package skinny.controller.feature;

import java.security.MessageDigest;
import java.util.Locale;
import scala.Option;
import scala.Predef$;
import scala.collection.ArrayOps$;
import scala.collection.StringOps$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;
import scala.sys.package$;
import skinny.controller.SkinnyControllerBase;
import skinny.oauth2.client.AccessTokenRequest;
import skinny.oauth2.client.AuthenticationRequest;
import skinny.oauth2.client.GrantType$;
import skinny.oauth2.client.OAuth2Client$;
import skinny.oauth2.client.OAuth2Provider;
import skinny.oauth2.client.OAuth2Token;
import skinny.oauth2.client.OAuth2User;
import skinny.oauth2.client.ResponseType$;

/* compiled from: OAuth2LoginFeature.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005%s!\u0002\u0012$\u0011\u0003Qc!\u0002\u0017$\u0011\u0003i\u0003\"\u0002\u001b\u0002\t\u0003)\u0004b\u0002\u001c\u0002\u0005\u0004%\ta\u000e\u0005\u0007\u0001\u0006\u0001\u000b\u0011\u0002\u001d\t\u000f\u0005\u000b!\u0019!C\u0001o!1!)\u0001Q\u0001\naBqaQ\u0001C\u0002\u0013\u0005q\u0007\u0003\u0004E\u0003\u0001\u0006I\u0001\u000f\u0004\bY\r\u0002\n1!\u0001F\u0011\u0015Y\u0015\u0002\"\u0001M\u0011\u0015\u0001\u0016B\"\u0005R\u0011\u0015Q\u0016\u0002\"\u0005\\\u0011\u00151\u0017\u0002\"\u0005\\\u0011\u00159\u0017\u0002\"\u0005\\\u0011\u0015A\u0017\u0002\"\u0005\\\u0011\u0015I\u0017\u0002\"\u0005\\\u0011\u0015Q\u0017\u0002\"\u0005l\u0011\u0015a\u0017\u0002\"\u0005\\\u0011\u0015i\u0017\u0002\"\u0005\\\u0011\u0015q\u0017B\"\u0005\\\u0011\u0015y\u0017\u0002\"\u0005q\u0011\u0015!\u0018\u0002\"\u0005v\u0011\u0015I\u0018\u0002\"\u0005{\u0011\u0015q\u0018\u0002\"\u0005��\u0011\u001d\tY!\u0003D\t\u0003\u001bAa!!\u000b\n\t#)\bbBA\u0016\u0013\u0019E\u0011Q\u0006\u0005\b\u0003gIA\u0011CA\u001b\u0011\u001d\ti$\u0003C\t\u0003kAq!a\u0010\n\t#\t)\u0004C\u0004\u0002B%1\t\"!\u000e\t\u000f\u0005\r\u0013\u0002\"\u0001\u0002F!9\u0011qI\u0005\u0005\u0002\u0005\u0015\u0013AE(BkRD'\u0007T8hS:4U-\u0019;ve\u0016T!\u0001J\u0013\u0002\u000f\u0019,\u0017\r^;sK*\u0011aeJ\u0001\u000bG>tGO]8mY\u0016\u0014(\"\u0001\u0015\u0002\rM\\\u0017N\u001c8z\u0007\u0001\u0001\"aK\u0001\u000e\u0003\r\u0012!cT!vi\"\u0014Dj\\4j]\u001a+\u0017\r^;sKN\u0011\u0011A\f\t\u0003_Ij\u0011\u0001\r\u0006\u0002c\u0005)1oY1mC&\u00111\u0007\r\u0002\u0007\u0003:L(+\u001a4\u0002\rqJg.\u001b;?)\u0005Q\u0013!\t#F\r\u0006+F\nV0D\u0019&+e\nV0J\t~+eJV0O\u00036+u\f\u0015*F\r&CV#\u0001\u001d\u0011\u0005erT\"\u0001\u001e\u000b\u0005mb\u0014\u0001\u00027b]\u001eT\u0011!P\u0001\u0005U\u00064\u0018-\u0003\u0002@u\t11\u000b\u001e:j]\u001e\f!\u0005R#G\u0003VcEkX\"M\u0013\u0016sEkX%E?\u0016sek\u0018(B\u001b\u0016{\u0006KU#G\u0013b\u0003\u0013!\n#F\r\u0006+F\nV0D\u0019&+e\nV0T\u000b\u000e\u0013V\tV0F\u001dZ{f*Q'F?B\u0013VIR%Y\u0003\u0019\"UIR!V\u0019R{6\tT%F\u001dR{6+R\"S\u000bR{VI\u0014,`\u001d\u0006kUi\u0018)S\u000b\u001aK\u0005\fI\u0001\"\t\u00163\u0015)\u0016'U?N+5kU%P\u001d~{\u0015)\u0016+Ie}\u001bF+\u0011+F?:\u000bU*R\u0001#\t\u00163\u0015)\u0016'U?N+5kU%P\u001d~{\u0015)\u0016+Ie}\u001bF+\u0011+F?:\u000bU*\u0012\u0011\u0016\u0007\u0019\u000b\u0019bE\u0002\n]\u001d\u0003\"\u0001S%\u000e\u0003\u0015J!AS\u0013\u0003)M[\u0017N\u001c8z\u0007>tGO]8mY\u0016\u0014()Y:f\u0003\u0019!\u0013N\\5uIQ\tQ\n\u0005\u00020\u001d&\u0011q\n\r\u0002\u0005+:LG/\u0001\u0005qe>4\u0018\u000eZ3s+\u0005\u0011\u0006CA*Y\u001b\u0005!&BA+W\u0003\u0019\u0019G.[3oi*\u0011qkJ\u0001\u0007_\u0006,H\u000f\u001b\u001a\n\u0005e#&AD(BkRD'\u0007\u0015:pm&$WM]\u0001\u0010G2LWM\u001c;JI\u0016sgOT1nKV\tA\f\u0005\u0002^I:\u0011aL\u0019\t\u0003?Bj\u0011\u0001\u0019\u0006\u0003C&\na\u0001\u0010:p_Rt\u0014BA21\u0003\u0019\u0001&/\u001a3fM&\u0011q(\u001a\u0006\u0003GB\n1c\u00197jK:$8+Z2sKR,eN\u001e(b[\u0016\fac]3tg&|gnT!vi\"\u00144\u000b^1uK:\u000bW.Z\u0001\tG2LWM\u001c;JI\u0006a1\r\\5f]R\u001cVm\u0019:fi\u0006\u0011r-\u001a8fe\u0006$Xm\u0015;bi\u00164\u0016\r\\;f)\u0005a\u0016!B:uCR,\u0017!B:d_B,\u0017a\u0003:fI&\u0014Xm\u0019;V%&\u000b1d\u0019:fCR,\u0017)\u001e;iK:$\u0018nY1uS>t'+Z9vKN$H#A9\u0011\u0005M\u0013\u0018BA:U\u0005U\tU\u000f\u001e5f]RL7-\u0019;j_:\u0014V-];fgR\fQB]3ukJtW\rZ*uCR,W#\u0001<\u0011\u0007=:H,\u0003\u0002ya\t1q\n\u001d;j_:\fA#[:SKR,(O\\3e'R\fG/\u001a,bY&$W#A>\u0011\u0005=b\u0018BA?1\u0005\u001d\u0011un\u001c7fC:\faC]3ue&,g/\u001a(fo\u0006\u001b7-Z:t)>\\WM\u001c\u000b\u0005\u0003\u0003\t9\u0001E\u0002T\u0003\u0007I1!!\u0002U\u0005-y\u0015)\u001e;ieQ{7.\u001a8\t\r\u0005%\u0001\u00041\u0001]\u0003\u0011\u0019w\u000eZ3\u0002-I,GO]5fm\u0016\fU\u000f\u001e5pe&TX\rZ+tKJ$B!a\u0004\u0002&A!\u0011\u0011CA\n\u0019\u0001!q!!\u0006\n\u0005\u0004\t9BA\u0001V#\u0011\tI\"a\b\u0011\u0007=\nY\"C\u0002\u0002\u001eA\u0012qAT8uQ&tw\rE\u0002T\u0003CI1!a\tU\u0005)y\u0015)\u001e;ieU\u001bXM\u001d\u0005\b\u0003OI\u0002\u0019AA\u0001\u0003\u0015!xn[3o\u0003i\u0011X\r^;s]\u0016$\u0017)\u001e;iK:$\u0018nY1uS>t7i\u001c3f\u0003I\u0019\u0018M^3BkRDwN]5{K\u0012,6/\u001a:\u0015\u00075\u000by\u0003C\u0004\u00022m\u0001\r!a\u0004\u0002\tU\u001cXM]\u0001\u0017Q\u0006tG\r\\3XQ\u0016t7i\u001c3f\u001d>$hi\\;oIR\u0011\u0011q\u0007\t\u0004_\u0005e\u0012bAA\u001ea\t\u0019\u0011I\\=\u0002=!\fg\u000e\u001a7f/\",g.\u00138wC2LGm\u0015;bi\u0016$U\r^3di\u0016$\u0017!\u00065b]\u0012dWm\u00165f]2{w-\u001b8GC&dW\rZ\u0001\u0019Q\u0006tG\r\\3XQ\u0016tGj\\4j]N+8mY3fI\u0016$\u0017!\u00047pO&t'+\u001a3je\u0016\u001cG/\u0006\u0002\u00028\u0005A1-\u00197mE\u0006\u001c7\u000e")
/* loaded from: input_file:skinny/controller/feature/OAuth2LoginFeature.class */
public interface OAuth2LoginFeature<U extends OAuth2User> extends SkinnyControllerBase {
    static String DEFAULT_SESSION_OAUTH2_STATE_NAME() {
        return OAuth2LoginFeature$.MODULE$.DEFAULT_SESSION_OAUTH2_STATE_NAME();
    }

    static String DEFAULT_CLIENT_SECRET_ENV_NAME_PREFIX() {
        return OAuth2LoginFeature$.MODULE$.DEFAULT_CLIENT_SECRET_ENV_NAME_PREFIX();
    }

    static String DEFAULT_CLIENT_ID_ENV_NAME_PREFIX() {
        return OAuth2LoginFeature$.MODULE$.DEFAULT_CLIENT_ID_ENV_NAME_PREFIX();
    }

    OAuth2Provider provider();

    default String clientIdEnvName() {
        return new StringBuilder(1).append(OAuth2LoginFeature$.MODULE$.DEFAULT_CLIENT_ID_ENV_NAME_PREFIX()).append("_").append(provider().providerName().toUpperCase(Locale.ENGLISH)).toString();
    }

    default String clientSecretEnvName() {
        return new StringBuilder(1).append(OAuth2LoginFeature$.MODULE$.DEFAULT_CLIENT_SECRET_ENV_NAME_PREFIX()).append("_").append(provider().providerName().toUpperCase(Locale.ENGLISH)).toString();
    }

    default String sessionOAuth2StateName() {
        return OAuth2LoginFeature$.MODULE$.DEFAULT_SESSION_OAUTH2_STATE_NAME();
    }

    default String clientId() {
        return (String) package$.MODULE$.env().apply(clientIdEnvName());
    }

    default String clientSecret() {
        return (String) package$.MODULE$.env().apply(clientSecretEnvName());
    }

    default String generateStateValue() {
        return Predef$.MODULE$.wrapRefArray((Object[]) ArrayOps$.MODULE$.map$extension(Predef$.MODULE$.byteArrayOps(MessageDigest.getInstance("MD5").digest(new StringBuilder(1).append(session(skinnyContext(servletContext())).getId()).append("-").append(System.currentTimeMillis()).toString().getBytes())), obj -> {
            return $anonfun$generateStateValue$1(BoxesRunTime.unboxToByte(obj));
        }, ClassTag$.MODULE$.apply(String.class))).mkString();
    }

    default String state() {
        return (String) enrichSession(session(skinnyContext(servletContext()))).get(sessionOAuth2StateName()).map(obj -> {
            return obj.toString();
        }).getOrElse(() -> {
            String generateStateValue = this.generateStateValue();
            this.session(this.skinnyContext(this.servletContext())).setAttribute(this.sessionOAuth2StateName(), generateStateValue);
            return generateStateValue;
        });
    }

    default String scope() {
        return null;
    }

    String redirectURI();

    default AuthenticationRequest createAuthenticationRequest() {
        AuthenticationRequest redirectURI = new AuthenticationRequest(provider()).clientId(clientId()).responseType(ResponseType$.MODULE$.Code()).state(state()).redirectURI(redirectURI());
        return scope() != null ? redirectURI.scope(scope()) : redirectURI;
    }

    default Option<String> returnedState() {
        return params(skinnyContext(servletContext())).get("state");
    }

    default boolean isReturnedStateValid() {
        logger().debug(() -> {
            return new StringBuilder(59).append("OAuth2 state parameter verification -> actual: ").append(this.returnedState()).append(", expected: ").append(this.state()).toString();
        });
        return returnedState().exists(str -> {
            return BoxesRunTime.boxToBoolean($anonfun$isReturnedStateValid$2(this, str));
        });
    }

    default OAuth2Token retrieveNewAccessToken(String str) {
        return OAuth2Client$.MODULE$.accessToken(new AccessTokenRequest(provider()).grantType(GrantType$.MODULE$.AuthorizationCode()).clientId(clientId()).clientSecret(clientSecret()).code(str).redirectURI(redirectURI())).oAuthToken();
    }

    U retrieveAuthorizedUser(OAuth2Token oAuth2Token);

    default Option<String> returnedAuthenticationCode() {
        return params(skinnyContext(servletContext())).get("code");
    }

    void saveAuthorizedUser(U u);

    default Object handleWhenCodeNotFound() {
        return handleWhenLoginFailed();
    }

    default Object handleWhenInvalidStateDetected() {
        return handleWhenLoginFailed();
    }

    default Object handleWhenLoginFailed() {
        return haltWithBody(401, skinnyContext(servletContext()), haltWithBody$default$3(401));
    }

    Object handleWhenLoginSucceeded();

    default Object loginRedirect() {
        return redirect(createAuthenticationRequest().locationURI(), skinnyContext(servletContext()));
    }

    default Object callback() {
        return isReturnedStateValid() ? returnedAuthenticationCode().map(str -> {
            this.logger().debug(() -> {
                return new StringBuilder(27).append("OAuth2 authorization code: ").append(str).toString();
            });
            OAuth2Token retrieveNewAccessToken = this.retrieveNewAccessToken(str);
            this.logger().debug(() -> {
                return new StringBuilder(21).append("OAuth2 access token: ").append(this.toPrettyJSONStringAsIs(retrieveNewAccessToken.underlying())).toString();
            });
            this.saveAuthorizedUser(this.retrieveAuthorizedUser(retrieveNewAccessToken));
            return this.handleWhenLoginSucceeded();
        }).getOrElse(() -> {
            return this.handleWhenCodeNotFound();
        }) : handleWhenInvalidStateDetected();
    }

    static /* synthetic */ String $anonfun$generateStateValue$1(byte b) {
        return StringOps$.MODULE$.format$extension(Predef$.MODULE$.augmentString("%02x"), ScalaRunTime$.MODULE$.genericWrapArray(new Object[]{BoxesRunTime.boxToByte(b)}));
    }

    static /* synthetic */ boolean $anonfun$isReturnedStateValid$2(OAuth2LoginFeature oAuth2LoginFeature, String str) {
        String state = oAuth2LoginFeature.state();
        return str != null ? str.equals(state) : state == null;
    }

    static void $init$(OAuth2LoginFeature oAuth2LoginFeature) {
    }
}
