package io.strimzi.kafka.oauth.server.plain;

import io.strimzi.kafka.oauth.common.HttpException;
import io.strimzi.kafka.oauth.common.MetricsHandler;
import io.strimzi.kafka.oauth.metrics.SensorKeyProducer;
import io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler;
import io.strimzi.kafka.oauth.server.OAuthSaslAuthenticationException;
import io.strimzi.kafka.oauth.server.ServerConfig;
import io.strimzi.kafka.oauth.server.plain.metrics.PlainHttpSensorKeyProducer;
import io.strimzi.kafka.oauth.services.OAuthMetrics;
import io.strimzi.kafka.oauth.services.Services;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.kafka.common.errors.SaslAuthenticationException;
import org.apache.kafka.common.security.plain.PlainAuthenticateCallback;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/strimzi/kafka/oauth/server/plain/JaasServerOauthOverPlainValidatorCallbackHandler.class */
public class JaasServerOauthOverPlainValidatorCallbackHandler extends JaasServerOauthValidatorCallbackHandler {
    private static final Logger log = LoggerFactory.getLogger(JaasServerOauthOverPlainValidatorCallbackHandler.class);
    private URI tokenEndpointUri;
    private String scope;
    private String audience;
    private OAuthMetrics metrics;
    private boolean enableMetrics;
    private SensorKeyProducer authHttpSensorKeyProducer;
    private final MetricsHandler authMetrics = new PlainMetricsHandler();

    /* loaded from: input_file:io/strimzi/kafka/oauth/server/plain/JaasServerOauthOverPlainValidatorCallbackHandler$PlainMetricsHandler.class */
    class PlainMetricsHandler implements MetricsHandler {
        PlainMetricsHandler() {
        }

        public void addSuccessRequestTime(long j) {
            if (JaasServerOauthOverPlainValidatorCallbackHandler.this.enableMetrics) {
                JaasServerOauthOverPlainValidatorCallbackHandler.this.metrics.addTime(JaasServerOauthOverPlainValidatorCallbackHandler.this.authHttpSensorKeyProducer.successKey(), j);
            }
        }

        public void addErrorRequestTime(Throwable th, long j) {
            if (JaasServerOauthOverPlainValidatorCallbackHandler.this.enableMetrics) {
                JaasServerOauthOverPlainValidatorCallbackHandler.this.metrics.addTime(JaasServerOauthOverPlainValidatorCallbackHandler.this.authHttpSensorKeyProducer.errorKey(th), j);
            }
        }
    }

    public void configure(Map<String, ?> map, String str, List<AppConfigurationEntry> list) {
        if (!"PLAIN".equals(str)) {
            throw new IllegalArgumentException(String.format("Unexpected SASL mechanism: %s", str));
        }
        ServerConfig parseJaasConfig = parseJaasConfig(list);
        String value = parseJaasConfig.getValue(ServerPlainConfig.OAUTH_TOKEN_ENDPOINT_URI);
        if (value != null) {
            try {
                this.tokenEndpointUri = new URI(value);
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid tokenEndpointUri: " + value, e);
            }
        }
        this.scope = parseJaasConfig.getValue("oauth.scope");
        this.audience = parseJaasConfig.getValue("oauth.audience");
        super.delegatedConfigure(map, "PLAIN", list);
        String configId = getConfigId();
        configureMetrics(parseJaasConfig);
        this.authHttpSensorKeyProducer = this.tokenEndpointUri != null ? new PlainHttpSensorKeyProducer(configId, this.tokenEndpointUri) : null;
        log.debug("Configured OAuth over PLAIN:\n    configId: " + configId + "\n    tokenEndpointUri: " + this.tokenEndpointUri + "\n    scope: " + this.scope + "\n    audience: " + this.audience + "\n    enableMetrics: " + this.enableMetrics);
        if (value == null) {
            log.debug("Token endpoint uri is not configured ('{}') - 'password' parameter of SASL/PLAIN will automatically be treated as an access token (no '$accessToken:' prefix needed)", ServerPlainConfig.OAUTH_TOKEN_ENDPOINT_URI);
        }
    }

    private void configureMetrics(ServerConfig serverConfig) {
        this.enableMetrics = serverConfig.getValueAsBoolean("oauth.enable.metrics", false);
        if (this.enableMetrics) {
            this.metrics = Services.getInstance().getMetrics();
        }
    }

    public void close() {
        super.close();
    }

    public void handle(Callback[] callbackArr) {
        String str = null;
        String str2 = null;
        PlainAuthenticateCallback plainAuthenticateCallback = null;
        try {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    str = ((NameCallback) callback).getDefaultName();
                } else {
                    if (!(callback instanceof PlainAuthenticateCallback)) {
                        throw new UnsupportedCallbackException(callback);
                    }
                    str2 = String.valueOf(((PlainAuthenticateCallback) callback).password());
                    plainAuthenticateCallback = (PlainAuthenticateCallback) callback;
                }
            }
            handleCallback(plainAuthenticateCallback, str, str2);
        } catch (UnsupportedCallbackException e) {
            handleErrorWithLogger(log, "Authentication failed due to misconfiguration", e);
        } catch (SaslAuthenticationException e2) {
            handleErrorWithLogger(log, e2.getMessage(), e2);
        } catch (OAuthSaslAuthenticationException e3) {
            throw e3;
        } catch (HttpException e4) {
            handleErrorWithLogger(log, "Authentication failed: Invalid clientId or secret", e4);
        } catch (Throwable th) {
            handleErrorWithLogger(log, "Authentication failed for username: [" + ((String) null) + "]", th);
        }
    }

    private void handleCallback(PlainAuthenticateCallback plainAuthenticateCallback, String str, String str2) throws UnsupportedCallbackException, IOException {
        if (plainAuthenticateCallback == null) {
            throw new IllegalArgumentException("callback == null");
        }
        if (str == null) {
            throw new IllegalArgumentException("username == null");
        }
        authenticate(str, str2);
        plainAuthenticateCallback.authenticated(true);
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x00b8 A[Catch: Throwable -> 0x010a, TryCatch #0 {Throwable -> 0x010a, blocks: (B:28:0x000f, B:30:0x0018, B:9:0x0092, B:11:0x00b8, B:12:0x00c1, B:16:0x00c7, B:18:0x00d5, B:19:0x00de, B:20:0x00df, B:6:0x002d, B:22:0x003d, B:24:0x0044, B:25:0x0088, B:26:0x0091), top: B:27:0x000f }] */
    /* JADX WARN: Removed duplicated region for block: B:14:0x00c2  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void authenticate(java.lang.String r18, java.lang.String r19) throws javax.security.auth.callback.UnsupportedCallbackException, java.io.IOException {
        /*
            Method dump skipped, instructions count: 279
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.strimzi.kafka.oauth.server.plain.JaasServerOauthOverPlainValidatorCallbackHandler.authenticate(java.lang.String, java.lang.String):void");
    }

    private void addSuccessTime(long j) {
        if (this.enableMetrics) {
            this.metrics.addTime(this.validationSensorKeyProducer.successKey(), System.currentTimeMillis() - j);
        }
    }

    private void addErrorTime(Throwable th, long j) {
        if (this.enableMetrics) {
            this.metrics.addTime(this.validationSensorKeyProducer.errorKey(th), System.currentTimeMillis() - j);
        }
    }
}
