package otoroshi.next.plugins;

import akka.stream.Materializer;
import akka.stream.scaladsl.Source;
import akka.util.ByteString;
import akka.util.ByteString$;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import org.apache.commons.codec.binary.Base64;
import org.joda.time.DateTime;
import otoroshi.env.Env;
import otoroshi.models.ApiKey;
import otoroshi.next.plugins.api.BackendCallResponse;
import otoroshi.next.plugins.api.NgBackendCall;
import otoroshi.next.plugins.api.NgNamedPlugin;
import otoroshi.next.plugins.api.NgPluginCategory;
import otoroshi.next.plugins.api.NgPluginCategory$Authentication$;
import otoroshi.next.plugins.api.NgPluginConfig;
import otoroshi.next.plugins.api.NgPluginHttpResponse;
import otoroshi.next.plugins.api.NgPluginVisibility;
import otoroshi.next.plugins.api.NgPluginVisibility$NgUserLand$;
import otoroshi.next.plugins.api.NgStep;
import otoroshi.next.plugins.api.NgStep$CallBackend$;
import otoroshi.next.plugins.api.NgbBackendCallContext;
import otoroshi.next.proxy.NgProxyEngineError;
import otoroshi.script.NamedPlugin;
import otoroshi.script.PluginType;
import otoroshi.security.IdGenerator$;
import otoroshi.utils.http.RequestImplicits$;
import otoroshi.utils.http.RequestImplicits$EnhancedRequestHeader$;
import otoroshi.utils.syntax.implicits$;
import otoroshi.utils.syntax.implicits$BetterSyntax$;
import play.api.http.Writeable$;
import play.api.libs.json.JsObject;
import play.api.libs.json.Json$;
import play.api.libs.json.Reads$;
import play.api.libs.json.Writes$;
import play.api.mvc.Result;
import play.api.mvc.Results$;
import play.core.parsers.FormUrlEncodedParser$;
import scala.Function0;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.Tuple5;
import scala.collection.GenTraversableOnce;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.SeqLike;
import scala.collection.TraversableOnce;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.collection.mutable.ArrayOps;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;
import scala.util.Either;

/* compiled from: clientcredentials.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005\u0015e\u0001B\b\u0011\u0001]AQ\u0001\n\u0001\u0005\u0002\u0015BQ\u0001\u000b\u0001\u0005B%BQ!\u000e\u0001\u0005BYBQA\u000f\u0001\u0005BmBQa\u0010\u0001\u0005BmBQ\u0001\u0011\u0001\u0005B\u0005CQA\u0012\u0001\u0005BmBQa\u0012\u0001\u0005BmBQ\u0001\u0013\u0001\u0005B%CQ!\u0014\u0001\u0005B9CQa\u0017\u0001\u0005BqCQ!\u0019\u0001\u0005\n\tDq!a\u0007\u0001\t\u0013\ti\u0002C\u0004\u0002<\u0001!\t%!\u0010\u0003?9;7\t\\5f]R\u001c%/\u001a3f]RL\u0017\r\u001c+pW\u0016tWI\u001c3q_&tGO\u0003\u0002\u0012%\u00059\u0001\u000f\\;hS:\u001c(BA\n\u0015\u0003\u0011qW\r\u001f;\u000b\u0003U\t\u0001b\u001c;pe>\u001c\b.[\u0002\u0001'\r\u0001\u0001D\b\t\u00033qi\u0011A\u0007\u0006\u00027\u0005)1oY1mC&\u0011QD\u0007\u0002\u0007\u0003:L(+\u001a4\u0011\u0005}\u0011S\"\u0001\u0011\u000b\u0005\u0005\u0002\u0012aA1qS&\u00111\u0005\t\u0002\u000e\u001d\u001e\u0014\u0015mY6f]\u0012\u001c\u0015\r\u001c7\u0002\rqJg.\u001b;?)\u00051\u0003CA\u0014\u0001\u001b\u0005\u0001\u0012\u0001\u00028b[\u0016,\u0012A\u000b\t\u0003WIr!\u0001\f\u0019\u0011\u00055RR\"\u0001\u0018\u000b\u0005=2\u0012A\u0002\u001fs_>$h(\u0003\u000225\u00051\u0001K]3eK\u001aL!a\r\u001b\u0003\rM#(/\u001b8h\u0015\t\t$$A\u0006eKN\u001c'/\u001b9uS>tW#A\u001c\u0011\u0007eA$&\u0003\u0002:5\t1q\n\u001d;j_:\fA\"^:f\t\u0016dWmZ1uKN,\u0012\u0001\u0010\t\u00033uJ!A\u0010\u000e\u0003\u000f\t{w\u000e\\3b]\u0006iQ.\u001e7uS&s7\u000f^1oG\u0016\f1\u0003Z3gCVdGoQ8oM&<wJ\u00196fGR,\u0012A\u0011\t\u00043a\u001a\u0005CA\u0010E\u0013\t)\u0005E\u0001\bOOBcWoZ5o\u0007>tg-[4\u0002\u0015\u0011,\u0007O]3dCR,G-\u0001\u0003d_J,\u0017A\u0003<jg&\u0014\u0017\u000e\\5usV\t!\n\u0005\u0002 \u0017&\u0011A\n\t\u0002\u0013\u001d\u001e\u0004F.^4j]ZK7/\u001b2jY&$\u00180\u0001\u0006dCR,wm\u001c:jKN,\u0012a\u0014\t\u0004!VCfBA)T\u001d\ti#+C\u0001\u001c\u0013\t!&$A\u0004qC\u000e\\\u0017mZ3\n\u0005Y;&aA*fc*\u0011AK\u0007\t\u0003?eK!A\u0017\u0011\u0003!9;\u0007\u000b\\;hS:\u001c\u0015\r^3h_JL\u0018!B:uKB\u001cX#A/\u0011\u0007A+f\f\u0005\u0002 ?&\u0011\u0001\r\t\u0002\u0007\u001d\u001e\u001cF/\u001a9\u0002\u0015!\fg\u000e\u001a7f\u0005>$\u0017\u0010F\u0002d\u0003#!2\u0001ZA\u0001)\r)Go\u001f\t\u0004M&\\W\"A4\u000b\u0005!T\u0012AC2p]\u000e,(O]3oi&\u0011!n\u001a\u0002\u0007\rV$XO]3\u0011\u00051\u0014X\"A7\u000b\u00059|\u0017aA7wG*\u0011\u0011\u0005\u001d\u0006\u0002c\u0006!\u0001\u000f\\1z\u0013\t\u0019XN\u0001\u0004SKN,H\u000e\u001e\u0005\u0006k2\u0001\u001dA^\u0001\u0004K:4\bCA<z\u001b\u0005A(BA;\u0015\u0013\tQ\bPA\u0002F]ZDQ\u0001 \u0007A\u0004u\f!!Z2\u0011\u0005\u0019t\u0018BA@h\u0005A)\u00050Z2vi&|gnQ8oi\u0016DH\u000fC\u0004\u0002\u00041\u0001\r!!\u0002\u0002\u0003\u0019\u0004b!GA\u0004\u0003\u0017)\u0017bAA\u00055\tIa)\u001e8di&|g.\r\t\u0006W\u00055!FK\u0005\u0004\u0003\u001f!$aA'ba\"9\u00111\u0003\u0007A\u0002\u0005U\u0011aA2uqB\u0019q$a\u0006\n\u0007\u0005e\u0001EA\u000bOO\n\u0014\u0015mY6f]\u0012\u001c\u0015\r\u001c7D_:$X\r\u001f;\u0002%!\fg\u000e\u001a7f)>\\WM\u001c*fcV,7\u000f\u001e\u000b\t\u0003?\t)#a\f\u0002:Q)Q-!\t\u0002$!)Q/\u0004a\u0002m\")A0\u0004a\u0002{\"9\u0011qE\u0007A\u0002\u0005%\u0012\u0001B2dM\n\u00042aJA\u0016\u0013\r\ti\u0003\u0005\u0002$\u001d\u001e\u001cE.[3oi\u000e\u0013X\rZ3oi&\fG\u000eV8lK:,e\u000e\u001a9pS:$(i\u001c3z\u0011\u001d\t\t$\u0004a\u0001\u0003g\tAaY8oMB\u0019q%!\u000e\n\u0007\u0005]\u0002CA\u0013OO\u000ec\u0017.\u001a8u\u0007J,G-\u001a8uS\u0006dGk\\6f]\u0016sG\r]8j]R\u001cuN\u001c4jO\"9\u00111C\u0007A\u0002\u0005U\u0011aC2bY2\u0014\u0015mY6f]\u0012$b!a\u0010\u0002z\u0005mD\u0003CA!\u0003C\n\u0019'!\u001a\u0011\t\u0019L\u00171\t\t\t\u0003\u000b\nY%a\u0014\u0002\\5\u0011\u0011q\t\u0006\u0004\u0003\u0013R\u0012\u0001B;uS2LA!!\u0014\u0002H\t1Q)\u001b;iKJ\u0004B!!\u0015\u0002X5\u0011\u00111\u000b\u0006\u0004\u0003+\u0012\u0012!\u00029s_bL\u0018\u0002BA-\u0003'\u0012!CT4Qe>D\u00180\u00128hS:,WI\u001d:peB\u0019q$!\u0018\n\u0007\u0005}\u0003EA\nCC\u000e\\WM\u001c3DC2d'+Z:q_:\u001cX\rC\u0003v\u001d\u0001\u000fa\u000fC\u0003}\u001d\u0001\u000fQ\u0010C\u0004\u0002h9\u0001\u001d!!\u001b\u0002\u00075\fG\u000f\u0005\u0003\u0002l\u0005UTBAA7\u0015\u0011\ty'!\u001d\u0002\rM$(/Z1n\u0015\t\t\u0019(\u0001\u0003bW.\f\u0017\u0002BA<\u0003[\u0012A\"T1uKJL\u0017\r\\5{KJDq!a\u0005\u000f\u0001\u0004\t)\u0002C\u0004\u0002~9\u0001\r!a \u0002\u0013\u0011,G.Z4bi\u0016\u001c\b#B\r\u0002\u0002\u0006\u0005\u0013bAAB5\tIa)\u001e8di&|g\u000e\r")
/* loaded from: input_file:otoroshi/next/plugins/NgClientCredentialTokenEndpoint.class */
public class NgClientCredentialTokenEndpoint implements NgBackendCall {
    @Override // otoroshi.next.plugins.api.NgBackendCall
    public Either<NgProxyEngineError, BackendCallResponse> bodyResponse(int i, Map<String, String> map, Source<ByteString, ?> source) {
        Either<NgProxyEngineError, BackendCallResponse> bodyResponse;
        bodyResponse = bodyResponse(i, map, source);
        return bodyResponse;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin
    public Seq<String> tags() {
        Seq<String> tags;
        tags = tags();
        return tags;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin, otoroshi.script.NamedPlugin
    public final Option<JsObject> defaultConfig() {
        Option<JsObject> defaultConfig;
        defaultConfig = defaultConfig();
        return defaultConfig;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin, otoroshi.script.NamedPlugin
    public PluginType pluginType() {
        PluginType pluginType;
        pluginType = pluginType();
        return pluginType;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin, otoroshi.script.NamedPlugin
    public Option<String> configRoot() {
        Option<String> configRoot;
        configRoot = configRoot();
        return configRoot;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin, otoroshi.script.NamedPlugin
    public JsObject jsonDescription() {
        JsObject jsonDescription;
        jsonDescription = jsonDescription();
        return jsonDescription;
    }

    @Override // otoroshi.script.NamedPlugin
    public String internalName() {
        String internalName;
        internalName = internalName();
        return internalName;
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> documentation() {
        Option<String> documentation;
        documentation = documentation();
        return documentation;
    }

    @Override // otoroshi.script.NamedPlugin
    /* renamed from: configSchema */
    public Option<JsObject> mo1081configSchema() {
        Option<JsObject> mo1081configSchema;
        mo1081configSchema = mo1081configSchema();
        return mo1081configSchema;
    }

    @Override // otoroshi.script.NamedPlugin
    public Seq<String> configFlow() {
        Seq<String> configFlow;
        configFlow = configFlow();
        return configFlow;
    }

    @Override // otoroshi.script.NamedPlugin
    public String name() {
        return "Client credential token endpoint";
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> description() {
        return implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax("This plugin provide the endpoint for the client_credential flow token endpoint"));
    }

    @Override // otoroshi.next.plugins.api.NgBackendCall
    public boolean useDelegates() {
        return false;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin
    public boolean multiInstance() {
        return true;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin
    public Option<NgPluginConfig> defaultConfigObject() {
        return new Some(NgClientCredentialTokenEndpointConfig$.MODULE$.m797default());
    }

    @Override // otoroshi.script.NamedPlugin
    public boolean deprecated() {
        return false;
    }

    @Override // otoroshi.script.NamedPlugin
    public boolean core() {
        return true;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin, otoroshi.script.NamedPlugin
    public NgPluginVisibility visibility() {
        return NgPluginVisibility$NgUserLand$.MODULE$;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin, otoroshi.script.NamedPlugin
    public Seq<NgPluginCategory> categories() {
        return new $colon.colon<>(NgPluginCategory$Authentication$.MODULE$, Nil$.MODULE$);
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin, otoroshi.script.NamedPlugin
    public Seq<NgStep> steps() {
        return new $colon.colon<>(NgStep$CallBackend$.MODULE$, Nil$.MODULE$);
    }

    private Future<Result> handleBody(NgbBackendCallContext ngbBackendCallContext, Function1<Map<String, String>, Future<Result>> function1, Env env, ExecutionContext executionContext) {
        Materializer otoroshiMaterializer = env.otoroshiMaterializer();
        String str = (String) ngbBackendCallContext.rawRequest().charset().getOrElse(() -> {
            return "UTF-8";
        });
        return ngbBackendCallContext.request().body().runFold(ByteString$.MODULE$.empty(), (byteString, byteString2) -> {
            return byteString.$plus$plus(byteString2);
        }, otoroshiMaterializer).flatMap(byteString3 -> {
            boolean z = false;
            Some some = null;
            Option option = ngbBackendCallContext.request().headers().get("Content-Type");
            if (option instanceof Some) {
                z = true;
                some = (Some) option;
                if (((String) some.value()).toLowerCase().contains("application/x-www-form-urlencoded")) {
                    return (Future) function1.apply(FormUrlEncodedParser$.MODULE$.parse(byteString3.utf8String(), str).mapValues(seq -> {
                        return (String) seq.head();
                    }).$plus$plus((GenTraversableOnce) ngbBackendCallContext.request().headers().get("Authorization").filter(str2 -> {
                        return BoxesRunTime.boxToBoolean(str2.startsWith("Basic "));
                    }).map(str3 -> {
                        return str3.replace("Basic ", "");
                    }).map(str4 -> {
                        return Base64.decodeBase64(str4);
                    }).map(bArr -> {
                        return new String(bArr);
                    }).filter(str5 -> {
                        return BoxesRunTime.boxToBoolean(str5.contains(":"));
                    }).map(str6 -> {
                        return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(str6.split(":"))).toSeq();
                    }).map(seq2 -> {
                        return Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_id"), seq2.head()), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_secret"), seq2.last())}));
                    }).getOrElse(() -> {
                        return Predef$.MODULE$.Map().empty();
                    })));
                }
            }
            return (z && ((String) some.value()).toLowerCase().contains("application/json")) ? (Future) function1.apply(((TraversableOnce) ((JsObject) Json$.MODULE$.parse(byteString3.utf8String()).as(Reads$.MODULE$.JsObjectReads())).value().toSeq().collect(new NgClientCredentialTokenEndpoint$$anonfun$2(null), Seq$.MODULE$.canBuildFrom())).toMap(Predef$.MODULE$.$conforms()).$plus$plus((GenTraversableOnce) ngbBackendCallContext.request().headers().get("Authorization").filter(str7 -> {
                return BoxesRunTime.boxToBoolean(str7.startsWith("Basic "));
            }).map(str8 -> {
                return str8.replace("Basic ", "");
            }).map(str9 -> {
                return Base64.decodeBase64(str9);
            }).map(bArr2 -> {
                return new String(bArr2);
            }).filter(str10 -> {
                return BoxesRunTime.boxToBoolean(str10.contains(":"));
            }).map(str11 -> {
                return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(str11.split(":"))).toSeq();
            }).map(seq3 -> {
                return Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_id"), seq3.head()), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_secret"), seq3.last())}));
            }).getOrElse(() -> {
                return Predef$.MODULE$.Map().empty();
            }))) : implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(Results$.MODULE$.Unauthorized().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("access_denied", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error_description"), Json$.MODULE$.toJsFieldJsValueWrapper("Unauthorized", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
        }, executionContext);
    }

    private Future<Result> handleTokenRequest(NgClientCredentialTokenEndpointBody ngClientCredentialTokenEndpointBody, NgClientCredentialTokenEndpointConfig ngClientCredentialTokenEndpointConfig, NgbBackendCallContext ngbBackendCallContext, Env env, ExecutionContext executionContext) {
        if (ngClientCredentialTokenEndpointBody != null) {
            String grantType = ngClientCredentialTokenEndpointBody.grantType();
            String clientId = ngClientCredentialTokenEndpointBody.clientId();
            String clientSecret = ngClientCredentialTokenEndpointBody.clientSecret();
            Option<String> scope = ngClientCredentialTokenEndpointBody.scope();
            if ("client_credentials".equals(grantType)) {
                return env.datastores().apiKeyDataStore().findById(clientId, executionContext, env).flatMap(option -> {
                    if (option instanceof Some) {
                        ApiKey apiKey = (ApiKey) ((Some) option).value();
                        if (apiKey.isValid(clientSecret) && apiKey.isActive()) {
                            String str = (String) apiKey.metadata().getOrElse("jwt-sign-keypair", () -> {
                                return ngClientCredentialTokenEndpointConfig.defaultKeyPair();
                            });
                            String sign = JWT.create().withJWTId(IdGenerator$.MODULE$.uuid()).withExpiresAt(DateTime.now().plus(ngClientCredentialTokenEndpointConfig.expiration().toMillis()).toDate()).withIssuedAt(DateTime.now().toDate()).withNotBefore(DateTime.now().toDate()).withClaim("cid", apiKey.clientId()).withIssuer(new StringBuilder(3).append(RequestImplicits$EnhancedRequestHeader$.MODULE$.theProtocol$extension(RequestImplicits$.MODULE$.EnhancedRequestHeader(ngbBackendCallContext.rawRequest()), env)).append("://").append(ngbBackendCallContext.rawRequest().host()).toString()).withSubject(apiKey.clientId()).withAudience(new String[]{"otoroshi"}).withKeyId(str).sign((Algorithm) env.proxyState().certificate(str).map(cert -> {
                                return cert.cryptoKeyPair();
                            }).map(keyPair -> {
                                Tuple2 tuple2 = new Tuple2(keyPair.getPublic(), keyPair.getPrivate());
                                if (tuple2 != null) {
                                    PublicKey publicKey = (PublicKey) tuple2._1();
                                    PrivateKey privateKey = (PrivateKey) tuple2._2();
                                    if (publicKey instanceof RSAPublicKey) {
                                        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
                                        if (privateKey instanceof RSAPrivateKey) {
                                            return Algorithm.RSA256(rSAPublicKey, (RSAPrivateKey) privateKey);
                                        }
                                    }
                                }
                                if (tuple2 != null) {
                                    PublicKey publicKey2 = (PublicKey) tuple2._1();
                                    PrivateKey privateKey2 = (PrivateKey) tuple2._2();
                                    if (publicKey2 instanceof ECPublicKey) {
                                        ECPublicKey eCPublicKey = (ECPublicKey) publicKey2;
                                        if (privateKey2 instanceof ECPrivateKey) {
                                            return Algorithm.ECDSA384(eCPublicKey, (ECPrivateKey) privateKey2);
                                        }
                                    }
                                }
                                return Algorithm.HMAC512(apiKey.clientSecret());
                            }).getOrElse(() -> {
                                return Algorithm.HMAC512(apiKey.clientSecret());
                            }));
                            if (!scope.forall(str2 -> {
                                return BoxesRunTime.boxToBoolean($anonfun$handleTokenRequest$55(apiKey, str2));
                            })) {
                                return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(Results$.MODULE$.Forbidden().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("access_denied", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error_description"), Json$.MODULE$.toJsFieldJsValueWrapper(new StringBuilder(37).append("cslient has not been granted scopes: ").append(scope.get()).toString(), Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                            }
                            return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(Results$.MODULE$.Ok().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("access_token"), Json$.MODULE$.toJsFieldJsValueWrapper(sign, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("token_type"), Json$.MODULE$.toJsFieldJsValueWrapper("Bearer", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("expires_in"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToLong(ngClientCredentialTokenEndpointConfig.expiration().toSeconds()), Writes$.MODULE$.LongWrites()))})).$plus$plus((JsObject) scope.orElse(() -> {
                                return apiKey.metadata().get("scope");
                            }).map(str3 -> {
                                return Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("scope"), Json$.MODULE$.toJsFieldJsValueWrapper(str3, Writes$.MODULE$.StringWrites()))}));
                            }).getOrElse(() -> {
                                return Json$.MODULE$.obj(Nil$.MODULE$);
                            })), Writeable$.MODULE$.writeableOf_JsValue())));
                        }
                    }
                    return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(Results$.MODULE$.Unauthorized().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("access_denied", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error_description"), Json$.MODULE$.toJsFieldJsValueWrapper("bad client credentials", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                }, executionContext);
            }
        }
        return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(Results$.MODULE$.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("unauthorized_client", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error_description"), Json$.MODULE$.toJsFieldJsValueWrapper(new StringBuilder(29).append("grant type '").append(ngClientCredentialTokenEndpointBody.grantType()).append("' not supported !").toString(), Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
    }

    @Override // otoroshi.next.plugins.api.NgBackendCall
    public Future<Either<NgProxyEngineError, BackendCallResponse>> callBackend(NgbBackendCallContext ngbBackendCallContext, Function0<Future<Either<NgProxyEngineError, BackendCallResponse>>> function0, Env env, ExecutionContext executionContext, Materializer materializer) {
        NgClientCredentialTokenEndpointConfig ngClientCredentialTokenEndpointConfig = (NgClientCredentialTokenEndpointConfig) ngbBackendCallContext.cachedConfig(internalName(), NgClientCredentialTokenEndpointConfig$.MODULE$.format()).getOrElse(() -> {
            return NgClientCredentialTokenEndpointConfig$.MODULE$.m797default();
        });
        return handleBody(ngbBackendCallContext, map -> {
            Predef$.MODULE$.println(new Tuple2("body", map));
            Tuple5 tuple5 = new Tuple5(map.get("grant_type"), map.get("client_id"), map.get("client_secret"), map.get("scope"), map.get("bearer_kind"));
            if (tuple5 != null) {
                Some some = (Option) tuple5._1();
                Some some2 = (Option) tuple5._2();
                Some some3 = (Option) tuple5._3();
                Option option = (Option) tuple5._4();
                Option option2 = (Option) tuple5._5();
                if (some instanceof Some) {
                    String str = (String) some.value();
                    if (some2 instanceof Some) {
                        String str2 = (String) some2.value();
                        if (some3 instanceof Some) {
                            return this.handleTokenRequest(new NgClientCredentialTokenEndpointBody(str, str2, (String) some3.value(), option, (String) option2.getOrElse(() -> {
                                return "jwt";
                            })), ngClientCredentialTokenEndpointConfig, ngbBackendCallContext, env, executionContext);
                        }
                    }
                }
            }
            return (Future) ngbBackendCallContext.request().headers().get("Authorization").filter(str3 -> {
                return BoxesRunTime.boxToBoolean(str3.startsWith("Basic "));
            }).map(str4 -> {
                return str4.replace("Basic ", "");
            }).map(str5 -> {
                return Base64.decodeBase64(str5);
            }).map(bArr -> {
                return new String(bArr);
            }).filter(str6 -> {
                return BoxesRunTime.boxToBoolean(str6.contains(":"));
            }).map(str7 -> {
                return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(str7.split(":"))).toSeq();
            }).map(seq -> {
                return new Tuple2(seq.head(), seq.last());
            }).map(tuple2 -> {
                if (tuple2 == null) {
                    throw new MatchError(tuple2);
                }
                return this.handleTokenRequest(new NgClientCredentialTokenEndpointBody((String) map.getOrElse("grant_type", () -> {
                    return "--";
                }), (String) tuple2._1(), (String) tuple2._2(), None$.MODULE$, (String) map.getOrElse("bearer_kind", () -> {
                    return "jwt";
                })), ngClientCredentialTokenEndpointConfig, ngbBackendCallContext, env, executionContext);
            }).getOrElse(() -> {
                return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(Results$.MODULE$.Unauthorized().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("access_denied", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error_description"), Json$.MODULE$.toJsFieldJsValueWrapper("unauthorized", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
            });
        }, env, executionContext).map(result -> {
            return implicits$BetterSyntax$.MODULE$.right$extension(implicits$.MODULE$.BetterSyntax(new BackendCallResponse(new NgPluginHttpResponse(result.header().status(), result.header().headers().$plus$plus(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("Content-Type"), result.body().contentType().getOrElse(() -> {
                return "application/json";
            })), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("Content-Length"), result.body().contentLength().getOrElse(() -> {
                return "0";
            }).toString())}))), Nil$.MODULE$, result.body().dataStream()), None$.MODULE$)));
        }, executionContext);
    }

    public static final /* synthetic */ boolean $anonfun$handleTokenRequest$56(Seq seq, String str) {
        return ((TraversableOnce) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(str.split(" "))).toSeq().intersect(seq)).nonEmpty();
    }

    public static final /* synthetic */ int $anonfun$handleTokenRequest$57(Seq seq, String str) {
        return ((SeqLike) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(str.split(" "))).toSeq().intersect(seq)).size();
    }

    public static final /* synthetic */ boolean $anonfun$handleTokenRequest$55(ApiKey apiKey, String str) {
        Seq seq = new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(str.split(" "))).toSeq();
        return apiKey.metadata().get("scope").exists(str2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$handleTokenRequest$56(seq, str2));
        }) && BoxesRunTime.unboxToInt(apiKey.metadata().get("scope").map(str3 -> {
            return BoxesRunTime.boxToInteger($anonfun$handleTokenRequest$57(seq, str3));
        }).getOrElse(() -> {
            return seq.size();
        })) == seq.size();
    }

    public NgClientCredentialTokenEndpoint() {
        NamedPlugin.$init$(this);
        NgNamedPlugin.$init$((NgNamedPlugin) this);
        NgBackendCall.$init$((NgBackendCall) this);
    }
}
