package blended.security.akka.http;

import akka.http.scaladsl.model.headers.BasicHttpCredentials;
import akka.http.scaladsl.model.headers.HttpChallenge;
import akka.http.scaladsl.model.headers.HttpChallenges$;
import akka.http.scaladsl.model.headers.HttpCredentials;
import akka.http.scaladsl.server.Directive;
import akka.http.scaladsl.server.Directive$;
import akka.http.scaladsl.server.Directives$;
import akka.http.scaladsl.server.directives.AuthenticationDirective;
import akka.http.scaladsl.server.directives.AuthenticationResult$;
import akka.http.scaladsl.server.util.ApplyConverter$;
import blended.security.BlendedPermission;
import blended.security.BlendedPermissionManager;
import blended.security.SubjectImplicits$;
import blended.util.logging.Logger;
import blended.util.logging.Logger$;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Some;
import scala.collection.mutable.ArrayOps;
import scala.concurrent.ExecutionContext$Implicits$;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.util.Either;

/* compiled from: JAASSecurityDirectives.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005MbaB\u0001\u0003!\u0003\r\ta\u0003\u0002\u0017\u0015\u0006\u000b5kU3dkJLG/\u001f#je\u0016\u001cG/\u001b<fg*\u00111\u0001B\u0001\u0005QR$\bO\u0003\u0002\u0006\r\u0005!\u0011m[6b\u0015\t9\u0001\"\u0001\u0005tK\u000e,(/\u001b;z\u0015\u0005I\u0011a\u00022mK:$W\rZ\u0002\u0001'\r\u0001AB\u0005\t\u0003\u001bAi\u0011A\u0004\u0006\u0002\u001f\u0005)1oY1mC&\u0011\u0011C\u0004\u0002\u0007\u0003:L(+\u001a4\u0011\u0005M!R\"\u0001\u0002\n\u0005U\u0011!!\u0007\"mK:$W\rZ*fGV\u0014\u0018\u000e^=ESJ,7\r^5wKNDQa\u0006\u0001\u0005\u0002a\ta\u0001J5oSR$C#A\r\u0011\u00055Q\u0012BA\u000e\u000f\u0005\u0011)f.\u001b;\t\u000fu\u0001!\u0019!D\u0001=\u0005\u0019Qn\u001a:\u0016\u0003}\u0001\"\u0001I\u0011\u000e\u0003\u0019I!A\t\u0004\u00031\tcWM\u001c3fIB+'/\\5tg&|g.T1oC\u001e,'\u000f\u0003\u0005%\u0001!\u0015\r\u0015\"\u0003&\u0003\rawnZ\u000b\u0002MA\u0011q\u0005L\u0007\u0002Q)\u0011\u0011FK\u0001\bY><w-\u001b8h\u0015\tY\u0003\"\u0001\u0003vi&d\u0017BA\u0017)\u0005\u0019aunZ4fe\"9q\u0006\u0001b!\n\u0013\u0001\u0014!C2iC2dWM\\4f+\u0005\t\u0004C\u0001\u001a<\u001b\u0005\u0019$B\u0001\u001b6\u0003\u001dAW-\u00193feNT!AN\u001c\u0002\u000b5|G-\u001a7\u000b\u0005aJ\u0014\u0001C:dC2\fGm\u001d7\u000b\u0005\rQ$\"A\u0003\n\u0005q\u001a$!\u0004%uiB\u001c\u0005.\u00197mK:<W\r\u0003\u0004?\u0001\u0001&IaP\u0001\u0005CV$\b\u000e\u0006\u0002A\u0017B\u0019Q\"Q\"\n\u0005\ts!AB(qi&|g\u000e\u0005\u0002E\u00136\tQI\u0003\u0002?\r*\u0011qa\u0012\u0006\u0002\u0011\u0006)!.\u0019<bq&\u0011!*\u0012\u0002\b'V\u0014'.Z2u\u0011\u0015aU\b1\u0001N\u0003\u0015\u0019'/\u001a3t!\t\u0011d*\u0003\u0002Pg\t!\")Y:jG\"#H\u000f]\"sK\u0012,g\u000e^5bYNDa!\u0015\u0001!\n\u0013\u0011\u0016aF7z+N,'\u000fU1tg\u0006+H\u000f[3oi&\u001c\u0017\r^8s)\t\u0019\u0006\u000fE\u0002U/fk\u0011!\u0016\u0006\u0003-:\t!bY8oGV\u0014(/\u001a8u\u0013\tAVK\u0001\u0004GkR,(/\u001a\t\u00045*\u001ceBA.h\u001d\taVM\u0004\u0002^I:\u0011al\u0019\b\u0003?\nl\u0011\u0001\u0019\u0006\u0003C*\ta\u0001\u0010:p_Rt\u0014\"A\u0003\n\u0005\rQ\u0014B\u0001\u001d:\u0013\t1w'\u0001\u0004tKJ4XM]\u0005\u0003Q&\f!\u0002R5sK\u000e$\u0018N^3t\u0015\t1w'\u0003\u0002lY\n!\u0012)\u001e;iK:$\u0018nY1uS>t'+Z:vYRL!!\u001c8\u0003%M+7-\u001e:jif$\u0015N]3di&4Xm\u001d\u0006\u0003_&\f!\u0002Z5sK\u000e$\u0018N^3t\u0011\u0015\t\b\u000b1\u0001s\u0003-\u0019'/\u001a3f]RL\u0017\r\\:\u0011\u00075\t5\u000f\u0005\u00023i&\u0011Qo\r\u0002\u0010\u0011R$\bo\u0011:fI\u0016tG/[1mg\"9q\u000f\u0001b\u0001\n\u0003B\u0018!D1vi\",g\u000e^5dCR,G-F\u0001z!\rQ8pQ\u0007\u0002]&\u0011AP\u001c\u0002\u0018\u0003V$\b.\u001a8uS\u000e\fG/[8o\t&\u0014Xm\u0019;jm\u0016DQA \u0001\u0005B}\f\u0011C]3rk&\u0014X\rU3s[&\u001c8/[8o)\u0011\t\t!a\u0004\u0011\t\u0005\r\u0011\u0011\u0002\b\u00047\u0006\u0015\u0011bAA\u0004S\u00069\u0001/Y2lC\u001e,\u0017\u0002BA\u0006\u0003\u001b\u0011!\u0002R5sK\u000e$\u0018N^31\u0015\r\t9!\u001b\u0005\b\u0003#i\b\u0019AA\n\u0003)\u0001XM]7jgNLwN\u001c\t\u0004A\u0005U\u0011bAA\f\r\t\t\"\t\\3oI\u0016$\u0007+\u001a:nSN\u001c\u0018n\u001c8\t\u000f\u0005m\u0001\u0001\"\u0011\u0002\u001e\u0005a!/Z9vSJ,wI]8vaR!\u0011\u0011AA\u0010\u0011!\t\t#!\u0007A\u0002\u0005\r\u0012!B4s_V\u0004\b\u0003BA\u0013\u0003[qA!a\n\u0002*A\u0011qLD\u0005\u0004\u0003Wq\u0011A\u0002)sK\u0012,g-\u0003\u0003\u00020\u0005E\"AB*ue&twMC\u0002\u0002,9\u0001")
/* loaded from: input_file:blended/security/akka/http/JAASSecurityDirectives.class */
public interface JAASSecurityDirectives extends BlendedSecurityDirectives {
    void blended$security$akka$http$JAASSecurityDirectives$_setter_$blended$security$akka$http$JAASSecurityDirectives$$challenge_$eq(HttpChallenge httpChallenge);

    void blended$security$akka$http$JAASSecurityDirectives$_setter_$authenticated_$eq(AuthenticationDirective<Subject> authenticationDirective);

    BlendedPermissionManager mgr();

    default Logger blended$security$akka$http$JAASSecurityDirectives$$log() {
        return Logger$.MODULE$.apply(ClassTag$.MODULE$.apply(JAASSecurityDirectives.class));
    }

    HttpChallenge blended$security$akka$http$JAASSecurityDirectives$$challenge();

    private default Option<Subject> auth(final BasicHttpCredentials basicHttpCredentials) {
        final JAASSecurityDirectives jAASSecurityDirectives = null;
        LoginContext loginContext = new LoginContext("blended", new CallbackHandler(jAASSecurityDirectives, basicHttpCredentials) { // from class: blended.security.akka.http.JAASSecurityDirectives$$anon$1
            private final BasicHttpCredentials creds$1;

            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) {
                new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(callbackArr)).foreach(callback -> {
                    $anonfun$handle$1(this, callback);
                    return BoxedUnit.UNIT;
                });
            }

            public static final /* synthetic */ void $anonfun$handle$1(JAASSecurityDirectives$$anon$1 jAASSecurityDirectives$$anon$1, Callback callback) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(jAASSecurityDirectives$$anon$1.creds$1.username());
                    BoxedUnit boxedUnit = BoxedUnit.UNIT;
                } else {
                    if (!(callback instanceof PasswordCallback)) {
                        throw new UnsupportedCallbackException(callback, "The submitted callback is not supported");
                    }
                    ((PasswordCallback) callback).setPassword(jAASSecurityDirectives$$anon$1.creds$1.password().toCharArray());
                    BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
                }
            }

            {
                this.creds$1 = basicHttpCredentials;
            }
        });
        try {
            loginContext.login();
            return new Some(loginContext.getSubject());
        } catch (Throwable th) {
            blended$security$akka$http$JAASSecurityDirectives$$log().error(th, () -> {
                return new StringBuilder(19).append("Login failed for [").append(basicHttpCredentials.username()).append("]").toString();
            });
            return None$.MODULE$;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    default Future<Either<HttpChallenge, Subject>> myUserPassAuthenticator(Option<HttpCredentials> option) {
        return Future$.MODULE$.apply(() -> {
            Either failWithChallenge;
            Either failWithChallenge2;
            if (option instanceof Some) {
                HttpCredentials httpCredentials = (HttpCredentials) ((Some) option).value();
                if (httpCredentials instanceof BasicHttpCredentials) {
                    Some auth = this.auth((BasicHttpCredentials) httpCredentials);
                    if (auth instanceof Some) {
                        failWithChallenge2 = AuthenticationResult$.MODULE$.success((Subject) auth.value());
                    } else {
                        if (!None$.MODULE$.equals(auth)) {
                            throw new MatchError(auth);
                        }
                        failWithChallenge2 = AuthenticationResult$.MODULE$.failWithChallenge(this.blended$security$akka$http$JAASSecurityDirectives$$challenge());
                    }
                    failWithChallenge = failWithChallenge2;
                    return failWithChallenge;
                }
            }
            failWithChallenge = AuthenticationResult$.MODULE$.failWithChallenge(this.blended$security$akka$http$JAASSecurityDirectives$$challenge());
            return failWithChallenge;
        }, ExecutionContext$Implicits$.MODULE$.global());
    }

    @Override // blended.security.akka.http.BlendedSecurityDirectives
    AuthenticationDirective<Subject> authenticated();

    @Override // blended.security.akka.http.BlendedSecurityDirectives
    default Directive<BoxedUnit> requirePermission(BlendedPermission blendedPermission) {
        return Directives$.MODULE$.mapInnerRoute(function1 -> {
            return (Function1) Directive$.MODULE$.addDirectiveApply(this.authenticated(), ApplyConverter$.MODULE$.hac1()).apply(subject -> {
                this.blended$security$akka$http$JAASSecurityDirectives$$log().info(() -> {
                    return new StringBuilder(26).append("subject: ").append(subject).append(" with principal: ").append(Option$.MODULE$.apply(subject).map(subject -> {
                        return SubjectImplicits$.MODULE$.EnhancedSubject(subject).getPrincipal();
                    }).getOrElse(() -> {
                        return "null";
                    })).toString();
                });
                this.blended$security$akka$http$JAASSecurityDirectives$$log().debug(() -> {
                    return new StringBuilder(30).append("checking required permission: ").append(blendedPermission).toString();
                });
                return (Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.authorize(() -> {
                    return SubjectImplicits$.MODULE$.EnhancedSubject(subject).isPermitted(this.mgr(), blendedPermission);
                })).apply(() -> {
                    this.blended$security$akka$http$JAASSecurityDirectives$$log().info(() -> {
                        return new StringBuilder(46).append("subject/principal: ").append(Option$.MODULE$.apply(subject).map(subject -> {
                            return SubjectImplicits$.MODULE$.EnhancedSubject(subject).getPrincipal();
                        }).getOrElse(() -> {
                            return subject;
                        })).append(" has required permissions: ").append(blendedPermission).toString();
                    });
                    return function1;
                });
            });
        });
    }

    @Override // blended.security.akka.http.BlendedSecurityDirectives
    default Directive<BoxedUnit> requireGroup(String str) {
        return Directives$.MODULE$.mapInnerRoute(function1 -> {
            return (Function1) Directive$.MODULE$.addDirectiveApply(this.authenticated(), ApplyConverter$.MODULE$.hac1()).apply(subject -> {
                this.blended$security$akka$http$JAASSecurityDirectives$$log().info(() -> {
                    return new StringBuilder(26).append("subject: ").append(subject).append(" with principal: ").append(Option$.MODULE$.apply(subject).map(subject -> {
                        return SubjectImplicits$.MODULE$.EnhancedSubject(subject).getPrincipal();
                    }).getOrElse(() -> {
                        return "null";
                    })).toString();
                });
                this.blended$security$akka$http$JAASSecurityDirectives$$log().debug(() -> {
                    return new StringBuilder(25).append("checking required group: ").append(str).toString();
                });
                return (Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.authorize(() -> {
                    return SubjectImplicits$.MODULE$.EnhancedSubject(subject).getGroups().contains(str);
                })).apply(() -> {
                    this.blended$security$akka$http$JAASSecurityDirectives$$log().info(() -> {
                        return new StringBuilder(40).append("subject/principal: ").append(Option$.MODULE$.apply(subject).map(subject -> {
                            return SubjectImplicits$.MODULE$.EnhancedSubject(subject).getPrincipal();
                        }).getOrElse(() -> {
                            return subject;
                        })).append(" has required group: ").append(str).toString();
                    });
                    return function1;
                });
            });
        });
    }

    static void $init$(JAASSecurityDirectives jAASSecurityDirectives) {
        jAASSecurityDirectives.blended$security$akka$http$JAASSecurityDirectives$_setter_$blended$security$akka$http$JAASSecurityDirectives$$challenge_$eq(HttpChallenges$.MODULE$.basic("blended"));
        jAASSecurityDirectives.blended$security$akka$http$JAASSecurityDirectives$_setter_$authenticated_$eq(Directives$.MODULE$.authenticateOrRejectWithChallenge(option -> {
            return jAASSecurityDirectives.myUserPassAuthenticator(option);
        }));
    }
}
