package biz.lobachev.annette.gateway.core.authentication.keycloak;

import akka.actor.ActorSystem;
import akka.actor.typed.ActorRef;
import akka.actor.typed.scaladsl.AskPattern$;
import akka.actor.typed.scaladsl.AskPattern$Askable$;
import akka.actor.typed.scaladsl.adapter.package$ClassicActorSystemOps$;
import akka.util.Timeout;
import biz.lobachev.annette.gateway.core.authentication.AuthenticationFailedException;
import biz.lobachev.annette.gateway.core.authentication.BearerAuthenticator;
import biz.lobachev.annette.gateway.core.authentication.Subject;
import biz.lobachev.annette.gateway.core.authentication.TokenExpiredException;
import biz.lobachev.annette.gateway.core.authentication.keycloak.PublicKeyRequestor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pdi.jwt.JwtAlgorithm$RS256$;
import pdi.jwt.JwtJson$;
import pdi.jwt.exceptions.JwtExpirationException;
import play.api.libs.json.JsObject;
import play.api.libs.json.JsValue;
import play.api.libs.ws.WSClient;
import play.api.mvc.Headers;
import scala.MatchError;
import scala.Option;
import scala.UninitializedFieldError;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.concurrent.duration.package;
import scala.concurrent.duration.package$;
import scala.reflect.ScalaSignature;
import scala.util.Failure;
import scala.util.Success;

/* compiled from: KeycloakAuthenticator.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005=d\u0001\u0002\t\u0012\u0001\u0001B\u0001b\f\u0001\u0003\u0002\u0003\u0006I\u0001\r\u0005\tm\u0001\u0011\t\u0011)A\u0005o!A!\t\u0001B\u0001B\u0003%1\t\u0003\u0005L\u0001\t\u0015\r\u0011b\u0001M\u0011!\u0019\u0006A!A!\u0002\u0013i\u0005\"\u0002+\u0001\t\u0003)\u0006b\u0002/\u0001\u0005\u0004%\t!\u0018\u0005\u0007M\u0002\u0001\u000b\u0011\u00020\t\u000f\u001d\u0004!\u0019!C\u0001Q\"1q\u000f\u0001Q\u0001\n%DQ\u0001\u001f\u0001\u0005BeDa\u0001\u001f\u0001\u0005\n\u0005\r\u0003bBA)\u0001\u0011%\u00111\u000b\u0005\b\u0003/\u0002A\u0011BA-\u0011\u0019\ti\u0007\u0001C\u0005Q\n)2*Z=dY>\f7.Q;uQ\u0016tG/[2bi>\u0014(B\u0001\n\u0014\u0003!YW-_2m_\u0006\\'B\u0001\u000b\u0016\u00039\tW\u000f\u001e5f]RL7-\u0019;j_:T!AF\f\u0002\t\r|'/\u001a\u0006\u00031e\tqaZ1uK^\f\u0017P\u0003\u0002\u001b7\u00059\u0011M\u001c8fiR,'B\u0001\u000f\u001e\u0003!awNY1dQ\u00164(\"\u0001\u0010\u0002\u0007\tL'p\u0001\u0001\u0014\t\u0001\tse\u000b\t\u0003E\u0015j\u0011a\t\u0006\u0002I\u0005)1oY1mC&\u0011ae\t\u0002\u0007\u0003:L(+\u001a4\u0011\u0005!JS\"A\n\n\u0005)\u001a\"a\u0005\"fCJ,'/Q;uQ\u0016tG/[2bi>\u0014\bC\u0001\u0017.\u001b\u0005\t\u0012B\u0001\u0018\u0012\u0005YYU-_2m_\u0006\\7+\u001e2kK\u000e$()^5mI\u0016\u0014\u0018aD6fs\u000edw.Y6D_:4w\n\u001d;\u0011\u0007\t\n4'\u0003\u00023G\t1q\n\u001d;j_:\u0004\"\u0001\f\u001b\n\u0005U\n\"AD&fs\u000edw.Y6D_:4\u0017nZ\u0001\u0003oN\u0004\"\u0001\u000f!\u000e\u0003eR!A\u000e\u001e\u000b\u0005mb\u0014\u0001\u00027jENT!!\u0010 \u0002\u0007\u0005\u0004\u0018NC\u0001@\u0003\u0011\u0001H.Y=\n\u0005\u0005K$\u0001C,T\u00072LWM\u001c;\u0002\rML8\u000f^3n!\t!\u0015*D\u0001F\u0015\t1u)A\u0003bGR|'OC\u0001I\u0003\u0011\t7n[1\n\u0005)+%aC!di>\u00148+_:uK6\f!!Z2\u0016\u00035\u0003\"AT)\u000e\u0003=S!\u0001U\u0012\u0002\u0015\r|gnY;se\u0016tG/\u0003\u0002S\u001f\n\u0001R\t_3dkRLwN\\\"p]R,\u0007\u0010^\u0001\u0004K\u000e\u0004\u0013A\u0002\u001fj]&$h\b\u0006\u0003W3j[FCA,Y!\ta\u0003\u0001C\u0003L\r\u0001\u000fQ\nC\u00030\r\u0001\u0007\u0001\u0007C\u00037\r\u0001\u0007q\u0007C\u0003C\r\u0001\u00071)A\u0002m_\u001e,\u0012A\u0018\t\u0003?\u0012l\u0011\u0001\u0019\u0006\u0003C\n\fQa\u001d7gi)T\u0011aY\u0001\u0004_J<\u0017BA3a\u0005\u0019aunZ4fe\u0006!An\\4!\u0003eYW-_2m_\u0006\\'+Z9vKN$xN]!di>\u0014x\n\u001d;\u0016\u0003%\u00042AI\u0019k!\rYg\u000e]\u0007\u0002Y*\u0011Q.R\u0001\u0006if\u0004X\rZ\u0005\u0003_2\u0014\u0001\"Q2u_J\u0014VM\u001a\t\u0003cRt!\u0001\f:\n\u0005M\f\u0012A\u0005)vE2L7mS3z%\u0016\fX/Z:u_JL!!\u001e<\u0003\u000f\r{W.\\1oI*\u00111/E\u0001\u001bW\u0016L8\r\\8bWJ+\u0017/^3ti>\u0014\u0018i\u0019;pe>\u0003H\u000fI\u0001\rCV$\b.\u001a8uS\u000e\fG/Z\u000b\u0004u\u0006EB#B>\u0002\b\u0005]Ac\u0001?\u0002\u0006A\u0019a*`@\n\u0005y|%A\u0002$viV\u0014X\rE\u0002)\u0003\u0003I1!a\u0001\u0014\u0005\u001d\u0019VO\u00196fGRDQaS\u0006A\u00045Cq!!\u0003\f\u0001\u0004\tY!A\u0004iK\u0006$WM]:\u0011\t\u00055\u00111C\u0007\u0003\u0003\u001fQ1!!\u0005=\u0003\rigoY\u0005\u0005\u0003+\tyAA\u0004IK\u0006$WM]:\t\u000f\u0005e1\u00021\u0001\u0002\u001c\u0005)Ao\\6f]B!\u0011QDA\u0016\u001d\u0011\ty\"a\n\u0011\u0007\u0005\u00052%\u0004\u0002\u0002$)\u0019\u0011QE\u0010\u0002\rq\u0012xn\u001c;?\u0013\r\tIcI\u0001\u0007!J,G-\u001a4\n\t\u00055\u0012q\u0006\u0002\u0007'R\u0014\u0018N\\4\u000b\u0007\u0005%2\u0005B\u0004\u00024-\u0011\r!!\u000e\u0003\u0003\u0005\u000bB!a\u000e\u0002>A\u0019!%!\u000f\n\u0007\u0005m2EA\u0004O_RD\u0017N\\4\u0011\u0007\t\ny$C\u0002\u0002B\r\u00121!\u00118z)!\t)%!\u0013\u0002L\u00055Cc\u0001?\u0002H!)1\n\u0004a\u0002\u001b\"9\u0011\u0011\u0004\u0007A\u0002\u0005m\u0001bBA\u0005\u0019\u0001\u0007\u00111\u0002\u0005\u0007\u0003\u001fb\u0001\u0019A\u001a\u0002\u0019-,\u0017p\u00197pC.\u001cuN\u001c4\u0002\u0019\u001d,G\u000fU;cY&\u001c7*Z=\u0016\u0005\u0005U\u0003\u0003\u0002(~\u00037\t1\u0002Z3d_\u0012,Gk\\6f]R1\u00111LA4\u0003W\u0002B!!\u0018\u0002d5\u0011\u0011q\f\u0006\u0004\u0003CR\u0014\u0001\u00026t_:LA!!\u001a\u0002`\tA!j](cU\u0016\u001cG\u000fC\u0004\u0002j9\u0001\r!a\u0007\u0002\u0013A,(\r\\5d\u0017\u0016L\bbBA\r\u001d\u0001\u0007\u00111D\u0001\u0015GJ,\u0017\r^3SKF,Xm\u001d;pe\u0006\u001bGo\u001c:")
/* loaded from: input_file:biz/lobachev/annette/gateway/core/authentication/keycloak/KeycloakAuthenticator.class */
public class KeycloakAuthenticator implements BearerAuthenticator, KeycloakSubjectBuilder {
    private final Option<KeycloakConfig> keycloakConfOpt;
    private final WSClient ws;
    private final ActorSystem system;
    private final ExecutionContext ec;
    private final Logger log;
    private final Option<ActorRef<PublicKeyRequestor.Command>> keycloakRequestorActorOpt;
    private volatile byte bitmap$init$0;

    @Override // biz.lobachev.annette.gateway.core.authentication.keycloak.KeycloakSubjectBuilder
    public Subject buildSubject(JsObject jsObject, Headers headers, KeycloakConfig keycloakConfig) {
        Subject buildSubject;
        buildSubject = buildSubject(jsObject, headers, keycloakConfig);
        return buildSubject;
    }

    @Override // biz.lobachev.annette.gateway.core.authentication.keycloak.KeycloakSubjectBuilder
    public Option<String> getFieldValue(JsObject jsObject, String str, boolean z) {
        Option<String> fieldValue;
        fieldValue = getFieldValue(jsObject, str, z);
        return fieldValue;
    }

    @Override // biz.lobachev.annette.gateway.core.authentication.keycloak.KeycloakSubjectBuilder
    public Option<String> valueToString(JsValue jsValue) {
        Option<String> valueToString;
        valueToString = valueToString(jsValue);
        return valueToString;
    }

    @Override // biz.lobachev.annette.gateway.core.authentication.keycloak.KeycloakSubjectBuilder
    public Option<String> getHeaderValue(Headers headers, String str, boolean z) {
        Option<String> headerValue;
        headerValue = getHeaderValue(headers, str, z);
        return headerValue;
    }

    public ExecutionContext ec() {
        return this.ec;
    }

    public Logger log() {
        if (((byte) (this.bitmap$init$0 & 1)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /Users/valery/Projects/repositories/annette-platform/annette/annette/api-gateway-core/src/main/scala/biz/lobachev/annette/gateway/core/authentication/keycloak/KeycloakAuthenticator.scala: 47");
        }
        Logger logger = this.log;
        return this.log;
    }

    public Option<ActorRef<PublicKeyRequestor.Command>> keycloakRequestorActorOpt() {
        if (((byte) (this.bitmap$init$0 & 2)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /Users/valery/Projects/repositories/annette-platform/annette/annette/api-gateway-core/src/main/scala/biz/lobachev/annette/gateway/core/authentication/keycloak/KeycloakAuthenticator.scala: 49");
        }
        Option<ActorRef<PublicKeyRequestor.Command>> option = this.keycloakRequestorActorOpt;
        return this.keycloakRequestorActorOpt;
    }

    @Override // biz.lobachev.annette.gateway.core.authentication.BearerAuthenticator
    public <A> Future<Subject> authenticate(Headers headers, String str, ExecutionContext executionContext) {
        return (Future) this.keycloakConfOpt.map(keycloakConfig -> {
            return this.authenticate(str, headers, keycloakConfig, executionContext).recover(new KeycloakAuthenticator$$anonfun$$nestedInanonfun$authenticate$1$1(this), executionContext);
        }).getOrElse(() -> {
            this.log().error("Authentication failed. Keycloak config failure");
            return Future$.MODULE$.failed(new AuthenticationFailedException());
        });
    }

    private Future<Subject> authenticate(String str, Headers headers, KeycloakConfig keycloakConfig, ExecutionContext executionContext) {
        return getPublicKey().map(str2 -> {
            return this.buildSubject(this.decodeToken(str2, str), headers, keycloakConfig);
        }, executionContext);
    }

    private Future<String> getPublicKey() {
        return AskPattern$Askable$.MODULE$.ask$extension(AskPattern$.MODULE$.Askable((ActorRef) keycloakRequestorActorOpt().get()), actorRef -> {
            return new PublicKeyRequestor.Get(actorRef);
        }, new Timeout(new package.DurationInt(package$.MODULE$.DurationInt(50)).seconds()), package$ClassicActorSystemOps$.MODULE$.toTyped$extension(akka.actor.typed.scaladsl.adapter.package$.MODULE$.ClassicActorSystemOps(this.system)).scheduler()).map(response -> {
            if (response instanceof PublicKeyRequestor.Key) {
                return ((PublicKeyRequestor.Key) response).key();
            }
            if (PublicKeyRequestor$NoKey$.MODULE$.equals(response)) {
                throw new AuthenticationFailedException();
            }
            throw new MatchError(response);
        }, ec());
    }

    private JsObject decodeToken(String str, String str2) {
        boolean z = false;
        Failure failure = null;
        Success decodeJson = JwtJson$.MODULE$.decodeJson(str2, str, () -> {
            return new $colon.colon(JwtAlgorithm$RS256$.MODULE$, Nil$.MODULE$);
        });
        if (decodeJson instanceof Success) {
            return (JsObject) decodeJson.value();
        }
        if (decodeJson instanceof Failure) {
            z = true;
            failure = (Failure) decodeJson;
            if (failure.exception() instanceof JwtExpirationException) {
                throw new TokenExpiredException();
            }
        }
        if (!z || failure.exception() == null) {
            throw new MatchError(decodeJson);
        }
        throw new AuthenticationFailedException();
    }

    private Option<ActorRef<PublicKeyRequestor.Command>> createRequestorActor() {
        return this.keycloakConfOpt.map(keycloakConfig -> {
            ActorSystem ClassicActorSystemOps = akka.actor.typed.scaladsl.adapter.package$.MODULE$.ClassicActorSystemOps(this.system);
            return package$ClassicActorSystemOps$.MODULE$.spawn$extension(ClassicActorSystemOps, PublicKeyRequestor$.MODULE$.apply(keycloakConfig.config(), this.ws, this.ec()), "keycloakPublicKeyRequestor", package$ClassicActorSystemOps$.MODULE$.spawn$default$3$extension(ClassicActorSystemOps));
        });
    }

    public KeycloakAuthenticator(Option<KeycloakConfig> option, WSClient wSClient, ActorSystem actorSystem, ExecutionContext executionContext) {
        this.keycloakConfOpt = option;
        this.ws = wSClient;
        this.system = actorSystem;
        this.ec = executionContext;
        KeycloakSubjectBuilder.$init$(this);
        this.log = LoggerFactory.getLogger(getClass());
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 1);
        this.keycloakRequestorActorOpt = createRequestorActor();
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 2);
    }
}
