package io.confluent.kafka.security.auth.plain;

import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.kafka.common.Reconfigurable;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.errors.InvalidConfigurationException;
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import org.apache.kafka.common.utils.Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/kafka/security/auth/plain/DynamicPlainLoginCallbackHandler.class */
public class DynamicPlainLoginCallbackHandler implements AuthenticateCallbackHandler, Reconfigurable {
    public static final String USERNAME_CONFIG = "username_config";
    public static final String PASSWORD_CONFIG = "password_config";
    static final DynamicPlainCredential EMPTY_CREDENTIAL = new DynamicPlainCredential(null, null);
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DynamicPlainLoginCallbackHandler.class);
    protected String usernameConfig;
    protected String passwordConfig;
    private volatile DynamicPlainCredential currentCredential = EMPTY_CREDENTIAL;

    @Override // org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
    public void configure(Map<String, ?> map, String str, List<AppConfigurationEntry> list) {
        log.debug("Configuring SASL/PLAIN login callback handler");
        if (!"PLAIN".equals(str)) {
            throw new InvalidConfigurationException("Unexpected configuration with SASL mechanism " + str);
        }
        if (list.size() != 1) {
            throw new InvalidConfigurationException("Only one JAAS configuration entry supported by this callback handler");
        }
        AppConfigurationEntry appConfigurationEntry = list.get(0);
        this.usernameConfig = (String) appConfigurationEntry.getOptions().get(USERNAME_CONFIG);
        this.passwordConfig = (String) appConfigurationEntry.getOptions().get(PASSWORD_CONFIG);
        validateReconfiguration(map);
        configureCredential(map);
    }

    @Override // org.apache.kafka.common.Configurable
    public void configure(Map<String, ?> map) {
    }

    @Override // org.apache.kafka.common.Reconfigurable
    public Set<String> reconfigurableConfigs() {
        return (this.usernameConfig == null || this.passwordConfig == null) ? Collections.emptySet() : Utils.mkSet(this.usernameConfig, this.passwordConfig);
    }

    @Override // org.apache.kafka.common.Reconfigurable
    public void validateReconfiguration(Map<String, ?> map) {
        if (map.get(this.usernameConfig) == null) {
            throw new InvalidConfigurationException("User name not specified");
        }
        if (map.get(this.passwordConfig) == null) {
            throw new InvalidConfigurationException("Password not specified");
        }
    }

    @Override // org.apache.kafka.common.Reconfigurable
    public void reconfigure(Map<String, ?> map) {
        log.debug("Reconfiguring SASL/PLAIN login callback handler");
        configureCredential(map);
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                ((NameCallback) callback).setName(this.currentCredential.username());
            } else {
                if (!(callback instanceof PasswordCallback)) {
                    log.error("Unexpected callback {}", callback);
                    throw new UnsupportedCallbackException(callback);
                }
                ((PasswordCallback) callback).setPassword(this.currentCredential.password());
            }
        }
    }

    @Override // org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
    public void close() {
        this.currentCredential = EMPTY_CREDENTIAL;
        log.debug("Closing SASL/PLAIN login callback handler");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void configureCredential(Map<String, ?> map) {
        String str = (String) map.get(this.usernameConfig);
        Object obj = map.get(this.passwordConfig);
        String value = obj instanceof Password ? ((Password) obj).value() : (String) obj;
        this.currentCredential = new DynamicPlainCredential(str, value == null ? null : value.toCharArray());
    }
}
