package org.apache.kafka.tools;

import io.confluent.shaded.io.vertx.core.cli.UsageMessageFormatter;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import net.sourceforge.argparse4j.ArgumentParsers;
import net.sourceforge.argparse4j.impl.Arguments;
import net.sourceforge.argparse4j.inf.Argument;
import net.sourceforge.argparse4j.inf.ArgumentParser;
import net.sourceforge.argparse4j.inf.ArgumentParserException;
import net.sourceforge.argparse4j.inf.Namespace;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.config.AbstractConfig;
import org.apache.kafka.common.config.ConfigDef;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.config.SslConfigs;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginCallbackHandler;
import org.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenRetriever;
import org.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenRetrieverFactory;
import org.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenValidator;
import org.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenValidatorFactory;
import org.apache.kafka.common.security.oauthbearer.internals.secured.CloseableVerificationKeyResolver;
import org.apache.kafka.common.security.oauthbearer.internals.secured.VerificationKeyResolverFactory;
import org.apache.kafka.common.utils.Exit;

/* loaded from: input_file:org/apache/kafka/tools/OAuthCompatibilityTool.class */
public class OAuthCompatibilityTool {

    /* loaded from: input_file:org/apache/kafka/tools/OAuthCompatibilityTool$ArgsHandler.class */
    private static class ArgsHandler {
        private static final String DESCRIPTION = String.format("This tool is used to verify OAuth/OIDC provider compatibility.%n%nRun the following script to determine the configuration options:%n%n    ./bin/kafka-run-class.sh %s --help", OAuthCompatibilityTool.class.getName());
        private final ArgumentParser parser;

        private ArgsHandler() {
            this.parser = ArgumentParsers.newArgumentParser("oauth-compatibility-tool").defaultHelp(true).description(DESCRIPTION);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Namespace parseArgs(String[] strArr) throws ArgumentParserException {
            addArgument(SaslConfigs.SASL_LOGIN_CONNECT_TIMEOUT_MS, SaslConfigs.SASL_LOGIN_CONNECT_TIMEOUT_MS_DOC, Integer.class);
            addArgument(SaslConfigs.SASL_LOGIN_READ_TIMEOUT_MS, SaslConfigs.SASL_LOGIN_READ_TIMEOUT_MS_DOC, Integer.class);
            addArgument(SaslConfigs.SASL_LOGIN_RETRY_BACKOFF_MAX_MS, SaslConfigs.SASL_LOGIN_RETRY_BACKOFF_MAX_MS_DOC, Long.class);
            addArgument(SaslConfigs.SASL_LOGIN_RETRY_BACKOFF_MS, SaslConfigs.SASL_LOGIN_RETRY_BACKOFF_MS_DOC, Long.class);
            addArgument(SaslConfigs.SASL_OAUTHBEARER_CLOCK_SKEW_SECONDS, SaslConfigs.SASL_OAUTHBEARER_CLOCK_SKEW_SECONDS_DOC, Integer.class);
            addArgument(SaslConfigs.SASL_OAUTHBEARER_EXPECTED_AUDIENCE, SaslConfigs.SASL_OAUTHBEARER_EXPECTED_AUDIENCE_DOC).action(Arguments.append());
            addArgument(SaslConfigs.SASL_OAUTHBEARER_EXPECTED_ISSUER, SaslConfigs.SASL_OAUTHBEARER_EXPECTED_ISSUER_DOC);
            addArgument(SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_REFRESH_MS, SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_REFRESH_MS_DOC, Long.class);
            addArgument(SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_RETRY_BACKOFF_MAX_MS, SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_RETRY_BACKOFF_MAX_MS_DOC, Long.class);
            addArgument(SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_RETRY_BACKOFF_MS, SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_RETRY_BACKOFF_MS_DOC, Long.class);
            addArgument(SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_URL, SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_URL_DOC);
            addArgument(SaslConfigs.SASL_OAUTHBEARER_SCOPE_CLAIM_NAME, "The OAuth claim for the scope is often named \"scope\", but this (optional) setting can provide a different name to use for the scope included in the JWT payload's claims if the OAuth/OIDC provider uses a different name for that claim.");
            addArgument(SaslConfigs.SASL_OAUTHBEARER_SUB_CLAIM_NAME, "The OAuth claim for the subject is often named \"sub\", but this (optional) setting can provide a different name to use for the subject included in the JWT payload's claims if the OAuth/OIDC provider uses a different name for that claim.");
            addArgument(SaslConfigs.SASL_OAUTHBEARER_TOKEN_ENDPOINT_URL, SaslConfigs.SASL_OAUTHBEARER_TOKEN_ENDPOINT_URL_DOC);
            addArgument(SslConfigs.SSL_CIPHER_SUITES_CONFIG, SslConfigs.SSL_CIPHER_SUITES_DOC).action(Arguments.append());
            addArgument(SslConfigs.SSL_ENABLED_PROTOCOLS_CONFIG, SslConfigs.SSL_ENABLED_PROTOCOLS_DOC).action(Arguments.append());
            addArgument("ssl.endpoint.identification.algorithm", SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_DOC);
            addArgument(SslConfigs.SSL_ENGINE_FACTORY_CLASS_CONFIG, SslConfigs.SSL_ENGINE_FACTORY_CLASS_DOC);
            addArgument(SslConfigs.SSL_KEYMANAGER_ALGORITHM_CONFIG, SslConfigs.SSL_KEYMANAGER_ALGORITHM_DOC);
            addArgument(SslConfigs.SSL_KEYSTORE_CERTIFICATE_CHAIN_CONFIG, SslConfigs.SSL_KEYSTORE_CERTIFICATE_CHAIN_DOC);
            addArgument(SslConfigs.SSL_KEYSTORE_KEY_CONFIG, SslConfigs.SSL_KEYSTORE_KEY_DOC);
            addArgument(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, "The location of the key store file. This is optional for client and can be used for two-way authentication for client.");
            addArgument(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, SslConfigs.SSL_KEYSTORE_PASSWORD_DOC);
            addArgument(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, SslConfigs.SSL_KEYSTORE_TYPE_DOC);
            addArgument(SslConfigs.SSL_KEY_PASSWORD_CONFIG, SslConfigs.SSL_KEY_PASSWORD_DOC);
            addArgument(SslConfigs.SSL_PROTOCOL_CONFIG, SslConfigs.SSL_PROTOCOL_DOC);
            addArgument(SslConfigs.SSL_PROVIDER_CONFIG, SslConfigs.SSL_PROVIDER_DOC);
            addArgument(SslConfigs.SSL_SECURE_RANDOM_IMPLEMENTATION_CONFIG, SslConfigs.SSL_SECURE_RANDOM_IMPLEMENTATION_DOC);
            addArgument(SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_CONFIG, SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_DOC);
            addArgument(SslConfigs.SSL_TRUSTSTORE_CERTIFICATES_CONFIG, SslConfigs.SSL_TRUSTSTORE_CERTIFICATES_DOC);
            addArgument(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, SslConfigs.SSL_TRUSTSTORE_LOCATION_DOC);
            addArgument(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, SslConfigs.SSL_TRUSTSTORE_PASSWORD_DOC);
            addArgument(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, SslConfigs.SSL_TRUSTSTORE_TYPE_DOC);
            addArgument(OAuthBearerLoginCallbackHandler.CLIENT_ID_CONFIG, OAuthBearerLoginCallbackHandler.CLIENT_ID_DOC);
            addArgument(OAuthBearerLoginCallbackHandler.CLIENT_SECRET_CONFIG, OAuthBearerLoginCallbackHandler.CLIENT_SECRET_DOC);
            addArgument("scope", OAuthBearerLoginCallbackHandler.SCOPE_DOC);
            try {
                return this.parser.parseArgs(strArr);
            } catch (ArgumentParserException e) {
                this.parser.handleError(e);
                throw e;
            }
        }

        private Argument addArgument(String str, String str2) {
            return addArgument(str, str2, String.class);
        }

        private Argument addArgument(String str, String str2, Class<?> cls) {
            return this.parser.addArgument(UsageMessageFormatter.DEFAULT_LONG_OPT_PREFIX + str).type(cls).metavar(str).dest(str).help(str2);
        }
    }

    /* loaded from: input_file:org/apache/kafka/tools/OAuthCompatibilityTool$ConfigHandler.class */
    private static class ConfigHandler {
        private final Namespace namespace;

        private ConfigHandler(Namespace namespace) {
            this.namespace = namespace;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Map<String, ?> getConfigs() {
            HashMap hashMap = new HashMap();
            maybeAddInt(hashMap, SaslConfigs.SASL_LOGIN_CONNECT_TIMEOUT_MS);
            maybeAddInt(hashMap, SaslConfigs.SASL_LOGIN_READ_TIMEOUT_MS);
            maybeAddLong(hashMap, SaslConfigs.SASL_LOGIN_RETRY_BACKOFF_MS);
            maybeAddLong(hashMap, SaslConfigs.SASL_LOGIN_RETRY_BACKOFF_MAX_MS);
            maybeAddString(hashMap, SaslConfigs.SASL_OAUTHBEARER_SCOPE_CLAIM_NAME);
            maybeAddString(hashMap, SaslConfigs.SASL_OAUTHBEARER_SUB_CLAIM_NAME);
            maybeAddString(hashMap, SaslConfigs.SASL_OAUTHBEARER_TOKEN_ENDPOINT_URL);
            maybeAddString(hashMap, SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_URL);
            maybeAddLong(hashMap, SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_REFRESH_MS);
            maybeAddLong(hashMap, SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_RETRY_BACKOFF_MAX_MS);
            maybeAddLong(hashMap, SaslConfigs.SASL_OAUTHBEARER_JWKS_ENDPOINT_RETRY_BACKOFF_MS);
            maybeAddInt(hashMap, SaslConfigs.SASL_OAUTHBEARER_CLOCK_SKEW_SECONDS);
            maybeAddStringList(hashMap, SaslConfigs.SASL_OAUTHBEARER_EXPECTED_AUDIENCE);
            maybeAddString(hashMap, SaslConfigs.SASL_OAUTHBEARER_EXPECTED_ISSUER);
            ConfigDef configDef = new ConfigDef();
            SaslConfigs.addClientSaslSupport(configDef);
            SslConfigs.addClientSslSupport(configDef);
            return new AbstractConfig(configDef, hashMap).values();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Map<String, Object> getJaasOptions() {
            HashMap hashMap = new HashMap();
            maybeAddString(hashMap, OAuthBearerLoginCallbackHandler.CLIENT_ID_CONFIG);
            maybeAddString(hashMap, OAuthBearerLoginCallbackHandler.CLIENT_SECRET_CONFIG);
            maybeAddString(hashMap, "scope");
            maybeAddStringList(hashMap, SslConfigs.SSL_CIPHER_SUITES_CONFIG);
            maybeAddStringList(hashMap, SslConfigs.SSL_ENABLED_PROTOCOLS_CONFIG);
            maybeAddString(hashMap, "ssl.endpoint.identification.algorithm");
            maybeAddClass(hashMap, SslConfigs.SSL_ENGINE_FACTORY_CLASS_CONFIG);
            maybeAddString(hashMap, SslConfigs.SSL_KEYMANAGER_ALGORITHM_CONFIG);
            maybeAddPassword(hashMap, SslConfigs.SSL_KEYSTORE_CERTIFICATE_CHAIN_CONFIG);
            maybeAddPassword(hashMap, SslConfigs.SSL_KEYSTORE_KEY_CONFIG);
            maybeAddString(hashMap, SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
            maybeAddPassword(hashMap, SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
            maybeAddString(hashMap, SslConfigs.SSL_KEYSTORE_TYPE_CONFIG);
            maybeAddPassword(hashMap, SslConfigs.SSL_KEY_PASSWORD_CONFIG);
            maybeAddString(hashMap, SslConfigs.SSL_PROTOCOL_CONFIG);
            maybeAddString(hashMap, SslConfigs.SSL_PROVIDER_CONFIG);
            maybeAddString(hashMap, SslConfigs.SSL_SECURE_RANDOM_IMPLEMENTATION_CONFIG);
            maybeAddString(hashMap, SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_CONFIG);
            maybeAddPassword(hashMap, SslConfigs.SSL_TRUSTSTORE_CERTIFICATES_CONFIG);
            maybeAddString(hashMap, SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG);
            maybeAddPassword(hashMap, SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG);
            maybeAddString(hashMap, SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG);
            return hashMap;
        }

        private void maybeAddInt(Map<String, Object> map, String str) {
            Integer num = this.namespace.getInt(str);
            if (num != null) {
                map.put(str, num);
            }
        }

        private void maybeAddLong(Map<String, Object> map, String str) {
            Long l = this.namespace.getLong(str);
            if (l != null) {
                map.put(str, l);
            }
        }

        private void maybeAddString(Map<String, Object> map, String str) {
            String string = this.namespace.getString(str);
            if (string != null) {
                map.put(str, string);
            }
        }

        private void maybeAddPassword(Map<String, Object> map, String str) {
            String string = this.namespace.getString(str);
            if (string != null) {
                map.put(str, new Password(string));
            }
        }

        private void maybeAddClass(Map<String, Object> map, String str) {
            String string = this.namespace.getString(str);
            if (string != null) {
                try {
                    map.put(str, Class.forName(string));
                } catch (ClassNotFoundException e) {
                    throw new KafkaException("Could not find class for " + str, e);
                }
            }
        }

        private void maybeAddStringList(Map<String, Object> map, String str) {
            List list = this.namespace.getList(str);
            if (list != null) {
                map.put(str, list);
            }
        }
    }

    public static void main(String[] strArr) {
        String retrieve;
        CloseableVerificationKeyResolver create;
        Throwable th;
        ArgsHandler argsHandler = new ArgsHandler();
        try {
            ConfigHandler configHandler = new ConfigHandler(argsHandler.parseArgs(strArr));
            Map configs = configHandler.getConfigs();
            Map jaasOptions = configHandler.getJaasOptions();
            try {
                AccessTokenRetriever create2 = AccessTokenRetrieverFactory.create(configs, jaasOptions);
                Throwable th2 = null;
                try {
                    try {
                        create2.init();
                        AccessTokenValidator create3 = AccessTokenValidatorFactory.create(configs);
                        System.out.println("PASSED 1/5: client configuration");
                        retrieve = create2.retrieve();
                        System.out.println("PASSED 2/5: client JWT retrieval");
                        create3.validate(retrieve);
                        System.out.println("PASSED 3/5: client JWT validation");
                        if (create2 != null) {
                            if (0 != 0) {
                                try {
                                    create2.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                create2.close();
                            }
                        }
                        create = VerificationKeyResolverFactory.create(configs, jaasOptions);
                        th = null;
                    } catch (Throwable th4) {
                        th2 = th4;
                        throw th4;
                    }
                    try {
                        try {
                            create.init();
                            AccessTokenValidator create4 = AccessTokenValidatorFactory.create((Map<String, ?>) configs, create);
                            System.out.println("PASSED 4/5: broker configuration");
                            create4.validate(retrieve);
                            System.out.println("PASSED 5/5: broker JWT validation");
                            if (create != null) {
                                if (0 != 0) {
                                    try {
                                        create.close();
                                    } catch (Throwable th5) {
                                        th.addSuppressed(th5);
                                    }
                                } else {
                                    create.close();
                                }
                            }
                            System.out.println("SUCCESS");
                            Exit.exit(0);
                        } catch (Throwable th6) {
                            th = th6;
                            throw th6;
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Throwable th7) {
                System.out.println("FAILED:");
                th7.printStackTrace();
                if (th7 instanceof ConfigException) {
                    System.out.printf("%n", new Object[0]);
                    argsHandler.parser.printHelp();
                }
                Exit.exit(1);
            }
        } catch (ArgumentParserException e) {
            Exit.exit(1);
        }
    }
}
