package ai.tock.shared.security.auth;

import ai.tock.shared.Executor;
import ai.tock.shared.IOCsKt;
import ai.tock.shared.PropertiesKt;
import ai.tock.shared.security.TockUser;
import ai.tock.shared.security.TockUserListener;
import ai.tock.shared.security.TockUserRole;
import ai.tock.shared.vertx.WebVerticle;
import com.github.salomonbrys.kodein.TypeReference;
import com.google.common.io.BaseEncoding;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.JWTOptions;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.jwt.JWTAuth;
import io.vertx.ext.auth.jwt.JWTAuthOptions;
import io.vertx.ext.auth.jwt.impl.JWTUser;
import io.vertx.ext.web.handler.AuthHandler;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.Regex;
import kotlin.text.StringsKt;
import mu.KLogger;
import mu.KotlinLogging;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: AWSJWTAuthProvider.kt */
@Metadata(mv = {1, 7, 1}, k = 1, xi = 48, d1 = {"��d\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000e\n��\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\b\u0003\n\u0002\u0010\"\n\u0002\b\u0002\b��\u0018�� $2\u00020\u00012\u00020\u0002:\u0001$B\r\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005J$\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u00102\u0012\u0010\u0011\u001a\u000e\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00140\u00130\u0012H\u0016J\u0010\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0018H\u0016J\u0018\u0010\u0019\u001a\u00020\f2\u0006\u0010\u001a\u001a\u00020\u00102\u0006\u0010\u001b\u001a\u00020\u001cH\u0016J\u0012\u0010\u001d\u001a\u0004\u0018\u00010\u00022\u0006\u0010\u000f\u001a\u00020\u0010H\u0002J\u0016\u0010\u001e\u001a\b\u0012\u0004\u0012\u00020\f0\u001f2\u0006\u0010 \u001a\u00020\fH\u0002J\u0012\u0010!\u001a\u0004\u0018\u00010\f2\u0006\u0010 \u001a\u00020\fH\u0002J\u0016\u0010\"\u001a\b\u0012\u0004\u0012\u00020\f0#2\u0006\u0010 \u001a\u00020\fH\u0002R\u0014\u0010\u0006\u001a\u00020\u00078BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\b\u0010\tR\u0010\u0010\n\u001a\u0004\u0018\u00010\u0002X\u0082\u000e¢\u0006\u0002\n��R\u0010\u0010\u000b\u001a\u0004\u0018\u00010\fX\u0082\u000e¢\u0006\u0002\n��¨\u0006%"}, d2 = {"Lai/tock/shared/security/auth/AWSJWTAuthProvider;", "Lai/tock/shared/security/auth/SSOTockAuthProvider;", "Lio/vertx/ext/auth/jwt/JWTAuth;", "vertx", "Lio/vertx/core/Vertx;", "(Lio/vertx/core/Vertx;)V", "executor", "Lai/tock/shared/Executor;", "getExecutor", "()Lai/tock/shared/Executor;", "jwtAuthProvider", "publicKey", "", "authenticate", "", "authInfo", "Lio/vertx/core/json/JsonObject;", "resultHandler", "Lio/vertx/core/Handler;", "Lio/vertx/core/AsyncResult;", "Lio/vertx/ext/auth/User;", "createAuthHandler", "Lio/vertx/ext/web/handler/AuthHandler;", "verticle", "Lai/tock/shared/vertx/WebVerticle;", "generateToken", "claims", "options", "Lio/vertx/ext/auth/JWTOptions;", "getJwtAuthProvider", "parseCustomRoles", "", "customRoles", "parseNamespace", "parseUserRoles", "", "Companion", "tock-shared"})
/* loaded from: input_file:ai/tock/shared/security/auth/AWSJWTAuthProvider.class */
public final class AWSJWTAuthProvider extends SSOTockAuthProvider implements JWTAuth {

    @Nullable
    private volatile String publicKey;

    @Nullable
    private volatile JWTAuth jwtAuthProvider;

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final KLogger logger = KotlinLogging.INSTANCE.logger(new Function0<Unit>() { // from class: ai.tock.shared.security.auth.AWSJWTAuthProvider$Companion$logger$1
        public final void invoke() {
        }

        /* renamed from: invoke, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ Object m129invoke() {
            invoke();
            return Unit.INSTANCE;
        }
    });

    @NotNull
    private static final String jwtAlgorithm = PropertiesKt.property("jwt_algorithm", "ES256");

    @NotNull
    private static final Map<String, String> namespaceMapping = PropertiesKt.mapProperty$default("tock_jwt_custom_namespace_mapping", MapsKt.emptyMap(), null, null, 12, null);

    @NotNull
    private static final Map<String, String> customRolesMapping = PropertiesKt.mapProperty$default("tock_jwt_custom_roles_mapping", MapsKt.emptyMap(), null, null, 12, null);

    /* compiled from: AWSJWTAuthProvider.kt */
    @Metadata(mv = {1, 7, 1}, k = 1, xi = 48, d1 = {"�� \n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010$\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u001a\u0010\u0003\u001a\u000e\u0012\u0004\u0012\u00020\u0005\u0012\u0004\u0012\u00020\u00050\u0004X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n��R\u001a\u0010\t\u001a\u000e\u0012\u0004\u0012\u00020\u0005\u0012\u0004\u0012\u00020\u00050\u0004X\u0082\u0004¢\u0006\u0002\n��¨\u0006\n"}, d2 = {"Lai/tock/shared/security/auth/AWSJWTAuthProvider$Companion;", "", "()V", "customRolesMapping", "", "", "jwtAlgorithm", "logger", "Lmu/KLogger;", "namespaceMapping", "tock-shared"})
    /* loaded from: input_file:ai/tock/shared/security/auth/AWSJWTAuthProvider$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public AWSJWTAuthProvider(@NotNull Vertx vertx) {
        super(vertx);
        Intrinsics.checkNotNullParameter(vertx, "vertx");
    }

    private final Executor getExecutor() {
        return (Executor) ((Function0) IOCsKt.getInjector().getInjector().getInjector().Provider(new TypeReference<Executor>() { // from class: ai.tock.shared.security.auth.AWSJWTAuthProvider$special$$inlined$provide$default$1
        }, (Object) null).getValue()).invoke();
    }

    @Override // ai.tock.shared.security.auth.SSOTockAuthProvider
    @NotNull
    public AuthHandler createAuthHandler(@NotNull WebVerticle webVerticle) {
        Intrinsics.checkNotNullParameter(webVerticle, "verticle");
        return new AWSJWTAuthHandler(this, null);
    }

    public void authenticate(@NotNull JsonObject jsonObject, @NotNull Handler<AsyncResult<User>> handler) {
        Unit unit;
        Intrinsics.checkNotNullParameter(jsonObject, "authInfo");
        Intrinsics.checkNotNullParameter(handler, "resultHandler");
        this.jwtAuthProvider = getJwtAuthProvider(jsonObject);
        JWTAuth jWTAuth = this.jwtAuthProvider;
        if (jWTAuth != null) {
            jWTAuth.authenticate(jsonObject, (v3) -> {
                m126authenticate$lambda0(r2, r3, r4, v3);
            });
            unit = Unit.INSTANCE;
        } else {
            unit = null;
        }
        if (unit == null) {
            handler.handle(Future.failedFuture("no jwt provider"));
        }
    }

    private final List<String> parseCustomRoles(String str) {
        List split$default = StringsKt.split$default(str, new String[]{","}, false, 0, 6, (Object) null);
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(split$default, 10));
        Iterator it = split$default.iterator();
        while (it.hasNext()) {
            arrayList.add(StringsKt.trim(StringsKt.removeSuffix(StringsKt.removePrefix((String) it.next(), "["), "]")).toString());
        }
        return arrayList;
    }

    private final String parseNamespace(String str) {
        ArrayList emptyList;
        List split$default;
        List<String> parseCustomRoles = parseCustomRoles(str);
        ArrayList arrayList = new ArrayList();
        Iterator<T> it = parseCustomRoles.iterator();
        while (it.hasNext()) {
            String str2 = namespaceMapping.get((String) it.next());
            if (str2 == null || (split$default = StringsKt.split$default(str2, new String[]{","}, false, 0, 6, (Object) null)) == null) {
                emptyList = CollectionsKt.emptyList();
            } else {
                List list = split$default;
                ArrayList arrayList2 = new ArrayList(CollectionsKt.collectionSizeOrDefault(list, 10));
                Iterator it2 = list.iterator();
                while (it2.hasNext()) {
                    arrayList2.add(StringsKt.trim((String) it2.next()).toString());
                }
                emptyList = arrayList2;
            }
            CollectionsKt.addAll(arrayList, emptyList);
        }
        return (String) CollectionsKt.firstOrNull(arrayList);
    }

    private final Set<String> parseUserRoles(String str) {
        ArrayList emptyList;
        List split$default;
        List<String> parseCustomRoles = parseCustomRoles(str);
        ArrayList arrayList = new ArrayList();
        Iterator<T> it = parseCustomRoles.iterator();
        while (it.hasNext()) {
            String str2 = customRolesMapping.get((String) it.next());
            if (str2 == null || (split$default = StringsKt.split$default(str2, new String[]{","}, false, 0, 6, (Object) null)) == null) {
                emptyList = CollectionsKt.emptyList();
            } else {
                List list = split$default;
                ArrayList arrayList2 = new ArrayList(CollectionsKt.collectionSizeOrDefault(list, 10));
                Iterator it2 = list.iterator();
                while (it2.hasNext()) {
                    arrayList2.add(TockUserRole.Companion.toRole((String) it2.next()));
                }
                emptyList = arrayList2;
            }
            CollectionsKt.addAll(arrayList, emptyList);
        }
        List filterNotNull = CollectionsKt.filterNotNull(arrayList);
        ArrayList arrayList3 = new ArrayList(CollectionsKt.collectionSizeOrDefault(filterNotNull, 10));
        Iterator it3 = filterNotNull.iterator();
        while (it3.hasNext()) {
            arrayList3.add(((TockUserRole) it3.next()).name());
        }
        return CollectionsKt.toSet(arrayList3);
    }

    private final JWTAuth getJwtAuthProvider(JsonObject jsonObject) {
        if (this.publicKey != null) {
            return this.jwtAuthProvider;
        }
        String string = jsonObject.getString("jwt");
        Intrinsics.checkNotNullExpressionValue(string, "authInfo.getString(\"jwt\")");
        List split = new Regex("\\.").split(string, 0);
        if (split.size() != 3) {
            return null;
        }
        byte[] decode = BaseEncoding.base64Url().decode((String) split.get(0));
        Intrinsics.checkNotNullExpressionValue(decode, "base64Url().decode(headerSeg)");
        String string2 = new JsonObject(new String(decode, Charsets.UTF_8)).getString("kid");
        RetrofitAWSPublicKeyClient retrofitAWSPublicKeyClient = RetrofitAWSPublicKeyClient.INSTANCE;
        Intrinsics.checkNotNullExpressionValue(string2, "kid");
        String publicKey = retrofitAWSPublicKeyClient.getPublicKey(string2);
        if (publicKey == null) {
            return null;
        }
        this.publicKey = StringsKt.replace$default(StringsKt.replace$default(publicKey, "-----BEGIN PUBLIC KEY-----\n", "", false, 4, (Object) null), "\n-----END PUBLIC KEY-----\n", "", false, 4, (Object) null);
        return JWTAuth.create(getVertx(), new JWTAuthOptions(new JsonObject().put("pubSecKeys", new JsonArray().add(new JsonObject().put("algorithm", jwtAlgorithm).put("publicKey", this.publicKey)))));
    }

    @NotNull
    public String generateToken(@NotNull JsonObject jsonObject, @NotNull JWTOptions jWTOptions) {
        Intrinsics.checkNotNullParameter(jsonObject, "claims");
        Intrinsics.checkNotNullParameter(jWTOptions, "options");
        return "";
    }

    /* renamed from: authenticate$lambda-0, reason: not valid java name */
    private static final void m126authenticate$lambda0(AWSJWTAuthProvider aWSJWTAuthProvider, final Handler handler, JsonObject jsonObject, AsyncResult asyncResult) {
        Intrinsics.checkNotNullParameter(aWSJWTAuthProvider, "this$0");
        Intrinsics.checkNotNullParameter(handler, "$resultHandler");
        Intrinsics.checkNotNullParameter(jsonObject, "$authInfo");
        if (!asyncResult.succeeded()) {
            if (jsonObject.getBoolean("retry") == null) {
                aWSJWTAuthProvider.publicKey = null;
                JsonObject put = jsonObject.put("retry", true);
                Intrinsics.checkNotNullExpressionValue(put, "authInfo.put(\"retry\", true)");
                aWSJWTAuthProvider.authenticate(put, handler);
            }
            handler.handle(Future.failedFuture("Unauthorized"));
            return;
        }
        Object result = asyncResult.result();
        JWTUser jWTUser = result instanceof JWTUser ? (JWTUser) result : null;
        if (jWTUser == null) {
            handler.handle(Future.failedFuture("Unauthorized"));
            return;
        }
        final JsonObject principal = jWTUser.principal();
        final String string = principal.getString("custom:roles");
        Intrinsics.checkNotNullExpressionValue(string, "customRoles");
        final Set<String> parseUserRoles = aWSJWTAuthProvider.parseUserRoles(string);
        if (parseUserRoles.isEmpty()) {
            logger.warn(new Function0<Object>() { // from class: ai.tock.shared.security.auth.AWSJWTAuthProvider$authenticate$1$1
                /* JADX INFO: Access modifiers changed from: package-private */
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                @Nullable
                public final Object invoke() {
                    return "empty role for " + string;
                }
            });
            handler.handle(Future.failedFuture("Unauthorized"));
            return;
        }
        final String parseNamespace = aWSJWTAuthProvider.parseNamespace(string);
        if (parseNamespace != null) {
            aWSJWTAuthProvider.getExecutor().executeBlocking(new Function0<Unit>() { // from class: ai.tock.shared.security.auth.AWSJWTAuthProvider$authenticate$1$3
                /* JADX INFO: Access modifiers changed from: package-private */
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                public final void invoke() {
                    String string2 = principal.getString("email");
                    TockUserListener tockUserListener = (TockUserListener) ((Function0) IOCsKt.getInjector().getInjector().getInjector().Provider(new TypeReference<TockUserListener>() { // from class: ai.tock.shared.security.auth.AWSJWTAuthProvider$authenticate$1$3$invoke$$inlined$provide$default$1
                    }, (Object) null).getValue()).invoke();
                    Intrinsics.checkNotNullExpressionValue(string2, "customName");
                    handler.handle(Future.succeededFuture(tockUserListener.registerUser(new TockUser(string2, parseNamespace, parseUserRoles, false, 8, null), true)));
                }

                /* renamed from: invoke, reason: collision with other method in class */
                public /* bridge */ /* synthetic */ Object m130invoke() {
                    invoke();
                    return Unit.INSTANCE;
                }
            });
        } else {
            logger.warn(new Function0<Object>() { // from class: ai.tock.shared.security.auth.AWSJWTAuthProvider$authenticate$1$2
                /* JADX INFO: Access modifiers changed from: package-private */
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(0);
                }

                @Nullable
                public final Object invoke() {
                    return "no namespace for " + string;
                }
            });
            handler.handle(Future.failedFuture("Unauthorized"));
        }
    }
}
