package com.microsoft.bot.connector.authentication;

import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.time.Duration;
import java.util.ArrayList;
import java.util.concurrent.CompletableFuture;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/microsoft/bot/connector/authentication/EmulatorValidation.class */
public final class EmulatorValidation {
    private static final TokenValidationParameters TOKENVALIDATIONPARAMETERS = new TokenValidationParameters() { // from class: com.microsoft.bot.connector.authentication.EmulatorValidation.1
        {
            this.validateIssuer = true;
            this.validIssuers = new ArrayList<String>() { // from class: com.microsoft.bot.connector.authentication.EmulatorValidation.1.1
                {
                    add("https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/");
                    add("https://login.microsoftonline.com/d6d49420-f39b-4df7-a1dc-d59a935871db/v2.0");
                    add("https://sts.windows.net/f8cdef31-a31e-4b4a-93e4-5f571e91255a/");
                    add("https://login.microsoftonline.com/f8cdef31-a31e-4b4a-93e4-5f571e91255a/v2.0");
                    add("https://sts.windows.net/cab8a31a-1906-4287-a0d8-4eef66b95f6e/");
                    add("https://login.microsoftonline.us/cab8a31a-1906-4287-a0d8-4eef66b95f6e/v2.0");
                }
            };
            this.validateAudience = false;
            this.validateLifetime = true;
            this.clockSkew = Duration.ofMinutes(5L);
            this.requireSignedTokens = true;
        }
    };

    private EmulatorValidation() {
    }

    public static Boolean isTokenFromEmulator(String str) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        String[] split = str.split(" ");
        if (split.length != 2) {
            return false;
        }
        String str2 = split[0];
        String str3 = split[1];
        if (!str2.equalsIgnoreCase("bearer")) {
            return false;
        }
        try {
            DecodedJWT decode = JWT.decode(str3);
            if (StringUtils.isEmpty(decode.getIssuer())) {
                return false;
            }
            return Boolean.valueOf(TOKENVALIDATIONPARAMETERS.validIssuers.contains(decode.getIssuer()));
        } catch (Throwable th) {
            return false;
        }
    }

    public static CompletableFuture<ClaimsIdentity> authenticateToken(String str, CredentialProvider credentialProvider, ChannelProvider channelProvider, String str2) {
        return authenticateToken(str, credentialProvider, channelProvider, str2, new AuthenticationConfiguration());
    }

    public static CompletableFuture<ClaimsIdentity> authenticateToken(String str, CredentialProvider credentialProvider, ChannelProvider channelProvider, String str2, AuthenticationConfiguration authenticationConfiguration) {
        return new JwtTokenExtractor(TOKENVALIDATIONPARAMETERS, (channelProvider == null || !channelProvider.isGovernment()) ? AuthenticationConstants.TO_BOT_FROM_EMULATOR_OPENID_METADATA_URL : GovernmentAuthenticationConstants.TO_BOT_FROM_EMULATOR_OPENID_METADATA_URL, AuthenticationConstants.ALLOWED_SIGNING_ALGORITHMS).getIdentity(str, str2, authenticationConfiguration.requiredEndorsements()).thenCompose(claimsIdentity -> {
            String str3;
            if (claimsIdentity == null) {
                throw new AuthenticationException("Invalid Identity");
            }
            if (!claimsIdentity.isAuthenticated()) {
                throw new AuthenticationException("Token Not Authenticated");
            }
            if (!claimsIdentity.claims().containsKey(AuthenticationConstants.VERSION_CLAIM)) {
                throw new AuthenticationException(String.format("'%s' claim is required on Emulator Tokens.", AuthenticationConstants.VERSION_CLAIM));
            }
            String str4 = claimsIdentity.claims().get(AuthenticationConstants.VERSION_CLAIM);
            if (StringUtils.isEmpty(str4) || str4.equalsIgnoreCase("1.0")) {
                if (!claimsIdentity.claims().containsKey(AuthenticationConstants.APPID_CLAIM)) {
                    throw new AuthenticationException(String.format("'%s' claim is required on Emulator Token version '1.0'.", AuthenticationConstants.APPID_CLAIM));
                }
                str3 = claimsIdentity.claims().get(AuthenticationConstants.APPID_CLAIM);
            } else {
                if (!str4.equalsIgnoreCase("2.0")) {
                    throw new AuthenticationException(String.format("Unknown Emulator Token version '%s'.", str4));
                }
                if (!claimsIdentity.claims().containsKey(AuthenticationConstants.AUTHORIZED_PARTY)) {
                    throw new AuthenticationException(String.format("'%s' claim is required on Emulator Token version '2.0'.", AuthenticationConstants.AUTHORIZED_PARTY));
                }
                str3 = claimsIdentity.claims().get(AuthenticationConstants.AUTHORIZED_PARTY);
            }
            String str5 = str3;
            return credentialProvider.isValidAppId(str3).thenApply(bool -> {
                if (bool.booleanValue()) {
                    return claimsIdentity;
                }
                throw new AuthenticationException(String.format("Invalid AppId passed on token: '%s'.", str5));
            });
        });
    }
}
