package com.linkedin.kafka.cruisecontrol.servlet.security;

import com.linkedin.kafka.cruisecontrol.config.KafkaCruiseControlConfig;
import com.linkedin.kafka.cruisecontrol.config.constants.WebServerConfig;
import com.linkedin.kafka.cruisecontrol.servlet.CruiseControlEndPoint;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.util.security.Constraint;

/* loaded from: input_file:com/linkedin/kafka/cruisecontrol/servlet/security/DefaultRoleSecurityProvider.class */
public abstract class DefaultRoleSecurityProvider implements SecurityProvider {
    public static final String ADMIN = "ADMIN";
    public static final String USER = "USER";
    public static final String VIEWER = "VIEWER";
    private String _webServerApiUrlPrefix;

    @Override // com.linkedin.kafka.cruisecontrol.servlet.security.SecurityProvider
    public void init(KafkaCruiseControlConfig kafkaCruiseControlConfig) {
        this._webServerApiUrlPrefix = kafkaCruiseControlConfig.getString(WebServerConfig.WEBSERVER_API_URLPREFIX_CONFIG);
    }

    @Override // com.linkedin.kafka.cruisecontrol.servlet.security.SecurityProvider
    public List<ConstraintMapping> constraintMappings() {
        ArrayList arrayList = new ArrayList();
        CruiseControlEndPoint.getEndpoints().forEach(cruiseControlEndPoint -> {
            if (cruiseControlEndPoint == CruiseControlEndPoint.KAFKA_CLUSTER_STATE || cruiseControlEndPoint == CruiseControlEndPoint.USER_TASKS || cruiseControlEndPoint == CruiseControlEndPoint.REVIEW_BOARD) {
                arrayList.add(mapping(cruiseControlEndPoint, VIEWER, USER, ADMIN));
            } else if (cruiseControlEndPoint == CruiseControlEndPoint.BOOTSTRAP || cruiseControlEndPoint == CruiseControlEndPoint.TRAIN) {
                arrayList.add(mapping(cruiseControlEndPoint, ADMIN));
            } else {
                arrayList.add(mapping(cruiseControlEndPoint, USER, ADMIN));
            }
        });
        CruiseControlEndPoint.postEndpoints().forEach(cruiseControlEndPoint2 -> {
            arrayList.add(mapping(cruiseControlEndPoint2, ADMIN));
        });
        return arrayList;
    }

    @Override // com.linkedin.kafka.cruisecontrol.servlet.security.SecurityProvider
    public Set<String> roles() {
        return Collections.unmodifiableSet(new HashSet(Arrays.asList(VIEWER, USER, ADMIN)));
    }

    private ConstraintMapping mapping(CruiseControlEndPoint cruiseControlEndPoint, String... strArr) {
        Constraint constraint = new Constraint();
        constraint.setName("BASIC");
        constraint.setRoles(strArr);
        constraint.setAuthenticate(true);
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setPathSpec(this._webServerApiUrlPrefix.replace(WebServerConfig.DEFAULT_WEBSERVER_HTTP_CORS_ORIGIN, cruiseControlEndPoint.name().toLowerCase()));
        constraintMapping.setConstraint(constraint);
        return constraintMapping;
    }
}
