package com.microsoft.bot.connector.authentication;

import java.time.Duration;
import java.util.ArrayList;
import java.util.concurrent.CompletableFuture;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/microsoft/bot/connector/authentication/ChannelValidation.class */
public final class ChannelValidation {
    private static String openIdMetaDataUrl = AuthenticationConstants.TO_BOT_FROM_CHANNEL_OPENID_METADATA_URL;
    public static final TokenValidationParameters TOKENVALIDATIONPARAMETERS = new TokenValidationParameters() { // from class: com.microsoft.bot.connector.authentication.ChannelValidation.1
        {
            this.validateIssuer = true;
            this.validIssuers = new ArrayList<String>() { // from class: com.microsoft.bot.connector.authentication.ChannelValidation.1.1
                {
                    add("https://api.botframework.com");
                }
            };
            this.validateAudience = false;
            this.validateLifetime = true;
            this.clockSkew = Duration.ofMinutes(5L);
            this.requireSignedTokens = true;
        }
    };

    private ChannelValidation() {
    }

    public static String getOpenIdMetaDataUrl() {
        return openIdMetaDataUrl;
    }

    public static void setOpenIdMetaDataUrl(String str) {
        openIdMetaDataUrl = str;
    }

    public static CompletableFuture<ClaimsIdentity> authenticateToken(String str, CredentialProvider credentialProvider, String str2) {
        return authenticateToken(str, credentialProvider, str2, new AuthenticationConfiguration());
    }

    public static CompletableFuture<ClaimsIdentity> authenticateToken(String str, CredentialProvider credentialProvider, String str2, AuthenticationConfiguration authenticationConfiguration) {
        return new JwtTokenExtractor(TOKENVALIDATIONPARAMETERS, getOpenIdMetaDataUrl(), AuthenticationConstants.ALLOWED_SIGNING_ALGORITHMS).getIdentity(str, str2).thenCompose(claimsIdentity -> {
            if (claimsIdentity == null) {
                throw new AuthenticationException("Invalid Identity");
            }
            if (!claimsIdentity.isAuthenticated()) {
                throw new AuthenticationException("Token Not Authenticated");
            }
            if (!claimsIdentity.getIssuer().equalsIgnoreCase("https://api.botframework.com")) {
                throw new AuthenticationException("Wrong Issuer");
            }
            String str3 = claimsIdentity.claims().get(AuthenticationConstants.AUDIENCE_CLAIM);
            if (StringUtils.isEmpty(str3)) {
                throw new AuthenticationException("No Audience Claim");
            }
            return credentialProvider.isValidAppId(str3).thenApply(bool -> {
                if (bool.booleanValue()) {
                    return claimsIdentity;
                }
                throw new AuthenticationException(String.format("Invalid AppId passed on token: '%s'.", str3));
            });
        });
    }

    public static CompletableFuture<ClaimsIdentity> authenticateToken(String str, CredentialProvider credentialProvider, String str2, String str3) {
        return authenticateToken(str, credentialProvider, str2, str3, new AuthenticationConfiguration());
    }

    public static CompletableFuture<ClaimsIdentity> authenticateToken(String str, CredentialProvider credentialProvider, String str2, String str3, AuthenticationConfiguration authenticationConfiguration) {
        return authenticateToken(str, credentialProvider, str2, authenticationConfiguration).thenApply(claimsIdentity -> {
            if (!claimsIdentity.claims().containsKey(AuthenticationConstants.SERVICE_URL_CLAIM)) {
                throw new AuthenticationException(String.format("'%s' claim is required on Channel Token.", AuthenticationConstants.SERVICE_URL_CLAIM));
            }
            if (str3.equalsIgnoreCase(claimsIdentity.claims().get(AuthenticationConstants.SERVICE_URL_CLAIM))) {
                return claimsIdentity;
            }
            throw new AuthenticationException(String.format("'%s' claim does not match service url provided (%s).", AuthenticationConstants.SERVICE_URL_CLAIM, str3));
        });
    }
}
