package kd.isc.iscb.platform.core.dc.mq.kafka;

import com.sun.security.auth.module.Krb5LoginModule;
import java.util.Map;
import javax.security.auth.spi.LoginModule;
import kd.bos.dataentity.entity.DynamicObject;
import kd.bos.util.StringUtils;
import kd.isc.iscb.platform.core.connector.k3cloud.K3CloudConstant;
import kd.isc.iscb.platform.core.util.TimerJobUtil;
import kd.isc.iscb.util.dt.D;
import kd.isc.iscb.util.except.IscBizException;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule;
import org.apache.kafka.common.security.plain.PlainLoginModule;
import org.apache.kafka.common.security.scram.ScramLoginModule;

/* loaded from: input_file:kd/isc/iscb/platform/core/dc/mq/kafka/KafkaUtil.class */
public class KafkaUtil {
    private static final String SASL_P = "password";

    public static void checkSaslJaas(Map<String, Object> map, DynamicObject dynamicObject) {
        String s = D.s(dynamicObject.get(K3CloudConstant.USER));
        String s2 = D.s(dynamicObject.get("password"));
        if (StringUtils.isEmpty(s)) {
            return;
        }
        String s3 = D.s(dynamicObject.get("mechanism_protocol"));
        if (!StringUtils.isEmpty(s2) || "OAUTHBEARER".equals(s3)) {
            String s4 = D.s(dynamicObject.get("security_protocol"));
            if (StringUtils.isEmpty(s4)) {
                s4 = "SASL_PLAINTEXT";
            }
            if (StringUtils.isEmpty(s3)) {
                s3 = "PLAIN";
            }
            map.put("security.protocol", s4);
            map.put("sasl.mechanism", s3);
            setConfig(map, dynamicObject, s, s2, s3);
        }
    }

    private static void setConfig(Map<String, Object> map, DynamicObject dynamicObject, String str, String str2, String str3) {
        boolean z = -1;
        switch (str3.hashCode()) {
            case -1875511693:
                if (str3.equals("SCRAM-SHA-256")) {
                    z = true;
                    break;
                }
                break;
            case -1875508938:
                if (str3.equals("SCRAM-SHA-512")) {
                    z = 2;
                    break;
                }
                break;
            case -1625286504:
                if (str3.equals("OAUTHBEARER")) {
                    z = 3;
                    break;
                }
                break;
            case 76210602:
                if (str3.equals("PLAIN")) {
                    z = false;
                    break;
                }
                break;
            case 2111859635:
                if (str3.equals("GSSAPI")) {
                    z = 4;
                    break;
                }
                break;
        }
        switch (z) {
            case TimerJobUtil.ZERO /* 0 */:
                setSaslJaasConfig(map, PlainLoginModule.class, str, str2);
                return;
            case true:
            case true:
                setSaslJaasConfig(map, ScramLoginModule.class, str, str2);
                return;
            case true:
                map.put("sasl.jaas.config", OAuthBearerLoginModule.class.getName() + " required  unsecuredLoginStringClaim_sub=\"" + str + "\";");
                return;
            case true:
                map.put("sasl.jaas.config", Krb5LoginModule.class.getName() + " required useKeyTab=true storeKey=true useTicketCache=true keyTab=\"" + str2 + "\"  principal=\"" + str + "\";");
                return;
            default:
                throw new IscBizException("不支持的协议机制：" + str3);
        }
    }

    private static void setSaslJaasConfig(Map<String, Object> map, Class<? extends LoginModule> cls, String str, String str2) {
        map.put("sasl.jaas.config", cls.getName() + " required username=\"" + str + "\" password=\"" + str2 + "\";");
    }
}
