package otoroshi.plugins.external;

import akka.actor.ActorRef;
import akka.http.scaladsl.util.FastFuture$;
import java.security.MessageDigest;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.commons.codec.binary.Hex;
import otoroshi.env.Env;
import otoroshi.events.OtoroshiEvent;
import otoroshi.models.ApiKey;
import otoroshi.models.GlobalConfig;
import otoroshi.models.PrivateAppsUser;
import otoroshi.models.ServiceDescriptor;
import otoroshi.script.Access;
import otoroshi.script.AccessContext;
import otoroshi.script.AccessValidator;
import otoroshi.script.NamedPlugin;
import otoroshi.script.PluginType;
import otoroshi.ssl.SSLImplicits$;
import otoroshi.ssl.SSLImplicits$EnhancedX509Certificate$;
import otoroshi.utils.http.Implicits$;
import otoroshi.utils.http.Implicits$BetterStandaloneWSRequest$;
import otoroshi.utils.http.Implicits$BetterStandaloneWSResponse$;
import play.api.libs.json.JsArray$;
import play.api.libs.json.JsLookup$;
import play.api.libs.json.JsNull$;
import play.api.libs.json.JsObject;
import play.api.libs.json.JsObject$;
import play.api.libs.json.JsReadable;
import play.api.libs.json.JsString;
import play.api.libs.json.JsValue;
import play.api.libs.json.JsValue$;
import play.api.libs.json.Json$;
import play.api.libs.json.Reads$;
import play.api.libs.json.Writes$;
import play.api.libs.ws.package$;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.TraversableLike;
import scala.collection.TraversableOnce;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.StringOps;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.duration.Duration$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: external.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005\u0015g\u0001\u0002\n\u0014\u0001iAQa\n\u0001\u0005\u0002!BQa\u000b\u0001\u0005B1BQ\u0001\u000f\u0001\u0005BeBQ!\u0013\u0001\u0005B)CQ\u0001\u0014\u0001\u0005BeBq!\u0014\u0001C\u0002\u0013%a\n\u0003\u0004X\u0001\u0001\u0006Ia\u0014\u0005\u00061\u0002!I!\u0017\u0005\u0006C\u0002!IA\u0019\u0005\u0006]\u0002!Ia\u001c\u0005\b\u0003'\u0001A\u0011BA\u000b\u0011\u001d\t\t\u0004\u0001C\u0005\u0003gAq!!\u0011\u0001\t\u0013\t\u0019\u0005C\u0005\u0002��\u0001\t\n\u0011\"\u0003\u0002\u0002\"I\u0011q\u0013\u0001\u0012\u0002\u0013%\u0011\u0011\u0014\u0005\b\u0003;\u0003A\u0011AAP\u0011\u001d\tI\f\u0001C!\u0003w\u0013Q#\u0012=uKJt\u0017\r\u001c%uiB4\u0016\r\\5eCR|'O\u0003\u0002\u0015+\u0005AQ\r\u001f;fe:\fGN\u0003\u0002\u0017/\u00059\u0001\u000f\\;hS:\u001c(\"\u0001\r\u0002\u0011=$xN]8tQ&\u001c\u0001aE\u0002\u00017\u0005\u0002\"\u0001H\u0010\u000e\u0003uQ\u0011AH\u0001\u0006g\u000e\fG.Y\u0005\u0003Au\u0011a!\u00118z%\u00164\u0007C\u0001\u0012&\u001b\u0005\u0019#B\u0001\u0013\u0018\u0003\u0019\u00198M]5qi&\u0011ae\t\u0002\u0010\u0003\u000e\u001cWm]:WC2LG-\u0019;pe\u00061A(\u001b8jiz\"\u0012!\u000b\t\u0003U\u0001i\u0011aE\u0001\u0005]\u0006lW-F\u0001.!\tqSG\u0004\u00020gA\u0011\u0001'H\u0007\u0002c)\u0011!'G\u0001\u0007yI|w\u000e\u001e \n\u0005Qj\u0012A\u0002)sK\u0012,g-\u0003\u00027o\t11\u000b\u001e:j]\u001eT!\u0001N\u000f\u0002\u001b\u0011,g-Y;mi\u000e{gNZ5h+\u0005Q\u0004c\u0001\u000f<{%\u0011A(\b\u0002\u0007\u001fB$\u0018n\u001c8\u0011\u0005y:U\"A \u000b\u0005\u0001\u000b\u0015\u0001\u00026t_:T!AQ\"\u0002\t1L'm\u001d\u0006\u0003\t\u0016\u000b1!\u00199j\u0015\u00051\u0015\u0001\u00029mCfL!\u0001S \u0003\u0011)\u001bxJ\u00196fGR\f1\u0002Z3tGJL\u0007\u000f^5p]V\t1\nE\u0002\u001dw5\nAbY8oM&<7k\u00195f[\u0006\f\u0001\u0002Z5hKN$XM]\u000b\u0002\u001fB\u0011\u0001+V\u0007\u0002#*\u0011!kU\u0001\tg\u0016\u001cWO]5us*\tA+\u0001\u0003kCZ\f\u0017B\u0001,R\u00055iUm]:bO\u0016$\u0015nZ3ti\u0006IA-[4fgR,'\u000fI\u0001\u0013G>l\u0007/\u001e;f\r&tw-\u001a:Qe&tG\u000f\u0006\u0002.5\")1\f\u0003a\u00019\u0006!1-\u001a:u!\tiv,D\u0001_\u0015\tY\u0016+\u0003\u0002a=\ny\u0001,\u000e\u0019:\u0007\u0016\u0014H/\u001b4jG\u0006$X-A\nd_6\u0004X\u000f^3LKf4%o\\7DQ\u0006Lg\u000e\u0006\u0002.G\")A-\u0003a\u0001K\u0006)1\r[1j]B\u0019am\u001b/\u000f\u0005\u001dLgB\u0001\u0019i\u0013\u0005q\u0012B\u00016\u001e\u0003\u001d\u0001\u0018mY6bO\u0016L!\u0001\\7\u0003\u0007M+\u0017O\u0003\u0002k;\u0005\u0011r-\u001a;M_\u000e\fGNV1mS\u0012\fG/[8o)\r\u0001\u0018q\u0002\u000b\u0005cn\f\t\u0001E\u0002sk^l\u0011a\u001d\u0006\u0003iv\t!bY8oGV\u0014(/\u001a8u\u0013\t18O\u0001\u0004GkR,(/\u001a\t\u00049mB\bC\u0001\u000fz\u0013\tQXDA\u0004C_>dW-\u00198\t\u000bqT\u00019A?\u0002\u0005\u0015\u001c\u0007C\u0001:\u007f\u0013\ty8O\u0001\tFq\u0016\u001cW\u000f^5p]\u000e{g\u000e^3yi\"9\u00111\u0001\u0006A\u0004\u0005\u0015\u0011aA3omB!\u0011qAA\u0006\u001b\t\tIAC\u0002\u0002\u0004]IA!!\u0004\u0002\n\t\u0019QI\u001c<\t\r\u0005E!\u00021\u0001.\u0003\rYW-_\u0001\u0017g\u0016$xi\\8e\u0019>\u001c\u0017\r\u001c,bY&$\u0017\r^5p]R1\u0011qCA\u0013\u0003O!b!!\u0007\u0002\"\u0005\r\u0002\u0003\u0002:v\u00037\u00012\u0001HA\u000f\u0013\r\ty\"\b\u0002\u0005+:LG\u000fC\u0003}\u0017\u0001\u000fQ\u0010C\u0004\u0002\u0004-\u0001\u001d!!\u0002\t\r\u0005E1\u00021\u0001.\u0011\u001d\tIc\u0003a\u0001\u0003W\tqaZ8pIR#H\u000eE\u0002\u001d\u0003[I1!a\f\u001e\u0005\u0011auN\\4\u0002+M,GOQ1e\u0019>\u001c\u0017\r\u001c,bY&$\u0017\r^5p]R1\u0011QGA\u001e\u0003{!b!!\u0007\u00028\u0005e\u0002\"\u0002?\r\u0001\bi\bbBA\u0002\u0019\u0001\u000f\u0011Q\u0001\u0005\u0007\u0003#a\u0001\u0019A\u0017\t\u000f\u0005}B\u00021\u0001\u0002,\u00051!-\u00193Ui2\f\u0001D^1mS\u0012\fG/Z\"feRLg-[2bi\u0016\u001c\u0005.Y5o)1\t)%a\u0013\u0002N\u0005u\u0013\u0011NA;)\u0015\t\u0018qIA%\u0011\u0015aX\u0002q\u0001~\u0011\u001d\t\u0019!\u0004a\u0002\u0003\u000bAQ\u0001Z\u0007A\u0002\u0015Dq!a\u0014\u000e\u0001\u0004\t\t&\u0001\u0003eKN\u001c\u0007\u0003BA*\u00033j!!!\u0016\u000b\u0007\u0005]s#\u0001\u0004n_\u0012,Gn]\u0005\u0005\u00037\n)FA\tTKJ4\u0018nY3EKN\u001c'/\u001b9u_JD\u0011\"a\u0018\u000e!\u0003\u0005\r!!\u0019\u0002\r\u0005\u0004\u0018n[3z!\u0011a2(a\u0019\u0011\t\u0005M\u0013QM\u0005\u0005\u0003O\n)F\u0001\u0004Ba&\\U-\u001f\u0005\n\u0003Wj\u0001\u0013!a\u0001\u0003[\nA!^:feB!AdOA8!\u0011\t\u0019&!\u001d\n\t\u0005M\u0014Q\u000b\u0002\u0010!JLg/\u0019;f\u0003B\u00048/V:fe\"9\u0011qO\u0007A\u0002\u0005e\u0014aA2gOB\u0019!&a\u001f\n\u0007\u0005u4CA\u000eFqR,'O\\1m\u0011R$\bOV1mS\u0012\fGo\u001c:D_:4\u0017nZ\u0001#m\u0006d\u0017\u000eZ1uK\u000e+'\u000f^5gS\u000e\fG/Z\"iC&tG\u0005Z3gCVdG\u000fJ\u001a\u0016\u0005\u0005\r%\u0006BA1\u0003\u000b[#!a\"\u0011\t\u0005%\u00151S\u0007\u0003\u0003\u0017SA!!$\u0002\u0010\u0006IQO\\2iK\u000e\\W\r\u001a\u0006\u0004\u0003#k\u0012AC1o]>$\u0018\r^5p]&!\u0011QSAF\u0005E)hn\u00195fG.,GMV1sS\u0006t7-Z\u0001#m\u0006d\u0017\u000eZ1uK\u000e+'\u000f^5gS\u000e\fG/Z\"iC&tG\u0005Z3gCVdG\u000f\n\u001b\u0016\u0005\u0005m%\u0006BA7\u0003\u000b\u000bAdY1o\u0003\u000e\u001cWm]:XSRD7\t\\5f]R\u001cUM\u001d;DQ\u0006Lg\u000e\u0006\u0005\u0002\"\u0006%\u00161VA[)\u0019\t\u0019+!*\u0002(B\u0019!/\u001e=\t\u000f\u0005\r\u0001\u0003q\u0001\u0002\u0006!)A\u0010\u0005a\u0002{\")A\r\u0005a\u0001K\"9\u0011Q\u0016\tA\u0002\u0005=\u0016aB2p]R,\u0007\u0010\u001e\t\u0004E\u0005E\u0016bAAZG\ti\u0011iY2fgN\u001cuN\u001c;fqRDq!a.\u0011\u0001\u0004\tI(\u0001\u0004wC2\u001cemZ\u0001\nG\u0006t\u0017iY2fgN$B!!0\u0002DR1\u00111UA`\u0003\u0003Dq!a\u0001\u0012\u0001\b\t)\u0001C\u0003}#\u0001\u000fQ\u0010C\u0004\u0002.F\u0001\r!a,")
/* loaded from: input_file:otoroshi/plugins/external/ExternalHttpValidator.class */
public class ExternalHttpValidator implements AccessValidator {
    private final MessageDigest digester;
    private final AtomicReference<ActorRef> otoroshi$script$InternalEventListener$$ref;
    private final Future<BoxedUnit> funit;

    @Override // otoroshi.script.AccessValidator, otoroshi.script.NamedPlugin
    public PluginType pluginType() {
        PluginType pluginType;
        pluginType = pluginType();
        return pluginType;
    }

    @Override // otoroshi.script.AccessValidator
    public Future<Access> access(AccessContext accessContext, Env env, ExecutionContext executionContext) {
        Future<Access> access;
        access = access(accessContext, env, executionContext);
        return access;
    }

    @Override // otoroshi.script.InternalEventListener
    public boolean listening() {
        boolean listening;
        listening = listening();
        return listening;
    }

    @Override // otoroshi.script.InternalEventListener
    public void onEvent(OtoroshiEvent otoroshiEvent, Env env) {
        onEvent(otoroshiEvent, env);
    }

    @Override // otoroshi.script.InternalEventListener
    public void startEvent(String str, Env env) {
        startEvent(str, env);
    }

    @Override // otoroshi.script.InternalEventListener
    public void stopEvent(Env env) {
        stopEvent(env);
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> configRoot() {
        Option<String> configRoot;
        configRoot = configRoot();
        return configRoot;
    }

    @Override // otoroshi.script.NamedPlugin
    public Seq<String> configFlow() {
        Seq<String> configFlow;
        configFlow = configFlow();
        return configFlow;
    }

    @Override // otoroshi.script.NamedPlugin
    public JsObject jsonDescription() {
        JsObject jsonDescription;
        jsonDescription = jsonDescription();
        return jsonDescription;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> startWithPluginId(String str, Env env) {
        Future<BoxedUnit> startWithPluginId;
        startWithPluginId = startWithPluginId(str, env);
        return startWithPluginId;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> start(Env env) {
        Future<BoxedUnit> start;
        start = start(env);
        return start;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> stop(Env env) {
        Future<BoxedUnit> stop;
        stop = stop(env);
        return stop;
    }

    @Override // otoroshi.script.InternalEventListener
    public AtomicReference<ActorRef> otoroshi$script$InternalEventListener$$ref() {
        return this.otoroshi$script$InternalEventListener$$ref;
    }

    @Override // otoroshi.script.InternalEventListener
    public final void otoroshi$script$InternalEventListener$_setter_$otoroshi$script$InternalEventListener$$ref_$eq(AtomicReference<ActorRef> atomicReference) {
        this.otoroshi$script$InternalEventListener$$ref = atomicReference;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> funit() {
        return this.funit;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public void otoroshi$script$StartableAndStoppable$_setter_$funit_$eq(Future<BoxedUnit> future) {
        this.funit = future;
    }

    @Override // otoroshi.script.NamedPlugin
    public String name() {
        return "External Http Validator";
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<JsObject> defaultConfig() {
        return new Some(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("ExternalHttpValidator"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("url"), Json$.MODULE$.toJsFieldJsValueWrapper("http://foo.bar", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("host"), Json$.MODULE$.toJsFieldJsValueWrapper("api.foo.bar", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("goodTtl"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToInteger(600000), Writes$.MODULE$.IntWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("badTtl"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToInteger(60000), Writes$.MODULE$.IntWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("method"), Json$.MODULE$.toJsFieldJsValueWrapper("POST", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("path"), Json$.MODULE$.toJsFieldJsValueWrapper("/certificates/_validate", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("timeout"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToInteger(10000), Writes$.MODULE$.IntWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("noCache"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToBoolean(false), Writes$.MODULE$.BooleanWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("allowNoClientCert"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToBoolean(false), Writes$.MODULE$.BooleanWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("headers"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Nil$.MODULE$), JsObject$.MODULE$.writes())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("mtlsConfig"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("certId"), Json$.MODULE$.toJsFieldJsValueWrapper("...", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("mtls"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToBoolean(false), Writes$.MODULE$.BooleanWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("loose"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToBoolean(false), Writes$.MODULE$.BooleanWrites()))})), JsObject$.MODULE$.writes()))})), JsObject$.MODULE$.writes()))})));
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> description() {
        return new Some(new StringOps(Predef$.MODULE$.augmentString("Calls an external http service to know if a user has access or not. Uses cache for performances.\n      |\n      |The sent payload is the following:\n      |\n      |```json\n      |{\n      |  \"apikey\": {...},\n      |  \"user\": {...},\n      |  \"service\": : {...},\n      |  \"chain\": \"...\",  // PEM cert chain\n      |  \"fingerprints\": [...]\n      |}\n      |```\n      |\n      |This plugin can accept the following configuration\n      |\n      |```json\n      |{\n      |  \"ExternalHttpValidator\": {\n      |    \"url\": \"...\",                      // url for the http call\n      |    \"host\": \"...\",                     // value of the host header for the call. default is host of the url\n      |    \"goodTtl\": 600000,                 // ttl in ms for a validated call\n      |    \"badTtl\": 60000,                   // ttl in ms for a not validated call\n      |    \"method\": \"POST\",                  // http methode\n      |    \"path\": \"/certificates/_validate\", // http uri path\n      |    \"timeout\": 10000,                  // http call timeout\n      |    \"noCache\": false,                  // use cache or not\n      |    \"allowNoClientCert\": false,        //\n      |    \"headers\": {},                      // headers for the http call if needed\n      |    \"mtlsConfig\": {\n      |      \"certId\": \"xxxxx\",\n      |       \"mtls\": false,\n      |       \"loose\": false\n      |    }\n      |  }\n      |}\n      |```\n    ")).stripMargin());
    }

    @Override // otoroshi.script.NamedPlugin
    /* renamed from: configSchema */
    public Option<JsObject> mo426configSchema() {
        Option mo426configSchema;
        mo426configSchema = mo426configSchema();
        return mo426configSchema.map(jsObject -> {
            return jsObject.$plus$plus(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("mtlsConfig.certId"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("type"), Json$.MODULE$.toJsFieldJsValueWrapper("select", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("props"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("label"), Json$.MODULE$.toJsFieldJsValueWrapper("certId", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("placeholer"), Json$.MODULE$.toJsFieldJsValueWrapper("Client cert used for mTLS call", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("valuesFrom"), Json$.MODULE$.toJsFieldJsValueWrapper("/bo/api/proxy/api/certificates?client=true", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("transformerMapping"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("label"), Json$.MODULE$.toJsFieldJsValueWrapper("name", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("value"), Json$.MODULE$.toJsFieldJsValueWrapper("id", Writes$.MODULE$.StringWrites()))})), JsObject$.MODULE$.writes()))})), JsObject$.MODULE$.writes()))})), JsObject$.MODULE$.writes()))})));
        });
    }

    private MessageDigest digester() {
        return this.digester;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String computeFingerPrint(X509Certificate x509Certificate) {
        return Hex.encodeHexString(digester().digest(x509Certificate.getEncoded())).toLowerCase();
    }

    private String computeKeyFromChain(Seq<X509Certificate> seq) {
        return ((TraversableOnce) seq.map(x509Certificate -> {
            return this.computeFingerPrint(x509Certificate);
        }, Seq$.MODULE$.canBuildFrom())).mkString("-");
    }

    private Future<Option<Object>> getLocalValidation(String str, ExecutionContext executionContext, Env env) {
        return env.datastores().clientCertificateValidationDataStore().getValidation(str, executionContext, env);
    }

    private Future<BoxedUnit> setGoodLocalValidation(String str, long j, ExecutionContext executionContext, Env env) {
        return env.datastores().clientCertificateValidationDataStore().setValidation(str, true, j, executionContext, env).map(obj -> {
            $anonfun$setGoodLocalValidation$1(BoxesRunTime.unboxToBoolean(obj));
            return BoxedUnit.UNIT;
        }, executionContext);
    }

    private Future<BoxedUnit> setBadLocalValidation(String str, long j, ExecutionContext executionContext, Env env) {
        return env.datastores().clientCertificateValidationDataStore().setValidation(str, false, j, executionContext, env).map(obj -> {
            $anonfun$setBadLocalValidation$1(BoxesRunTime.unboxToBoolean(obj));
            return BoxedUnit.UNIT;
        }, executionContext);
    }

    private Future<Option<Object>> validateCertificateChain(Seq<X509Certificate> seq, ServiceDescriptor serviceDescriptor, Option<ApiKey> option, Option<PrivateAppsUser> option2, ExternalHttpValidatorConfig externalHttpValidatorConfig, ExecutionContext executionContext, Env env) {
        GlobalConfig latest = env.datastores().globalConfigDataStore().latest(executionContext, env);
        return Implicits$BetterStandaloneWSRequest$.MODULE$.withMaybeProxyServer$extension(Implicits$.MODULE$.BetterStandaloneWSRequest(env.MtlsWs().url(new StringBuilder(0).append(externalHttpValidatorConfig.url()).append(externalHttpValidatorConfig.path()).toString(), externalHttpValidatorConfig.mtlsConfig()).withHttpHeaders((Seq) externalHttpValidatorConfig.headers().toSeq().$plus$plus(new $colon.colon(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("Host"), externalHttpValidatorConfig.host()), new $colon.colon(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("Content-Type"), "application/json"), new $colon.colon(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("Accept"), "application/json"), Nil$.MODULE$))), Seq$.MODULE$.canBuildFrom())).withMethod(externalHttpValidatorConfig.method()).withBody(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("apikey"), Json$.MODULE$.toJsFieldJsValueWrapper(((JsReadable) option.map(apiKey -> {
            return ((JsObject) apiKey.toJson().as(Reads$.MODULE$.JsObjectReads())).$minus("clientSecret");
        }).getOrElse(() -> {
            return JsNull$.MODULE$;
        })).as(Reads$.MODULE$.JsValueReads()), Writes$.MODULE$.jsValueWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("user"), Json$.MODULE$.toJsFieldJsValueWrapper(((JsReadable) option2.map(privateAppsUser -> {
            return privateAppsUser.toJson();
        }).getOrElse(() -> {
            return JsNull$.MODULE$;
        })).as(Reads$.MODULE$.JsValueReads()), Writes$.MODULE$.jsValueWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("service"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("id"), Json$.MODULE$.toJsFieldJsValueWrapper(serviceDescriptor.id(), Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("name"), Json$.MODULE$.toJsFieldJsValueWrapper(serviceDescriptor.name(), Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("groups"), Json$.MODULE$.toJsFieldJsValueWrapper(serviceDescriptor.groups(), Writes$.MODULE$.iterableWrites2(Predef$.MODULE$.$conforms(), Writes$.MODULE$.StringWrites()))), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("domain"), Json$.MODULE$.toJsFieldJsValueWrapper(serviceDescriptor.domain(), Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("env"), Json$.MODULE$.toJsFieldJsValueWrapper(serviceDescriptor.env(), Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("subdomain"), Json$.MODULE$.toJsFieldJsValueWrapper(serviceDescriptor.subdomain(), Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("root"), Json$.MODULE$.toJsFieldJsValueWrapper(serviceDescriptor.root(), Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("metadata"), Json$.MODULE$.toJsFieldJsValueWrapper(serviceDescriptor.metadata(), Writes$.MODULE$.genericMapWrites(Writes$.MODULE$.StringWrites())))})), JsObject$.MODULE$.writes())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("chain"), Json$.MODULE$.toJsFieldJsValueWrapper(((TraversableOnce) seq.map(x509Certificate -> {
            return SSLImplicits$EnhancedX509Certificate$.MODULE$.asPem$extension(SSLImplicits$.MODULE$.EnhancedX509Certificate(x509Certificate));
        }, Seq$.MODULE$.canBuildFrom())).mkString("\n"), Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("fingerprints"), Json$.MODULE$.toJsFieldJsValueWrapper(JsArray$.MODULE$.apply((Seq) ((TraversableLike) seq.map(x509Certificate2 -> {
            return this.computeFingerPrint(x509Certificate2);
        }, Seq$.MODULE$.canBuildFrom())).map(str -> {
            return new JsString(str);
        }, Seq$.MODULE$.canBuildFrom())), Writes$.MODULE$.jsValueWrites()))})), package$.MODULE$.writeableOf_JsValue()).withRequestTimeout(Duration$.MODULE$.apply(externalHttpValidatorConfig.timeout(), TimeUnit.MILLISECONDS))), externalHttpValidatorConfig.proxy().orElse(() -> {
            return latest.proxies().authority();
        })).execute().map(wSResponse -> {
            switch (wSResponse.status()) {
                case 200:
                    return JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) wSResponse.json().as(Reads$.MODULE$.JsObjectReads())), "status").asOpt(Reads$.MODULE$.StringReads()).map(str2 -> {
                        return BoxesRunTime.boxToBoolean($anonfun$validateCertificateChain$10(str2));
                    });
                default:
                    Implicits$BetterStandaloneWSResponse$.MODULE$.ignore$extension(Implicits$.MODULE$.BetterStandaloneWSResponse(wSResponse), env.otoroshiMaterializer());
                    return None$.MODULE$;
            }
        }, executionContext).recover(new ExternalHttpValidator$$anonfun$validateCertificateChain$11(null), executionContext);
    }

    private Option<ApiKey> validateCertificateChain$default$3() {
        return None$.MODULE$;
    }

    private Option<PrivateAppsUser> validateCertificateChain$default$4() {
        return None$.MODULE$;
    }

    public Future<Object> canAccessWithClientCertChain(Seq<X509Certificate> seq, AccessContext accessContext, ExternalHttpValidatorConfig externalHttpValidatorConfig, Env env, ExecutionContext executionContext) {
        Option<ApiKey> apikey = accessContext.apikey();
        Option<PrivateAppsUser> user = accessContext.user();
        ServiceDescriptor descriptor = accessContext.descriptor();
        String sb = new StringBuilder(2).append(computeKeyFromChain(seq)).append("-").append(apikey.map(apiKey -> {
            return apiKey.clientId();
        }).orElse(() -> {
            return user.map(privateAppsUser -> {
                return privateAppsUser.randomId();
            });
        }).getOrElse(() -> {
            return "none";
        })).append("-").append(descriptor.id()).toString();
        return externalHttpValidatorConfig.noCache() ? validateCertificateChain(seq, descriptor, apikey, user, externalHttpValidatorConfig, executionContext, env).map(option -> {
            return BoxesRunTime.boxToBoolean($anonfun$canAccessWithClientCertChain$5(option));
        }, executionContext) : getLocalValidation(sb, executionContext, env).flatMap(option2 -> {
            Future flatMap;
            boolean z = false;
            Some some = null;
            if (option2 instanceof Some) {
                z = true;
                some = (Some) option2;
                if (true == BoxesRunTime.unboxToBoolean(some.value())) {
                    flatMap = (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(true));
                    return flatMap;
                }
            }
            if (z && false == BoxesRunTime.unboxToBoolean(some.value())) {
                flatMap = (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(false));
            } else {
                if (!None$.MODULE$.equals(option2)) {
                    throw new MatchError(option2);
                }
                flatMap = this.validateCertificateChain(seq, descriptor, apikey, user, externalHttpValidatorConfig, executionContext, env).flatMap(option2 -> {
                    Future map;
                    boolean z2 = false;
                    Some some2 = null;
                    if (option2 instanceof Some) {
                        z2 = true;
                        some2 = (Some) option2;
                        if (false == BoxesRunTime.unboxToBoolean(some2.value())) {
                            map = this.setBadLocalValidation(sb, externalHttpValidatorConfig.badTtl(), executionContext, env).map(boxedUnit -> {
                                return BoxesRunTime.boxToBoolean($anonfun$canAccessWithClientCertChain$8(boxedUnit));
                            }, executionContext);
                            return map;
                        }
                    }
                    if (z2 && true == BoxesRunTime.unboxToBoolean(some2.value())) {
                        map = this.setGoodLocalValidation(sb, externalHttpValidatorConfig.goodTtl(), executionContext, env).map(boxedUnit2 -> {
                            return BoxesRunTime.boxToBoolean($anonfun$canAccessWithClientCertChain$9(boxedUnit2));
                        }, executionContext);
                    } else {
                        if (!None$.MODULE$.equals(option2)) {
                            throw new MatchError(option2);
                        }
                        map = this.setBadLocalValidation(sb, externalHttpValidatorConfig.badTtl(), executionContext, env).map(boxedUnit3 -> {
                            return BoxesRunTime.boxToBoolean($anonfun$canAccessWithClientCertChain$10(boxedUnit3));
                        }, executionContext);
                    }
                    return map;
                }, executionContext);
            }
            return flatMap;
        }, executionContext);
    }

    @Override // otoroshi.script.AccessValidator
    public Future<Object> canAccess(AccessContext accessContext, Env env, ExecutionContext executionContext) {
        Future<Object> canAccessWithClientCertChain;
        ExternalHttpValidatorConfig externalHttpValidatorConfig = new ExternalHttpValidatorConfig((JsValue) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(accessContext.config()), "ExternalHttpValidator").asOpt(Reads$.MODULE$.JsValueReads()).orElse(() -> {
            return JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(accessContext.config()), "ExternalHttpValidator").asOpt(Reads$.MODULE$.JsValueReads());
        }).getOrElse(() -> {
            return accessContext.config();
        }));
        boolean z = false;
        Some clientCertificateChain = accessContext.request().clientCertificateChain();
        if (None$.MODULE$.equals(clientCertificateChain)) {
            z = true;
            if (!externalHttpValidatorConfig.allowNoClientCert()) {
                canAccessWithClientCertChain = (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(false));
                return canAccessWithClientCertChain;
            }
        }
        if (z && externalHttpValidatorConfig.allowNoClientCert()) {
            canAccessWithClientCertChain = canAccessWithClientCertChain((Seq) Nil$.MODULE$, accessContext, externalHttpValidatorConfig, env, executionContext);
        } else {
            if (!(clientCertificateChain instanceof Some)) {
                throw new MatchError(clientCertificateChain);
            }
            canAccessWithClientCertChain = canAccessWithClientCertChain((Seq) clientCertificateChain.value(), accessContext, externalHttpValidatorConfig, env, executionContext);
        }
        return canAccessWithClientCertChain;
    }

    public static final /* synthetic */ void $anonfun$setGoodLocalValidation$1(boolean z) {
    }

    public static final /* synthetic */ void $anonfun$setBadLocalValidation$1(boolean z) {
    }

    public static final /* synthetic */ boolean $anonfun$validateCertificateChain$10(String str) {
        String lowerCase = str.toLowerCase();
        return lowerCase != null ? lowerCase.equals("good") : "good" == 0;
    }

    public static final /* synthetic */ boolean $anonfun$canAccessWithClientCertChain$5(Option option) {
        boolean z;
        if (option instanceof Some) {
            z = BoxesRunTime.unboxToBoolean(((Some) option).value());
        } else {
            if (!None$.MODULE$.equals(option)) {
                throw new MatchError(option);
            }
            z = false;
        }
        return z;
    }

    public static final /* synthetic */ boolean $anonfun$canAccessWithClientCertChain$8(BoxedUnit boxedUnit) {
        return false;
    }

    public static final /* synthetic */ boolean $anonfun$canAccessWithClientCertChain$9(BoxedUnit boxedUnit) {
        return true;
    }

    public static final /* synthetic */ boolean $anonfun$canAccessWithClientCertChain$10(BoxedUnit boxedUnit) {
        return false;
    }

    public ExternalHttpValidator() {
        otoroshi$script$StartableAndStoppable$_setter_$funit_$eq((Future) FastFuture$.MODULE$.successful().apply(BoxedUnit.UNIT));
        NamedPlugin.$init$(this);
        otoroshi$script$InternalEventListener$_setter_$otoroshi$script$InternalEventListener$$ref_$eq(new AtomicReference<>());
        AccessValidator.$init$((AccessValidator) this);
        this.digester = MessageDigest.getInstance("SHA-1");
    }
}
