package blended.security.akka.http;

import akka.http.scaladsl.model.headers.BasicHttpCredentials;
import akka.http.scaladsl.model.headers.HttpChallenge;
import akka.http.scaladsl.model.headers.HttpCredentials;
import akka.http.scaladsl.server.Directive;
import akka.http.scaladsl.server.Directive$;
import akka.http.scaladsl.server.Directives$;
import akka.http.scaladsl.server.directives.AuthenticationDirective;
import akka.http.scaladsl.server.util.ApplyConverter$;
import blended.security.SubjectImplicits$;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.Function1;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Some;
import scala.collection.mutable.ArrayOps;
import scala.concurrent.ExecutionContext$Implicits$;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.package$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.util.Either;

/* compiled from: JAASSecurityDirectives.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005}aaB\u0001\u0003!\u0003\r\ta\u0003\u0002\u0017\u0015\u0006\u000b5kU3dkJLG/\u001f#je\u0016\u001cG/\u001b<fg*\u00111\u0001B\u0001\u0005QR$\bO\u0003\u0002\u0006\r\u0005!\u0011m[6b\u0015\t9\u0001\"\u0001\u0005tK\u000e,(/\u001b;z\u0015\u0005I\u0011a\u00022mK:$W\rZ\u0002\u0001'\r\u0001AB\u0005\t\u0003\u001bAi\u0011A\u0004\u0006\u0002\u001f\u0005)1oY1mC&\u0011\u0011C\u0004\u0002\u0007\u0003:L(+\u001a4\u0011\u0005M!R\"\u0001\u0002\n\u0005U\u0011!!\u0007\"mK:$W\rZ*fGV\u0014\u0018\u000e^=ESJ,7\r^5wKNDQa\u0006\u0001\u0005\u0002a\ta\u0001J5oSR$C#A\r\u0011\u00055Q\u0012BA\u000e\u000f\u0005\u0011)f.\u001b;\t\u0011u\u0001\u0001R1Q\u0005\ny\t1\u0001\\8h+\u0005y\u0002C\u0001\u0011&\u001b\u0005\t#B\u0001\u0012$\u0003\u0015awn\u001a\u001bt\u0015\u0005!\u0013aA8sO&\u0011a%\t\u0002\u0007\u0019><w-\u001a:\t\u000f!\u0002!\u0019!C\u0001S\u0005I1\r[1mY\u0016tw-Z\u000b\u0002UA\u00111\u0006N\u0007\u0002Y)\u0011QFL\u0001\bQ\u0016\fG-\u001a:t\u0015\ty\u0003'A\u0003n_\u0012,GN\u0003\u00022e\u0005A1oY1mC\u0012\u001cHN\u0003\u0002\u0004g)\tQ!\u0003\u00026Y\ti\u0001\n\u001e;q\u0007\"\fG\u000e\\3oO\u0016DQa\u000e\u0001\u0005\u0002a\nA!Y;uQR\u0011\u0011\b\u0012\t\u0004\u001bib\u0014BA\u001e\u000f\u0005\u0019y\u0005\u000f^5p]B\u0011QHQ\u0007\u0002})\u0011qg\u0010\u0006\u0003\u000f\u0001S\u0011!Q\u0001\u0006U\u00064\u0018\r_\u0005\u0003\u0007z\u0012qaU;cU\u0016\u001cG\u000fC\u0003Fm\u0001\u0007a)A\u0003de\u0016$7\u000f\u0005\u0002,\u000f&\u0011\u0001\n\f\u0002\u0015\u0005\u0006\u001c\u0018n\u0019%uiB\u001c%/\u001a3f]RL\u0017\r\\:\t\u000b)\u0003A\u0011A&\u0002/5LXk]3s!\u0006\u001c8/Q;uQ\u0016tG/[2bi>\u0014HC\u0001'_!\ri\u0005KU\u0007\u0002\u001d*\u0011qJD\u0001\u000bG>t7-\u001e:sK:$\u0018BA)O\u0005\u00191U\u000f^;sKB!1k\u0017\u0016=\u001d\t!\u0016L\u0004\u0002V16\taK\u0003\u0002X\u0015\u00051AH]8pizJ\u0011aD\u0005\u00035:\tq\u0001]1dW\u0006<W-\u0003\u0002];\n1Q)\u001b;iKJT!A\u0017\b\t\u000b}K\u0005\u0019\u00011\u0002\u0017\r\u0014X\rZ3oi&\fGn\u001d\t\u0004\u001bi\n\u0007CA\u0016c\u0013\t\u0019GFA\bIiR\u00048I]3eK:$\u0018.\u00197t\u0011\u0015)\u0007\u0001\"\u0011g\u00035\tW\u000f\u001e5f]RL7-\u0019;fIV\tq\rE\u0002i[rj\u0011!\u001b\u0006\u0003U.\f!\u0002Z5sK\u000e$\u0018N^3t\u0015\ta\u0007'\u0001\u0004tKJ4XM]\u0005\u0003]&\u0014q#Q;uQ\u0016tG/[2bi&|g\u000eR5sK\u000e$\u0018N^3\t\u000bA\u0004A\u0011I9\u0002#I,\u0017/^5sKB+'/\\5tg&|g\u000eF\u0002s\u0003\u0003\u0001\"a]?\u000f\u0005QdhBA;|\u001d\t1(P\u0004\u0002xs:\u0011Q\u000b_\u0005\u0002\u000b%\u00111aM\u0005\u0003cIJ!\u0001\u001c\u0019\n\u0005i[\u0017B\u0001@��\u0005)!\u0015N]3di&4X\r\r\u0006\u00035.Dq!a\u0001p\u0001\u0004\t)!\u0001\u0006qKJl\u0017n]:j_:\u0004B!a\u0002\u0002\u00109!\u0011\u0011BA\u0006!\t)f\"C\u0002\u0002\u000e9\ta\u0001\u0015:fI\u00164\u0017\u0002BA\t\u0003'\u0011aa\u0015;sS:<'bAA\u0007\u001d!9\u0011q\u0003\u0001\u0005B\u0005e\u0011\u0001\u0004:fcVL'/Z$s_V\u0004Hc\u0001:\u0002\u001c!A\u0011QDA\u000b\u0001\u0004\t)!A\u0003he>,\b\u000f")
/* loaded from: input_file:blended/security/akka/http/JAASSecurityDirectives.class */
public interface JAASSecurityDirectives extends BlendedSecurityDirectives {
    void blended$security$akka$http$JAASSecurityDirectives$_setter_$challenge_$eq(HttpChallenge httpChallenge);

    default Logger blended$security$akka$http$JAASSecurityDirectives$$log() {
        return LoggerFactory.getLogger(JAASSecurityDirectives.class);
    }

    HttpChallenge challenge();

    default Option<Subject> auth(final BasicHttpCredentials basicHttpCredentials) {
        final JAASSecurityDirectives jAASSecurityDirectives = null;
        LoginContext loginContext = new LoginContext("blended", new CallbackHandler(jAASSecurityDirectives, basicHttpCredentials) { // from class: blended.security.akka.http.JAASSecurityDirectives$$anon$1
            private final BasicHttpCredentials creds$1;

            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) {
                new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(callbackArr)).foreach(callback -> {
                    $anonfun$handle$1(this, callback);
                    return BoxedUnit.UNIT;
                });
            }

            public static final /* synthetic */ void $anonfun$handle$1(JAASSecurityDirectives$$anon$1 jAASSecurityDirectives$$anon$1, Callback callback) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(jAASSecurityDirectives$$anon$1.creds$1.username());
                    BoxedUnit boxedUnit = BoxedUnit.UNIT;
                } else {
                    if (!(callback instanceof PasswordCallback)) {
                        throw new UnsupportedCallbackException(callback, "The submitted callback is not supported");
                    }
                    ((PasswordCallback) callback).setPassword(jAASSecurityDirectives$$anon$1.creds$1.password().toCharArray());
                    BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
                }
            }

            {
                this.creds$1 = basicHttpCredentials;
            }
        });
        try {
            loginContext.login();
            return new Some(loginContext.getSubject());
        } catch (Throwable th) {
            if (blended$security$akka$http$JAASSecurityDirectives$$log().isErrorEnabled()) {
                blended$security$akka$http$JAASSecurityDirectives$$log().error(new StringBuilder(19).append("Login failed for [").append(basicHttpCredentials.username()).append("]").toString(), th);
            }
            return None$.MODULE$;
        }
    }

    default Future<Either<HttpChallenge, Subject>> myUserPassAuthenticator(Option<HttpCredentials> option) {
        return Future$.MODULE$.apply(() -> {
            Either apply;
            if (option instanceof Some) {
                HttpCredentials httpCredentials = (HttpCredentials) ((Some) option).value();
                if (httpCredentials instanceof BasicHttpCredentials) {
                    apply = this.auth((BasicHttpCredentials) httpCredentials).toRight(() -> {
                        return this.challenge();
                    });
                    return apply;
                }
            }
            apply = package$.MODULE$.Left().apply(this.challenge());
            return apply;
        }, ExecutionContext$Implicits$.MODULE$.global());
    }

    @Override // blended.security.akka.http.BlendedSecurityDirectives
    default AuthenticationDirective<Subject> authenticated() {
        return Directives$.MODULE$.authenticateOrRejectWithChallenge(option -> {
            return this.myUserPassAuthenticator(option);
        });
    }

    @Override // blended.security.akka.http.BlendedSecurityDirectives
    default Directive<BoxedUnit> requirePermission(String str) {
        return Directives$.MODULE$.mapInnerRoute(function1 -> {
            return (Function1) Directive$.MODULE$.addDirectiveApply(this.authenticated(), ApplyConverter$.MODULE$.hac1()).apply(subject -> {
                if (this.blended$security$akka$http$JAASSecurityDirectives$$log().isInfoEnabled()) {
                    this.blended$security$akka$http$JAASSecurityDirectives$$log().info(new StringBuilder(26).append("subject: ").append(subject).append(" with principal: ").append(Option$.MODULE$.apply(subject).map(subject -> {
                        return SubjectImplicits$.MODULE$.EnhancedSubject(subject).getPrincipal();
                    }).getOrElse(() -> {
                        return "null";
                    })).toString());
                }
                if (this.blended$security$akka$http$JAASSecurityDirectives$$log().isDebugEnabled()) {
                    this.blended$security$akka$http$JAASSecurityDirectives$$log().debug(new StringBuilder(30).append("checking required permission: ").append(str).toString());
                }
                return (Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.authorize(() -> {
                    return SubjectImplicits$.MODULE$.EnhancedSubject(subject).isPermitted(str);
                })).apply(() -> {
                    if (this.blended$security$akka$http$JAASSecurityDirectives$$log().isInfoEnabled()) {
                        this.blended$security$akka$http$JAASSecurityDirectives$$log().info(new StringBuilder(46).append("subject/principal: ").append(Option$.MODULE$.apply(subject).map(subject2 -> {
                            return SubjectImplicits$.MODULE$.EnhancedSubject(subject2).getPrincipal();
                        }).getOrElse(() -> {
                            return subject;
                        })).append(" has required permissions: ").append(str).toString());
                    }
                    return function1;
                });
            });
        });
    }

    @Override // blended.security.akka.http.BlendedSecurityDirectives
    default Directive<BoxedUnit> requireGroup(String str) {
        return Directives$.MODULE$.mapInnerRoute(function1 -> {
            return (Function1) Directive$.MODULE$.addDirectiveApply(this.authenticated(), ApplyConverter$.MODULE$.hac1()).apply(subject -> {
                if (this.blended$security$akka$http$JAASSecurityDirectives$$log().isInfoEnabled()) {
                    this.blended$security$akka$http$JAASSecurityDirectives$$log().info(new StringBuilder(26).append("subject: ").append(subject).append(" with principal: ").append(Option$.MODULE$.apply(subject).map(subject -> {
                        return SubjectImplicits$.MODULE$.EnhancedSubject(subject).getPrincipal();
                    }).getOrElse(() -> {
                        return "null";
                    })).toString());
                }
                if (this.blended$security$akka$http$JAASSecurityDirectives$$log().isDebugEnabled()) {
                    this.blended$security$akka$http$JAASSecurityDirectives$$log().debug(new StringBuilder(25).append("checking required group: ").append(str).toString());
                }
                return (Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.authorize(() -> {
                    return SubjectImplicits$.MODULE$.EnhancedSubject(subject).getGroups().contains(str);
                })).apply(() -> {
                    if (this.blended$security$akka$http$JAASSecurityDirectives$$log().isInfoEnabled()) {
                        this.blended$security$akka$http$JAASSecurityDirectives$$log().info(new StringBuilder(40).append("subject/principal: ").append(Option$.MODULE$.apply(subject).map(subject2 -> {
                            return SubjectImplicits$.MODULE$.EnhancedSubject(subject2).getPrincipal();
                        }).getOrElse(() -> {
                            return subject;
                        })).append(" has required group: ").append(str).toString());
                    }
                    return function1;
                });
            });
        });
    }
}
