package blended.security.login.rest.internal;

import akka.http.scaladsl.marshalling.Marshaller$;
import akka.http.scaladsl.marshalling.ToResponseMarshallable;
import akka.http.scaladsl.marshalling.ToResponseMarshallable$;
import akka.http.scaladsl.model.HttpEntity;
import akka.http.scaladsl.model.HttpEntity$;
import akka.http.scaladsl.model.HttpMethod;
import akka.http.scaladsl.model.HttpMethods$;
import akka.http.scaladsl.model.HttpResponse$;
import akka.http.scaladsl.model.StatusCodes;
import akka.http.scaladsl.model.StatusCodes$;
import akka.http.scaladsl.model.headers.Access;
import akka.http.scaladsl.model.headers.Access$minusControl$minusAllow$minusHeaders$;
import akka.http.scaladsl.model.headers.Access$minusControl$minusAllow$minusMethods$;
import akka.http.scaladsl.model.headers.Access$minusControl$minusAllow$minusOrigin$;
import akka.http.scaladsl.model.headers.HttpChallenge;
import akka.http.scaladsl.model.headers.ResponseHeader;
import akka.http.scaladsl.server.Directive;
import akka.http.scaladsl.server.Directive$;
import akka.http.scaladsl.server.Directives$;
import akka.http.scaladsl.server.RequestContext;
import akka.http.scaladsl.server.RouteResult;
import akka.http.scaladsl.server.directives.AuthenticationDirective;
import akka.http.scaladsl.server.util.ApplyConverter$;
import blended.security.BlendedPermission;
import blended.security.BlendedPermissionManager;
import blended.security.akka.http.BlendedSecurityDirectives;
import blended.security.akka.http.JAASSecurityDirectives;
import blended.security.login.api.Token;
import blended.security.login.api.TokenStore;
import java.security.spec.X509EncodedKeySpec;
import javax.security.auth.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.Function1;
import scala.MatchError;
import scala.Predef$;
import scala.Some;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.immutable.$colon;
import scala.collection.immutable.List;
import scala.collection.immutable.Nil$;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.duration.package;
import scala.concurrent.duration.package$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.util.Failure;
import scala.util.Success;
import sun.misc.BASE64Encoder;

/* compiled from: LoginService.scala */
@ScalaSignature(bytes = "\u0006\u0001]4A!\u0001\u0002\u0001\u001b\taAj\\4j]N+'O^5dK*\u00111\u0001B\u0001\tS:$XM\u001d8bY*\u0011QAB\u0001\u0005e\u0016\u001cHO\u0003\u0002\b\u0011\u0005)An\\4j]*\u0011\u0011BC\u0001\tg\u0016\u001cWO]5us*\t1\"A\u0004cY\u0016tG-\u001a3\u0004\u0001M\u0019\u0001A\u0004\u000b\u0011\u0005=\u0011R\"\u0001\t\u000b\u0003E\tQa]2bY\u0006L!a\u0005\t\u0003\r\u0005s\u0017PU3g!\t)\"$D\u0001\u0017\u0015\t9\u0002$\u0001\u0003iiR\u0004(BA\r\t\u0003\u0011\t7n[1\n\u0005m1\"A\u0006&B\u0003N\u001bVmY;sSRLH)\u001b:fGRLg/Z:\t\u0011u\u0001!\u0011!Q\u0001\ny\t!\u0002^8lK:\u001cHo\u001c:f!\ty\"%D\u0001!\u0015\t\tc!A\u0002ba&L!a\t\u0011\u0003\u0015Q{7.\u001a8Ti>\u0014X\r\u0003\u0005&\u0001\t\u0015\r\u0011\"\u0011'\u0003\riwM]\u000b\u0002OA\u0011\u0001&K\u0007\u0002\u0011%\u0011!\u0006\u0003\u0002\u0019\u00052,g\u000eZ3e!\u0016\u0014X.[:tS>tW*\u00198bO\u0016\u0014\b\u0002\u0003\u0017\u0001\u0005\u0003\u0005\u000b\u0011B\u0014\u0002\t5<'\u000f\t\u0005\t]\u0001\u0011\t\u0011)A\u0006_\u0005)Qm\u0011;yiB\u0011\u0001gM\u0007\u0002c)\u0011!\u0007E\u0001\u000bG>t7-\u001e:sK:$\u0018B\u0001\u001b2\u0005A)\u00050Z2vi&|gnQ8oi\u0016DH\u000fC\u00037\u0001\u0011\u0005q'\u0001\u0004=S:LGO\u0010\u000b\u0004qqjDCA\u001d<!\tQ\u0004!D\u0001\u0003\u0011\u0015qS\u0007q\u00010\u0011\u0015iR\u00071\u0001\u001f\u0011\u0015)S\u00071\u0001(\u0011\u0019y\u0004\u0001)A\u0005\u0001\u0006\u0019An\\4\u0011\u0005\u00053U\"\u0001\"\u000b\u0005\r#\u0015!B:mMRR'\"A#\u0002\u0007=\u0014x-\u0003\u0002H\u0005\n1Aj\\4hKJD\u0001\"\u0013\u0001\t\u0006\u0004&IAS\u0001\raV\u0014G.[2LKf\u0004V)T\u000b\u0002\u0017B\u0011Aj\u0015\b\u0003\u001bF\u0003\"A\u0014\t\u000e\u0003=S!\u0001\u0015\u0007\u0002\rq\u0012xn\u001c;?\u0013\t\u0011\u0006#\u0001\u0004Qe\u0016$WMZ\u0005\u0003)V\u0013aa\u0015;sS:<'B\u0001*\u0011\u0011\u00159\u0006\u0001\"\u0001Y\u0003\u0015\u0011x.\u001e;f+\u0005I\u0006C\u0001.l\u001d\tY\u0006N\u0004\u0002]K:\u0011QL\u0019\b\u0003=\u0002t!AT0\n\u0003eI!aF1\u000b\u0003eI!a\u00193\u0002\u0011M\u001c\u0017\r\\1eg2T!aF1\n\u0005\u0019<\u0017AB:feZ,'O\u0003\u0002dI&\u0011\u0011N[\u0001\ba\u0006\u001c7.Y4f\u0015\t1w-\u0003\u0002m[\n)!k\\;uK*\u0011\u0011N\u001b\u0005\u0007_\u0002\u0001\u000b\u0011\u00029\u0002\u00151|w-\u001b8S_V$X\r\u0005\u0002rW:\u0011!\u000f[\u0007\u0002U\"1A\u000f\u0001Q\u0001\nA\f1\u0002\\8h_V$(k\\;uK\"1a\u000f\u0001Q\u0001\nA\fa\u0002];cY&\u001c7*Z=S_V$X\r")
/* loaded from: input_file:blended/security/login/rest/internal/LoginService.class */
public class LoginService implements JAASSecurityDirectives {
    private String publicKeyPEM;
    private final TokenStore tokenstore;
    private final BlendedPermissionManager mgr;
    private final ExecutionContext eCtxt;
    private final Logger log;
    private final Function1<RequestContext, Future<RouteResult>> loginRoute;
    private final Function1<RequestContext, Future<RouteResult>> logoutRoute;
    private final Function1<RequestContext, Future<RouteResult>> publicKeyRoute;
    private blended.util.logging.Logger blended$security$akka$http$JAASSecurityDirectives$$log;
    private final HttpChallenge blended$security$akka$http$JAASSecurityDirectives$$challenge;
    private final AuthenticationDirective<Subject> authenticated;
    private volatile byte bitmap$0;

    public Directive<BoxedUnit> requirePermission(BlendedPermission blendedPermission) {
        return JAASSecurityDirectives.requirePermission$(this, blendedPermission);
    }

    public Directive<BoxedUnit> requireGroup(String str) {
        return JAASSecurityDirectives.requireGroup$(this, str);
    }

    public Directive<BoxedUnit> requirePermission(String str) {
        return BlendedSecurityDirectives.requirePermission$(this, str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [blended.security.login.rest.internal.LoginService] */
    private blended.util.logging.Logger blended$security$akka$http$JAASSecurityDirectives$$log$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 2)) == 0) {
                this.blended$security$akka$http$JAASSecurityDirectives$$log = JAASSecurityDirectives.blended$security$akka$http$JAASSecurityDirectives$$log$(this);
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 2);
            }
        }
        return this.blended$security$akka$http$JAASSecurityDirectives$$log;
    }

    public blended.util.logging.Logger blended$security$akka$http$JAASSecurityDirectives$$log() {
        return ((byte) (this.bitmap$0 & 2)) == 0 ? blended$security$akka$http$JAASSecurityDirectives$$log$lzycompute() : this.blended$security$akka$http$JAASSecurityDirectives$$log;
    }

    public HttpChallenge blended$security$akka$http$JAASSecurityDirectives$$challenge() {
        return this.blended$security$akka$http$JAASSecurityDirectives$$challenge;
    }

    public AuthenticationDirective<Subject> authenticated() {
        return this.authenticated;
    }

    public final void blended$security$akka$http$JAASSecurityDirectives$_setter_$blended$security$akka$http$JAASSecurityDirectives$$challenge_$eq(HttpChallenge httpChallenge) {
        this.blended$security$akka$http$JAASSecurityDirectives$$challenge = httpChallenge;
    }

    public void blended$security$akka$http$JAASSecurityDirectives$_setter_$authenticated_$eq(AuthenticationDirective<Subject> authenticationDirective) {
        this.authenticated = authenticationDirective;
    }

    public BlendedPermissionManager mgr() {
        return this.mgr;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [blended.security.login.rest.internal.LoginService] */
    private String publicKeyPEM$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 1)) == 0) {
                this.publicKeyPEM = lines$1(new BASE64Encoder().encode(new X509EncodedKeySpec(this.tokenstore.publicKey().getEncoded()).getEncoded()), new $colon.colon("-----BEGIN PUBLIC KEY-----", Nil$.MODULE$)).$colon$colon("-----END PUBLIC KEY-----").reverse().mkString("\n");
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 1);
            }
        }
        return this.publicKeyPEM;
    }

    private String publicKeyPEM() {
        return ((byte) (this.bitmap$0 & 1)) == 0 ? publicKeyPEM$lzycompute() : this.publicKeyPEM;
    }

    public Function1<RequestContext, Future<RouteResult>> route() {
        return Directives$.MODULE$._enhanceRouteWithConcatenation(Directives$.MODULE$._enhanceRouteWithConcatenation(this.loginRoute).$tilde(this.logoutRoute)).$tilde(this.publicKeyRoute);
    }

    private final List lines$1(String str, List list) {
        while (str.length() > 64) {
            String substring = str.substring(64);
            list = list.$colon$colon(str.substring(0, 64));
            str = substring;
        }
        return list.$colon$colon(str);
    }

    public LoginService(TokenStore tokenStore, BlendedPermissionManager blendedPermissionManager, ExecutionContext executionContext) {
        this.tokenstore = tokenStore;
        this.mgr = blendedPermissionManager;
        this.eCtxt = executionContext;
        BlendedSecurityDirectives.$init$(this);
        JAASSecurityDirectives.$init$(this);
        this.log = LoggerFactory.getLogger(LoginService.class);
        Seq apply = Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new ResponseHeader[]{Access$minusControl$minusAllow$minusOrigin$.MODULE$.$times(), Access$minusControl$minusAllow$minusMethods$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new HttpMethod[]{HttpMethods$.MODULE$.GET(), HttpMethods$.MODULE$.POST(), HttpMethods$.MODULE$.OPTIONS()})), new Access.minusControl.minusMax.minusAge(1000L), Access$minusControl$minusAllow$minusHeaders$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{"origin", "x-csrftoken", "content-type", "accept", "authorization"}))}));
        this.loginRoute = (Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.pathSingleSlash()).apply(() -> {
            return Directives$.MODULE$._enhanceRouteWithConcatenation(Directives$.MODULE$._enhanceRouteWithConcatenation((Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.options()).apply(() -> {
                return Directives$.MODULE$.complete(() -> {
                    return ToResponseMarshallable$.MODULE$.apply(HttpResponse$.MODULE$.apply(StatusCodes$.MODULE$.OK(), HttpResponse$.MODULE$.apply$default$2(), HttpResponse$.MODULE$.apply$default$3(), HttpResponse$.MODULE$.apply$default$4()).withHeaders(apply), Marshaller$.MODULE$.fromResponse());
                });
            })).$tilde((Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.get()).apply(() -> {
                this.log.warn("Login must be executed with a HTTP Post");
                return Directives$.MODULE$.complete(() -> {
                    return ToResponseMarshallable$.MODULE$.apply(HttpResponse$.MODULE$.apply(StatusCodes$.MODULE$.Forbidden(), HttpResponse$.MODULE$.apply$default$2(), HttpResponse$.MODULE$.apply$default$3(), HttpResponse$.MODULE$.apply$default$4()).withHeaders(apply), Marshaller$.MODULE$.fromResponse());
                });
            }))).$tilde((Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.post()).apply(() -> {
                return (Function1) Directive$.MODULE$.addDirectiveApply(this.authenticated(), ApplyConverter$.MODULE$.hac1()).apply(subject -> {
                    return Directives$.MODULE$.complete(() -> {
                        ToResponseMarshallable apply2;
                        Failure newToken = this.tokenstore.newToken(subject, new Some(new package.DurationInt(package$.MODULE$.DurationInt(1)).minute()), this.eCtxt);
                        if (newToken instanceof Failure) {
                            this.log.error(new StringBuilder(27).append("Could not create token : [").append(newToken.exception().getMessage()).append("]").toString());
                            apply2 = ToResponseMarshallable$.MODULE$.apply(HttpResponse$.MODULE$.apply(StatusCodes$.MODULE$.BadRequest(), HttpResponse$.MODULE$.apply$default$2(), HttpResponse$.MODULE$.apply$default$3(), HttpResponse$.MODULE$.apply$default$4()).withHeaders(apply), Marshaller$.MODULE$.fromResponse());
                        } else {
                            if (!(newToken instanceof Success)) {
                                throw new MatchError(newToken);
                            }
                            Token token = (Token) ((Success) newToken).value();
                            this.log.info(new StringBuilder(46).append("User [").append(token.user()).append("] logged in successgully, token-id is [").append(token.id()).append("]").toString());
                            ToResponseMarshallable$ toResponseMarshallable$ = ToResponseMarshallable$.MODULE$;
                            StatusCodes.Success OK = StatusCodes$.MODULE$.OK();
                            HttpEntity.Strict apply3 = HttpEntity$.MODULE$.apply(token.webToken());
                            apply2 = toResponseMarshallable$.apply(HttpResponse$.MODULE$.apply(OK, HttpResponse$.MODULE$.apply$default$2(), apply3, HttpResponse$.MODULE$.apply$default$4()).withHeaders(apply), Marshaller$.MODULE$.fromResponse());
                        }
                        return apply2;
                    });
                });
            }));
        });
        this.logoutRoute = (Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.path(Directives$.MODULE$._segmentStringToPathMatcher("logout"))).apply(() -> {
            return Directives$.MODULE$.complete(() -> {
                return ToResponseMarshallable$.MODULE$.apply(HttpResponse$.MODULE$.apply(StatusCodes$.MODULE$.NotImplemented(), HttpResponse$.MODULE$.apply$default$2(), HttpResponse$.MODULE$.apply$default$3(), HttpResponse$.MODULE$.apply$default$4()), Marshaller$.MODULE$.fromResponse());
            });
        });
        this.publicKeyRoute = (Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.path(Directives$.MODULE$._segmentStringToPathMatcher("key"))).apply(() -> {
            return (Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.get()).apply(() -> {
                return Directives$.MODULE$.complete(() -> {
                    return ToResponseMarshallable$.MODULE$.apply(this.publicKeyPEM(), Marshaller$.MODULE$.liftMarshaller(Marshaller$.MODULE$.StringMarshaller()));
                });
            });
        });
    }
}
