package com.microsoft.azure.relay;

import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.time.Duration;
import java.time.Instant;
import java.util.Base64;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/microsoft/azure/relay/SharedAccessSignatureTokenProvider.class */
public class SharedAccessSignatureTokenProvider extends TokenProvider {
    private static final String UTF8_ENCODING_NAME = StandardCharsets.UTF_8.name();
    private final byte[] encodedSharedAccessKey;
    private final String keyName;
    private final String sharedAccessSignature;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/microsoft/azure/relay/SharedAccessSignatureTokenProvider$SharedAccessSignatureBuilder.class */
    public static class SharedAccessSignatureBuilder {
        static final String HMAC_ALGORITHM = "HMACSHA256";

        SharedAccessSignatureBuilder() {
        }

        public static String buildSignature(String str, byte[] bArr, String str2, Duration duration) throws UnsupportedEncodingException, InvalidKeyException, NoSuchAlgorithmException {
            String buildExpiresOn = buildExpiresOn(duration);
            String encode = URLEncoder.encode(str2, SharedAccessSignatureTokenProvider.UTF8_ENCODING_NAME);
            return String.format(Locale.ROOT, "%s %s=%s&%s=%s&%s=%s&%s=%s", SharedAccessSignatureToken.SHARED_ACCESS_SIGNATURE, SharedAccessSignatureToken.SIGNED_RESOURCE, encode, SharedAccessSignatureToken.SIGNATURE, URLEncoder.encode(sign(String.join("\n", encode, buildExpiresOn), bArr), SharedAccessSignatureTokenProvider.UTF8_ENCODING_NAME), SharedAccessSignatureToken.SIGNED_EXPIRY, URLEncoder.encode(buildExpiresOn, SharedAccessSignatureTokenProvider.UTF8_ENCODING_NAME), SharedAccessSignatureToken.SIGNATURE_KEYNAME, URLEncoder.encode(str, SharedAccessSignatureTokenProvider.UTF8_ENCODING_NAME));
        }

        static String buildExpiresOn(Duration duration) {
            long seconds = duration.getSeconds();
            if (seconds < 0) {
                throw new IllegalArgumentException("timeToLive should be a positive value");
            }
            return String.valueOf(Instant.now().getEpochSecond() + seconds);
        }

        static String sign(String str, byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException {
            Mac mac = Mac.getInstance(HMAC_ALGORITHM);
            mac.init(new SecretKeySpec(bArr, HMAC_ALGORITHM));
            return Base64.getEncoder().encodeToString(mac.doFinal(str.getBytes(StringUtil.UTF8)));
        }
    }

    /* loaded from: input_file:com/microsoft/azure/relay/SharedAccessSignatureTokenProvider$SharedAccessSignatureToken.class */
    static class SharedAccessSignatureToken extends SecurityToken {
        public static final int MAX_KEYNAME_LENGTH = 256;
        public static final int MAX_KEY_LENGTH = 256;
        public static final String SHARED_ACCESS_SIGNATURE = "SharedAccessSignature";
        public static final String SIGNED_RESOURCE = "sr";
        public static final String SIGNATURE = "sig";
        public static final String SIGNATURE_KEYNAME = "skn";
        public static final String SIGNED_EXPIRY = "se";
        public static final String SIGNED_RESOURCE_FULL_FIELD_NAME = "SharedAccessSignature sr";
        public static final String SAS_KEY_VALUE_SEPARATOR = "=";
        public static final String SAS_PAIR_SEPARATOR = "&";

        public SharedAccessSignatureToken(String str) {
            super(str, SIGNED_RESOURCE_FULL_FIELD_NAME, SIGNED_EXPIRY, SAS_KEY_VALUE_SEPARATOR, SAS_PAIR_SEPARATOR);
        }

        static void validate(String str) {
            if (StringUtil.isNullOrEmpty(str)) {
                throw new IllegalArgumentException("sharedAccessSignature cannot be null or empty");
            }
            Map<String, String> extractFieldValues = extractFieldValues(str);
            for (String str2 : new String[]{SIGNATURE, SIGNED_EXPIRY, SIGNATURE_KEYNAME, SIGNED_RESOURCE}) {
                if (extractFieldValues.get(str2) == null) {
                    throw new IllegalArgumentException(str2.toString() + " has no corresponding value.");
                }
            }
        }

        static Map<String, String> extractFieldValues(String str) {
            String[] split = str.split("\\s+");
            if (!split[0].trim().equalsIgnoreCase(SHARED_ACCESS_SIGNATURE) || split.length != 2) {
                throw new IllegalArgumentException("invalid sharedAccessSignture.");
            }
            HashMap hashMap = new HashMap();
            for (String str2 : split[1].trim().split(SAS_PAIR_SEPARATOR)) {
                if (!StringUtil.isNullOrEmpty(str2)) {
                    String[] split2 = str2.split(SAS_KEY_VALUE_SEPARATOR);
                    String lowerCase = split2[0].toLowerCase();
                    try {
                        hashMap.put(lowerCase, lowerCase.equalsIgnoreCase(SIGNED_RESOURCE) ? split2[1] : URLDecoder.decode(split2[1], SharedAccessSignatureTokenProvider.UTF8_ENCODING_NAME));
                    } catch (UnsupportedEncodingException e) {
                        throw new RuntimeException("UTF-8 decoding is not supported in the java runtime.");
                    }
                }
            }
            return hashMap;
        }
    }

    public SharedAccessSignatureTokenProvider(String str) {
        SharedAccessSignatureToken.validate(str);
        this.encodedSharedAccessKey = null;
        this.keyName = null;
        this.sharedAccessSignature = str;
    }

    public SharedAccessSignatureTokenProvider(String str, String str2) {
        this(str, str2, null);
    }

    public SharedAccessSignatureTokenProvider(String str, String str2, Charset charset) {
        this.sharedAccessSignature = null;
        if (StringUtil.isNullOrEmpty(str) || StringUtil.isNullOrEmpty(str2)) {
            throw new IllegalArgumentException("keyName or key cannot be empty.");
        }
        if (str.length() > 256) {
            throw new IllegalArgumentException("length of keyName is " + str.length() + ", which exceeded the maximum of 256");
        }
        if (str2.length() > 256) {
            throw new IllegalArgumentException("length of keyName is " + str2.length() + ", which exceeded the maximum of 256");
        }
        this.keyName = str;
        this.encodedSharedAccessKey = str2.getBytes(charset == null ? StringUtil.UTF8 : charset);
    }

    @Override // com.microsoft.azure.relay.TokenProvider
    protected CompletableFuture<SecurityToken> onGetTokenAsync(String str, Duration duration) {
        try {
            return CompletableFuture.completedFuture(new SharedAccessSignatureToken(buildSignature(str, duration)));
        } catch (UnsupportedEncodingException | InvalidKeyException | NoSuchAlgorithmException e) {
            return CompletableFutureUtil.fromException(e);
        }
    }

    protected String buildSignature(String str, Duration duration) throws InvalidKeyException, UnsupportedEncodingException, NoSuchAlgorithmException {
        return StringUtil.isNullOrWhiteSpace(this.sharedAccessSignature) ? SharedAccessSignatureBuilder.buildSignature(this.keyName, this.encodedSharedAccessKey, str, duration) : this.sharedAccessSignature;
    }
}
