package net.shrine.dashboard.jwtauth;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.TextCodec;
import java.net.InetAddress;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import net.shrine.crypto.BouncyKeyStoreCollection;
import net.shrine.crypto.DownStreamCertCollection;
import net.shrine.crypto.HubCertCollection;
import net.shrine.crypto.KeyStoreEntry;
import net.shrine.crypto.PeerCertCollection;
import net.shrine.crypto.RemoteSite;
import net.shrine.dashboard.KeyStoreInfo$;
import net.shrine.i2b2.protocol.pm.User;
import net.shrine.log.Loggable;
import org.apache.log4j.Logger;
import scala.Function0;
import scala.Function1;
import scala.MatchError;
import scala.Predef$;
import scala.StringContext;
import scala.UninitializedFieldError;
import scala.collection.immutable.List$;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.package$;
import scala.runtime.BoxedUnit;
import scala.util.Either;
import scala.util.Try;
import scala.util.Try$;
import spray.http.HttpChallenge;
import spray.http.HttpChallenge$;
import spray.http.HttpHeader;
import spray.http.HttpHeaders;
import spray.http.HttpHeaders$WWW$minusAuthenticate$;
import spray.http.HttpRequest;
import spray.http.OAuth2BearerToken;
import spray.routing.AuthenticationFailedRejection;
import spray.routing.AuthenticationFailedRejection$CredentialsMissing$;
import spray.routing.AuthenticationFailedRejection$CredentialsRejected$;
import spray.routing.Rejection;
import spray.routing.RequestContext;

/* compiled from: ShrineJwtAuthenticator.scala */
/* loaded from: input_file:net/shrine/dashboard/jwtauth/ShrineJwtAuthenticator$.class */
public final class ShrineJwtAuthenticator$ implements Loggable {
    public static final ShrineJwtAuthenticator$ MODULE$ = null;
    private final BouncyKeyStoreCollection certCollection;
    private final String BearerAuthScheme;
    private final HttpHeaders.WWW.minusAuthenticate challengeHeader;
    private final Either<Rejection, User> missingCredentials;
    private final Either<Rejection, User> rejectedCredentials;
    private final Logger net$shrine$log$Loggable$$internalLogger;
    private volatile byte bitmap$init$0;
    private volatile boolean bitmap$0;

    static {
        new ShrineJwtAuthenticator$();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v5 */
    private Logger net$shrine$log$Loggable$$internalLogger$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.net$shrine$log$Loggable$$internalLogger = Loggable.class.net$shrine$log$Loggable$$internalLogger(this);
                this.bitmap$0 = true;
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.net$shrine$log$Loggable$$internalLogger;
        }
    }

    public Logger net$shrine$log$Loggable$$internalLogger() {
        return this.bitmap$0 ? this.net$shrine$log$Loggable$$internalLogger : net$shrine$log$Loggable$$internalLogger$lzycompute();
    }

    public Logger logger() {
        return Loggable.class.logger(this);
    }

    public final boolean debugEnabled() {
        return Loggable.class.debugEnabled(this);
    }

    public final boolean infoEnabled() {
        return Loggable.class.infoEnabled(this);
    }

    public void debug(Function0<Object> function0) {
        Loggable.class.debug(this, function0);
    }

    public final void debug(Function0<Object> function0, Throwable th) {
        Loggable.class.debug(this, function0, th);
    }

    public void info(Function0<Object> function0) {
        Loggable.class.info(this, function0);
    }

    public final void info(Function0<Object> function0, Throwable th) {
        Loggable.class.info(this, function0, th);
    }

    public void warn(Function0<Object> function0) {
        Loggable.class.warn(this, function0);
    }

    public final void warn(Function0<Object> function0, Throwable th) {
        Loggable.class.warn(this, function0, th);
    }

    public void error(Function0<Object> function0) {
        Loggable.class.error(this, function0);
    }

    public final void error(Function0<Object> function0, Throwable th) {
        Loggable.class.error(this, function0, th);
    }

    public BouncyKeyStoreCollection certCollection() {
        if (((byte) (this.bitmap$init$0 & 1)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: ShrineJwtAuthenticator.scala: 32");
        }
        BouncyKeyStoreCollection bouncyKeyStoreCollection = this.certCollection;
        return this.certCollection;
    }

    public Function1<RequestContext, Future<Either<Rejection, User>>> authenticate(ExecutionContext executionContext) {
        return new ShrineJwtAuthenticator$$anonfun$authenticate$1(executionContext);
    }

    public OAuth2BearerToken createOAuthCredentials(User user, String str) {
        KeyStoreEntry keyStoreEntry;
        HubCertCollection certCollection = certCollection();
        if (certCollection instanceof HubCertCollection) {
            keyStoreEntry = certCollection.myEntry();
        } else if (certCollection instanceof DownStreamCertCollection) {
            keyStoreEntry = ((DownStreamCertCollection) certCollection).myEntry();
        } else {
            if (!(certCollection instanceof PeerCertCollection)) {
                throw new MatchError(certCollection);
            }
            keyStoreEntry = (KeyStoreEntry) ((RemoteSite) ((PeerCertCollection) certCollection).remoteSites().find(new ShrineJwtAuthenticator$$anonfun$3(str)).get()).entry().get();
        }
        return new OAuth2BearerToken(Jwts.builder().setHeaderParam("kid", TextCodec.BASE64URL.encode(keyStoreEntry.cert().getEncoded())).setSubject(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", " at ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{user.username(), user.domain()}))).setIssuer(InetAddress.getLocalHost().getHostName()).setExpiration(new Date(System.currentTimeMillis() + 30000)).signWith(SignatureAlgorithm.RS512, (PrivateKey) certCollection().myEntry().privateKey().get()).compact());
    }

    public Try<HttpHeader> extractAuthorizationHeader(HttpRequest httpRequest) {
        return Try$.MODULE$.apply(new ShrineJwtAuthenticator$$anonfun$extractAuthorizationHeader$1(httpRequest));
    }

    public Try<String> extractJwtsStringAndCheckScheme(HttpHeader httpHeader) {
        return Try$.MODULE$.apply(new ShrineJwtAuthenticator$$anonfun$extractJwtsStringAndCheckScheme$1(httpHeader));
    }

    public Try<Jws<Claims>> extractJwtsClaims(String str) {
        return Try$.MODULE$.apply(new ShrineJwtAuthenticator$$anonfun$extractJwtsClaims$1(str));
    }

    public Try<X509Certificate> extractAndCheckCert(Jws<Claims> jws) {
        return Try$.MODULE$.apply(new ShrineJwtAuthenticator$$anonfun$extractAndCheckCert$1(jws));
    }

    public <E> Try<E> failIfNull(E e, Throwable th) {
        return Try$.MODULE$.apply(new ShrineJwtAuthenticator$$anonfun$failIfNull$1(e, th));
    }

    public String BearerAuthScheme() {
        if (((byte) (this.bitmap$init$0 & 2)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: ShrineJwtAuthenticator.scala: 183");
        }
        String str = this.BearerAuthScheme;
        return this.BearerAuthScheme;
    }

    public HttpHeaders.WWW.minusAuthenticate challengeHeader() {
        if (((byte) (this.bitmap$init$0 & 4)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: ShrineJwtAuthenticator.scala: 184");
        }
        HttpHeaders.WWW.minusAuthenticate minusauthenticate = this.challengeHeader;
        return this.challengeHeader;
    }

    public Either<Rejection, User> missingCredentials() {
        if (((byte) (this.bitmap$init$0 & 8)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: ShrineJwtAuthenticator.scala: 185");
        }
        Either<Rejection, User> either = this.missingCredentials;
        return this.missingCredentials;
    }

    public Either<Rejection, User> rejectedCredentials() {
        if (((byte) (this.bitmap$init$0 & 16)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: ShrineJwtAuthenticator.scala: 186");
        }
        Either<Rejection, User> either = this.rejectedCredentials;
        return this.rejectedCredentials;
    }

    private ShrineJwtAuthenticator$() {
        MODULE$ = this;
        Loggable.class.$init$(this);
        this.certCollection = KeyStoreInfo$.MODULE$.certCollection();
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 1);
        this.BearerAuthScheme = "Bearer";
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 2);
        this.challengeHeader = HttpHeaders$WWW$minusAuthenticate$.MODULE$.apply(new HttpChallenge(BearerAuthScheme(), "dashboard-to-dashboard", HttpChallenge$.MODULE$.apply$default$3()), Predef$.MODULE$.wrapRefArray(new HttpChallenge[0]));
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 4);
        this.missingCredentials = package$.MODULE$.Left().apply(new AuthenticationFailedRejection(AuthenticationFailedRejection$CredentialsMissing$.MODULE$, List$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new HttpHeaders.WWW.minusAuthenticate[]{challengeHeader()}))));
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 8);
        this.rejectedCredentials = package$.MODULE$.Left().apply(new AuthenticationFailedRejection(AuthenticationFailedRejection$CredentialsRejected$.MODULE$, List$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new HttpHeaders.WWW.minusAuthenticate[]{challengeHeader()}))));
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 16);
    }
}
