package com.ververica.cdc.connectors.shaded.org.apache.kafka.common.security.oauthbearer.secured;

import com.ververica.cdc.connectors.shaded.org.apache.kafka.common.KafkaException;
import com.ververica.cdc.connectors.shaded.org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import com.ververica.cdc.connectors.shaded.org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback;
import com.ververica.cdc.connectors.shaded.org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallback;
import java.io.IOException;
import java.security.Key;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicInteger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwx.JsonWebStructure;
import org.jose4j.lang.UnresolvableKeyException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/ververica/cdc/connectors/shaded/org/apache/kafka/common/security/oauthbearer/secured/OAuthBearerValidatorCallbackHandler.class */
public class OAuthBearerValidatorCallbackHandler implements AuthenticateCallbackHandler {
    private static final Logger log = LoggerFactory.getLogger(OAuthBearerValidatorCallbackHandler.class);
    private static final Map<VerificationKeyResolverKey, CloseableVerificationKeyResolver> VERIFICATION_KEY_RESOLVER_CACHE = new HashMap();
    private CloseableVerificationKeyResolver verificationKeyResolver;
    private AccessTokenValidator accessTokenValidator;
    private boolean isInitialized = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ververica/cdc/connectors/shaded/org/apache/kafka/common/security/oauthbearer/secured/OAuthBearerValidatorCallbackHandler$RefCountingVerificationKeyResolver.class */
    public static class RefCountingVerificationKeyResolver implements CloseableVerificationKeyResolver {
        private final CloseableVerificationKeyResolver delegate;
        private final AtomicInteger count = new AtomicInteger(0);

        public RefCountingVerificationKeyResolver(CloseableVerificationKeyResolver closeableVerificationKeyResolver) {
            this.delegate = closeableVerificationKeyResolver;
        }

        public Key resolveKey(JsonWebSignature jsonWebSignature, List<JsonWebStructure> list) throws UnresolvableKeyException {
            return this.delegate.resolveKey(jsonWebSignature, list);
        }

        @Override // com.ververica.cdc.connectors.shaded.org.apache.kafka.common.security.oauthbearer.secured.Initable
        public void init() throws IOException {
            if (this.count.incrementAndGet() == 1) {
                this.delegate.init();
            }
        }

        @Override // com.ververica.cdc.connectors.shaded.org.apache.kafka.common.security.oauthbearer.secured.CloseableVerificationKeyResolver, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            if (this.count.decrementAndGet() == 0) {
                this.delegate.close();
            }
        }
    }

    /* loaded from: input_file:com/ververica/cdc/connectors/shaded/org/apache/kafka/common/security/oauthbearer/secured/OAuthBearerValidatorCallbackHandler$VerificationKeyResolverKey.class */
    private static class VerificationKeyResolverKey {
        private final Map<String, ?> configs;
        private final Map<String, Object> moduleOptions;

        public VerificationKeyResolverKey(Map<String, ?> map, Map<String, Object> map2) {
            this.configs = map;
            this.moduleOptions = map2;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            VerificationKeyResolverKey verificationKeyResolverKey = (VerificationKeyResolverKey) obj;
            return this.configs.equals(verificationKeyResolverKey.configs) && this.moduleOptions.equals(verificationKeyResolverKey.moduleOptions);
        }

        public int hashCode() {
            return Objects.hash(this.configs, this.moduleOptions);
        }
    }

    @Override // com.ververica.cdc.connectors.shaded.org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
    public void configure(Map<String, ?> map, String str, List<AppConfigurationEntry> list) {
        CloseableVerificationKeyResolver computeIfAbsent;
        Map<String, Object> options = JaasOptionsUtils.getOptions(str, list);
        synchronized (VERIFICATION_KEY_RESOLVER_CACHE) {
            computeIfAbsent = VERIFICATION_KEY_RESOLVER_CACHE.computeIfAbsent(new VerificationKeyResolverKey(map, options), verificationKeyResolverKey -> {
                return new RefCountingVerificationKeyResolver(VerificationKeyResolverFactory.create(map, str, options));
            });
        }
        init(computeIfAbsent, AccessTokenValidatorFactory.create(map, str, computeIfAbsent));
    }

    void init(CloseableVerificationKeyResolver closeableVerificationKeyResolver, AccessTokenValidator accessTokenValidator) {
        this.verificationKeyResolver = closeableVerificationKeyResolver;
        this.accessTokenValidator = accessTokenValidator;
        try {
            closeableVerificationKeyResolver.init();
            this.isInitialized = true;
        } catch (Exception e) {
            throw new KafkaException("The OAuth validator configuration encountered an error when initializing the VerificationKeyResolver", e);
        }
    }

    @Override // com.ververica.cdc.connectors.shaded.org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
    public void close() {
        if (this.verificationKeyResolver != null) {
            try {
                this.verificationKeyResolver.close();
            } catch (Exception e) {
                log.error(e.getMessage(), e);
            }
        }
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        checkInitialized();
        for (Callback callback : callbackArr) {
            if (callback instanceof OAuthBearerValidatorCallback) {
                handleValidatorCallback((OAuthBearerValidatorCallback) callback);
            } else {
                if (!(callback instanceof OAuthBearerExtensionsValidatorCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                handleExtensionsValidatorCallback((OAuthBearerExtensionsValidatorCallback) callback);
            }
        }
    }

    private void handleValidatorCallback(OAuthBearerValidatorCallback oAuthBearerValidatorCallback) {
        checkInitialized();
        try {
            oAuthBearerValidatorCallback.token(this.accessTokenValidator.validate(oAuthBearerValidatorCallback.tokenValue()));
        } catch (ValidateException e) {
            log.warn(e.getMessage(), e);
            oAuthBearerValidatorCallback.error("invalid_token", null, null);
        }
    }

    private void handleExtensionsValidatorCallback(OAuthBearerExtensionsValidatorCallback oAuthBearerExtensionsValidatorCallback) {
        checkInitialized();
        oAuthBearerExtensionsValidatorCallback.inputExtensions().map().forEach((str, str2) -> {
            oAuthBearerExtensionsValidatorCallback.valid(str);
        });
    }

    private void checkInitialized() {
        if (!this.isInitialized) {
            throw new IllegalStateException(String.format("To use %s, first call the configure or init method", getClass().getSimpleName()));
        }
    }
}
