package skinny.controller.feature;

import java.security.MessageDigest;
import java.util.Locale;
import scala.Array$;
import scala.Option;
import scala.Predef$;
import scala.collection.immutable.StringOps;
import scala.collection.mutable.ArrayOps;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;
import scala.sys.package$;
import skinny.controller.SkinnyControllerBase;
import skinny.oauth2.client.AccessTokenRequest;
import skinny.oauth2.client.AuthenticationRequest;
import skinny.oauth2.client.GrantType$;
import skinny.oauth2.client.OAuth2Client$;
import skinny.oauth2.client.OAuth2Provider;
import skinny.oauth2.client.OAuth2Token;
import skinny.oauth2.client.OAuth2User;
import skinny.oauth2.client.ResponseType$;

/* compiled from: OAuth2LoginFeature.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005%s!B\u0001\u0003\u0011\u0003I\u0011AE(BkRD'\u0007T8hS:4U-\u0019;ve\u0016T!a\u0001\u0003\u0002\u000f\u0019,\u0017\r^;sK*\u0011QAB\u0001\u000bG>tGO]8mY\u0016\u0014(\"A\u0004\u0002\rM\\\u0017N\u001c8z\u0007\u0001\u0001\"AC\u0006\u000e\u0003\t1Q\u0001\u0004\u0002\t\u00025\u0011!cT!vi\"\u0014Dj\\4j]\u001a+\u0017\r^;sKN\u00111B\u0004\t\u0003\u001fIi\u0011\u0001\u0005\u0006\u0002#\u0005)1oY1mC&\u00111\u0003\u0005\u0002\u0007\u0003:L(+\u001a4\t\u000bUYA\u0011\u0001\f\u0002\rqJg.\u001b;?)\u0005I\u0001b\u0002\r\f\u0005\u0004%\t!G\u0001\"\t\u00163\u0015)\u0016'U?\u000ec\u0015*\u0012(U?&#u,\u0012(W?:\u000bU*R0Q%\u00163\u0015\nW\u000b\u00025A\u00111\u0004I\u0007\u00029)\u0011QDH\u0001\u0005Y\u0006twMC\u0001 \u0003\u0011Q\u0017M^1\n\u0005\u0005b\"AB*ue&tw\r\u0003\u0004$\u0017\u0001\u0006IAG\u0001#\t\u00163\u0015)\u0016'U?\u000ec\u0015*\u0012(U?&#u,\u0012(W?:\u000bU*R0Q%\u00163\u0015\n\u0017\u0011\t\u000f\u0015Z!\u0019!C\u00013\u0005)C)\u0012$B+2#vl\u0011'J\u000b:#vlU#D%\u0016#v,\u0012(W?:\u000bU*R0Q%\u00163\u0015\n\u0017\u0005\u0007O-\u0001\u000b\u0011\u0002\u000e\u0002M\u0011+e)Q+M)~\u001bE*S#O)~\u001bVi\u0011*F)~+eJV0O\u00036+u\f\u0015*F\r&C\u0006\u0005C\u0004*\u0017\t\u0007I\u0011A\r\u0002C\u0011+e)Q+M)~\u001bViU*J\u001f:{v*Q+U\u0011Jz6\u000bV!U\u000b~s\u0015)T#\t\r-Z\u0001\u0015!\u0003\u001b\u0003\t\"UIR!V\u0019R{6+R*T\u0013>sulT!V)\"\u0013tl\u0015+B)\u0016{f*Q'FA\u00199AB\u0001I\u0001\u0004\u0003iSc\u0001\u0018\u0002\u0004M\u0019AFD\u0018\u0011\u0005A\nT\"\u0001\u0003\n\u0005I\"!\u0001F*lS:t\u0017pQ8oiJ|G\u000e\\3s\u0005\u0006\u001cX\rC\u00035Y\u0011\u0005Q'\u0001\u0004%S:LG\u000f\n\u000b\u0002mA\u0011qbN\u0005\u0003qA\u0011A!\u00168ji\")!\b\fD\tw\u0005A\u0001O]8wS\u0012,'/F\u0001=!\ti$)D\u0001?\u0015\ty\u0004)\u0001\u0004dY&,g\u000e\u001e\u0006\u0003\u0003\u001a\taa\\1vi\"\u0014\u0014BA\"?\u00059y\u0015)\u001e;ieA\u0013xN^5eKJDQ!\u0012\u0017\u0005\u0012\u0019\u000bqb\u00197jK:$\u0018\nZ#om:\u000bW.Z\u000b\u0002\u000fB\u0011\u0001j\u0014\b\u0003\u00136\u0003\"A\u0013\t\u000e\u0003-S!\u0001\u0014\u0005\u0002\rq\u0012xn\u001c;?\u0013\tq\u0005#\u0001\u0004Qe\u0016$WMZ\u0005\u0003CAS!A\u0014\t\t\u000bIcC\u0011\u0003$\u0002'\rd\u0017.\u001a8u'\u0016\u001c'/\u001a;F]Zt\u0015-\\3\t\u000bQcC\u0011\u0003$\u0002-M,7o]5p]>\u000bU\u000f\u001e53'R\fG/\u001a(b[\u0016DQA\u0016\u0017\u0005\u0012\u0019\u000b\u0001b\u00197jK:$\u0018\n\u001a\u0005\u000612\"\tBR\u0001\rG2LWM\u001c;TK\u000e\u0014X\r\u001e\u0005\u000652\"\tbW\u0001\u0013O\u0016tWM]1uKN#\u0018\r^3WC2,X\rF\u0001H\u0011\u0015iF\u0006\"\u0005G\u0003\u0015\u0019H/\u0019;f\u0011\u0015yF\u0006\"\u0005G\u0003\u0015\u00198m\u001c9f\u0011\u0015\tGF\"\u0005G\u0003-\u0011X\rZ5sK\u000e$XKU%\t\u000b\rdC\u0011\u00033\u00027\r\u0014X-\u0019;f\u0003V$\b.\u001a8uS\u000e\fG/[8o%\u0016\fX/Z:u)\u0005)\u0007CA\u001fg\u0013\t9gHA\u000bBkRDWM\u001c;jG\u0006$\u0018n\u001c8SKF,Xm\u001d;\t\u000b%dC\u0011\u00036\u0002\u001bI,G/\u001e:oK\u0012\u001cF/\u0019;f+\u0005Y\u0007cA\bm\u000f&\u0011Q\u000e\u0005\u0002\u0007\u001fB$\u0018n\u001c8\t\u000b=dC\u0011\u00039\u0002)%\u001c(+\u001a;ve:,Gm\u0015;bi\u00164\u0016\r\\5e+\u0005\t\bCA\bs\u0013\t\u0019\bCA\u0004C_>dW-\u00198\t\u000bUdC\u0011\u0003<\u0002-I,GO]5fm\u0016tUm^!dG\u0016\u001c8\u000fV8lK:$\"a\u001e>\u0011\u0005uB\u0018BA=?\u0005-y\u0015)\u001e;ieQ{7.\u001a8\t\u000bm$\b\u0019A$\u0002\t\r|G-\u001a\u0005\u0006{22\tB`\u0001\u0017e\u0016$(/[3wK\u0006+H\u000f[8sSj,G-V:feR\u0019q0!\u0006\u0011\t\u0005\u0005\u00111\u0001\u0007\u0001\t\u001d\t)\u0001\fb\u0001\u0003\u000f\u0011\u0011!V\t\u0005\u0003\u0013\ty\u0001E\u0002\u0010\u0003\u0017I1!!\u0004\u0011\u0005\u001dqu\u000e\u001e5j]\u001e\u00042!PA\t\u0013\r\t\u0019B\u0010\u0002\u000b\u001f\u0006+H\u000f\u001b\u001aVg\u0016\u0014\bBBA\fy\u0002\u0007q/A\u0003u_.,g\u000e\u0003\u0004\u0002\u001c1\"\tB[\u0001\u001be\u0016$XO\u001d8fI\u0006+H\u000f[3oi&\u001c\u0017\r^5p]\u000e{G-\u001a\u0005\b\u0003?ac\u0011CA\u0011\u0003I\u0019\u0018M^3BkRDwN]5{K\u0012,6/\u001a:\u0015\u0007Y\n\u0019\u0003C\u0004\u0002&\u0005u\u0001\u0019A@\u0002\tU\u001cXM\u001d\u0005\b\u0003SaC\u0011CA\u0016\u0003YA\u0017M\u001c3mK^CWM\\\"pI\u0016tu\u000e\u001e$pk:$GCAA\u0017!\ry\u0011qF\u0005\u0004\u0003c\u0001\"aA!os\"9\u0011Q\u0007\u0017\u0005\u0012\u0005-\u0012A\b5b]\u0012dWm\u00165f]&sg/\u00197jIN#\u0018\r^3EKR,7\r^3e\u0011\u001d\tI\u0004\fC\t\u0003W\tQ\u0003[1oI2,w\u000b[3o\u0019><\u0017N\u001c$bS2,G\rC\u0004\u0002>12\t\"a\u000b\u00021!\fg\u000e\u001a7f/\",g\u000eT8hS:\u001cVoY2fK\u0012,G\rC\u0004\u0002B1\"\t!a\u0011\u0002\u001b1|w-\u001b8SK\u0012L'/Z2u+\t\ti\u0003C\u0004\u0002H1\"\t!a\u0011\u0002\u0011\r\fG\u000e\u001c2bG.\u0004")
/* loaded from: input_file:skinny/controller/feature/OAuth2LoginFeature.class */
public interface OAuth2LoginFeature<U extends OAuth2User> extends SkinnyControllerBase {
    static String DEFAULT_SESSION_OAUTH2_STATE_NAME() {
        return OAuth2LoginFeature$.MODULE$.DEFAULT_SESSION_OAUTH2_STATE_NAME();
    }

    static String DEFAULT_CLIENT_SECRET_ENV_NAME_PREFIX() {
        return OAuth2LoginFeature$.MODULE$.DEFAULT_CLIENT_SECRET_ENV_NAME_PREFIX();
    }

    static String DEFAULT_CLIENT_ID_ENV_NAME_PREFIX() {
        return OAuth2LoginFeature$.MODULE$.DEFAULT_CLIENT_ID_ENV_NAME_PREFIX();
    }

    OAuth2Provider provider();

    default String clientIdEnvName() {
        return new StringBuilder(1).append(OAuth2LoginFeature$.MODULE$.DEFAULT_CLIENT_ID_ENV_NAME_PREFIX()).append("_").append(provider().providerName().toUpperCase(Locale.ENGLISH)).toString();
    }

    default String clientSecretEnvName() {
        return new StringBuilder(1).append(OAuth2LoginFeature$.MODULE$.DEFAULT_CLIENT_SECRET_ENV_NAME_PREFIX()).append("_").append(provider().providerName().toUpperCase(Locale.ENGLISH)).toString();
    }

    default String sessionOAuth2StateName() {
        return OAuth2LoginFeature$.MODULE$.DEFAULT_SESSION_OAUTH2_STATE_NAME();
    }

    default String clientId() {
        return (String) package$.MODULE$.env().apply(clientIdEnvName());
    }

    default String clientSecret() {
        return (String) package$.MODULE$.env().apply(clientSecretEnvName());
    }

    default String generateStateValue() {
        return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps((Object[]) new ArrayOps.ofByte(Predef$.MODULE$.byteArrayOps(MessageDigest.getInstance("MD5").digest(new StringBuilder(1).append(session(skinnyContext(servletContext())).getId()).append("-").append(System.currentTimeMillis()).toString().getBytes()))).map(obj -> {
            return $anonfun$generateStateValue$1(BoxesRunTime.unboxToByte(obj));
        }, Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(String.class))))).mkString();
    }

    default String state() {
        return (String) enrichSession(session(skinnyContext(servletContext()))).get(sessionOAuth2StateName()).map(obj -> {
            return obj.toString();
        }).getOrElse(() -> {
            String generateStateValue = this.generateStateValue();
            this.session(this.skinnyContext(this.servletContext())).setAttribute(this.sessionOAuth2StateName(), generateStateValue);
            return generateStateValue;
        });
    }

    default String scope() {
        return null;
    }

    String redirectURI();

    default AuthenticationRequest createAuthenticationRequest() {
        AuthenticationRequest redirectURI = new AuthenticationRequest(provider()).clientId(clientId()).responseType(ResponseType$.MODULE$.Code()).state(state()).redirectURI(redirectURI());
        return scope() != null ? redirectURI.scope(scope()) : redirectURI;
    }

    default Option<String> returnedState() {
        return params(skinnyContext(servletContext())).get("state");
    }

    default boolean isReturnedStateValid() {
        logger().debug(() -> {
            return new StringBuilder(59).append("OAuth2 state parameter verification -> actual: ").append(this.returnedState()).append(", expected: ").append(this.state()).toString();
        });
        return returnedState().exists(str -> {
            return BoxesRunTime.boxToBoolean($anonfun$isReturnedStateValid$2(this, str));
        });
    }

    default OAuth2Token retrieveNewAccessToken(String str) {
        return OAuth2Client$.MODULE$.accessToken(new AccessTokenRequest(provider()).grantType(GrantType$.MODULE$.AuthorizationCode()).clientId(clientId()).clientSecret(clientSecret()).code(str).redirectURI(redirectURI())).oAuthToken();
    }

    U retrieveAuthorizedUser(OAuth2Token oAuth2Token);

    default Option<String> returnedAuthenticationCode() {
        return params(skinnyContext(servletContext())).get("code");
    }

    void saveAuthorizedUser(U u);

    default Object handleWhenCodeNotFound() {
        return handleWhenLoginFailed();
    }

    default Object handleWhenInvalidStateDetected() {
        return handleWhenLoginFailed();
    }

    default Object handleWhenLoginFailed() {
        return haltWithBody(401, skinnyContext(servletContext()), haltWithBody$default$3(401));
    }

    Object handleWhenLoginSucceeded();

    default Object loginRedirect() {
        return redirect(createAuthenticationRequest().locationURI(), skinnyContext(servletContext()));
    }

    default Object callback() {
        return isReturnedStateValid() ? returnedAuthenticationCode().map(str -> {
            this.logger().debug(() -> {
                return new StringBuilder(27).append("OAuth2 authorization code: ").append(str).toString();
            });
            OAuth2Token retrieveNewAccessToken = this.retrieveNewAccessToken(str);
            this.logger().debug(() -> {
                return new StringBuilder(21).append("OAuth2 access token: ").append(this.toPrettyJSONStringAsIs(retrieveNewAccessToken.underlying())).toString();
            });
            this.saveAuthorizedUser(this.retrieveAuthorizedUser(retrieveNewAccessToken));
            return this.handleWhenLoginSucceeded();
        }).getOrElse(() -> {
            return this.handleWhenCodeNotFound();
        }) : handleWhenInvalidStateDetected();
    }

    static /* synthetic */ String $anonfun$generateStateValue$1(byte b) {
        return new StringOps(Predef$.MODULE$.augmentString("%02x")).format(Predef$.MODULE$.genericWrapArray(new Object[]{BoxesRunTime.boxToByte(b)}));
    }

    static /* synthetic */ boolean $anonfun$isReturnedStateValid$2(OAuth2LoginFeature oAuth2LoginFeature, String str) {
        String state = oAuth2LoginFeature.state();
        return str != null ? str.equals(state) : state == null;
    }

    static void $init$(OAuth2LoginFeature oAuth2LoginFeature) {
    }
}
