package io.confluent.kafka.schemaregistry.client.security.bearerauth.oauth;

import io.confluent.kafka.schemaregistry.client.SchemaRegistryClientConfig;
import io.confluent.kafka.schemaregistry.client.security.bearerauth.BearerAuthCredentialProvider;
import java.net.URL;
import java.util.Map;
import javax.net.ssl.SSLSocketFactory;
import org.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenRetriever;
import org.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenValidator;
import org.apache.kafka.common.security.oauthbearer.internals.secured.ConfigurationUtils;
import org.apache.kafka.common.security.oauthbearer.internals.secured.HttpAccessTokenRetriever;
import org.apache.kafka.common.security.oauthbearer.internals.secured.JaasOptionsUtils;
import org.apache.kafka.common.security.oauthbearer.internals.secured.LoginAccessTokenValidator;

/* loaded from: input_file:io/confluent/kafka/schemaregistry/client/security/bearerauth/oauth/OauthCredentialProvider.class */
public class OauthCredentialProvider implements BearerAuthCredentialProvider {
    private CachedOauthTokenRetriever tokenRetriever;
    private String targetSchemaRegistry;
    private String targetIdentityPoolId;
    Map<String, ?> config;

    @Override // io.confluent.kafka.schemaregistry.client.security.bearerauth.BearerAuthCredentialProvider
    public String alias() {
        return "OAUTHBEARER";
    }

    @Override // io.confluent.kafka.schemaregistry.client.security.bearerauth.BearerAuthCredentialProvider
    public String getBearerToken(URL url) {
        return this.tokenRetriever.getToken();
    }

    @Override // io.confluent.kafka.schemaregistry.client.security.bearerauth.BearerAuthCredentialProvider
    public String getTargetSchemaRegistry() {
        return this.targetSchemaRegistry;
    }

    @Override // io.confluent.kafka.schemaregistry.client.security.bearerauth.BearerAuthCredentialProvider
    public String getTargetIdentityPoolId() {
        return this.targetIdentityPoolId;
    }

    public void configure(Map<String, ?> map) {
        this.config = map;
        ConfigurationUtils configurationUtils = new ConfigurationUtils(map);
        this.targetSchemaRegistry = configurationUtils.validateString(SchemaRegistryClientConfig.BEARER_AUTH_LOGICAL_CLUSTER, false);
        this.targetIdentityPoolId = configurationUtils.validateString(SchemaRegistryClientConfig.BEARER_AUTH_IDENTITY_POOL_ID, false);
        this.tokenRetriever = new CachedOauthTokenRetriever();
        this.tokenRetriever.configure(getTokenRetriever(configurationUtils), getTokenValidator(map), getOauthTokenCache(map));
    }

    private OauthTokenCache getOauthTokenCache(Map<String, ?> map) {
        return new OauthTokenCache(SchemaRegistryClientConfig.getBearerAuthCacheExpiryBufferSeconds(map));
    }

    private AccessTokenRetriever getTokenRetriever(ConfigurationUtils configurationUtils) {
        String validateString = configurationUtils.validateString(SchemaRegistryClientConfig.BEARER_AUTH_CLIENT_ID);
        String validateString2 = configurationUtils.validateString(SchemaRegistryClientConfig.BEARER_AUTH_CLIENT_SECRET);
        String validateString3 = configurationUtils.validateString(SchemaRegistryClientConfig.BEARER_AUTH_SCOPE, false);
        Long l = 100L;
        Long l2 = 10000L;
        JaasOptionsUtils jaasOptionsUtils = new JaasOptionsUtils(SchemaRegistryClientConfig.getClientSslConfig(this.config));
        SSLSocketFactory sSLSocketFactory = null;
        URL validateUrl = configurationUtils.validateUrl(SchemaRegistryClientConfig.BEARER_AUTH_ISSUER_ENDPOINT_URL);
        if (jaasOptionsUtils.shouldCreateSSLSocketFactory(validateUrl)) {
            sSLSocketFactory = jaasOptionsUtils.createSSLSocketFactory();
        }
        return new HttpAccessTokenRetriever(validateString, validateString2, validateString3, sSLSocketFactory, validateUrl.toString(), l.longValue(), l2.longValue(), (Integer) null, (Integer) null, false);
    }

    private AccessTokenValidator getTokenValidator(Map<String, ?> map) {
        return new LoginAccessTokenValidator(SchemaRegistryClientConfig.getBearerAuthScopeClaimName(map), SchemaRegistryClientConfig.getBearerAuthSubClaimName(map));
    }
}
