package io.confluent.ksql.services;

import com.google.common.annotations.VisibleForTesting;
import io.confluent.ksql.connect.ConnectRequestHeadersExtension;
import io.confluent.ksql.security.KsqlPrincipal;
import io.confluent.ksql.util.FileWatcher;
import io.confluent.ksql.util.KsqlConfig;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.file.Paths;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Properties;
import javax.net.ssl.SSLContext;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.security.ssl.DefaultSslEngineFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/ksql/services/DefaultConnectClientFactory.class */
public class DefaultConnectClientFactory implements ConnectClientFactory {
    private static final Logger log = LoggerFactory.getLogger(DefaultConnectClientFactory.class);
    private final KsqlConfig ksqlConfig;
    private final Optional<ConnectRequestHeadersExtension> requestHeadersExtension;
    private volatile Optional<String> defaultConnectAuthHeader;
    private FileWatcher credentialsFileWatcher;

    public DefaultConnectClientFactory(KsqlConfig ksqlConfig) {
        this.ksqlConfig = (KsqlConfig) Objects.requireNonNull(ksqlConfig, "ksqlConfig");
        this.requestHeadersExtension = Optional.ofNullable(ksqlConfig.getConfiguredInstance("ksql.connect.request.headers.plugin", ConnectRequestHeadersExtension.class));
    }

    @Override // io.confluent.ksql.services.ConnectClientFactory
    public synchronized DefaultConnectClient get(Optional<String> optional, List<Map.Entry<String, String>> list, Optional<KsqlPrincipal> optional2) {
        if (this.defaultConnectAuthHeader == null) {
            this.defaultConnectAuthHeader = buildDefaultAuthHeader();
        }
        Map valuesWithPrefixOverride = this.ksqlConfig.valuesWithPrefixOverride("ksql.connect.");
        return new DefaultConnectClient(this.ksqlConfig.getString("ksql.connect.url"), buildAuthHeader(optional, list), (Map) this.requestHeadersExtension.map(connectRequestHeadersExtension -> {
            return connectRequestHeadersExtension.getHeaders(optional2);
        }).orElse(Collections.emptyMap()), Optional.ofNullable(newSslContext(valuesWithPrefixOverride)), shouldVerifySslHostname(valuesWithPrefixOverride), this.ksqlConfig.getLong("ksql.connect.request.timeout.ms").longValue());
    }

    @Override // io.confluent.ksql.services.ConnectClientFactory
    public synchronized void close() {
        if (this.credentialsFileWatcher != null) {
            this.credentialsFileWatcher.shutdown();
        }
    }

    private Optional<String> buildDefaultAuthHeader() {
        if (!isCustomBasicAuthConfigured()) {
            return Optional.empty();
        }
        String string = this.ksqlConfig.getString("ksql.connect.basic.auth.credentials.file");
        if (this.ksqlConfig.getBoolean("ksql.connect.basic.auth.credentials.reload").booleanValue()) {
            startBasicAuthFileWatcher(string);
        }
        return buildBasicAuthHeader(string);
    }

    private Optional<String> buildAuthHeader(Optional<String> optional, List<Map.Entry<String, String>> list) {
        if (this.requestHeadersExtension.isPresent()) {
            ConnectRequestHeadersExtension connectRequestHeadersExtension = this.requestHeadersExtension.get();
            if (connectRequestHeadersExtension.shouldUseCustomAuthHeader()) {
                return connectRequestHeadersExtension.getAuthHeader(list);
            }
        }
        return isCustomBasicAuthConfigured() ? this.defaultConnectAuthHeader : optional;
    }

    private void startBasicAuthFileWatcher(String str) {
        try {
            this.credentialsFileWatcher = new FileWatcher(Paths.get(str, new String[0]), () -> {
                this.defaultConnectAuthHeader = buildBasicAuthHeader(str);
            });
            this.credentialsFileWatcher.start();
            log.info("Enabled automatic connector credentials reload for location: " + str);
        } catch (IOException e) {
            log.error("Failed to enable automatic connector credentials reload", e);
        }
    }

    private boolean isCustomBasicAuthConfigured() {
        return this.ksqlConfig.getString("ksql.connect.basic.auth.credentials.source").equalsIgnoreCase("FILE");
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x00f8: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:45:0x00f8 */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x00fc: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:47:0x00fc */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.io.FileInputStream] */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable] */
    private static Optional<String> buildBasicAuthHeader(String str) {
        if (str == null || str.isEmpty()) {
            throw new ConfigException(String.format("'%s' cannot be empty if '%s' is set to '%s'", "ksql.connect.basic.auth.credentials.file", "ksql.connect.basic.auth.credentials.source", "FILE"));
        }
        Properties properties = new Properties();
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                Throwable th = null;
                properties.load(fileInputStream);
                if (properties.containsKey("username") && properties.containsKey("password")) {
                    Optional<String> of = Optional.of("Basic " + Base64.getEncoder().encodeToString((properties.getProperty("username") + ":" + properties.getProperty("password")).getBytes(Charset.defaultCharset())));
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    return of;
                }
                log.error("Provided credentials file doesn't provide username and password");
                Optional<String> empty = Optional.empty();
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return empty;
            } finally {
            }
        } catch (IOException e) {
            log.error("Failed to load credentials file: " + e.getMessage());
            return Optional.empty();
        }
        log.error("Failed to load credentials file: " + e.getMessage());
        return Optional.empty();
    }

    private static SSLContext newSslContext(Map<String, Object> map) {
        DefaultSslEngineFactory defaultSslEngineFactory = new DefaultSslEngineFactory();
        defaultSslEngineFactory.configure(map);
        return defaultSslEngineFactory.sslContext();
    }

    @VisibleForTesting
    static boolean shouldVerifySslHostname(Map<String, Object> map) {
        Object obj = map.get("ssl.endpoint.identification.algorithm");
        if (obj == null) {
            return false;
        }
        String obj2 = obj.toString();
        if (obj2.isEmpty() || obj2.equalsIgnoreCase("none")) {
            return false;
        }
        if (obj2.equalsIgnoreCase("https")) {
            return true;
        }
        throw new ConfigException("Endpoint identification algorithm not supported: " + obj2);
    }

    @Override // io.confluent.ksql.services.ConnectClientFactory
    public /* bridge */ /* synthetic */ ConnectClient get(Optional optional, List list, Optional optional2) {
        return get((Optional<String>) optional, (List<Map.Entry<String, String>>) list, (Optional<KsqlPrincipal>) optional2);
    }
}
