package io.confluent.common.security.jetty;

import io.confluent.common.security.auth.JwtPrincipal;
import io.confluent.common.security.metrics.MetricsContainer;
import io.confluent.security.auth.client.rest.RestClient;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;
import javax.security.auth.Subject;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken;
import org.eclipse.jetty.security.AbstractLoginService;
import org.eclipse.jetty.security.RolePrincipal;
import org.eclipse.jetty.security.UserIdentity;
import org.eclipse.jetty.security.UserPrincipal;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Session;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/common/security/jetty/MdsBasicLoginService.class */
public class MdsBasicLoginService extends AbstractLoginService {
    private static final Logger log = LoggerFactory.getLogger(MdsBasicLoginService.class);
    private final String realmName;
    private RestClient restClient;
    private MetricsContainer metricsContainer;

    public MdsBasicLoginService(Map<String, ?> map, String str) {
        this.realmName = str;
        this.restClient = new RestClient(map);
    }

    public UserIdentity login(String str, Object obj, Request request, Function<Boolean, Session> function) {
        OAuthBearerToken login;
        long nanoTime = System.nanoTime();
        UserIdentity userIdentity = null;
        log.trace("Login attempt for user {}", str);
        try {
            login = this.restClient.login(str + ":" + String.valueOf(obj));
        } catch (Exception e) {
            log.error("Login failed for " + str, e);
            if (Objects.nonNull(this.metricsContainer)) {
                this.metricsContainer.getBasicFailedLoginCount().record();
                this.metricsContainer.getBasicFailedLoginLatency().record((System.nanoTime() - nanoTime) / 1000.0d);
            }
        }
        if (login == null) {
            log.error("Login failed for " + str);
            return null;
        }
        Subject subject = new Subject();
        JwtPrincipal jwtPrincipal = new JwtPrincipal(login);
        subject.getPrincipals().add(jwtPrincipal);
        userIdentity = this._identityService.newUserIdentity(subject, jwtPrincipal, new String[0]);
        log.trace("User identity created on subject {}", subject);
        if (Objects.nonNull(this.metricsContainer)) {
            this.metricsContainer.getBasicSuccessLoginCount().record();
            this.metricsContainer.getBasicSuccessLoginLatency().record((System.nanoTime() - nanoTime) / 1000.0d);
        }
        return userIdentity;
    }

    public String getName() {
        return this.realmName;
    }

    protected UserPrincipal loadUserInfo(String str) {
        throw new UnsupportedOperationException("loadUserInfo");
    }

    protected List<RolePrincipal> loadRoleInfo(UserPrincipal userPrincipal) {
        throw new UnsupportedOperationException("loadRoleInfo");
    }

    void setRestClient(RestClient restClient) {
        this.restClient = restClient;
    }

    public MdsBasicLoginService withMetricsContainer(MetricsContainer metricsContainer) {
        this.metricsContainer = metricsContainer;
        return this;
    }
}
