package blended.security.akka.http;

import akka.http.scaladsl.model.headers.BasicHttpCredentials;
import akka.http.scaladsl.model.headers.HttpChallenge;
import akka.http.scaladsl.model.headers.HttpChallenges$;
import akka.http.scaladsl.model.headers.HttpCredentials;
import akka.http.scaladsl.server.Directive;
import akka.http.scaladsl.server.Directive$;
import akka.http.scaladsl.server.Directives$;
import akka.http.scaladsl.server.directives.AuthenticationDirective;
import akka.http.scaladsl.server.directives.AuthenticationResult$;
import akka.http.scaladsl.server.util.ApplyConverter$;
import blended.security.BlendedPermission;
import blended.security.BlendedPermissionManager;
import blended.security.SubjectImplicits$;
import blended.util.logging.Logger;
import blended.util.logging.Logger$;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Some;
import scala.collection.mutable.ArrayOps;
import scala.concurrent.ExecutionContext$Implicits$;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.util.Either;

/* compiled from: JAASSecurityDirectives.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005Mba\u0002\u0006\f!\u0003\r\t\u0001\u0006\u0005\u0006?\u0001!\t\u0001\t\u0005\bI\u0001\u0011\rQ\"\u0001&\u0011!Q\u0003\u0001#b!\n\u0013Y\u0003b\u0002\u001b\u0001\u0005\u0004&I!\u000e\u0005\u0007\u0005\u0002\u0001K\u0011B\"\t\rQ\u0003\u0001\u0015\"\u0003V\u0011\u001dI\bA1A\u0005BiDaa \u0001\u0005B\u0005\u0005\u0001bBA\u000e\u0001\u0011\u0005\u0013Q\u0004\u0002\u0017\u0015\u0006\u000b5kU3dkJLG/\u001f#je\u0016\u001cG/\u001b<fg*\u0011A\"D\u0001\u0005QR$\bO\u0003\u0002\u000f\u001f\u0005!\u0011m[6b\u0015\t\u0001\u0012#\u0001\u0005tK\u000e,(/\u001b;z\u0015\u0005\u0011\u0012a\u00022mK:$W\rZ\u0002\u0001'\r\u0001Qc\u0007\t\u0003-ei\u0011a\u0006\u0006\u00021\u0005)1oY1mC&\u0011!d\u0006\u0002\u0007\u0003:L(+\u001a4\u0011\u0005qiR\"A\u0006\n\u0005yY!!\u0007\"mK:$W\rZ*fGV\u0014\u0018\u000e^=ESJ,7\r^5wKN\fa\u0001J5oSR$C#A\u0011\u0011\u0005Y\u0011\u0013BA\u0012\u0018\u0005\u0011)f.\u001b;\u0002\u00075<'/F\u0001'!\t9\u0003&D\u0001\u0010\u0013\tIsB\u0001\rCY\u0016tG-\u001a3QKJl\u0017n]:j_:l\u0015M\\1hKJ\f1\u0001\\8h+\u0005a\u0003CA\u00173\u001b\u0005q#BA\u00181\u0003\u001dawnZ4j]\u001eT!!M\t\u0002\tU$\u0018\u000e\\\u0005\u0003g9\u0012a\u0001T8hO\u0016\u0014\u0018!C2iC2dWM\\4f+\u00051\u0004CA\u001cA\u001b\u0005A$BA\u001d;\u0003\u001dAW-\u00193feNT!a\u000f\u001f\u0002\u000b5|G-\u001a7\u000b\u0005ur\u0014\u0001C:dC2\fGm\u001d7\u000b\u00051y$\"\u0001\b\n\u0005\u0005C$!\u0004%uiB\u001c\u0005.\u00197mK:<W-\u0001\u0003bkRDGC\u0001#P!\r1RiR\u0005\u0003\r^\u0011aa\u00149uS>t\u0007C\u0001%N\u001b\u0005I%B\u0001\"K\u0015\t\u00012JC\u0001M\u0003\u0015Q\u0017M^1y\u0013\tq\u0015JA\u0004Tk\nTWm\u0019;\t\u000bA+\u0001\u0019A)\u0002\u000b\r\u0014X\rZ:\u0011\u0005]\u0012\u0016BA*9\u0005Q\u0011\u0015m]5d\u0011R$\bo\u0011:fI\u0016tG/[1mg\u00069R._+tKJ\u0004\u0016m]:BkRDWM\u001c;jG\u0006$xN\u001d\u000b\u0003-N\u00042a\u0016.]\u001b\u0005A&BA-\u0018\u0003)\u0019wN\\2veJ,g\u000e^\u0005\u00037b\u0013aAR;ukJ,\u0007cA/n\u000f:\u0011aL\u001b\b\u0003?\"t!\u0001Y4\u000f\u0005\u00054gB\u00012f\u001b\u0005\u0019'B\u00013\u0014\u0003\u0019a$o\\8u}%\ta\"\u0003\u0002\r\u007f%\u0011QHP\u0005\u0003Sr\naa]3sm\u0016\u0014\u0018BA6m\u0003)!\u0015N]3di&4Xm\u001d\u0006\u0003SrJ!A\\8\u0003)\u0005+H\u000f[3oi&\u001c\u0017\r^5p]J+7/\u001e7u\u0013\t\u0001\u0018O\u0001\nTK\u000e,(/\u001b;z\t&\u0014Xm\u0019;jm\u0016\u001c(B\u0001:m\u0003)!\u0017N]3di&4Xm\u001d\u0005\u0006i\u001a\u0001\r!^\u0001\fGJ,G-\u001a8uS\u0006d7\u000fE\u0002\u0017\u000bZ\u0004\"aN<\n\u0005aD$a\u0004%uiB\u001c%/\u001a3f]RL\u0017\r\\:\u0002\u001b\u0005,H\u000f[3oi&\u001c\u0017\r^3e+\u0005Y\bc\u0001?~\u000f6\t\u0011/\u0003\u0002\u007fc\n9\u0012)\u001e;iK:$\u0018nY1uS>tG)\u001b:fGRLg/Z\u0001\u0012e\u0016\fX/\u001b:f!\u0016\u0014X.[:tS>tG\u0003BA\u0002\u0003#\u0001B!!\u0002\u0002\f9\u0019a,a\u0002\n\u0007\u0005%A.A\u0004qC\u000e\\\u0017mZ3\n\t\u00055\u0011q\u0002\u0002\u000b\t&\u0014Xm\u0019;jm\u0016\u0004$bAA\u0005Y\"9\u00111\u0003\u0005A\u0002\u0005U\u0011A\u00039fe6L7o]5p]B\u0019q%a\u0006\n\u0007\u0005eqBA\tCY\u0016tG-\u001a3QKJl\u0017n]:j_:\fAB]3rk&\u0014Xm\u0012:pkB$B!a\u0001\u0002 !9\u0011\u0011E\u0005A\u0002\u0005\r\u0012!B4s_V\u0004\b\u0003BA\u0013\u0003[qA!a\n\u0002*A\u0011!mF\u0005\u0004\u0003W9\u0012A\u0002)sK\u0012,g-\u0003\u0003\u00020\u0005E\"AB*ue&twMC\u0002\u0002,]\u0001")
/* loaded from: input_file:blended/security/akka/http/JAASSecurityDirectives.class */
public interface JAASSecurityDirectives extends BlendedSecurityDirectives {
    void blended$security$akka$http$JAASSecurityDirectives$_setter_$blended$security$akka$http$JAASSecurityDirectives$$challenge_$eq(HttpChallenge httpChallenge);

    void blended$security$akka$http$JAASSecurityDirectives$_setter_$authenticated_$eq(AuthenticationDirective<Subject> authenticationDirective);

    BlendedPermissionManager mgr();

    default Logger blended$security$akka$http$JAASSecurityDirectives$$log() {
        return Logger$.MODULE$.apply(ClassTag$.MODULE$.apply(JAASSecurityDirectives.class));
    }

    HttpChallenge blended$security$akka$http$JAASSecurityDirectives$$challenge();

    private default Option<Subject> auth(final BasicHttpCredentials basicHttpCredentials) {
        final JAASSecurityDirectives jAASSecurityDirectives = null;
        LoginContext loginContext = new LoginContext("blended", new CallbackHandler(jAASSecurityDirectives, basicHttpCredentials) { // from class: blended.security.akka.http.JAASSecurityDirectives$$anon$1
            private final BasicHttpCredentials creds$1;

            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) {
                new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(callbackArr)).foreach(callback -> {
                    $anonfun$handle$1(this, callback);
                    return BoxedUnit.UNIT;
                });
            }

            public static final /* synthetic */ void $anonfun$handle$1(JAASSecurityDirectives$$anon$1 jAASSecurityDirectives$$anon$1, Callback callback) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(jAASSecurityDirectives$$anon$1.creds$1.username());
                    BoxedUnit boxedUnit = BoxedUnit.UNIT;
                } else {
                    if (!(callback instanceof PasswordCallback)) {
                        throw new UnsupportedCallbackException(callback, "The submitted callback is not supported");
                    }
                    ((PasswordCallback) callback).setPassword(jAASSecurityDirectives$$anon$1.creds$1.password().toCharArray());
                    BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
                }
            }

            {
                this.creds$1 = basicHttpCredentials;
            }
        });
        try {
            loginContext.login();
            return new Some(loginContext.getSubject());
        } catch (Throwable th) {
            blended$security$akka$http$JAASSecurityDirectives$$log().error(th, () -> {
                return new StringBuilder(19).append("Login failed for [").append(basicHttpCredentials.username()).append("]").toString();
            });
            return None$.MODULE$;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    default Future<Either<HttpChallenge, Subject>> myUserPassAuthenticator(Option<HttpCredentials> option) {
        return Future$.MODULE$.apply(() -> {
            Either failWithChallenge;
            Either failWithChallenge2;
            if (option instanceof Some) {
                HttpCredentials httpCredentials = (HttpCredentials) ((Some) option).value();
                if (httpCredentials instanceof BasicHttpCredentials) {
                    Some auth = this.auth((BasicHttpCredentials) httpCredentials);
                    if (auth instanceof Some) {
                        failWithChallenge2 = AuthenticationResult$.MODULE$.success((Subject) auth.value());
                    } else {
                        if (!None$.MODULE$.equals(auth)) {
                            throw new MatchError(auth);
                        }
                        failWithChallenge2 = AuthenticationResult$.MODULE$.failWithChallenge(this.blended$security$akka$http$JAASSecurityDirectives$$challenge());
                    }
                    failWithChallenge = failWithChallenge2;
                    return failWithChallenge;
                }
            }
            failWithChallenge = AuthenticationResult$.MODULE$.failWithChallenge(this.blended$security$akka$http$JAASSecurityDirectives$$challenge());
            return failWithChallenge;
        }, ExecutionContext$Implicits$.MODULE$.global());
    }

    @Override // blended.security.akka.http.BlendedSecurityDirectives
    AuthenticationDirective<Subject> authenticated();

    @Override // blended.security.akka.http.BlendedSecurityDirectives
    default Directive<BoxedUnit> requirePermission(BlendedPermission blendedPermission) {
        return Directives$.MODULE$.mapInnerRoute(function1 -> {
            return (Function1) Directive$.MODULE$.addDirectiveApply(this.authenticated(), ApplyConverter$.MODULE$.hac1()).apply(subject -> {
                this.blended$security$akka$http$JAASSecurityDirectives$$log().info(() -> {
                    return new StringBuilder(26).append("subject: ").append(subject).append(" with principal: ").append(Option$.MODULE$.apply(subject).map(subject -> {
                        return SubjectImplicits$.MODULE$.EnhancedSubject(subject).getPrincipal();
                    }).getOrElse(() -> {
                        return "null";
                    })).toString();
                });
                this.blended$security$akka$http$JAASSecurityDirectives$$log().debug(() -> {
                    return new StringBuilder(30).append("checking required permission: ").append(blendedPermission).toString();
                });
                return (Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.authorize(() -> {
                    return SubjectImplicits$.MODULE$.EnhancedSubject(subject).isPermitted(this.mgr(), blendedPermission);
                })).apply(() -> {
                    this.blended$security$akka$http$JAASSecurityDirectives$$log().info(() -> {
                        return new StringBuilder(46).append("subject/principal: ").append(Option$.MODULE$.apply(subject).map(subject -> {
                            return SubjectImplicits$.MODULE$.EnhancedSubject(subject).getPrincipal();
                        }).getOrElse(() -> {
                            return subject;
                        })).append(" has required permissions: ").append(blendedPermission).toString();
                    });
                    return function1;
                });
            });
        });
    }

    @Override // blended.security.akka.http.BlendedSecurityDirectives
    default Directive<BoxedUnit> requireGroup(String str) {
        return Directives$.MODULE$.mapInnerRoute(function1 -> {
            return (Function1) Directive$.MODULE$.addDirectiveApply(this.authenticated(), ApplyConverter$.MODULE$.hac1()).apply(subject -> {
                this.blended$security$akka$http$JAASSecurityDirectives$$log().info(() -> {
                    return new StringBuilder(26).append("subject: ").append(subject).append(" with principal: ").append(Option$.MODULE$.apply(subject).map(subject -> {
                        return SubjectImplicits$.MODULE$.EnhancedSubject(subject).getPrincipal();
                    }).getOrElse(() -> {
                        return "null";
                    })).toString();
                });
                this.blended$security$akka$http$JAASSecurityDirectives$$log().debug(() -> {
                    return new StringBuilder(25).append("checking required group: ").append(str).toString();
                });
                return (Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.authorize(() -> {
                    return SubjectImplicits$.MODULE$.EnhancedSubject(subject).getGroups().contains(str);
                })).apply(() -> {
                    this.blended$security$akka$http$JAASSecurityDirectives$$log().info(() -> {
                        return new StringBuilder(40).append("subject/principal: ").append(Option$.MODULE$.apply(subject).map(subject -> {
                            return SubjectImplicits$.MODULE$.EnhancedSubject(subject).getPrincipal();
                        }).getOrElse(() -> {
                            return subject;
                        })).append(" has required group: ").append(str).toString();
                    });
                    return function1;
                });
            });
        });
    }

    static void $init$(JAASSecurityDirectives jAASSecurityDirectives) {
        jAASSecurityDirectives.blended$security$akka$http$JAASSecurityDirectives$_setter_$blended$security$akka$http$JAASSecurityDirectives$$challenge_$eq(HttpChallenges$.MODULE$.basic("blended"));
        jAASSecurityDirectives.blended$security$akka$http$JAASSecurityDirectives$_setter_$authenticated_$eq(Directives$.MODULE$.authenticateOrRejectWithChallenge(option -> {
            return jAASSecurityDirectives.myUserPassAuthenticator(option);
        }));
    }
}
