package org.apache.kafka.common.security.oauthbearer.internals.secured;

import io.confluent.shaded.org.slf4j.Logger;
import io.confluent.shaded.org.slf4j.LoggerFactory;
import java.net.URL;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.kafka.common.config.AbstractConfig;
import org.apache.kafka.common.config.ConfigDef;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.network.Mode;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule;
import org.apache.kafka.common.security.ssl.DefaultSslEngineFactory;
import org.apache.kafka.common.security.ssl.SslFactory;

/* loaded from: input_file:org/apache/kafka/common/security/oauthbearer/internals/secured/JaasOptionsUtils.class */
public class JaasOptionsUtils {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) JaasOptionsUtils.class);
    private final Map<String, Object> options;

    public JaasOptionsUtils(Map<String, Object> map) {
        this.options = map;
    }

    public static Map<String, Object> getOptions(String str, List<AppConfigurationEntry> list) {
        if (!OAuthBearerLoginModule.OAUTHBEARER_MECHANISM.equals(str)) {
            throw new IllegalArgumentException(String.format("Unexpected SASL mechanism: %s", str));
        }
        if (((List) Objects.requireNonNull(list)).size() != 1 || list.get(0) == null) {
            throw new IllegalArgumentException(String.format("Must supply exactly 1 non-null JAAS mechanism configuration (size was %d)", Integer.valueOf(list.size())));
        }
        return Collections.unmodifiableMap(list.get(0).getOptions());
    }

    public boolean shouldCreateSSLSocketFactory(URL url) {
        return url.getProtocol().equalsIgnoreCase("https");
    }

    public Map<String, ?> getSslClientConfig() {
        ConfigDef configDef = new ConfigDef();
        configDef.withClientSslSupport();
        return new AbstractConfig(configDef, this.options).values();
    }

    public SSLSocketFactory createSSLSocketFactory() {
        Map<String, ?> sslClientConfig = getSslClientConfig();
        SslFactory sslFactory = new SslFactory(Mode.CLIENT);
        sslFactory.configure(sslClientConfig);
        SSLSocketFactory socketFactory = ((DefaultSslEngineFactory) sslFactory.sslEngineFactory()).sslContext().getSocketFactory();
        log.debug("Created SSLSocketFactory: {}", sslClientConfig);
        return socketFactory;
    }

    public String validateString(String str) throws ValidateException {
        return validateString(str, true);
    }

    public String validateString(String str, boolean z) throws ValidateException {
        String str2 = (String) this.options.get(str);
        if (str2 == null) {
            if (z) {
                throw new ConfigException(String.format("The OAuth configuration option %s value must be non-null", str));
            }
            return null;
        }
        String trim = str2.trim();
        if (!trim.isEmpty()) {
            return trim;
        }
        if (z) {
            throw new ConfigException(String.format("The OAuth configuration option %s value must not contain only whitespace", str));
        }
        return null;
    }
}
