package io.confluent.kafka.security.auth.plain;

import java.security.AccessController;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.kafka.common.errors.InvalidConfigurationException;
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/kafka/security/auth/plain/DynamicPlainClientCallbackHandler.class */
public class DynamicPlainClientCallbackHandler implements AuthenticateCallbackHandler {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DynamicPlainClientCallbackHandler.class);

    @Override // org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
    public void configure(Map<String, ?> map, String str, List<AppConfigurationEntry> list) {
        log.debug("Configuring SASL/PLAIN client callback handler");
        if (!"PLAIN".equals(str)) {
            throw new InvalidConfigurationException("Unexpected configuration with SASL mechanism " + str);
        }
        if (list.size() != 1) {
            throw new InvalidConfigurationException("Only one JAAS configuration entry supported by this callback handler");
        }
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
        Subject subject = Subject.getSubject(AccessController.getContext());
        DynamicPlainCredential dynamicPlainCredential = null;
        if (subject != null) {
            try {
                dynamicPlainCredential = (DynamicPlainCredential) subject.getPrivateCredentials(DynamicPlainCredential.class).iterator().next();
            } catch (NoSuchElementException e) {
                log.debug("No credential found in Subject");
            }
        }
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                NameCallback nameCallback = (NameCallback) callback;
                if (dynamicPlainCredential != null) {
                    nameCallback.setName(dynamicPlainCredential.username());
                } else {
                    nameCallback.setName(nameCallback.getDefaultName());
                }
            } else {
                if (!(callback instanceof PasswordCallback)) {
                    log.error("Unexpected callback {}", callback);
                    throw new UnsupportedCallbackException(callback);
                }
                if (dynamicPlainCredential == null) {
                    throw new UnsupportedCallbackException(callback, "Could not login: the client is being asked for a password, but Kafka clients do not currently support obtaining a password from the user.");
                }
                ((PasswordCallback) callback).setPassword(dynamicPlainCredential.password());
            }
        }
    }

    @Override // org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
    public void close() {
        log.debug("Closing SASL/PLAIN client callback handler");
    }
}
