package io.confluent.security.authorizer.provider;

import io.confluent.security.authorizer.AuthorizeResult;
import java.io.IOException;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.UnaryOperator;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.utils.SecurityUtils;
import org.apache.kafka.server.authorizer.AuthorizerServerInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/security/authorizer/provider/DefaultAuditLogProvider.class */
public class DefaultAuditLogProvider implements AuditLogProvider {
    protected static final Logger log = LoggerFactory.getLogger("kafka.authorizer.logger");
    protected UnaryOperator<AuthorizationLogData> sanitizer;

    public void configure(Map<String, ?> map) {
    }

    public Set<String> reconfigurableConfigs() {
        return Collections.emptySet();
    }

    public void validateReconfiguration(Map<String, ?> map) throws ConfigException {
    }

    public void reconfigure(Map<String, ?> map) {
    }

    @Override // io.confluent.security.authorizer.provider.Provider
    public CompletionStage<Void> start(AuthorizerServerInfo authorizerServerInfo, Map<String, ?> map) {
        return CompletableFuture.completedFuture(null);
    }

    @Override // io.confluent.security.authorizer.provider.Provider
    public String providerName() {
        return "DEFAULT";
    }

    @Override // io.confluent.security.authorizer.provider.Provider
    public boolean usesMetadataFromThisKafkaCluster() {
        return false;
    }

    @Override // io.confluent.security.authorizer.provider.AuditLogProvider
    public boolean providerConfigured(Map<String, ?> map) {
        return true;
    }

    @Override // io.confluent.security.authorizer.provider.AuditLogProvider
    public void setSanitizer(UnaryOperator<AuthorizationLogData> unaryOperator) {
        this.sanitizer = unaryOperator;
    }

    @Override // io.confluent.security.authorizer.provider.AuditLogProvider
    public void logAuthorization(AuthorizationLogData authorizationLogData) {
        if (this.sanitizer != null) {
            authorizationLogData = (AuthorizationLogData) this.sanitizer.apply(authorizationLogData);
        }
        KafkaPrincipal principal = authorizationLogData.requestContext.principal();
        String hostAddress = authorizationLogData.requestContext.clientAddress().getHostAddress();
        String name = authorizationLogData.action.operation().name();
        String str = SecurityUtils.toPascalCase(authorizationLogData.action.resourceType().name()) + ":" + authorizationLogData.action.resourcePattern().patternType() + ":" + authorizationLogData.action.resourceName();
        if (authorizationLogData.authorizeResult == AuthorizeResult.ALLOWED) {
            if (authorizationLogData.action.logIfAllowed()) {
                log.debug("Principal = {} is {} Operation = {} from host = {} on resource = {}", new Object[]{principal, "Allowed", name, hostAddress, str});
                return;
            } else {
                log.trace("Principal = {} is {} Operation = {} from host = {} on resource = {}", new Object[]{principal, "Allowed", name, hostAddress, str});
                return;
            }
        }
        if (authorizationLogData.action.logIfDenied()) {
            log.info("Principal = {} is {} Operation = {} from host = {} on resource = {}", new Object[]{principal, "Denied", name, hostAddress, str});
        } else {
            log.trace("Principal = {} is {} Operation = {} from host = {} on resource = {}", new Object[]{principal, "Denied", name, hostAddress, str});
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
    }
}
