package com.linkedin.kafka.cruisecontrol.servlet.security.jwt;

import com.linkedin.kafka.cruisecontrol.config.KafkaCruiseControlConfig;
import com.linkedin.kafka.cruisecontrol.config.constants.WebServerConfig;
import com.linkedin.kafka.cruisecontrol.servlet.security.DefaultRoleSecurityProvider;
import com.linkedin.kafka.cruisecontrol.servlet.security.UserStoreAuthorizationService;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.List;
import javax.servlet.ServletException;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.authentication.AuthorizationService;

/* loaded from: input_file:com/linkedin/kafka/cruisecontrol/servlet/security/jwt/JwtSecurityProvider.class */
public class JwtSecurityProvider extends DefaultRoleSecurityProvider {
    private String _authenticationProviderUrl;
    private String _cookieName;
    private String _publicKeyLocation;
    private String _privilegesFilePath;
    private List<String> _audiences;

    @Override // com.linkedin.kafka.cruisecontrol.servlet.security.DefaultRoleSecurityProvider, com.linkedin.kafka.cruisecontrol.servlet.security.SecurityProvider
    public void init(KafkaCruiseControlConfig kafkaCruiseControlConfig) {
        super.init(kafkaCruiseControlConfig);
        this._authenticationProviderUrl = kafkaCruiseControlConfig.getString(WebServerConfig.JWT_AUTHENTICATION_PROVIDER_URL_CONFIG);
        this._cookieName = kafkaCruiseControlConfig.getString(WebServerConfig.JWT_COOKIE_NAME_CONFIG);
        this._publicKeyLocation = kafkaCruiseControlConfig.getString(WebServerConfig.JWT_AUTH_CERTIFICATE_LOCATION_CONFIG);
        this._audiences = kafkaCruiseControlConfig.getList(WebServerConfig.JWT_EXPECTED_AUDIENCES_CONFIG);
        this._privilegesFilePath = kafkaCruiseControlConfig.getString(WebServerConfig.WEBSERVER_AUTH_CREDENTIALS_FILE_CONFIG);
    }

    @Override // com.linkedin.kafka.cruisecontrol.servlet.security.SecurityProvider
    public LoginService loginService() throws ServletException {
        try {
            return new JwtLoginService(authorizationService(), this._publicKeyLocation, this._audiences);
        } catch (IOException | CertificateException e) {
            throw new ServletException(e);
        }
    }

    @Override // com.linkedin.kafka.cruisecontrol.servlet.security.SecurityProvider
    public Authenticator authenticator() {
        return new JwtAuthenticator(this._authenticationProviderUrl, this._cookieName);
    }

    public AuthorizationService authorizationService() {
        return new UserStoreAuthorizationService(this._privilegesFilePath);
    }
}
