package de.choffmeister.auth.akkahttp;

import akka.http.scaladsl.model.headers.BasicHttpCredentials;
import akka.http.scaladsl.model.headers.HttpChallenge;
import akka.http.scaladsl.model.headers.HttpChallenge$;
import akka.http.scaladsl.model.headers.HttpCredentials;
import akka.http.scaladsl.model.headers.OAuth2BearerToken;
import akka.http.scaladsl.server.Directive;
import akka.http.scaladsl.server.RequestContext;
import akka.http.scaladsl.server.directives.AuthenticationDirective;
import akka.http.scaladsl.server.directives.AuthenticationResult$;
import akka.http.scaladsl.server.directives.SecurityDirectives;
import akka.http.scaladsl.server.directives.UserCredentials;
import akka.http.scaladsl.server.util.Tuple$;
import de.choffmeister.auth.common.JsonWebToken;
import de.choffmeister.auth.common.JsonWebToken$Incomplete$;
import de.choffmeister.auth.common.JsonWebToken$InvalidSignature$;
import de.choffmeister.auth.common.JsonWebToken$Malformed$;
import de.choffmeister.auth.common.JsonWebToken$Missing$;
import de.choffmeister.auth.common.JsonWebToken$Unknown$;
import scala.Function0;
import scala.Function1;
import scala.Function2;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.PartialFunction;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.StringContext;
import scala.Tuple1;
import scala.Tuple2;
import scala.collection.immutable.Map;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.duration.FiniteDuration;
import scala.reflect.ClassTag;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.Nothing$;
import scala.util.Either;

/* compiled from: Authenticator.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005-f\u0001B\u0001\u0003\u0001-\u0011Q\"Q;uQ\u0016tG/[2bi>\u0014(BA\u0002\u0005\u0003!\t7n[1iiR\u0004(BA\u0003\u0007\u0003\u0011\tW\u000f\u001e5\u000b\u0005\u001dA\u0011\u0001D2i_\u001a4W.Z5ti\u0016\u0014(\"A\u0005\u0002\u0005\u0011,7\u0001A\u000b\u0003\u0019\t\u001b2\u0001A\u0007\u0014!\tq\u0011#D\u0001\u0010\u0015\u0005\u0001\u0012!B:dC2\f\u0017B\u0001\n\u0010\u0005\u0019\te.\u001f*fMB\u0011AcH\u0007\u0002+)\u0011acF\u0001\u000bI&\u0014Xm\u0019;jm\u0016\u001c(B\u0001\r\u001a\u0003\u0019\u0019XM\u001d<fe*\u0011!dG\u0001\tg\u000e\fG.\u00193tY*\u0011A$H\u0001\u0005QR$\bOC\u0001\u001f\u0003\u0011\t7n[1\n\u0005\u0001*\"AE*fGV\u0014\u0018\u000e^=ESJ,7\r^5wKND\u0001B\t\u0001\u0003\u0002\u0003\u0006IaI\u0001\u0006e\u0016\fG.\u001c\t\u0003I\u001dr!AD\u0013\n\u0005\u0019z\u0011A\u0002)sK\u0012,g-\u0003\u0002)S\t11\u000b\u001e:j]\u001eT!AJ\b\t\u0011-\u0002!\u0011!Q\u0001\n1\n\u0011CY3be\u0016\u0014Hk\\6f]N+7M]3u!\rqQfL\u0005\u0003]=\u0011Q!\u0011:sCf\u0004\"A\u0004\u0019\n\u0005Ez!\u0001\u0002\"zi\u0016D\u0001b\r\u0001\u0003\u0002\u0003\u0006I\u0001N\u0001\rM&tG-V:fe\nK\u0018\n\u001a\t\u0005\u001dU\u001as'\u0003\u00027\u001f\tIa)\u001e8di&|g.\r\t\u0004qmjT\"A\u001d\u000b\u0005iz\u0011AC2p]\u000e,(O]3oi&\u0011A(\u000f\u0002\u0007\rV$XO]3\u0011\u00079q\u0004)\u0003\u0002@\u001f\t1q\n\u001d;j_:\u0004\"!\u0011\"\r\u0001\u0011)1\t\u0001b\u0001\t\n\tQ+\u0005\u0002F\u0011B\u0011aBR\u0005\u0003\u000f>\u0011qAT8uQ&tw\r\u0005\u0002\u000f\u0013&\u0011!j\u0004\u0002\u0004\u0003:L\b\u0002\u0003'\u0001\u0005\u0003\u0005\u000b\u0011\u0002\u001b\u0002%\u0019Lg\u000eZ+tKJ\u0014\u00150V:fe:\u000bW.\u001a\u0005\t\u001d\u0002\u0011\t\u0011)A\u0005\u001f\u0006!b/\u00197jI\u0006$X-V:feB\u000b7o]<pe\u0012\u0004RA\u0004)AGIK!!U\b\u0003\u0013\u0019+hn\u0019;j_:\u0014\u0004c\u0001\u001d<'B\u0011a\u0002V\u0005\u0003+>\u0011qAQ8pY\u0016\fg\u000e\u0003\u0005X\u0001\t\u0005\t\u0015a\u0003Y\u0003!)\u00070Z2vi>\u0014\bC\u0001\u001dZ\u0013\tQ\u0016H\u0001\tFq\u0016\u001cW\u000f^5p]\u000e{g\u000e^3yi\")A\f\u0001C\u0001;\u00061A(\u001b8jiz\"bA\u00182dI\u00164GCA0b!\r\u0001\u0007\u0001Q\u0007\u0002\u0005!)qk\u0017a\u00021\")!e\u0017a\u0001G!)1f\u0017a\u0001Y!)1g\u0017a\u0001i!)Aj\u0017a\u0001i!)aj\u0017a\u0001\u001f\")\u0001\u000e\u0001C\u0001S\u0006)\u0011\r\u001d9msR\t!\u000eE\u0002ls\u0002s!\u0001\\<\u000f\u000554hB\u00018v\u001d\tyGO\u0004\u0002qg6\t\u0011O\u0003\u0002s\u0015\u00051AH]8pizJ\u0011AH\u0005\u00039uI!AG\u000e\n\u0005aI\u0012B\u0001=\u0018\u0003\u001d\u0001\u0018mY6bO\u0016L!A_>\u0003\u0015\u0011K'/Z2uSZ,\u0017G\u0003\u0002y/!)Q\u0010\u0001C\u0001}\u0006)!-Y:jGR\u0019q0!\u0002\u0011\tQ\t\t\u0001Q\u0005\u0004\u0003\u0007)\"aF!vi\",g\u000e^5dCRLwN\u001c#je\u0016\u001cG/\u001b<f\u0011%\t9\u0001 I\u0001\u0002\u0004\tI!\u0001\u0005nS:$U\r\\1z!\u0011qa(a\u0003\u0011\t\u00055\u00111C\u0007\u0003\u0003\u001fQ1!!\u0005:\u0003!!WO]1uS>t\u0017\u0002BA\u000b\u0003\u001f\u0011aBR5oSR,G)\u001e:bi&|g\u000eC\u0004\u0002\u001a\u0001!\t!a\u0007\u0002\u0017\t,\u0017M]3s)>\\WM\u001c\u000b\u0004\u007f\u0006u\u0001\"CA\u0010\u0003/\u0001\n\u00111\u0001T\u00035\t7mY3qi\u0016C\b/\u001b:fI\"9\u00111\u0005\u0001\u0005\n\u0005\u0015\u0012!B4sC:$H\u0003BA\u0014\u0003g\u0001R!!\u000b\u00020\u0001s1\u0001FA\u0016\u0013\r\ti#F\u0001\u0013'\u0016\u001cWO]5us\u0012K'/Z2uSZ,7/C\u0002\u00022}\u0011A#Q;uQ\u0016tG/[2bi&|gNU3tk2$\bbBA\u001b\u0003C\u0001\r\u0001Q\u0001\u0005kN,'\u000fC\u0004\u0002:\u0001!I!a\u000f\u0002\t\u0011,g._\u000b\u0003\u0003{\u0001R!!\u000b\u00020\u0015Cq!!\u000f\u0001\t\u0013\t\t\u0005\u0006\u0003\u0002>\u0005\r\u0003\u0002CA#\u0003\u007f\u0001\r!a\u0012\u0002\u000b\u0015\u0014(o\u001c:\u0011\t9q\u0014\u0011\n\t\u0005\u0003\u0017\n)G\u0004\u0003\u0002N\u0005}c\u0002BA(\u00037rA!!\u0015\u0002Z9!\u00111KA,\u001d\r\u0001\u0018QK\u0005\u0002\u0013%\u0011q\u0001C\u0005\u0003\u000b\u0019I1!!\u0018\u0005\u0003\u0019\u0019w.\\7p]&!\u0011\u0011MA2\u00031Q5o\u001c8XK\n$vn[3o\u0015\r\ti\u0006B\u0005\u0005\u0003O\nIGA\u0003FeJ|'O\u0003\u0003\u0002b\u0005\r\u0004bBA7\u0001\u0011%\u0011qN\u0001\u0015GJ,\u0017\r^3CCNL7m\u00115bY2,gnZ3\u0016\u0005\u0005E\u0004\u0003BA:\u0003{j!!!\u001e\u000b\t\u0005]\u0014\u0011P\u0001\bQ\u0016\fG-\u001a:t\u0015\r\tY(G\u0001\u0006[>$W\r\\\u0005\u0005\u0003\u007f\n)HA\u0007IiR\u00048\t[1mY\u0016tw-\u001a\u0005\b\u0003\u0007\u0003A\u0011BAC\u0003i\u0019'/Z1uK\n+\u0017M]3s)>\\WM\\\"iC2dWM\\4f)\u0011\t\t(a\"\t\u0011\u0005\u0015\u0013\u0011\u0011a\u0001\u0003\u000fB\u0011\"a#\u0001#\u0003%\t!!$\u0002+\t,\u0017M]3s)>\\WM\u001c\u0013eK\u001a\fW\u000f\u001c;%cU\u0011\u0011q\u0012\u0016\u0004'\u0006E5FAAJ!\u0011\t)*a(\u000e\u0005\u0005]%\u0002BAM\u00037\u000b\u0011\"\u001e8dQ\u0016\u001c7.\u001a3\u000b\u0007\u0005uu\"\u0001\u0006b]:|G/\u0019;j_:LA!!)\u0002\u0018\n\tRO\\2iK\u000e\\W\r\u001a,be&\fgnY3\t\u0013\u0005\u0015\u0006!%A\u0005\u0002\u0005\u001d\u0016a\u00042bg&\u001cG\u0005Z3gCVdG\u000fJ\u0019\u0016\u0005\u0005%&\u0006BA\u0005\u0003#\u0003")
/* loaded from: input_file:de/choffmeister/auth/akkahttp/Authenticator.class */
public class Authenticator<U> implements SecurityDirectives {
    private final String realm;
    public final byte[] de$choffmeister$auth$akkahttp$Authenticator$$bearerTokenSecret;
    private final Function1<String, Future<Option<U>>> findUserById;
    public final Function1<String, Future<Option<U>>> de$choffmeister$auth$akkahttp$Authenticator$$findUserByUserName;
    public final Function2<U, String, Future<Object>> de$choffmeister$auth$akkahttp$Authenticator$$validateUserPassword;
    public final ExecutionContext de$choffmeister$auth$akkahttp$Authenticator$$executor;

    public Directive<Tuple1<Option<HttpCredentials>>> extractCredentials() {
        return SecurityDirectives.class.extractCredentials(this);
    }

    public <T> AuthenticationDirective<T> authenticateBasic(String str, Function1<UserCredentials, Option<T>> function1) {
        return SecurityDirectives.class.authenticateBasic(this, str, function1);
    }

    public <T> AuthenticationDirective<T> authenticateBasicAsync(String str, Function1<UserCredentials, Future<Option<T>>> function1) {
        return SecurityDirectives.class.authenticateBasicAsync(this, str, function1);
    }

    public <T> AuthenticationDirective<T> authenticateBasicPF(String str, PartialFunction<UserCredentials, T> partialFunction) {
        return SecurityDirectives.class.authenticateBasicPF(this, str, partialFunction);
    }

    public <T> AuthenticationDirective<T> authenticateBasicPFAsync(String str, PartialFunction<UserCredentials, Future<T>> partialFunction) {
        return SecurityDirectives.class.authenticateBasicPFAsync(this, str, partialFunction);
    }

    public <T> AuthenticationDirective<T> authenticateOrRejectWithChallenge(Function1<Option<HttpCredentials>, Future<Either<HttpChallenge, T>>> function1) {
        return SecurityDirectives.class.authenticateOrRejectWithChallenge(this, function1);
    }

    public <C extends HttpCredentials, T> AuthenticationDirective<T> authenticateOrRejectWithChallenge(Function1<Option<C>, Future<Either<HttpChallenge, T>>> function1, ClassTag<C> classTag) {
        return SecurityDirectives.class.authenticateOrRejectWithChallenge(this, function1, classTag);
    }

    public Directive<BoxedUnit> authorize(Function0<Object> function0) {
        return SecurityDirectives.class.authorize(this, function0);
    }

    public Directive<BoxedUnit> authorize(Function1<RequestContext, Object> function1) {
        return SecurityDirectives.class.authorize(this, function1);
    }

    public HttpChallenge challengeFor(String str) {
        return SecurityDirectives.class.challengeFor(this, str);
    }

    public Directive<Tuple1<U>> apply() {
        return bearerToken(false).recover(new Authenticator$$anonfun$apply$1(this), Tuple$.MODULE$.forTuple1());
    }

    public AuthenticationDirective<U> basic(Option<FiniteDuration> option) {
        return (AuthenticationDirective<U>) authenticateOrRejectWithChallenge(new Authenticator$$anonfun$basic$1(this, option), ClassTag$.MODULE$.apply(BasicHttpCredentials.class));
    }

    public Option<FiniteDuration> basic$default$1() {
        return None$.MODULE$;
    }

    public AuthenticationDirective<U> bearerToken(boolean z) {
        return (AuthenticationDirective<U>) authenticateOrRejectWithChallenge(new Authenticator$$anonfun$bearerToken$1(this, z), ClassTag$.MODULE$.apply(OAuth2BearerToken.class));
    }

    public boolean bearerToken$default$1() {
        return false;
    }

    public Either<HttpChallenge, U> de$choffmeister$auth$akkahttp$Authenticator$$grant(U u) {
        return AuthenticationResult$.MODULE$.success(u);
    }

    public Either<HttpChallenge, Nothing$> de$choffmeister$auth$akkahttp$Authenticator$$deny() {
        return AuthenticationResult$.MODULE$.failWithChallenge(createBasicChallenge());
    }

    public Either<HttpChallenge, Nothing$> de$choffmeister$auth$akkahttp$Authenticator$$deny(Option<JsonWebToken.Error> option) {
        return AuthenticationResult$.MODULE$.failWithChallenge(createBearerTokenChallenge(option));
    }

    private HttpChallenge createBasicChallenge() {
        return new HttpChallenge("Basic", this.realm, HttpChallenge$.MODULE$.apply$default$3());
    }

    private HttpChallenge createBearerTokenChallenge(Option<JsonWebToken.Error> option) {
        None$ some;
        Map empty;
        boolean z = false;
        Some some2 = null;
        if (None$.MODULE$.equals(option)) {
            some = None$.MODULE$;
        } else {
            if (option instanceof Some) {
                z = true;
                some2 = (Some) option;
                if (JsonWebToken$Missing$.MODULE$.equals((JsonWebToken.Error) some2.x())) {
                    some = None$.MODULE$;
                }
            }
            if (z && JsonWebToken$Malformed$.MODULE$.equals((JsonWebToken.Error) some2.x())) {
                some = new Some("The access token is malformed");
            } else if (z && JsonWebToken$InvalidSignature$.MODULE$.equals((JsonWebToken.Error) some2.x())) {
                some = new Some("The access token has been manipulated");
            } else if (z && JsonWebToken$Incomplete$.MODULE$.equals((JsonWebToken.Error) some2.x())) {
                some = new Some("The token must at least contain the iat, exp and sub claim");
            } else if (z && (((JsonWebToken.Error) some2.x()) instanceof JsonWebToken.Expired)) {
                some = new Some("The access token expired");
            } else {
                if (z) {
                    JsonWebToken.UnsupportedAlgorithm unsupportedAlgorithm = (JsonWebToken.Error) some2.x();
                    if (unsupportedAlgorithm instanceof JsonWebToken.UnsupportedAlgorithm) {
                        some = new Some(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"The signature algorithm ", " is not supported"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{unsupportedAlgorithm.algorithm()})));
                    }
                }
                if (!z || !JsonWebToken$Unknown$.MODULE$.equals((JsonWebToken.Error) some2.x())) {
                    throw new MatchError(option);
                }
                some = new Some("An unknown error occured");
            }
        }
        None$ none$ = some;
        if (none$ instanceof Some) {
            empty = (Map) Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), "invalid_token"), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error_description"), (String) ((Some) none$).x())}));
        } else {
            if (!None$.MODULE$.equals(none$)) {
                throw new MatchError(none$);
            }
            empty = Predef$.MODULE$.Map().empty();
        }
        return new HttpChallenge("Bearer", this.realm, empty);
    }

    public final Future de$choffmeister$auth$akkahttp$Authenticator$$resolve$1(JsonWebToken jsonWebToken) {
        return ((Future) this.findUserById.apply(jsonWebToken.subject())).map(new Authenticator$$anonfun$de$choffmeister$auth$akkahttp$Authenticator$$resolve$1$1(this), this.de$choffmeister$auth$akkahttp$Authenticator$$executor);
    }

    public Authenticator(String str, byte[] bArr, Function1<String, Future<Option<U>>> function1, Function1<String, Future<Option<U>>> function12, Function2<U, String, Future<Object>> function2, ExecutionContext executionContext) {
        this.realm = str;
        this.de$choffmeister$auth$akkahttp$Authenticator$$bearerTokenSecret = bArr;
        this.findUserById = function1;
        this.de$choffmeister$auth$akkahttp$Authenticator$$findUserByUserName = function12;
        this.de$choffmeister$auth$akkahttp$Authenticator$$validateUserPassword = function2;
        this.de$choffmeister$auth$akkahttp$Authenticator$$executor = executionContext;
        SecurityDirectives.class.$init$(this);
    }
}
