package otoroshi.plugins.clientcert;

import akka.actor.ActorRef;
import akka.http.scaladsl.util.FastFuture$;
import java.security.cert.X509Certificate;
import java.util.concurrent.atomic.AtomicReference;
import otoroshi.env.Env;
import otoroshi.events.OtoroshiEvent;
import otoroshi.models.ApiKey;
import otoroshi.next.plugins.api.NgPluginCategory;
import otoroshi.next.plugins.api.NgPluginCategory$AccessControl$;
import otoroshi.next.plugins.api.NgPluginVisibility;
import otoroshi.next.plugins.api.NgPluginVisibility$NgUserLand$;
import otoroshi.next.plugins.api.NgStep;
import otoroshi.next.plugins.api.NgStep$ValidateAccess$;
import otoroshi.script.Access;
import otoroshi.script.AccessContext;
import otoroshi.script.AccessValidator;
import otoroshi.script.NamedPlugin;
import otoroshi.script.PluginType;
import otoroshi.utils.RegexPool$;
import otoroshi.utils.http.DN;
import play.api.libs.json.JsObject;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.collection.Seq;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.StringOps;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: clientcert.scala */
@ScalaSignature(bytes = "\u0006\u0001=4A\u0001C\u0005\u0001!!)Q\u0004\u0001C\u0001=!)\u0011\u0005\u0001C!E!)a\u0006\u0001C!_!)1\u0007\u0001C!i!)a\b\u0001C!\u007f!)A\n\u0001C!\u001b\")!\u000b\u0001C!'\n!\u0003*Y:DY&,g\u000e^\"feRl\u0015\r^2iS:<\u0017\t]5lKf4\u0016\r\\5eCR|'O\u0003\u0002\u000b\u0017\u0005Q1\r\\5f]R\u001cWM\u001d;\u000b\u00051i\u0011a\u00029mk\u001eLgn\u001d\u0006\u0002\u001d\u0005Aq\u000e^8s_ND\u0017n\u0001\u0001\u0014\u0007\u0001\tr\u0003\u0005\u0002\u0013+5\t1CC\u0001\u0015\u0003\u0015\u00198-\u00197b\u0013\t12C\u0001\u0004B]f\u0014VM\u001a\t\u00031mi\u0011!\u0007\u0006\u000355\taa]2sSB$\u0018B\u0001\u000f\u001a\u0005=\t5mY3tgZ\u000bG.\u001b3bi>\u0014\u0018A\u0002\u001fj]&$h\bF\u0001 !\t\u0001\u0003!D\u0001\n\u0003\u0011q\u0017-\\3\u0016\u0003\r\u0002\"\u0001J\u0016\u000f\u0005\u0015J\u0003C\u0001\u0014\u0014\u001b\u00059#B\u0001\u0015\u0010\u0003\u0019a$o\\8u}%\u0011!fE\u0001\u0007!J,G-\u001a4\n\u00051j#AB*ue&twM\u0003\u0002+'\u0005YA-Z:de&\u0004H/[8o+\u0005\u0001\u0004c\u0001\n2G%\u0011!g\u0005\u0002\u0007\u001fB$\u0018n\u001c8\u0002\u0015YL7/\u001b2jY&$\u00180F\u00016!\t1D(D\u00018\u0015\tA\u0014(A\u0002ba&T!\u0001\u0004\u001e\u000b\u0005mj\u0011\u0001\u00028fqRL!!P\u001c\u0003%9;\u0007\u000b\\;hS:4\u0016n]5cS2LG/_\u0001\u000bG\u0006$XmZ8sS\u0016\u001cX#\u0001!\u0011\u0007\u00053\u0015J\u0004\u0002C\t:\u0011aeQ\u0005\u0002)%\u0011QiE\u0001\ba\u0006\u001c7.Y4f\u0013\t9\u0005JA\u0002TKFT!!R\n\u0011\u0005YR\u0015BA&8\u0005Aqu\r\u00157vO&t7)\u0019;fO>\u0014\u00180A\u0003ti\u0016\u00048/F\u0001O!\r\tei\u0014\t\u0003mAK!!U\u001c\u0003\r9;7\u000b^3q\u0003%\u0019\u0017M\\!dG\u0016\u001c8\u000f\u0006\u0002UUR\u0019QKX3\u0011\u0007YK6,D\u0001X\u0015\tA6#\u0001\u0006d_:\u001cWO\u001d:f]RL!AW,\u0003\r\u0019+H/\u001e:f!\t\u0011B,\u0003\u0002^'\t9!i\\8mK\u0006t\u0007\"B0\b\u0001\b\u0001\u0017aA3omB\u0011\u0011mY\u0007\u0002E*\u0011q,D\u0005\u0003I\n\u00141!\u00128w\u0011\u00151w\u0001q\u0001h\u0003\t)7\r\u0005\u0002WQ&\u0011\u0011n\u0016\u0002\u0011\u000bb,7-\u001e;j_:\u001cuN\u001c;fqRDQa[\u0004A\u00021\fqaY8oi\u0016DH\u000f\u0005\u0002\u0019[&\u0011a.\u0007\u0002\u000e\u0003\u000e\u001cWm]:D_:$X\r\u001f;")
/* loaded from: input_file:otoroshi/plugins/clientcert/HasClientCertMatchingApikeyValidator.class */
public class HasClientCertMatchingApikeyValidator implements AccessValidator {
    private final AtomicReference<ActorRef> otoroshi$script$InternalEventListener$$ref;
    private final Future<BoxedUnit> funit;

    @Override // otoroshi.script.AccessValidator, otoroshi.script.NamedPlugin
    public PluginType pluginType() {
        PluginType pluginType;
        pluginType = pluginType();
        return pluginType;
    }

    @Override // otoroshi.script.AccessValidator
    public Future<Access> access(AccessContext accessContext, Env env, ExecutionContext executionContext) {
        Future<Access> access;
        access = access(accessContext, env, executionContext);
        return access;
    }

    @Override // otoroshi.script.InternalEventListener
    public boolean listening() {
        boolean listening;
        listening = listening();
        return listening;
    }

    @Override // otoroshi.script.InternalEventListener
    public void onEvent(OtoroshiEvent otoroshiEvent, Env env) {
        onEvent(otoroshiEvent, env);
    }

    @Override // otoroshi.script.InternalEventListener
    public void startEvent(String str, Env env) {
        startEvent(str, env);
    }

    @Override // otoroshi.script.InternalEventListener
    public void stopEvent(Env env) {
        stopEvent(env);
    }

    @Override // otoroshi.script.NamedPlugin
    public boolean deprecated() {
        boolean deprecated;
        deprecated = deprecated();
        return deprecated;
    }

    @Override // otoroshi.script.NamedPlugin
    public boolean core() {
        boolean core;
        core = core();
        return core;
    }

    @Override // otoroshi.script.NamedPlugin
    public String internalName() {
        String internalName;
        internalName = internalName();
        return internalName;
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> documentation() {
        Option<String> documentation;
        documentation = documentation();
        return documentation;
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<JsObject> defaultConfig() {
        Option<JsObject> defaultConfig;
        defaultConfig = defaultConfig();
        return defaultConfig;
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> configRoot() {
        Option<String> configRoot;
        configRoot = configRoot();
        return configRoot;
    }

    @Override // otoroshi.script.NamedPlugin
    /* renamed from: configSchema */
    public Option<JsObject> mo1138configSchema() {
        Option<JsObject> mo1138configSchema;
        mo1138configSchema = mo1138configSchema();
        return mo1138configSchema;
    }

    @Override // otoroshi.script.NamedPlugin
    public Seq<String> configFlow() {
        Seq<String> configFlow;
        configFlow = configFlow();
        return configFlow;
    }

    @Override // otoroshi.script.NamedPlugin
    public JsObject jsonDescription() {
        JsObject jsonDescription;
        jsonDescription = jsonDescription();
        return jsonDescription;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> startWithPluginId(String str, Env env) {
        Future<BoxedUnit> startWithPluginId;
        startWithPluginId = startWithPluginId(str, env);
        return startWithPluginId;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> start(Env env) {
        Future<BoxedUnit> start;
        start = start(env);
        return start;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> stop(Env env) {
        Future<BoxedUnit> stop;
        stop = stop(env);
        return stop;
    }

    @Override // otoroshi.script.InternalEventListener
    public AtomicReference<ActorRef> otoroshi$script$InternalEventListener$$ref() {
        return this.otoroshi$script$InternalEventListener$$ref;
    }

    @Override // otoroshi.script.InternalEventListener
    public final void otoroshi$script$InternalEventListener$_setter_$otoroshi$script$InternalEventListener$$ref_$eq(AtomicReference<ActorRef> atomicReference) {
        this.otoroshi$script$InternalEventListener$$ref = atomicReference;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> funit() {
        return this.funit;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public void otoroshi$script$StartableAndStoppable$_setter_$funit_$eq(Future<BoxedUnit> future) {
        this.funit = future;
    }

    @Override // otoroshi.script.NamedPlugin
    public String name() {
        return "Client Certificate + Api Key only";
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> description() {
        return new Some(new StringOps(Predef$.MODULE$.augmentString("Check if a client certificate is present in the request and that the apikey used matches the client certificate.\n      |You can set the client cert. DN in an apikey metadata named `allowed-client-cert-dn`\n      |")).stripMargin());
    }

    @Override // otoroshi.script.NamedPlugin
    public NgPluginVisibility visibility() {
        return NgPluginVisibility$NgUserLand$.MODULE$;
    }

    @Override // otoroshi.script.NamedPlugin
    public Seq<NgPluginCategory> categories() {
        return new $colon.colon<>(NgPluginCategory$AccessControl$.MODULE$, Nil$.MODULE$);
    }

    @Override // otoroshi.script.NamedPlugin
    public Seq<NgStep> steps() {
        return new $colon.colon<>(NgStep$ValidateAccess$.MODULE$, Nil$.MODULE$);
    }

    @Override // otoroshi.script.AccessValidator
    public Future<Object> canAccess(AccessContext accessContext, Env env, ExecutionContext executionContext) {
        if (!(accessContext.request().clientCertificateChain() instanceof Some)) {
            return (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(false));
        }
        Some apikey = accessContext.apikey();
        if (!(apikey instanceof Some)) {
            if (None$.MODULE$.equals(apikey)) {
                return (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(false));
            }
            throw new MatchError(apikey);
        }
        Some some = ((ApiKey) apikey.value()).metadata().get("allowed-client-cert-dn");
        if (!(some instanceof Some)) {
            if (None$.MODULE$.equals(some)) {
                return (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(false));
            }
            throw new MatchError(some);
        }
        String str = (String) some.value();
        Some clientCertificateChain = accessContext.request().clientCertificateChain();
        if (!(clientCertificateChain instanceof Some)) {
            if (None$.MODULE$.equals(clientCertificateChain)) {
                return (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(false));
            }
            throw new MatchError(clientCertificateChain);
        }
        Some headOption = ((Seq) clientCertificateChain.value()).headOption();
        if (headOption instanceof Some) {
            return (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(RegexPool$.MODULE$.apply(str).matches(new DN(((X509Certificate) headOption.value()).getIssuerDN().getName()).stringify())));
        }
        if (None$.MODULE$.equals(headOption)) {
            return (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(false));
        }
        throw new MatchError(headOption);
    }

    public HasClientCertMatchingApikeyValidator() {
        otoroshi$script$StartableAndStoppable$_setter_$funit_$eq((Future) FastFuture$.MODULE$.successful().apply(BoxedUnit.UNIT));
        NamedPlugin.$init$(this);
        otoroshi$script$InternalEventListener$_setter_$otoroshi$script$InternalEventListener$$ref_$eq(new AtomicReference<>());
        AccessValidator.$init$((AccessValidator) this);
    }
}
