package com.azure.spring.cloud.autoconfigure.kafka;

import com.azure.spring.cloud.autoconfigure.context.AzureGlobalProperties;
import com.azure.spring.cloud.autoconfigure.implementation.jdbc.JdbcPropertyConstants;
import com.azure.spring.cloud.core.implementation.properties.PropertyMapper;
import com.azure.spring.cloud.core.implementation.util.AzureSpringIdentifier;
import com.azure.spring.cloud.core.properties.AzureProperties;
import com.azure.spring.cloud.service.implementation.jaas.Jaas;
import com.azure.spring.cloud.service.implementation.jaas.JaasResolver;
import com.azure.spring.cloud.service.implementation.kafka.AzureKafkaPropertiesUtils;
import com.azure.spring.cloud.service.implementation.kafka.KafkaOAuth2AuthenticateCallbackHandler;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.apache.kafka.common.message.ApiVersionsRequestData;
import org.apache.kafka.common.requests.ApiVersionsRequest;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule;
import org.slf4j.Logger;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.util.ReflectionUtils;
import org.springframework.util.StringUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/azure/spring/cloud/autoconfigure/kafka/AbstractKafkaPropertiesBeanPostProcessor.class */
public abstract class AbstractKafkaPropertiesBeanPostProcessor<T> implements BeanPostProcessor {
    static final String SASL_MECHANISM_OAUTH = "OAUTHBEARER";
    static final String AZURE_CONFIGURED_JAAS_OPTIONS_KEY = "azure.configured";
    static final String AZURE_CONFIGURED_JAAS_OPTIONS_VALUE = "true";
    private static final Map<String, String> KAFKA_OAUTH_CONFIGS;
    private static final String LOG_OAUTH_DETAILED_PROPERTY_CONFIGURE = "OAUTHBEARER authentication property {} will be configured as {} to support Azure Identity credentials.";
    private static final String LOG_OAUTH_AUTOCONFIGURATION_CONFIGURE = "Spring Cloud Azure auto-configuration for Kafka OAUTHBEARER authentication will be loaded to configure your Kafka security and sasl properties to support Azure Identity credentials.";
    private static final String LOG_OAUTH_AUTOCONFIGURATION_RECOMMENDATION = "Currently {} authentication mechanism is used, recommend to use Spring Cloud Azure auto-configuration for Kafka OAUTHBEARER authentication which supports various Azure Identity credentials. To leverage the auto-configuration for OAuth2, you can just remove all your security, sasl and credential configurations of Kafka and Event Hubs. And configure Kafka bootstrap servers instead, which can be set as spring.kafka.boostrap-servers=EventHubsNamespacesFQDN:9093.";
    private final AzureGlobalProperties azureGlobalProperties;
    static final String SECURITY_PROTOCOL_CONFIG_SASL = SecurityProtocol.SASL_SSL.name();
    static final String SASL_LOGIN_CALLBACK_HANDLER_CLASS_OAUTH = KafkaOAuth2AuthenticateCallbackHandler.class.getName();
    protected static final PropertyMapper PROPERTY_MAPPER = new PropertyMapper();

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractKafkaPropertiesBeanPostProcessor(AzureGlobalProperties azureGlobalProperties) {
        this.azureGlobalProperties = azureGlobalProperties;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public Object postProcessBeforeInitialization(Object obj, String str) throws BeansException {
        if (needsPostProcess(obj)) {
            replaceAzurePropertiesWithJaas(getMergedProducerProperties(obj), getRawProducerProperties(obj));
            replaceAzurePropertiesWithJaas(getMergedConsumerProperties(obj), getRawConsumerProperties(obj));
            replaceAzurePropertiesWithJaas(getMergedAdminProperties(obj), getRawAdminProperties(obj));
            customizeProcess(obj);
        }
        return obj;
    }

    protected abstract Map<String, Object> getMergedProducerProperties(T t);

    protected abstract Map<String, String> getRawProducerProperties(T t);

    protected abstract Map<String, Object> getMergedConsumerProperties(T t);

    protected abstract Map<String, String> getRawConsumerProperties(T t);

    protected abstract Map<String, Object> getMergedAdminProperties(T t);

    protected abstract Map<String, String> getRawAdminProperties(T t);

    protected abstract boolean needsPostProcess(Object obj);

    protected abstract Logger getLogger();

    protected void customizeProcess(T t) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void clearAzureProperties(Map<String, String> map) {
        List propertyKeys = AzureKafkaPropertiesUtils.AzureKafkaPasswordlessPropertiesMapping.getPropertyKeys();
        Objects.requireNonNull(map);
        propertyKeys.forEach((v1) -> {
            r1.remove(v1);
        });
    }

    private void replaceAzurePropertiesWithJaas(Map<String, Object> map, Map<String, String> map2) {
        resolveJaasForAzure(map).ifPresent(jaas -> {
            configJaasToKafkaRawProperties(jaas, map2);
            logConfigureOAuthProperties();
            configureKafkaUserAgent();
        });
        clearAzureProperties(map2);
    }

    private Optional<Jaas> resolveJaasForAzure(Map<String, Object> map) {
        if (!needConfigureSaslOAuth(map)) {
            return Optional.empty();
        }
        Jaas jaas = (Jaas) new JaasResolver().resolve((String) map.get("sasl.jaas.config")).orElse(new Jaas(OAuthBearerLoginModule.class.getName()));
        setAzurePropertiesToJaasOptionsIfAbsent(this.azureGlobalProperties, jaas);
        setKafkaPropertiesToJaasOptions(map, jaas);
        jaas.getOptions().put(AZURE_CONFIGURED_JAAS_OPTIONS_KEY, "true");
        return Optional.of(jaas);
    }

    private void configJaasToKafkaRawProperties(Jaas jaas, Map<String, String> map) {
        map.putAll(KAFKA_OAUTH_CONFIGS);
        map.put("sasl.jaas.config", jaas.toString());
    }

    private void logConfigureOAuthProperties() {
        getLogger().info(LOG_OAUTH_AUTOCONFIGURATION_CONFIGURE);
        getLogger().debug(LOG_OAUTH_DETAILED_PROPERTY_CONFIGURE, "security.protocol", SECURITY_PROTOCOL_CONFIG_SASL);
        getLogger().debug(LOG_OAUTH_DETAILED_PROPERTY_CONFIGURE, "sasl.mechanism", SASL_MECHANISM_OAUTH);
        getLogger().debug(LOG_OAUTH_DETAILED_PROPERTY_CONFIGURE, "sasl.jaas.config", "***the value involves credentials and will not be logged***");
        getLogger().debug(LOG_OAUTH_DETAILED_PROPERTY_CONFIGURE, "sasl.login.callback.handler.class", SASL_LOGIN_CALLBACK_HANDLER_CLASS_OAUTH);
    }

    private void setKafkaPropertiesToJaasOptions(Map<String, ?> map, Jaas jaas) {
        AzureKafkaPropertiesUtils.AzureKafkaPasswordlessPropertiesMapping.getPropertyKeys().forEach(str -> {
            PROPERTY_MAPPER.from(map.get(str)).to(obj -> {
                jaas.getOptions().put(str, (String) obj);
            });
        });
    }

    private void setAzurePropertiesToJaasOptionsIfAbsent(AzureProperties azureProperties, Jaas jaas) {
        convertAzurePropertiesToMap(azureProperties).forEach((str, str2) -> {
            jaas.getOptions().putIfAbsent(str, str2);
        });
    }

    private Map<String, String> convertAzurePropertiesToMap(AzureProperties azureProperties) {
        HashMap hashMap = new HashMap();
        for (AzureKafkaPropertiesUtils.AzureKafkaPasswordlessPropertiesMapping azureKafkaPasswordlessPropertiesMapping : AzureKafkaPropertiesUtils.AzureKafkaPasswordlessPropertiesMapping.values()) {
            PROPERTY_MAPPER.from((String) azureKafkaPasswordlessPropertiesMapping.getter().apply(azureProperties)).to(str -> {
                hashMap.put(azureKafkaPasswordlessPropertiesMapping.propertyKey(), str);
            });
        }
        return hashMap;
    }

    static synchronized void configureKafkaUserAgent() {
        ApiVersionsRequestData apiVersionsRequestData;
        String clientSoftwareName;
        Method findMethod = ReflectionUtils.findMethod(ApiVersionsRequest.class, "data");
        if (findMethod == null || (apiVersionsRequestData = (ApiVersionsRequestData) ReflectionUtils.invokeMethod(findMethod, new ApiVersionsRequest.Builder().build())) == null || (clientSoftwareName = apiVersionsRequestData.clientSoftwareName()) == null || clientSoftwareName.contains(".az-sp-kafka")) {
            return;
        }
        apiVersionsRequestData.setClientSoftwareName(apiVersionsRequestData.clientSoftwareName() + ".az-sp-kafka");
        apiVersionsRequestData.setClientSoftwareVersion(AzureSpringIdentifier.VERSION);
    }

    boolean needConfigureSaslOAuth(Map<String, Object> map) {
        return meetAzureBootstrapServerConditions(map) && meetSaslOAuthConditions(map);
    }

    private boolean meetSaslOAuthConditions(Map<String, Object> map) {
        String str = (String) map.get("security.protocol");
        String str2 = (String) map.get("sasl.mechanism");
        String str3 = (String) map.get("sasl.jaas.config");
        if (meetSaslProtocolConditions(str) && meetSaslOAuth2MechanismConditions(str2) && meetJaasConditions(str3)) {
            return true;
        }
        getLogger().info(LOG_OAUTH_AUTOCONFIGURATION_RECOMMENDATION, str2);
        return false;
    }

    private boolean meetSaslProtocolConditions(String str) {
        return str == null || SECURITY_PROTOCOL_CONFIG_SASL.equalsIgnoreCase(str);
    }

    private boolean meetSaslOAuth2MechanismConditions(String str) {
        return str == null || SASL_MECHANISM_OAUTH.equalsIgnoreCase(str);
    }

    private boolean meetJaasConditions(String str) {
        if (str == null) {
            return true;
        }
        return ((Boolean) new JaasResolver().resolve(str).map(jaas -> {
            return Boolean.valueOf("true".equals(jaas.getOptions().get(AZURE_CONFIGURED_JAAS_OPTIONS_KEY)));
        }).orElse(false)).booleanValue();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v35, types: [java.util.List] */
    private boolean meetAzureBootstrapServerConditions(Map<String, Object> map) {
        ArrayList arrayList;
        Object obj = map.get("bootstrap.servers");
        if (obj instanceof String) {
            arrayList = Arrays.asList(StringUtils.delimitedListToStringArray((String) obj, JdbcPropertyConstants.MYSQL_PROPERTY_CONNECTION_ATTRIBUTES_DELIMITER));
        } else {
            if (!(obj instanceof Iterable)) {
                getLogger().debug("Kafka bootstrap server configuration doesn't meet passwordless requirements.");
                return false;
            }
            arrayList = new ArrayList();
            for (T t : (Iterable) obj) {
                if (!(t instanceof String)) {
                    getLogger().debug("Kafka bootstrap server configuration doesn't meet passwordless requirements.");
                    return false;
                }
                arrayList.add((String) t);
            }
        }
        return arrayList.size() == 1 && ((String) arrayList.get(0)).endsWith(":9093");
    }

    static {
        HashMap hashMap = new HashMap();
        hashMap.put("security.protocol", SECURITY_PROTOCOL_CONFIG_SASL);
        hashMap.put("sasl.mechanism", SASL_MECHANISM_OAUTH);
        hashMap.put("sasl.login.callback.handler.class", SASL_LOGIN_CALLBACK_HANDLER_CLASS_OAUTH);
        KAFKA_OAUTH_CONFIGS = Collections.unmodifiableMap(hashMap);
    }
}
