package otoroshi.next.plugins;

import akka.http.scaladsl.util.FastFuture$;
import akka.stream.scaladsl.Sink$;
import akka.stream.scaladsl.Source$;
import otoroshi.env.Env;
import otoroshi.gateway.Errors$;
import otoroshi.models.GlobalConfig;
import otoroshi.models.ServiceDescriptor;
import otoroshi.next.plugins.api.NgAccess;
import otoroshi.next.plugins.api.NgAccess$NgAllowed$;
import otoroshi.next.plugins.api.NgAccess$NgDenied$;
import otoroshi.next.plugins.api.NgAccessContext;
import otoroshi.next.plugins.api.NgAccessValidator;
import otoroshi.next.plugins.api.NgNamedPlugin;
import otoroshi.next.plugins.api.NgPluginCategory;
import otoroshi.next.plugins.api.NgPluginCategory$AccessControl$;
import otoroshi.next.plugins.api.NgPluginConfig;
import otoroshi.next.plugins.api.NgPluginVisibility;
import otoroshi.next.plugins.api.NgPluginVisibility$NgUserLand$;
import otoroshi.next.plugins.api.NgStep;
import otoroshi.next.plugins.api.NgStep$ValidateAccess$;
import otoroshi.plugins.oidc.OIDCThirdPartyApiKeyConfig;
import otoroshi.plugins.oidc.OIDCThirdPartyApiKeyConfig$;
import otoroshi.plugins.oidc.ThirdPartyApiKeyConfig;
import otoroshi.plugins.oidc.ThirdPartyApiKeyConfig$;
import otoroshi.script.NamedPlugin;
import otoroshi.script.PluginType;
import otoroshi.utils.TypedMap;
import otoroshi.utils.syntax.implicits$;
import otoroshi.utils.syntax.implicits$BetterSyntax$;
import play.api.http.Writeable$;
import play.api.libs.json.JsArray;
import play.api.libs.json.JsObject;
import play.api.libs.json.JsValue;
import play.api.mvc.Codec$;
import play.api.mvc.RequestHeader;
import play.api.mvc.Results;
import play.api.mvc.Results$;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.TraversableLike;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.StringOps;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.Promise;
import scala.concurrent.Promise$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;

/* compiled from: oidc.scala */
@ScalaSignature(bytes = "\u0006\u0001Y4AAC\u0006\u0001%!)q\u0004\u0001C\u0001A!)1\u0005\u0001C!I!)\u0001\u0006\u0001C!S!)Q\u0007\u0001C!m!)Q\b\u0001C!}!)\u0001\t\u0001C!\u0003\")Q\t\u0001C!\r\")1\u000b\u0001C!)\")\u0011\f\u0001C!5\nAr*\u0013#D\u0003\u000e\u001cWm]:U_.,gNV1mS\u0012\fGo\u001c:\u000b\u00051i\u0011a\u00029mk\u001eLgn\u001d\u0006\u0003\u001d=\tAA\\3yi*\t\u0001#\u0001\u0005pi>\u0014xn\u001d5j\u0007\u0001\u00192\u0001A\n\u001a!\t!r#D\u0001\u0016\u0015\u00051\u0012!B:dC2\f\u0017B\u0001\r\u0016\u0005\u0019\te.\u001f*fMB\u0011!$H\u0007\u00027)\u0011AdC\u0001\u0004CBL\u0017B\u0001\u0010\u001c\u0005Equ-Q2dKN\u001ch+\u00197jI\u0006$xN]\u0001\u0007y%t\u0017\u000e\u001e \u0015\u0003\u0005\u0002\"A\t\u0001\u000e\u0003-\tQ\"\\;mi&Len\u001d;b]\u000e,W#A\u0013\u0011\u0005Q1\u0013BA\u0014\u0016\u0005\u001d\u0011un\u001c7fC:\fAA\\1nKV\t!\u0006\u0005\u0002,e9\u0011A\u0006\r\t\u0003[Ui\u0011A\f\u0006\u0003_E\ta\u0001\u0010:p_Rt\u0014BA\u0019\u0016\u0003\u0019\u0001&/\u001a3fM&\u00111\u0007\u000e\u0002\u0007'R\u0014\u0018N\\4\u000b\u0005E*\u0012a\u00053fM\u0006,H\u000e^\"p]\u001aLwm\u00142kK\u000e$X#A\u001c\u0011\u0007QA$(\u0003\u0002:+\t1q\n\u001d;j_:\u0004\"AG\u001e\n\u0005qZ\"A\u0004(h!2,x-\u001b8D_:4\u0017nZ\u0001\fI\u0016\u001c8M]5qi&|g.F\u0001@!\r!\u0002HK\u0001\u000bm&\u001c\u0018NY5mSRLX#\u0001\"\u0011\u0005i\u0019\u0015B\u0001#\u001c\u0005Iqu\r\u00157vO&tg+[:jE&d\u0017\u000e^=\u0002\u0015\r\fG/Z4pe&,7/F\u0001H!\rAU\n\u0015\b\u0003\u0013.s!!\f&\n\u0003YI!\u0001T\u000b\u0002\u000fA\f7m[1hK&\u0011aj\u0014\u0002\u0004'\u0016\f(B\u0001'\u0016!\tQ\u0012+\u0003\u0002S7\t\u0001bj\u001a)mk\u001eLgnQ1uK\u001e|'/_\u0001\u0006gR,\u0007o]\u000b\u0002+B\u0019\u0001*\u0014,\u0011\u0005i9\u0016B\u0001-\u001c\u0005\u0019qum\u0015;fa\u00061\u0011mY2fgN$\"aW9\u0015\u0007q+G\u000eE\u0002^A\nl\u0011A\u0018\u0006\u0003?V\t!bY8oGV\u0014(/\u001a8u\u0013\t\tgL\u0001\u0004GkR,(/\u001a\t\u00035\rL!\u0001Z\u000e\u0003\u00119;\u0017iY2fgNDQAZ\u0005A\u0004\u001d\f1!\u001a8w!\tA'.D\u0001j\u0015\t1w\"\u0003\u0002lS\n\u0019QI\u001c<\t\u000b5L\u00019\u00018\u0002\u0005\u0015\u001c\u0007CA/p\u0013\t\u0001hL\u0001\tFq\u0016\u001cW\u000f^5p]\u000e{g\u000e^3yi\")!/\u0003a\u0001g\u0006\u00191\r\u001e=\u0011\u0005i!\u0018BA;\u001c\u0005=qu-Q2dKN\u001c8i\u001c8uKb$\b")
/* loaded from: input_file:otoroshi/next/plugins/OIDCAccessTokenValidator.class */
public class OIDCAccessTokenValidator implements NgAccessValidator {
    @Override // otoroshi.next.plugins.api.NgAccessValidator
    public boolean isAccessAsync() {
        boolean isAccessAsync;
        isAccessAsync = isAccessAsync();
        return isAccessAsync;
    }

    @Override // otoroshi.next.plugins.api.NgAccessValidator
    public NgAccess accessSync(NgAccessContext ngAccessContext, Env env, ExecutionContext executionContext) {
        NgAccess accessSync;
        accessSync = accessSync(ngAccessContext, env, executionContext);
        return accessSync;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin
    public Seq<String> tags() {
        Seq<String> tags;
        tags = tags();
        return tags;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin, otoroshi.script.NamedPlugin
    public final Option<JsObject> defaultConfig() {
        Option<JsObject> defaultConfig;
        defaultConfig = defaultConfig();
        return defaultConfig;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin, otoroshi.script.NamedPlugin
    public PluginType pluginType() {
        PluginType pluginType;
        pluginType = pluginType();
        return pluginType;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin, otoroshi.script.NamedPlugin
    public Option<String> configRoot() {
        Option<String> configRoot;
        configRoot = configRoot();
        return configRoot;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin, otoroshi.script.NamedPlugin
    public JsObject jsonDescription() {
        JsObject jsonDescription;
        jsonDescription = jsonDescription();
        return jsonDescription;
    }

    @Override // otoroshi.script.NamedPlugin
    public boolean deprecated() {
        boolean deprecated;
        deprecated = deprecated();
        return deprecated;
    }

    @Override // otoroshi.script.NamedPlugin
    public boolean core() {
        boolean core;
        core = core();
        return core;
    }

    @Override // otoroshi.script.NamedPlugin
    public String internalName() {
        String internalName;
        internalName = internalName();
        return internalName;
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> documentation() {
        Option<String> documentation;
        documentation = documentation();
        return documentation;
    }

    @Override // otoroshi.script.NamedPlugin
    /* renamed from: configSchema */
    public Option<JsObject> mo1082configSchema() {
        Option<JsObject> mo1082configSchema;
        mo1082configSchema = mo1082configSchema();
        return mo1082configSchema;
    }

    @Override // otoroshi.script.NamedPlugin
    public Seq<String> configFlow() {
        Seq<String> configFlow;
        configFlow = configFlow();
        return configFlow;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin
    public boolean multiInstance() {
        return false;
    }

    @Override // otoroshi.script.NamedPlugin
    public String name() {
        return "OIDC access_token validator";
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin
    public Option<NgPluginConfig> defaultConfigObject() {
        return implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax(new OIDCAccessTokenConfig(OIDCAccessTokenConfig$.MODULE$.apply$default$1(), OIDCAccessTokenConfig$.MODULE$.apply$default$2(), implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax(new OIDCThirdPartyApiKeyConfig(true, implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax("some-oidc-auth-module-id")), OIDCThirdPartyApiKeyConfig$.MODULE$.apply$default$3(), OIDCThirdPartyApiKeyConfig$.MODULE$.apply$default$4(), OIDCThirdPartyApiKeyConfig$.MODULE$.apply$default$5(), OIDCThirdPartyApiKeyConfig$.MODULE$.apply$default$6(), OIDCThirdPartyApiKeyConfig$.MODULE$.apply$default$7(), OIDCThirdPartyApiKeyConfig$.MODULE$.apply$default$8(), OIDCThirdPartyApiKeyConfig$.MODULE$.apply$default$9(), OIDCThirdPartyApiKeyConfig$.MODULE$.apply$default$10(), OIDCThirdPartyApiKeyConfig$.MODULE$.apply$default$11(), OIDCThirdPartyApiKeyConfig$.MODULE$.apply$default$12(), OIDCThirdPartyApiKeyConfig$.MODULE$.apply$default$13(), OIDCThirdPartyApiKeyConfig$.MODULE$.apply$default$14(), OIDCThirdPartyApiKeyConfig$.MODULE$.apply$default$15()).toJson())))));
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> description() {
        return implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax(new StringOps(Predef$.MODULE$.augmentString("This plugin will use the third party apikey configuration and apply it while keeping the apikey mecanism of otoroshi.\n           |Use it to combine apikey validation and OIDC access_token validation. ")).stripMargin()));
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin, otoroshi.script.NamedPlugin
    public NgPluginVisibility visibility() {
        return NgPluginVisibility$NgUserLand$.MODULE$;
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin, otoroshi.script.NamedPlugin
    public Seq<NgPluginCategory> categories() {
        return new $colon.colon<>(NgPluginCategory$AccessControl$.MODULE$, Nil$.MODULE$);
    }

    @Override // otoroshi.next.plugins.api.NgNamedPlugin, otoroshi.script.NamedPlugin
    public Seq<NgStep> steps() {
        return new $colon.colon<>(NgStep$ValidateAccess$.MODULE$, Nil$.MODULE$);
    }

    @Override // otoroshi.next.plugins.api.NgAccessValidator
    public Future<NgAccess> access(NgAccessContext ngAccessContext, Env env, ExecutionContext executionContext) {
        Seq seq;
        OIDCAccessTokenConfig oIDCAccessTokenConfig = (OIDCAccessTokenConfig) ngAccessContext.cachedConfig(internalName(), OIDCAccessTokenConfig$.MODULE$.format()).getOrElse(() -> {
            return new OIDCAccessTokenConfig(OIDCAccessTokenConfig$.MODULE$.apply$default$1(), OIDCAccessTokenConfig$.MODULE$.apply$default$2(), OIDCAccessTokenConfig$.MODULE$.apply$default$3());
        });
        if (!oIDCAccessTokenConfig.enabled()) {
            return implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(NgAccess$NgAllowed$.MODULE$));
        }
        boolean z = false;
        Some some = null;
        Option<JsValue> config = oIDCAccessTokenConfig.config();
        if (config instanceof Some) {
            z = true;
            some = (Some) config;
            JsObject jsObject = (JsValue) some.value();
            if (jsObject instanceof JsObject) {
                seq = (Seq) new $colon.colon(jsObject, Nil$.MODULE$);
                return ((Future) Source$.MODULE$.apply(((Seq) ((TraversableLike) seq.map(jsValue -> {
                    return ThirdPartyApiKeyConfig$.MODULE$.format().reads(jsValue);
                }, Seq$.MODULE$.canBuildFrom())).collect(new OIDCAccessTokenValidator$$anonfun$1(null), Seq$.MODULE$.canBuildFrom())).toList()).mapAsync(1, thirdPartyApiKeyConfig -> {
                    return checkOneConfig$1(thirdPartyApiKeyConfig, env, executionContext, ngAccessContext);
                }).runWith(Sink$.MODULE$.seq(), env.otoroshiMaterializer())).map(seq2 -> {
                    return BoxesRunTime.boxToBoolean($anonfun$access$5(oIDCAccessTokenConfig, seq2));
                }, executionContext).flatMap(obj -> {
                    return $anonfun$access$6(ngAccessContext, executionContext, env, BoxesRunTime.unboxToBoolean(obj));
                }, executionContext);
            }
        }
        if (z) {
            JsArray jsArray = (JsValue) some.value();
            if (jsArray instanceof JsArray) {
                seq = jsArray.value();
                return ((Future) Source$.MODULE$.apply(((Seq) ((TraversableLike) seq.map(jsValue2 -> {
                    return ThirdPartyApiKeyConfig$.MODULE$.format().reads(jsValue2);
                }, Seq$.MODULE$.canBuildFrom())).collect(new OIDCAccessTokenValidator$$anonfun$1(null), Seq$.MODULE$.canBuildFrom())).toList()).mapAsync(1, thirdPartyApiKeyConfig2 -> {
                    return checkOneConfig$1(thirdPartyApiKeyConfig2, env, executionContext, ngAccessContext);
                }).runWith(Sink$.MODULE$.seq(), env.otoroshiMaterializer())).map(seq22 -> {
                    return BoxesRunTime.boxToBoolean($anonfun$access$5(oIDCAccessTokenConfig, seq22));
                }, executionContext).flatMap(obj2 -> {
                    return $anonfun$access$6(ngAccessContext, executionContext, env, BoxesRunTime.unboxToBoolean(obj2));
                }, executionContext);
            }
        }
        seq = Nil$.MODULE$;
        return ((Future) Source$.MODULE$.apply(((Seq) ((TraversableLike) seq.map(jsValue22 -> {
            return ThirdPartyApiKeyConfig$.MODULE$.format().reads(jsValue22);
        }, Seq$.MODULE$.canBuildFrom())).collect(new OIDCAccessTokenValidator$$anonfun$1(null), Seq$.MODULE$.canBuildFrom())).toList()).mapAsync(1, thirdPartyApiKeyConfig22 -> {
            return checkOneConfig$1(thirdPartyApiKeyConfig22, env, executionContext, ngAccessContext);
        }).runWith(Sink$.MODULE$.seq(), env.otoroshiMaterializer())).map(seq222 -> {
            return BoxesRunTime.boxToBoolean($anonfun$access$5(oIDCAccessTokenConfig, seq222));
        }, executionContext).flatMap(obj22 -> {
            return $anonfun$access$6(ngAccessContext, executionContext, env, BoxesRunTime.unboxToBoolean(obj22));
        }, executionContext);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final Future checkOneConfig$1(ThirdPartyApiKeyConfig thirdPartyApiKeyConfig, Env env, ExecutionContext executionContext, NgAccessContext ngAccessContext) {
        if (!(thirdPartyApiKeyConfig instanceof OIDCThirdPartyApiKeyConfig)) {
            return (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(true));
        }
        OIDCThirdPartyApiKeyConfig oIDCThirdPartyApiKeyConfig = (OIDCThirdPartyApiKeyConfig) thirdPartyApiKeyConfig;
        GlobalConfig latest = env.datastores().globalConfigDataStore().latest(executionContext, env);
        Promise apply = Promise$.MODULE$.apply();
        oIDCThirdPartyApiKeyConfig.copy(true, oIDCThirdPartyApiKeyConfig.copy$default$2(), oIDCThirdPartyApiKeyConfig.copy$default$3(), oIDCThirdPartyApiKeyConfig.copy$default$4(), oIDCThirdPartyApiKeyConfig.copy$default$5(), oIDCThirdPartyApiKeyConfig.copy$default$6(), oIDCThirdPartyApiKeyConfig.copy$default$7(), oIDCThirdPartyApiKeyConfig.copy$default$8(), oIDCThirdPartyApiKeyConfig.copy$default$9(), oIDCThirdPartyApiKeyConfig.copy$default$10(), oIDCThirdPartyApiKeyConfig.copy$default$11(), oIDCThirdPartyApiKeyConfig.copy$default$12(), oIDCThirdPartyApiKeyConfig.copy$default$13(), oIDCThirdPartyApiKeyConfig.copy$default$14(), oIDCThirdPartyApiKeyConfig.copy$default$15()).handleGen(ngAccessContext.request(), ngAccessContext.route().serviceDescriptor(), latest, ngAccessContext.attrs(), option -> {
            apply.trySuccess(BoxesRunTime.boxToBoolean(true));
            return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(implicits$BetterSyntax$.MODULE$.right$extension(implicits$.MODULE$.BetterSyntax(Results$.MODULE$.Ok().apply("--", Writeable$.MODULE$.wString(Codec$.MODULE$.utf_8()))))));
        }, executionContext, env).andThen(new OIDCAccessTokenValidator$$anonfun$checkOneConfig$1$1(null, apply), executionContext);
        return apply.future();
    }

    public static final /* synthetic */ boolean $anonfun$access$5(OIDCAccessTokenConfig oIDCAccessTokenConfig, scala.collection.immutable.Seq seq) {
        return oIDCAccessTokenConfig.atLeastOne() ? seq.contains(BoxesRunTime.boxToBoolean(true)) : !seq.contains(BoxesRunTime.boxToBoolean(false));
    }

    public static final /* synthetic */ Future $anonfun$access$6(NgAccessContext ngAccessContext, ExecutionContext executionContext, Env env, boolean z) {
        if (z) {
            return implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(NgAccess$NgAllowed$.MODULE$));
        }
        Results.Status BadRequest = Results$.MODULE$.BadRequest();
        RequestHeader request = ngAccessContext.request();
        Option<ServiceDescriptor> option = None$.MODULE$;
        Option<String> option2 = None$.MODULE$;
        TypedMap attrs = ngAccessContext.attrs();
        return Errors$.MODULE$.craftResponseResult("bad request", BadRequest, request, option, option2, Errors$.MODULE$.craftResponseResult$default$6(), Errors$.MODULE$.craftResponseResult$default$7(), Errors$.MODULE$.craftResponseResult$default$8(), Errors$.MODULE$.craftResponseResult$default$9(), Errors$.MODULE$.craftResponseResult$default$10(), Errors$.MODULE$.craftResponseResult$default$11(), attrs, Errors$.MODULE$.craftResponseResult$default$13(), executionContext, env).map(NgAccess$NgDenied$.MODULE$, executionContext);
    }

    public OIDCAccessTokenValidator() {
        NamedPlugin.$init$(this);
        NgNamedPlugin.$init$((NgNamedPlugin) this);
        NgAccessValidator.$init$((NgAccessValidator) this);
    }
}
