package otoroshi.auth;

import akka.http.scaladsl.util.FastFuture$;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.joda.time.DateTime;
import otoroshi.controllers.routes;
import otoroshi.env.Env;
import otoroshi.models.AlgoSettings;
import otoroshi.models.BackOfficeUser;
import otoroshi.models.BackOfficeUser$;
import otoroshi.models.GlobalConfig;
import otoroshi.models.InputMode;
import otoroshi.models.PrivateAppsUser;
import otoroshi.models.PrivateAppsUser$;
import otoroshi.models.RefreshableUser;
import otoroshi.models.ServiceDescriptor;
import otoroshi.models.TeamAccess$;
import otoroshi.models.TenantAccess$;
import otoroshi.models.UserRight;
import otoroshi.models.UserRights;
import otoroshi.models.UserRights$;
import otoroshi.security.IdGenerator$;
import otoroshi.utils.http.Implicits$;
import otoroshi.utils.http.Implicits$BetterStandaloneWSRequest$;
import otoroshi.utils.syntax.implicits$;
import otoroshi.utils.syntax.implicits$BetterSyntax$;
import play.api.Logger;
import play.api.Logger$;
import play.api.MarkerContext$;
import play.api.libs.json.JsLookup$;
import play.api.libs.json.JsObject;
import play.api.libs.json.JsValue;
import play.api.libs.json.JsValue$;
import play.api.libs.json.Json$;
import play.api.libs.json.Reads$;
import play.api.libs.json.Writes$;
import play.api.libs.ws.DefaultBodyWritables$;
import play.api.libs.ws.WSRequest;
import play.api.libs.ws.WSResponse;
import play.api.mvc.AnyContent;
import play.api.mvc.Request;
import play.api.mvc.RequestHeader;
import play.api.mvc.Result;
import play.api.mvc.Results$;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Product;
import scala.Serializable;
import scala.Some;
import scala.Tuple2;
import scala.Tuple3;
import scala.collection.GenTraversableOnce;
import scala.collection.Iterator;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.TraversableOnce;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Iterable$;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.StringOps;
import scala.collection.immutable.StringOps$;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.package$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;
import scala.util.Either;
import scala.util.Failure;
import scala.util.Success;
import scala.util.Try$;

/* compiled from: oauth.scala */
@ScalaSignature(bytes = "\u0006\u0001\r\u001dc\u0001B\u0015+\u0001>B\u0001\u0002\u0011\u0001\u0003\u0016\u0004%\t!\u0011\u0005\t\u000b\u0002\u0011\t\u0012)A\u0005\u0005\")a\t\u0001C\u0001\u000f\"A!\n\u0001EC\u0002\u0013\u00051\nC\u0003U\u0001\u0011%Q\u000bC\u0003q\u0001\u0011\u0005\u0013\u000fC\u0004\u00020\u0001!I!!\r\t\u0013\u0005]\u0003!%A\u0005\n\u0005e\u0003bBA8\u0001\u0011\u0005\u0013\u0011\u000f\u0005\b\u0003{\u0002A\u0011IA@\u0011\u001d\ti\u000b\u0001C!\u0003_Cq!a1\u0001\t\u0003\t)\rC\u0005\u0002f\u0002\t\n\u0011\"\u0001\u0002Z!9\u0011q\u001d\u0001\u0005\u0002\u0005%\bbBA\u007f\u0001\u0011\u0005\u0011q \u0005\b\u00057\u0001A\u0011\u0001B\u000f\u0011\u001d\u0011y\u0003\u0001C\u0001\u0005cAqA!\u0010\u0001\t\u0003\u0011y\u0004C\u0004\u0003J\u0001!\tEa\u0013\t\u000f\t%\u0004\u0001\"\u0011\u0003l!9!1\u0010\u0001\u0005\n\tu\u0004b\u0002BS\u0001\u0011%!q\u0015\u0005\b\u0005s\u0003A\u0011\u0001B^\u0011%\u00119\rAA\u0001\n\u0003\u0011I\rC\u0005\u0003N\u0002\t\n\u0011\"\u0001\u0003P\"I!1\u001b\u0001\u0002\u0002\u0013\u0005#Q\u001b\u0005\n\u0005/\u0004\u0011\u0011!C\u0001\u00053D\u0011B!9\u0001\u0003\u0003%\tAa9\t\u0013\t=\b!!A\u0005B\tE\b\"\u0003B��\u0001\u0005\u0005I\u0011AB\u0001\u0011%\u0019)\u0001AA\u0001\n\u0003\u001a9\u0001C\u0005\u0004\n\u0001\t\t\u0011\"\u0011\u0004\f!I1Q\u0002\u0001\u0002\u0002\u0013\u00053qB\u0004\b\u0007'Q\u0003\u0012AB\u000b\r\u0019I#\u0006#\u0001\u0004\u0018!1ai\tC\u0001\u00073AqA!/$\t\u0003\u0019Y\u0002C\u0005\u0004.\r\n\t\u0011\"!\u00040!I11G\u0012\u0002\u0002\u0013\u00055Q\u0007\u0005\n\u0007{\u0019\u0013\u0011!C\u0005\u0007\u007f\u00111cR3oKJL7mT1vi\"\u0014Tj\u001c3vY\u0016T!a\u000b\u0017\u0002\t\u0005,H\u000f\u001b\u0006\u0002[\u0005Aq\u000e^8s_ND\u0017n\u0001\u0001\u0014\u000b\u0001\u0001dGO\u001f\u0011\u0005E\"T\"\u0001\u001a\u000b\u0003M\nQa]2bY\u0006L!!\u000e\u001a\u0003\r\u0005s\u0017PU3g!\t9\u0004(D\u0001+\u0013\tI$F\u0001\u0006BkRDWj\u001c3vY\u0016\u0004\"!M\u001e\n\u0005q\u0012$a\u0002)s_\u0012,8\r\u001e\t\u0003cyJ!a\u0010\u001a\u0003\u0019M+'/[1mSj\f'\r\\3\u0002\u0015\u0005,H\u000f[\"p]\u001aLw-F\u0001C!\t94)\u0003\u0002EU\t\u0011r*Q;uQJju\u000eZ;mK\u000e{gNZ5h\u0003-\tW\u000f\u001e5D_:4\u0017n\u001a\u0011\u0002\rqJg.\u001b;?)\tA\u0015\n\u0005\u00028\u0001!)\u0001i\u0001a\u0001\u0005\u00061An\\4hKJ,\u0012\u0001\u0014\t\u0003\u001bJk\u0011A\u0014\u0006\u0003\u001fB\u000b1!\u00199j\u0015\u0005\t\u0016\u0001\u00029mCfL!a\u0015(\u0003\r1{wmZ3s\u00031)gn\u0019:zaR\u001cF/\u0019;f)\t1f\r\u0006\u0002X?B\u0011\u0001,X\u0007\u00023*\u0011!lW\u0001\u0005Y\u0006twMC\u0001]\u0003\u0011Q\u0017M^1\n\u0005yK&AB*ue&tw\rC\u0003a\u000b\u0001\u000f\u0011-A\u0002f]Z\u0004\"A\u00193\u000e\u0003\rT!\u0001\u0019\u0017\n\u0005\u0015\u001c'aA#om\")q-\u0002a\u0001Q\u0006i1/[4oS:<wJ\u00196fGR\u0004\"!\u001b8\u000e\u0003)T!a\u001b7\u0002\t)\u001cxN\u001c\u0006\u0003[:\u000bA\u0001\\5cg&\u0011qN\u001b\u0002\b\u0015N4\u0016\r\\;f\u0003-\u0001\u0018\rT8hS:\u0004\u0016mZ3\u0015\u000fI\fY!!\u0006\u0002&Q!1o`A\u0005!\r!x/_\u0007\u0002k*\u0011aOM\u0001\u000bG>t7-\u001e:sK:$\u0018B\u0001=v\u0005\u00191U\u000f^;sKB\u0011!0`\u0007\u0002w*\u0011APT\u0001\u0004[Z\u001c\u0017B\u0001@|\u0005\u0019\u0011Vm];mi\"9\u0011\u0011\u0001\u0004A\u0004\u0005\r\u0011AA3d!\r!\u0018QA\u0005\u0004\u0003\u000f)(\u0001E#yK\u000e,H/[8o\u0007>tG/\u001a=u\u0011\u0015\u0001g\u0001q\u0001b\u0011\u001d\tiA\u0002a\u0001\u0003\u001f\tqA]3rk\u0016\u001cH\u000fE\u0002{\u0003#I1!a\u0005|\u00055\u0011V-];fgRDU-\u00193fe\"9\u0011q\u0003\u0004A\u0002\u0005e\u0011AB2p]\u001aLw\r\u0005\u0003\u0002\u001c\u0005\u0005RBAA\u000f\u0015\r\ty\u0002L\u0001\u0007[>$W\r\\:\n\t\u0005\r\u0012Q\u0004\u0002\r\u000f2|'-\u00197D_:4\u0017n\u001a\u0005\b\u0003O1\u0001\u0019AA\u0015\u0003)!Wm]2sSB$xN\u001d\t\u0005\u00037\tY#\u0003\u0003\u0002.\u0005u!!E*feZL7-\u001a#fg\u000e\u0014\u0018\u000e\u001d;pe\u0006\tr-\u001a8fe\u0006$X\rU&D\u000b\u000e{G-Z:\u0015\t\u0005M\u0012Q\n\t\bc\u0005U\u0012\u0011H,X\u0013\r\t9D\r\u0002\u0007)V\u0004H.Z\u001a\u0011\t\u0005m\u0012\u0011\n\b\u0005\u0003{\t)\u0005E\u0002\u0002@Ij!!!\u0011\u000b\u0007\u0005\rc&\u0001\u0004=e>|GOP\u0005\u0004\u0003\u000f\u0012\u0014A\u0002)sK\u0012,g-C\u0002_\u0003\u0017R1!a\u00123\u0011%\tye\u0002I\u0001\u0002\u0004\t\t&A\nd_\u0012,7\t[1mY\u0016tw-Z'fi\"|G\rE\u00032\u0003'\nI$C\u0002\u0002VI\u0012aa\u00149uS>t\u0017aG4f]\u0016\u0014\u0018\r^3Q\u0017\u000e+5i\u001c3fg\u0012\"WMZ1vYR$\u0013'\u0006\u0002\u0002\\)\"\u0011\u0011KA/W\t\ty\u0006\u0005\u0003\u0002b\u0005-TBAA2\u0015\u0011\t)'a\u001a\u0002\u0013Ut7\r[3dW\u0016$'bAA5e\u0005Q\u0011M\u001c8pi\u0006$\u0018n\u001c8\n\t\u00055\u00141\r\u0002\u0012k:\u001c\u0007.Z2lK\u00124\u0016M]5b]\u000e,\u0017a\u00032p\u0019><\u0017N\u001c)bO\u0016$b!a\u001d\u0002z\u0005mD#B:\u0002v\u0005]\u0004bBA\u0001\u0013\u0001\u000f\u00111\u0001\u0005\u0006A&\u0001\u001d!\u0019\u0005\b\u0003\u001bI\u0001\u0019AA\b\u0011\u001d\t9\"\u0003a\u0001\u00033\t\u0001\u0002]1M_\u001e|W\u000f\u001e\u000b\u000b\u0003\u0003\u000bY*!(\u0002*\u0006-FCBAB\u0003/\u000bI\n\u0005\u0003uo\u0006\u0015\u0005cBAD\u0003#K\u0018\u0011\u000b\b\u0005\u0003\u0013\u000biI\u0004\u0003\u0002@\u0005-\u0015\"A\u001a\n\u0007\u0005=%'A\u0004qC\u000e\\\u0017mZ3\n\t\u0005M\u0015Q\u0013\u0002\u0007\u000b&$\b.\u001a:\u000b\u0007\u0005=%\u0007C\u0004\u0002\u0002)\u0001\u001d!a\u0001\t\u000b\u0001T\u00019A1\t\u000f\u00055!\u00021\u0001\u0002\u0010!9\u0011q\u0014\u0006A\u0002\u0005\u0005\u0016\u0001B;tKJ\u0004R!MA*\u0003G\u0003B!a\u0007\u0002&&!\u0011qUA\u000f\u0005=\u0001&/\u001b<bi\u0016\f\u0005\u000f]:Vg\u0016\u0014\bbBA\f\u0015\u0001\u0007\u0011\u0011\u0004\u0005\b\u0003OQ\u0001\u0019AA\u0015\u0003!\u0011w\u000eT8h_V$H\u0003CAY\u0003o\u000bI,!1\u0015\r\u0005\r\u00151WA[\u0011\u001d\t\ta\u0003a\u0002\u0003\u0007AQ\u0001Y\u0006A\u0004\u0005Dq!!\u0004\f\u0001\u0004\ty\u0001C\u0004\u0002 .\u0001\r!a/\u0011\t\u0005m\u0011QX\u0005\u0005\u0003\u007f\u000biB\u0001\bCC\u000e\\wJ\u001a4jG\u0016,6/\u001a:\t\u000f\u0005]1\u00021\u0001\u0002\u001a\u0005Aq-\u001a;U_.,g\u000e\u0006\b\u0002H\u0006=\u00171[Al\u00037\fy.!9\u0015\r\u0005%\u00171ZAg!\r!x\u000f\u001b\u0005\u0006A2\u0001\u001d!\u0019\u0005\b\u0003\u0003a\u00019AA\u0002\u0011\u001d\t\t\u000e\u0004a\u0001\u0003s\tAaY8eK\"9\u0011Q\u001b\u0007A\u0002\u0005e\u0012\u0001C2mS\u0016tG/\u00133\t\u000f\u0005eG\u00021\u0001\u0002R\u0005a1\r\\5f]R\u001cVm\u0019:fi\"9\u0011Q\u001c\u0007A\u0002\u0005e\u0012a\u0003:fI&\u0014Xm\u0019;Ve&Dq!a\u0006\r\u0001\u0004\tI\u0002C\u0005\u0002d2\u0001\n\u00111\u0001\u0002R\u0005a1m\u001c3f-\u0016\u0014\u0018NZ5fe\u0006\u0011r-\u001a;U_.,g\u000e\n3fM\u0006,H\u000e\u001e\u00137\u0003=\u0011XM\u001a:fg\"$\u0006.\u001a+pW\u0016tG\u0003DAv\u0003c\f)0a>\u0002z\u0006mHCBAe\u0003[\fy\u000fC\u0003a\u001d\u0001\u000f\u0011\rC\u0004\u0002\u00029\u0001\u001d!a\u0001\t\u000f\u0005Mh\u00021\u0001\u0002:\u0005a!/\u001a4sKNDGk\\6f]\"9\u0011Q\u001b\bA\u0002\u0005e\u0002bBAm\u001d\u0001\u0007\u0011\u0011\u000b\u0005\b\u0003;t\u0001\u0019AA\u001d\u0011\u001d\t9B\u0004a\u0001\u00033\tabZ3u+N,'/\u00138g_J\u000bw\u000f\u0006\u0004\u0003\u0002\tU!\u0011\u0004\u000b\u0007\u0005\u0007\u0011\tBa\u0005\u0011\tQ<(Q\u0001\t\u0005\u0005\u000f\u0011i!\u0004\u0002\u0003\n)\u0019!1\u00027\u0002\u0005]\u001c\u0018\u0002\u0002B\b\u0005\u0013\u0011!bV*SKN\u0004xN\\:f\u0011\u0015\u0001w\u0002q\u0001b\u0011\u001d\t\ta\u0004a\u0002\u0003\u0007AqAa\u0006\u0010\u0001\u0004\tI$A\u0006bG\u000e,7o\u001d+pW\u0016t\u0007bBA\f\u001f\u0001\u0007\u0011\u0011D\u0001\u0016Kb$(/Y2u\u001fR|'o\\:iSJKw\r\u001b;t)\u0019\u0011yB!\n\u0003*A!\u00111\u0004B\u0011\u0013\u0011\u0011\u0019#!\b\u0003\u0015U\u001bXM\u001d*jO\"$8\u000f\u0003\u0004\u0003(A\u0001\r\u0001[\u0001\baJ|g-\u001b7f\u0011\u001d\u0011Y\u0003\u0005a\u0001\u0005[\tq\u0001Z3gCVdG\u000fE\u00032\u0003'\u0012y\"A\u0006hKR,6/\u001a:J]\u001a|GC\u0002B\u001a\u0005s\u0011Y\u0004\u0006\u0004\u0002J\nU\"q\u0007\u0005\u0006AF\u0001\u001d!\u0019\u0005\b\u0003\u0003\t\u00029AA\u0002\u0011\u001d\u00119\"\u0005a\u0001\u0003sAq!a\u0006\u0012\u0001\u0004\tI\"\u0001\u000bsK\u0006$\u0007K]8gS2,gI]8n)>\\WM\u001c\u000b\u0005\u0005\u0003\u00129\u0005\u0006\u0004\u0002J\n\r#Q\t\u0005\u0006AJ\u0001\u001d!\u0019\u0005\b\u0003\u0003\u0011\u00029AA\u0002\u0011\u001d\u00119B\u0005a\u0001\u0003s\t!\u0002]1DC2d'-Y2l)!\u0011iEa\u0016\u0003f\t\u001dDC\u0002B(\u0005'\u0012)\u0006\u0005\u0003uo\nE\u0003\u0003CAD\u0003#\u000bI$a)\t\u000f\u0005\u00051\u0003q\u0001\u0002\u0004!)\u0001m\u0005a\u0002C\"9\u0011QB\nA\u0002\te\u0003#\u0002>\u0003\\\t}\u0013b\u0001B/w\n9!+Z9vKN$\bc\u0001>\u0003b%\u0019!1M>\u0003\u0015\u0005s\u0017pQ8oi\u0016tG\u000fC\u0004\u0002\u0018M\u0001\r!!\u0007\t\u000f\u0005\u001d2\u00031\u0001\u0002*\u0005Q!m\\\"bY2\u0014\u0017mY6\u0015\r\t5$q\u000fB=)\u0019\u0011yGa\u001d\u0003vA!Ao\u001eB9!!\t9)!%\u0002:\u0005m\u0006bBA\u0001)\u0001\u000f\u00111\u0001\u0005\u0006AR\u0001\u001d!\u0019\u0005\b\u0003\u001b!\u0002\u0019\u0001B-\u0011\u001d\t9\u0002\u0006a\u0001\u00033\t1$[:BG\u000e,7o\u001d+pW\u0016t\u0017IV1mS\u0012Tu\u000f\u001e+pW\u0016tG\u0003\u0002B@\u0005G#BA!!\u0003\u0012R1!1\u0011BF\u0005\u001f\u0003B\u0001^<\u0003\u0006B\u0019\u0011Ga\"\n\u0007\t%%G\u0001\u0003V]&$\bb\u0002BG+\u0001\u000f\u00111A\u0001\u0011Kb,7-\u001e;j_:\u001cuN\u001c;fqRDQ\u0001Y\u000bA\u0004\u0005DqAa%\u0016\u0001\u0004\u0011)*A\u0001g!\u001d\t$q\u0013BN\u0005\u0007K1A!'3\u0005%1UO\\2uS>t\u0017\u0007E\u00032\u0003'\u0012i\nE\u00022\u0005?K1A!)3\u0005\u001d\u0011un\u001c7fC:DqAa\u0006\u0016\u0001\u0004\tI$\u0001\u0006sK:,w\u000fV8lK:$bA!+\u00030\nEFC\u0002BB\u0005W\u0013i\u000bC\u0004\u0003\u000eZ\u0001\u001d!a\u0001\t\u000b\u00014\u00029A1\t\u000f\u0005Mh\u00031\u0001\u0002:!9\u0011q\u0014\fA\u0002\tM\u0006\u0003BA\u000e\u0005kKAAa.\u0002\u001e\ty!+\u001a4sKND\u0017M\u00197f+N,'/\u0001\niC:$G.\u001a+pW\u0016t'+\u001a4sKNDGC\u0002B_\u0005\u0007\u0014)\r\u0006\u0004\u0003\u0004\n}&\u0011\u0019\u0005\u0006A^\u0001\u001d!\u0019\u0005\b\u0003\u00039\u00029AA\u0002\u0011\u0015Ys\u00031\u0001C\u0011\u001d\tyj\u0006a\u0001\u0005g\u000bAaY8qsR\u0019\u0001Ja3\t\u000f\u0001C\u0002\u0013!a\u0001\u0005\u0006q1m\u001c9zI\u0011,g-Y;mi\u0012\nTC\u0001BiU\r\u0011\u0015QL\u0001\u000eaJ|G-^2u!J,g-\u001b=\u0016\u0003]\u000bA\u0002\u001d:pIV\u001cG/\u0011:jif,\"Aa7\u0011\u0007E\u0012i.C\u0002\u0003`J\u00121!\u00138u\u00039\u0001(o\u001c3vGR,E.Z7f]R$BA!:\u0003lB\u0019\u0011Ga:\n\u0007\t%(GA\u0002B]fD\u0011B!<\u001d\u0003\u0003\u0005\rAa7\u0002\u0007a$\u0013'A\bqe>$Wo\u0019;Ji\u0016\u0014\u0018\r^8s+\t\u0011\u0019\u0010\u0005\u0004\u0003v\nm(Q]\u0007\u0003\u0005oT1A!?3\u0003)\u0019w\u000e\u001c7fGRLwN\\\u0005\u0005\u0005{\u00149P\u0001\u0005Ji\u0016\u0014\u0018\r^8s\u0003!\u0019\u0017M\\#rk\u0006dG\u0003\u0002BO\u0007\u0007A\u0011B!<\u001f\u0003\u0003\u0005\rA!:\u0002\u0011!\f7\u000f[\"pI\u0016$\"Aa7\u0002\u0011Q|7\u000b\u001e:j]\u001e$\u0012aV\u0001\u0007KF,\u0018\r\\:\u0015\t\tu5\u0011\u0003\u0005\n\u0005[\f\u0013\u0011!a\u0001\u0005K\f1cR3oKJL7mT1vi\"\u0014Tj\u001c3vY\u0016\u0004\"aN\u0012\u0014\u0007\r\u0002T\b\u0006\u0002\u0004\u0016Q11QDB\u0012\u0007W!bAa!\u0004 \r\u0005\u0002bBA\u0001K\u0001\u000f\u00111\u0001\u0005\u0006A\u0016\u0002\u001d!\u0019\u0005\u0007W\u0015\u0002\ra!\n\u0011\u0007]\u001a9#C\u0002\u0004*)\u0012\u0001#Q;uQ6{G-\u001e7f\u0007>tg-[4\t\u000f\u0005}U\u00051\u0001\u00034\u0006)\u0011\r\u001d9msR\u0019\u0001j!\r\t\u000b\u00013\u0003\u0019\u0001\"\u0002\u000fUt\u0017\r\u001d9msR!1qGB\u001d!\u0011\t\u00141\u000b\"\t\u0011\rmr%!AA\u0002!\u000b1\u0001\u001f\u00131\u0003-\u0011X-\u00193SKN|GN^3\u0015\u0005\r\u0005\u0003c\u0001-\u0004D%\u00191QI-\u0003\r=\u0013'.Z2u\u0001")
/* loaded from: input_file:otoroshi/auth/GenericOauth2Module.class */
public class GenericOauth2Module implements AuthModule, Product, Serializable {
    private Logger logger;
    private final OAuth2ModuleConfig authConfig;
    private volatile boolean bitmap$0;

    public static Option<OAuth2ModuleConfig> unapply(GenericOauth2Module genericOauth2Module) {
        return GenericOauth2Module$.MODULE$.unapply(genericOauth2Module);
    }

    public static GenericOauth2Module apply(OAuth2ModuleConfig oAuth2ModuleConfig) {
        return GenericOauth2Module$.MODULE$.apply(oAuth2ModuleConfig);
    }

    public OAuth2ModuleConfig authConfig() {
        return this.authConfig;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8, types: [otoroshi.auth.GenericOauth2Module] */
    private Logger logger$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.logger = Logger$.MODULE$.apply("otoroshi-global-oauth2-module");
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        return this.logger;
    }

    public Logger logger() {
        return !this.bitmap$0 ? logger$lzycompute() : this.logger;
    }

    private String encryptState(JsValue jsValue, Env env) {
        Cipher cipher = Cipher.getInstance("AES");
        cipher.init(1, new SecretKeySpec(((String) new StringOps(Predef$.MODULE$.augmentString(((TraversableOnce) new StringOps(Predef$.MODULE$.augmentString(env.otoroshiSecret())).padTo(16, "0", Predef$.MODULE$.fallbackStringCanBuildFrom())).mkString(""))).take(16)).getBytes(), "AES"));
        return Base64.getUrlEncoder().encodeToString(cipher.doFinal(Json$.MODULE$.stringify(jsValue).getBytes()));
    }

    @Override // otoroshi.auth.AuthModule
    public Future<Result> paLoginPage(RequestHeader requestHeader, GlobalConfig globalConfig, ServiceDescriptor serviceDescriptor, ExecutionContext executionContext, Env env) {
        Tuple2 tuple2;
        Option queryString = requestHeader.getQueryString("redirect");
        String clientId = authConfig().clientId();
        String scope = authConfig().scope();
        String str = (String) Option$.MODULE$.apply(authConfig().claims()).filterNot(str2 -> {
            return BoxesRunTime.boxToBoolean(str2.isEmpty());
        }).map(str3 -> {
            return new StringBuilder(8).append("claims=").append(str3).append("&").toString();
        }).getOrElse(() -> {
            return "";
        });
        String sb = authConfig().useCookie() ? "" : new StringBuilder(6).append("?desc=").append(serviceDescriptor.id()).toString();
        String sign = env.sign(new StringBuilder(3).append(authConfig().id()).append(":::").append(serviceDescriptor.id()).toString());
        String callbackUrl = authConfig().noWildcardRedirectURI() ? authConfig().callbackUrl() : (String) implicits$BetterSyntax$.MODULE$.applyOn$extension(implicits$.MODULE$.BetterSyntax(new StringBuilder(0).append(authConfig().callbackUrl()).append(sb).toString()), str4 -> {
            return (this.authConfig().useCookie() || !str4.contains("?")) ? (this.authConfig().useCookie() || str4.contains("?")) ? str4 : new StringBuilder(6).append(str4).append("?hash=").append(sign).toString() : new StringBuilder(6).append(str4).append("&hash=").append(sign).toString();
        });
        String encryptState = authConfig().noWildcardRedirectURI() ? encryptState(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("descriptor"), Json$.MODULE$.toJsFieldJsValueWrapper(serviceDescriptor.id(), Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("hash"), Json$.MODULE$.toJsFieldJsValueWrapper(sign, Writes$.MODULE$.StringWrites()))})), env) : "";
        if (authConfig().noWildcardRedirectURI() && logger().isDebugEnabled(MarkerContext$.MODULE$.NoMarker())) {
            logger().debug(() -> {
                return new StringBuilder(12).append("secret used ").append(callbackUrl).toString();
            }, MarkerContext$.MODULE$.NoMarker());
            logger().debug(() -> {
                return encryptState;
            }, MarkerContext$.MODULE$.NoMarker());
        }
        Some pkce = authConfig().pkce();
        if ((pkce instanceof Some) && ((PKCEConfig) pkce.value()).enabled()) {
            Tuple3<String, String, String> generatePKCECodes = generatePKCECodes(authConfig().pkce().map(pKCEConfig -> {
                return pKCEConfig.algorithm();
            }));
            if (generatePKCECodes == null) {
                throw new MatchError(generatePKCECodes);
            }
            Tuple3 tuple3 = new Tuple3((String) generatePKCECodes._1(), (String) generatePKCECodes._2(), (String) generatePKCECodes._3());
            String str5 = (String) tuple3._1();
            String str6 = (String) tuple3._2();
            String str7 = (String) tuple3._3();
            if (logger().isDebugEnabled(MarkerContext$.MODULE$.NoMarker())) {
                logger().debug(() -> {
                    return new StringBuilder(85).append("using pkce flow with code_verifier = ").append(str5).append(", code_challenge = ").append(str6).append(" and code_challenge_method = ").append(str7).toString();
                }, MarkerContext$.MODULE$.NoMarker());
            }
            tuple2 = new Tuple2(new StringBuilder(86).append(authConfig().loginUrl()).append("?scope=").append(scope).append("&").append(str).append("client_id=").append(clientId).append("&response_type=").append("code").append("&redirect_uri=").append(callbackUrl).append("&code_challenge=").append(str6).append("&code_challenge_method=").append(str7).toString(), new $colon.colon(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(new StringBuilder(14).append(authConfig().id()).append("-code_verifier").toString()), str5), Nil$.MODULE$));
        } else {
            if (logger().isDebugEnabled(MarkerContext$.MODULE$.NoMarker())) {
                logger().debug(() -> {
                    return "not using pkce flow";
                }, MarkerContext$.MODULE$.NoMarker());
            }
            tuple2 = new Tuple2(new StringBuilder(47).append(authConfig().loginUrl()).append("?scope=").append(scope).append("&").append(str).append("client_id=").append(clientId).append("&response_type=").append("code").append("&redirect_uri=").append(callbackUrl).toString(), Nil$.MODULE$);
        }
        Tuple2 tuple22 = tuple2;
        if (tuple22 == null) {
            throw new MatchError(tuple22);
        }
        Tuple2 tuple23 = new Tuple2((String) tuple22._1(), (Seq) tuple22._2());
        String str8 = (String) tuple23._1();
        return implicits$BetterSyntax$.MODULE$.asFuture$extension(implicits$.MODULE$.BetterSyntax(Results$.MODULE$.Redirect(authConfig().noWildcardRedirectURI() ? new StringBuilder(7).append(str8).append("&state=").append(encryptState).toString() : str8, Results$.MODULE$.Redirect$default$2(), Results$.MODULE$.Redirect$default$3()).addingToSession((Seq) ((Seq) tuple23._2()).$plus$plus(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("hash"), sign), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(new StringBuilder(24).append("pa-redirect-after-login-").append(authConfig().cookieSuffix(serviceDescriptor)).toString()), queryString.getOrElse(() -> {
            return routes.PrivateAppsController.home().absoluteURL(env.exposedRootSchemeIsHttps(), requestHeader);
        }))})), Seq$.MODULE$.canBuildFrom()), requestHeader)));
    }

    private Tuple3<String, String, String> generatePKCECodes(Option<String> option) {
        byte[] bArr = new byte[120];
        new SecureRandom().nextBytes(bArr);
        String slice$extension = StringOps$.MODULE$.slice$extension(Predef$.MODULE$.augmentString(new String(Base64.getUrlEncoder().withoutPadding().encodeToString(bArr))), 0, 120);
        byte[] bytes = slice$extension.getBytes("US-ASCII");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(bytes, 0, bytes.length);
        return ((option instanceof Some) && "S256".equals((String) ((Some) option).value())) ? new Tuple3<>(slice$extension, org.apache.commons.codec.binary.Base64.encodeBase64URLSafeString(messageDigest.digest()), "S256") : new Tuple3<>(slice$extension, slice$extension, "plain");
    }

    private Option<String> generatePKCECodes$default$1() {
        return new Some("S256");
    }

    @Override // otoroshi.auth.AuthModule
    public Future<Result> boLoginPage(RequestHeader requestHeader, GlobalConfig globalConfig, ExecutionContext executionContext, Env env) {
        Tuple2 tuple2;
        Option queryString = requestHeader.getQueryString("redirect");
        String clientId = authConfig().clientId();
        String scope = authConfig().scope();
        String str = (String) Option$.MODULE$.apply(authConfig().claims()).filterNot(str2 -> {
            return BoxesRunTime.boxToBoolean(str2.isEmpty());
        }).map(str3 -> {
            return new StringBuilder(8).append("claims=").append(str3).append("&").toString();
        }).getOrElse(() -> {
            return "";
        });
        String sign = env.sign(new StringBuilder(13).append(authConfig().id()).append(":::backoffice").toString());
        String callbackUrl = authConfig().noWildcardRedirectURI() ? authConfig().callbackUrl() : (String) implicits$BetterSyntax$.MODULE$.applyOn$extension(implicits$.MODULE$.BetterSyntax(authConfig().callbackUrl()), str4 -> {
            return (this.authConfig().useCookie() || !str4.contains("?")) ? (this.authConfig().useCookie() || str4.contains("?")) ? str4 : new StringBuilder(6).append(str4).append("?hash=").append(sign).toString() : new StringBuilder(6).append(str4).append("&hash=").append(sign).toString();
        });
        String encryptState = authConfig().noWildcardRedirectURI() ? encryptState(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("hash"), Json$.MODULE$.toJsFieldJsValueWrapper(sign, Writes$.MODULE$.StringWrites()))})), env) : "";
        Some pkce = authConfig().pkce();
        if ((pkce instanceof Some) && ((PKCEConfig) pkce.value()).enabled()) {
            Tuple3<String, String, String> generatePKCECodes = generatePKCECodes(authConfig().pkce().map(pKCEConfig -> {
                return pKCEConfig.algorithm();
            }));
            if (generatePKCECodes == null) {
                throw new MatchError(generatePKCECodes);
            }
            Tuple3 tuple3 = new Tuple3((String) generatePKCECodes._1(), (String) generatePKCECodes._2(), (String) generatePKCECodes._3());
            String str5 = (String) tuple3._1();
            String str6 = (String) tuple3._2();
            String str7 = (String) tuple3._3();
            if (logger().isDebugEnabled(MarkerContext$.MODULE$.NoMarker())) {
                logger().debug(() -> {
                    return new StringBuilder(85).append("using pkce flow with code_verifier = ").append(str5).append(", code_challenge = ").append(str6).append(" and code_challenge_method = ").append(str7).toString();
                }, MarkerContext$.MODULE$.NoMarker());
            }
            tuple2 = new Tuple2(new StringBuilder(86).append(authConfig().loginUrl()).append("?scope=").append(scope).append("&").append(str).append("client_id=").append(clientId).append("&response_type=").append("code").append("&redirect_uri=").append(callbackUrl).append("&code_challenge=").append(str6).append("&code_challenge_method=").append(str7).toString(), new $colon.colon(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(new StringBuilder(14).append(authConfig().id()).append("-code_verifier").toString()), str5), Nil$.MODULE$));
        } else {
            if (logger().isDebugEnabled(MarkerContext$.MODULE$.NoMarker())) {
                logger().debug(() -> {
                    return "not using pkce flow";
                }, MarkerContext$.MODULE$.NoMarker());
            }
            tuple2 = new Tuple2(new StringBuilder(47).append(authConfig().loginUrl()).append("?scope=").append(scope).append("&").append(str).append("client_id=").append(clientId).append("&response_type=").append("code").append("&redirect_uri=").append(callbackUrl).toString(), Nil$.MODULE$);
        }
        Tuple2 tuple22 = tuple2;
        if (tuple22 == null) {
            throw new MatchError(tuple22);
        }
        Tuple2 tuple23 = new Tuple2((String) tuple22._1(), (Seq) tuple22._2());
        String str8 = (String) tuple23._1();
        return implicits$BetterSyntax$.MODULE$.asFuture$extension(implicits$.MODULE$.BetterSyntax(Results$.MODULE$.Redirect(authConfig().noWildcardRedirectURI() ? new StringBuilder(7).append(str8).append("&state=").append(encryptState).toString() : str8, Results$.MODULE$.Redirect$default$2(), Results$.MODULE$.Redirect$default$3()).addingToSession((Seq) ((Seq) tuple23._2()).$plus$plus(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("hash"), sign), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("bo-redirect-after-login"), queryString.getOrElse(() -> {
            return routes.BackOfficeController.dashboard().absoluteURL(env.exposedRootSchemeIsHttps(), requestHeader);
        }))})), Seq$.MODULE$.canBuildFrom()), requestHeader)));
    }

    @Override // otoroshi.auth.AuthModule
    public Future<Either<Result, Option<String>>> paLogout(RequestHeader requestHeader, Option<PrivateAppsUser> option, GlobalConfig globalConfig, ServiceDescriptor serviceDescriptor, ExecutionContext executionContext, Env env) {
        return implicits$BetterSyntax$.MODULE$.asFuture$extension(implicits$.MODULE$.BetterSyntax(Option$.MODULE$.apply(authConfig().logoutUrl()).filterNot(str -> {
            return BoxesRunTime.boxToBoolean(str.isEmpty());
        }).map(str2 -> {
            return str2.contains("?") ? package$.MODULE$.Right().apply(new Some(new StringBuilder(11).append(str2).append("&client_id=").append(this.authConfig().clientId()).toString())) : package$.MODULE$.Right().apply(new Some(new StringBuilder(11).append(str2).append("?client_id=").append(this.authConfig().clientId()).toString()));
        }).getOrElse(() -> {
            return package$.MODULE$.Right().apply(None$.MODULE$);
        })));
    }

    @Override // otoroshi.auth.AuthModule
    public Future<Either<Result, Option<String>>> boLogout(RequestHeader requestHeader, BackOfficeUser backOfficeUser, GlobalConfig globalConfig, ExecutionContext executionContext, Env env) {
        return implicits$BetterSyntax$.MODULE$.asFuture$extension(implicits$.MODULE$.BetterSyntax(Option$.MODULE$.apply(authConfig().logoutUrl()).filterNot(str -> {
            return BoxesRunTime.boxToBoolean(str.isEmpty());
        }).map(str2 -> {
            return str2.contains("?") ? package$.MODULE$.Right().apply(new Some(new StringBuilder(11).append(str2).append("&client_id=").append(this.authConfig().clientId()).toString())) : package$.MODULE$.Right().apply(new Some(new StringBuilder(11).append(str2).append("?client_id=").append(this.authConfig().clientId()).toString()));
        }).getOrElse(() -> {
            return package$.MODULE$.Right().apply(None$.MODULE$);
        })));
    }

    public Future<JsValue> getToken(String str, String str2, Option<String> option, String str3, GlobalConfig globalConfig, Option<String> option2, Env env, ExecutionContext executionContext) {
        Map $plus$plus;
        Future post;
        JsObject $plus$plus2;
        WSRequest withMaybeProxyServer$extension = Implicits$BetterStandaloneWSRequest$.MODULE$.withMaybeProxyServer$extension(Implicits$.MODULE$.BetterStandaloneWSRequest(env.MtlsWs().url(authConfig().tokenUrl(), authConfig().mtlsConfig())), authConfig().proxy().orElse(() -> {
            return globalConfig.proxies().auth();
        }));
        if (authConfig().useJson()) {
            JsObject $plus$plus3 = Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("code"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("grant_type"), Json$.MODULE$.toJsFieldJsValueWrapper("authorization_code", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_id"), Json$.MODULE$.toJsFieldJsValueWrapper(str2, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("redirect_uri"), Json$.MODULE$.toJsFieldJsValueWrapper(str3, Writes$.MODULE$.StringWrites()))})).$plus$plus((JsObject) option.map(str4 -> {
                return Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_secret"), Json$.MODULE$.toJsFieldJsValueWrapper(str4, Writes$.MODULE$.StringWrites()))}));
            }).getOrElse(() -> {
                return Json$.MODULE$.obj(Nil$.MODULE$);
            }));
            if (None$.MODULE$.equals(option2)) {
                $plus$plus2 = $plus$plus3;
            } else {
                if (!(option2 instanceof Some)) {
                    throw new MatchError(option2);
                }
                $plus$plus2 = $plus$plus3.$plus$plus(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("code_verifier"), Json$.MODULE$.toJsFieldJsValueWrapper(((String) ((Some) option2).value()).replace(new StringBuilder(1).append(authConfig().id()).append("-").toString(), ""), Writes$.MODULE$.StringWrites()))})));
            }
            post = withMaybeProxyServer$extension.post($plus$plus2, play.api.libs.ws.package$.MODULE$.writeableOf_JsValue());
        } else {
            Map $plus$plus4 = Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("code"), str), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("grant_type"), "authorization_code"), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_id"), str2), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("redirect_uri"), str3)})).$plus$plus((GenTraversableOnce) Option$.MODULE$.option2Iterable(option).toSeq().map(str5 -> {
                return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_secret"), str5);
            }, Seq$.MODULE$.canBuildFrom()));
            if (None$.MODULE$.equals(option2)) {
                $plus$plus = $plus$plus4;
            } else {
                if (!(option2 instanceof Some)) {
                    throw new MatchError(option2);
                }
                $plus$plus = $plus$plus4.$plus$plus(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("code_verifier"), ((String) ((Some) option2).value()).replace(new StringBuilder(1).append(authConfig().id()).append("-").toString(), ""))})));
            }
            post = withMaybeProxyServer$extension.post($plus$plus, DefaultBodyWritables$.MODULE$.writeableOf_urlEncodedSimpleForm());
        }
        return post.map(wSResponse -> {
            return wSResponse.json();
        }, executionContext);
    }

    public Option<String> getToken$default$6() {
        return None$.MODULE$;
    }

    public Future<JsValue> refreshTheToken(String str, String str2, Option<String> option, String str3, GlobalConfig globalConfig, Env env, ExecutionContext executionContext) {
        WSRequest withMaybeProxyServer$extension = Implicits$BetterStandaloneWSRequest$.MODULE$.withMaybeProxyServer$extension(Implicits$.MODULE$.BetterStandaloneWSRequest(env.MtlsWs().url(authConfig().tokenUrl(), authConfig().mtlsConfig())), authConfig().proxy().orElse(() -> {
            return globalConfig.proxies().auth();
        }));
        return (authConfig().useJson() ? withMaybeProxyServer$extension.post(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("refresh_token"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("grant_type"), Json$.MODULE$.toJsFieldJsValueWrapper("refresh_token", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_id"), Json$.MODULE$.toJsFieldJsValueWrapper(str2, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("redirect_uri"), Json$.MODULE$.toJsFieldJsValueWrapper(str3, Writes$.MODULE$.StringWrites()))})).$plus$plus((JsObject) option.map(str4 -> {
            return Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_secret"), Json$.MODULE$.toJsFieldJsValueWrapper(str4, Writes$.MODULE$.StringWrites()))}));
        }).getOrElse(() -> {
            return Json$.MODULE$.obj(Nil$.MODULE$);
        })), play.api.libs.ws.package$.MODULE$.writeableOf_JsValue()) : withMaybeProxyServer$extension.post(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("refresh_token"), str), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("grant_type"), "refresh_token"), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_id"), str2), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("redirect_uri"), str3)})).$plus$plus((GenTraversableOnce) Option$.MODULE$.option2Iterable(option).toSeq().map(str5 -> {
            return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_secret"), str5);
        }, Seq$.MODULE$.canBuildFrom())), DefaultBodyWritables$.MODULE$.writeableOf_urlEncodedSimpleForm())).map(wSResponse -> {
            return wSResponse.json();
        }, executionContext);
    }

    public Future<WSResponse> getUserInfoRaw(String str, GlobalConfig globalConfig, Env env, ExecutionContext executionContext) {
        WSRequest withMaybeProxyServer$extension = Implicits$BetterStandaloneWSRequest$.MODULE$.withMaybeProxyServer$extension(Implicits$.MODULE$.BetterStandaloneWSRequest(env.MtlsWs().url(authConfig().userInfoUrl(), authConfig().mtlsConfig())), authConfig().proxy().orElse(() -> {
            return globalConfig.proxies().auth();
        }));
        return authConfig().useJson() ? withMaybeProxyServer$extension.post(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("access_token"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites()))})), play.api.libs.ws.package$.MODULE$.writeableOf_JsValue()) : withMaybeProxyServer$extension.post(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("access_token"), str)})), DefaultBodyWritables$.MODULE$.writeableOf_urlEncodedSimpleForm());
    }

    /* JADX WARN: Removed duplicated region for block: B:8:0x00c8  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public otoroshi.models.UserRights extractOtoroshiRights(play.api.libs.json.JsValue r6, scala.Option<otoroshi.models.UserRights> r7) {
        /*
            Method dump skipped, instructions count: 288
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: otoroshi.auth.GenericOauth2Module.extractOtoroshiRights(play.api.libs.json.JsValue, scala.Option):otoroshi.models.UserRights");
    }

    public Future<JsValue> getUserInfo(String str, GlobalConfig globalConfig, Env env, ExecutionContext executionContext) {
        return getUserInfoRaw(str, globalConfig, env, executionContext).map(wSResponse -> {
            return wSResponse.json();
        }, executionContext);
    }

    public Future<JsValue> readProfileFromToken(String str, Env env, ExecutionContext executionContext) {
        AlgoSettings algoSettings = (AlgoSettings) authConfig().jwtVerifier().get();
        JsValue jsValue = (JsValue) Try$.MODULE$.apply(() -> {
            return Json$.MODULE$.parse(org.apache.commons.codec.binary.Base64.decodeBase64(str.split("\\.")[0]));
        }).getOrElse(() -> {
            return Json$.MODULE$.obj(Nil$.MODULE$);
        });
        JsValue jsValue2 = (JsValue) Try$.MODULE$.apply(() -> {
            return Json$.MODULE$.parse(org.apache.commons.codec.binary.Base64.decodeBase64(str.split("\\.")[1]));
        }).getOrElse(() -> {
            return Json$.MODULE$.obj(Nil$.MODULE$);
        });
        return algoSettings.asAlgorithmF(new InputMode((String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "alg").asOpt(Reads$.MODULE$.StringReads()).getOrElse(() -> {
            return "RS256";
        }), JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "kid").asOpt(Reads$.MODULE$.StringReads())), env, executionContext).flatMap(option -> {
            Future future;
            if (option instanceof Some) {
                Algorithm algorithm = (Algorithm) ((Some) option).value();
                future = (Future) Try$.MODULE$.apply(() -> {
                    return JWT.require(algorithm).acceptLeeway(10L).build().verify(str);
                }).map(decodedJWT -> {
                    return (Future) FastFuture$.MODULE$.successful().apply(jsValue2);
                }).recoverWith(new GenericOauth2Module$$anonfun$$nestedInanonfun$readProfileFromToken$6$1(null)).get();
            } else {
                if (!None$.MODULE$.equals(option)) {
                    throw new MatchError(option);
                }
                future = (Future) FastFuture$.MODULE$.failed().apply(new RuntimeException("Bad algorithm"));
            }
            return future;
        }, executionContext);
    }

    @Override // otoroshi.auth.AuthModule
    public Future<Either<String, PrivateAppsUser>> paCallback(Request<AnyContent> request, GlobalConfig globalConfig, ServiceDescriptor serviceDescriptor, ExecutionContext executionContext, Env env) {
        String sb;
        Future<Either<String, PrivateAppsUser>> map;
        Future<Either<String, PrivateAppsUser>> future;
        String clientId = authConfig().clientId();
        Option<String> filterNot = Option$.MODULE$.apply(authConfig().clientSecret()).map(str -> {
            return str.trim();
        }).filterNot(str2 -> {
            return BoxesRunTime.boxToBoolean(str2.isEmpty());
        });
        if (authConfig().noWildcardRedirectURI()) {
            sb = authConfig().callbackUrl();
        } else {
            sb = new StringBuilder(0).append(authConfig().callbackUrl()).append((Object) (authConfig().useCookie() ? "" : new StringBuilder(6).append("?desc=").append(serviceDescriptor.id()).toString())).toString();
        }
        String str3 = sb;
        Some queryString = request.getQueryString("error");
        if (queryString instanceof Some) {
            future = implicits$BetterSyntax$.MODULE$.asFuture$extension(implicits$.MODULE$.BetterSyntax(package$.MODULE$.Left().apply((String) queryString.value())));
        } else {
            if (!None$.MODULE$.equals(queryString)) {
                throw new MatchError(queryString);
            }
            Some queryString2 = request.getQueryString("code");
            if (None$.MODULE$.equals(queryString2)) {
                map = implicits$BetterSyntax$.MODULE$.asFuture$extension(implicits$.MODULE$.BetterSyntax(package$.MODULE$.Left().apply("No code :(")));
            } else {
                if (!(queryString2 instanceof Some)) {
                    throw new MatchError(queryString2);
                }
                map = getToken((String) queryString2.value(), clientId, filterNot, str3, globalConfig, request.session().get(new StringBuilder(14).append(authConfig().id()).append("-code_verifier").toString()), env, executionContext).flatMap(jsValue -> {
                    String str4 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), this.authConfig().accessTokenField()).as(Reads$.MODULE$.StringReads());
                    return ((this.authConfig().readProfileFromToken() && this.authConfig().jwtVerifier().isDefined()) ? this.readProfileFromToken(str4, env, executionContext) : this.getUserInfo(str4, globalConfig, env, executionContext)).map(jsValue -> {
                        return new Tuple2(jsValue, jsValue);
                    }, executionContext);
                }, executionContext).map(tuple2 -> {
                    if (tuple2 == null) {
                        throw new MatchError(tuple2);
                    }
                    Tuple2 tuple2 = new Tuple2((JsValue) tuple2._1(), (JsValue) tuple2._2());
                    JsValue jsValue2 = (JsValue) tuple2._1();
                    JsValue jsValue3 = (JsValue) tuple2._2();
                    Option map2 = PrivateAppsUser$.MODULE$.select(jsValue2, this.authConfig().otoroshiDataField()).asOpt(Reads$.MODULE$.StringReads()).map(str4 -> {
                        return Json$.MODULE$.parse(str4);
                    }).orElse(() -> {
                        return Option$.MODULE$.apply(PrivateAppsUser$.MODULE$.select(jsValue2, this.authConfig().otoroshiDataField()));
                    }).map(jsValue4 -> {
                        return (JsObject) jsValue4.asOpt(Reads$.MODULE$.JsObjectReads()).getOrElse(() -> {
                            return Json$.MODULE$.obj(Nil$.MODULE$);
                        });
                    });
                    String str5 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue2), this.authConfig().emailField()).asOpt(Reads$.MODULE$.StringReads()).getOrElse(() -> {
                        return "no.name@oto.tools";
                    });
                    String str6 = IdGenerator$.MODULE$.token(64);
                    String str7 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue2), this.authConfig().nameField()).asOpt(Reads$.MODULE$.StringReads()).orElse(() -> {
                        return JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue2), "sub").asOpt(Reads$.MODULE$.StringReads());
                    }).getOrElse(() -> {
                        return "No Name";
                    });
                    String id = this.authConfig().id();
                    return new PrivateAppsUser(str6, str7, str5, jsValue2, jsValue3, this.authConfig().cookieSuffix(serviceDescriptor), id, this.authConfig().dataOverride().get(str5).map(jsObject -> {
                        return this.authConfig().extraMetadata().deepMerge(jsObject);
                    }).orElse(() -> {
                        return new Some(this.authConfig().extraMetadata().deepMerge((JsObject) map2.getOrElse(() -> {
                            return Json$.MODULE$.obj(Nil$.MODULE$);
                        })));
                    }), PrivateAppsUser$.MODULE$.apply$default$9(), PrivateAppsUser$.MODULE$.apply$default$10(), PrivateAppsUser$.MODULE$.apply$default$11(), this.authConfig().theTags(), this.authConfig().metadata(), this.authConfig().location()).validate(this.authConfig().userValidators());
                }, executionContext);
            }
            future = map;
        }
        return future;
    }

    @Override // otoroshi.auth.AuthModule
    public Future<Either<String, BackOfficeUser>> boCallback(Request<AnyContent> request, GlobalConfig globalConfig, ExecutionContext executionContext, Env env) {
        Future<Either<String, BackOfficeUser>> map;
        Future<Either<String, BackOfficeUser>> future;
        String clientId = authConfig().clientId();
        Option<String> filterNot = Option$.MODULE$.apply(authConfig().clientSecret()).map(str -> {
            return str.trim();
        }).filterNot(str2 -> {
            return BoxesRunTime.boxToBoolean(str2.isEmpty());
        });
        String sign = env.sign(new StringBuilder(13).append(authConfig().id()).append(":::backoffice").toString());
        String callbackUrl = authConfig().noWildcardRedirectURI() ? authConfig().callbackUrl() : (String) implicits$BetterSyntax$.MODULE$.applyOn$extension(implicits$.MODULE$.BetterSyntax(authConfig().callbackUrl()), str3 -> {
            return (this.authConfig().useCookie() || !str3.contains("?")) ? (this.authConfig().useCookie() || str3.contains("?")) ? str3 : new StringBuilder(6).append(str3).append("?hash=").append(sign).toString() : new StringBuilder(6).append(str3).append("&hash=").append(sign).toString();
        });
        Some queryString = request.getQueryString("error");
        if (queryString instanceof Some) {
            future = implicits$BetterSyntax$.MODULE$.asFuture$extension(implicits$.MODULE$.BetterSyntax(package$.MODULE$.Left().apply((String) queryString.value())));
        } else {
            if (!None$.MODULE$.equals(queryString)) {
                throw new MatchError(queryString);
            }
            Some queryString2 = request.getQueryString("code");
            if (None$.MODULE$.equals(queryString2)) {
                map = implicits$BetterSyntax$.MODULE$.asFuture$extension(implicits$.MODULE$.BetterSyntax(package$.MODULE$.Left().apply("No code :(")));
            } else {
                if (!(queryString2 instanceof Some)) {
                    throw new MatchError(queryString2);
                }
                map = getToken((String) queryString2.value(), clientId, filterNot, callbackUrl, globalConfig, request.session().get(new StringBuilder(14).append(authConfig().id()).append("-code_verifier").toString()), env, executionContext).flatMap(jsValue -> {
                    String str4 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), this.authConfig().accessTokenField()).as(Reads$.MODULE$.StringReads());
                    return ((this.authConfig().readProfileFromToken() && this.authConfig().jwtVerifier().isDefined()) ? this.readProfileFromToken(str4, env, executionContext) : this.getUserInfo(str4, globalConfig, env, executionContext)).map(jsValue -> {
                        return new Tuple2(jsValue, jsValue);
                    }, executionContext);
                }, executionContext).map(tuple2 -> {
                    if (tuple2 == null) {
                        throw new MatchError(tuple2);
                    }
                    Tuple2 tuple2 = new Tuple2((JsValue) tuple2._1(), (JsValue) tuple2._2());
                    JsValue jsValue2 = (JsValue) tuple2._1();
                    String str4 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue2), this.authConfig().emailField()).asOpt(Reads$.MODULE$.StringReads()).getOrElse(() -> {
                        return "no.name@oto.tools";
                    });
                    return new BackOfficeUser(IdGenerator$.MODULE$.token(64), (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue2), this.authConfig().nameField()).asOpt(Reads$.MODULE$.StringReads()).orElse(() -> {
                        return JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue2), "sub").asOpt(Reads$.MODULE$.StringReads());
                    }).getOrElse(() -> {
                        return "No Name";
                    }), str4, jsValue2, BackOfficeUser$.MODULE$.apply$default$5(), this.authConfig().id(), false, BackOfficeUser$.MODULE$.apply$default$8(), BackOfficeUser$.MODULE$.apply$default$9(), BackOfficeUser$.MODULE$.apply$default$10(), Nil$.MODULE$, Predef$.MODULE$.Map().empty(), this.authConfig().superAdmins() ? UserRights$.MODULE$.superAdmin() : (UserRights) this.authConfig().rightsOverride().getOrElse(str4, () -> {
                        return this.extractOtoroshiRights(jsValue2, implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax(new UserRights(new $colon.colon(new UserRight(TenantAccess$.MODULE$.apply(this.authConfig().location().tenant().value()), (Seq) this.authConfig().location().teams().map(teamId -> {
                            return TeamAccess$.MODULE$.apply(teamId.value());
                        }, Seq$.MODULE$.canBuildFrom())), Nil$.MODULE$)))));
                    }), this.authConfig().location()).validate(this.authConfig().userValidators());
                }, executionContext);
            }
            future = map;
        }
        return future;
    }

    private Future<BoxedUnit> isAccessTokenAValidJwtToken(String str, Function1<Option<Object>, Future<BoxedUnit>> function1, ExecutionContext executionContext, Env env) {
        Future<BoxedUnit> flatMap;
        Success apply = Try$.MODULE$.apply(() -> {
            AlgoSettings algoSettings = (AlgoSettings) this.authConfig().jwtVerifier().get();
            JsValue jsValue = (JsValue) Try$.MODULE$.apply(() -> {
                return Json$.MODULE$.parse(org.apache.commons.codec.binary.Base64.decodeBase64(str.split("\\.")[0]));
            }).getOrElse(() -> {
                return Json$.MODULE$.obj(Nil$.MODULE$);
            });
            return algoSettings.asAlgorithmF(new InputMode((String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "alg").asOpt(Reads$.MODULE$.StringReads()).getOrElse(() -> {
                return "RS256";
            }), JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "kid").asOpt(Reads$.MODULE$.StringReads())), env, executionContext).map(option -> {
                Some some;
                Some some2;
                if (option instanceof Some) {
                    Algorithm algorithm = (Algorithm) ((Some) option).value();
                    Success map = Try$.MODULE$.apply(() -> {
                        return JWT.require(algorithm).acceptLeeway(10L).build().verify(str);
                    }).map(decodedJWT -> {
                        return new Some(BoxesRunTime.boxToBoolean(true));
                    });
                    if (map instanceof Failure) {
                        some2 = new Some(BoxesRunTime.boxToBoolean(false));
                    } else {
                        if (!(map instanceof Success)) {
                            throw new MatchError(map);
                        }
                        some2 = (Some) map.value();
                    }
                    some = some2;
                } else {
                    if (!None$.MODULE$.equals(option)) {
                        throw new MatchError(option);
                    }
                    some = new Some(BoxesRunTime.boxToBoolean(false));
                }
                return some;
            }, executionContext);
        });
        if (apply instanceof Failure) {
            flatMap = (Future) function1.apply(None$.MODULE$);
        } else {
            if (!(apply instanceof Success)) {
                throw new MatchError(apply);
            }
            flatMap = ((Future) apply.value()).flatMap(some -> {
                return (Future) function1.apply(some);
            }, executionContext);
        }
        return flatMap;
    }

    private Future<BoxedUnit> renewToken(String str, RefreshableUser refreshableUser, ExecutionContext executionContext, Env env) {
        return refreshTheToken(str, authConfig().clientId(), Option$.MODULE$.apply(authConfig().clientSecret()).map(str2 -> {
            return str2.trim();
        }).filterNot(str3 -> {
            return BoxesRunTime.boxToBoolean(str3.isEmpty());
        }), authConfig().callbackUrl(), env.datastores().globalConfigDataStore().latest(executionContext, env), env, executionContext).map(jsValue -> {
            $anonfun$renewToken$3(str, refreshableUser, executionContext, env, jsValue);
            return BoxedUnit.UNIT;
        }, executionContext);
    }

    public Future<BoxedUnit> handleTokenRefresh(OAuth2ModuleConfig oAuth2ModuleConfig, RefreshableUser refreshableUser, Env env, ExecutionContext executionContext) {
        Future<BoxedUnit> future;
        Future<BoxedUnit> future2;
        if (!oAuth2ModuleConfig.refreshTokens()) {
            return (Future) FastFuture$.MODULE$.successful().apply(BoxedUnit.UNIT);
        }
        Some asOpt = JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(refreshableUser.token()), "refresh_token").asOpt(Reads$.MODULE$.StringReads());
        if (asOpt instanceof Some) {
            String str = (String) asOpt.value();
            if (refreshableUser.lastRefresh().plusMinutes(10).isBefore(DateTime.now())) {
                Some asOpt2 = JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(refreshableUser.token()), oAuth2ModuleConfig.accessTokenField()).asOpt(Reads$.MODULE$.StringReads());
                if (asOpt2 instanceof Some) {
                    String str2 = (String) asOpt2.value();
                    future2 = isAccessTokenAValidJwtToken(str2, option -> {
                        Future<BoxedUnit> renewToken;
                        boolean z = false;
                        Some some = null;
                        if (option instanceof Some) {
                            z = true;
                            some = (Some) option;
                            if (true == BoxesRunTime.unboxToBoolean(some.value())) {
                                renewToken = (Future) FastFuture$.MODULE$.successful().apply(BoxedUnit.UNIT);
                                return renewToken;
                            }
                        }
                        renewToken = (z && false == BoxesRunTime.unboxToBoolean(some.value())) ? this.renewToken(str, refreshableUser, executionContext, env) : this.getUserInfoRaw(str2, env.datastores().globalConfigDataStore().latest(executionContext, env), env, executionContext).flatMap(wSResponse -> {
                            return wSResponse.status() != 200 ? this.renewToken(str, refreshableUser, executionContext, env) : (Future) FastFuture$.MODULE$.successful().apply(BoxedUnit.UNIT);
                        }, executionContext);
                        return renewToken;
                    }, executionContext, env);
                } else {
                    if (!None$.MODULE$.equals(asOpt2)) {
                        throw new MatchError(asOpt2);
                    }
                    future2 = (Future) FastFuture$.MODULE$.successful().apply(BoxedUnit.UNIT);
                }
                future = future2;
                return future;
            }
        }
        future = (Future) FastFuture$.MODULE$.successful().apply(BoxedUnit.UNIT);
        return future;
    }

    public GenericOauth2Module copy(OAuth2ModuleConfig oAuth2ModuleConfig) {
        return new GenericOauth2Module(oAuth2ModuleConfig);
    }

    public OAuth2ModuleConfig copy$default$1() {
        return authConfig();
    }

    public String productPrefix() {
        return "GenericOauth2Module";
    }

    public int productArity() {
        return 1;
    }

    public Object productElement(int i) {
        switch (i) {
            case 0:
                return authConfig();
            default:
                throw new IndexOutOfBoundsException(Integer.toString(i));
        }
    }

    public Iterator<Object> productIterator() {
        return ScalaRunTime$.MODULE$.typedProductIterator(this);
    }

    public boolean canEqual(Object obj) {
        return obj instanceof GenericOauth2Module;
    }

    public int hashCode() {
        return ScalaRunTime$.MODULE$._hashCode(this);
    }

    public String toString() {
        return ScalaRunTime$.MODULE$._toString(this);
    }

    public boolean equals(Object obj) {
        boolean z;
        if (this != obj) {
            if (obj instanceof GenericOauth2Module) {
                GenericOauth2Module genericOauth2Module = (GenericOauth2Module) obj;
                OAuth2ModuleConfig authConfig = authConfig();
                OAuth2ModuleConfig authConfig2 = genericOauth2Module.authConfig();
                if (authConfig != null ? authConfig.equals(authConfig2) : authConfig2 == null) {
                    if (genericOauth2Module.canEqual(this)) {
                        z = true;
                        if (!z) {
                        }
                    }
                }
                z = false;
                if (!z) {
                }
            }
            return false;
        }
        return true;
    }

    private static final Seq merge$1(Seq seq) {
        return (Seq) ((TraversableOnce) seq.groupBy(teamAccess -> {
            return teamAccess.value();
        }).map(tuple2 -> {
            if (tuple2 == null) {
                throw new MatchError(tuple2);
            }
            String str = (String) tuple2._1();
            Seq seq2 = (Seq) tuple2._2();
            return seq2.exists(teamAccess2 -> {
                return BoxesRunTime.boxToBoolean(teamAccess2.canReadWrite());
            }) ? TeamAccess$.MODULE$.apply(str, true, true) : seq2.exists(teamAccess3 -> {
                return BoxesRunTime.boxToBoolean(teamAccess3.canWrite());
            }) ? TeamAccess$.MODULE$.apply(str, false, true) : TeamAccess$.MODULE$.apply(str, true, false);
        }, Iterable$.MODULE$.canBuildFrom())).toSeq().distinct();
    }

    public static final /* synthetic */ boolean $anonfun$extractOtoroshiRights$9(UserRight userRight) {
        return userRight.tenant().canReadWrite();
    }

    public static final /* synthetic */ boolean $anonfun$extractOtoroshiRights$11(UserRight userRight) {
        return userRight.tenant().canWrite();
    }

    public static final /* synthetic */ void $anonfun$renewToken$3(String str, RefreshableUser refreshableUser, ExecutionContext executionContext, Env env, JsValue jsValue) {
        refreshableUser.updateToken(((JsObject) jsValue.as(Reads$.MODULE$.JsObjectReads())).$plus$plus(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("refresh_token"), Json$.MODULE$.toJsFieldJsValueWrapper((String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "refresh_token").asOpt(Reads$.MODULE$.StringReads()).getOrElse(() -> {
            return str;
        }), Writes$.MODULE$.StringWrites()))}))), executionContext, env);
    }

    public GenericOauth2Module(OAuth2ModuleConfig oAuth2ModuleConfig) {
        this.authConfig = oAuth2ModuleConfig;
        Product.$init$(this);
    }
}
