package pl.touk.nussknacker.ui.security.oauth2;

import cats.data.NonEmptyList;
import cats.data.NonEmptyList$;
import cats.data.Validated;
import io.circe.Decoder;
import java.security.PublicKey;
import java.util.NoSuchElementException;
import pl.touk.nussknacker.ui.security.oauth2.JwtStandardClaims;
import pl.touk.nussknacker.ui.security.oauth2.OAuth2AuthorizationData;
import pl.touk.nussknacker.ui.security.oauth2.OAuth2ErrorHandler;
import scala.MatchError;
import scala.Option;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.concurrent.duration.Deadline;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;

/* compiled from: JwtOAuth2Service.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005=c\u0001\u0002\b\u0010\u0001qA\u0011\"\u0011\u0001\u0003\u0002\u0003\u0006IAQ#\t\u0011\u0019\u0003!\u0011!Q\u0001\n\u001dC\u0001B\u0013\u0001\u0003\u0004\u0003\u0006Ya\u0013\u0005\t5\u0002\u0011\t\u0011)A\u00067\")\u0011\r\u0001C\u0001E\"9\u0011\u000e\u0001b\u0001\n#Q\u0007B\u00028\u0001A\u0003%1\u000eC\u0004p\u0001\t\u0007I\u0011\u00039\t\r}\u0004\u0001\u0015!\u0003r\u0011)\t\t\u0001\u0001EC\u0002\u0013E\u00111\u0001\u0005\b\u0003\u0017\u0001A\u0011CA\u0007\u0011\u001d\tI\u0003\u0001C!\u0003WAq!!\u0011\u0001\t#\n\u0019E\u0001\tKoR|\u0015)\u001e;ieM+'O^5dK*\u0011\u0001#E\u0001\u0007_\u0006,H\u000f\u001b\u001a\u000b\u0005I\u0019\u0012\u0001C:fGV\u0014\u0018\u000e^=\u000b\u0005Q)\u0012AA;j\u0015\t1r#A\u0006okN\u001c8N\\1dW\u0016\u0014(B\u0001\r\u001a\u0003\u0011!x.^6\u000b\u0003i\t!\u0001\u001d7\u0004\u0001U!Q\u0004J\u0019U'\r\u0001ad\u000e\t\u0005?\u0001\u0012\u0003'D\u0001\u0010\u0013\t\tsBA\tCCN,w*Q;uQJ\u001aVM\u001d<jG\u0016\u0004\"a\t\u0013\r\u0001\u0011)Q\u0005\u0001b\u0001M\taQk]3s\u0013:4w\u000eR1uCF\u0011q%\f\t\u0003Q-j\u0011!\u000b\u0006\u0002U\u0005)1oY1mC&\u0011A&\u000b\u0002\b\u001d>$\b.\u001b8h!\tAc&\u0003\u00020S\t\u0019\u0011I\\=\u0011\u0005\r\nD!\u0002\u001a\u0001\u0005\u0004\u0019$!E!vi\"|'/\u001b>bi&|g\u000eR1uCF\u0011q\u0005\u000e\t\u0003?UJ!AN\b\u0003/=\u000bU\u000f\u001e53\u0003V$\bn\u001c:ju\u0006$\u0018n\u001c8ECR\f\u0007C\u0001\u001d@\u001b\u0005I$B\u0001\u001e<\u00031\u00198-\u00197bY><w-\u001b8h\u0015\taT(\u0001\u0005usB,7/\u00194f\u0015\u0005q\u0014aA2p[&\u0011\u0001)\u000f\u0002\f\u0019\u0006T\u0018\u0010T8hO&tw-A\u0005dY&,g\u000e^!qSB!qd\u0011\u00121\u0013\t!uBA\bP\u0003V$\bNM\"mS\u0016tG/\u00119j\u0013\t\t\u0005%A\u0007d_:4\u0017nZ;sCRLwN\u001c\t\u0003?!K!!S\b\u0003'=\u000bU\u000f\u001e53\u0007>tg-[4ve\u0006$\u0018n\u001c8\u0002\u0015\u00154\u0018\u000eZ3oG\u0016$\u0013\u0007E\u0002M#Nk\u0011!\u0014\u0006\u0003\u001d>\u000bQaY5sG\u0016T\u0011\u0001U\u0001\u0003S>L!AU'\u0003\u000f\u0011+7m\u001c3feB\u00111\u0005\u0016\u0003\u0006+\u0002\u0011\rA\u0016\u0002\u0012\u0003\u000e\u001cWm]:U_.,gn\u00117bS6\u001c\u0018CA\u0014X!\ty\u0002,\u0003\u0002Z\u001f\t\t\"j\u001e;Ti\u0006tG-\u0019:e\u00072\f\u0017.\\:\u0002\u0005\u0015\u001c\u0007C\u0001/`\u001b\u0005i&B\u00010*\u0003)\u0019wN\\2veJ,g\u000e^\u0005\u0003Av\u0013\u0001#\u0012=fGV$\u0018n\u001c8D_:$X\r\u001f;\u0002\rqJg.\u001b;?)\r\u0019w\r\u001b\u000b\u0004I\u00164\u0007#B\u0010\u0001EA\u001a\u0006\"\u0002&\u0006\u0001\bY\u0005\"\u0002.\u0006\u0001\bY\u0006\"B!\u0006\u0001\u0004\u0011\u0005\"\u0002$\u0006\u0001\u00049\u0015\u0001E1dG\u0016\u001c8\u000fV8lK:L5OS<u+\u0005Y\u0007C\u0001\u0015m\u0013\ti\u0017FA\u0004C_>dW-\u00198\u0002#\u0005\u001c7-Z:t)>\\WM\\%t\u0015^$\b%A\u000esKF,\u0018N]3e\u0003\u000e\u001cWm]:U_.,g.Q;eS\u0016t7-Z\u000b\u0002cB\u0019\u0001F\u001d;\n\u0005ML#AB(qi&|g\u000e\u0005\u0002vy:\u0011aO\u001f\t\u0003o&j\u0011\u0001\u001f\u0006\u0003sn\ta\u0001\u0010:p_Rt\u0014BA>*\u0003\u0019\u0001&/\u001a3fM&\u0011QP \u0002\u0007'R\u0014\u0018N\\4\u000b\u0005mL\u0013\u0001\b:fcVL'/\u001a3BG\u000e,7o\u001d+pW\u0016t\u0017)\u001e3jK:\u001cW\rI\u0001\rU^$h+\u00197jI\u0006$xN]\u000b\u0003\u0003\u000b\u00012aHA\u0004\u0013\r\tIa\u0004\u0002\r\u0015^$h+\u00197jI\u0006$xN]\u0001\u0013S:$(o\\:qK\u000e$(j\u001e;U_.,g.\u0006\u0003\u0002\u0010\u0005mA\u0003BA\t\u0003K!B!a\u0005\u0002 A)A,!\u0006\u0002\u001a%\u0019\u0011qC/\u0003\r\u0019+H/\u001e:f!\r\u0019\u00131\u0004\u0003\u0007\u0003;Y!\u0019\u0001\u0014\u0003\r\rc\u0017-[7t\u0011%\t\tcCA\u0001\u0002\b\t\u0019#\u0001\u0006fm&$WM\\2fII\u0002B\u0001T)\u0002\u001a!1\u0011qE\u0006A\u0002Q\fQ\u0001^8lK:\fQ#\u001b8ue>\u001c\b/Z2u\u0003\u000e\u001cWm]:U_.,g\u000e\u0006\u0003\u0002.\u0005u\u0002#\u0002/\u0002\u0016\u0005=\u0002\u0003\u0002\u0015s\u0003c\u0001B!a\r\u0002:5\u0011\u0011Q\u0007\u0006\u0004\u0003oi\u0016\u0001\u00033ve\u0006$\u0018n\u001c8\n\t\u0005m\u0012Q\u0007\u0002\t\t\u0016\fG\r\\5oK\"1\u0011q\b\u0007A\u0002Q\f1\"Y2dKN\u001cHk\\6f]\u0006\u0019rN\u0019;bS:\fU\u000f\u001e5pe&T\u0018\r^5p]R1\u0011QIA$\u0003\u0017\u0002B\u0001XA\u000ba!1\u0011\u0011J\u0007A\u0002Q\f\u0011#Y;uQ>\u0014\u0018N_1uS>t7i\u001c3f\u0011\u0019\ti%\u0004a\u0001i\u0006Y!/\u001a3je\u0016\u001cG/\u0016:j\u0001")
/* loaded from: input_file:pl/touk/nussknacker/ui/security/oauth2/JwtOAuth2Service.class */
public class JwtOAuth2Service<UserInfoData, AuthorizationData extends OAuth2AuthorizationData, AccessTokenClaims extends JwtStandardClaims> extends BaseOAuth2Service<UserInfoData, AuthorizationData> {
    private JwtValidator jwtValidator;
    private final OAuth2Configuration configuration;
    private final Decoder<AccessTokenClaims> evidence$1;
    private final ExecutionContext ec;
    private final boolean accessTokenIsJwt;
    private final Option<String> requiredAccessTokenAudience;
    private volatile boolean bitmap$0;

    public boolean accessTokenIsJwt() {
        return this.accessTokenIsJwt;
    }

    public Option<String> requiredAccessTokenAudience() {
        return this.requiredAccessTokenAudience;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8, types: [pl.touk.nussknacker.ui.security.oauth2.JwtOAuth2Service] */
    private JwtValidator jwtValidator$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.jwtValidator = new JwtValidator(option -> {
                    return (PublicKey) this.configuration.jwt().flatMap(jwtConfiguration -> {
                        return jwtConfiguration.mo63authServerPublicKey();
                    }).getOrElse(() -> {
                        throw new NoSuchElementException("JWT configuration not found");
                    });
                });
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        return this.jwtValidator;
    }

    public JwtValidator jwtValidator() {
        return !this.bitmap$0 ? jwtValidator$lzycompute() : this.jwtValidator;
    }

    public <Claims> Future<Claims> introspectJwtToken(String str, Decoder<Claims> decoder) {
        Future<Claims> failed;
        Validated.Valid introspect = jwtValidator().introspect(str, decoder);
        if (introspect instanceof Validated.Valid) {
            failed = Future$.MODULE$.successful(introspect.a());
        } else {
            if (!(introspect instanceof Validated.Invalid)) {
                throw new MatchError(introspect);
            }
            failed = Future$.MODULE$.failed(new OAuth2ErrorHandler.OAuth2CompoundException((NonEmptyList) ((Validated.Invalid) introspect).e()));
        }
        return failed;
    }

    @Override // pl.touk.nussknacker.ui.security.oauth2.BaseOAuth2Service
    public Future<Option<Deadline>> introspectAccessToken(String str) {
        return accessTokenIsJwt() ? Future$.MODULE$.apply(() -> {
            return str;
        }, this.ec).flatMap(str2 -> {
            return this.introspectJwtToken(str2, this.evidence$1);
        }, this.ec).flatMap(jwtStandardClaims -> {
            return (this.requiredAccessTokenAudience().isEmpty() || jwtStandardClaims.audienceAsList().exists(obj -> {
                return BoxesRunTime.boxToBoolean($anonfun$introspectAccessToken$4(this, obj));
            })) ? Future$.MODULE$.successful(jwtStandardClaims.expirationTime()) : Future$.MODULE$.failed(new OAuth2ErrorHandler.OAuth2CompoundException(NonEmptyList$.MODULE$.one(new OAuth2ErrorHandler.OAuth2AccessTokenRejection("Invalid audience claim"))));
        }, this.ec) : super.introspectAccessToken(str);
    }

    @Override // pl.touk.nussknacker.ui.security.oauth2.BaseOAuth2Service
    public Future<AuthorizationData> obtainAuthorization(String str, String str2) {
        return super.clientApi().accessTokenRequest(str, str2).andThen(new JwtOAuth2Service$$anonfun$obtainAuthorization$1(this), this.ec);
    }

    public static final /* synthetic */ boolean $anonfun$introspectAccessToken$4(JwtOAuth2Service jwtOAuth2Service, Object obj) {
        return jwtOAuth2Service.requiredAccessTokenAudience().contains(obj);
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public JwtOAuth2Service(OAuth2ClientApi<UserInfoData, AuthorizationData> oAuth2ClientApi, OAuth2Configuration oAuth2Configuration, Decoder<AccessTokenClaims> decoder, ExecutionContext executionContext) {
        super(oAuth2ClientApi, executionContext);
        this.configuration = oAuth2Configuration;
        this.evidence$1 = decoder;
        this.ec = executionContext;
        this.accessTokenIsJwt = oAuth2Configuration.jwt().exists(jwtConfiguration -> {
            return BoxesRunTime.boxToBoolean(jwtConfiguration.accessTokenIsJwt());
        });
        this.requiredAccessTokenAudience = oAuth2Configuration.jwt().flatMap(jwtConfiguration2 -> {
            return jwtConfiguration2.audience();
        });
    }
}
