package io.confluent.auditlogapi.credentials;

import com.google.common.collect.ImmutableMap;
import io.confluent.common.security.auth.JwtPrincipal;
import io.confluent.common.security.sasl.ConfluentOAuthConfigs;
import java.util.Collections;
import java.util.Map;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.consumer.InvalidJwtException;

/* loaded from: input_file:io/confluent/auditlogapi/credentials/ExtractedCredentials.class */
public interface ExtractedCredentials {

    /* loaded from: input_file:io/confluent/auditlogapi/credentials/ExtractedCredentials$JwtCredentials.class */
    public static class JwtCredentials implements ExtractedCredentials {
        private final JwtPrincipal principal;
        private final String metadataServerUrl;
        private final String remoteHost;

        public JwtCredentials(JwtPrincipal jwtPrincipal, String str, String str2) {
            this.remoteHost = str2;
            this.metadataServerUrl = str;
            try {
                this.principal = new JwtPrincipal(JwtClaims.parse(jwtPrincipal.getClaims().getRawJson()), jwtPrincipal.getJwt());
            } catch (InvalidJwtException e) {
                throw new RuntimeException("impossible code path", e);
            }
        }

        @Override // io.confluent.auditlogapi.credentials.ExtractedCredentials
        public Map<String, String> toClientCredentialProperties() {
            return ImmutableMap.builder().put("sasl.mechanism", "OAUTHBEARER").put("sasl.login.callback.handler.class", "io.confluent.kafka.clients.plugins.auth.token.TokenBearerLoginCallbackHandler").put("sasl.jaas.config", ConfluentOAuthConfigs.getOAuthBearerLoginModuleJaasConfig(this.principal, this.metadataServerUrl)).build();
        }

        @Override // io.confluent.auditlogapi.credentials.ExtractedCredentials
        public String remoteHost() {
            return this.remoteHost;
        }

        @Override // io.confluent.auditlogapi.credentials.ExtractedCredentials
        public KafkaPrincipal kafkaPrincipal() {
            KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", this.principal.getName());
            kafkaPrincipal.tokenAuthenticated(true);
            return kafkaPrincipal;
        }
    }

    /* loaded from: input_file:io/confluent/auditlogapi/credentials/ExtractedCredentials$NoCredentials.class */
    public static class NoCredentials implements ExtractedCredentials {
        private final String remoteHost;

        public NoCredentials(String str) {
            this.remoteHost = str;
        }

        @Override // io.confluent.auditlogapi.credentials.ExtractedCredentials
        public Map<String, String> toClientCredentialProperties() {
            return Collections.emptyMap();
        }

        @Override // io.confluent.auditlogapi.credentials.ExtractedCredentials
        public String remoteHost() {
            return this.remoteHost;
        }

        @Override // io.confluent.auditlogapi.credentials.ExtractedCredentials
        public KafkaPrincipal kafkaPrincipal() {
            return KafkaPrincipal.ANONYMOUS;
        }
    }

    Map<String, String> toClientCredentialProperties();

    String remoteHost();

    KafkaPrincipal kafkaPrincipal();
}
