package org.apache.kafka.common.security.authenticator;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.network.ListenerName;
import org.apache.kafka.common.security.JaasContext;
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import org.apache.kafka.common.security.auth.Login;
import org.apache.kafka.common.security.authenticator.AbstractLogin;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule;
import org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerUnsecuredLoginCallbackHandler;
import org.apache.kafka.common.utils.SecurityUtils;
import org.apache.kafka.common.utils.Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/kafka-clients-3.3.2.jar:org/apache/kafka/common/security/authenticator/LoginManager.class */
public class LoginManager {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) LoginManager.class);
    private static final Map<LoginMetadata<String>, LoginManager> STATIC_INSTANCES = new HashMap();
    private static final Map<LoginMetadata<Password>, LoginManager> DYNAMIC_INSTANCES = new HashMap();
    private final Login login;
    private final LoginMetadata<?> loginMetadata;
    private final AuthenticateCallbackHandler loginCallbackHandler;
    private int refCount;

    /* loaded from: input_file:BOOT-INF/lib/kafka-clients-3.3.2.jar:org/apache/kafka/common/security/authenticator/LoginManager$LoginMetadata.class */
    private static class LoginMetadata<T> {
        final T configInfo;
        final Class<? extends Login> loginClass;
        final Class<? extends AuthenticateCallbackHandler> loginCallbackClass;

        LoginMetadata(T t, Class<? extends Login> cls, Class<? extends AuthenticateCallbackHandler> cls2) {
            this.configInfo = t;
            this.loginClass = cls;
            this.loginCallbackClass = cls2;
        }

        public int hashCode() {
            return Objects.hash(this.configInfo, this.loginClass, this.loginCallbackClass);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            LoginMetadata loginMetadata = (LoginMetadata) obj;
            return Objects.equals(this.configInfo, loginMetadata.configInfo) && Objects.equals(this.loginClass, loginMetadata.loginClass) && Objects.equals(this.loginCallbackClass, loginMetadata.loginCallbackClass);
        }
    }

    private LoginManager(JaasContext jaasContext, String str, Map<String, ?> map, LoginMetadata<?> loginMetadata) throws LoginException {
        this.loginMetadata = loginMetadata;
        this.login = (Login) Utils.newInstance(loginMetadata.loginClass);
        this.loginCallbackHandler = (AuthenticateCallbackHandler) Utils.newInstance(loginMetadata.loginCallbackClass);
        this.loginCallbackHandler.configure(map, str, jaasContext.configurationEntries());
        this.login.configure(map, jaasContext.name(), jaasContext.configuration(), this.loginCallbackHandler);
        this.login.login();
    }

    public static LoginManager acquireLoginManager(JaasContext jaasContext, String str, Class<? extends Login> cls, Map<String, ?> map) throws LoginException {
        LoginManager loginManager;
        LoginManager acquire;
        Class configuredClassOrDefault = configuredClassOrDefault(map, jaasContext, str, SaslConfigs.SASL_LOGIN_CLASS, cls);
        Class configuredClassOrDefault2 = configuredClassOrDefault(map, jaasContext, str, SaslConfigs.SASL_LOGIN_CALLBACK_HANDLER_CLASS, OAuthBearerLoginModule.OAUTHBEARER_MECHANISM.equals(str) ? OAuthBearerUnsecuredLoginCallbackHandler.class : AbstractLogin.DefaultLoginCallbackHandler.class);
        synchronized (LoginManager.class) {
            Password dynamicJaasConfig = jaasContext.dynamicJaasConfig();
            if (dynamicJaasConfig != null) {
                LoginMetadata<Password> loginMetadata = new LoginMetadata<>(dynamicJaasConfig, configuredClassOrDefault, configuredClassOrDefault2);
                loginManager = DYNAMIC_INSTANCES.get(loginMetadata);
                if (loginManager == null) {
                    loginManager = new LoginManager(jaasContext, str, map, loginMetadata);
                    DYNAMIC_INSTANCES.put(loginMetadata, loginManager);
                }
            } else {
                LoginMetadata<String> loginMetadata2 = new LoginMetadata<>(jaasContext.name(), configuredClassOrDefault, configuredClassOrDefault2);
                loginManager = STATIC_INSTANCES.get(loginMetadata2);
                if (loginManager == null) {
                    loginManager = new LoginManager(jaasContext, str, map, loginMetadata2);
                    STATIC_INSTANCES.put(loginMetadata2, loginManager);
                }
            }
            SecurityUtils.addConfiguredSecurityProviders(map);
            acquire = loginManager.acquire();
        }
        return acquire;
    }

    public Subject subject() {
        return this.login.subject();
    }

    public String serviceName() {
        return this.login.serviceName();
    }

    Object cacheKey() {
        return this.loginMetadata.configInfo;
    }

    private LoginManager acquire() {
        this.refCount++;
        LOGGER.trace("{} acquired", this);
        return this;
    }

    public void release() {
        synchronized (LoginManager.class) {
            if (this.refCount == 0) {
                throw new IllegalStateException("release() called on disposed " + this);
            }
            if (this.refCount == 1) {
                if (this.loginMetadata.configInfo instanceof Password) {
                    DYNAMIC_INSTANCES.remove(this.loginMetadata);
                } else {
                    STATIC_INSTANCES.remove(this.loginMetadata);
                }
                this.login.close();
                this.loginCallbackHandler.close();
            }
            this.refCount--;
            LOGGER.trace("{} released", this);
        }
    }

    public String toString() {
        return "LoginManager(serviceName=" + serviceName() + ", publicCredentials=" + subject().getPublicCredentials() + ", refCount=" + this.refCount + ')';
    }

    public static void closeAll() {
        synchronized (LoginManager.class) {
            Iterator it = new ArrayList(STATIC_INSTANCES.keySet()).iterator();
            while (it.hasNext()) {
                STATIC_INSTANCES.remove((LoginMetadata) it.next()).login.close();
            }
            Iterator it2 = new ArrayList(DYNAMIC_INSTANCES.keySet()).iterator();
            while (it2.hasNext()) {
                DYNAMIC_INSTANCES.remove((LoginMetadata) it2.next()).login.close();
            }
        }
    }

    private static <T> Class<? extends T> configuredClassOrDefault(Map<String, ?> map, JaasContext jaasContext, String str, String str2, Class<? extends T> cls) {
        Class<? extends T> cls2 = (Class) map.get((jaasContext.type() == JaasContext.Type.SERVER ? ListenerName.saslMechanismPrefix(str) : "") + str2);
        if (cls2 != null && jaasContext.configurationEntries().size() != 1) {
            throw new ConfigException(str2 + " cannot be specified with multiple login modules in the JAAS context. " + SaslConfigs.SASL_JAAS_CONFIG + " must be configured to override mechanism-specific configs.");
        }
        if (cls2 == null) {
            cls2 = cls;
        }
        return cls2;
    }
}
