package com.microsoft.azure.sdk.iot.service.digitaltwin.authentication;

import com.microsoft.azure.sdk.iot.service.digitaltwin.helpers.Base64;
import java.io.IOException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/microsoft/azure/sdk/iot/service/digitaltwin/authentication/SasTokenProviderWithSharedAccessKey.class */
public class SasTokenProviderWithSharedAccessKey implements SasTokenProvider {
    private static final Logger log = LoggerFactory.getLogger(SasTokenProviderWithSharedAccessKey.class);
    private static final String TOKEN_FORMAT = "SharedAccessSignature sr=%s&sig=%s&se=%s&skn=%s";
    private static final int DEFAULT_TOKEN_TIME_TO_LIVE_IN_SECS = 3600;
    private final Lock lock;
    private final String hostName;
    private final String sharedAccessKeyName;
    private final String sharedAccessKey;
    private final int timeToLiveInSecs;
    private String cachedSasToken;
    private long tokenExpiryTimeInMilliSecs;

    /* loaded from: input_file:com/microsoft/azure/sdk/iot/service/digitaltwin/authentication/SasTokenProviderWithSharedAccessKey$SasTokenProviderWithSharedAccessKeyBuilder.class */
    public static class SasTokenProviderWithSharedAccessKeyBuilder {
        private String hostName;
        private String sharedAccessKeyName;
        private String sharedAccessKey;
        private Integer timeToLiveInSecs;

        SasTokenProviderWithSharedAccessKeyBuilder() {
        }

        public SasTokenProviderWithSharedAccessKeyBuilder hostName(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("hostName is marked non-null but is null");
            }
            this.hostName = str;
            return this;
        }

        public SasTokenProviderWithSharedAccessKeyBuilder sharedAccessKeyName(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("sharedAccessKeyName is marked non-null but is null");
            }
            this.sharedAccessKeyName = str;
            return this;
        }

        public SasTokenProviderWithSharedAccessKeyBuilder sharedAccessKey(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("sharedAccessKey is marked non-null but is null");
            }
            this.sharedAccessKey = str;
            return this;
        }

        public SasTokenProviderWithSharedAccessKeyBuilder timeToLiveInSecs(Integer num) {
            this.timeToLiveInSecs = num;
            return this;
        }

        public SasTokenProviderWithSharedAccessKey build() {
            return new SasTokenProviderWithSharedAccessKey(this.hostName, this.sharedAccessKeyName, this.sharedAccessKey, this.timeToLiveInSecs);
        }

        public String toString() {
            return "SasTokenProviderWithSharedAccessKey.SasTokenProviderWithSharedAccessKeyBuilder(hostName=" + this.hostName + ", sharedAccessKeyName=" + this.sharedAccessKeyName + ", sharedAccessKey=" + this.sharedAccessKey + ", timeToLiveInSecs=" + this.timeToLiveInSecs + ")";
        }
    }

    private SasTokenProviderWithSharedAccessKey(@NonNull String str, @NonNull String str2, @NonNull String str3, Integer num) {
        if (str == null) {
            throw new NullPointerException("hostName is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("sharedAccessKeyName is marked non-null but is null");
        }
        if (str3 == null) {
            throw new NullPointerException("sharedAccessKey is marked non-null but is null");
        }
        num = num == null ? Integer.valueOf(DEFAULT_TOKEN_TIME_TO_LIVE_IN_SECS) : num;
        this.hostName = str;
        this.sharedAccessKeyName = str2;
        this.sharedAccessKey = str3;
        this.timeToLiveInSecs = num.intValue();
        this.lock = new ReentrantLock();
    }

    @Override // com.microsoft.azure.sdk.iot.service.digitaltwin.authentication.SasTokenProvider
    public String getSasToken() throws IOException {
        try {
            this.lock.lock();
            if (isTokenExpired()) {
                this.cachedSasToken = buildToken();
            }
            return this.cachedSasToken;
        } finally {
            this.lock.unlock();
        }
    }

    private String buildToken() throws IOException {
        log.debug("Generating new SAS token");
        long tokenExpiryTimeInMilliSecs = getTokenExpiryTimeInMilliSecs() / 1000;
        try {
            String encode = URLEncoder.encode(this.hostName.toLowerCase(), StandardCharsets.UTF_8.toString());
            String str = encode + "\n" + tokenExpiryTimeInMilliSecs;
            SecretKeySpec secretKeySpec = new SecretKeySpec(Base64.decodeBase64Local(this.sharedAccessKey.getBytes(StandardCharsets.UTF_8)), "HmacSHA256");
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            String format = String.format(TOKEN_FORMAT, encode, URLEncoder.encode(Base64.encodeBase64StringLocal(mac.doFinal(str.getBytes(StandardCharsets.UTF_8))), StandardCharsets.UTF_8.toString()), Long.valueOf(tokenExpiryTimeInMilliSecs), this.sharedAccessKeyName);
            this.tokenExpiryTimeInMilliSecs = tokenExpiryTimeInMilliSecs * 1000;
            log.debug("Generated new SAS token");
            return format;
        } catch (Exception e) {
            throw new IOException("Generation of new SAS token failed", e);
        }
    }

    private long getTokenExpiryTimeInMilliSecs() {
        return System.currentTimeMillis() + (this.timeToLiveInSecs * 1000);
    }

    private boolean isTokenExpired() {
        return this.cachedSasToken == null || this.tokenExpiryTimeInMilliSecs <= System.currentTimeMillis();
    }

    public static SasTokenProviderWithSharedAccessKeyBuilder builder() {
        return new SasTokenProviderWithSharedAccessKeyBuilder();
    }
}
