package com.microsoft.bot.connector.customizations;

import com.microsoft.aad.adal4j.AuthenticationException;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;

/* loaded from: input_file:com/microsoft/bot/connector/customizations/ChannelValidation.class */
public class ChannelValidation {
    public static final TokenValidationParameters ToBotFromChannelTokenValidationParameters = TokenValidationParameters.toBotFromChannelTokenValidationParameters();

    public static CompletableFuture<ClaimsIdentity> authenticateToken(String str, CredentialProvider credentialProvider) throws ExecutionException, InterruptedException, AuthenticationException {
        ClaimsIdentity claimsIdentity = new JwtTokenExtractor(ToBotFromChannelTokenValidationParameters, AuthenticationConstants.ToBotFromChannelOpenIdMetadataUrl, AuthenticationConstants.AllowedSigningAlgorithms, null).getIdentityAsync(str).get();
        if (claimsIdentity == null) {
            throw new AuthenticationException("Invalid Identity");
        }
        if (!claimsIdentity.isAuthenticated()) {
            throw new AuthenticationException("Token Not Authenticated");
        }
        if (!claimsIdentity.getIssuer().equalsIgnoreCase("https://api.botframework.com")) {
            throw new AuthenticationException("Token Not Authenticated");
        }
        String str2 = claimsIdentity.claims().get("aud");
        if (str2 == null || str2.isEmpty()) {
            throw new AuthenticationException("Token Not Authenticated");
        }
        if (credentialProvider.isValidAppIdAsync(str2).get().booleanValue()) {
            return CompletableFuture.completedFuture(claimsIdentity);
        }
        throw new AuthenticationException(String.format("Invalid AppId passed on token: '%s'.", str2));
    }

    public static CompletableFuture<ClaimsIdentity> authenticateToken(String str, CredentialProvider credentialProvider, String str2) throws ExecutionException, InterruptedException, AuthenticationException {
        ClaimsIdentity claimsIdentity = authenticateToken(str, credentialProvider).get();
        if (!claimsIdentity.claims().containsKey(AuthenticationConstants.ServiceUrlClaim)) {
            throw new AuthenticationException(String.format("'%s' claim is required on Channel Token.", AuthenticationConstants.ServiceUrlClaim));
        }
        if (str2.equalsIgnoreCase(claimsIdentity.claims().get(AuthenticationConstants.ServiceUrlClaim))) {
            return CompletableFuture.completedFuture(claimsIdentity);
        }
        throw new AuthenticationException(String.format("'%s' claim does not match service url provided (%s).", AuthenticationConstants.ServiceUrlClaim, str2));
    }
}
