package com.daml.ledger.api.auth;

import com.auth0.jwt.interfaces.JWTVerifier;
import com.daml.jwt.JwtVerifierBase;
import com.daml.jwt.domain.Jwt;
import com.daml.ledger.api.auth.ClaimSet;
import com.daml.lf.data.Ref$;
import io.grpc.Metadata;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Product;
import scala.Serializable;
import scala.Some;
import scala.collection.Iterator;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.StringOps;
import scala.collection.mutable.ListBuffer;
import scala.collection.mutable.ListBuffer$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.ScalaRunTime$;
import scala.util.Either;
import scala.util.Try$;
import spray.json.JsonParser$;
import spray.json.ParserInput$;

/* compiled from: AuthServiceJWT.scala */
@ScalaSignature(bytes = "\u0006\u0001\t=b\u0001B\u0013'\u0001EB\u0001\u0002\u0010\u0001\u0003\u0002\u0003\u0006I!\u0010\u0005\u0006\u0007\u0002!\t\u0001\u0012\u0005\b\u000f\u0002\u0011\r\u0011\"\u0005I\u0011\u0019\t\u0006\u0001)A\u0005\u0013\")!\u000b\u0001C!'\"11\u000e\u0001Q\u0005\n1Da\u0001 \u0001!\n\u0013i\b\u0002CA\u0001\u0001\u0001&I!a\u0001\t\u0011\tM\u0001\u0001)C\u0005\u0005+A\u0001B!\u0007\u0001A\u0013%!1D\u0004\b\u0003_1\u0003\u0012AA\u0019\r\u0019)c\u0005#\u0001\u00024!11\t\u0004C\u0001\u0003k1a!a\u000e\r\u0005\u0006e\u0002BCA$\u001d\tU\r\u0011\"\u0001\u0002J!I\u00111\n\b\u0003\u0012\u0003\u0006I\u0001\u001d\u0005\u0007\u0007:!\t!!\u0014\t\u0013\u0005Uc\"!A\u0005\u0002\u0005]\u0003\"CA.\u001dE\u0005I\u0011AA/\u0011%\t\u0019HDA\u0001\n\u0003\n)\bC\u0005\u0002\u0002:\t\t\u0011\"\u0001\u0002\u0004\"I\u00111\u0012\b\u0002\u0002\u0013\u0005\u0011Q\u0012\u0005\n\u00033s\u0011\u0011!C!\u00037C\u0011\"!+\u000f\u0003\u0003%\t!a+\t\u0013\u0005Uf\"!A\u0005B\u0005]\u0006\"CA]\u001d\u0005\u0005I\u0011IA^\u0011%\tiLDA\u0001\n\u0003\nylB\u0005\u0002D2\t\t\u0011#\u0001\u0002F\u001aI\u0011q\u0007\u0007\u0002\u0002#\u0005\u0011q\u0019\u0005\u0007\u0007v!\t!!6\t\u0013\u0005eV$!A\u0005F\u0005m\u0006\"CAl;\u0005\u0005I\u0011QAm\u0011%\ti.HA\u0001\n\u0003\u000by\u000eC\u0005\u0002fv\t\t\u0011\"\u0003\u0002h\"9\u0011q\u001b\u0007\u0005\u0002\u0005=\bbBAl\u0019\u0011\u0005!Q\u0001\u0002\u000f\u0003V$\bnU3sm&\u001cWMS,U\u0015\t9\u0003&\u0001\u0003bkRD'BA\u0015+\u0003\r\t\u0007/\u001b\u0006\u0003W1\na\u0001\\3eO\u0016\u0014(BA\u0017/\u0003\u0011!\u0017-\u001c7\u000b\u0003=\n1aY8n\u0007\u0001\u00192\u0001\u0001\u001a9!\t\u0019d'D\u00015\u0015\u0005)\u0014!B:dC2\f\u0017BA\u001c5\u0005\u0019\te.\u001f*fMB\u0011\u0011HO\u0007\u0002M%\u00111H\n\u0002\f\u0003V$\bnU3sm&\u001cW-\u0001\u0005wKJLg-[3s!\tq\u0014)D\u0001@\u0015\t\u0001E&A\u0002koRL!AQ \u0003\u001f);HOV3sS\u001aLWM\u001d\"bg\u0016\fa\u0001P5oSRtDCA#G!\tI\u0004\u0001C\u0003=\u0005\u0001\u0007Q(\u0001\u0004m_\u001e<WM]\u000b\u0002\u0013B\u0011!jT\u0007\u0002\u0017*\u0011A*T\u0001\u0006g24GG\u001b\u0006\u0002\u001d\u0006\u0019qN]4\n\u0005A[%A\u0002'pO\u001e,'/A\u0004m_\u001e<WM\u001d\u0011\u0002\u001d\u0011,7m\u001c3f\u001b\u0016$\u0018\rZ1uCR\u0011A+\u0019\t\u0004+rsV\"\u0001,\u000b\u0005]C\u0016AC2p]\u000e,(O]3oi*\u0011\u0011LW\u0001\u0005kRLGNC\u0001\\\u0003\u0011Q\u0017M^1\n\u0005u3&aD\"p[BdW\r^5p]N#\u0018mZ3\u0011\u0005ez\u0016B\u00011'\u0005!\u0019E.Y5n'\u0016$\b\"\u00022\u0006\u0001\u0004\u0019\u0017a\u00025fC\u0012,'o\u001d\t\u0003I&l\u0011!\u001a\u0006\u0003M\u001e\fAa\u001a:qG*\t\u0001.\u0001\u0002j_&\u0011!.\u001a\u0002\t\u001b\u0016$\u0018\rZ1uC\u00061r-\u001a;BkRDwN]5{CRLwN\u001c%fC\u0012,'\u000f\u0006\u0002nwB\u00191G\u001c9\n\u0005=$$AB(qi&|g\u000e\u0005\u0002rq:\u0011!O\u001e\t\u0003gRj\u0011\u0001\u001e\u0006\u0003kB\na\u0001\u0010:p_Rt\u0014BA<5\u0003\u0019\u0001&/\u001a3fM&\u0011\u0011P\u001f\u0002\u0007'R\u0014\u0018N\\4\u000b\u0005]$\u0004\"\u00022\u0007\u0001\u0004\u0019\u0017a\u00039beN,\u0007*Z1eKJ$\"A\u0018@\t\u000b}<\u0001\u0019\u00019\u0002\r!,\u0017\rZ3s\u00031\u0001\u0018M]:f!\u0006LHn\\1e)\u0011\t)Aa\u0004\u0011\u0011\u0005\u001d\u0011\u0011CA\f\u0005\u0013qA!!\u0003\u0002\u000e9\u00191/a\u0003\n\u0003UJ1!a\u00045\u0003\u001d\u0001\u0018mY6bO\u0016LA!a\u0005\u0002\u0016\t1Q)\u001b;iKJT1!a\u00045!\r\tIB\u0004\b\u0004\u00037Ya\u0002BA\u000f\u0003[qA!a\b\u0002,9!\u0011\u0011EA\u0015\u001d\u0011\t\u0019#a\n\u000f\u0007M\f)#C\u00010\u0013\tic&\u0003\u0002,Y%\u0011\u0011FK\u0005\u0003O!\na\"Q;uQN+'O^5dK*;F\u000b\u0005\u0002:\u0019M\u0011AB\r\u000b\u0003\u0003c\u0011Q!\u0012:s_J\u001cbA\u0004\u001a\u0002<\u0005\u0005\u0003cA\u001a\u0002>%\u0019\u0011q\b\u001b\u0003\u000fA\u0013x\u000eZ;diB\u00191'a\u0011\n\u0007\u0005\u0015CG\u0001\u0007TKJL\u0017\r\\5{C\ndW-A\u0004nKN\u001c\u0018mZ3\u0016\u0003A\f\u0001\"\\3tg\u0006<W\r\t\u000b\u0005\u0003\u001f\n\u0019\u0006E\u0002\u0002R9i\u0011\u0001\u0004\u0005\u0007\u0003\u000f\n\u0002\u0019\u00019\u0002\t\r|\u0007/\u001f\u000b\u0005\u0003\u001f\nI\u0006\u0003\u0005\u0002HI\u0001\n\u00111\u0001q\u00039\u0019w\u000e]=%I\u00164\u0017-\u001e7uIE*\"!a\u0018+\u0007A\f\tg\u000b\u0002\u0002dA!\u0011QMA8\u001b\t\t9G\u0003\u0003\u0002j\u0005-\u0014!C;oG\",7m[3e\u0015\r\ti\u0007N\u0001\u000bC:tw\u000e^1uS>t\u0017\u0002BA9\u0003O\u0012\u0011#\u001e8dQ\u0016\u001c7.\u001a3WCJL\u0017M\\2f\u00035\u0001(o\u001c3vGR\u0004&/\u001a4jqV\u0011\u0011q\u000f\t\u0005\u0003s\ny(\u0004\u0002\u0002|)\u0019\u0011Q\u0010.\u0002\t1\fgnZ\u0005\u0004s\u0006m\u0014\u0001\u00049s_\u0012,8\r^!sSRLXCAAC!\r\u0019\u0014qQ\u0005\u0004\u0003\u0013#$aA%oi\u0006q\u0001O]8ek\u000e$X\t\\3nK:$H\u0003BAH\u0003+\u00032aMAI\u0013\r\t\u0019\n\u000e\u0002\u0004\u0003:L\b\"CAL-\u0005\u0005\t\u0019AAC\u0003\rAH%M\u0001\u0010aJ|G-^2u\u0013R,'/\u0019;peV\u0011\u0011Q\u0014\t\u0007\u0003?\u000b)+a$\u000e\u0005\u0005\u0005&bAARi\u0005Q1m\u001c7mK\u000e$\u0018n\u001c8\n\t\u0005\u001d\u0016\u0011\u0015\u0002\t\u0013R,'/\u0019;pe\u0006A1-\u00198FcV\fG\u000e\u0006\u0003\u0002.\u0006M\u0006cA\u001a\u00020&\u0019\u0011\u0011\u0017\u001b\u0003\u000f\t{w\u000e\\3b]\"I\u0011q\u0013\r\u0002\u0002\u0003\u0007\u0011qR\u0001\tQ\u0006\u001c\bnQ8eKR\u0011\u0011QQ\u0001\ti>\u001cFO]5oOR\u0011\u0011qO\u0001\u0007KF,\u0018\r\\:\u0015\t\u00055\u0016\u0011\u0019\u0005\n\u0003/[\u0012\u0011!a\u0001\u0003\u001f\u000bQ!\u0012:s_J\u00042!!\u0015\u001e'\u0015i\u0012\u0011ZA!!\u001d\tY-!5q\u0003\u001fj!!!4\u000b\u0007\u0005=G'A\u0004sk:$\u0018.\\3\n\t\u0005M\u0017Q\u001a\u0002\u0012\u0003\n\u001cHO]1di\u001a+hn\u0019;j_:\fDCAAc\u0003\u0015\t\u0007\u000f\u001d7z)\u0011\ty%a7\t\r\u0005\u001d\u0003\u00051\u0001q\u0003\u001d)h.\u00199qYf$2!\\Aq\u0011%\t\u0019/IA\u0001\u0002\u0004\ty%A\u0002yIA\n1B]3bIJ+7o\u001c7wKR\u0011\u0011\u0011\u001e\t\u0005\u0003s\nY/\u0003\u0003\u0002n\u0006m$AB(cU\u0016\u001cG\u000fF\u0002F\u0003cDa\u0001P\u0012A\u0002\u0005M\b\u0003BA{\u0005\u0003i!!a>\u000b\t\u0005e\u00181`\u0001\u000bS:$XM\u001d4bG\u0016\u001c(b\u0001!\u0002~*\u0019\u0011q \u0018\u0002\u000b\u0005,H\u000f\u001b\u0019\n\t\t\r\u0011q\u001f\u0002\f\u0015^#f+\u001a:jM&,'\u000fF\u0002F\u0005\u000fAQ\u0001\u0010\u0013A\u0002u\u00022!\u000fB\u0006\u0013\r\u0011iA\n\u0002\u0016\u0003V$\bnU3sm&\u001cWMS,U!\u0006LHn\\1e\u0011\u0019\u0011\t\u0002\u0003a\u0001a\u0006Q!n\u001e;QCfdw.\u00193\u0002\u001fA\f'o]3K/R\u0003\u0016-\u001f7pC\u0012$B!!\u0002\u0003\u0018!)q0\u0003a\u0001a\u0006y\u0001/Y=m_\u0006$Gk\\\"mC&l7\u000f\u0006\u0003\u0003\u001e\t-\u0002\u0003\u0002B\u0010\u0005Kq1!\u000fB\u0011\u0013\r\u0011\u0019CJ\u0001\t\u00072\f\u0017.\\*fi&!!q\u0005B\u0015\u0005\u0019\u0019E.Y5ng*\u0019!1\u0005\u0014\t\u000f\t5\"\u00021\u0001\u0003\n\u00059\u0001/Y=m_\u0006$\u0007")
/* loaded from: input_file:com/daml/ledger/api/auth/AuthServiceJWT.class */
public class AuthServiceJWT implements AuthService {
    private final JwtVerifierBase verifier;
    private final Logger logger;
    private final Metadata.Key<String> AUTHORIZATION_KEY;

    /* compiled from: AuthServiceJWT.scala */
    /* loaded from: input_file:com/daml/ledger/api/auth/AuthServiceJWT$Error.class */
    public static final class Error implements Product, Serializable {
        private final String message;

        public String message() {
            return this.message;
        }

        public Error copy(String str) {
            return new Error(str);
        }

        public String copy$default$1() {
            return message();
        }

        public String productPrefix() {
            return "Error";
        }

        public int productArity() {
            return 1;
        }

        public Object productElement(int i) {
            switch (i) {
                case 0:
                    return message();
                default:
                    throw new IndexOutOfBoundsException(Integer.toString(i));
            }
        }

        public Iterator<Object> productIterator() {
            return ScalaRunTime$.MODULE$.typedProductIterator(this);
        }

        public boolean canEqual(Object obj) {
            return obj instanceof Error;
        }

        public int hashCode() {
            return ScalaRunTime$.MODULE$._hashCode(this);
        }

        public String toString() {
            return ScalaRunTime$.MODULE$._toString(this);
        }

        public boolean equals(Object obj) {
            if (this != obj) {
                if (obj instanceof Error) {
                    String message = message();
                    String message2 = ((Error) obj).message();
                    if (message != null ? message.equals(message2) : message2 == null) {
                    }
                }
                return false;
            }
            return true;
        }

        public Error(String str) {
            this.message = str;
            Product.$init$(this);
        }
    }

    public static AuthServiceJWT apply(JwtVerifierBase jwtVerifierBase) {
        return AuthServiceJWT$.MODULE$.apply(jwtVerifierBase);
    }

    public static AuthServiceJWT apply(JWTVerifier jWTVerifier) {
        return AuthServiceJWT$.MODULE$.apply(jWTVerifier);
    }

    @Override // com.daml.ledger.api.auth.AuthService
    public Metadata.Key<String> AUTHORIZATION_KEY() {
        return this.AUTHORIZATION_KEY;
    }

    @Override // com.daml.ledger.api.auth.AuthService
    public void com$daml$ledger$api$auth$AuthService$_setter_$AUTHORIZATION_KEY_$eq(Metadata.Key<String> key) {
        this.AUTHORIZATION_KEY = key;
    }

    public Logger logger() {
        return this.logger;
    }

    @Override // com.daml.ledger.api.auth.AuthService
    public CompletionStage<ClaimSet> decodeMetadata(Metadata metadata) {
        ClaimSet parseHeader;
        Some authorizationHeader = getAuthorizationHeader(metadata);
        if (None$.MODULE$.equals(authorizationHeader)) {
            parseHeader = ClaimSet$Unauthenticated$.MODULE$;
        } else {
            if (!(authorizationHeader instanceof Some)) {
                throw new MatchError(authorizationHeader);
            }
            parseHeader = parseHeader((String) authorizationHeader.value());
        }
        return CompletableFuture.completedFuture(parseHeader);
    }

    private Option<String> getAuthorizationHeader(Metadata metadata) {
        return Option$.MODULE$.apply(metadata.get(AUTHORIZATION_KEY()));
    }

    private ClaimSet parseHeader(String str) {
        return (ClaimSet) parseJWTPayload(str).fold(error -> {
            this.logger().warn(new StringBuilder(21).append("Authorization error: ").append(error.message()).toString());
            return ClaimSet$Unauthenticated$.MODULE$;
        }, authServiceJWTPayload -> {
            return this.payloadToClaims(authServiceJWTPayload);
        });
    }

    private Either<Error, AuthServiceJWTPayload> parsePayload(String str) {
        return Try$.MODULE$.apply(() -> {
            return (AuthServiceJWTPayload) JsonParser$.MODULE$.apply(ParserInput$.MODULE$.apply(str)).convertTo(AuthServiceJWTCodec$JsonImplicits$AuthServiceJWTPayloadFormat$.MODULE$);
        }).toEither().left().map(th -> {
            return new Error(new StringBuilder(27).append("Could not parse JWT token: ").append(th.getMessage()).toString());
        });
    }

    private Either<Error, AuthServiceJWTPayload> parseJWTPayload(String str) {
        return new StringOps(Predef$.MODULE$.augmentString("Bearer (.*)")).r().findFirstMatchIn(str).map(match -> {
            return match.group(1);
        }).toRight(() -> {
            return new Error("Authorization header does not use Bearer format");
        }).flatMap(str2 -> {
            return this.verifier.verify(new Jwt(str2)).toEither().left().map(error -> {
                return new Error(new StringBuilder(28).append("Could not verify JWT token: ").append(error.message()).toString());
            }).flatMap(decodedJwt -> {
                return this.parsePayload((String) decodedJwt.payload()).map(authServiceJWTPayload -> {
                    return authServiceJWTPayload;
                });
            });
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ClaimSet.Claims payloadToClaims(AuthServiceJWTPayload authServiceJWTPayload) {
        ListBuffer apply = ListBuffer$.MODULE$.apply(Nil$.MODULE$);
        apply.append(Predef$.MODULE$.wrapRefArray(new Claim[]{ClaimPublic$.MODULE$}));
        if (authServiceJWTPayload.admin()) {
            apply.append(Predef$.MODULE$.wrapRefArray(new Claim[]{ClaimAdmin$.MODULE$}));
        }
        authServiceJWTPayload.actAs().foreach(str -> {
            $anonfun$payloadToClaims$1(apply, str);
            return BoxedUnit.UNIT;
        });
        authServiceJWTPayload.readAs().foreach(str2 -> {
            $anonfun$payloadToClaims$2(apply, str2);
            return BoxedUnit.UNIT;
        });
        return new ClaimSet.Claims(apply.toList(), authServiceJWTPayload.ledgerId(), authServiceJWTPayload.participantId(), authServiceJWTPayload.applicationId(), authServiceJWTPayload.exp());
    }

    public static final /* synthetic */ void $anonfun$payloadToClaims$1(ListBuffer listBuffer, String str) {
        listBuffer.append(Predef$.MODULE$.wrapRefArray(new Claim[]{new ClaimActAsParty((String) Ref$.MODULE$.Party().assertFromString(str))}));
    }

    public static final /* synthetic */ void $anonfun$payloadToClaims$2(ListBuffer listBuffer, String str) {
        listBuffer.append(Predef$.MODULE$.wrapRefArray(new Claim[]{new ClaimReadAsParty((String) Ref$.MODULE$.Party().assertFromString(str))}));
    }

    public AuthServiceJWT(JwtVerifierBase jwtVerifierBase) {
        this.verifier = jwtVerifierBase;
        com$daml$ledger$api$auth$AuthService$_setter_$AUTHORIZATION_KEY_$eq(Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER));
        this.logger = LoggerFactory.getLogger(AuthServiceJWT$.MODULE$.getClass());
    }
}
