package io.toolsplus.atlassian.connect.play.auth.jwt.symmetric;

import cats.data.EitherT;
import cats.implicits$;
import cats.syntax.EitherOps$;
import com.google.inject.Inject;
import io.toolsplus.atlassian.connect.play.api.models.AtlassianHost;
import io.toolsplus.atlassian.connect.play.api.models.AtlassianHostUser;
import io.toolsplus.atlassian.connect.play.api.repositories.AtlassianHostRepository;
import io.toolsplus.atlassian.connect.play.auth.jwt.AbstractJwtAuthenticationProvider;
import io.toolsplus.atlassian.connect.play.auth.jwt.InvalidJwtError;
import io.toolsplus.atlassian.connect.play.auth.jwt.JwtAuthenticationError;
import io.toolsplus.atlassian.connect.play.auth.jwt.JwtCredentials;
import io.toolsplus.atlassian.jwt.Jwt;
import io.toolsplus.atlassian.jwt.symmetric.SymmetricJwtReader;
import play.api.Logger;
import play.api.Logger$;
import play.api.MarkerContext$;
import scala.concurrent.ExecutionContext$Implicits$;
import scala.concurrent.Future;
import scala.reflect.ScalaSignature;
import scala.util.Either;

/* compiled from: SymmetricJwtAuthenticationProvider.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005%a\u0001B\u0004\t\u0001eA\u0001B\b\u0001\u0003\u0002\u0003\u0006Ia\b\u0005\u0006O\u0001!\t\u0001\u000b\u0005\bo\u0001\u0011\r\u0011\"\u00039\u0011\u0019y\u0004\u0001)A\u0005s!)\u0001\t\u0001C!\u0003\")Q\u000e\u0001C\u0005]\n\u00113+_7nKR\u0014\u0018n\u0019&xi\u0006+H\u000f[3oi&\u001c\u0017\r^5p]B\u0013xN^5eKJT!!\u0003\u0006\u0002\u0013MLX.\\3ue&\u001c'BA\u0006\r\u0003\rQw\u000f\u001e\u0006\u0003\u001b9\tA!Y;uQ*\u0011q\u0002E\u0001\u0005a2\f\u0017P\u0003\u0002\u0012%\u000591m\u001c8oK\u000e$(BA\n\u0015\u0003%\tG\u000f\\1tg&\fgN\u0003\u0002\u0016-\u0005IAo\\8mgBdWo\u001d\u0006\u0002/\u0005\u0011\u0011n\\\u0002\u0001'\t\u0001!\u0004\u0005\u0002\u001c95\t!\"\u0003\u0002\u001e\u0015\t\t\u0013IY:ue\u0006\u001cGOS<u\u0003V$\b.\u001a8uS\u000e\fG/[8o!J|g/\u001b3fe\u0006q\u0001n\\:u%\u0016\u0004xn]5u_JL\bC\u0001\u0011&\u001b\u0005\t#B\u0001\u0012$\u00031\u0011X\r]8tSR|'/[3t\u0015\t!c\"A\u0002ba&L!AJ\u0011\u0003/\u0005#H.Y:tS\u0006t\u0007j\\:u%\u0016\u0004xn]5u_JL\u0018A\u0002\u001fj]&$h\b\u0006\u0002*WA\u0011!\u0006A\u0007\u0002\u0011!)aD\u0001a\u0001?!\u0012!!\f\t\u0003]Uj\u0011a\f\u0006\u0003aE\na!\u001b8kK\u000e$(B\u0001\u001a4\u0003\u00199wn\\4mK*\tA'A\u0002d_6L!AN\u0018\u0003\r%s'.Z2u\u0003\u0019awnZ4feV\t\u0011\b\u0005\u0002;{5\t1H\u0003\u0002%y)\tq\"\u0003\u0002?w\t1Aj\\4hKJ\fq\u0001\\8hO\u0016\u0014\b%\u0001\u0007bkRDWM\u001c;jG\u0006$X\rF\u0002C7\u0002\u0004Ra\u0011%K%Vk\u0011\u0001\u0012\u0006\u0003\u000b\u001a\u000bA\u0001Z1uC*\tq)\u0001\u0003dCR\u001c\u0018BA%E\u0005\u001d)\u0015\u000e\u001e5feR\u0003\"a\u0013)\u000e\u00031S!!\u0014(\u0002\u0015\r|gnY;se\u0016tGOC\u0001P\u0003\u0015\u00198-\u00197b\u0013\t\tFJ\u0001\u0004GkR,(/\u001a\t\u00037MK!\u0001\u0016\u0006\u0003-);H/Q;uQ\u0016tG/[2bi&|g.\u0012:s_J\u0004\"AV-\u000e\u0003]S!\u0001W\u0012\u0002\r5|G-\u001a7t\u0013\tQvKA\tBi2\f7o]5b]\"{7\u000f^+tKJDQ\u0001X\u0003A\u0002u\u000baB[<u\u0007J,G-\u001a8uS\u0006d7\u000f\u0005\u0002\u001c=&\u0011qL\u0003\u0002\u000f\u0015^$8I]3eK:$\u0018.\u00197t\u0011\u0015\tW\u00011\u0001c\u0003\r\t8\u000f\u001b\t\u0003G*t!\u0001\u001a5\u0011\u0005\u0015tU\"\u00014\u000b\u0005\u001dD\u0012A\u0002\u001fs_>$h(\u0003\u0002j\u001d\u00061\u0001K]3eK\u001aL!a\u001b7\u0003\rM#(/\u001b8h\u0015\tIg*A\u0005wKJLg-\u001f&xiR)q. @\u0002\bA!\u0001/\u001e*y\u001d\t\t8O\u0004\u0002fe&\tq*\u0003\u0002u\u001d\u00069\u0001/Y2lC\u001e,\u0017B\u0001<x\u0005\u0019)\u0015\u000e\u001e5fe*\u0011AO\u0014\t\u0003snl\u0011A\u001f\u0006\u0003\u0017II!\u0001 >\u0003\u0007);H\u000fC\u0003]\r\u0001\u0007Q\f\u0003\u0004��\r\u0001\u0007\u0011\u0011A\u0001\u0005Q>\u001cH\u000fE\u0002W\u0003\u0007I1!!\u0002X\u00055\tE\u000f\\1tg&\fg\u000eS8ti\")\u0011M\u0002a\u0001E\u0002")
/* loaded from: input_file:io/toolsplus/atlassian/connect/play/auth/jwt/symmetric/SymmetricJwtAuthenticationProvider.class */
public class SymmetricJwtAuthenticationProvider extends AbstractJwtAuthenticationProvider {
    private final Logger logger;

    private Logger logger() {
        return this.logger;
    }

    @Override // io.toolsplus.atlassian.connect.play.auth.jwt.AbstractJwtAuthenticationProvider
    public EitherT<Future, JwtAuthenticationError, AtlassianHostUser> authenticate(JwtCredentials jwtCredentials, String str) {
        return EitherOps$.MODULE$.toEitherT$extension(implicits$.MODULE$.catsSyntaxEither(parseJwt(jwtCredentials.rawJwt())), implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global())).flatMap(jwt -> {
            return EitherOps$.MODULE$.toEitherT$extension(implicits$.MODULE$.catsSyntaxEither(this.extractClientKey(jwt)), implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global())).flatMap(str2 -> {
                return this.fetchAtlassianHost(str2).flatMap(atlassianHost -> {
                    return EitherOps$.MODULE$.toEitherT$extension(implicits$.MODULE$.catsSyntaxEither(this.verifyJwt(jwtCredentials, atlassianHost, str)), implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global())).map(jwt -> {
                        return this.hostUserFromSubjectClaim(atlassianHost, jwt.claims());
                    }, implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global()));
                }, implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global()));
            }, implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global()));
        }, implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global()));
    }

    private Either<JwtAuthenticationError, Jwt> verifyJwt(JwtCredentials jwtCredentials, AtlassianHost atlassianHost, String str) {
        return EitherOps$.MODULE$.leftMap$extension(implicits$.MODULE$.catsSyntaxEither(new SymmetricJwtReader(atlassianHost.sharedSecret()).readAndVerify(jwtCredentials.rawJwt(), str)), error -> {
            this.logger().error(() -> {
                return new StringBuilder(38).append("Reading and validating of JWT failed: ").append(error).toString();
            }, MarkerContext$.MODULE$.NoMarker());
            return new InvalidJwtError(error.getMessage());
        });
    }

    @Inject
    public SymmetricJwtAuthenticationProvider(AtlassianHostRepository atlassianHostRepository) {
        super(atlassianHostRepository, ExecutionContext$Implicits$.MODULE$.global());
        this.logger = Logger$.MODULE$.apply(SymmetricJwtAuthenticationProvider.class);
    }
}
