package blended.security.login.rest.internal;

import akka.http.scaladsl.marshalling.Marshaller$;
import akka.http.scaladsl.marshalling.ToResponseMarshallable;
import akka.http.scaladsl.marshalling.ToResponseMarshallable$;
import akka.http.scaladsl.model.HttpEntity;
import akka.http.scaladsl.model.HttpEntity$;
import akka.http.scaladsl.model.HttpMethod;
import akka.http.scaladsl.model.HttpMethods$;
import akka.http.scaladsl.model.HttpResponse$;
import akka.http.scaladsl.model.StatusCodes;
import akka.http.scaladsl.model.StatusCodes$;
import akka.http.scaladsl.model.headers.Access;
import akka.http.scaladsl.model.headers.Access$minusControl$minusAllow$minusHeaders$;
import akka.http.scaladsl.model.headers.Access$minusControl$minusAllow$minusMethods$;
import akka.http.scaladsl.model.headers.Access$minusControl$minusAllow$minusOrigin$;
import akka.http.scaladsl.model.headers.HttpChallenge;
import akka.http.scaladsl.model.headers.ResponseHeader;
import akka.http.scaladsl.server.Directive;
import akka.http.scaladsl.server.Directive$;
import akka.http.scaladsl.server.Directives$;
import akka.http.scaladsl.server.RequestContext;
import akka.http.scaladsl.server.RouteResult;
import akka.http.scaladsl.server.directives.AuthenticationDirective;
import akka.http.scaladsl.server.util.ApplyConverter$;
import blended.security.BlendedPermission;
import blended.security.BlendedPermissionManager;
import blended.security.akka.http.BlendedSecurityDirectives;
import blended.security.akka.http.JAASSecurityDirectives;
import blended.security.login.api.Token;
import blended.security.login.api.TokenStore;
import blended.util.logging.Logger;
import blended.util.logging.Logger$;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import javax.security.auth.Subject;
import scala.Function1;
import scala.MatchError;
import scala.Some;
import scala.collection.immutable.$colon;
import scala.collection.immutable.List;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Seq;
import scala.collection.immutable.Seq$;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.duration.package;
import scala.concurrent.duration.package$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.ScalaRunTime$;
import scala.runtime.Statics;
import scala.util.Failure;
import scala.util.Success;

/* compiled from: LoginService.scala */
@ScalaSignature(bytes = "\u0006\u0005]4A\u0001D\u0007\u00011!Aq\u0005\u0001B\u0001B\u0003%\u0001\u0006\u0003\u0005/\u0001\t\u0015\r\u0011\"\u00110\u0011!!\u0004A!A!\u0002\u0013\u0001\u0004\u0002C\u001b\u0001\u0005\u0003\u0005\u000b1\u0002\u001c\t\u000bq\u0002A\u0011A\u001f\t\r\u0011\u0003\u0001\u0015!\u0003F\u0011!i\u0005\u0001#b!\n\u0013q\u0005\"\u0002.\u0001\t\u0003Y\u0006BB9\u0001A\u0003%!\u000f\u0003\u0004v\u0001\u0001\u0006IA\u001d\u0005\u0007m\u0002\u0001\u000b\u0011\u0002:\u0003\u00191{w-\u001b8TKJ4\u0018nY3\u000b\u00059y\u0011\u0001C5oi\u0016\u0014h.\u00197\u000b\u0005A\t\u0012\u0001\u0002:fgRT!AE\n\u0002\u000b1|w-\u001b8\u000b\u0005Q)\u0012\u0001C:fGV\u0014\u0018\u000e^=\u000b\u0003Y\tqA\u00197f]\u0012,Gm\u0001\u0001\u0014\u0007\u0001Ir\u0004\u0005\u0002\u001b;5\t1DC\u0001\u001d\u0003\u0015\u00198-\u00197b\u0013\tq2D\u0001\u0004B]f\u0014VM\u001a\t\u0003A\u0015j\u0011!\t\u0006\u0003E\r\nA\u0001\u001b;ua*\u0011AeE\u0001\u0005C.\\\u0017-\u0003\u0002'C\t1\"*Q!T'\u0016\u001cWO]5us\u0012K'/Z2uSZ,7/\u0001\u0006u_.,gn\u001d;pe\u0016\u0004\"!\u000b\u0017\u000e\u0003)R!aK\t\u0002\u0007\u0005\u0004\u0018.\u0003\u0002.U\tQAk\\6f]N#xN]3\u0002\u00075<'/F\u00011!\t\t$'D\u0001\u0014\u0013\t\u00194C\u0001\rCY\u0016tG-\u001a3QKJl\u0017n]:j_:l\u0015M\\1hKJ\fA!\\4sA\u0005)Qm\u0011;yiB\u0011qGO\u0007\u0002q)\u0011\u0011hG\u0001\u000bG>t7-\u001e:sK:$\u0018BA\u001e9\u0005A)\u00050Z2vi&|gnQ8oi\u0016DH/\u0001\u0004=S:LGO\u0010\u000b\u0004}\t\u001bECA B!\t\u0001\u0005!D\u0001\u000e\u0011\u0015)T\u0001q\u00017\u0011\u00159S\u00011\u0001)\u0011\u0015qS\u00011\u00011\u0003\rawn\u001a\t\u0003\r.k\u0011a\u0012\u0006\u0003\u0011&\u000bq\u0001\\8hO&twM\u0003\u0002K+\u0005!Q\u000f^5m\u0013\tauI\u0001\u0004M_\u001e<WM]\u0001\raV\u0014G.[2LKf\u0004V)T\u000b\u0002\u001fB\u0011\u0001k\u0016\b\u0003#V\u0003\"AU\u000e\u000e\u0003MS!\u0001V\f\u0002\rq\u0012xn\u001c;?\u0013\t16$\u0001\u0004Qe\u0016$WMZ\u0005\u00031f\u0013aa\u0015;sS:<'B\u0001,\u001c\u0003\u0015\u0011x.\u001e;f+\u0005a\u0006CA/o\u001d\tq6N\u0004\u0002`Q:\u0011\u0001-\u001a\b\u0003C\u000et!A\u00152\n\u0003\u0011J!A\t3\u000b\u0003\u0011J!AZ4\u0002\u0011M\u001c\u0017\r\\1eg2T!A\t3\n\u0005%T\u0017AB:feZ,'O\u0003\u0002gO&\u0011A.\\\u0001\ba\u0006\u001c7.Y4f\u0015\tI'.\u0003\u0002pa\n)!k\\;uK*\u0011A.\\\u0001\u000bY><\u0017N\u001c*pkR,\u0007CA:o\u001d\t!8.D\u0001n\u0003-awnZ8viJ{W\u000f^3\u0002\u001dA,(\r\\5d\u0017\u0016L(k\\;uK\u0002")
/* loaded from: input_file:blended/security/login/rest/internal/LoginService.class */
public class LoginService implements JAASSecurityDirectives {
    private String publicKeyPEM;
    private final TokenStore tokenstore;
    private final BlendedPermissionManager mgr;
    private final ExecutionContext eCtxt;
    private final Logger log;
    private final Function1<RequestContext, Future<RouteResult>> loginRoute;
    private final Function1<RequestContext, Future<RouteResult>> logoutRoute;
    private final Function1<RequestContext, Future<RouteResult>> publicKeyRoute;
    private Logger blended$security$akka$http$JAASSecurityDirectives$$log;
    private HttpChallenge blended$security$akka$http$JAASSecurityDirectives$$challenge;
    private AuthenticationDirective<Subject> authenticated;
    private volatile byte bitmap$0;

    public Directive<BoxedUnit> requirePermission(BlendedPermission blendedPermission) {
        return JAASSecurityDirectives.requirePermission$(this, blendedPermission);
    }

    public Directive<BoxedUnit> requireGroup(String str) {
        return JAASSecurityDirectives.requireGroup$(this, str);
    }

    public Directive<BoxedUnit> requirePermission(String str) {
        return BlendedSecurityDirectives.requirePermission$(this, str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [blended.security.login.rest.internal.LoginService] */
    private Logger blended$security$akka$http$JAASSecurityDirectives$$log$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 2)) == 0) {
                this.blended$security$akka$http$JAASSecurityDirectives$$log = JAASSecurityDirectives.blended$security$akka$http$JAASSecurityDirectives$$log$(this);
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 2);
            }
        }
        return this.blended$security$akka$http$JAASSecurityDirectives$$log;
    }

    public Logger blended$security$akka$http$JAASSecurityDirectives$$log() {
        return ((byte) (this.bitmap$0 & 2)) == 0 ? blended$security$akka$http$JAASSecurityDirectives$$log$lzycompute() : this.blended$security$akka$http$JAASSecurityDirectives$$log;
    }

    public HttpChallenge blended$security$akka$http$JAASSecurityDirectives$$challenge() {
        return this.blended$security$akka$http$JAASSecurityDirectives$$challenge;
    }

    public AuthenticationDirective<Subject> authenticated() {
        return this.authenticated;
    }

    public final void blended$security$akka$http$JAASSecurityDirectives$_setter_$blended$security$akka$http$JAASSecurityDirectives$$challenge_$eq(HttpChallenge httpChallenge) {
        this.blended$security$akka$http$JAASSecurityDirectives$$challenge = httpChallenge;
    }

    public void blended$security$akka$http$JAASSecurityDirectives$_setter_$authenticated_$eq(AuthenticationDirective<Subject> authenticationDirective) {
        this.authenticated = authenticationDirective;
    }

    public BlendedPermissionManager mgr() {
        return this.mgr;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [blended.security.login.rest.internal.LoginService] */
    private String publicKeyPEM$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 1)) == 0) {
                this.publicKeyPEM = lines$1(Base64.getEncoder().encodeToString(new X509EncodedKeySpec(this.tokenstore.publicKey().getEncoded()).getEncoded()), (List) new $colon.colon("-----BEGIN PUBLIC KEY-----", Nil$.MODULE$)).$colon$colon("-----END PUBLIC KEY-----").reverse().mkString("\n");
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 1);
            }
        }
        return this.publicKeyPEM;
    }

    private String publicKeyPEM() {
        return ((byte) (this.bitmap$0 & 1)) == 0 ? publicKeyPEM$lzycompute() : this.publicKeyPEM;
    }

    public Function1<RequestContext, Future<RouteResult>> route() {
        return Directives$.MODULE$._enhanceRouteWithConcatenation(Directives$.MODULE$._enhanceRouteWithConcatenation(this.loginRoute).$tilde(this.logoutRoute)).$tilde(this.publicKeyRoute);
    }

    private final List lines$1(String str, List list) {
        while (str.length() > 64) {
            String substring = str.substring(64);
            list = list.$colon$colon(str.substring(0, 64));
            str = substring;
        }
        return list.$colon$colon(str);
    }

    public LoginService(TokenStore tokenStore, BlendedPermissionManager blendedPermissionManager, ExecutionContext executionContext) {
        this.tokenstore = tokenStore;
        this.mgr = blendedPermissionManager;
        this.eCtxt = executionContext;
        BlendedSecurityDirectives.$init$(this);
        JAASSecurityDirectives.$init$(this);
        this.log = Logger$.MODULE$.apply(ClassTag$.MODULE$.apply(LoginService.class));
        Seq apply = Seq$.MODULE$.apply(ScalaRunTime$.MODULE$.wrapRefArray(new ResponseHeader[]{Access$minusControl$minusAllow$minusOrigin$.MODULE$.$times(), Access$minusControl$minusAllow$minusMethods$.MODULE$.apply(HttpMethods$.MODULE$.GET(), ScalaRunTime$.MODULE$.wrapRefArray(new HttpMethod[]{HttpMethods$.MODULE$.POST(), HttpMethods$.MODULE$.OPTIONS()})), new Access.minusControl.minusMax.minusAge(1000L), Access$minusControl$minusAllow$minusHeaders$.MODULE$.apply("origin", ScalaRunTime$.MODULE$.wrapRefArray(new String[]{"x-csrftoken", "content-type", "accept", "authorization"}))}));
        this.loginRoute = (Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.pathSingleSlash()).apply(() -> {
            return Directives$.MODULE$._enhanceRouteWithConcatenation(Directives$.MODULE$._enhanceRouteWithConcatenation((Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.options()).apply(() -> {
                return Directives$.MODULE$.complete(() -> {
                    return ToResponseMarshallable$.MODULE$.apply(HttpResponse$.MODULE$.apply(StatusCodes$.MODULE$.OK(), HttpResponse$.MODULE$.apply$default$2(), HttpResponse$.MODULE$.apply$default$3(), HttpResponse$.MODULE$.apply$default$4()).withHeaders(apply), Marshaller$.MODULE$.fromResponse());
                });
            })).$tilde((Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.get()).apply(() -> {
                this.log.warn(() -> {
                    return "Login must be executed with a HTTP Post";
                });
                return Directives$.MODULE$.complete(() -> {
                    return ToResponseMarshallable$.MODULE$.apply(HttpResponse$.MODULE$.apply(StatusCodes$.MODULE$.Forbidden(), HttpResponse$.MODULE$.apply$default$2(), HttpResponse$.MODULE$.apply$default$3(), HttpResponse$.MODULE$.apply$default$4()).withHeaders(apply), Marshaller$.MODULE$.fromResponse());
                });
            }))).$tilde((Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.post()).apply(() -> {
                return (Function1) Directive$.MODULE$.addDirectiveApply(this.authenticated(), ApplyConverter$.MODULE$.hac1()).apply(subject -> {
                    return Directives$.MODULE$.complete(() -> {
                        ToResponseMarshallable apply2;
                        Failure newToken = this.tokenstore.newToken(subject, new Some(new package.DurationInt(package$.MODULE$.DurationInt(1)).minute()), this.eCtxt);
                        if (newToken instanceof Failure) {
                            Throwable exception = newToken.exception();
                            this.log.error(() -> {
                                return new StringBuilder(27).append("Could not create token : [").append(exception.getMessage()).append("]").toString();
                            });
                            apply2 = ToResponseMarshallable$.MODULE$.apply(HttpResponse$.MODULE$.apply(StatusCodes$.MODULE$.BadRequest(), HttpResponse$.MODULE$.apply$default$2(), HttpResponse$.MODULE$.apply$default$3(), HttpResponse$.MODULE$.apply$default$4()).withHeaders(apply), Marshaller$.MODULE$.fromResponse());
                        } else {
                            if (!(newToken instanceof Success)) {
                                throw new MatchError(newToken);
                            }
                            Token token = (Token) ((Success) newToken).value();
                            this.log.info(() -> {
                                return new StringBuilder(46).append("User [").append(token.user()).append("] logged in successfully, token-id is [").append(token.id()).append("]").toString();
                            });
                            ToResponseMarshallable$ toResponseMarshallable$ = ToResponseMarshallable$.MODULE$;
                            StatusCodes.Success OK = StatusCodes$.MODULE$.OK();
                            HttpEntity.Strict apply3 = HttpEntity$.MODULE$.apply(token.webToken());
                            apply2 = toResponseMarshallable$.apply(HttpResponse$.MODULE$.apply(OK, HttpResponse$.MODULE$.apply$default$2(), apply3, HttpResponse$.MODULE$.apply$default$4()).withHeaders(apply), Marshaller$.MODULE$.fromResponse());
                        }
                        return apply2;
                    });
                });
            }));
        });
        this.logoutRoute = (Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.path(Directives$.MODULE$._segmentStringToPathMatcher("logout"))).apply(() -> {
            return Directives$.MODULE$.complete(() -> {
                return ToResponseMarshallable$.MODULE$.apply(HttpResponse$.MODULE$.apply(StatusCodes$.MODULE$.NotImplemented(), HttpResponse$.MODULE$.apply$default$2(), HttpResponse$.MODULE$.apply$default$3(), HttpResponse$.MODULE$.apply$default$4()), Marshaller$.MODULE$.fromResponse());
            });
        });
        this.publicKeyRoute = (Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.path(Directives$.MODULE$._segmentStringToPathMatcher("key"))).apply(() -> {
            return (Function1) Directive$.MODULE$.addByNameNullaryApply(Directives$.MODULE$.get()).apply(() -> {
                return Directives$.MODULE$.complete(() -> {
                    return ToResponseMarshallable$.MODULE$.apply(this.publicKeyPEM(), Marshaller$.MODULE$.liftMarshaller(Marshaller$.MODULE$.StringMarshaller()));
                });
            });
        });
        Statics.releaseFence();
    }
}
