package io.toolsplus.atlassian.connect.play.actions;

import com.netaporter.uri.Uri;
import com.netaporter.uri.Uri$;
import io.toolsplus.atlassian.connect.play.api.models.AtlassianHostUser;
import io.toolsplus.atlassian.connect.play.auth.jwt.JwtAuthenticationError;
import io.toolsplus.atlassian.connect.play.auth.jwt.JwtAuthenticationProvider;
import io.toolsplus.atlassian.connect.play.auth.jwt.JwtCredentials;
import io.toolsplus.atlassian.connect.play.auth.jwt.UnknownJwtIssuerError;
import io.toolsplus.atlassian.connect.play.controllers.routes;
import io.toolsplus.atlassian.connect.play.models.AtlassianConnectProperties;
import javax.inject.Inject;
import play.api.Logger;
import play.api.Logger$;
import play.api.MarkerContext$;
import play.api.http.Writeable$;
import play.api.mvc.ActionBuilder;
import play.api.mvc.ActionFunction;
import play.api.mvc.ActionRefiner;
import play.api.mvc.Codec$;
import play.api.mvc.Request;
import play.api.mvc.Result;
import play.api.mvc.Results$;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Some;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.package$;
import scala.reflect.ScalaSignature;
import scala.util.Either;
import scala.util.Left;
import scala.util.Right;

/* compiled from: OptionalAtlassianHostUserAction.scala */
@ScalaSignature(bytes = "\u0006\u0001\u00055d\u0001B\u0001\u0003\u0001=\u00111%T1zE\u0016\fE\u000f\\1tg&\fg\u000eS8tiV\u001bXM]!di&|gNU3gS:,'O\u0003\u0002\u0004\t\u00059\u0011m\u0019;j_:\u001c(BA\u0003\u0007\u0003\u0011\u0001H.Y=\u000b\u0005\u001dA\u0011aB2p]:,7\r\u001e\u0006\u0003\u0013)\t\u0011\"\u0019;mCN\u001c\u0018.\u00198\u000b\u0005-a\u0011!\u0003;p_2\u001c\b\u000f\\;t\u0015\u0005i\u0011AA5p\u0007\u0001\u00192\u0001\u0001\t\u0017!\t\tB#D\u0001\u0013\u0015\u0005\u0019\u0012!B:dC2\f\u0017BA\u000b\u0013\u0005\u0019\te.\u001f*fMB!q#H\u0010$\u001b\u0005A\"BA\r\u001b\u0003\rigo\u0019\u0006\u00037q\t1!\u00199j\u0015\u0005)\u0011B\u0001\u0010\u0019\u00055\t5\r^5p]J+g-\u001b8feB\u0011\u0001%I\u0007\u0002\u0005%\u0011!E\u0001\u0002\u0010\u001b\u0006L(-\u001a&xiJ+\u0017/^3tiB\u0011\u0001\u0005J\u0005\u0003K\t\u0011Q$T1zE\u0016\fE\u000f\\1tg&\fg\u000eS8tiV\u001bXM\u001d*fcV,7\u000f\u001e\u0005\tO\u0001\u0011\t\u0011)A\u0005Q\u0005I\"n\u001e;BkRDWM\u001c;jG\u0006$\u0018n\u001c8Qe>4\u0018\u000eZ3s!\tIc&D\u0001+\u0015\tYC&A\u0002koRT!!\f\u0003\u0002\t\u0005,H\u000f[\u0005\u0003_)\u0012\u0011DS<u\u0003V$\b.\u001a8uS\u000e\fG/[8o!J|g/\u001b3fe\"A\u0011\u0007\u0001B\u0001B\u0003%!'A\td_:tWm\u0019;Qe>\u0004XM\u001d;jKN\u0004\"a\r\u001c\u000e\u0003QR!!\u000e\u0003\u0002\r5|G-\u001a7t\u0013\t9DG\u0001\u000eBi2\f7o]5b]\u000e{gN\\3diB\u0013x\u000e]3si&,7\u000f\u0003\u0005:\u0001\t\u0015\r\u0011b\u0001;\u0003A)\u00070Z2vi&|gnQ8oi\u0016DH/F\u0001<!\tat(D\u0001>\u0015\tq$#\u0001\u0006d_:\u001cWO\u001d:f]RL!\u0001Q\u001f\u0003!\u0015CXmY;uS>t7i\u001c8uKb$\b\u0002\u0003\"\u0001\u0005\u0003\u0005\u000b\u0011B\u001e\u0002#\u0015DXmY;uS>t7i\u001c8uKb$\b\u0005C\u0003E\u0001\u0011\u0005Q)\u0001\u0004=S:LGO\u0010\u000b\u0004\r&SECA$I!\t\u0001\u0003\u0001C\u0003:\u0007\u0002\u000f1\bC\u0003(\u0007\u0002\u0007\u0001\u0006C\u00032\u0007\u0002\u0007!\u0007\u000b\u0002D\u0019B\u0011QJU\u0007\u0002\u001d*\u0011q\nU\u0001\u0007S:TWm\u0019;\u000b\u0003E\u000bQA[1wCbL!a\u0015(\u0003\r%s'.Z2u\u0011\u001d)\u0006A1A\u0005\nY\u000ba\u0001\\8hO\u0016\u0014X#A,\u0011\u0005aKV\"\u0001\u000e\n\u0005iS\"A\u0002'pO\u001e,'\u000f\u0003\u0004]\u0001\u0001\u0006IaV\u0001\bY><w-\u001a:!\u0011\u0015q\u0006\u0001\"\u0011`\u0003\u0019\u0011XMZ5oKV\u0011\u0001M\u001e\u000b\u0003C~\u00042\u0001\u00102e\u0013\t\u0019WH\u0001\u0004GkR,(/\u001a\t\u0005K6\u00048O\u0004\u0002gW:\u0011qM[\u0007\u0002Q*\u0011\u0011ND\u0001\u0007yI|w\u000e\u001e \n\u0003MI!\u0001\u001c\n\u0002\u000fA\f7m[1hK&\u0011an\u001c\u0002\u0007\u000b&$\b.\u001a:\u000b\u00051\u0014\u0002CA\fr\u0013\t\u0011\bD\u0001\u0004SKN,H\u000e\u001e\t\u0004A\u0011\"\bCA;w\u0019\u0001!Qa^/C\u0002a\u0014\u0011!Q\t\u0003sr\u0004\"!\u0005>\n\u0005m\u0014\"a\u0002(pi\"Lgn\u001a\t\u0003#uL!A \n\u0003\u0007\u0005s\u0017\u0010C\u0004\u0002\u0002u\u0003\r!a\u0001\u0002\u000fI,\u0017/^3tiB\u0019\u0001%\t;\t\u000f\u0005\u001d\u0001\u0001\"\u0003\u0002\n\u000512\u000f[8vY\u0012LuM\\8sK&sg/\u00197jI*;H/\u0006\u0003\u0002\f\u0005eACBA\u0007\u0003'\tY\u0002E\u0002\u0012\u0003\u001fI1!!\u0005\u0013\u0005\u001d\u0011un\u001c7fC:D\u0001\"!\u0001\u0002\u0006\u0001\u0007\u0011Q\u0003\t\u0005A\u0005\n9\u0002E\u0002v\u00033!aa^A\u0003\u0005\u0004A\b\u0002CA\u000f\u0003\u000b\u0001\r!a\b\u0002\u0003\u0015\u00042!KA\u0011\u0013\r\t\u0019C\u000b\u0002\u0017\u0015^$\u0018)\u001e;iK:$\u0018nY1uS>tWI\u001d:pe\"9\u0011q\u0005\u0001\u0005\n\u0005%\u0012aG5t\u0013:\u001cH/\u00197mK\u0012d\u0015NZ3ds\u000edWMU3rk\u0016\u001cH/\u0006\u0003\u0002,\u0005]B\u0003BA\u0007\u0003[A\u0001\"!\u0001\u0002&\u0001\u0007\u0011q\u0006\t\u0006/\u0005E\u0012QG\u0005\u0004\u0003gA\"a\u0002*fcV,7\u000f\u001e\t\u0004k\u0006]BAB<\u0002&\t\u0007\u0001\u0010C\u0004\u0002<\u0001!I!!\u0010\u0002;%\u001cXK\\5ogR\fG\u000e\\3e\u0019&4WmY=dY\u0016\u0014V-];fgR,B!a\u0010\u0002HQ!\u0011QBA!\u0011!\t\t!!\u000fA\u0002\u0005\r\u0003#B\f\u00022\u0005\u0015\u0003cA;\u0002H\u00111q/!\u000fC\u0002aDq!a\u0013\u0001\t\u0013\ti%\u0001\bjgJ+\u0017/^3tiR{WK\u001d7\u0016\t\u0005=\u0013q\u000b\u000b\u0007\u0003\u001b\t\t&!\u0017\t\u0011\u0005\u0005\u0011\u0011\na\u0001\u0003'\u0002RaFA\u0019\u0003+\u00022!^A,\t\u00199\u0018\u0011\nb\u0001q\"A\u00111LA%\u0001\u0004\ti&A\u0002ve2\u0004B!a\u0018\u0002h9!\u0011\u0011MA2!\t9'#C\u0002\u0002fI\ta\u0001\u0015:fI\u00164\u0017\u0002BA5\u0003W\u0012aa\u0015;sS:<'bAA3%\u0001")
/* loaded from: input_file:io/toolsplus/atlassian/connect/play/actions/MaybeAtlassianHostUserActionRefiner.class */
public class MaybeAtlassianHostUserActionRefiner implements ActionRefiner<MaybeJwtRequest, MaybeAtlassianHostUserRequest> {
    private final JwtAuthenticationProvider jwtAuthenticationProvider;
    private final AtlassianConnectProperties connectProperties;
    private final ExecutionContext executionContext;
    private final Logger logger;

    public final Future invokeBlock(Object obj, Function1 function1) {
        return ActionRefiner.invokeBlock$(this, obj, function1);
    }

    public <Q> ActionFunction<MaybeJwtRequest, Q> andThen(ActionFunction<MaybeAtlassianHostUserRequest, Q> actionFunction) {
        return ActionFunction.andThen$(this, actionFunction);
    }

    public <Q> ActionFunction<Q, MaybeAtlassianHostUserRequest> compose(ActionFunction<Q, MaybeJwtRequest> actionFunction) {
        return ActionFunction.compose$(this, actionFunction);
    }

    public <B> ActionBuilder<MaybeAtlassianHostUserRequest, B> compose(ActionBuilder<MaybeJwtRequest, B> actionBuilder) {
        return ActionFunction.compose$(this, actionBuilder);
    }

    public ExecutionContext executionContext() {
        return this.executionContext;
    }

    private Logger logger() {
        return this.logger;
    }

    public <A> Future<Either<Result, MaybeAtlassianHostUserRequest<A>>> refine(MaybeJwtRequest<A> maybeJwtRequest) {
        Future<Either<Result, MaybeAtlassianHostUserRequest<A>>> successful;
        Some maybeCredentials = maybeJwtRequest.maybeCredentials();
        if (maybeCredentials instanceof Some) {
            successful = ((Future) this.jwtAuthenticationProvider.authenticate((JwtCredentials) maybeCredentials.value()).value()).map(either -> {
                Right apply;
                Right right;
                if (either instanceof Right) {
                    right = package$.MODULE$.Right().apply(new MaybeAtlassianHostUserRequest(new Some((AtlassianHostUser) ((Right) either).value()), maybeJwtRequest));
                } else {
                    if (!(either instanceof Left)) {
                        throw new MatchError(either);
                    }
                    JwtAuthenticationError jwtAuthenticationError = (JwtAuthenticationError) ((Left) either).value();
                    if (this.shouldIgnoreInvalidJwt(maybeJwtRequest, jwtAuthenticationError)) {
                        this.logger().warn(() -> {
                            return new StringBuilder(69).append("Received JWT authentication from unknown host (").append(((UnknownJwtIssuerError) jwtAuthenticationError).issuer()).append("), but allowing anyway").toString();
                        }, MarkerContext$.MODULE$.NoMarker());
                        apply = package$.MODULE$.Right().apply(new MaybeAtlassianHostUserRequest(None$.MODULE$, maybeJwtRequest));
                    } else {
                        this.logger().debug(() -> {
                            return new StringBuilder(45).append("Authentication of JWT signed request failed: ").append(jwtAuthenticationError).toString();
                        }, MarkerContext$.MODULE$.NoMarker());
                        apply = package$.MODULE$.Left().apply(Results$.MODULE$.Unauthorized().apply(new StringBuilder(23).append("JWT validation failed: ").append(jwtAuthenticationError.getMessage()).toString(), Writeable$.MODULE$.wString(Codec$.MODULE$.utf_8())));
                    }
                    right = apply;
                }
                return right;
            }, executionContext());
        } else {
            if (!None$.MODULE$.equals(maybeCredentials)) {
                throw new MatchError(maybeCredentials);
            }
            successful = Future$.MODULE$.successful(package$.MODULE$.Right().apply(new MaybeAtlassianHostUserRequest(None$.MODULE$, maybeJwtRequest)));
        }
        return successful;
    }

    private <A> boolean shouldIgnoreInvalidJwt(MaybeJwtRequest<A> maybeJwtRequest, JwtAuthenticationError jwtAuthenticationError) {
        boolean z;
        if (jwtAuthenticationError instanceof UnknownJwtIssuerError) {
            z = (isInstalledLifecycleRequest(maybeJwtRequest) && this.connectProperties.allowReinstallMissingHost()) || isUninstalledLifecycleRequest(maybeJwtRequest);
        } else {
            z = false;
        }
        return z;
    }

    private <A> boolean isInstalledLifecycleRequest(Request<A> request) {
        return isRequestToUrl(request, routes.LifecycleController.installed().absoluteURL(request));
    }

    private <A> boolean isUninstalledLifecycleRequest(Request<A> request) {
        return isRequestToUrl(request, routes.LifecycleController.uninstalled().absoluteURL(request));
    }

    private <A> boolean isRequestToUrl(Request<A> request, String str) {
        String uri = request.uri();
        Uri parse = Uri$.MODULE$.parse(uri, Uri$.MODULE$.parse$default$2(uri));
        Uri parse2 = Uri$.MODULE$.parse(str, Uri$.MODULE$.parse$default$2(str));
        String path = parse.path(parse.path$default$1());
        String path2 = parse2.path(parse2.path$default$1());
        if (path != null ? path.equals(path2) : path2 == null) {
            if (parse2.query().paramMap().toSet().subsetOf(parse.query().paramMap().toSet())) {
                return true;
            }
        }
        return false;
    }

    @Inject
    public MaybeAtlassianHostUserActionRefiner(JwtAuthenticationProvider jwtAuthenticationProvider, AtlassianConnectProperties atlassianConnectProperties, ExecutionContext executionContext) {
        this.jwtAuthenticationProvider = jwtAuthenticationProvider;
        this.connectProperties = atlassianConnectProperties;
        this.executionContext = executionContext;
        ActionFunction.$init$(this);
        ActionRefiner.$init$(this);
        this.logger = Logger$.MODULE$.apply(MaybeAtlassianHostUserActionRefiner.class);
    }
}
