package com.mongodb.kafka.connect.util;

import com.mongodb.ConnectionString;
import com.mongodb.MongoClientSettings;
import com.mongodb.MongoCredential;
import com.mongodb.MongoSecurityException;
import com.mongodb.ReadPreference;
import com.mongodb.client.MongoClient;
import com.mongodb.client.MongoClients;
import com.mongodb.event.ClusterClosedEvent;
import com.mongodb.event.ClusterDescriptionChangedEvent;
import com.mongodb.event.ClusterListener;
import com.mongodb.event.ClusterOpeningEvent;
import com.ververica.cdc.connectors.shaded.com.fasterxml.jackson.core.JsonLocation;
import com.ververica.cdc.connectors.shaded.org.apache.kafka.common.config.Config;
import com.ververica.cdc.connectors.shaded.org.apache.kafka.common.config.ConfigValue;
import com.ververica.cdc.connectors.shaded.org.apache.kafka.connect.errors.ConnectException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import org.bson.Document;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mongodb/kafka/connect/util/ConnectionValidator.class */
public final class ConnectionValidator {
    private static final Logger LOGGER = LoggerFactory.getLogger(ConnectionValidator.class);
    private static final Document CONNECTION_STATUS = Document.parse("{connectionStatus: 1, showPrivileges: true}");
    private static final String ROLES_INFO = "{rolesInfo: '%s', showPrivileges: true, showBuiltinRoles: true}";
    private static final String AUTH_INFO = "authInfo";
    private static final String AUTH_USER_PRIVILEGES = "authenticatedUserPrivileges";
    private static final String AUTH_USER_ROLES = "authenticatedUserRoles";
    private static final String INHERITED_PRIVILEGES = "inheritedPrivileges";

    public static Optional<MongoClient> validateCanConnect(Config config, String str) {
        Optional<ConfigValue> configByName = ConfigHelper.getConfigByName(config, str);
        if (configByName.isPresent() && configByName.get().errorMessages().isEmpty()) {
            ConfigValue configValue = configByName.get();
            AtomicBoolean atomicBoolean = new AtomicBoolean();
            CountDownLatch countDownLatch = new CountDownLatch(1);
            ConnectionString connectionString = new ConnectionString((String) configValue.value());
            MongoClientSettings.Builder applyConnectionString = MongoClientSettings.builder().applyConnectionString(connectionString);
            ServerApiConfig.setServerApi(applyConnectionString, config);
            MongoClientSettings build = applyConnectionString.applyToClusterSettings(builder -> {
                builder.addClusterListener(new ClusterListener() { // from class: com.mongodb.kafka.connect.util.ConnectionValidator.1
                    @Override // com.mongodb.event.ClusterListener
                    public void clusterOpening(ClusterOpeningEvent clusterOpeningEvent) {
                    }

                    @Override // com.mongodb.event.ClusterListener
                    public void clusterClosed(ClusterClosedEvent clusterClosedEvent) {
                    }

                    @Override // com.mongodb.event.ClusterListener
                    public void clusterDescriptionChanged(ClusterDescriptionChangedEvent clusterDescriptionChangedEvent) {
                        ReadPreference readPreference = ConnectionString.this.getReadPreference() != null ? ConnectionString.this.getReadPreference() : ReadPreference.primaryPreferred();
                        if (atomicBoolean.get() || !clusterDescriptionChangedEvent.getNewDescription().hasReadableServer(readPreference)) {
                            return;
                        }
                        atomicBoolean.set(true);
                        countDownLatch.countDown();
                    }
                });
            }).build();
            long connectTimeout = build.getSocketSettings().getConnectTimeout(TimeUnit.MILLISECONDS) + JsonLocation.MAX_CONTENT_SNIPPET;
            MongoClient create = MongoClients.create(build);
            try {
                if (!countDownLatch.await(connectTimeout, TimeUnit.MILLISECONDS)) {
                    configValue.addErrorMessage("Unable to connect to the server.");
                    create.close();
                }
                if (configValue.errorMessages().isEmpty()) {
                    return Optional.of(create);
                }
            } catch (InterruptedException e) {
                create.close();
                throw new ConnectException(e);
            }
        }
        return Optional.empty();
    }

    public static void validateUserHasActions(MongoClient mongoClient, MongoCredential mongoCredential, List<String> list, String str, String str2, String str3, Config config) {
        if (mongoCredential == null) {
            return;
        }
        try {
            Document document = (Document) mongoClient.getDatabase(mongoCredential.getSource()).runCommand(CONNECTION_STATUS).get(AUTH_INFO, new Document());
            List<String> removeRoleActions = removeRoleActions(mongoClient, mongoCredential, str, str2, document, removeUserActions(document.getList(AUTH_USER_PRIVILEGES, Document.class, Collections.emptyList()), mongoCredential.getSource(), str, str2, list));
            if (removeRoleActions.isEmpty()) {
                return;
            }
            String join = String.join(", ", removeRoleActions);
            ConfigHelper.getConfigByName(config, str3).ifPresent(configValue -> {
                configValue.addErrorMessage(String.format("Invalid user permissions. Missing the following action permissions: %s", join));
            });
        } catch (MongoSecurityException e) {
            ConfigHelper.getConfigByName(config, str3).ifPresent(configValue2 -> {
                configValue2.addErrorMessage("Invalid user permissions authentication failed. " + e.getMessage());
            });
        } catch (Exception e2) {
            LOGGER.warn("Permission validation failed due to: {}", e2.getMessage(), e2);
        }
    }

    private static List<String> removeUserActions(List<Document> list, String str, String str2, String str3, List<String> list2) {
        if (list.isEmpty() || list2.isEmpty()) {
            return list2;
        }
        ArrayList arrayList = new ArrayList(list2);
        for (Document document : list) {
            Document document2 = (Document) document.get((Object) "resource", (String) new Document());
            if (document2.containsKey("cluster") && document2.getBoolean("cluster").booleanValue()) {
                arrayList.removeAll(document.getList("actions", String.class, Collections.emptyList()));
            } else if (document2.containsKey("db") && document2.containsKey("collection")) {
                String string = document2.getString("db");
                String string2 = document2.getString("collection");
                boolean z = false;
                boolean z2 = string2.isEmpty() || string2.equals(str3);
                if (string.isEmpty() && z2) {
                    z = true;
                } else if (string.equals(str) && string2.isEmpty()) {
                    z = true;
                } else if (string.equals(str2) && z2) {
                    z = true;
                }
                if (z) {
                    arrayList.removeAll(document.getList("actions", String.class, Collections.emptyList()));
                }
            }
            if (arrayList.isEmpty()) {
                break;
            }
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static List<String> removeRoleActions(MongoClient mongoClient, MongoCredential mongoCredential, String str, String str2, Document document, List<String> list) {
        if (list.isEmpty()) {
            return list;
        }
        List arrayList = new ArrayList(list);
        for (Document document2 : document.getList(AUTH_USER_ROLES, Document.class, Collections.emptyList())) {
            Iterator it = mongoClient.getDatabase(document2.getString("db")).runCommand(Document.parse(String.format(ROLES_INFO, document2.getString("role")))).getList("roles", Document.class, Collections.emptyList()).iterator();
            while (it.hasNext()) {
                arrayList = removeUserActions(((Document) it.next()).getList(INHERITED_PRIVILEGES, Document.class, Collections.emptyList()), mongoCredential.getSource(), str, str2, arrayList);
                if (arrayList.isEmpty()) {
                    return arrayList;
                }
            }
            if (arrayList.isEmpty()) {
                return arrayList;
            }
        }
        return arrayList;
    }

    private ConnectionValidator() {
    }
}
