package org.apache.kafka.common.security.authenticator;

import java.security.AccessController;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import org.apache.kafka.common.security.auth.SaslExtensions;
import org.apache.kafka.common.security.auth.SaslExtensionsCallback;
import org.apache.kafka.common.security.scram.ScramExtensionsCallback;
import org.apache.kafka.common.security.scram.internals.ScramMechanism;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/bundled-dependencies/pulsar-io-kafka-connect-adaptor-2.7.2.1.1.31.jar:META-INF/bundled-dependencies/kafka-clients-2.7.0.jar:org/apache/kafka/common/security/authenticator/SaslClientCallbackHandler.class
 */
/* loaded from: input_file:META-INF/bundled-dependencies/kafka-clients-2.7.0.jar:org/apache/kafka/common/security/authenticator/SaslClientCallbackHandler.class */
public class SaslClientCallbackHandler implements AuthenticateCallbackHandler {
    private String mechanism;

    @Override // org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
    public void configure(Map<String, ?> map, String str, List<AppConfigurationEntry> list) {
        this.mechanism = str;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
        Subject subject = Subject.getSubject(AccessController.getContext());
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                NameCallback nameCallback = (NameCallback) callback;
                if (subject == null || subject.getPublicCredentials(String.class).isEmpty()) {
                    nameCallback.setName(nameCallback.getDefaultName());
                } else {
                    nameCallback.setName((String) subject.getPublicCredentials(String.class).iterator().next());
                }
            } else if (callback instanceof PasswordCallback) {
                if (subject == null || subject.getPrivateCredentials(String.class).isEmpty()) {
                    throw new UnsupportedCallbackException(callback, "Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user.");
                }
                ((PasswordCallback) callback).setPassword(((String) subject.getPrivateCredentials(String.class).iterator().next()).toCharArray());
            } else if (callback instanceof RealmCallback) {
                RealmCallback realmCallback = (RealmCallback) callback;
                realmCallback.setText(realmCallback.getDefaultText());
            } else if (callback instanceof AuthorizeCallback) {
                AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
                String authenticationID = authorizeCallback.getAuthenticationID();
                String authorizationID = authorizeCallback.getAuthorizationID();
                authorizeCallback.setAuthorized(authenticationID.equals(authorizationID));
                if (authorizeCallback.isAuthorized()) {
                    authorizeCallback.setAuthorizedID(authorizationID);
                }
            } else if (!(callback instanceof ScramExtensionsCallback)) {
                if (!(callback instanceof SaslExtensionsCallback)) {
                    throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                }
                if (!"GSSAPI".equals(this.mechanism) && subject != null && !subject.getPublicCredentials(SaslExtensions.class).isEmpty()) {
                    ((SaslExtensionsCallback) callback).extensions((SaslExtensions) subject.getPublicCredentials(SaslExtensions.class).iterator().next());
                }
            } else if (ScramMechanism.isScram(this.mechanism) && subject != null && !subject.getPublicCredentials(Map.class).isEmpty()) {
                ((ScramExtensionsCallback) callback).extensions((Map) subject.getPublicCredentials(Map.class).iterator().next());
            }
        }
    }

    @Override // org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
    public void close() {
    }
}
