package com.datarobot.mlops.spooler.kafka;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.identity.DefaultAzureCredentialBuilder;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeoutException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datarobot/mlops/spooler/kafka/ActiveDirectoryAuthenticateCallbackHandler.class */
public class ActiveDirectoryAuthenticateCallbackHandler implements AuthenticateCallbackHandler {
    public static final String AAD_TENANT_ID = "aad.tenant.id";
    public static final String AAD_CLIENT_ID = "aad.client.id";
    public static final String AAD_CLIENT_SECRET = "aad.client.secret";
    private TokenCredential credential;
    private String scope;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ActiveDirectoryAuthenticateCallbackHandler.class);
    static final ScheduledExecutorService EXECUTOR_SERVICE = Executors.newScheduledThreadPool(1);

    @Override // org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
    public void configure(Map<String, ?> map, String str, List<AppConfigurationEntry> list) {
        if (!OAuthBearerLoginModule.OAUTHBEARER_MECHANISM.equals(str)) {
            throw new IllegalArgumentException("Unexpected SASL mechanism: " + str);
        }
        URI create = URI.create("https://" + Arrays.asList(map.get("bootstrap.servers")).get(0).toString().replaceAll("\\[|\\]", ""));
        this.scope = (create.getScheme() + "://" + create.getHost()) + "/.default";
        Properties parseJaasConfig = parseJaasConfig(list);
        String property = parseJaasConfig.getProperty(AAD_TENANT_ID);
        String property2 = parseJaasConfig.getProperty(AAD_CLIENT_ID);
        String property3 = parseJaasConfig.getProperty(AAD_CLIENT_SECRET);
        if (property == null || property2 == null || property3 == null) {
            this.credential = new DefaultAzureCredentialBuilder().build();
        } else {
            this.credential = new ClientSecretCredentialBuilder().tenantId(property).clientId(property2).clientSecret(property3).build();
        }
    }

    private Properties parseJaasConfig(List<AppConfigurationEntry> list) {
        Properties properties = new Properties();
        if (list.size() == 0) {
            return properties;
        }
        if (list.size() > 1) {
            throw new IllegalArgumentException("Can have no more than one jaasConfigEntry (size: " + list.size());
        }
        properties.putAll(list.get(0).getOptions());
        return properties;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (Callback callback : callbackArr) {
            if (!(callback instanceof OAuthBearerTokenCallback)) {
                throw new UnsupportedCallbackException(callback);
            }
            try {
                ((OAuthBearerTokenCallback) callback).token(getOAuthBearerToken());
            } catch (InterruptedException | ExecutionException | TimeoutException e) {
                logger.error("Error on callback handle: " + e.getMessage());
            }
        }
    }

    OAuthBearerToken getOAuthBearerToken() throws MalformedURLException, InterruptedException, ExecutionException, TimeoutException {
        AccessToken tokenSync = this.credential.getTokenSync(new TokenRequestContext().addScopes(this.scope));
        logger.debug("TOKEN ACQUIRED");
        return new OAuthBearerTokenImp(tokenSync.getToken(), tokenSync.getExpiresAt());
    }

    @Override // org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
    public void close() throws KafkaException {
    }
}
