package com.mulesoft.connectors.kafka.internal.connection.provider.sasl.oauth.handler;

import com.mulesoft.connectors.kafka.api.oauth.connection.provider.CredentialsPlacement;
import com.mulesoft.connectors.kafka.internal.connection.provider.sasl.oauth.OAuthBearerConnectionProviderUtils;
import com.mulesoft.connectors.kafka.internal.connection.provider.sasl.oauth.handler.login.AuthenticationDetails;
import com.mulesoft.connectors.kafka.internal.connection.provider.sasl.oauth.handler.login.ClientCredentialsLoginManager;
import com.mulesoft.connectors.kafka.internal.connection.provider.sasl.oauth.handler.login.LoginDetails;
import com.mulesoft.connectors.kafka.internal.error.exception.oauth.OAuthConfigurationException;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeoutException;
import java.util.stream.Collectors;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import org.apache.kafka.common.security.auth.SaslExtensions;
import org.apache.kafka.common.security.auth.SaslExtensionsCallback;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback;
import org.mule.runtime.api.exception.MuleRuntimeException;
import org.mule.runtime.http.api.client.HttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mulesoft/connectors/kafka/internal/connection/provider/sasl/oauth/handler/MuleOAuthBearerLoginCallbackHandler.class */
public class MuleOAuthBearerLoginCallbackHandler implements AuthenticateCallbackHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger(MuleOAuthBearerLoginCallbackHandler.class);
    private String clientId;
    private String clientSecret;
    private String scope;
    private String audience;
    private String principalName;
    private URI tokenEndpoint;
    private int maxTokenExpirySeconds;
    private LinkedHashMap<String, String> oAuthExtensions;
    private ClientCredentialsLoginManager clientCredentialsLoginManager;

    public void configure(Map<String, ?> map, String str, List<AppConfigurationEntry> list) {
        LOGGER.info("Configuring Mule login callback handler...");
        HttpClient httpClient = (HttpClient) map.get(OAuthBearerConnectionProviderUtils.OAUTH_HTTP_CLIENT_NAME);
        LOGGER.info("Collecting JAAS configuration entries...");
        Map map2 = (Map) list.stream().flatMap(appConfigurationEntry -> {
            return appConfigurationEntry.getOptions().entrySet().stream();
        }).collect(Collectors.toMap(entry -> {
            return String.valueOf(entry.getKey());
        }, entry2 -> {
            return String.valueOf(entry2.getValue());
        }, (str2, str3) -> {
            return str3;
        }, HashMap::new));
        String str4 = (String) map2.get((String) map.get(OAuthBearerConnectionProviderUtils.OAUTH_TOKEN_ENDPOINT_KEY));
        try {
            LOGGER.info("Validating authentication token endpoint...");
            this.tokenEndpoint = new URI(str4);
            String str5 = (String) map.get(OAuthBearerConnectionProviderUtils.OAUTH_CLIENT_ID_KEY);
            String str6 = (String) map.get(OAuthBearerConnectionProviderUtils.OAUTH_CLIENT_SECRET_KEY);
            String str7 = (String) map.get(OAuthBearerConnectionProviderUtils.OAUTH_SCOPE_KEY);
            String str8 = (String) map.get(OAuthBearerConnectionProviderUtils.OAUTH_AUDIENCE_KEY);
            Integer num = (Integer) map.get(OAuthBearerConnectionProviderUtils.OAUTH_RESPONSE_TIMEOUT);
            Boolean bool = (Boolean) map.get(OAuthBearerConnectionProviderUtils.OAUTH_FOLLOW_REDIRECTS);
            Boolean bool2 = (Boolean) map.get(OAuthBearerConnectionProviderUtils.OAUTH_INCLUDE_ACCEPT_HEADER);
            CredentialsPlacement credentialsPlacement = (CredentialsPlacement) map.get(OAuthBearerConnectionProviderUtils.OAUTH_CREDENTIALS_PLACEMENT);
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Building login manager with properties: responseTimeout: {} , followRedirects: {} , includeAcceptHeader: {}", new Object[]{num, bool, bool2});
            }
            this.clientCredentialsLoginManager = new ClientCredentialsLoginManager(httpClient, num, bool.booleanValue(), bool2.booleanValue(), credentialsPlacement);
            this.clientId = (String) map2.get(str5);
            this.clientSecret = (String) map2.get(str6);
            this.scope = (String) map2.get(str7);
            this.audience = (String) map2.get(str8);
            this.principalName = map.get(OAuthBearerConnectionProviderUtils.OAUTH_PRINCIPAL_NAME) != null ? (String) map.get(OAuthBearerConnectionProviderUtils.OAUTH_PRINCIPAL_NAME) : "undefined";
            this.oAuthExtensions = map.get(OAuthBearerConnectionProviderUtils.OAUTH_EXTENSIONS_KEY) != null ? new LinkedHashMap<>((Map) map.get(OAuthBearerConnectionProviderUtils.OAUTH_EXTENSIONS_KEY)) : new LinkedHashMap<>();
            this.maxTokenExpirySeconds = map.get(OAuthBearerConnectionProviderUtils.OAUTH_MAX_TOKEN_EXPIRY) != null ? ((Integer) map.get(OAuthBearerConnectionProviderUtils.OAUTH_MAX_TOKEN_EXPIRY)).intValue() : -1;
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Mule login callback handler configured clientId: {} with properties: \n tokenEndpoint: {} ,\n scope: {} ,\n audience: {} ,\n maxTokenExpirySeconds: {} ,\n oAuthExtensions: {} ", new Object[]{this.clientId, this.tokenEndpoint, this.scope, this.audience, Integer.valueOf(this.maxTokenExpirySeconds), this.oAuthExtensions});
            }
        } catch (URISyntaxException e) {
            throw new OAuthConfigurationException("Specified token endpoint uri is invalid: 'mule_oauth_login_callback_handler_token_endpoint_key: " + str4, e);
        }
    }

    public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Handle method called with {} callbacks", Integer.valueOf(callbackArr.length));
        }
        for (Callback callback : callbackArr) {
            if (callback instanceof OAuthBearerTokenCallback) {
                LOGGER.info("Handling OAuthBearerTokenCallback...");
                handleCallback((OAuthBearerTokenCallback) callback);
            } else {
                if (!(callback instanceof SaslExtensionsCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                LOGGER.info("Handling SaslExtensionsCallback...");
                ((SaslExtensionsCallback) callback).extensions(new SaslExtensions(this.oAuthExtensions));
            }
        }
    }

    private void handleCallback(OAuthBearerTokenCallback oAuthBearerTokenCallback) {
        if (oAuthBearerTokenCallback.token() != null) {
            throw new IllegalArgumentException("The callback already contains a specified token!");
        }
        try {
            LOGGER.info("Initiating authentication dance...");
            final AuthenticationDetails login = this.clientCredentialsLoginManager.login(new LoginDetails(this.clientId, this.clientSecret, this.tokenEndpoint, this.scope, this.audience, this.principalName));
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Authentication dance to endpoint {} successfully performed", this.tokenEndpoint);
                LOGGER.debug("Authentication details: \n scope: {} ,\n startTimeMs: {} ,\n lifeTimeMs: {} ,\n principalName: {} ", new Object[]{login.getScope(), Long.valueOf(login.getIssuedAtMs()), Long.valueOf(login.getExpiresAtMs()), login.getPrincipal()});
            }
            oAuthBearerTokenCallback.token(new OAuthBearerToken() { // from class: com.mulesoft.connectors.kafka.internal.connection.provider.sasl.oauth.handler.MuleOAuthBearerLoginCallbackHandler.1
                public String value() {
                    return login.getAccessToken();
                }

                public Set<String> scope() {
                    return login.getScope();
                }

                public long lifetimeMs() {
                    long issuedAtMs = login.getIssuedAtMs() + (MuleOAuthBearerLoginCallbackHandler.this.maxTokenExpirySeconds * 1000);
                    return (MuleOAuthBearerLoginCallbackHandler.this.maxTokenExpirySeconds <= 0 || login.getExpiresAtMs() <= issuedAtMs) ? login.getExpiresAtMs() : issuedAtMs;
                }

                public String principalName() {
                    return login.getPrincipal();
                }

                public Long startTimeMs() {
                    return Long.valueOf(login.getIssuedAtMs());
                }
            });
        } catch (MuleRuntimeException | IOException | TimeoutException e) {
            LOGGER.error("Authentication dance failed!");
            LOGGER.error(e.getMessage(), e);
            oAuthBearerTokenCallback.error("invalid_token", e.getMessage(), (String) null);
        }
    }

    public void close() {
        LOGGER.info("Closing the Mule login callback handler...");
    }
}
