package otoroshi.plugins.hmac;

import akka.actor.ActorRef;
import akka.http.scaladsl.util.FastFuture$;
import java.util.Base64;
import java.util.concurrent.atomic.AtomicReference;
import otoroshi.env.Env;
import otoroshi.events.OtoroshiEvent;
import otoroshi.script.Access;
import otoroshi.script.AccessContext;
import otoroshi.script.AccessValidator;
import otoroshi.script.NamedPlugin;
import otoroshi.script.PluginType;
import otoroshi.utils.crypto.Signatures$;
import otoroshi.utils.syntax.implicits$;
import otoroshi.utils.syntax.implicits$BetterSyntax$;
import play.api.Logger;
import play.api.Logger$;
import play.api.MarkerContext$;
import play.api.libs.json.JsObject;
import play.api.libs.json.JsObject$;
import play.api.libs.json.JsValue;
import play.api.libs.json.Json$;
import play.api.libs.json.Writes$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.TraversableLike;
import scala.collection.TraversableOnce;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.StringOps;
import scala.collection.mutable.ArrayOps;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: hmac.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005%a\u0001B\u0007\u000f\u0001UAQA\t\u0001\u0005\u0002\rBqA\n\u0001C\u0002\u0013%q\u0005\u0003\u00041\u0001\u0001\u0006I\u0001\u000b\u0005\u0006c\u0001!\tE\r\u0005\u0006}\u0001!\te\u0010\u0005\u0006\u0013\u0002!\tE\u0013\u0005\u0006-\u0002!\te\u0016\u0005\u00067\u0002!\t\u0005\u0018\u0005\u0006=\u0002!\te\u0016\u0005\u0006?\u0002!I\u0001\u0019\u0005\u0006g\u0002!\t\u0005\u001e\u0005\u0007\u0003\u000f\u0001A\u0011I,\u0003\u001b!k\u0015i\u0011,bY&$\u0017\r^8s\u0015\ty\u0001#\u0001\u0003i[\u0006\u001c'BA\t\u0013\u0003\u001d\u0001H.^4j]NT\u0011aE\u0001\t_R|'o\\:iS\u000e\u00011c\u0001\u0001\u00179A\u0011qCG\u0007\u00021)\t\u0011$A\u0003tG\u0006d\u0017-\u0003\u0002\u001c1\t1\u0011I\\=SK\u001a\u0004\"!\b\u0011\u000e\u0003yQ!a\b\n\u0002\rM\u001c'/\u001b9u\u0013\t\tcDA\bBG\u000e,7o\u001d,bY&$\u0017\r^8s\u0003\u0019a\u0014N\\5u}Q\tA\u0005\u0005\u0002&\u00015\ta\"\u0001\u0004m_\u001e<WM]\u000b\u0002QA\u0011\u0011FL\u0007\u0002U)\u00111\u0006L\u0001\u0004CBL'\"A\u0017\u0002\tAd\u0017-_\u0005\u0003_)\u0012a\u0001T8hO\u0016\u0014\u0018a\u00027pO\u001e,'\u000fI\u0001\u0005]\u0006lW-F\u00014!\t!4H\u0004\u00026sA\u0011a\u0007G\u0007\u0002o)\u0011\u0001\bF\u0001\u0007yI|w\u000e\u001e \n\u0005iB\u0012A\u0002)sK\u0012,g-\u0003\u0002={\t11\u000b\u001e:j]\u001eT!A\u000f\r\u0002\u0015\r|gNZ5h\r2|w/F\u0001A!\r\tei\r\b\u0003\u0005\u0012s!AN\"\n\u0003eI!!\u0012\r\u0002\u000fA\f7m[1hK&\u0011q\t\u0013\u0002\u0004'\u0016\f(BA#\u0019\u00031\u0019wN\u001c4jON\u001b\u0007.Z7b+\u0005Y\u0005cA\fM\u001d&\u0011Q\n\u0007\u0002\u0005'>lW\r\u0005\u0002P)6\t\u0001K\u0003\u0002R%\u0006!!n]8o\u0015\t\u0019&&\u0001\u0003mS\n\u001c\u0018BA+Q\u0005!Q5o\u00142kK\u000e$\u0018a\u00033fg\u000e\u0014\u0018\u000e\u001d;j_:,\u0012\u0001\u0017\t\u0004/e\u001b\u0014B\u0001.\u0019\u0005\u0019y\u0005\u000f^5p]\u0006iA-\u001a4bk2$8i\u001c8gS\u001e,\u0012!\u0018\t\u0004/es\u0015AC2p]\u001aLwMU8pi\u0006\u00112\r[3dW\"k\u0015iQ*jO:\fG/\u001e:f)\u0011\t'\u000e\\9\u0011\u0007\t,w-D\u0001d\u0015\t!\u0007$\u0001\u0006d_:\u001cWO\u001d:f]RL!AZ2\u0003\r\u0019+H/\u001e:f!\t9\u0002.\u0003\u0002j1\t9!i\\8mK\u0006t\u0007\"B6\u000b\u0001\u0004\u0019\u0014!D1vi\"|'/\u001b>bi&|g\u000eC\u0003n\u0015\u0001\u0007a.A\u0004d_:$X\r\u001f;\u0011\u0005uy\u0017B\u00019\u001f\u00055\t5mY3tg\u000e{g\u000e^3yi\")!O\u0003a\u0001g\u000511/Z2sKR\f\u0011bY1o\u0003\u000e\u001cWm]:\u0015\u0007U\f)\u0001F\u0002bmvDQa^\u0006A\u0004a\f1!\u001a8w!\tI80D\u0001{\u0015\t9(#\u0003\u0002}u\n\u0019QI\u001c<\t\u000by\\\u00019A@\u0002\u0005\u0015\u001c\u0007c\u00012\u0002\u0002%\u0019\u00111A2\u0003!\u0015CXmY;uS>t7i\u001c8uKb$\b\"B7\f\u0001\u0004q\u0017!\u00043pGVlWM\u001c;bi&|g\u000e")
/* loaded from: input_file:otoroshi/plugins/hmac/HMACValidator.class */
public class HMACValidator implements AccessValidator {
    private final Logger logger;
    private final AtomicReference<ActorRef> otoroshi$script$InternalEventListener$$ref;
    private final Future<BoxedUnit> funit;

    @Override // otoroshi.script.AccessValidator, otoroshi.script.NamedPlugin
    public PluginType pluginType() {
        PluginType pluginType;
        pluginType = pluginType();
        return pluginType;
    }

    @Override // otoroshi.script.AccessValidator
    public Future<Access> access(AccessContext accessContext, Env env, ExecutionContext executionContext) {
        Future<Access> access;
        access = access(accessContext, env, executionContext);
        return access;
    }

    @Override // otoroshi.script.InternalEventListener
    public boolean listening() {
        boolean listening;
        listening = listening();
        return listening;
    }

    @Override // otoroshi.script.InternalEventListener
    public void onEvent(OtoroshiEvent otoroshiEvent, Env env) {
        onEvent(otoroshiEvent, env);
    }

    @Override // otoroshi.script.InternalEventListener
    public void startEvent(String str, Env env) {
        startEvent(str, env);
    }

    @Override // otoroshi.script.InternalEventListener
    public void stopEvent(Env env) {
        stopEvent(env);
    }

    @Override // otoroshi.script.NamedPlugin
    public boolean deprecated() {
        boolean deprecated;
        deprecated = deprecated();
        return deprecated;
    }

    @Override // otoroshi.script.NamedPlugin
    public boolean core() {
        boolean core;
        core = core();
        return core;
    }

    @Override // otoroshi.script.NamedPlugin
    public String internalName() {
        String internalName;
        internalName = internalName();
        return internalName;
    }

    @Override // otoroshi.script.NamedPlugin
    public JsObject jsonDescription() {
        JsObject jsonDescription;
        jsonDescription = jsonDescription();
        return jsonDescription;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> startWithPluginId(String str, Env env) {
        Future<BoxedUnit> startWithPluginId;
        startWithPluginId = startWithPluginId(str, env);
        return startWithPluginId;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> start(Env env) {
        Future<BoxedUnit> start;
        start = start(env);
        return start;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> stop(Env env) {
        Future<BoxedUnit> stop;
        stop = stop(env);
        return stop;
    }

    @Override // otoroshi.script.InternalEventListener
    public AtomicReference<ActorRef> otoroshi$script$InternalEventListener$$ref() {
        return this.otoroshi$script$InternalEventListener$$ref;
    }

    @Override // otoroshi.script.InternalEventListener
    public final void otoroshi$script$InternalEventListener$_setter_$otoroshi$script$InternalEventListener$$ref_$eq(AtomicReference<ActorRef> atomicReference) {
        this.otoroshi$script$InternalEventListener$$ref = atomicReference;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> funit() {
        return this.funit;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public void otoroshi$script$StartableAndStoppable$_setter_$funit_$eq(Future<BoxedUnit> future) {
        this.funit = future;
    }

    private Logger logger() {
        return this.logger;
    }

    @Override // otoroshi.script.NamedPlugin
    public String name() {
        return "HMAC access validator";
    }

    @Override // otoroshi.script.NamedPlugin
    public Seq<String> configFlow() {
        return new $colon.colon<>("secret", Nil$.MODULE$);
    }

    @Override // otoroshi.script.NamedPlugin
    /* renamed from: configSchema, reason: merged with bridge method [inline-methods] */
    public Some<JsObject> mo567configSchema() {
        return new Some<>(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("secret"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("type"), Json$.MODULE$.toJsFieldJsValueWrapper("string", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("props"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("label"), Json$.MODULE$.toJsFieldJsValueWrapper("[Optional] Secret to sign and verify signed content of headers", Writes$.MODULE$.StringWrites()))})), JsObject$.MODULE$.writes()))})), JsObject$.MODULE$.writes()))})));
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> description() {
        return new Some(new StringOps(Predef$.MODULE$.augmentString(new StringBuilder(159).append("This plugin can be used to check if a HMAC signature is present and valid in Authorization header.\n         |\n         |```json\n         |").append(Json$.MODULE$.prettyPrint((JsValue) defaultConfig().get())).append("\n         |```\n      ").toString())).stripMargin());
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<JsObject> defaultConfig() {
        return new Some(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("HMACAccessValidator"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("secret"), Json$.MODULE$.toJsFieldJsValueWrapper("", Writes$.MODULE$.StringWrites()))})), JsObject$.MODULE$.writes()))})));
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> configRoot() {
        return implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax("HMACAccessValidator"));
    }

    private Future<Object> checkHMACSignature(String str, AccessContext accessContext, String str2) {
        Map map = ((TraversableOnce) ((TraversableLike) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(str.replace("hmac ", "").replace("\"", "").trim().split(","))).toSeq().map(str3 -> {
            return str3.split("=", 2);
        }, Seq$.MODULE$.canBuildFrom())).map(strArr -> {
            return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(strArr[0].trim()), strArr[1].trim());
        }, Seq$.MODULE$.canBuildFrom())).toMap(Predef$.MODULE$.$conforms());
        String str4 = (String) map.getOrElse("algorithm", () -> {
            return "HMAC-SHA256";
        });
        String str5 = (String) map.apply("signature");
        Seq seq = (Seq) map.get("headers").map(str6 -> {
            return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(str6.split(" "))).toSeq();
        }).getOrElse(() -> {
            return Nil$.MODULE$;
        });
        Seq seq2 = (Seq) ((TraversableLike) accessContext.request().headers().headers().filter(tuple2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$checkHMACSignature$6(seq, tuple2));
        })).map(tuple22 -> {
            return (String) tuple22._2();
        }, Seq$.MODULE$.canBuildFrom());
        String mkString = seq2.mkString(" ");
        logger().debug(() -> {
            return new StringBuilder(14).append("Secret used : ").append(str2).toString();
        }, MarkerContext$.MODULE$.NoMarker());
        logger().debug(() -> {
            return new StringBuilder(22).append("Signature generated : ").append(Base64.getEncoder().encodeToString(Signatures$.MODULE$.hmac((String) HMACUtils$.MODULE$.Algo().apply(str4.toUpperCase()), mkString, str2))).toString();
        }, MarkerContext$.MODULE$.NoMarker());
        logger().debug(() -> {
            return new StringBuilder(21).append("Signature received : ").append(str5).toString();
        }, MarkerContext$.MODULE$.NoMarker());
        logger().debug(() -> {
            return new StringBuilder(17).append("Algorithm used : ").append(str4).toString();
        }, MarkerContext$.MODULE$.NoMarker());
        if (seq2.size() != seq.size()) {
            return (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(false));
        }
        String encodeToString = Base64.getEncoder().encodeToString(Signatures$.MODULE$.hmac((String) HMACUtils$.MODULE$.Algo().apply(str4.toUpperCase()), mkString, str2));
        return (encodeToString != null ? !encodeToString.equals(str5) : str5 != null) ? (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(false)) : (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(true));
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x00bb  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x008f  */
    @Override // otoroshi.script.AccessValidator
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public scala.concurrent.Future<java.lang.Object> canAccess(otoroshi.script.AccessContext r7, otoroshi.env.Env r8, scala.concurrent.ExecutionContext r9) {
        /*
            Method dump skipped, instructions count: 498
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: otoroshi.plugins.hmac.HMACValidator.canAccess(otoroshi.script.AccessContext, otoroshi.env.Env, scala.concurrent.ExecutionContext):scala.concurrent.Future");
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> documentation() {
        return new Some(new StringOps(Predef$.MODULE$.augmentString("\n     | The HMAC signature needs to be set on the `Authorization` or `Proxy-Authorization` header.\n     | The format of this header should be : `hmac algorithm=\"<ALGORITHM>\", headers=\"<HEADER>\", signature=\"<SIGNATURE>\"`\n     | As example, a simple nodeJS call with the expected header\n     | ```js\n     | const crypto = require('crypto');\n     | const fetch = require('node-fetch');\n     |\n     | const date = new Date()\n     | const secret = \"my-secret\" // equal to the api key secret by default\n     |\n     | const algo = \"sha512\"\n     | const signature = crypto.createHmac(algo, secret)\n     |    .update(date.getTime().toString())\n     |    .digest('base64');\n     |\n     | fetch('http://myservice.oto.tools:9999/api/test', {\n     |    headers: {\n     |        \"Otoroshi-Client-Id\": \"my-id\",\n     |        \"Otoroshi-Client-Secret\": \"my-secret\",\n     |        \"Date\": date.getTime().toString(),\n     |        \"Authorization\": `hmac algorithm=\"hmac-${algo}\", headers=\"Date\", signature=\"${signature}\"`,\n     |        \"Accept\": \"application/json\"\n     |    }\n     | })\n     |    .then(r => r.json())\n     |    .then(console.log)\n     | ```\n     | In this example, we have an Otoroshi service deployed on http://myservice.oto.tools:9999/api/test, protected by api keys.\n     | The secret used is the secret of the api key (by default, but you can change it and define a secret on the plugin configuration).\n     | We send the base64 encoded date of the day, signed by the secret, in the Authorization header. We specify the headers signed and the type of algorithm used.\n     | You can sign more than one header but you have to list them in the headers fields (each one separate by a space, example : headers=\"Date KeyId\").\n     | The algorithm used can be HMAC-SHA1, HMAC-SHA256, HMAC-SHA384 or HMAC-SHA512.\n     |")).stripMargin());
    }

    public static final /* synthetic */ boolean $anonfun$checkHMACSignature$6(Seq seq, Tuple2 tuple2) {
        return seq.contains(tuple2._1());
    }

    public HMACValidator() {
        otoroshi$script$StartableAndStoppable$_setter_$funit_$eq((Future) FastFuture$.MODULE$.successful().apply(BoxedUnit.UNIT));
        NamedPlugin.$init$(this);
        otoroshi$script$InternalEventListener$_setter_$otoroshi$script$InternalEventListener$$ref_$eq(new AtomicReference<>());
        AccessValidator.$init$((AccessValidator) this);
        this.logger = Logger$.MODULE$.apply("otoroshi-plugins-hmac-access-validator-plugin");
    }
}
