package io.confluent.ksql.security;

import java.util.Map;
import java.util.stream.Collectors;
import org.apache.kafka.common.config.AbstractConfig;
import org.apache.kafka.common.config.ConfigDef;

/* loaded from: input_file:io/confluent/ksql/security/KsqlClientConfig.class */
public final class KsqlClientConfig extends AbstractConfig {
    public static final String KSQL_BASIC_AUTH_USERNAME = "ksql.auth.basic.username";
    public static final String KSQL_BASIC_AUTH_PASSWORD = "ksql.auth.basic.password";
    public static final String BEARER_AUTH_TOKEN_CONFIG = "bearer.auth.token";
    public static final String BEARER_AUTH_TOKEN_ENDPOINT_URL = "bearer.auth.issuer.endpoint.url";
    public static final String BEARER_AUTH_CLIENT_ID = "bearer.auth.client.id";
    public static final String BEARER_AUTH_CLIENT_SECRET = "bearer.auth.client.secret";
    public static final String BEARER_AUTH_SCOPE = "bearer.auth.scope";
    public static final String BEARER_AUTH_SCOPE_CLAIM_NAME = "bearer.auth.scope.claim.name";
    public static final String BEARER_AUTH_SCOPE_CLAIM_NAME_DEFAULT = "scope";
    public static final String BEARER_AUTH_SUB_CLAIM_NAME = "bearer.auth.sub.claim.name";
    public static final String BEARER_AUTH_SUB_CLAIM_NAME_DEFAULT = "sub";
    public static final String BEARER_AUTH_CACHE_EXPIRY_BUFFER_SECONDS = "bearer.auth.cache.expiry.buffer.seconds";
    public static final short BEARER_AUTH_CACHE_EXPIRY_BUFFER_SECONDS_DEFAULT = 300;
    public static final String SSL_PREFIX = "ssl.";
    public static final String SSL_TRUSTSTORE_LOCATION = "ssl.truststore.location";
    public static final String SSL_TRUSTSTORE_PASSWORD = "ssl.truststore.password";
    public static final String SSL_KEYSTORE_LOCATION = "ssl.keystore.location";
    public static final String SSL_KEYSTORE_PASSWORD = "ssl.keystore.password";
    public static final String SSL_KEY_PASSWORD = "ssl.key.password";
    public static final String SSL_KEY_ALIAS = "ssl.key.alias";
    public static final String SSL_ALPN = "ssl.alpn";
    public static final String SSL_VERIFY_HOST = "ssl.verify.host";

    private KsqlClientConfig(Map<String, String> map) {
        super(new ConfigDef().define(KSQL_BASIC_AUTH_USERNAME, ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, "The username for the KSQL server").define(KSQL_BASIC_AUTH_PASSWORD, ConfigDef.Type.PASSWORD, "", ConfigDef.Importance.MEDIUM, "The password for the KSQL server").define("bearer.auth.token", ConfigDef.Type.PASSWORD, "", ConfigDef.Importance.MEDIUM, "The static bearer token for the IDP Authorization server").define("bearer.auth.issuer.endpoint.url", ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, "The issuer endpoint URL for the IDP Authorization server").define("bearer.auth.client.id", ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, "The client ID for the IDP Authorization server").define("bearer.auth.client.secret", ConfigDef.Type.PASSWORD, "", ConfigDef.Importance.MEDIUM, "The client secret for the IDP Authorization server").define("bearer.auth.scope", ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, "The scope for the IDP Authorization server").define("bearer.auth.scope.claim.name", ConfigDef.Type.STRING, "scope", ConfigDef.Importance.MEDIUM, "The scope claim name for the IDP Authorization server").define("bearer.auth.sub.claim.name", ConfigDef.Type.STRING, "sub", ConfigDef.Importance.MEDIUM, "The sub claim name for the IDP Authorization server").define("bearer.auth.cache.expiry.buffer.seconds", ConfigDef.Type.SHORT, (short) 300, ConfigDef.Importance.MEDIUM, "The expiry buffer for token cache").define("ssl.truststore.location", ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, "The trust store path").define("ssl.truststore.password", ConfigDef.Type.PASSWORD, "", ConfigDef.Importance.MEDIUM, "The trust store password").define("ssl.keystore.location", ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, "The key store path").define("ssl.keystore.password", ConfigDef.Type.PASSWORD, "", ConfigDef.Importance.MEDIUM, "The key store password").define("ssl.key.password", ConfigDef.Type.PASSWORD, "", ConfigDef.Importance.MEDIUM, "The key password").define(SSL_KEY_ALIAS, ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, "The key alias").define(SSL_ALPN, ConfigDef.Type.BOOLEAN, false, ConfigDef.Importance.MEDIUM, "Whether ALPN should be used. It defaults to false.").define(SSL_VERIFY_HOST, ConfigDef.Type.BOOLEAN, true, ConfigDef.Importance.MEDIUM, "Whether hostname verification is enabled. It defaults to true."), map, false);
    }

    public static String getBearerAuthScopeClaimName(Map<String, ?> map) {
        return (map == null || !map.containsKey("bearer.auth.scope.claim.name")) ? "scope" : (String) map.get("bearer.auth.scope.claim.name");
    }

    public static String getBearerAuthSubClaimName(Map<String, ?> map) {
        return (map == null || !map.containsKey("bearer.auth.sub.claim.name")) ? "sub" : (String) map.get("bearer.auth.sub.claim.name");
    }

    public static short getBearerAuthCacheExpiryBufferSeconds(Map<String, ?> map) {
        if (map == null || !map.containsKey("bearer.auth.cache.expiry.buffer.seconds")) {
            return (short) 300;
        }
        return ((Short) map.get("bearer.auth.cache.expiry.buffer.seconds")).shortValue();
    }

    public static Map<String, Object> getClientSslConfig(Map<String, ?> map) {
        return (Map) map.entrySet().stream().filter(entry -> {
            return ((String) entry.getKey()).startsWith("ssl.");
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
    }
}
