package io.confluent.kafkarest.auth;

import io.confluent.kafkarest.DefaultKafkaRestContext;
import io.confluent.kafkarest.KafkaRestConfig;
import io.confluent.kafkarest.KafkaRestContext;
import io.confluent.kafkarest.ProducerPool;
import io.confluent.kafkarest.v2.KafkaConsumerManager;
import java.time.Instant;
import java.util.Objects;
import java.util.Properties;
import javax.annotation.Nullable;
import org.apache.kafka.clients.admin.Admin;
import org.apache.kafka.clients.admin.AdminClient;

/* loaded from: input_file:io/confluent/kafkarest/auth/CloudKafkaRestContext.class */
public final class CloudKafkaRestContext implements KafkaRestContext {
    private final DefaultKafkaRestContext delegate;

    @Nullable
    private volatile CloudPrincipal principal = null;

    @Nullable
    private volatile Instant expiration;
    private Admin adminClient;

    public CloudKafkaRestContext(KafkaRestConfig kafkaRestConfig) {
        this.delegate = new DefaultKafkaRestContext(kafkaRestConfig, (ProducerPool) null, (KafkaConsumerManager) null);
    }

    public synchronized void setPrincipal(CloudPrincipal cloudPrincipal) {
        this.principal = (CloudPrincipal) Objects.requireNonNull(cloudPrincipal);
    }

    public KafkaRestConfig getConfig() {
        return this.delegate.getConfig();
    }

    public ProducerPool getProducerPool() {
        throw new UnsupportedOperationException();
    }

    public KafkaConsumerManager getKafkaConsumerManager() {
        throw new UnsupportedOperationException();
    }

    public synchronized Admin getAdmin() {
        if (this.principal == null) {
            throw new IllegalStateException("Principal may not be null");
        }
        if (this.adminClient == null || (this.expiration != null && Instant.now().isAfter(this.expiration))) {
            this.expiration = Instant.ofEpochMilli(this.principal.expires());
            this.adminClient = AdminClient.create(adminProperties(this.delegate.getConfig()));
        }
        return this.adminClient;
    }

    public Properties adminProperties(KafkaRestConfig kafkaRestConfig) {
        Properties properties = new Properties();
        properties.putAll(kafkaRestConfig.getAdminProperties());
        properties.putAll(getTokenClientProps());
        properties.put("bootstrap.servers", kafkaRestConfig.getString("bootstrap.servers"));
        return properties;
    }

    private synchronized Properties getTokenClientProps() {
        Properties properties = new Properties();
        properties.put("client.id", "proxy:" + this.principal.getName());
        properties.put("sasl.mechanism", "OAUTHBEARER");
        properties.put("security.protocol", "SASL_SSL");
        properties.put("sasl.login.callback.handler.class", "io.confluent.kafka.clients.plugins.auth.oauth.OAuthBearerLoginCallbackHandler");
        properties.put("sasl.jaas.config", "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required  token=\"" + this.principal.getJwt() + "\" cluster=\"" + this.principal.getLkc() + "\";");
        return properties;
    }

    public void shutdown() {
        if (this.adminClient != null) {
            this.adminClient.close();
        }
    }
}
