package com.mdsol.mauth.scaladsl;

import com.mdsol.mauth.MAuthRequest;
import com.mdsol.mauth.MAuthVersion;
import com.mdsol.mauth.exception.MAuthValidationException;
import com.mdsol.mauth.scaladsl.utils.ClientPublicKeyProvider;
import com.mdsol.mauth.util.EpochTimeProvider;
import com.mdsol.mauth.util.MAuthSignatureHelper;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Some;
import scala.UninitializedFieldError;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.Promise;
import scala.concurrent.Promise$;
import scala.concurrent.duration.Duration;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;

/* compiled from: RequestAuthenticator.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005=a\u0001B\b\u0011\u0001eA\u0001\u0002\n\u0001\u0003\u0002\u0003\u0006I!\n\u0005\tW\u0001\u0011\t\u0011)A\u0005Y!A!\u0007\u0001B\u0001B\u0003%1\u0007C\u00037\u0001\u0011\u0005q\u0007C\u0004=\u0001\t\u0007I\u0011B\u001f\t\r\u0019\u0003\u0001\u0015!\u0003?\u0011\u00151\u0004\u0001\"\u0001H\u0011\u0015Q\u0005\u0001\"\u0011L\u0011\u001d1\u0007A1A\u0005B\u001dDa\u0001\u001b\u0001!\u0002\u0013\u0019\u0004\"B5\u0001\t#Q\u0007\"\u0002:\u0001\t#\u0019\b\"\u0002<\u0001\t\u00139\bbBA\u0004\u0001\u0011%\u0011\u0011\u0002\u0002\u0015%\u0016\fX/Z:u\u0003V$\b.\u001a8uS\u000e\fGo\u001c:\u000b\u0005E\u0011\u0012\u0001C:dC2\fGm\u001d7\u000b\u0005M!\u0012!B7bkRD'BA\u000b\u0017\u0003\u0015iGm]8m\u0015\u00059\u0012aA2p[\u000e\u00011c\u0001\u0001\u001bAA\u00111DH\u0007\u00029)\tQ$A\u0003tG\u0006d\u0017-\u0003\u0002 9\t1\u0011I\\=SK\u001a\u0004\"!\t\u0012\u000e\u0003AI!a\t\t\u0003\u001b\u0005+H\u000f[3oi&\u001c\u0017\r^8s\u0003E\u0001XO\u00197jG.+\u0017\u0010\u0015:pm&$WM\u001d\t\u0003M%j\u0011a\n\u0006\u0003QA\tQ!\u001e;jYNL!AK\u0014\u0003/\rc\u0017.\u001a8u!V\u0014G.[2LKf\u0004&o\u001c<jI\u0016\u0014\u0018!E3q_\u000eDG+[7f!J|g/\u001b3feB\u0011Q\u0006M\u0007\u0002])\u0011qFE\u0001\u0005kRLG.\u0003\u00022]\t\tR\t]8dQRKW.\u001a)s_ZLG-\u001a:\u0002%Y\u0014tJ\u001c7z\u0003V$\b.\u001a8uS\u000e\fG/\u001a\t\u00037QJ!!\u000e\u000f\u0003\u000f\t{w\u000e\\3b]\u00061A(\u001b8jiz\"B\u0001O\u001d;wA\u0011\u0011\u0005\u0001\u0005\u0006I\u0011\u0001\r!\n\u0005\u0006W\u0011\u0001\r\u0001\f\u0005\u0006e\u0011\u0001\raM\u0001\u0007Y><w-\u001a:\u0016\u0003y\u0002\"a\u0010#\u000e\u0003\u0001S!!\u0011\"\u0002\u000bMdg\r\u000e6\u000b\u0003\r\u000b1a\u001c:h\u0013\t)\u0005I\u0001\u0004M_\u001e<WM]\u0001\bY><w-\u001a:!)\rA\u0004*\u0013\u0005\u0006I\u001d\u0001\r!\n\u0005\u0006W\u001d\u0001\r\u0001L\u0001\rCV$\b.\u001a8uS\u000e\fG/\u001a\u000b\u0003\u0019\u0002$2!T*Y!\rq\u0015kM\u0007\u0002\u001f*\u0011\u0001\u000bH\u0001\u000bG>t7-\u001e:sK:$\u0018B\u0001*P\u0005\u00191U\u000f^;sK\")A\u000b\u0003a\u0002+\u0006\u0011Q\r\u001f\t\u0003\u001dZK!aV(\u0003!\u0015CXmY;uS>t7i\u001c8uKb$\b\"B-\t\u0001\bQ\u0016\u0001\u0007:fcV,7\u000f\u001e,bY&$\u0017\r^5p]RKW.Z8viB\u00111LX\u0007\u00029*\u0011QlT\u0001\tIV\u0014\u0018\r^5p]&\u0011q\f\u0018\u0002\t\tV\u0014\u0018\r^5p]\")\u0011\r\u0003a\u0001E\u0006aQ.Q;uQJ+\u0017/^3tiB\u00111\rZ\u0007\u0002%%\u0011QM\u0005\u0002\r\u001b\u0006+H\u000f\u001b*fcV,7\u000f^\u0001\u0015SN4&g\u00148ms\u0006+H\u000f[3oi&\u001c\u0017\r^3\u0016\u0003M\nQ#[:We=sG._!vi\",g\u000e^5dCR,\u0007%\u0001\u0007wC2LG-\u0019;f)&lW\r\u0006\u0002l[R\u00111\u0007\u001c\u0005\u00063.\u0001\rA\u0017\u0005\u0006].\u0001\ra\\\u0001\fe\u0016\fX/Z:u)&lW\r\u0005\u0002\u001ca&\u0011\u0011\u000f\b\u0002\u0005\u0019>tw-\u0001\u000bwC2LG-\u0019;f\u001b\u0006,H\u000f\u001b,feNLwN\u001c\u000b\u0004gQ,\b\"B1\r\u0001\u0004\u0011\u0007\"\u0002\u001a\r\u0001\u0004\u0019\u0014a\u0005<bY&$\u0017\r^3TS\u001et\u0017\r^;sKZ\u000bDcA\u001ays\")\u0011-\u0004a\u0001E\")!0\u0004a\u0001w\u0006y1\r\\5f]R\u0004VO\u00197jG.+\u0017\u0010E\u0002}\u0003\u0007i\u0011! \u0006\u0003}~\f\u0001b]3dkJLG/\u001f\u0006\u0003\u0003\u0003\tAA[1wC&\u0019\u0011QA?\u0003\u0013A+(\r\\5d\u0017\u0016L\u0018a\u0005<bY&$\u0017\r^3TS\u001et\u0017\r^;sKZ\u0013D#B\u001a\u0002\f\u00055\u0001\"B1\u000f\u0001\u0004\u0011\u0007\"\u0002>\u000f\u0001\u0004Y\b")
/* loaded from: input_file:com/mdsol/mauth/scaladsl/RequestAuthenticator.class */
public class RequestAuthenticator implements Authenticator {
    private final ClientPublicKeyProvider publicKeyProvider;
    private final EpochTimeProvider epochTimeProvider;
    private final boolean v2OnlyAuthenticate;
    private final Logger logger;
    private final boolean isV2OnlyAuthenticate;
    private volatile byte bitmap$init$0;

    private Logger logger() {
        if (((byte) (this.bitmap$init$0 & 1)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /home/travis/build/mdsol/mauth-jvm-clients/modules/mauth-authenticator/src/main/scala/com/mdsol/mauth/scaladsl/RequestAuthenticator.scala: 20");
        }
        Logger logger = this.logger;
        return this.logger;
    }

    @Override // com.mdsol.mauth.scaladsl.Authenticator
    public Future<Object> authenticate(MAuthRequest mAuthRequest, ExecutionContext executionContext, Duration duration) {
        logger().info(String.format("Mauth-client attempting to authenticate request from app with mauth app uuid %s using version %s.", mAuthRequest.getAppUUID(), mAuthRequest.getMauthVersion().getValue()));
        Promise apply = Promise$.MODULE$.apply();
        if (!validateTime(mAuthRequest.getRequestTime(), duration)) {
            String sb = new StringBuilder(51).append("MAuth request validation failed because of timeout ").append(duration).toString();
            logger().error(sb);
            apply.failure(new MAuthValidationException(sb));
        } else if (validateMauthVersion(mAuthRequest, this.v2OnlyAuthenticate)) {
            apply.completeWith(this.publicKeyProvider.getPublicKey(mAuthRequest.getAppUUID()).map(option -> {
                return BoxesRunTime.boxToBoolean($anonfun$authenticate$1(this, mAuthRequest, option));
            }, executionContext));
        } else {
            logger().error("The service requires mAuth v2 authentication headers.");
            apply.failure(new MAuthValidationException("The service requires mAuth v2 authentication headers."));
        }
        return apply.future();
    }

    @Override // com.mdsol.mauth.scaladsl.Authenticator
    public boolean isV2OnlyAuthenticate() {
        if (((byte) (this.bitmap$init$0 & 2)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /home/travis/build/mdsol/mauth-jvm-clients/modules/mauth-authenticator/src/main/scala/com/mdsol/mauth/scaladsl/RequestAuthenticator.scala: 71");
        }
        boolean z = this.isV2OnlyAuthenticate;
        return this.isV2OnlyAuthenticate;
    }

    public boolean validateTime(long j, Duration duration) {
        return this.epochTimeProvider.inSeconds() - j < duration.toSeconds();
    }

    public boolean validateMauthVersion(MAuthRequest mAuthRequest, boolean z) {
        if (z) {
            MAuthVersion mauthVersion = mAuthRequest.getMauthVersion();
            MAuthVersion mAuthVersion = MAuthVersion.MWSV2;
            if (mauthVersion != null ? !mauthVersion.equals(mAuthVersion) : mAuthVersion != null) {
                return false;
            }
        }
        return true;
    }

    private boolean validateSignatureV1(MAuthRequest mAuthRequest, PublicKey publicKey) {
        try {
            return Arrays.equals(MAuthSignatureHelper.getHexEncodedDigestedString(MAuthSignatureHelper.generateUnencryptedSignature(mAuthRequest.getAppUUID(), mAuthRequest.getHttpMethod(), mAuthRequest.getResourcePath(), mAuthRequest.getMessagePayload(), String.valueOf(mAuthRequest.getRequestTime()))).getBytes(StandardCharsets.UTF_8), MAuthSignatureHelper.decryptSignature(publicKey, mAuthRequest.getRequestSignature()));
        } catch (Exception e) {
            logger().error("MAuth request validation failed for V1.", e);
            throw new MAuthValidationException("MAuth request validation failed for V1.", e);
        }
    }

    private boolean validateSignatureV2(MAuthRequest mAuthRequest, PublicKey publicKey) {
        try {
            return MAuthSignatureHelper.verifyRSA(MAuthSignatureHelper.generateStringToSignV2(mAuthRequest.getAppUUID(), mAuthRequest.getHttpMethod(), mAuthRequest.getResourcePath(), mAuthRequest.getQueryParameters(), mAuthRequest.getMessagePayload(), String.valueOf(mAuthRequest.getRequestTime())), mAuthRequest.getRequestSignature(), publicKey);
        } catch (Exception e) {
            logger().error("MAuth request validation failed for V2.", e);
            throw new MAuthValidationException("MAuth request validation failed for V2.", e);
        }
    }

    public static final /* synthetic */ boolean $anonfun$authenticate$1(RequestAuthenticator requestAuthenticator, MAuthRequest mAuthRequest, Option option) {
        boolean validateSignatureV2;
        boolean z;
        if (None$.MODULE$.equals(option)) {
            requestAuthenticator.logger().error("Public Key couldn't be retrieved");
            z = false;
        } else {
            if (!(option instanceof Some)) {
                throw new MatchError(option);
            }
            PublicKey publicKey = (PublicKey) ((Some) option).value();
            MAuthVersion mauthVersion = mAuthRequest.getMauthVersion();
            if (MAuthVersion.MWS.equals(mauthVersion)) {
                validateSignatureV2 = requestAuthenticator.validateSignatureV1(mAuthRequest, publicKey);
            } else {
                if (!MAuthVersion.MWSV2.equals(mauthVersion)) {
                    throw new MatchError(mauthVersion);
                }
                validateSignatureV2 = requestAuthenticator.validateSignatureV2(mAuthRequest, publicKey);
            }
            z = validateSignatureV2;
        }
        return z;
    }

    public RequestAuthenticator(ClientPublicKeyProvider clientPublicKeyProvider, EpochTimeProvider epochTimeProvider, boolean z) {
        this.publicKeyProvider = clientPublicKeyProvider;
        this.epochTimeProvider = epochTimeProvider;
        this.v2OnlyAuthenticate = z;
        this.logger = LoggerFactory.getLogger(RequestAuthenticator.class);
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 1);
        this.isV2OnlyAuthenticate = z;
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 2);
    }

    public RequestAuthenticator(ClientPublicKeyProvider clientPublicKeyProvider, EpochTimeProvider epochTimeProvider) {
        this(clientPublicKeyProvider, epochTimeProvider, false);
    }
}
