package com.linkedin.kafka.cruisecontrol.servlet.security.trustedproxy;

import com.linkedin.kafka.cruisecontrol.config.KafkaCruiseControlConfig;
import com.linkedin.kafka.cruisecontrol.config.constants.WebServerConfig;
import com.linkedin.kafka.cruisecontrol.servlet.security.spnego.SpnegoSecurityProvider;
import java.nio.file.Paths;
import java.util.List;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.authentication.ConfigurableSpnegoAuthenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/linkedin/kafka/cruisecontrol/servlet/security/trustedproxy/TrustedProxySecurityProvider.class */
public class TrustedProxySecurityProvider extends SpnegoSecurityProvider {
    private List<String> _trustedProxyServices;
    private String _trustedProxyServicesIpRegex;
    private static final Logger LOG = LoggerFactory.getLogger(TrustedProxySecurityProvider.class);

    @Override // com.linkedin.kafka.cruisecontrol.servlet.security.spnego.SpnegoSecurityProvider, com.linkedin.kafka.cruisecontrol.servlet.security.DefaultRoleSecurityProvider, com.linkedin.kafka.cruisecontrol.servlet.security.SecurityProvider
    public void init(KafkaCruiseControlConfig kafkaCruiseControlConfig) {
        super.init(kafkaCruiseControlConfig);
        this._trustedProxyServices = kafkaCruiseControlConfig.getList(WebServerConfig.TRUSTED_PROXY_SERVICES_CONFIG);
        String string = kafkaCruiseControlConfig.getString(WebServerConfig.TRUSTED_PROXY_SERVICES_IP_REGEX_CONFIG);
        if (string != null) {
            this._trustedProxyServicesIpRegex = string;
        }
        LOG.info("Setting up authentication for trusted proxy list [{}] with keytab {} and spnego principal {} with IP whitelist regex {}", new Object[]{String.join(",", this._trustedProxyServices), this._keyTabPath, this._spnegoPrincipal, this._trustedProxyServicesIpRegex});
    }

    @Override // com.linkedin.kafka.cruisecontrol.servlet.security.spnego.SpnegoSecurityProvider, com.linkedin.kafka.cruisecontrol.servlet.security.SecurityProvider
    public LoginService loginService() {
        TrustedProxyLoginService trustedProxyLoginService = new TrustedProxyLoginService(this._spnegoPrincipal.realm(), authorizationService(), this._trustedProxyServices, this._trustedProxyServicesIpRegex);
        trustedProxyLoginService.setServiceName(this._spnegoPrincipal.serviceName());
        trustedProxyLoginService.setHostName(this._spnegoPrincipal.hostName());
        trustedProxyLoginService.setKeyTabPath(Paths.get(this._keyTabPath, new String[0]));
        return trustedProxyLoginService;
    }

    @Override // com.linkedin.kafka.cruisecontrol.servlet.security.spnego.SpnegoSecurityProvider, com.linkedin.kafka.cruisecontrol.servlet.security.SecurityProvider
    public Authenticator authenticator() {
        return new ConfigurableSpnegoAuthenticator();
    }
}
