package com.sap.cds.feature.messaging.kafka.utils;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.sap.cds.feature.messaging.kafka.client.deserializer.ErrorHandlingStringDeserializer;
import com.sap.cds.services.ErrorStatuses;
import com.sap.cds.services.ServiceException;
import java.io.BufferedReader;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.UUID;
import java.util.stream.Collectors;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.kafka.clients.consumer.RangeAssignor;
import org.apache.kafka.common.serialization.StringSerializer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cds/feature/messaging/kafka/utils/KafkaUtils.class */
public final class KafkaUtils {
    private static final Logger logger = LoggerFactory.getLogger(KafkaUtils.class);
    private static final ObjectMapper mapper = new ObjectMapper();

    private KafkaUtils() {
    }

    public static byte[] toBytes(String str) {
        return ((String) Objects.requireNonNull(str)).getBytes(StandardCharsets.UTF_8);
    }

    public static String toString(byte[] bArr) {
        return new String((byte[]) Objects.requireNonNull(bArr), StandardCharsets.UTF_8);
    }

    public static Properties getAdminProperties(KafkaServiceBinding kafkaServiceBinding) {
        Properties properties = new Properties();
        properties.put("bootstrap.servers", kafkaServiceBinding.getBootstrapServersAuthSSL());
        properties.putAll(getSSLProperties(kafkaServiceBinding));
        return properties;
    }

    public static Properties createMessageProducerProperties(KafkaServiceBinding kafkaServiceBinding, String str, Map<String, Object> map) {
        Properties properties = new Properties();
        properties.put("bootstrap.servers", kafkaServiceBinding.getBootstrapServersAuthSSL());
        properties.put("client.id", createClientId(str));
        properties.put("key.serializer", StringSerializer.class.getName());
        properties.put("value.serializer", StringSerializer.class.getName());
        properties.put("acks", "all");
        properties.putAll(getSSLProperties(kafkaServiceBinding));
        getKafkaProperties("producer", map, properties);
        return properties;
    }

    public static Properties createMessageConsumerProperties(KafkaServiceBinding kafkaServiceBinding, String str, Map<String, Object> map) {
        Properties properties = new Properties();
        properties.put("bootstrap.servers", kafkaServiceBinding.getBootstrapServersAuthSSL());
        properties.put("group.id", str);
        properties.put("client.id", createClientId(str));
        properties.put("partition.assignment.strategy", RangeAssignor.class.getName());
        properties.put("key.deserializer", ErrorHandlingStringDeserializer.class.getName());
        properties.put("value.deserializer", ErrorHandlingStringDeserializer.class.getName());
        properties.put("auto.offset.reset", "earliest");
        properties.put("enable.auto.commit", false);
        properties.put("max.poll.records", 1);
        properties.putAll(getSSLProperties(kafkaServiceBinding));
        getKafkaProperties("consumer", map, properties);
        return properties;
    }

    private static void getKafkaProperties(String str, Map<String, Object> map, Properties properties) {
        if (map == null || map.isEmpty() || !map.containsKey(str)) {
            return;
        }
        properties.putAll((Map) map.get(str));
    }

    private static String createClientId(String str) {
        return str + "-" + UUID.randomUUID().toString();
    }

    private static Properties getSSLProperties(KafkaServiceBinding kafkaServiceBinding) {
        Properties properties = new Properties();
        try {
            String randomString = getRandomString(30);
            properties.put("security.protocol", "SASL_SSL");
            properties.put("sasl.mechanism", "PLAIN");
            if (StringUtils.isNotBlank(kafkaServiceBinding.getTokenUrl())) {
                properties.put("sasl.jaas.config", getJaasString(kafkaServiceBinding));
            } else {
                if (!StringUtils.isNotBlank(kafkaServiceBinding.getPassword()) || !StringUtils.isNotBlank(kafkaServiceBinding.getUsername())) {
                    throw new ServiceException(ErrorStatuses.SERVER_ERROR, "Failed to retrieve credentials from the Kafka service binding", new Object[0]);
                }
                properties.put("sasl.jaas.config", getJaasStringForBasicAuth(kafkaServiceBinding));
            }
            if (StringUtils.isNotBlank(kafkaServiceBinding.getRootCertUrl())) {
                properties.put("ssl.truststore.location", TrustStoreUtils.createTruststoreWithRootCertsFromUrl(randomString, kafkaServiceBinding.getRootCertUrl()));
                properties.put("ssl.truststore.password", randomString);
                properties.put("ssl.endpoint.identification.algorithm", "");
            }
            return properties;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            logger.error("Error while retrieving the SSL properties from the Kafka service binding.", e);
            throw new ServiceException(ErrorStatuses.SERVER_ERROR, "Failed to retrieve the SSL properties from the Kafka service binding", new Object[0]);
        }
    }

    private static String getRandomString(int i) {
        return RandomStringUtils.random(i, 32, 127, false, false, (char[]) null, new SecureRandom());
    }

    private static String getJaasString(KafkaServiceBinding kafkaServiceBinding) throws IOException {
        String username = kafkaServiceBinding.getUsername();
        return "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"%s\" password=\"%s\";".formatted(username, getToken(kafkaServiceBinding.getTokenUrl(), username, kafkaServiceBinding.getPassword()));
    }

    private static String getJaasStringForBasicAuth(KafkaServiceBinding kafkaServiceBinding) {
        return "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"%s\" password=\"%s\";".formatted(kafkaServiceBinding.getUsername(), kafkaServiceBinding.getPassword());
    }

    private static String getToken(String str, String str2, String str3) throws IOException {
        String str4 = "Basic " + Base64.encodeBase64String(toBytes(str2 + ":" + str3));
        byte[] bytes = toBytes("grant_type=client_credentials");
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestProperty("Authorization", str4);
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        httpURLConnection.setRequestProperty("charset", "utf-8");
        httpURLConnection.setRequestProperty("Content-Length", bytes.length);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);
        DataOutputStream dataOutputStream = new DataOutputStream(httpURLConnection.getOutputStream());
        try {
            dataOutputStream.write(bytes);
            dataOutputStream.close();
            DataInputStream dataInputStream = new DataInputStream(httpURLConnection.getInputStream());
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(dataInputStream));
                try {
                    String str5 = (String) bufferedReader.lines().collect(Collectors.joining("\n"));
                    bufferedReader.close();
                    dataInputStream.close();
                    httpURLConnection.disconnect();
                    return ((JsonNode) mapper.readValue(str5, JsonNode.class)).get("access_token").asText();
                } finally {
                }
            } catch (Throwable th) {
                try {
                    dataInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (Throwable th3) {
            try {
                dataOutputStream.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }
}
