package org.apache.kafka.metadata.authorizer;

import org.apache.kafka.common.protocol.ApiKeys;
import org.apache.kafka.common.resource.ResourcePattern;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.utils.SecurityUtils;
import org.apache.kafka.server.authorizer.Action;
import org.apache.kafka.server.authorizer.AuthorizableRequestContext;
import org.apache.kafka.server.authorizer.AuthorizationResult;
import org.slf4j.Logger;

/* loaded from: input_file:org/apache/kafka/metadata/authorizer/MatchingRule.class */
public interface MatchingRule {

    /* renamed from: org.apache.kafka.metadata.authorizer.MatchingRule$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/kafka/metadata/authorizer/MatchingRule$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$kafka$server$authorizer$AuthorizationResult = new int[AuthorizationResult.values().length];

        static {
            try {
                $SwitchMap$org$apache$kafka$server$authorizer$AuthorizationResult[AuthorizationResult.ALLOWED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$kafka$server$authorizer$AuthorizationResult[AuthorizationResult.DENIED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    AuthorizationResult result();

    default void logAuditMessage(Logger logger, KafkaPrincipal kafkaPrincipal, AuthorizableRequestContext authorizableRequestContext, Action action) {
        switch (AnonymousClass1.$SwitchMap$org$apache$kafka$server$authorizer$AuthorizationResult[result().ordinal()]) {
            case 1:
                if (action.logIfAllowed() && logger.isDebugEnabled()) {
                    logger.debug(buildAuditMessage(kafkaPrincipal, authorizableRequestContext, action));
                    return;
                } else {
                    if (logger.isTraceEnabled()) {
                        logger.trace(buildAuditMessage(kafkaPrincipal, authorizableRequestContext, action));
                        return;
                    }
                    return;
                }
            case 2:
                if (action.logIfDenied()) {
                    logger.info(buildAuditMessage(kafkaPrincipal, authorizableRequestContext, action));
                    return;
                } else {
                    if (logger.isTraceEnabled()) {
                        logger.trace(buildAuditMessage(kafkaPrincipal, authorizableRequestContext, action));
                        return;
                    }
                    return;
                }
            default:
                return;
        }
    }

    default String buildAuditMessage(KafkaPrincipal kafkaPrincipal, AuthorizableRequestContext authorizableRequestContext, Action action) {
        StringBuilder sb = new StringBuilder();
        sb.append("Principal = ").append(kafkaPrincipal);
        sb.append(" is ").append(result() == AuthorizationResult.ALLOWED ? "Allowed" : "Denied");
        sb.append(" operation = ").append(action.operation());
        sb.append(" from host = ").append(authorizableRequestContext.clientAddress().getHostAddress());
        sb.append(" on resource = ");
        appendResourcePattern(action.resourcePattern(), sb);
        sb.append(" for request = ").append(ApiKeys.forId(authorizableRequestContext.requestType()).name);
        sb.append(" with resourceRefCount = ").append(action.resourceReferenceCount());
        sb.append(" based on rule ").append(this);
        return sb.toString();
    }

    static void appendResourcePattern(ResourcePattern resourcePattern, StringBuilder sb) {
        sb.append(SecurityUtils.resourceTypeName(resourcePattern.resourceType())).append(":").append(resourcePattern.patternType()).append(":").append(resourcePattern.name());
    }
}
