package com.azure.data.appconfiguration.implementation;

import com.azure.core.util.BinaryData;
import com.azure.core.util.CoreUtils;
import com.azure.core.util.logging.ClientLogger;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import reactor.core.Exceptions;

/* loaded from: input_file:com/azure/data/appconfiguration/implementation/ConfigurationClientCredentials.class */
public class ConfigurationClientCredentials {
    private final ClientLogger logger = new ClientLogger(ConfigurationClientCredentials.class);
    private static final ByteBuffer EMPTY_BYTE_BUFFER = ByteBuffer.allocate(0);
    private static final String HOST_HEADER = "Host";
    private static final String DATE_HEADER = "Date";
    private static final String CONTENT_HASH_HEADER = "x-ms-content-sha256";
    private static final String[] SIGNED_HEADERS = {HOST_HEADER, DATE_HEADER, CONTENT_HASH_HEADER};
    private static final String AUTHORIZATION_HEADER = "Authorization";
    private final CredentialInformation credentials;
    private final AuthorizationHeaderProvider headerProvider;

    /* loaded from: input_file:com/azure/data/appconfiguration/implementation/ConfigurationClientCredentials$AuthorizationHeaderProvider.class */
    private static class AuthorizationHeaderProvider {
        private static final String HMAC_SHA256 = "HMAC-SHA256 Credential=%s&SignedHeaders=%s&Signature=%s";
        private final CredentialInformation credentials;
        private final String signedHeadersValue = String.join(";", ConfigurationClientCredentials.SIGNED_HEADERS);
        private final Mac sha256HMAC = Mac.getInstance("HmacSHA256");

        AuthorizationHeaderProvider(CredentialInformation credentialInformation) throws NoSuchAlgorithmException, InvalidKeyException {
            this.credentials = credentialInformation;
            this.sha256HMAC.init(new SecretKeySpec(credentialInformation.secret(), "HmacSHA256"));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Map<String, String> getAuthenticationHeaders(URL url, String str, MessageDigest messageDigest) {
            HashMap hashMap = new HashMap();
            String encodeToString = Base64.getEncoder().encodeToString(messageDigest.digest());
            hashMap.put(ConfigurationClientCredentials.HOST_HEADER, url.getHost());
            hashMap.put(ConfigurationClientCredentials.CONTENT_HASH_HEADER, encodeToString);
            if (hashMap.get(ConfigurationClientCredentials.DATE_HEADER) == null) {
                hashMap.put(ConfigurationClientCredentials.DATE_HEADER, OffsetDateTime.now(ZoneOffset.UTC).format(DateTimeFormatter.RFC_1123_DATE_TIME));
            }
            addSignatureHeader(url, str, hashMap);
            return hashMap;
        }

        private void addSignatureHeader(URL url, String str, Map<String, String> map) {
            String path = url.getPath();
            if (url.getQuery() != null) {
                path = path + '?' + url.getQuery();
            }
            Stream stream = Arrays.stream(ConfigurationClientCredentials.SIGNED_HEADERS);
            Objects.requireNonNull(map);
            map.put(ConfigurationClientCredentials.AUTHORIZATION_HEADER, String.format(HMAC_SHA256, this.credentials.id(), this.signedHeadersValue, Base64.getEncoder().encodeToString(this.sha256HMAC.doFinal((str.toUpperCase(Locale.US) + "\n" + path + "\n" + ((String) stream.map((v1) -> {
                return r1.get(v1);
            }).collect(Collectors.joining(";")))).getBytes(StandardCharsets.UTF_8)))));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/azure/data/appconfiguration/implementation/ConfigurationClientCredentials$CredentialInformation.class */
    public static class CredentialInformation {
        private static final String ENDPOINT = "endpoint=";
        private static final String ID = "id=";
        private static final String SECRET = "secret=";
        private final URL baseUri;
        private final String id;
        private final byte[] secret;

        URL baseUri() {
            return this.baseUri;
        }

        String id() {
            return this.id;
        }

        byte[] secret() {
            return this.secret;
        }

        CredentialInformation(String str) {
            if (CoreUtils.isNullOrEmpty(str)) {
                throw new IllegalArgumentException("'connectionString' cannot be null or empty.");
            }
            String[] split = str.split(";");
            if (split.length < 3) {
                throw new IllegalArgumentException("invalid connection string segment count");
            }
            URL url = null;
            String str2 = null;
            byte[] bArr = null;
            for (String str3 : split) {
                String trim = str3.trim();
                String lowerCase = trim.toLowerCase(Locale.US);
                if (lowerCase.startsWith(ENDPOINT)) {
                    try {
                        url = new URL(trim.substring(ENDPOINT.length()));
                    } catch (MalformedURLException e) {
                        throw new IllegalArgumentException(e);
                    }
                } else if (lowerCase.startsWith(ID)) {
                    str2 = trim.substring(ID.length());
                } else if (lowerCase.startsWith("secret=")) {
                    bArr = Base64.getDecoder().decode(trim.substring("secret=".length()));
                }
            }
            this.baseUri = url;
            this.id = str2;
            this.secret = bArr;
            if (this.baseUri == null || CoreUtils.isNullOrEmpty(this.id) || this.secret == null) {
                throw new IllegalArgumentException("Could not parse 'connectionString'. Expected format: 'endpoint={endpoint};id={id};secret={secret}'. Actual:" + str);
            }
        }
    }

    public ConfigurationClientCredentials(String str) throws InvalidKeyException, NoSuchAlgorithmException {
        this.credentials = new CredentialInformation(str);
        this.headerProvider = new AuthorizationHeaderProvider(this.credentials);
    }

    public String getBaseUri() {
        return this.credentials.baseUri().toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, String> getAuthorizationHeaders(URL url, String str, BinaryData binaryData) {
        ByteBuffer byteBuffer = binaryData == null ? EMPTY_BYTE_BUFFER : binaryData.toByteBuffer();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(byteBuffer);
            return this.headerProvider.getAuthenticationHeaders(url, str, messageDigest);
        } catch (NoSuchAlgorithmException e) {
            throw this.logger.logExceptionAsError(Exceptions.propagate(e));
        }
    }
}
