package com.azure.spring.cloud.autoconfigure.implementation.kafka;

import com.azure.spring.cloud.autoconfigure.context.AzureGlobalProperties;
import com.azure.spring.cloud.autoconfigure.implementation.jdbc.JdbcPropertyConstants;
import com.azure.spring.cloud.core.implementation.util.AzurePropertiesUtils;
import com.azure.spring.cloud.core.implementation.util.AzureSpringIdentifier;
import com.azure.spring.cloud.service.implementation.kafka.AzureKafkaPropertiesUtils;
import com.azure.spring.cloud.service.implementation.kafka.KafkaOAuth2AuthenticateCallbackHandler;
import com.azure.spring.cloud.service.implementation.passwordless.AzurePasswordlessProperties;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import org.apache.kafka.common.message.ApiVersionsRequestData;
import org.apache.kafka.common.requests.ApiVersionsRequest;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.ReflectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/azure/spring/cloud/autoconfigure/implementation/kafka/AzureKafkaConfigurationUtils.class */
public final class AzureKafkaConfigurationUtils {
    public static final Map<String, String> KAFKA_OAUTH_CONFIGS;
    public static final String SASL_MECHANISM_OAUTH = "OAUTHBEARER";
    public static final String SASL_JAAS_CONFIG_OAUTH = "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required;";
    private static final String LOG_OAUTH_AUTOCONFIGURATION_RECOMMENDATION = "Currently {} authentication mechanism is used, recommend to use Spring Cloud Azure auto-configuration for Kafka OAUTHBEARER authentication which supports various Azure Identity credentials. To leverage the auto-configuration for OAuth2, you can just remove all your security, sasl and credential configurations of Kafka and Event Hubs. And configure Kafka bootstrap servers instead, which can be set as spring.kafka.boostrap-servers=EventHubsNamespacesFQDN:9093.";
    private static final String LOG_OAUTH_AUTOCONFIGURATION_CONFIGURE = "Spring Cloud Azure auto-configuration for Kafka OAUTHBEARER authentication will be loaded to configure your Kafka security and sasl properties to support Azure Identity credentials.";
    private static final String LOG_OAUTH_DETAILED_PROPERTY_CONFIGURE = "OAUTHBEARER authentication property {} will be configured as {} to support Azure Identity credentials.";
    private static final String KAFKA_OAUTH2_USER_AGENT = ".az-sp-kafka";
    public static final String SECURITY_PROTOCOL_CONFIG_SASL = SecurityProtocol.SASL_SSL.name();
    public static final String SASL_LOGIN_CALLBACK_HANDLER_CLASS_OAUTH = KafkaOAuth2AuthenticateCallbackHandler.class.getName();
    private static final Logger LOGGER = LoggerFactory.getLogger(AzureKafkaConfigurationUtils.class);

    private AzureKafkaConfigurationUtils() {
    }

    public static synchronized void configureKafkaUserAgent() {
        ApiVersionsRequestData apiVersionsRequestData;
        String clientSoftwareName;
        Method findMethod = ReflectionUtils.findMethod(ApiVersionsRequest.class, "data");
        if (findMethod == null || (apiVersionsRequestData = (ApiVersionsRequestData) ReflectionUtils.invokeMethod(findMethod, new ApiVersionsRequest.Builder().build())) == null || (clientSoftwareName = apiVersionsRequestData.clientSoftwareName()) == null || clientSoftwareName.contains(KAFKA_OAUTH2_USER_AGENT)) {
            return;
        }
        apiVersionsRequestData.setClientSoftwareName(apiVersionsRequestData.clientSoftwareName() + KAFKA_OAUTH2_USER_AGENT);
        apiVersionsRequestData.setClientSoftwareVersion(AzureSpringIdentifier.VERSION);
    }

    public static boolean needConfigureSaslOAuth(Map<String, Object> map) {
        return meetAzureBootstrapServerConditions(map) && meetSaslOAuthConditions(map);
    }

    private static boolean meetSaslOAuthConditions(Map<String, Object> map) {
        String str = (String) map.get("security.protocol");
        String str2 = (String) map.get("sasl.mechanism");
        if (str == null) {
            return true;
        }
        if (SECURITY_PROTOCOL_CONFIG_SASL.equalsIgnoreCase(str) && (str2 == null || SASL_MECHANISM_OAUTH.equalsIgnoreCase(str2))) {
            return true;
        }
        LOGGER.info(LOG_OAUTH_AUTOCONFIGURATION_RECOMMENDATION, str2);
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v33, types: [java.util.List] */
    private static boolean meetAzureBootstrapServerConditions(Map<String, Object> map) {
        ArrayList arrayList;
        Object obj = map.get("bootstrap.servers");
        if (obj instanceof String) {
            arrayList = Arrays.asList(StringUtils.delimitedListToStringArray((String) obj, JdbcPropertyConstants.MYSQL_PROPERTY_CONNECTION_ATTRIBUTES_DELIMITER));
        } else {
            if (!(obj instanceof Iterable)) {
                LOGGER.debug("Kafka bootstrap server configuration doesn't meet passwordless requirements.");
                return false;
            }
            arrayList = new ArrayList();
            for (Object obj2 : (Iterable) obj) {
                if (!(obj2 instanceof String)) {
                    LOGGER.debug("Kafka bootstrap server configuration doesn't meet passwordless requirements.");
                    return false;
                }
                arrayList.add((String) obj2);
            }
        }
        return arrayList.size() == 1 && ((String) arrayList.get(0)).endsWith(":9093");
    }

    public static void configureOAuthProperties(Map<String, String> map) {
        map.putAll(KAFKA_OAUTH_CONFIGS);
    }

    public static void logConfigureOAuthProperties() {
        LOGGER.info(LOG_OAUTH_AUTOCONFIGURATION_CONFIGURE);
        LOGGER.debug(LOG_OAUTH_DETAILED_PROPERTY_CONFIGURE, "security.protocol", SECURITY_PROTOCOL_CONFIG_SASL);
        LOGGER.debug(LOG_OAUTH_DETAILED_PROPERTY_CONFIGURE, "sasl.mechanism", SASL_MECHANISM_OAUTH);
        LOGGER.debug(LOG_OAUTH_DETAILED_PROPERTY_CONFIGURE, "sasl.jaas.config", SASL_JAAS_CONFIG_OAUTH);
        LOGGER.debug(LOG_OAUTH_DETAILED_PROPERTY_CONFIGURE, "sasl.login.callback.handler.class", SASL_LOGIN_CALLBACK_HANDLER_CLASS_OAUTH);
    }

    public static AzurePasswordlessProperties buildAzureProperties(Map<String, Object> map, AzureGlobalProperties azureGlobalProperties) {
        AzurePasswordlessProperties azurePasswordlessProperties = new AzurePasswordlessProperties();
        AzurePropertiesUtils.copyPropertiesIgnoreNull(azureGlobalProperties.m39getProfile(), azurePasswordlessProperties.getProfile());
        AzurePropertiesUtils.copyPropertiesIgnoreNull(azureGlobalProperties.m38getCredential(), azurePasswordlessProperties.getCredential());
        AzureKafkaPropertiesUtils.convertConfigMapToAzureProperties(map, azurePasswordlessProperties);
        return azurePasswordlessProperties;
    }

    static {
        HashMap hashMap = new HashMap();
        hashMap.put("security.protocol", SECURITY_PROTOCOL_CONFIG_SASL);
        hashMap.put("sasl.mechanism", SASL_MECHANISM_OAUTH);
        hashMap.put("sasl.jaas.config", SASL_JAAS_CONFIG_OAUTH);
        hashMap.put("sasl.login.callback.handler.class", SASL_LOGIN_CALLBACK_HANDLER_CLASS_OAUTH);
        KAFKA_OAUTH_CONFIGS = Collections.unmodifiableMap(hashMap);
    }
}
