package io.onfhir.authz;

import akka.Done;
import akka.Done$;
import akka.http.caching.LfuCache$;
import akka.http.caching.scaladsl.Cache;
import akka.http.caching.scaladsl.CachingSettings;
import akka.http.caching.scaladsl.CachingSettings$;
import akka.http.caching.scaladsl.LfuCacheSettings;
import akka.http.scaladsl.model.headers.Authorization;
import akka.http.scaladsl.model.headers.OAuth2BearerToken;
import akka.http.scaladsl.server.Directive;
import akka.http.scaladsl.server.Directive$;
import akka.http.scaladsl.server.Directive$SingleValueTransformers$;
import akka.http.scaladsl.server.directives.BasicDirectives$;
import akka.http.scaladsl.server.directives.Credentials;
import akka.http.scaladsl.server.directives.HeaderDirectives$;
import akka.http.scaladsl.server.directives.HeaderMagnet$;
import akka.http.scaladsl.server.directives.MiscDirectives$;
import akka.http.scaladsl.server.util.Tuple$;
import io.onfhir.Onfhir$;
import io.onfhir.config.OnfhirConfig$;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Some;
import scala.Tuple1;
import scala.Tuple2;
import scala.collection.immutable.List;
import scala.concurrent.Await$;
import scala.concurrent.ExecutionContextExecutor;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.concurrent.duration.Duration$;
import scala.reflect.ClassTag$;
import scala.runtime.BoxedUnit;
import scala.util.Try$;

/* compiled from: AuthManager.scala */
/* loaded from: input_file:io/onfhir/authz/AuthManager$.class */
public final class AuthManager$ {
    public static AuthManager$ MODULE$;
    private final ExecutionContextExecutor executionContext;
    private final Logger logger;
    private final CachingSettings defaultCachingSettings;
    private final LfuCacheSettings lfuCacheSettings;
    private final CachingSettings cachingSettings;
    private final Cache<String, AuthzContext> authzContextCache;

    static {
        new AuthManager$();
    }

    public ExecutionContextExecutor executionContext() {
        return this.executionContext;
    }

    private Logger logger() {
        return this.logger;
    }

    public final String PARAM_NETWORK_ADDRESS() {
        return "networkAddress";
    }

    private CachingSettings defaultCachingSettings() {
        return this.defaultCachingSettings;
    }

    private LfuCacheSettings lfuCacheSettings() {
        return this.lfuCacheSettings;
    }

    private CachingSettings cachingSettings() {
        return this.cachingSettings;
    }

    public Cache<String, AuthzContext> authzContextCache() {
        return this.authzContextCache;
    }

    public Option<Done> authenticateForInternalApi(Credentials credentials) {
        if (OnfhirConfig$.MODULE$.internalApiAuthenticate()) {
            return credentials instanceof Credentials.Provided ? None$.MODULE$ : None$.MODULE$;
        }
        return new Some(Done$.MODULE$);
    }

    public Directive<Tuple1<Tuple2<AuthContext, Option<AuthzContext>>>> authenticate() {
        return Directive$SingleValueTransformers$.MODULE$.flatMap$extension(Directive$.MODULE$.SingleValueTransformers(HeaderDirectives$.MODULE$.optionalHeaderValueByType(HeaderMagnet$.MODULE$.fromUnitNormalHeader(BoxedUnit.UNIT, ClassTag$.MODULE$.apply(Authorization.class)))), option -> {
            return Directive$SingleValueTransformers$.MODULE$.flatMap$extension(Directive$.MODULE$.SingleValueTransformers(MODULE$.clientIP()), str -> {
                Option<String> token = MODULE$.getToken(option);
                String authorizationMethod = OnfhirConfig$.MODULE$.authzConfig().authorizationMethod();
                if (authorizationMethod != null ? authorizationMethod.equals("none") : "none" == 0) {
                    return BasicDirectives$.MODULE$.provide(new Tuple2(new AuthContext(token, str), None$.MODULE$));
                }
                MODULE$.logger().debug("Authenticating the request ...");
                return BasicDirectives$.MODULE$.provide(new Tuple2(new AuthContext(token, str), token.map(str -> {
                    return MODULE$.resolveToken(str, AuthzConfigurationManager$.MODULE$.authorizationHandler().furtherParamsInAuthzContext());
                })));
            }, Tuple$.MODULE$.forTuple1());
        }, Tuple$.MODULE$.forTuple1());
    }

    private Directive<Tuple1<String>> clientIP() {
        return Directive$SingleValueTransformers$.MODULE$.flatMap$extension(Directive$.MODULE$.SingleValueTransformers(MiscDirectives$.MODULE$.extractClientIP()), remoteAddress -> {
            return BasicDirectives$.MODULE$.provide(remoteAddress.toOption().map(inetAddress -> {
                return inetAddress.getHostAddress();
            }).getOrElse(() -> {
                return "unknown";
            }));
        }, Tuple$.MODULE$.forTuple1()).recoverPF(new AuthManager$$anonfun$clientIP$4(), Tuple$.MODULE$.forTuple1());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AuthzContext resolveToken(String str, List<String> list) {
        return (AuthzContext) Try$.MODULE$.apply(() -> {
            Future flatMap;
            Await$ await$ = Await$.MODULE$;
            Some some = MODULE$.authzContextCache().get(str);
            if (None$.MODULE$.equals(some)) {
                MODULE$.logger().debug("Resolving access token ...");
                flatMap = MODULE$.authzContextCache().apply(str, () -> {
                    return AuthzConfigurationManager$.MODULE$.tokenResolver().resolveToken(str, list);
                });
            } else {
                if (!(some instanceof Some)) {
                    throw new MatchError(some);
                }
                flatMap = ((Future) some.value()).flatMap(authzContext -> {
                    if (!authzContext.isExpired()) {
                        return Future$.MODULE$.apply(() -> {
                            return authzContext;
                        }, MODULE$.executionContext());
                    }
                    MODULE$.logger().debug("Access token expired ...");
                    MODULE$.authzContextCache().remove(str);
                    return Future$.MODULE$.apply(() -> {
                        return new AuthzContext(false, AuthzContext$.MODULE$.apply$default$2(), AuthzContext$.MODULE$.apply$default$3(), AuthzContext$.MODULE$.apply$default$4(), AuthzContext$.MODULE$.apply$default$5(), AuthzContext$.MODULE$.apply$default$6(), AuthzContext$.MODULE$.apply$default$7(), AuthzContext$.MODULE$.apply$default$8(), new Some("Token expired..."));
                    }, MODULE$.executionContext());
                }, MODULE$.executionContext());
            }
            return (AuthzContext) await$.result(flatMap, Duration$.MODULE$.apply(3000L, TimeUnit.MILLISECONDS));
        }).getOrElse(() -> {
            return new AuthzContext(false, AuthzContext$.MODULE$.apply$default$2(), AuthzContext$.MODULE$.apply$default$3(), AuthzContext$.MODULE$.apply$default$4(), AuthzContext$.MODULE$.apply$default$5(), AuthzContext$.MODULE$.apply$default$6(), AuthzContext$.MODULE$.apply$default$7(), AuthzContext$.MODULE$.apply$default$8(), new Some("Problem while introspecting/processing the access token..."));
        });
    }

    private Option<String> getToken(Option<Authorization> option) {
        return option.flatMap(authorization -> {
            OAuth2BearerToken credentials = authorization.credentials();
            return credentials instanceof OAuth2BearerToken ? new Some(credentials.token()) : None$.MODULE$;
        });
    }

    private AuthManager$() {
        MODULE$ = this;
        this.executionContext = Onfhir$.MODULE$.actorSystem().dispatcher();
        this.logger = LoggerFactory.getLogger(getClass());
        this.defaultCachingSettings = (CachingSettings) CachingSettings$.MODULE$.apply(Onfhir$.MODULE$.actorSystem());
        this.lfuCacheSettings = defaultCachingSettings().lfuCacheSettings().withInitialCapacity(OnfhirConfig$.MODULE$.authzConfig().tokenCachingInitialCapacity()).withMaxCapacity(OnfhirConfig$.MODULE$.authzConfig().tokenCachingMaxCapacity()).withTimeToLive(OnfhirConfig$.MODULE$.authzConfig().tokenCachingTTL()).withTimeToIdle(OnfhirConfig$.MODULE$.authzConfig().tokenCachingIdle());
        this.cachingSettings = defaultCachingSettings().withLfuCacheSettings(lfuCacheSettings());
        this.authzContextCache = LfuCache$.MODULE$.apply(cachingSettings());
    }
}
