package com.azure.spring.cloud.service.implementation.kafka;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.spring.cloud.core.implementation.credential.resolver.AzureTokenCredentialResolver;
import com.azure.spring.cloud.core.implementation.factory.credential.DefaultAzureCredentialBuilderFactory;
import java.net.URI;
import java.time.Duration;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback;

/* loaded from: input_file:com/azure/spring/cloud/service/implementation/kafka/KafkaOAuth2AuthenticateCallbackHandler.class */
public class KafkaOAuth2AuthenticateCallbackHandler implements AuthenticateCallbackHandler {
    private static final Duration ACCESS_TOKEN_REQUEST_BLOCK_TIME = Duration.ofSeconds(30);
    private static final String TOKEN_AUDIENCE_FORMAT = "%s://%s/.default";
    private final AzureKafkaProperties properties;
    private final AzureTokenCredentialResolver tokenCredentialResolver;
    private TokenCredential credential;
    private AzureOAuthBearerToken accessToken;
    private String tokenAudience;

    public KafkaOAuth2AuthenticateCallbackHandler() {
        this(new AzureKafkaProperties(), new AzureTokenCredentialResolver());
    }

    public KafkaOAuth2AuthenticateCallbackHandler(AzureKafkaProperties azureKafkaProperties, AzureTokenCredentialResolver azureTokenCredentialResolver) {
        this.properties = azureKafkaProperties;
        this.tokenCredentialResolver = azureTokenCredentialResolver;
    }

    public void configure(Map<String, ?> map, String str, List<AppConfigurationEntry> list) {
        List list2 = (List) map.get("bootstrap.servers");
        if (list2 == null || list2.size() != 1) {
            throw new IllegalArgumentException("Invalid bootstrap servers configured for Azure Event Hubs for Kafka! Must supply exactly 1 non-null bootstrap server configuration, with the format as {YOUR.EVENTHUBS.FQDN}:9093.");
        }
        String str2 = (String) list2.get(0);
        if (!str2.endsWith(":9093")) {
            throw new IllegalArgumentException("Invalid bootstrap server configured for Azure Event Hubs for Kafka! The format should be {YOUR.EVENTHUBS.FQDN}:9093.");
        }
        URI create = URI.create("https://" + str2);
        this.tokenAudience = String.format(TOKEN_AUDIENCE_FORMAT, create.getScheme(), create.getHost());
        this.credential = (TokenCredential) map.get(AzureKafkaPropertiesUtils.AZURE_TOKEN_CREDENTIAL);
        AzureKafkaPropertiesUtils.convertConfigMapToAzureProperties(map, this.properties);
    }

    public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
        for (Callback callback : callbackArr) {
            if (!(callback instanceof OAuthBearerTokenCallback)) {
                throw new UnsupportedCallbackException(callback);
            }
            this.credential = getTokenCredential();
            ((OAuthBearerTokenCallback) callback).token(getOAuthBearerToken());
        }
    }

    private TokenCredential getTokenCredential() {
        if (this.credential == null) {
            this.credential = this.tokenCredentialResolver.resolve(this.properties);
            if (this.credential == null) {
                this.credential = ((DefaultAzureCredentialBuilder) new DefaultAzureCredentialBuilderFactory(this.properties).build()).build();
            }
        }
        return this.credential;
    }

    private OAuthBearerToken getOAuthBearerToken() {
        if (this.accessToken == null || this.accessToken.isExpired()) {
            TokenRequestContext tokenRequestContext = new TokenRequestContext();
            tokenRequestContext.addScopes(new String[]{this.tokenAudience});
            tokenRequestContext.setTenantId(this.properties.m10getProfile().getTenantId());
            AccessToken accessToken = (AccessToken) this.credential.getToken(tokenRequestContext).block(ACCESS_TOKEN_REQUEST_BLOCK_TIME);
            if (accessToken != null) {
                this.accessToken = new AzureOAuthBearerToken(accessToken);
            }
        }
        return this.accessToken;
    }

    public void close() {
    }
}
