package com.microsoft.bot.connector.authentication;

import com.auth0.jwt.JWT;
import com.microsoft.bot.connector.Async;
import java.time.Duration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/microsoft/bot/connector/authentication/SkillValidation.class */
public final class SkillValidation {
    private static final TokenValidationParameters TOKENVALIDATIONPARAMETERS = new TokenValidationParameters(true, (List) Stream.of((Object[]) new String[]{"https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/", "https://login.microsoftonline.com/d6d49420-f39b-4df7-a1dc-d59a935871db/v2.0", "https://sts.windows.net/f8cdef31-a31e-4b4a-93e4-5f571e91255a/", "https://login.microsoftonline.com/f8cdef31-a31e-4b4a-93e4-5f571e91255a/v2.0", "https://sts.windows.net/cab8a31a-1906-4287-a0d8-4eef66b95f6e/", "https://login.microsoftonline.us/cab8a31a-1906-4287-a0d8-4eef66b95f6e/v2.0", "https://login.microsoftonline.us/f8cdef31-a31e-4b4a-93e4-5f571e91255a/", "https://login.microsoftonline.us/f8cdef31-a31e-4b4a-93e4-5f571e91255a/v2.0"}).collect(Collectors.toList()), false, true, Duration.ofMinutes(5), true);

    private SkillValidation() {
    }

    public static boolean isSkillToken(String str) {
        if (JwtTokenValidation.isValidTokenFormat(str)) {
            return isSkillClaim(new ClaimsIdentity(JWT.decode(str.split(" ")[1])).claims()).booleanValue();
        }
        return false;
    }

    public static Boolean isSkillClaim(Map<String, String> map) {
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (entry.getValue() != null && entry.getValue().equals(AuthenticationConstants.ANONYMOUS_SKILL_APPID) && entry.getKey().equals(AuthenticationConstants.APPID_CLAIM)) {
                return true;
            }
        }
        if (!map.entrySet().stream().filter(entry2 -> {
            return ((String) entry2.getKey()).equals(AuthenticationConstants.VERSION_CLAIM);
        }).findFirst().isPresent()) {
            return false;
        }
        Optional<Map.Entry<String, String>> findFirst = map.entrySet().stream().filter(entry3 -> {
            return ((String) entry3.getKey()).equals(AuthenticationConstants.AUDIENCE_CLAIM);
        }).findFirst();
        if (!findFirst.isPresent() || "https://api.botframework.com".equals(findFirst.get().getValue())) {
            return false;
        }
        String appIdFromClaims = JwtTokenValidation.getAppIdFromClaims(map);
        if (StringUtils.isBlank(appIdFromClaims)) {
            return false;
        }
        return Boolean.valueOf(!StringUtils.equals(appIdFromClaims, findFirst.get().getValue()));
    }

    public static CompletableFuture<ClaimsIdentity> authenticateChannelToken(String str, CredentialProvider credentialProvider, ChannelProvider channelProvider, String str2, AuthenticationConfiguration authenticationConfiguration) {
        if (authenticationConfiguration == null) {
            return Async.completeExceptionally(new IllegalArgumentException("authConfig cannot be null."));
        }
        return new JwtTokenExtractor(TOKENVALIDATIONPARAMETERS, (channelProvider == null || !channelProvider.isGovernment()) ? AuthenticationConstants.TO_BOT_FROM_EMULATOR_OPENID_METADATA_URL : GovernmentAuthenticationConstants.TO_BOT_FROM_EMULATOR_OPENID_METADATA_URL, AuthenticationConstants.ALLOWED_SIGNING_ALGORITHMS).getIdentity(str, str2, authenticationConfiguration.requiredEndorsements()).thenCompose(claimsIdentity -> {
            return validateIdentity(claimsIdentity, credentialProvider).thenCompose(r3 -> {
                return CompletableFuture.completedFuture(claimsIdentity);
            });
        });
    }

    public static CompletableFuture<Void> validateIdentity(ClaimsIdentity claimsIdentity, CredentialProvider credentialProvider) {
        if (claimsIdentity == null) {
            return Async.completeExceptionally(new AuthenticationException("Invalid Identity"));
        }
        if (!claimsIdentity.isAuthenticated()) {
            return Async.completeExceptionally(new AuthenticationException("Token Not Authenticated"));
        }
        if (!claimsIdentity.claims().entrySet().stream().filter(entry -> {
            return StringUtils.equals(AuthenticationConstants.VERSION_CLAIM, (CharSequence) entry.getKey());
        }).findFirst().isPresent()) {
            return Async.completeExceptionally(new AuthenticationException("ver claim is required on skill Tokens."));
        }
        Optional<Map.Entry<String, String>> findFirst = claimsIdentity.claims().entrySet().stream().filter(entry2 -> {
            return StringUtils.equals(AuthenticationConstants.AUDIENCE_CLAIM, (CharSequence) entry2.getKey());
        }).findFirst();
        return (!findFirst.isPresent() || StringUtils.isEmpty(findFirst.get().getValue())) ? Async.completeExceptionally(new AuthenticationException("aud claim is required on skill Tokens.")) : StringUtils.isEmpty(JwtTokenValidation.getAppIdFromClaims(claimsIdentity.claims())) ? Async.completeExceptionally(new AuthenticationException("Invalid appId.")) : credentialProvider.isValidAppId(findFirst.get().getValue()).thenApply(bool -> {
            if (bool.booleanValue()) {
                return null;
            }
            throw new AuthenticationException("Invalid audience.");
        });
    }

    public static ClaimsIdentity createAnonymousSkillClaim() {
        HashMap hashMap = new HashMap();
        hashMap.put(AuthenticationConstants.APPID_CLAIM, AuthenticationConstants.ANONYMOUS_SKILL_APPID);
        return new ClaimsIdentity(AuthenticationConstants.ANONYMOUS_AUTH_TYPE, AuthenticationConstants.ANONYMOUS_AUTH_TYPE, hashMap);
    }
}
