package com.azure.messaging.servicebus.implementation;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.CoreUtils;
import com.azure.core.util.logging.ClientLogger;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.time.Duration;
import java.time.Instant;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.time.temporal.TemporalAmount;
import java.util.Arrays;
import java.util.Base64;
import java.util.Locale;
import java.util.Objects;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/azure/messaging/servicebus/implementation/ServiceBusSharedKeyCredential.class */
public class ServiceBusSharedKeyCredential implements TokenCredential {
    private static final String SHARED_ACCESS_SIGNATURE_FORMAT = "SharedAccessSignature sr=%s&sig=%s&se=%s&skn=%s";
    private static final String HASH_ALGORITHM = "HMACSHA256";
    private static final String NO_HASH_ALGORITHM_ERROR_MESSAGE = "Unable to create hashing algorithm 'HMACSHA256'";
    private static final String INVALID_SHARED_ACCESS_KEY = "'sharedAccessKey' is an invalid value for the hashing algorithm.";
    private static final ClientLogger LOGGER = new ClientLogger(ServiceBusSharedKeyCredential.class);
    private final String policyName;
    private final Duration tokenValidity;
    private final SecretKeySpec secretKeySpec;
    private final String sharedAccessSignature;

    public ServiceBusSharedKeyCredential(String str, String str2) {
        this(str, str2, ServiceBusConstants.TOKEN_VALIDITY);
    }

    public ServiceBusSharedKeyCredential(String str, String str2, Duration duration) {
        Objects.requireNonNull(str2, "'sharedAccessKey' cannot be null.");
        this.policyName = (String) Objects.requireNonNull(str, "'policyName' cannot be null.");
        this.tokenValidity = (Duration) Objects.requireNonNull(duration, "'tokenValidity' cannot be null.");
        if (str.isEmpty()) {
            throw new IllegalArgumentException("'policyName' cannot be an empty string.");
        }
        if (str2.isEmpty()) {
            throw new IllegalArgumentException("'sharedAccessKey' cannot be an empty string.");
        }
        if (duration.isZero() || duration.isNegative()) {
            throw new IllegalArgumentException("'tokenTimeToLive' has to positive and in the order-of seconds");
        }
        this.secretKeySpec = new SecretKeySpec(str2.getBytes(StandardCharsets.UTF_8), HASH_ALGORITHM);
        this.sharedAccessSignature = null;
    }

    public ServiceBusSharedKeyCredential(String str) {
        this.sharedAccessSignature = (String) Objects.requireNonNull(str, "'sharedAccessSignature' cannot be null");
        this.policyName = null;
        this.secretKeySpec = null;
        this.tokenValidity = null;
    }

    public Mono<AccessToken> getToken(TokenRequestContext tokenRequestContext) {
        return Mono.fromCallable(() -> {
            return getTokenSync(tokenRequestContext);
        });
    }

    public AccessToken getTokenSync(TokenRequestContext tokenRequestContext) {
        if (tokenRequestContext.getScopes().size() != 1) {
            throw LOGGER.logExceptionAsError(new IllegalArgumentException("'scopes' should only contain a single argument that is the token audience or resource name."));
        }
        try {
            return generateSharedAccessSignature((String) tokenRequestContext.getScopes().get(0));
        } catch (UnsupportedEncodingException e) {
            throw LOGGER.logExceptionAsError(new RuntimeException(e));
        }
    }

    private AccessToken generateSharedAccessSignature(String str) throws UnsupportedEncodingException {
        if (CoreUtils.isNullOrEmpty(str)) {
            throw LOGGER.logExceptionAsError(new IllegalArgumentException("resource cannot be empty"));
        }
        if (this.sharedAccessSignature != null) {
            return new AccessToken(this.sharedAccessSignature, getExpirationTime(this.sharedAccessSignature));
        }
        try {
            Mac mac = Mac.getInstance(HASH_ALGORITHM);
            mac.init(this.secretKeySpec);
            String name = StandardCharsets.UTF_8.name();
            OffsetDateTime plus = OffsetDateTime.now(ZoneOffset.UTC).plus((TemporalAmount) this.tokenValidity);
            String l = Long.toString(plus.toEpochSecond());
            String encode = URLEncoder.encode(str, name);
            return new AccessToken(String.format(Locale.US, SHARED_ACCESS_SIGNATURE_FORMAT, encode, URLEncoder.encode(Base64.getEncoder().encodeToString(mac.doFinal((encode + "\n" + l).getBytes(name))), name), URLEncoder.encode(l, name), URLEncoder.encode(this.policyName, name)), plus);
        } catch (InvalidKeyException e) {
            throw LOGGER.logExceptionAsError(new IllegalArgumentException(INVALID_SHARED_ACCESS_KEY, e));
        } catch (NoSuchAlgorithmException e2) {
            throw LOGGER.logExceptionAsError(new UnsupportedOperationException(NO_HASH_ALGORITHM_ERROR_MESSAGE, e2));
        }
    }

    private OffsetDateTime getExpirationTime(String str) {
        return (OffsetDateTime) Arrays.stream(str.split("&")).map(str2 -> {
            return str2.split("=");
        }).filter(strArr -> {
            return strArr.length == 2 && "se".equalsIgnoreCase(strArr[0]);
        }).findFirst().map(strArr2 -> {
            return strArr2[1];
        }).map(str3 -> {
            try {
                return Instant.ofEpochSecond(Long.parseLong(str3)).atOffset(ZoneOffset.UTC);
            } catch (NumberFormatException e) {
                LOGGER.atVerbose().addKeyValue("expirationTime", str3).log("Invalid expiration time format in the SAS token. Falling back to max expiration time.");
                return OffsetDateTime.MAX;
            }
        }).orElse(OffsetDateTime.MAX);
    }
}
