package org.apache.kafka.metadata.authorizer;

import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.acl.AclPermissionType;
import org.apache.kafka.common.resource.Resource;
import org.apache.kafka.common.security.auth.KafkaPrincipal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/kafka/metadata/authorizer/ResourceAcls.class */
public class ResourceAcls implements AclStore {
    static final Set<AclOperation> IMPLIES_DESCRIBE = Collections.unmodifiableSet(EnumSet.of(AclOperation.DESCRIBE, AclOperation.READ, AclOperation.WRITE, AclOperation.DELETE, AclOperation.ALTER));
    static final Set<AclOperation> IMPLIES_DESCRIBE_CONFIGS = Collections.unmodifiableSet(EnumSet.of(AclOperation.DESCRIBE_CONFIGS, AclOperation.ALTER_CONFIGS));
    static final ResourceAcls EMPTY = new ResourceAcls(Collections.emptyList(), Collections.emptyList());
    private final List<StandardAcl> denyAcls;
    private final List<StandardAcl> allowAcls;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.kafka.metadata.authorizer.ResourceAcls$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/kafka/metadata/authorizer/ResourceAcls$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$kafka$common$acl$AclOperation = new int[AclOperation.values().length];

        static {
            try {
                $SwitchMap$org$apache$kafka$common$acl$AclOperation[AclOperation.DESCRIBE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$kafka$common$acl$AclOperation[AclOperation.DESCRIBE_CONFIGS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ResourceAcls(List<StandardAcl> list, List<StandardAcl> list2) {
        this.allowAcls = list;
        this.denyAcls = list2;
    }

    ResourceAcls(StandardAcl standardAcl) {
        List<StandardAcl> singletonList = Collections.singletonList(standardAcl);
        if (standardAcl.permissionType() == AclPermissionType.ALLOW) {
            this.allowAcls = singletonList;
            this.denyAcls = Collections.emptyList();
        } else {
            this.allowAcls = Collections.emptyList();
            this.denyAcls = singletonList;
        }
    }

    ResourceAcls(List<StandardAcl> list) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (StandardAcl standardAcl : list) {
            if (standardAcl.permissionType() == AclPermissionType.ALLOW) {
                arrayList.add(standardAcl);
            } else {
                arrayList2.add(standardAcl);
            }
        }
        this.allowAcls = Collections.unmodifiableList(arrayList);
        this.denyAcls = Collections.unmodifiableList(arrayList2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isEmpty() {
        return this.allowAcls.size() + this.denyAcls.size() == 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ResourceAcls copyWithChanges(ResourceAclsBuilder resourceAclsBuilder) {
        return resourceAclsBuilder.build(this);
    }

    @Override // org.apache.kafka.metadata.authorizer.AclStore
    public boolean walk(Visitor visitor) {
        return visitor.visit(this);
    }

    @Override // org.apache.kafka.metadata.authorizer.AclStore
    public Optional<StandardAcl> findMatchingAcl(AclOperation aclOperation, String str) {
        Optional<StandardAcl> findMatchingAcl = findMatchingAcl(this.denyAcls, aclOperation, str);
        return findMatchingAcl.isPresent() ? findMatchingAcl : findMatchingAcl(this.allowAcls, aclOperation, str);
    }

    private static Optional<StandardAcl> findMatchingAcl(List<StandardAcl> list, AclOperation aclOperation, String str) {
        for (StandardAcl standardAcl : list) {
            if (isMatching(standardAcl, aclOperation, str)) {
                return Optional.of(standardAcl);
            }
        }
        return Optional.empty();
    }

    private static boolean isMatching(StandardAcl standardAcl, AclOperation aclOperation, String str) {
        if (!standardAcl.host().equals("*") && !standardAcl.host().equals(str)) {
            return false;
        }
        if (standardAcl.operation() == AclOperation.ALL) {
            return true;
        }
        if (!standardAcl.permissionType().equals(AclPermissionType.ALLOW)) {
            return aclOperation == standardAcl.operation();
        }
        switch (AnonymousClass1.$SwitchMap$org$apache$kafka$common$acl$AclOperation[aclOperation.ordinal()]) {
            case 1:
                return IMPLIES_DESCRIBE.contains(standardAcl.operation());
            case 2:
                return IMPLIES_DESCRIBE_CONFIGS.contains(standardAcl.operation());
            default:
                return aclOperation == standardAcl.operation();
        }
    }

    public int hashCode() {
        return Objects.hash(this.allowAcls, this.denyAcls);
    }

    public boolean equals(Object obj) {
        if (obj == null || !obj.getClass().equals(getClass())) {
            return false;
        }
        ResourceAcls resourceAcls = (ResourceAcls) obj;
        return this.allowAcls.equals(resourceAcls.allowAcls) && this.denyAcls.equals(resourceAcls.denyAcls);
    }

    public String toString() {
        StringBuilder sb = new StringBuilder("ResourceAcls(AllowAcls(");
        this.allowAcls.forEach(standardAcl -> {
            sb.append("Entry(");
            sb.append(standardAcl);
            sb.append(")");
        });
        sb.append("), DenyAcls(");
        this.denyAcls.forEach(standardAcl2 -> {
            sb.append("Entry(");
            sb.append(standardAcl2);
            sb.append(")");
        });
        sb.append(")");
        sb.append(")");
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<StandardAcl> allowAcls() {
        return this.allowAcls;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<StandardAcl> denyAcls() {
        return this.denyAcls;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<StandardAcl> acls() {
        ArrayList arrayList = new ArrayList(this.allowAcls);
        arrayList.addAll(this.denyAcls);
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean validateAclCache(KafkaPrincipal kafkaPrincipal, Resource resource) {
        Iterator<StandardAcl> it = this.allowAcls.iterator();
        while (it.hasNext()) {
            if (!validateAcl(it.next(), kafkaPrincipal, resource)) {
                return false;
            }
        }
        Iterator<StandardAcl> it2 = this.denyAcls.iterator();
        while (it2.hasNext()) {
            if (!validateAcl(it2.next(), kafkaPrincipal, resource)) {
                return false;
            }
        }
        return true;
    }

    private static boolean validateAcl(StandardAcl standardAcl, KafkaPrincipal kafkaPrincipal, Resource resource) {
        return standardAcl.kafkaPrincipal().equals(kafkaPrincipal) && standardAcl.resource().equals(resource);
    }
}
