package io.confluent.kafka.clients.plugins.auth.oauth.internals;

import io.spiffe.exception.JwtSourceException;
import io.spiffe.exception.JwtSvidException;
import io.spiffe.exception.SocketEndpointAddressException;
import io.spiffe.workloadapi.CachedJwtSource;
import io.spiffe.workloadapi.JwtSource;
import io.spiffe.workloadapi.JwtSourceOptions;
import java.io.IOException;
import java.time.Duration;
import org.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenRetriever;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/kafka/clients/plugins/auth/oauth/internals/SpireJwtTokenRetriever.class */
public class SpireJwtTokenRetriever implements AccessTokenRetriever {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SpireJwtTokenRetriever.class);
    private JwtSource jwtSource;
    private String audience;

    public SpireJwtTokenRetriever(String str, String str2) {
        this.audience = str2;
        try {
            this.jwtSource = CachedJwtSource.newSource(JwtSourceOptions.builder().spiffeSocketPath(str).initTimeout(Duration.ofSeconds(5L)).build());
        } catch (JwtSourceException | SocketEndpointAddressException e) {
            log.error(e.getMessage(), (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    @Override // org.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenRetriever
    public String retrieve() throws IOException {
        try {
            return this.jwtSource.fetchJwtSvid(this.audience, new String[0]).getToken();
        } catch (JwtSvidException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.apache.kafka.common.security.oauthbearer.internals.secured.AccessTokenRetriever, java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        this.jwtSource.close();
    }
}
