegationTokenManager$ MODULE$;
    private final String DefaultHmacAlgorithm;
    private final String OwnerKey;
    private final String RenewersKey;
    private final String IssueTimestampKey;
    private final String MaxTimestampKey;
    private final String ExpiryTimestampKey;
    private final String TokenIdKey;
    private final String VersionKey;
    private final int CurrentVersion;
    private final int ErrorTimestamp;

    static {
        new DelegationTokenManager$();
    }

    public String DefaultHmacAlgorithm() {
        return this.DefaultHmacAlgorithm;
    }

    public String OwnerKey() {
        return this.OwnerKey;
    }

    public String RenewersKey() {
        return this.RenewersKey;
    }

    public String IssueTimestampKey() {
        return this.IssueTimestampKey;
    }

    public String MaxTimestampKey() {
        return this.MaxTimestampKey;
    }

    public String ExpiryTimestampKey() {
        return this.ExpiryTimestampKey;
    }

    public String TokenIdKey() {
        return this.TokenIdKey;
    }

    public String VersionKey() {
        return this.VersionKey;
    }

    public int CurrentVersion() {
        return this.CurrentVersion;
    }

    public int ErrorTimestamp() {
        return this.ErrorTimestamp;
    }

    public byte[] createHmac(String str, String str2) {
        return createHmac(str, createSecretKey(str2.getBytes(StandardCharsets.UTF_8)));
    }

    public SecretKey createSecretKey(byte[] bArr) {
        return new SecretKeySpec(bArr, DefaultHmacAlgorithm());
    }

    public String createBase64HMAC(String str, SecretKey secretKey) {
        return Base64.getEncoder().encodeToString(createHmac(str, secretKey));
    }

    public byte[] createHmac(String str, SecretKey secretKey) {
        Mac mac = Mac.getInstance(DefaultHmacAlgorithm());
        try {
            mac.init(secretKey);
            return mac.doFinal(str.getBytes(StandardCharsets.UTF_8));
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException("Invalid key to HMAC computation", e);
        }
    }

    public Map<String, Object> toJsonCompatibleMap(DelegationToken delegationToken) {
        TokenInformation tokenInformation = delegationToken.tokenInfo();
        scala.collection.mutable.Map map = (scala.collection.mutable.Map) Map$.MODULE$.apply(Nil$.MODULE$);
        map.update(VersionKey(), BoxesRunTime.boxToInteger(CurrentVersion()));
        map.update(OwnerKey(), Sanitizer.sanitize(tokenInformation.ownerAsString()));
        map.update(RenewersKey(), JavaConverters$.MODULE$.asJavaIterableConverter((Iterable) ((TraversableLike) JavaConverters$.MODULE$.collectionAsScalaIterableConverter(tokenInformation.renewersAsString()).asScala()).map(str -> {
            return Sanitizer.sanitize(str);
        }, Iterable$.MODULE$.canBuildFrom())).asJava());
        map.update(IssueTimestampKey(), BoxesRunTime.boxToLong(tokenInformation.issueTimestamp()));
        map.update(MaxTimestampKey(), BoxesRunTime.boxToLong(tokenInformation.maxTimestamp()));
        map.update(ExpiryTimestampKey(), BoxesRunTime.boxToLong(tokenInformation.expiryTimestamp()));
        map.update(TokenIdKey(), tokenInformation.tokenId());
        return map.toMap(Predef$.MODULE$.$conforms());
    }

    public Option<TokenInformation> fromBytes(byte[] bArr) {
        Option option;
        if (bArr == null || new ArrayOps.ofByte(Predef$.MODULE$.byteArrayOps(bArr)).isEmpty()) {
            return None$.MODULE$;
        }
        Option<JsonValue> parseBytes = Json$.MODULE$.parseBytes(bArr);
        if (parseBytes instanceof Some) {
            JsonObject asJsonObject = ((JsonValue) ((Some) parseBytes).value()).asJsonObject();
            Predef$.MODULE$.require(BoxesRunTime.unboxToInt(asJsonObject.apply(VersionKey()).to(DecodeJson$DecodeInt$.MODULE$)) == CurrentVersion());
            KafkaPrincipal parseKafkaPrincipal = SecurityUtils.parseKafkaPrincipal(Sanitizer.desanitize((String) asJsonObject.apply(OwnerKey()).to(DecodeJson$DecodeString$.MODULE$)));
            Seq seq = (Seq) ((TraversableLike) ((Seq) asJsonObject.apply(RenewersKey()).to(DecodeJson$.MODULE$.decodeSeq(DecodeJson$DecodeString$.MODULE$, Predef$.MODULE$.fallbackStringCanBuildFrom()))).map(str -> {
                return Sanitizer.desanitize(str);
            }, Seq$.MODULE$.canBuildFrom())).map(str2 -> {
                return SecurityUtils.parseKafkaPrincipal(str2);
            }, Seq$.MODULE$.canBuildFrom());
            option = new Some(new TokenInformation((String) asJsonObject.apply(TokenIdKey()).to(DecodeJson$DecodeString$.MODULE$), parseKafkaPrincipal, (Collection) JavaConverters$.MODULE$.seqAsJavaListConverter(seq).asJava(), BoxesRunTime.unboxToLong(asJsonObject.apply(IssueTimestampKey()).to(DecodeJson$DecodeLong$.MODULE$)), BoxesRunTime.unboxToLong(asJsonObject.apply(MaxTimestampKey()).to(DecodeJson$DecodeLong$.MODULE$)), BoxesRunTime.unboxToLong(asJsonObject.apply(ExpiryTimestampKey()).to(DecodeJson$DecodeLong$.MODULE$))));
        } else {
            if (!None$.MODULE$.equals(parseBytes)) {
                throw new MatchError(parseBytes);
            }
            option = None$.MODULE$;
        }
        return option;
    }

    public boolean filterToken(KafkaPrincipal kafkaPrincipal, Option<List<KafkaPrincipal>> option, TokenInformation tokenInformation, Function1<String, Object> function1) {
        return (option.isEmpty() || option.get().exists(kafkaPrincipal2 -> {
            return BoxesRunTime.boxToBoolean(tokenInformation.ownerOrRenewer(kafkaPrincipal2));
        })) ? tokenInformation.ownerOrRenewer(kafkaPrincipal) ? true : BoxesRunTime.unboxToBoolean(function1.mo9892apply(tokenInformation.tokenId())) : false;
    }

    private DelegationTokenManager$() {
        MODULE$ = this;
        this.DefaultHmacAlgorithm = "HmacSHA512";
        this.OwnerKey = ControllerApiConstants.OWNER;
        this.RenewersKey = "renewers";
        this.IssueTimestampKey = "issueTimestamp";
        this.MaxTimestampKey = "maxTimestamp";
        this.ExpiryTimestampKey = "expiryTimestamp";
        this.TokenIdKey = "tokenId";
        this.VersionKey = "version";
        this.CurrentVersion = 1;
        this.ErrorTimestamp = -1;
    }
}
