package com.azure.messaging.webpubsub;

import com.azure.core.credential.AzureKeyCredential;
import com.azure.core.http.HttpPipelineCallContext;
import com.azure.core.http.HttpPipelineNextPolicy;
import com.azure.core.http.HttpResponse;
import com.azure.core.http.policy.HttpPipelinePolicy;
import com.azure.core.util.CoreUtils;
import com.azure.core.util.logging.ClientLogger;
import com.azure.messaging.webpubsub.models.GetClientAccessTokenOptions;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/azure/messaging/webpubsub/WebPubSubAuthenticationPolicy.class */
public final class WebPubSubAuthenticationPolicy implements HttpPipelinePolicy {
    private static final ClientLogger LOGGER = new ClientLogger(WebPubSubAuthenticationPolicy.class);
    private final AzureKeyCredential credential;

    public WebPubSubAuthenticationPolicy(AzureKeyCredential azureKeyCredential) {
        this.credential = azureKeyCredential;
    }

    AzureKeyCredential getCredential() {
        return this.credential;
    }

    public Mono<HttpResponse> process(HttpPipelineCallContext httpPipelineCallContext, HttpPipelineNextPolicy httpPipelineNextPolicy) {
        return Mono.fromRunnable(() -> {
            String authenticationToken = getAuthenticationToken(httpPipelineCallContext.getHttpRequest().getUrl().toString(), null, this.credential);
            if (authenticationToken != null) {
                httpPipelineCallContext.getHttpRequest().setHeader("Authorization", "Bearer " + authenticationToken);
            }
        }).then(httpPipelineNextPolicy.process());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Type inference failed for: r1v5, types: [java.time.ZonedDateTime] */
    public static String getAuthenticationToken(String str, GetClientAccessTokenOptions getClientAccessTokenOptions, AzureKeyCredential azureKeyCredential) {
        try {
            Duration ofHours = Duration.ofHours(1L);
            JWTClaimsSet.Builder audience = new JWTClaimsSet.Builder().audience(str);
            if (getClientAccessTokenOptions != null) {
                ofHours = getClientAccessTokenOptions.getExpiresAfter() == null ? ofHours : getClientAccessTokenOptions.getExpiresAfter();
                String userId = getClientAccessTokenOptions.getUserId();
                if (!CoreUtils.isNullOrEmpty(getClientAccessTokenOptions.getRoles())) {
                    audience.claim("role", getClientAccessTokenOptions.getRoles());
                }
                if (!CoreUtils.isNullOrEmpty(userId)) {
                    audience.subject(userId);
                }
            }
            audience.expirationTime(Date.from(LocalDateTime.now().plus((TemporalAmount) ofHours).atZone(ZoneId.systemDefault()).toInstant()));
            JWTClaimsSet build = audience.build();
            MACSigner mACSigner = new MACSigner(azureKeyCredential.getKey().getBytes(StandardCharsets.UTF_8));
            SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), build);
            signedJWT.sign(mACSigner);
            return signedJWT.serialize();
        } catch (JOSEException e) {
            LOGGER.logThrowableAsError(e);
            return null;
        }
    }
}
