package com.daml.ledger.api.auth;

import com.auth0.jwt.interfaces.JWTVerifier;
import com.daml.jwt.JwtVerifierBase;
import com.daml.jwt.domain.Jwt;
import com.daml.lf.data.Ref$;
import io.grpc.Metadata;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.Option$;
import scala.Predef$;
import scala.Product;
import scala.Serializable;
import scala.collection.Iterator;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.StringOps;
import scala.collection.mutable.ListBuffer;
import scala.collection.mutable.ListBuffer$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;
import scala.util.Either;
import scala.util.Try$;
import scala.util.matching.Regex;
import spray.json.JsonParser$;
import spray.json.ParserInput$;

/* compiled from: AuthServiceJWT.scala */
@ScalaSignature(bytes = "\u0006\u0001\t=a\u0001B\u0012%\u0001=B\u0001B\u000f\u0001\u0003\u0002\u0003\u0006Ia\u000f\u0005\u0006\u0003\u0002!\tA\u0011\u0005\b\u000b\u0002\u0011\r\u0011\"\u0005G\u0011\u0019y\u0005\u0001)A\u0005\u000f\")\u0001\u000b\u0001C!#\"1\u0011\u000e\u0001Q\u0005\n)D\u0001B!\u0001\u0001A\u0013%!1\u0001\u0005\t\u0005\u000f\u0001\u0001\u0015\"\u0003\u0003\n\u001d9\u0011q\u0001\u0013\t\u0002\u0005%aAB\u0012%\u0011\u0003\tY\u0001\u0003\u0004B\u0015\u0011\u0005\u0011Q\u0002\u0004\u0007\u0003\u001fQ!)!\u0005\t\u0015\u0005}AB!f\u0001\n\u0003\t\t\u0003\u0003\u0006\u000241\u0011\t\u0012)A\u0005\u0003GAa!\u0011\u0007\u0005\u0002\u0005U\u0002\"CA\u001f\u0019\u0005\u0005I\u0011AA \u0011%\t\u0019\u0005DI\u0001\n\u0003\t)\u0005C\u0005\u0002\\1\t\t\u0011\"\u0011\u0002^!I\u0011\u0011\u000e\u0007\u0002\u0002\u0013\u0005\u00111\u000e\u0005\n\u0003gb\u0011\u0011!C\u0001\u0003kB\u0011\"!!\r\u0003\u0003%\t%a!\t\u0013\u0005EE\"!A\u0005\u0002\u0005M\u0005\"CAO\u0019\u0005\u0005I\u0011IAP\u0011%\t\t\u000bDA\u0001\n\u0003\n\u0019\u000bC\u0005\u0002&2\t\t\u0011\"\u0011\u0002(\u001eI\u00111\u0016\u0006\u0002\u0002#\u0005\u0011Q\u0016\u0004\n\u0003\u001fQ\u0011\u0011!E\u0001\u0003_Ca!Q\u000e\u0005\u0002\u0005u\u0006\"CAQ7\u0005\u0005IQIAR\u0011%\tylGA\u0001\n\u0003\u000b\t\rC\u0005\u0002Fn\t\t\u0011\"!\u0002H\"I\u00111[\u000e\u0002\u0002\u0013%\u0011Q\u001b\u0005\b\u0003\u007fSA\u0011AAo\u0011\u001d\tyL\u0003C\u0001\u0003g\u0014a\"Q;uQN+'O^5dK*;FK\u0003\u0002&M\u0005!\u0011-\u001e;i\u0015\t9\u0003&A\u0002ba&T!!\u000b\u0016\u0002\r1,GmZ3s\u0015\tYC&\u0001\u0003eC6d'\"A\u0017\u0002\u0007\r|Wn\u0001\u0001\u0014\u0007\u0001\u0001d\u0007\u0005\u00022i5\t!GC\u00014\u0003\u0015\u00198-\u00197b\u0013\t)$G\u0001\u0004B]f\u0014VM\u001a\t\u0003oaj\u0011\u0001J\u0005\u0003s\u0011\u00121\"Q;uQN+'O^5dK\u0006Aa/\u001a:jM&,'\u000f\u0005\u0002=\u007f5\tQH\u0003\u0002?U\u0005\u0019!n\u001e;\n\u0005\u0001k$a\u0004&xiZ+'/\u001b4jKJ\u0014\u0015m]3\u0002\rqJg.\u001b;?)\t\u0019E\t\u0005\u00028\u0001!)!H\u0001a\u0001w\u00051An\\4hKJ,\u0012a\u0012\t\u0003\u00116k\u0011!\u0013\u0006\u0003\u0015.\u000bQa\u001d7gi)T\u0011\u0001T\u0001\u0004_J<\u0017B\u0001(J\u0005\u0019aunZ4fe\u00069An\\4hKJ\u0004\u0013A\u00043fG>$W-T3uC\u0012\fG/\u0019\u000b\u0003%~\u00032a\u0015.]\u001b\u0005!&BA+W\u0003)\u0019wN\\2veJ,g\u000e\u001e\u0006\u0003/b\u000bA!\u001e;jY*\t\u0011,\u0001\u0003kCZ\f\u0017BA.U\u0005=\u0019u.\u001c9mKRLwN\\*uC\u001e,\u0007CA\u001c^\u0013\tqFE\u0001\u0004DY\u0006LWn\u001d\u0005\u0006A\u0016\u0001\r!Y\u0001\bQ\u0016\fG-\u001a:t!\t\u0011w-D\u0001d\u0015\t!W-\u0001\u0003heB\u001c'\"\u00014\u0002\u0005%|\u0017B\u00015d\u0005!iU\r^1eCR\f\u0017\u0001\u00049beN,\u0007+Y=m_\u0006$GcA6\u0002~B)A\u000e^<\u0002x:\u0011QN\u001d\b\u0003]Fl\u0011a\u001c\u0006\u0003a:\na\u0001\u0010:p_Rt\u0014\"A\u001a\n\u0005M\u0014\u0014a\u00029bG.\fw-Z\u0005\u0003kZ\u0014a!R5uQ\u0016\u0014(BA:3!\tAHB\u0004\u0002z\u00139\u0019!0!\u0002\u000f\u0007m\f\u0019AD\u0002}\u0003\u0003q!!`@\u000f\u00059t\u0018\"A\u0017\n\u0005-b\u0013BA\u0015+\u0013\t9\u0003&\u0003\u0002&M\u0005q\u0011)\u001e;i'\u0016\u0014h/[2f\u0015^#\u0006CA\u001c\u000b'\tQ\u0001\u0007\u0006\u0002\u0002\n\t)QI\u001d:peN1A\u0002MA\n\u00033\u00012!MA\u000b\u0013\r\t9B\r\u0002\b!J|G-^2u!\r\t\u00141D\u0005\u0004\u0003;\u0011$\u0001D*fe&\fG.\u001b>bE2,\u0017aB7fgN\fw-Z\u000b\u0003\u0003G\u0001B!!\n\u0002.9!\u0011qEA\u0015!\tq''C\u0002\u0002,I\na\u0001\u0015:fI\u00164\u0017\u0002BA\u0018\u0003c\u0011aa\u0015;sS:<'bAA\u0016e\u0005AQ.Z:tC\u001e,\u0007\u0005\u0006\u0003\u00028\u0005m\u0002cAA\u001d\u00195\t!\u0002C\u0004\u0002 =\u0001\r!a\t\u0002\t\r|\u0007/\u001f\u000b\u0005\u0003o\t\t\u0005C\u0005\u0002 A\u0001\n\u00111\u0001\u0002$\u0005q1m\u001c9zI\u0011,g-Y;mi\u0012\nTCAA$U\u0011\t\u0019#!\u0013,\u0005\u0005-\u0003\u0003BA'\u0003/j!!a\u0014\u000b\t\u0005E\u00131K\u0001\nk:\u001c\u0007.Z2lK\u0012T1!!\u00163\u0003)\tgN\\8uCRLwN\\\u0005\u0005\u00033\nyEA\tv]\u000eDWmY6fIZ\u000b'/[1oG\u0016\fQ\u0002\u001d:pIV\u001cG\u000f\u0015:fM&DXCAA0!\u0011\t\t'a\u001a\u000e\u0005\u0005\r$bAA31\u0006!A.\u00198h\u0013\u0011\ty#a\u0019\u0002\u0019A\u0014x\u000eZ;di\u0006\u0013\u0018\u000e^=\u0016\u0005\u00055\u0004cA\u0019\u0002p%\u0019\u0011\u0011\u000f\u001a\u0003\u0007%sG/\u0001\bqe>$Wo\u0019;FY\u0016lWM\u001c;\u0015\t\u0005]\u0014Q\u0010\t\u0004c\u0005e\u0014bAA>e\t\u0019\u0011I\\=\t\u0013\u0005}D#!AA\u0002\u00055\u0014a\u0001=%c\u0005y\u0001O]8ek\u000e$\u0018\n^3sCR|'/\u0006\u0002\u0002\u0006B1\u0011qQAG\u0003oj!!!#\u000b\u0007\u0005-%'\u0001\u0006d_2dWm\u0019;j_:LA!a$\u0002\n\nA\u0011\n^3sCR|'/\u0001\u0005dC:,\u0015/^1m)\u0011\t)*a'\u0011\u0007E\n9*C\u0002\u0002\u001aJ\u0012qAQ8pY\u0016\fg\u000eC\u0005\u0002��Y\t\t\u00111\u0001\u0002x\u0005A\u0001.Y:i\u0007>$W\r\u0006\u0002\u0002n\u0005AAo\\*ue&tw\r\u0006\u0002\u0002`\u00051Q-];bYN$B!!&\u0002*\"I\u0011qP\r\u0002\u0002\u0003\u0007\u0011qO\u0001\u0006\u000bJ\u0014xN\u001d\t\u0004\u0003sY2#B\u000e\u00022\u0006e\u0001\u0003CAZ\u0003s\u000b\u0019#a\u000e\u000e\u0005\u0005U&bAA\\e\u00059!/\u001e8uS6,\u0017\u0002BA^\u0003k\u0013\u0011#\u00112tiJ\f7\r\u001e$v]\u000e$\u0018n\u001c82)\t\ti+A\u0003baBd\u0017\u0010\u0006\u0003\u00028\u0005\r\u0007bBA\u0010=\u0001\u0007\u00111E\u0001\bk:\f\u0007\u000f\u001d7z)\u0011\tI-a4\u0011\u000bE\nY-a\t\n\u0007\u00055'G\u0001\u0004PaRLwN\u001c\u0005\n\u0003#|\u0012\u0011!a\u0001\u0003o\t1\u0001\u001f\u00131\u0003-\u0011X-\u00193SKN|GN^3\u0015\u0005\u0005]\u0007\u0003BA1\u00033LA!a7\u0002d\t1qJ\u00196fGR$2aQAp\u0011\u0019Q\u0014\u00051\u0001\u0002bB!\u00111]Ax\u001b\t\t)O\u0003\u0003\u0002h\u0006%\u0018AC5oi\u0016\u0014h-Y2fg*\u0019a(a;\u000b\u0007\u00055H&A\u0003bkRD\u0007'\u0003\u0003\u0002r\u0006\u0015(a\u0003&X)Z+'/\u001b4jKJ$2aQA{\u0011\u0015Q$\u00051\u0001<!\r9\u0014\u0011`\u0005\u0004\u0003w$#!F!vi\"\u001cVM\u001d<jG\u0016Tu\u000b\u0016)bs2|\u0017\r\u001a\u0005\b\u0003\u007f4\u0001\u0019AA\u0012\u0003)Qw\u000f\u001e)bs2|\u0017\rZ\u0001\u000fI\u0016\u001cw\u000eZ3B]\u0012\u0004\u0016M]:f)\rY'Q\u0001\u0005\u0006A\u001e\u0001\r!Y\u0001\u0010a\u0006LHn\\1e)>\u001cE.Y5ngR\u0019ALa\u0003\t\u000f\t5\u0001\u00021\u0001\u0002x\u00069\u0001/Y=m_\u0006$\u0007")
/* loaded from: input_file:com/daml/ledger/api/auth/AuthServiceJWT.class */
public class AuthServiceJWT implements AuthService {
    private final JwtVerifierBase verifier;
    private final Logger logger;
    private final Metadata.Key<String> AUTHORIZATION_KEY;

    /* compiled from: AuthServiceJWT.scala */
    /* loaded from: input_file:com/daml/ledger/api/auth/AuthServiceJWT$Error.class */
    public static final class Error implements Product, Serializable {
        private final String message;

        public String message() {
            return this.message;
        }

        public Error copy(String str) {
            return new Error(str);
        }

        public String copy$default$1() {
            return message();
        }

        public String productPrefix() {
            return "Error";
        }

        public int productArity() {
            return 1;
        }

        public Object productElement(int i) {
            switch (i) {
                case 0:
                    return message();
                default:
                    throw new IndexOutOfBoundsException(BoxesRunTime.boxToInteger(i).toString());
            }
        }

        public Iterator<Object> productIterator() {
            return ScalaRunTime$.MODULE$.typedProductIterator(this);
        }

        public boolean canEqual(Object obj) {
            return obj instanceof Error;
        }

        public int hashCode() {
            return ScalaRunTime$.MODULE$._hashCode(this);
        }

        public String toString() {
            return ScalaRunTime$.MODULE$._toString(this);
        }

        public boolean equals(Object obj) {
            if (this != obj) {
                if (obj instanceof Error) {
                    String message = message();
                    String message2 = ((Error) obj).message();
                    if (message != null ? message.equals(message2) : message2 == null) {
                    }
                }
                return false;
            }
            return true;
        }

        public Error(String str) {
            this.message = str;
            Product.$init$(this);
        }
    }

    public static AuthServiceJWT apply(JwtVerifierBase jwtVerifierBase) {
        return AuthServiceJWT$.MODULE$.apply(jwtVerifierBase);
    }

    public static AuthServiceJWT apply(JWTVerifier jWTVerifier) {
        return AuthServiceJWT$.MODULE$.apply(jWTVerifier);
    }

    @Override // com.daml.ledger.api.auth.AuthService
    public Metadata.Key<String> AUTHORIZATION_KEY() {
        return this.AUTHORIZATION_KEY;
    }

    @Override // com.daml.ledger.api.auth.AuthService
    public void com$daml$ledger$api$auth$AuthService$_setter_$AUTHORIZATION_KEY_$eq(Metadata.Key<String> key) {
        this.AUTHORIZATION_KEY = key;
    }

    public Logger logger() {
        return this.logger;
    }

    @Override // com.daml.ledger.api.auth.AuthService
    public CompletionStage<Claims> decodeMetadata(Metadata metadata) {
        return (CompletionStage) decodeAndParse(metadata).fold(error -> {
            this.logger().warn(new StringBuilder(21).append("Authorization error: ").append(error.message()).toString());
            return CompletableFuture.completedFuture(Claims$.MODULE$.empty());
        }, authServiceJWTPayload -> {
            return CompletableFuture.completedFuture(this.payloadToClaims(authServiceJWTPayload));
        });
    }

    private Either<Error, AuthServiceJWTPayload> parsePayload(String str) {
        return Try$.MODULE$.apply(() -> {
            return (AuthServiceJWTPayload) JsonParser$.MODULE$.apply(ParserInput$.MODULE$.apply(str)).convertTo(AuthServiceJWTCodec$JsonImplicits$AuthServiceJWTPayloadFormat$.MODULE$);
        }).toEither().left().map(th -> {
            return new Error(new StringBuilder(27).append("Could not parse JWT token: ").append(th.getMessage()).toString());
        });
    }

    private Either<Error, AuthServiceJWTPayload> decodeAndParse(Metadata metadata) {
        Regex r = new StringOps(Predef$.MODULE$.augmentString("Bearer (.*)")).r();
        return Option$.MODULE$.apply(metadata.get(AUTHORIZATION_KEY())).toRight(() -> {
            return new Error("Authorization header not found");
        }).flatMap(str -> {
            return r.findFirstMatchIn(str).map(match -> {
                return match.group(1);
            }).toRight(() -> {
                return new Error("Authorization header does not use Bearer format");
            }).flatMap(str -> {
                return this.verifier.verify(new Jwt(str)).toEither().left().map(error -> {
                    return new Error(new StringBuilder(28).append("Could not verify JWT token: ").append(error.message()).toString());
                }).flatMap(decodedJwt -> {
                    return this.parsePayload((String) decodedJwt.payload()).map(authServiceJWTPayload -> {
                        return authServiceJWTPayload;
                    });
                });
            });
        });
    }

    private Claims payloadToClaims(AuthServiceJWTPayload authServiceJWTPayload) {
        ListBuffer apply = ListBuffer$.MODULE$.apply(Nil$.MODULE$);
        apply.append(Predef$.MODULE$.wrapRefArray(new Claim[]{ClaimPublic$.MODULE$}));
        if (authServiceJWTPayload.admin()) {
            apply.append(Predef$.MODULE$.wrapRefArray(new Claim[]{ClaimAdmin$.MODULE$}));
        }
        authServiceJWTPayload.actAs().foreach(str -> {
            $anonfun$payloadToClaims$1(apply, str);
            return BoxedUnit.UNIT;
        });
        authServiceJWTPayload.readAs().foreach(str2 -> {
            $anonfun$payloadToClaims$2(apply, str2);
            return BoxedUnit.UNIT;
        });
        return new Claims(apply.toList(), authServiceJWTPayload.ledgerId(), authServiceJWTPayload.participantId(), authServiceJWTPayload.applicationId(), authServiceJWTPayload.exp());
    }

    public static final /* synthetic */ void $anonfun$payloadToClaims$1(ListBuffer listBuffer, String str) {
        listBuffer.append(Predef$.MODULE$.wrapRefArray(new Claim[]{new ClaimActAsParty((String) Ref$.MODULE$.Party().assertFromString(str))}));
    }

    public static final /* synthetic */ void $anonfun$payloadToClaims$2(ListBuffer listBuffer, String str) {
        listBuffer.append(Predef$.MODULE$.wrapRefArray(new Claim[]{new ClaimReadAsParty((String) Ref$.MODULE$.Party().assertFromString(str))}));
    }

    public AuthServiceJWT(JwtVerifierBase jwtVerifierBase) {
        this.verifier = jwtVerifierBase;
        AuthService.$init$(this);
        this.logger = LoggerFactory.getLogger(AuthServiceJWT$.MODULE$.getClass());
    }
}
