package com.ibm.eventstreams_sdk.oauth.client;

import java.net.URL;
import java.util.Map;
import javax.net.ssl.SSLSocketFactory;
import org.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenRetriever;
import org.apache.kafka.common.security.oauthbearer.internals.secured.ConfigurationUtils;
import org.apache.kafka.common.security.oauthbearer.internals.secured.JaasOptionsUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/ibm/eventstreams_sdk/oauth/client/IAMTokenRetrieverFactory.class */
abstract class IAMTokenRetrieverFactory {
    private static final Logger logger = LoggerFactory.getLogger(IAMTokenRetrieverFactory.class);
    public static final String IAM_TOKEN_ENDPOINT = "https://iam.cloud.ibm.com/identity/token";
    public static final String GRANT_TYPE_CONFIG = "grant_type";
    public static final String GRANT_TYPE_APIKEY = "urn:ibm:params:oauth:grant-type:apikey";
    public static final String GRANT_EXT_APIKEY = "apikey";
    public static final String GRANT_EXT_TOKEN = "access_token";
    public static final String SASL_MECHANISM_OAUTH = "OAUTHBEARER";

    IAMTokenRetrieverFactory() {
    }

    public static AccessTokenRetriever create(Map<String, ?> map, String str, Map<String, Object> map2) {
        if (!SASL_MECHANISM_OAUTH.equals(str)) {
            throw new IllegalArgumentException(String.format("unsupported SASL_MECHANISM:'%s'", str));
        }
        ConfigurationUtils configurationUtils = new ConfigurationUtils(map, str);
        URL url = null;
        try {
            url = configurationUtils.validateUrl("sasl.oauthbearer.token.endpoint.url");
        } catch (Exception e) {
            logger.warn("invalid sasl.oauthbearer.token.endpoint.url fall back to : https://iam.cloud.ibm.com/identity/token");
            try {
                url = new URL(IAM_TOKEN_ENDPOINT);
            } catch (Exception e2) {
            }
        }
        JaasOptionsUtils jaasOptionsUtils = new JaasOptionsUtils(map2);
        String validateString = jaasOptionsUtils.validateString(GRANT_TYPE_CONFIG, true);
        String validateString2 = jaasOptionsUtils.validateString(GRANT_EXT_APIKEY, true);
        SSLSocketFactory sSLSocketFactory = null;
        if (jaasOptionsUtils.shouldCreateSSLSocketFactory(url)) {
            sSLSocketFactory = jaasOptionsUtils.createSSLSocketFactory();
        }
        if (validateString.equals(GRANT_TYPE_APIKEY)) {
            return new IAMAPIKeyTokenRetriever(validateString, validateString2, url.toString(), sSLSocketFactory, configurationUtils.validateLong("sasl.login.retry.backoff.ms").longValue(), configurationUtils.validateLong("sasl.login.retry.backoff.max.ms").longValue(), configurationUtils.validateInteger("sasl.login.connect.timeout.ms", false), configurationUtils.validateInteger("sasl.login.read.timeout.ms", false));
        }
        throw new IllegalArgumentException(String.format("unsupported grant_type:'%s'", validateString));
    }
}
