package io.onfhir.authz;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.source.ImmutableSecret;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import io.onfhir.Onfhir$;
import io.onfhir.config.AuthzConfig;
import java.text.ParseException;
import scala.Option$;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.collection.JavaConverters$;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.TraversableOnce;
import scala.collection.immutable.List;
import scala.collection.immutable.List$;
import scala.collection.immutable.Nil$;
import scala.collection.mutable.ArrayOps;
import scala.collection.mutable.Buffer;
import scala.concurrent.ExecutionContextExecutor;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;
import scala.util.Try$;

/* compiled from: JWTResolver.scala */
@ScalaSignature(bytes = "\u0006\u0001A4A!\u0001\u0002\u0001\u0013\tY!j\u0016+SKN|GN^3s\u0015\t\u0019A!A\u0003bkRD'P\u0003\u0002\u0006\r\u00051qN\u001c4iSJT\u0011aB\u0001\u0003S>\u001c\u0001aE\u0002\u0001\u0015A\u0001\"a\u0003\b\u000e\u00031Q\u0011!D\u0001\u0006g\u000e\fG.Y\u0005\u0003\u001f1\u0011a!\u00118z%\u00164\u0007CA\t\u0013\u001b\u0005\u0011\u0011BA\n\u0003\u00059IEk\\6f]J+7o\u001c7wKJD\u0001\"\u0006\u0001\u0003\u0002\u0003\u0006IAF\u0001\fCV$\bN_\"p]\u001aLw\r\u0005\u0002\u001855\t\u0001D\u0003\u0002\u001a\t\u000511m\u001c8gS\u001eL!a\u0007\r\u0003\u0017\u0005+H\u000f\u001b>D_:4\u0017n\u001a\u0005\u0006;\u0001!\tAH\u0001\u0007y%t\u0017\u000e\u001e \u0015\u0005}\u0001\u0003CA\t\u0001\u0011\u0015)B\u00041\u0001\u0017\u0011\u001d\u0011\u0003A1A\u0005\u0004\r\n\u0001#\u001a=fGV$\u0018n\u001c8D_:$X\r\u001f;\u0016\u0003\u0011\u0002\"!\n\u0015\u000e\u0003\u0019R!a\n\u0007\u0002\u0015\r|gnY;se\u0016tG/\u0003\u0002*M\tAR\t_3dkRLwN\\\"p]R,\u0007\u0010^#yK\u000e,Ho\u001c:\t\r-\u0002\u0001\u0015!\u0003%\u0003E)\u00070Z2vi&|gnQ8oi\u0016DH\u000f\t\u0005\t[\u0001A)\u0019!C\u0001]\u0005a!n\u001e;Qe>\u001cWm]:peV\tq\u0006E\u00021smj\u0011!\r\u0006\u0003eM\nA\u0001\u001d:pG*\u0011A'N\u0001\u0004U^$(B\u0001\u001c8\u0003!q\u0017.\u001c2vg\u0012\u001c(\"\u0001\u001d\u0002\u0007\r|W.\u0003\u0002;c\tA2i\u001c8gS\u001e,(/\u00192mK*;F\u000b\u0015:pG\u0016\u001c8o\u001c:\u0011\u0005q\u0002U\"A\u001f\u000b\u0005Ir$BA 6\u0003\u0011Qwn]3\n\u0005\u0005k$aD*fGV\u0014\u0018\u000e^=D_:$X\r\u001f;\t\u000b\r\u0003A\u0011\t#\u0002\u0019I,7o\u001c7wKR{7.\u001a8\u0015\u0007\u0015[\u0005\fE\u0002&\r\"K!a\u0012\u0014\u0003\r\u0019+H/\u001e:f!\t\t\u0012*\u0003\u0002K\u0005\ta\u0011)\u001e;iu\u000e{g\u000e^3yi\")AJ\u0011a\u0001\u001b\u0006Y\u0011mY2fgN$vn[3o!\tqUK\u0004\u0002P'B\u0011\u0001\u000bD\u0007\u0002#*\u0011!\u000bC\u0001\u0007yI|w\u000e\u001e \n\u0005Qc\u0011A\u0002)sK\u0012,g-\u0003\u0002W/\n11\u000b\u001e:j]\u001eT!\u0001\u0016\u0007\t\u000fe\u0013\u0005\u0013!a\u00015\u0006ia-\u001e:uQ\u0016\u0014\b+\u0019:b[N\u00042a\u00171N\u001d\tafL\u0004\u0002Q;&\tQ\"\u0003\u0002`\u0019\u00059\u0001/Y2lC\u001e,\u0017BA1c\u0005\u0011a\u0015n\u001d;\u000b\u0005}c\u0001b\u00023\u0001#\u0003%\t%Z\u0001\u0017e\u0016\u001cx\u000e\u001c<f)>\\WM\u001c\u0013eK\u001a\fW\u000f\u001c;%eU\taM\u000b\u0002[O.\n\u0001\u000e\u0005\u0002j]6\t!N\u0003\u0002lY\u0006IQO\\2iK\u000e\\W\r\u001a\u0006\u0003[2\t!\"\u00198o_R\fG/[8o\u0013\ty'NA\tv]\u000eDWmY6fIZ\u000b'/[1oG\u0016\u0004")
/* loaded from: input_file:io/onfhir/authz/JWTResolver.class */
public class JWTResolver implements ITokenResolver {
    private ConfigurableJWTProcessor<SecurityContext> jwtProcessor;
    private final AuthzConfig authzConfig;
    private final ExecutionContextExecutor executionContext = Onfhir$.MODULE$.actorSystem().dispatcher();
    private volatile boolean bitmap$0;

    public ExecutionContextExecutor executionContext() {
        return this.executionContext;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8, types: [io.onfhir.authz.JWTResolver] */
    private ConfigurableJWTProcessor<SecurityContext> jwtProcessor$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
                JWSAlgorithm jWSAlgorithm = (JWSAlgorithm) this.authzConfig.jwtSignatureAlgorithm().get();
                if (JWSAlgorithm.Family.RSA.contains(jWSAlgorithm)) {
                    defaultJWTProcessor.setJWSKeySelector(new JWSVerificationKeySelector(jWSAlgorithm, new RemoteJWKSet(this.authzConfig.authzServerMetadata().jwks_uri().toURL())));
                } else if (JWSAlgorithm.Family.HMAC_SHA.contains(jWSAlgorithm)) {
                    defaultJWTProcessor.setJWSKeySelector(new JWSVerificationKeySelector(jWSAlgorithm, new ImmutableSecret(((String) this.authzConfig.jwtSignatureSecretKey().get()).getBytes())));
                }
                this.jwtProcessor = defaultJWTProcessor;
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        return this.jwtProcessor;
    }

    public ConfigurableJWTProcessor<SecurityContext> jwtProcessor() {
        return !this.bitmap$0 ? jwtProcessor$lzycompute() : this.jwtProcessor;
    }

    public Future<AuthzContext> resolveToken(String str, List<String> list) {
        return Future$.MODULE$.apply(() -> {
            AuthzContext authzContext;
            try {
                JWTClaimsSet process = this.jwtProcessor().process(str, (SecurityContext) null);
                Buffer buffer = (Buffer) JavaConverters$.MODULE$.asScalaBufferConverter(process.getAudience()).asScala();
                if (buffer.exists(str2 -> {
                    return BoxesRunTime.boxToBoolean($anonfun$resolveToken$2(this, str2));
                }) && process.getIssuer().equals(this.authzConfig.authzServerMetadata().issuer())) {
                    authzContext = new AuthzContext(true, buffer.find(str3 -> {
                        return BoxesRunTime.boxToBoolean($anonfun$resolveToken$3(this, str3));
                    }), (Seq) Try$.MODULE$.apply(() -> {
                        return Option$.MODULE$.apply(process.getStringClaim("scope"));
                    }).toOption().flatten(Predef$.MODULE$.$conforms()).map(str4 -> {
                        return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(str4.split(" "))).toSeq();
                    }).getOrElse(() -> {
                        return Seq$.MODULE$.empty();
                    }), Option$.MODULE$.apply(process.getExpirationTime()), buffer, Option$.MODULE$.apply(process.getSubject()), ((TraversableOnce) list.map(str5 -> {
                        return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(str5), process.getClaim(str5));
                    }, List$.MODULE$.canBuildFrom())).toMap(Predef$.MODULE$.$conforms()), Try$.MODULE$.apply(() -> {
                        return Option$.MODULE$.apply(process.getStringClaim("username"));
                    }).toOption().flatten(Predef$.MODULE$.$conforms()), AuthzContext$.MODULE$.apply$default$9());
                } else {
                    authzContext = new AuthzContext(false, AuthzContext$.MODULE$.apply$default$2(), AuthzContext$.MODULE$.apply$default$3(), AuthzContext$.MODULE$.apply$default$4(), AuthzContext$.MODULE$.apply$default$5(), AuthzContext$.MODULE$.apply$default$6(), AuthzContext$.MODULE$.apply$default$7(), AuthzContext$.MODULE$.apply$default$8(), new Some("Token is not valid, wrong issuer id or target aud !"));
                }
                return authzContext;
            } catch (ParseException e) {
                return new AuthzContext(false, AuthzContext$.MODULE$.apply$default$2(), AuthzContext$.MODULE$.apply$default$3(), AuthzContext$.MODULE$.apply$default$4(), AuthzContext$.MODULE$.apply$default$5(), AuthzContext$.MODULE$.apply$default$6(), AuthzContext$.MODULE$.apply$default$7(), AuthzContext$.MODULE$.apply$default$8(), new Some(new StringBuilder(26).append("Token is not a valid JWT! ").append(e.getMessage()).toString()));
            } catch (JOSEException e2) {
                return new AuthzContext(false, AuthzContext$.MODULE$.apply$default$2(), AuthzContext$.MODULE$.apply$default$3(), AuthzContext$.MODULE$.apply$default$4(), AuthzContext$.MODULE$.apply$default$5(), AuthzContext$.MODULE$.apply$default$6(), AuthzContext$.MODULE$.apply$default$7(), AuthzContext$.MODULE$.apply$default$8(), new Some(new StringBuilder(22).append("Token is not a valid! ").append(e2.getMessage()).toString()));
            } catch (BadJOSEException e3) {
                return new AuthzContext(false, AuthzContext$.MODULE$.apply$default$2(), AuthzContext$.MODULE$.apply$default$3(), AuthzContext$.MODULE$.apply$default$4(), AuthzContext$.MODULE$.apply$default$5(), AuthzContext$.MODULE$.apply$default$6(), AuthzContext$.MODULE$.apply$default$7(), AuthzContext$.MODULE$.apply$default$8(), new Some(new StringBuilder(22).append("Token is not a valid! ").append(e3.getMessage()).toString()));
            }
        }, executionContext());
    }

    public List<String> resolveToken$default$2() {
        return Nil$.MODULE$;
    }

    public static final /* synthetic */ boolean $anonfun$resolveToken$2(JWTResolver jWTResolver, String str) {
        return str.equals(jWTResolver.authzConfig.protectedResourceInformation().getID().getValue());
    }

    public static final /* synthetic */ boolean $anonfun$resolveToken$3(JWTResolver jWTResolver, String str) {
        return !str.equals(jWTResolver.authzConfig.protectedResourceInformation().getID().getValue());
    }

    public JWTResolver(AuthzConfig authzConfig) {
        this.authzConfig = authzConfig;
    }
}
