package com.datarobot.mlops.spooler.kafka;

import com.microsoft.aad.msal4j.ClientCredentialFactory;
import com.microsoft.aad.msal4j.ClientCredentialParameters;
import com.microsoft.aad.msal4j.ConfidentialClientApplication;
import com.microsoft.aad.msal4j.IAuthenticationResult;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeoutException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datarobot/mlops/spooler/kafka/ActiveDirectoryAuthenticateCallbackHandler.class */
public class ActiveDirectoryAuthenticateCallbackHandler implements AuthenticateCallbackHandler {
    public static final String AAD_TENANT_ID = "aad.tenant.id";
    public static final String AAD_CLIENT_ID = "aad.client.id";
    public static final String AAD_CLIENT_SECRET = "aad.client.secret";
    private String authority;
    private String appId;
    private String appSecret;
    private ConfidentialClientApplication aadClient;
    private ClientCredentialParameters aadParameters;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ActiveDirectoryAuthenticateCallbackHandler.class);
    static final ScheduledExecutorService EXECUTOR_SERVICE = Executors.newScheduledThreadPool(1);

    @Override // org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
    public void configure(Map<String, ?> map, String str, List<AppConfigurationEntry> list) {
        if (!OAuthBearerLoginModule.OAUTHBEARER_MECHANISM.equals(str)) {
            throw new IllegalArgumentException("Unexpected SASL mechanism: " + str);
        }
        URI create = URI.create("https://" + Arrays.asList(map.get("bootstrap.servers")).get(0).toString().replaceAll("\\[|\\]", ""));
        this.aadParameters = ClientCredentialParameters.builder(Collections.singleton((create.getScheme() + "://" + create.getHost()) + "/.default")).build();
        Properties parseJaasConfig = parseJaasConfig(list);
        this.authority = "https://login.microsoftonline.com/" + parseJaasConfig.getProperty(AAD_TENANT_ID) + "/";
        this.appId = parseJaasConfig.getProperty(AAD_CLIENT_ID);
        this.appSecret = parseJaasConfig.getProperty(AAD_CLIENT_SECRET);
    }

    private Properties parseJaasConfig(List<AppConfigurationEntry> list) {
        if (list.size() != 1) {
            throw new IllegalArgumentException("Exactly one jaasConfigEntry expected (size: " + list.size());
        }
        AppConfigurationEntry appConfigurationEntry = list.get(0);
        Properties properties = new Properties();
        properties.putAll(appConfigurationEntry.getOptions());
        return properties;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (Callback callback : callbackArr) {
            if (!(callback instanceof OAuthBearerTokenCallback)) {
                throw new UnsupportedCallbackException(callback);
            }
            try {
                ((OAuthBearerTokenCallback) callback).token(getOAuthBearerToken());
            } catch (InterruptedException | ExecutionException | TimeoutException e) {
                e.printStackTrace();
            }
        }
    }

    OAuthBearerToken getOAuthBearerToken() throws MalformedURLException, InterruptedException, ExecutionException, TimeoutException {
        if (this.aadClient == null) {
            synchronized (this) {
                if (this.aadClient == null) {
                    this.aadClient = ConfidentialClientApplication.builder(this.appId, ClientCredentialFactory.createFromSecret(this.appSecret)).authority(this.authority).build();
                }
            }
        }
        IAuthenticationResult iAuthenticationResult = this.aadClient.acquireToken(this.aadParameters).get();
        logger.debug("TOKEN ACQUIRED");
        return new OAuthBearerTokenImp(iAuthenticationResult.accessToken(), iAuthenticationResult.expiresOnDate());
    }

    @Override // org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
    public void close() throws KafkaException {
    }
}
