package com.microsoft.bot.connector.authentication;

import java.time.Duration;
import java.util.ArrayList;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.Function;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/microsoft/bot/connector/authentication/EnterpriseChannelValidation.class */
public final class EnterpriseChannelValidation {
    private static final TokenValidationParameters TOKENVALIDATIONPARAMETERS = new TokenValidationParameters() { // from class: com.microsoft.bot.connector.authentication.EnterpriseChannelValidation.1
        {
            this.validateIssuer = true;
            this.validIssuers = new ArrayList<String>() { // from class: com.microsoft.bot.connector.authentication.EnterpriseChannelValidation.1.1
                {
                    add("https://api.botframework.com");
                }
            };
            this.validateAudience = false;
            this.validateLifetime = true;
            this.clockSkew = Duration.ofMinutes(5L);
            this.requireSignedTokens = true;
        }
    };

    private EnterpriseChannelValidation() {
    }

    public static CompletableFuture<ClaimsIdentity> authenticateToken(String str, CredentialProvider credentialProvider, ChannelProvider channelProvider, String str2, String str3) {
        return authenticateToken(str, credentialProvider, channelProvider, str2, str3, new AuthenticationConfiguration());
    }

    public static CompletableFuture<ClaimsIdentity> authenticateToken(String str, CredentialProvider credentialProvider, ChannelProvider channelProvider, String str2, String str3, AuthenticationConfiguration authenticationConfiguration) {
        if (authenticationConfiguration == null) {
            throw new IllegalArgumentException("Missing AuthenticationConfiguration");
        }
        return channelProvider.getChannelService().thenCompose(str4 -> {
            return new JwtTokenExtractor(TOKENVALIDATIONPARAMETERS, String.format(AuthenticationConstants.TO_BOT_FROM_ENTERPRISE_CHANNEL_OPENID_METADATA_URL_FORMAT, str4), AuthenticationConstants.ALLOWED_SIGNING_ALGORITHMS).getIdentity(str, str3, authenticationConfiguration.requiredEndorsements());
        }).thenCompose((Function<? super U, ? extends CompletionStage<U>>) claimsIdentity -> {
            if (claimsIdentity == null) {
                throw new AuthenticationException("Invalid Identity");
            }
            return validateIdentity(claimsIdentity, credentialProvider, str2);
        });
    }

    public static CompletableFuture<ClaimsIdentity> validateIdentity(ClaimsIdentity claimsIdentity, CredentialProvider credentialProvider, String str) {
        CompletableFuture<ClaimsIdentity> completableFuture = new CompletableFuture<>();
        if (claimsIdentity == null || !claimsIdentity.isAuthenticated()) {
            completableFuture.completeExceptionally(new AuthenticationException("Invalid Identity"));
            return completableFuture;
        }
        if (!StringUtils.equalsIgnoreCase(claimsIdentity.getIssuer(), "https://api.botframework.com")) {
            completableFuture.completeExceptionally(new AuthenticationException("Wrong Issuer"));
            return completableFuture;
        }
        String str2 = claimsIdentity.claims().get(AuthenticationConstants.AUDIENCE_CLAIM);
        if (!StringUtils.isEmpty(str2)) {
            return credentialProvider.isValidAppId(str2).thenApply(bool -> {
                if (!bool.booleanValue()) {
                    throw new AuthenticationException(String.format("Invalid AppId passed on token: '%s'.", str2));
                }
                String str3 = claimsIdentity.claims().get(AuthenticationConstants.SERVICE_URL_CLAIM);
                if (StringUtils.isEmpty(str)) {
                    throw new AuthenticationException(String.format("Invalid serviceurl passed on token: '%s'.", str3));
                }
                if (StringUtils.equals(str, str3)) {
                    return claimsIdentity;
                }
                throw new AuthenticationException(String.format("serviceurl doesn't match claim: '%s'.", str3));
            });
        }
        completableFuture.completeExceptionally(new AuthenticationException("No Audience Claim"));
        return completableFuture;
    }
}
