package com.microsoft.bot.connector.customizations;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.Verification;
import com.microsoft.aad.adal4j.AuthenticationException;
import java.util.HashMap;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.function.Function;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/microsoft/bot/connector/customizations/JwtTokenExtractor.class */
public class JwtTokenExtractor {
    private static final Logger LOGGER = Logger.getLogger(OpenIdMetadata.class.getName());
    private static final ConcurrentMap<String, OpenIdMetadata> openIdMetadataCache = new ConcurrentHashMap();
    private TokenValidationParameters tokenValidationParameters;
    private List<String> allowedSigningAlgorithms;
    private Function<List<String>, Boolean> validator;
    private OpenIdMetadata openIdMetadata;

    public JwtTokenExtractor(TokenValidationParameters tokenValidationParameters, String str, List<String> list, Function<List<String>, Boolean> function) {
        this.tokenValidationParameters = new TokenValidationParameters(tokenValidationParameters);
        this.tokenValidationParameters.requireSignedTokens = true;
        this.allowedSigningAlgorithms = list;
        if (function != null) {
            this.validator = function;
        } else {
            this.validator = list2 -> {
                return true;
            };
        }
        this.openIdMetadata = openIdMetadataCache.computeIfAbsent(str, str2 -> {
            return new OpenIdMetadata(str);
        });
    }

    public CompletableFuture<ClaimsIdentity> getIdentityAsync(String str) {
        if (str == null) {
            return CompletableFuture.completedFuture(null);
        }
        String[] split = str.split(" ");
        return split.length != 2 ? CompletableFuture.completedFuture(null) : getIdentityAsync(split[0], split[1]);
    }

    public CompletableFuture<ClaimsIdentity> getIdentityAsync(String str, String str2) {
        return (!str.equalsIgnoreCase("bearer") || str2 == null) ? CompletableFuture.completedFuture(null) : !hasAllowedIssuer(str2) ? CompletableFuture.completedFuture(null) : validateTokenAsync(str2);
    }

    private boolean hasAllowedIssuer(String str) {
        return this.tokenValidationParameters.validIssuers != null && this.tokenValidationParameters.validIssuers.contains(JWT.decode(str).getIssuer());
    }

    private CompletableFuture<ClaimsIdentity> validateTokenAsync(String str) {
        DecodedJWT decode = JWT.decode(str);
        OpenIdMetadataKey key = this.openIdMetadata.getKey(decode.getKeyId());
        if (key == null) {
            return CompletableFuture.completedFuture(null);
        }
        Verification require = JWT.require(Algorithm.RSA256(key.key, null));
        if (!this.tokenValidationParameters.validateLifetime) {
            require = require.acceptExpiresAt(System.currentTimeMillis() + 500).acceptNotBefore(0L);
        }
        try {
            require.build().verify(str);
            if (!this.validator.apply(key.endorsements).booleanValue()) {
                throw new AuthenticationException(String.format("Could not validate endorsement for key: %s with endorsements: %s", decode.getKeyId(), StringUtils.join(key.endorsements)));
            }
            if (!this.allowedSigningAlgorithms.contains(decode.getAlgorithm())) {
                throw new AuthenticationException(String.format("Could not validate algorithm for key: %s with algorithms: %s", decode.getAlgorithm(), StringUtils.join(this.allowedSigningAlgorithms)));
            }
            HashMap hashMap = new HashMap();
            if (decode.getClaims() != null) {
                decode.getClaims().forEach((str2, claim) -> {
                });
            }
            return CompletableFuture.completedFuture(new ClaimsIdentityImpl(decode.getIssuer(), hashMap));
        } catch (JWTVerificationException e) {
            LOGGER.log(Level.WARNING, e.getMessage());
            return CompletableFuture.completedFuture(null);
        }
    }
}
