package kafka.server;

import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.util.Base64;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import kafka.utils.Json$;
import kafka.utils.json.DecodeJson$;
import kafka.utils.json.DecodeJson$$anonfun$decodeSeq$3;
import kafka.utils.json.DecodeJson$DecodeInt$;
import kafka.utils.json.DecodeJson$DecodeLong$;
import kafka.utils.json.DecodeJson$DecodeString$;
import kafka.utils.json.JsonObject;
import kafka.utils.json.JsonValue;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.token.delegation.DelegationToken;
import org.apache.kafka.common.security.token.delegation.TokenInformation;
import org.apache.kafka.common.utils.Sanitizer;
import org.apache.kafka.common.utils.SecurityUtils;
import scala.C$less$colon$less$;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.collection.Iterable;
import scala.collection.convert.AsJavaExtensions;
import scala.collection.convert.AsScalaExtensions;
import scala.collection.immutable.List;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Seq;
import scala.collection.immutable.Seq$;
import scala.collection.mutable.Map$;
import scala.jdk.CollectionConverters$;
import scala.runtime.BoxesRunTime;

/* compiled from: DelegationTokenManager.scala */
/* loaded from: input_file:META-INF/bundled-dependencies/kafka_2.13-2.7.2.jar:kafka/server/DelegationTokenManager$.class */
public final class DelegationTokenManager$ {
    public static final DelegationTokenManager$ MODULE$ = new DelegationTokenManager$();
    private static final String DefaultHmacAlgorithm = "HmacSHA512";
    private static final String OwnerKey = "owner";
    private static final String RenewersKey = "renewers";
    private static final String IssueTimestampKey = "issueTimestamp";
    private static final String MaxTimestampKey = "maxTimestamp";
    private static final String ExpiryTimestampKey = "expiryTimestamp";
    private static final String TokenIdKey = "tokenId";
    private static final String VersionKey = "version";
    private static final int CurrentVersion = 1;
    private static final int ErrorTimestamp = -1;

    public String DefaultHmacAlgorithm() {
        return DefaultHmacAlgorithm;
    }

    public String OwnerKey() {
        return OwnerKey;
    }

    public String RenewersKey() {
        return RenewersKey;
    }

    public String IssueTimestampKey() {
        return IssueTimestampKey;
    }

    public String MaxTimestampKey() {
        return MaxTimestampKey;
    }

    public String ExpiryTimestampKey() {
        return ExpiryTimestampKey;
    }

    public String TokenIdKey() {
        return TokenIdKey;
    }

    public String VersionKey() {
        return VersionKey;
    }

    public int CurrentVersion() {
        return CurrentVersion;
    }

    public int ErrorTimestamp() {
        return ErrorTimestamp;
    }

    public byte[] createHmac(String str, String str2) {
        return createHmac(str, createSecretKey(str2.getBytes(StandardCharsets.UTF_8)));
    }

    public SecretKey createSecretKey(byte[] bArr) {
        return new SecretKeySpec(bArr, DefaultHmacAlgorithm());
    }

    public String createBase64HMAC(String str, SecretKey secretKey) {
        return Base64.getEncoder().encodeToString(createHmac(str, secretKey));
    }

    public byte[] createHmac(String str, SecretKey secretKey) {
        Mac mac = Mac.getInstance(DefaultHmacAlgorithm());
        try {
            mac.init(secretKey);
            return mac.doFinal(str.getBytes(StandardCharsets.UTF_8));
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException("Invalid key to HMAC computation", e);
        }
    }

    public Map<String, Object> toJsonCompatibleMap(DelegationToken delegationToken) {
        AsScalaExtensions.CollectionHasAsScala CollectionHasAsScala;
        AsJavaExtensions.IterableHasAsJava IterableHasAsJava;
        TokenInformation tokenInformation = delegationToken.tokenInfo();
        scala.collection.mutable.Map apply = Map$.MODULE$.apply2(Nil$.MODULE$);
        apply.update(VersionKey(), Integer.valueOf(CurrentVersion()));
        apply.update(OwnerKey(), Sanitizer.sanitize(tokenInformation.ownerAsString()));
        String RenewersKey2 = RenewersKey();
        CollectionConverters$ collectionConverters$ = CollectionConverters$.MODULE$;
        CollectionHasAsScala = CollectionConverters$.MODULE$.CollectionHasAsScala(tokenInformation.renewersAsString());
        IterableHasAsJava = collectionConverters$.IterableHasAsJava((Iterable) CollectionHasAsScala.asScala().map(str -> {
            return Sanitizer.sanitize(str);
        }));
        apply.update(RenewersKey2, IterableHasAsJava.asJava());
        apply.update(IssueTimestampKey(), Long.valueOf(tokenInformation.issueTimestamp()));
        apply.update(MaxTimestampKey(), Long.valueOf(tokenInformation.maxTimestamp()));
        apply.update(ExpiryTimestampKey(), Long.valueOf(tokenInformation.expiryTimestamp()));
        apply.update(TokenIdKey(), tokenInformation.tokenId());
        return apply.toMap(C$less$colon$less$.MODULE$.refl());
    }

    public Option<TokenInformation> fromBytes(byte[] bArr) {
        Option option;
        AsJavaExtensions.SeqHasAsJava SeqHasAsJava;
        if (bArr != null) {
            if (!(bArr.length == 0)) {
                Option<JsonValue> parseBytes = Json$.MODULE$.parseBytes(bArr);
                if (parseBytes instanceof Some) {
                    JsonObject asJsonObject = ((JsonValue) ((Some) parseBytes).value()).asJsonObject();
                    Predef$.MODULE$.require(BoxesRunTime.unboxToInt(asJsonObject.apply(VersionKey()).to(DecodeJson$DecodeInt$.MODULE$)) == CurrentVersion());
                    KafkaPrincipal parseKafkaPrincipal = SecurityUtils.parseKafkaPrincipal(Sanitizer.desanitize((String) asJsonObject.apply(OwnerKey()).to(DecodeJson$DecodeString$.MODULE$)));
                    JsonValue apply = asJsonObject.apply(RenewersKey());
                    DecodeJson$ decodeJson$ = DecodeJson$.MODULE$;
                    Seq map = ((Seq) apply.to(new DecodeJson$$anonfun$decodeSeq$3(DecodeJson$DecodeString$.MODULE$, Seq$.MODULE$.iterableFactory()))).map(str -> {
                        return Sanitizer.desanitize(str);
                    }).map(str2 -> {
                        return SecurityUtils.parseKafkaPrincipal(str2);
                    });
                    long unboxToLong = BoxesRunTime.unboxToLong(asJsonObject.apply(IssueTimestampKey()).to(DecodeJson$DecodeLong$.MODULE$));
                    long unboxToLong2 = BoxesRunTime.unboxToLong(asJsonObject.apply(ExpiryTimestampKey()).to(DecodeJson$DecodeLong$.MODULE$));
                    long unboxToLong3 = BoxesRunTime.unboxToLong(asJsonObject.apply(MaxTimestampKey()).to(DecodeJson$DecodeLong$.MODULE$));
                    String str3 = (String) asJsonObject.apply(TokenIdKey()).to(DecodeJson$DecodeString$.MODULE$);
                    SeqHasAsJava = CollectionConverters$.MODULE$.SeqHasAsJava(map);
                    option = new Some(new TokenInformation(str3, parseKafkaPrincipal, SeqHasAsJava.asJava(), unboxToLong, unboxToLong3, unboxToLong2));
                } else {
                    if (!None$.MODULE$.equals(parseBytes)) {
                        throw new MatchError(parseBytes);
                    }
                    option = None$.MODULE$;
                }
                return option;
            }
        }
        return None$.MODULE$;
    }

    public boolean filterToken(KafkaPrincipal kafkaPrincipal, Option<List<KafkaPrincipal>> option, TokenInformation tokenInformation, Function1<String, Object> function1) {
        boolean z;
        if (!option.isEmpty()) {
            List<KafkaPrincipal> list = option.get();
            if (list == null) {
                throw null;
            }
            while (true) {
                List<KafkaPrincipal> list2 = list;
                if (list2.isEmpty()) {
                    z = false;
                    break;
                }
                if (tokenInformation.ownerOrRenewer(list2.mo7555head())) {
                    z = true;
                    break;
                }
                list = (List) list2.tail();
            }
            if (!z) {
                return false;
            }
        }
        return tokenInformation.ownerOrRenewer(kafkaPrincipal) || BoxesRunTime.unboxToBoolean(function1.mo7369apply(tokenInformation.tokenId()));
    }

    private DelegationTokenManager$() {
    }
}
