package io.strimzi.kafka.oauth.server.authorizer;

import io.strimzi.kafka.oauth.common.BearerTokenWithPayload;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.apache.kafka.common.Configurable;
import org.apache.kafka.common.security.auth.AuthenticationContext;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.SaslAuthenticationContext;
import org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder;
import org.apache.kafka.common.security.kerberos.KerberosShortNamer;
import org.apache.kafka.common.security.oauthbearer.internals.OAuthBearerSaslServer;
import org.apache.kafka.common.security.ssl.SslPrincipalMapper;

/* loaded from: input_file:io/strimzi/kafka/oauth/server/authorizer/JwtKafkaPrincipalBuilder.class */
public class JwtKafkaPrincipalBuilder extends DefaultKafkaPrincipalBuilder implements Configurable {
    private static final SetAccessibleAction SET_PRINCIPAL_MAPPER = SetAccessibleAction.newInstance();

    /* loaded from: input_file:io/strimzi/kafka/oauth/server/authorizer/JwtKafkaPrincipalBuilder$SetAccessibleAction.class */
    private static class SetAccessibleAction implements PrivilegedAction<Void> {
        private Field field;

        SetAccessibleAction(Field field) {
            this.field = field;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public Void run() {
            this.field.setAccessible(true);
            return null;
        }

        void invoke(DefaultKafkaPrincipalBuilder defaultKafkaPrincipalBuilder, Object obj) throws IllegalAccessException {
            AccessController.doPrivileged(this);
            this.field.set(defaultKafkaPrincipalBuilder, obj);
        }

        static SetAccessibleAction newInstance() {
            try {
                return new SetAccessibleAction(DefaultKafkaPrincipalBuilder.class.getDeclaredField("sslPrincipalMapper"));
            } catch (NoSuchFieldException e) {
                throw new IllegalStateException("Failed to install JwtKafkaPrincipalBuilder. This Kafka version does not seem to be supported", e);
            }
        }
    }

    public JwtKafkaPrincipalBuilder() {
        super((KerberosShortNamer) null, (SslPrincipalMapper) null);
    }

    public void configure(Map<String, ?> map) {
        Object invoke;
        Object obj = map.get("ssl.principal.mapping.rules");
        try {
            Class<?> cls = Class.forName("org.apache.kafka.common.security.ssl.SslPrincipalMapper");
            try {
                Method method = cls.getMethod("fromRules", List.class);
                if (obj == null) {
                    obj = Collections.singletonList("DEFAULT");
                }
                invoke = method.invoke(null, obj);
            } catch (NoSuchMethodException e) {
                Method method2 = cls.getMethod("fromRules", String.class);
                if (obj == null) {
                    obj = "DEFAULT";
                }
                invoke = method2.invoke(null, obj);
            }
            SET_PRINCIPAL_MAPPER.invoke(this, invoke);
        } catch (ClassNotFoundException | IllegalAccessException | NoSuchMethodException | InvocationTargetException e2) {
            throw new RuntimeException("Failed to initialize JwtKafkaPrincioalBuilder", e2);
        } catch (RuntimeException e3) {
            throw new RuntimeException("Failed to initialize JwtKafkaPrincioalBuilder", e3);
        }
    }

    public KafkaPrincipal build(AuthenticationContext authenticationContext) {
        if (authenticationContext instanceof SaslAuthenticationContext) {
            OAuthBearerSaslServer server = ((SaslAuthenticationContext) authenticationContext).server();
            if ("OAUTHBEARER".equals(server.getMechanismName())) {
                return new JwtKafkaPrincipal("User", server.getAuthorizationID(), (BearerTokenWithPayload) server.getNegotiatedProperty("OAUTHBEARER.token"));
            }
        }
        return super.build(authenticationContext);
    }
}
