package org.apache.nifi.pulsar.auth;

import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.pulsar.client.api.Authentication;
import org.apache.pulsar.client.impl.auth.oauth2.AuthenticationFactoryOAuth2;

@CapabilityDescription("Implementation with Oauth Authentication of the PulsarClientAuthenticationService. Provides Pulsar clients with the ability to authenticate against a secured Apache Pulsar broker endpoint.")
@Tags({"Pulsar", "client", "security", "authentication", "Oauth"})
/* loaded from: input_file:org/apache/nifi/pulsar/auth/PulsarClientOauthAuthenticationService.class */
public class PulsarClientOauthAuthenticationService extends AbstractPulsarClientAuntenticationService {
    public static final PropertyDescriptor AUDIENCE = new PropertyDescriptor.Builder().name("AUDIENCE").description("An OAuth 2.0 \"resource server\" identifier for the Pulsar cluster, e.g., https://broker.example.com").defaultValue((String) null).displayName("Audience").expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).required(true).sensitive(false).addValidator(StandardValidators.NON_BLANK_VALIDATOR).build();
    public static final PropertyDescriptor ISSUER_URL = new PropertyDescriptor.Builder().name("ISSUER_URL").defaultValue((String) null).description("URL of the authentication provider which allows the Pulsar client to obtain an access token, e.g.,https://accounts.google.com").displayName("Issuer URL").expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).required(true).sensitive(false).addValidator(StandardValidators.URL_VALIDATOR).build();
    public static final PropertyDescriptor PRIVATE_KEY_FILE = new PropertyDescriptor.Builder().name("PRIVATE_KEY_FILE").description("URL to a JSON credentials file, e.g., file:///path/to/file").defaultValue((String) null).displayName("Private key file").expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY).required(true).sensitive(false).addValidator(StandardValidators.URL_VALIDATOR).build();
    private static final List<PropertyDescriptor> properties;

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return properties;
    }

    @Override // org.apache.nifi.pulsar.auth.AbstractPulsarClientAuntenticationService
    public Authentication getAuthentication() {
        try {
            return AuthenticationFactoryOAuth2.clientCredentials(new URL(this.configContext.getProperty(ISSUER_URL).evaluateAttributeExpressions().getValue()), new URL(this.configContext.getProperty(PRIVATE_KEY_FILE).evaluateAttributeExpressions().getValue()), this.configContext.getProperty(AUDIENCE).evaluateAttributeExpressions().getValue());
        } catch (Exception e) {
            getLogger().error("Unable to authenticate", e);
            return null;
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        arrayList.add(AUDIENCE);
        arrayList.add(ISSUER_URL);
        arrayList.add(PRIVATE_KEY_FILE);
        arrayList.add(TRUST_CERTIFICATE);
        properties = Collections.unmodifiableList(arrayList);
    }
}
