package software.amazon.msk.auth.iam;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import lombok.NonNull;
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.msk.auth.iam.internals.AWSCredentialsCallback;
import software.amazon.msk.auth.iam.internals.MSKCredentialProvider;

/* loaded from: input_file:software/amazon/msk/auth/iam/IAMClientCallbackHandler.class */
public class IAMClientCallbackHandler implements AuthenticateCallbackHandler {
    private static final Logger log = LoggerFactory.getLogger(IAMClientCallbackHandler.class);
    private AWSCredentialsProvider provider;

    public void configure(Map<String, ?> map, @NonNull String str, @NonNull List<AppConfigurationEntry> list) {
        if (str == null) {
            throw new NullPointerException("saslMechanism is marked non-null but is null");
        }
        if (list == null) {
            throw new NullPointerException("jaasConfigEntries is marked non-null but is null");
        }
        if (!IAMLoginModule.MECHANISM.equals(str)) {
            throw new IllegalArgumentException("Unexpected SASL mechanism: " + str);
        }
        this.provider = (AWSCredentialsProvider) list.stream().filter(appConfigurationEntry -> {
            return IAMLoginModule.class.getCanonicalName().equals(appConfigurationEntry.getLoginModuleName());
        }).findFirst().map(appConfigurationEntry2 -> {
            return new MSKCredentialProvider((Map<String, ?>) appConfigurationEntry2.getOptions());
        }).orElse(DefaultAWSCredentialsProviderChain.getInstance());
    }

    public void close() {
        try {
            if (this.provider instanceof AutoCloseable) {
                this.provider.close();
            }
        } catch (Exception e) {
            log.warn("Error closing provider", e);
        }
    }

    public void handle(@NonNull Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        if (callbackArr == null) {
            throw new NullPointerException("callbacks is marked non-null but is null");
        }
        for (Callback callback : callbackArr) {
            if (!(callback instanceof AWSCredentialsCallback)) {
                String str = "Unsupported callback type:" + callback.getClass().getName();
                log.error(str);
                throw new UnsupportedCallbackException(callback, str);
            }
            handleCallback((AWSCredentialsCallback) callback);
        }
    }

    protected void handleCallback(AWSCredentialsCallback aWSCredentialsCallback) throws IOException {
        if (log.isDebugEnabled()) {
            log.debug("Selecting provider {} to load credentials", this.provider.getClass().getName());
        }
        try {
            this.provider.refresh();
            aWSCredentialsCallback.setAwsCredentials(this.provider.getCredentials());
        } catch (Exception e) {
            aWSCredentialsCallback.setLoadingException(e);
        }
    }
}
