package biz.lobachev.annette.api_gateway_core.authentication.keycloak;

import akka.actor.ActorSystem;
import akka.actor.typed.ActorRef;
import akka.actor.typed.scaladsl.AskPattern$;
import akka.actor.typed.scaladsl.AskPattern$Askable$;
import akka.actor.typed.scaladsl.adapter.package$ClassicActorSystemOps$;
import akka.util.Timeout;
import biz.lobachev.annette.api_gateway_core.authentication.AuthenticationFailedException;
import biz.lobachev.annette.api_gateway_core.authentication.BearerAuthenticator;
import biz.lobachev.annette.api_gateway_core.authentication.Subject;
import biz.lobachev.annette.api_gateway_core.authentication.TokenExpiredException;
import biz.lobachev.annette.api_gateway_core.authentication.keycloak.PublicKeyRequestor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pdi.jwt.JwtAlgorithm$RS256$;
import pdi.jwt.JwtJson$;
import pdi.jwt.exceptions.JwtExpirationException;
import play.api.libs.json.JsObject;
import play.api.libs.json.JsValue;
import play.api.libs.ws.WSClient;
import play.api.mvc.Headers;
import scala.MatchError;
import scala.Option;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.concurrent.duration.package;
import scala.concurrent.duration.package$;
import scala.reflect.ScalaSignature;
import scala.util.Failure;
import scala.util.Success;

/* compiled from: KeycloakAuthenticator.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005-d\u0001\u0002\t\u0012\u0001yA\u0001\"\f\u0001\u0003\u0002\u0003\u0006IA\f\u0005\ti\u0001\u0011\t\u0011)A\u0005k!A\u0001\t\u0001B\u0001B\u0003%\u0011\t\u0003\u0005J\u0001\t\u0015\r\u0011b\u0001K\u0011!\t\u0006A!A!\u0002\u0013Y\u0005\"\u0002*\u0001\t\u0003\u0019\u0006b\u0002.\u0001\u0005\u0004%\ta\u0017\u0005\u0007I\u0002\u0001\u000b\u0011\u0002/\t\u000f\u0015\u0004!\u0019!C\u0001M\"1Q\u000f\u0001Q\u0001\n\u001dDQA\u001e\u0001\u0005B]DaA\u001e\u0001\u0005\n\u0005}\u0002bBA'\u0001\u0011%\u0011q\n\u0005\b\u0003'\u0002A\u0011BA+\u0011\u0019\tI\u0007\u0001C\u0005M\n)2*Z=dY>\f7.Q;uQ\u0016tG/[2bi>\u0014(B\u0001\n\u0014\u0003!YW-_2m_\u0006\\'B\u0001\u000b\u0016\u00039\tW\u000f\u001e5f]RL7-\u0019;j_:T!AF\f\u0002!\u0005\u0004\u0018nX4bi\u0016<\u0018-_0d_J,'B\u0001\r\u001a\u0003\u001d\tgN\\3ui\u0016T!AG\u000e\u0002\u00111|'-Y2iKZT\u0011\u0001H\u0001\u0004E&T8\u0001A\n\u0005\u0001})\u0013\u0006\u0005\u0002!G5\t\u0011EC\u0001#\u0003\u0015\u00198-\u00197b\u0013\t!\u0013E\u0001\u0004B]f\u0014VM\u001a\t\u0003M\u001dj\u0011aE\u0005\u0003QM\u00111CQ3be\u0016\u0014\u0018)\u001e;iK:$\u0018nY1u_J\u0004\"AK\u0016\u000e\u0003EI!\u0001L\t\u0003--+\u0017p\u00197pC.\u001cVO\u00196fGR\u0014U/\u001b7eKJ\fqb[3zG2|\u0017m[\"p]\u001a|\u0005\u000f\u001e\t\u0004A=\n\u0014B\u0001\u0019\"\u0005\u0019y\u0005\u000f^5p]B\u0011!FM\u0005\u0003gE\u0011abS3zG2|\u0017m[\"p]\u001aLw-\u0001\u0002xgB\u0011aGP\u0007\u0002o)\u0011A\u0007\u000f\u0006\u0003si\nA\u0001\\5cg*\u00111\bP\u0001\u0004CBL'\"A\u001f\u0002\tAd\u0017-_\u0005\u0003\u007f]\u0012\u0001bV*DY&,g\u000e^\u0001\u0007gf\u001cH/Z7\u0011\u0005\t;U\"A\"\u000b\u0005\u0011+\u0015!B1di>\u0014(\"\u0001$\u0002\t\u0005\\7.Y\u0005\u0003\u0011\u000e\u00131\"Q2u_J\u001c\u0016p\u001d;f[\u0006\u0011QmY\u000b\u0002\u0017B\u0011AjT\u0007\u0002\u001b*\u0011a*I\u0001\u000bG>t7-\u001e:sK:$\u0018B\u0001)N\u0005A)\u00050Z2vi&|gnQ8oi\u0016DH/A\u0002fG\u0002\na\u0001P5oSRtD\u0003\u0002+X1f#\"!\u0016,\u0011\u0005)\u0002\u0001\"B%\u0007\u0001\bY\u0005\"B\u0017\u0007\u0001\u0004q\u0003\"\u0002\u001b\u0007\u0001\u0004)\u0004\"\u0002!\u0007\u0001\u0004\t\u0015a\u00017pOV\tA\f\u0005\u0002^E6\taL\u0003\u0002`A\u0006)1\u000f\u001c45U*\t\u0011-A\u0002pe\u001eL!a\u00190\u0003\r1{wmZ3s\u0003\u0011awn\u001a\u0011\u00023-,\u0017p\u00197pC.\u0014V-];fgR|'/Q2u_J|\u0005\u000f^\u000b\u0002OB\u0019\u0001e\f5\u0011\u0007%dg.D\u0001k\u0015\tY7)A\u0003usB,G-\u0003\u0002nU\nA\u0011i\u0019;peJ+g\r\u0005\u0002pe:\u0011!\u0006]\u0005\u0003cF\t!\u0003U;cY&\u001c7*Z=SKF,Xm\u001d;pe&\u00111\u000f\u001e\u0002\b\u0007>lW.\u00198e\u0015\t\t\u0018#\u0001\u000elKf\u001cGn\\1l%\u0016\fX/Z:u_J\f5\r^8s\u001fB$\b%\u0001\u0007bkRDWM\u001c;jG\u0006$X-F\u0002y\u0003[!R!_A\u0002\u0003'!2A_A\u0001!\ra50`\u0005\u0003y6\u0013aAR;ukJ,\u0007C\u0001\u0014\u007f\u0013\ty8CA\u0004Tk\nTWm\u0019;\t\u000b%[\u00019A&\t\u000f\u0005\u00151\u00021\u0001\u0002\b\u00059\u0001.Z1eKJ\u001c\b\u0003BA\u0005\u0003\u001fi!!a\u0003\u000b\u0007\u00055!(A\u0002nm\u000eLA!!\u0005\u0002\f\t9\u0001*Z1eKJ\u001c\bbBA\u000b\u0017\u0001\u0007\u0011qC\u0001\u0006i>\\WM\u001c\t\u0005\u00033\t9C\u0004\u0003\u0002\u001c\u0005\r\u0002cAA\u000fC5\u0011\u0011q\u0004\u0006\u0004\u0003Ci\u0012A\u0002\u001fs_>$h(C\u0002\u0002&\u0005\na\u0001\u0015:fI\u00164\u0017\u0002BA\u0015\u0003W\u0011aa\u0015;sS:<'bAA\u0013C\u00119\u0011qF\u0006C\u0002\u0005E\"!A!\u0012\t\u0005M\u0012\u0011\b\t\u0004A\u0005U\u0012bAA\u001cC\t9aj\u001c;iS:<\u0007c\u0001\u0011\u0002<%\u0019\u0011QH\u0011\u0003\u0007\u0005s\u0017\u0010\u0006\u0005\u0002B\u0005\u0015\u0013qIA%)\rQ\u00181\t\u0005\u0006\u00132\u0001\u001da\u0013\u0005\b\u0003+a\u0001\u0019AA\f\u0011\u001d\t)\u0001\u0004a\u0001\u0003\u000fAa!a\u0013\r\u0001\u0004\t\u0014\u0001D6fs\u000edw.Y6D_:4\u0017\u0001D4fiB+(\r\\5d\u0017\u0016LXCAA)!\u0011a50a\u0006\u0002\u0017\u0011,7m\u001c3f)>\\WM\u001c\u000b\u0007\u0003/\n\u0019'a\u001a\u0011\t\u0005e\u0013qL\u0007\u0003\u00037R1!!\u00189\u0003\u0011Q7o\u001c8\n\t\u0005\u0005\u00141\f\u0002\t\u0015N|%M[3di\"9\u0011Q\r\bA\u0002\u0005]\u0011!\u00039vE2L7mS3z\u0011\u001d\t)B\u0004a\u0001\u0003/\tAc\u0019:fCR,'+Z9vKN$xN]!di>\u0014\b")
/* loaded from: input_file:biz/lobachev/annette/api_gateway_core/authentication/keycloak/KeycloakAuthenticator.class */
public class KeycloakAuthenticator implements BearerAuthenticator, KeycloakSubjectBuilder {
    private final Option<KeycloakConfig> keycloakConfOpt;
    private final WSClient ws;
    private final ActorSystem system;
    private final ExecutionContext ec;
    private final Logger log;
    private final Option<ActorRef<PublicKeyRequestor.Command>> keycloakRequestorActorOpt;

    @Override // biz.lobachev.annette.api_gateway_core.authentication.keycloak.KeycloakSubjectBuilder
    public Subject buildSubject(JsObject jsObject, Headers headers, KeycloakConfig keycloakConfig) {
        Subject buildSubject;
        buildSubject = buildSubject(jsObject, headers, keycloakConfig);
        return buildSubject;
    }

    @Override // biz.lobachev.annette.api_gateway_core.authentication.keycloak.KeycloakSubjectBuilder
    public Option<String> getFieldValue(JsObject jsObject, String str, boolean z) {
        Option<String> fieldValue;
        fieldValue = getFieldValue(jsObject, str, z);
        return fieldValue;
    }

    @Override // biz.lobachev.annette.api_gateway_core.authentication.keycloak.KeycloakSubjectBuilder
    public Option<String> valueToString(JsValue jsValue) {
        Option<String> valueToString;
        valueToString = valueToString(jsValue);
        return valueToString;
    }

    @Override // biz.lobachev.annette.api_gateway_core.authentication.keycloak.KeycloakSubjectBuilder
    public Option<String> getHeaderValue(Headers headers, String str, boolean z) {
        Option<String> headerValue;
        headerValue = getHeaderValue(headers, str, z);
        return headerValue;
    }

    public ExecutionContext ec() {
        return this.ec;
    }

    public Logger log() {
        return this.log;
    }

    public Option<ActorRef<PublicKeyRequestor.Command>> keycloakRequestorActorOpt() {
        return this.keycloakRequestorActorOpt;
    }

    @Override // biz.lobachev.annette.api_gateway_core.authentication.BearerAuthenticator
    public <A> Future<Subject> authenticate(Headers headers, String str, ExecutionContext executionContext) {
        return (Future) this.keycloakConfOpt.map(keycloakConfig -> {
            return this.authenticate(str, headers, keycloakConfig, executionContext).recover(new KeycloakAuthenticator$$anonfun$$nestedInanonfun$authenticate$1$1(this), executionContext);
        }).getOrElse(() -> {
            this.log().error("Authentication failed. Keycloak config failure");
            return Future$.MODULE$.failed(new AuthenticationFailedException());
        });
    }

    private Future<Subject> authenticate(String str, Headers headers, KeycloakConfig keycloakConfig, ExecutionContext executionContext) {
        return getPublicKey().map(str2 -> {
            return this.buildSubject(this.decodeToken(str2, str), headers, keycloakConfig);
        }, executionContext);
    }

    private Future<String> getPublicKey() {
        return AskPattern$Askable$.MODULE$.ask$extension(AskPattern$.MODULE$.Askable((ActorRef) keycloakRequestorActorOpt().get()), actorRef -> {
            return new PublicKeyRequestor.Get(actorRef);
        }, new Timeout(new package.DurationInt(package$.MODULE$.DurationInt(50)).seconds()), package$ClassicActorSystemOps$.MODULE$.toTyped$extension(akka.actor.typed.scaladsl.adapter.package$.MODULE$.ClassicActorSystemOps(this.system)).scheduler()).map(response -> {
            if (response instanceof PublicKeyRequestor.Key) {
                return ((PublicKeyRequestor.Key) response).key();
            }
            if (PublicKeyRequestor$NoKey$.MODULE$.equals(response)) {
                throw new AuthenticationFailedException();
            }
            throw new MatchError(response);
        }, ec());
    }

    private JsObject decodeToken(String str, String str2) {
        boolean z = false;
        Failure failure = null;
        Success decodeJson = JwtJson$.MODULE$.decodeJson(str2, str, () -> {
            return new $colon.colon(JwtAlgorithm$RS256$.MODULE$, Nil$.MODULE$);
        });
        if (decodeJson instanceof Success) {
            return (JsObject) decodeJson.value();
        }
        if (decodeJson instanceof Failure) {
            z = true;
            failure = (Failure) decodeJson;
            if (failure.exception() instanceof JwtExpirationException) {
                throw new TokenExpiredException();
            }
        }
        if (!z || failure.exception() == null) {
            throw new MatchError(decodeJson);
        }
        throw new AuthenticationFailedException();
    }

    private Option<ActorRef<PublicKeyRequestor.Command>> createRequestorActor() {
        return this.keycloakConfOpt.map(keycloakConfig -> {
            ActorSystem ClassicActorSystemOps = akka.actor.typed.scaladsl.adapter.package$.MODULE$.ClassicActorSystemOps(this.system);
            return package$ClassicActorSystemOps$.MODULE$.spawn$extension(ClassicActorSystemOps, PublicKeyRequestor$.MODULE$.apply(keycloakConfig.config(), this.ws, this.ec()), "keycloakPublicKeyRequestor", package$ClassicActorSystemOps$.MODULE$.spawn$default$3$extension(ClassicActorSystemOps));
        });
    }

    public KeycloakAuthenticator(Option<KeycloakConfig> option, WSClient wSClient, ActorSystem actorSystem, ExecutionContext executionContext) {
        this.keycloakConfOpt = option;
        this.ws = wSClient;
        this.system = actorSystem;
        this.ec = executionContext;
        KeycloakSubjectBuilder.$init$(this);
        this.log = LoggerFactory.getLogger(getClass());
        this.keycloakRequestorActorOpt = createRequestorActor();
    }
}
