package otoroshi.plugins.biscuit;

import akka.actor.ActorRef;
import akka.http.scaladsl.util.FastFuture$;
import biscuit.format.schema.Schema;
import com.clevercloud.biscuit.crypto.PublicKey;
import com.clevercloud.biscuit.error.Error;
import com.clevercloud.biscuit.token.Biscuit;
import java.util.concurrent.atomic.AtomicReference;
import otoroshi.env.Env;
import otoroshi.events.OtoroshiEvent;
import otoroshi.next.plugins.api.NgPluginCategory;
import otoroshi.next.plugins.api.NgPluginCategory$AccessControl$;
import otoroshi.next.plugins.api.NgPluginVisibility;
import otoroshi.next.plugins.api.NgPluginVisibility$NgUserLand$;
import otoroshi.next.plugins.api.NgStep;
import otoroshi.next.plugins.api.NgStep$ValidateAccess$;
import otoroshi.script.Access;
import otoroshi.script.AccessContext;
import otoroshi.script.AccessValidator;
import otoroshi.script.NamedPlugin;
import otoroshi.script.PluginType;
import otoroshi.utils.syntax.implicits$;
import otoroshi.utils.syntax.implicits$BetterJsValue$;
import otoroshi.utils.syntax.implicits$BetterSyntax$;
import play.api.libs.json.JsObject;
import play.api.libs.json.JsValue;
import scala.MatchError;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.collection.Seq;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.StringOps;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.util.Either;
import scala.util.Left;
import scala.util.Right;
import scala.util.Try$;

/* compiled from: biscuit.scala */
@ScalaSignature(bytes = "\u0006\u0001y4A!\u0003\u0006\u0001#!)a\u0004\u0001C\u0001?!)!\u0005\u0001C!G!)q\u0006\u0001C!a!)\u0001\t\u0001C!\u0003\")1\t\u0001C\u0001\t\")Q\n\u0001C\u0001\u001d\")1\f\u0001C\u00019\")\u0011\r\u0001C!E\n\u0001\")[:dk&$h+\u00197jI\u0006$xN\u001d\u0006\u0003\u00171\tqAY5tGVLGO\u0003\u0002\u000e\u001d\u00059\u0001\u000f\\;hS:\u001c(\"A\b\u0002\u0011=$xN]8tQ&\u001c\u0001aE\u0002\u0001%a\u0001\"a\u0005\f\u000e\u0003QQ\u0011!F\u0001\u0006g\u000e\fG.Y\u0005\u0003/Q\u0011a!\u00118z%\u00164\u0007CA\r\u001d\u001b\u0005Q\"BA\u000e\u000f\u0003\u0019\u00198M]5qi&\u0011QD\u0007\u0002\u0010\u0003\u000e\u001cWm]:WC2LG-\u0019;pe\u00061A(\u001b8jiz\"\u0012\u0001\t\t\u0003C\u0001i\u0011AC\u0001\u0005]\u0006lW-F\u0001%!\t)CF\u0004\u0002'UA\u0011q\u0005F\u0007\u0002Q)\u0011\u0011\u0006E\u0001\u0007yI|w\u000e\u001e \n\u0005-\"\u0012A\u0002)sK\u0012,g-\u0003\u0002.]\t11\u000b\u001e:j]\u001eT!a\u000b\u000b\u0002\u001b\u0011,g-Y;mi\u000e{gNZ5h+\u0005\t\u0004cA\n3i%\u00111\u0007\u0006\u0002\u0007\u001fB$\u0018n\u001c8\u0011\u0005UrT\"\u0001\u001c\u000b\u0005]B\u0014\u0001\u00026t_:T!!\u000f\u001e\u0002\t1L'm\u001d\u0006\u0003wq\n1!\u00199j\u0015\u0005i\u0014\u0001\u00029mCfL!a\u0010\u001c\u0003\u0011)\u001bxJ\u00196fGR\f1\u0002Z3tGJL\u0007\u000f^5p]V\t!\tE\u0002\u0014e\u0011\n!B^5tS\nLG.\u001b;z+\u0005)\u0005C\u0001$L\u001b\u00059%BA\u001eI\u0015\ti\u0011J\u0003\u0002K\u001d\u0005!a.\u001a=u\u0013\tauI\u0001\nOOBcWoZ5o-&\u001c\u0018NY5mSRL\u0018AC2bi\u0016<wN]5fgV\tq\nE\u0002Q+bs!!U*\u000f\u0005\u001d\u0012\u0016\"A\u000b\n\u0005Q#\u0012a\u00029bG.\fw-Z\u0005\u0003-^\u00131aU3r\u0015\t!F\u0003\u0005\u0002G3&\u0011!l\u0012\u0002\u0011\u001d\u001e\u0004F.^4j]\u000e\u000bG/Z4pef\fQa\u001d;faN,\u0012!\u0018\t\u0004!Vs\u0006C\u0001$`\u0013\t\u0001wI\u0001\u0004OON#X\r]\u0001\nG\u0006t\u0017iY2fgN$\"aY=\u0015\u0007\u0011lG\u000fE\u0002fQ*l\u0011A\u001a\u0006\u0003OR\t!bY8oGV\u0014(/\u001a8u\u0013\tIgM\u0001\u0004GkR,(/\u001a\t\u0003'-L!\u0001\u001c\u000b\u0003\u000f\t{w\u000e\\3b]\")a\u000e\u0003a\u0002_\u0006\u0019QM\u001c<\u0011\u0005A\u0014X\"A9\u000b\u00059t\u0011BA:r\u0005\r)eN\u001e\u0005\u0006k\"\u0001\u001dA^\u0001\u0003K\u000e\u0004\"!Z<\n\u0005a4'\u0001E#yK\u000e,H/[8o\u0007>tG/\u001a=u\u0011\u0015Q\b\u00021\u0001|\u0003\r\u0019G\u000f\u001f\t\u00033qL!! \u000e\u0003\u001b\u0005\u001b7-Z:t\u0007>tG/\u001a=u\u0001")
/* loaded from: input_file:otoroshi/plugins/biscuit/BiscuitValidator.class */
public class BiscuitValidator implements AccessValidator {
    private final AtomicReference<ActorRef> otoroshi$script$InternalEventListener$$ref;
    private final Future<BoxedUnit> funit;

    @Override // otoroshi.script.AccessValidator, otoroshi.script.NamedPlugin
    public PluginType pluginType() {
        PluginType pluginType;
        pluginType = pluginType();
        return pluginType;
    }

    @Override // otoroshi.script.AccessValidator
    public Future<Access> access(AccessContext accessContext, Env env, ExecutionContext executionContext) {
        Future<Access> access;
        access = access(accessContext, env, executionContext);
        return access;
    }

    @Override // otoroshi.script.InternalEventListener
    public boolean listening() {
        boolean listening;
        listening = listening();
        return listening;
    }

    @Override // otoroshi.script.InternalEventListener
    public void onEvent(OtoroshiEvent otoroshiEvent, Env env) {
        onEvent(otoroshiEvent, env);
    }

    @Override // otoroshi.script.InternalEventListener
    public void startEvent(String str, Env env) {
        startEvent(str, env);
    }

    @Override // otoroshi.script.InternalEventListener
    public void stopEvent(Env env) {
        stopEvent(env);
    }

    @Override // otoroshi.script.NamedPlugin
    public boolean deprecated() {
        boolean deprecated;
        deprecated = deprecated();
        return deprecated;
    }

    @Override // otoroshi.script.NamedPlugin
    public boolean core() {
        boolean core;
        core = core();
        return core;
    }

    @Override // otoroshi.script.NamedPlugin
    public String internalName() {
        String internalName;
        internalName = internalName();
        return internalName;
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> documentation() {
        Option<String> documentation;
        documentation = documentation();
        return documentation;
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> configRoot() {
        Option<String> configRoot;
        configRoot = configRoot();
        return configRoot;
    }

    @Override // otoroshi.script.NamedPlugin
    /* renamed from: configSchema */
    public Option<JsObject> mo650configSchema() {
        Option<JsObject> mo650configSchema;
        mo650configSchema = mo650configSchema();
        return mo650configSchema;
    }

    @Override // otoroshi.script.NamedPlugin
    public Seq<String> configFlow() {
        Seq<String> configFlow;
        configFlow = configFlow();
        return configFlow;
    }

    @Override // otoroshi.script.NamedPlugin
    public JsObject jsonDescription() {
        JsObject jsonDescription;
        jsonDescription = jsonDescription();
        return jsonDescription;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> startWithPluginId(String str, Env env) {
        Future<BoxedUnit> startWithPluginId;
        startWithPluginId = startWithPluginId(str, env);
        return startWithPluginId;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> start(Env env) {
        Future<BoxedUnit> start;
        start = start(env);
        return start;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> stop(Env env) {
        Future<BoxedUnit> stop;
        stop = stop(env);
        return stop;
    }

    @Override // otoroshi.script.InternalEventListener
    public AtomicReference<ActorRef> otoroshi$script$InternalEventListener$$ref() {
        return this.otoroshi$script$InternalEventListener$$ref;
    }

    @Override // otoroshi.script.InternalEventListener
    public final void otoroshi$script$InternalEventListener$_setter_$otoroshi$script$InternalEventListener$$ref_$eq(AtomicReference<ActorRef> atomicReference) {
        this.otoroshi$script$InternalEventListener$$ref = atomicReference;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> funit() {
        return this.funit;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public void otoroshi$script$StartableAndStoppable$_setter_$funit_$eq(Future<BoxedUnit> future) {
        this.funit = future;
    }

    @Override // otoroshi.script.NamedPlugin
    public String name() {
        return "Biscuit token validator";
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<JsObject> defaultConfig() {
        return implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax(BiscuitConfig$.MODULE$.example()));
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> description() {
        return implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax(new StringOps(Predef$.MODULE$.augmentString(new StringBuilder(157).append("This plugin validates a Biscuit token.\n       |\n       |This plugin can accept the following configuration\n       |\n       |```json\n       |").append(implicits$BetterJsValue$.MODULE$.prettify$extension(implicits$.MODULE$.BetterJsValue((JsValue) defaultConfig().get()))).append("\n       |```\n    ").toString())).stripMargin()));
    }

    @Override // otoroshi.script.NamedPlugin
    public NgPluginVisibility visibility() {
        return NgPluginVisibility$NgUserLand$.MODULE$;
    }

    @Override // otoroshi.script.NamedPlugin
    public Seq<NgPluginCategory> categories() {
        return new $colon.colon<>(NgPluginCategory$AccessControl$.MODULE$, Nil$.MODULE$);
    }

    @Override // otoroshi.script.NamedPlugin
    public Seq<NgStep> steps() {
        return new $colon.colon<>(NgStep$ValidateAccess$.MODULE$, Nil$.MODULE$);
    }

    @Override // otoroshi.script.AccessValidator
    public Future<Object> canAccess(AccessContext accessContext, Env env, ExecutionContext executionContext) {
        Future<Object> future$extension;
        Future<Object> future$extension2;
        Future<Object> future;
        Future<Object> future2;
        BiscuitConfig readConfig = BiscuitHelper$.MODULE$.readConfig("BiscuitValidator", accessContext);
        Some extractToken = BiscuitHelper$.MODULE$.extractToken(accessContext.request(), readConfig);
        if (extractToken instanceof Some) {
            BiscuitToken biscuitToken = (BiscuitToken) extractToken.value();
            if (biscuitToken instanceof PubKeyBiscuitToken) {
                String str = ((PubKeyBiscuitToken) biscuitToken).token();
                PublicKey publicKey = new PublicKey(Schema.PublicKey.Algorithm.Ed25519, (String) readConfig.publicKey().get());
                Right either = Try$.MODULE$.apply(() -> {
                    return Biscuit.from_b64url(str, publicKey);
                }).toEither();
                if (either instanceof Left) {
                    future2 = implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(BoxesRunTime.boxToBoolean(false)));
                } else {
                    if (!(either instanceof Right)) {
                        throw new MatchError(either);
                    }
                    Biscuit biscuit = (Biscuit) either.value();
                    Right either2 = Try$.MODULE$.apply(() -> {
                        return biscuit.verify(publicKey);
                    }).toEither();
                    if (either2 instanceof Left) {
                        future = implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(BoxesRunTime.boxToBoolean(false)));
                    } else {
                        if (!(either2 instanceof Right)) {
                            throw new MatchError(either2);
                        }
                        Either<Error, BoxedUnit> verify = BiscuitHelper$.MODULE$.verify(((Biscuit) either2.value()).authorizer(), readConfig, new AccessValidatorContext(accessContext), env);
                        if (verify instanceof Left) {
                            future$extension2 = implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(BoxesRunTime.boxToBoolean(false)));
                        } else {
                            if (!(verify instanceof Right)) {
                                throw new MatchError(verify);
                            }
                            future$extension2 = implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(BoxesRunTime.boxToBoolean(true)));
                        }
                        future = future$extension2;
                    }
                    future2 = future;
                }
                future$extension = future2;
                return future$extension;
            }
        }
        if (readConfig.enforce()) {
            future$extension = implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(BoxesRunTime.boxToBoolean(false)));
        } else {
            if (readConfig.enforce()) {
                throw new MatchError(extractToken);
            }
            future$extension = implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(BoxesRunTime.boxToBoolean(true)));
        }
        return future$extension;
    }

    public BiscuitValidator() {
        otoroshi$script$StartableAndStoppable$_setter_$funit_$eq((Future) FastFuture$.MODULE$.successful().apply(BoxedUnit.UNIT));
        NamedPlugin.$init$(this);
        otoroshi$script$InternalEventListener$_setter_$otoroshi$script$InternalEventListener$$ref_$eq(new AtomicReference<>());
        AccessValidator.$init$((AccessValidator) this);
    }
}
