package io.toolsplus.atlassian.connect.play.auth.jwt.symmetric;

import cats.data.EitherT;
import cats.implicits$;
import cats.syntax.EitherOps$;
import com.google.inject.Inject;
import io.toolsplus.atlassian.connect.play.api.models.AtlassianHost;
import io.toolsplus.atlassian.connect.play.api.repositories.AtlassianHostRepository;
import io.toolsplus.atlassian.connect.play.auth.jwt.AbstractJwtAuthenticationProvider;
import io.toolsplus.atlassian.connect.play.auth.jwt.InvalidJwtError;
import io.toolsplus.atlassian.connect.play.auth.jwt.JwtAuthenticationError;
import io.toolsplus.atlassian.connect.play.auth.jwt.JwtCredentials;
import io.toolsplus.atlassian.jwt.Jwt;
import io.toolsplus.atlassian.jwt.symmetric.SymmetricJwtReader;
import play.api.Logger;
import play.api.Logger$;
import play.api.MarkerContext$;
import scala.concurrent.ExecutionContext$Implicits$;
import scala.concurrent.Future;
import scala.reflect.ScalaSignature;
import scala.util.Either;

/* compiled from: SymmetricJwtAuthenticationProvider.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005ma\u0001B\u0004\t\u0001eA\u0001\u0002\f\u0001\u0003\u0002\u0003\u0006I!\f\u0005\u0006k\u0001!\tA\u000e\u0005\b\u000b\u0002\u0011\r\u0011\"\u0003G\u0011\u0019i\u0005\u0001)A\u0005\u000f\")a\n\u0001C!\u001f\")q\u000f\u0001C\u0005q\n\u00113+_7nKR\u0014\u0018n\u0019&xi\u0006+H\u000f[3oi&\u001c\u0017\r^5p]B\u0013xN^5eKJT!!\u0003\u0006\u0002\u0013MLX.\\3ue&\u001c'BA\u0006\r\u0003\rQw\u000f\u001e\u0006\u0003\u001b9\tA!Y;uQ*\u0011q\u0002E\u0001\u0005a2\f\u0017P\u0003\u0002\u0012%\u000591m\u001c8oK\u000e$(BA\n\u0015\u0003%\tG\u000f\\1tg&\fgN\u0003\u0002\u0016-\u0005IAo\\8mgBdWo\u001d\u0006\u0002/\u0005\u0011\u0011n\\\u0002\u0001'\t\u0001!\u0004E\u0002\u001c9yi\u0011AC\u0005\u0003;)\u0011\u0011%\u00112tiJ\f7\r\u001e&xi\u0006+H\u000f[3oi&\u001c\u0017\r^5p]B\u0013xN^5eKJ\u0004\"aH\u0015\u000f\u0005\u00012cBA\u0011%\u001b\u0005\u0011#BA\u0012\u0019\u0003\u0019a$o\\8u}%\tQ%\u0001\u0003dCR\u001c\u0018BA\u0014)\u0003\u001d\u0001\u0018mY6bO\u0016T\u0011!J\u0005\u0003U-\u0012!!\u00133\u000b\u0005\u001dB\u0013A\u00045pgR\u0014V\r]8tSR|'/\u001f\t\u0003]Mj\u0011a\f\u0006\u0003aE\nAB]3q_NLGo\u001c:jKNT!A\r\b\u0002\u0007\u0005\u0004\u0018.\u0003\u00025_\t9\u0012\t\u001e7bgNL\u0017M\u001c%pgR\u0014V\r]8tSR|'/_\u0001\u0007y%t\u0017\u000e\u001e \u0015\u0005]J\u0004C\u0001\u001d\u0001\u001b\u0005A\u0001\"\u0002\u0017\u0003\u0001\u0004i\u0003F\u0001\u0002<!\ta4)D\u0001>\u0015\tqt(\u0001\u0004j]*,7\r\u001e\u0006\u0003\u0001\u0006\u000baaZ8pO2,'\"\u0001\"\u0002\u0007\r|W.\u0003\u0002E{\t1\u0011J\u001c6fGR\fa\u0001\\8hO\u0016\u0014X#A$\u0011\u0005![U\"A%\u000b\u0005IR%\"A\b\n\u00051K%A\u0002'pO\u001e,'/A\u0004m_\u001e<WM\u001d\u0011\u0002\u0019\u0005,H\u000f[3oi&\u001c\u0017\r^3\u0015\u0007ACW\u000eE\u0003R)Zs\u0016-D\u0001S\u0015\t\u0019\u0006&\u0001\u0003eCR\f\u0017BA+S\u0005\u001d)\u0015\u000e\u001e5feR\u0003\"a\u0016/\u000e\u0003aS!!\u0017.\u0002\u0015\r|gnY;se\u0016tGOC\u0001\\\u0003\u0015\u00198-\u00197b\u0013\ti\u0006L\u0001\u0004GkR,(/\u001a\t\u00037}K!\u0001\u0019\u0006\u0003-);H/Q;uQ\u0016tG/[2bi&|g.\u0012:s_J\u00042aH\u0015c!\t\u0019g-D\u0001e\u0015\t)\u0017'\u0001\u0004n_\u0012,Gn]\u0005\u0003O\u0012\u0014\u0011#\u0011;mCN\u001c\u0018.\u00198I_N$Xk]3s\u0011\u0015IW\u00011\u0001k\u00039Qw\u000f^\"sK\u0012,g\u000e^5bYN\u0004\"aG6\n\u00051T!A\u0004&xi\u000e\u0013X\rZ3oi&\fGn\u001d\u0005\u0006]\u0016\u0001\ra\\\u0001\u0004cND\u0007C\u00019u\u001d\t\t(\u000f\u0005\u0002\"5&\u00111OW\u0001\u0007!J,G-\u001a4\n\u0005U4(AB*ue&twM\u0003\u0002t5\u0006Ia/\u001a:jMfTu\u000f\u001e\u000b\bs\u00065\u0011qBA\r!\u0015QhPXA\u0002\u001d\tYXP\u0004\u0002\"y&\t1,\u0003\u0002(5&\u0019q0!\u0001\u0003\r\u0015KG\u000f[3s\u0015\t9#\f\u0005\u0003\u0002\u0006\u0005%QBAA\u0004\u0015\tY!#\u0003\u0003\u0002\f\u0005\u001d!a\u0001&xi\")\u0011N\u0002a\u0001U\"9\u0011\u0011\u0003\u0004A\u0002\u0005M\u0011\u0001\u00025pgR\u00042aYA\u000b\u0013\r\t9\u0002\u001a\u0002\u000e\u0003Rd\u0017m]:jC:Dun\u001d;\t\u000b94\u0001\u0019A8")
/* loaded from: input_file:io/toolsplus/atlassian/connect/play/auth/jwt/symmetric/SymmetricJwtAuthenticationProvider.class */
public class SymmetricJwtAuthenticationProvider extends AbstractJwtAuthenticationProvider<Object> {
    private final Logger logger;

    private Logger logger() {
        return this.logger;
    }

    @Override // io.toolsplus.atlassian.connect.play.auth.jwt.AbstractJwtAuthenticationProvider
    public EitherT<Future, JwtAuthenticationError, Object> authenticate(JwtCredentials jwtCredentials, String str) {
        return EitherOps$.MODULE$.toEitherT$extension(implicits$.MODULE$.catsSyntaxEither(parseJwt(jwtCredentials.rawJwt())), implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global())).flatMap(jwt -> {
            return EitherOps$.MODULE$.toEitherT$extension(implicits$.MODULE$.catsSyntaxEither(this.extractClientKey(jwt)), implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global())).flatMap(str2 -> {
                return this.fetchAtlassianHost(str2).leftMap(jwtAuthenticationError -> {
                    this.logger().error(() -> {
                        return new StringBuilder(62).append("Could not find an installed host for the provided client key: ").append(str2).toString();
                    }, MarkerContext$.MODULE$.NoMarker());
                    return jwtAuthenticationError;
                }, implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global())).flatMap(atlassianHost -> {
                    return EitherOps$.MODULE$.toEitherT$extension(implicits$.MODULE$.catsSyntaxEither(this.verifyJwt(jwtCredentials, atlassianHost, str)), implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global())).map(jwt -> {
                        return this.hostUserFromSubjectClaim(atlassianHost, jwt.claims());
                    }, implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global()));
                }, implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global()));
            }, implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global()));
        }, implicits$.MODULE$.catsStdInstancesForFuture(ExecutionContext$Implicits$.MODULE$.global()));
    }

    private Either<JwtAuthenticationError, Jwt> verifyJwt(JwtCredentials jwtCredentials, AtlassianHost atlassianHost, String str) {
        return EitherOps$.MODULE$.leftMap$extension(implicits$.MODULE$.catsSyntaxEither(new SymmetricJwtReader(atlassianHost.sharedSecret()).readAndVerify(jwtCredentials.rawJwt(), str)), error -> {
            this.logger().error(() -> {
                return new StringBuilder(38).append("Reading and validating of JWT failed: ").append(error).toString();
            }, MarkerContext$.MODULE$.NoMarker());
            return new InvalidJwtError(error.getMessage());
        });
    }

    @Inject
    public SymmetricJwtAuthenticationProvider(AtlassianHostRepository atlassianHostRepository) {
        super(atlassianHostRepository, ExecutionContext$Implicits$.MODULE$.global());
        this.logger = Logger$.MODULE$.apply(SymmetricJwtAuthenticationProvider.class);
    }
}
