package com.greenfossil.thorium.decorators;

import com.greenfossil.thorium.Configuration;
import com.greenfossil.thorium.Configuration$;
import com.greenfossil.thorium.CookieUtil$;
import com.greenfossil.thorium.HMACUtil$;
import com.greenfossil.thorium.Request;
import com.linecorp.armeria.common.Cookie;
import com.linecorp.armeria.server.ServiceRequestContext;
import java.io.Serializable;
import java.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.Array$;
import scala.Array$UnapplySeqWrapper$;
import scala.Function1;
import scala.Function2;
import scala.Function3;
import scala.MatchError;
import scala.Option;
import scala.Tuple2;
import scala.Tuple2$;
import scala.collection.immutable.$colon;
import scala.collection.immutable.List;
import scala.collection.immutable.Nil$;
import scala.runtime.BoxesRunTime;
import scala.runtime.ModuleSerializationProxy;
import scala.util.Try;
import scala.util.Try$;

/* compiled from: CSRFGuardModule.scala */
/* loaded from: input_file:com/greenfossil/thorium/decorators/CSRFGuardModule$.class */
public final class CSRFGuardModule$ implements Serializable {
    private static final Function1<String, Object> defaultToVerifyMethodFn;
    public static final CSRFGuardModule$ MODULE$ = new CSRFGuardModule$();
    public static final Logger com$greenfossil$thorium$decorators$CSRFGuardModule$$$csrfLogger = LoggerFactory.getLogger("com.greenfossil.thorium.csrf");
    private static boolean enabledCSRFProtection = false;
    private static final List<String> verificationRequiredMethods = new $colon.colon<>("POST", new $colon.colon("PUT", new $colon.colon("DELETE", new $colon.colon("PATCH", Nil$.MODULE$))));

    private CSRFGuardModule$() {
    }

    static {
        CSRFGuardModule$ cSRFGuardModule$ = MODULE$;
        defaultToVerifyMethodFn = str -> {
            return verificationRequiredMethods.contains(str);
        };
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(CSRFGuardModule$.class);
    }

    public Function1<String, Object> defaultToVerifyMethodFn() {
        return defaultToVerifyMethodFn;
    }

    public CSRFGuardModule apply() {
        return apply((str, serviceRequestContext) -> {
            return false;
        });
    }

    public CSRFGuardModule apply(Function2<String, ServiceRequestContext, Object> function2) {
        enabledCSRFProtection = true;
        com$greenfossil$thorium$decorators$CSRFGuardModule$$$csrfLogger.info("CSRFProtection enabled.");
        return new CSRFGuardModule(function2, (str, str2, serviceRequestContext) -> {
            return true;
        }, defaultToVerifyMethodFn());
    }

    public CSRFGuardModule apply(Function3<String, String, ServiceRequestContext, Object> function3) {
        enabledCSRFProtection = true;
        com$greenfossil$thorium$decorators$CSRFGuardModule$$$csrfLogger.info("CSRFProtection enabled.");
        return new CSRFGuardModule((str, serviceRequestContext) -> {
            return false;
        }, function3, defaultToVerifyMethodFn());
    }

    public CSRFGuardModule apply(Function2<String, ServiceRequestContext, Object> function2, Function3<String, String, ServiceRequestContext, Object> function3) {
        enabledCSRFProtection = true;
        com$greenfossil$thorium$decorators$CSRFGuardModule$$$csrfLogger.info("CSRFProtection enabled.");
        return new CSRFGuardModule(function2, function3, defaultToVerifyMethodFn());
    }

    public Cookie generateCSRFTokenCookie(Configuration configuration, Option<String> option) {
        return CookieUtil$.MODULE$.csrfCookieBuilder(Configuration$.MODULE$.apply().httpConfiguration().csrfConfig(), generateCSRFToken(configuration, option)).build();
    }

    public String generateCSRFToken(Request request) {
        return generateCSRFToken(request.config(), request.session().idOpt());
    }

    private String generateCSRFToken(Configuration configuration, Option<String> option) {
        return (String) generateCSRFToken(configuration.httpConfiguration().secretConfig().secret(), configuration.httpConfiguration().csrfConfig().jwt().signatureAlgorithm(), (String) option.getOrElse(CSRFGuardModule$::$anonfun$3)).fold(th -> {
            com$greenfossil$thorium$decorators$CSRFGuardModule$$$csrfLogger.error("Fail to generate CSRF token", th);
            return "";
        }, str -> {
            com$greenfossil$thorium$decorators$CSRFGuardModule$$$csrfLogger.trace(new StringBuilder(19).append(enabledCSRFProtection).append(" - generated token:").append(str).toString());
            return str;
        });
    }

    public Try<String> generateCSRFToken(String str, String str2, String str3) {
        return Try$.MODULE$.apply(() -> {
            return generateCSRFToken$$anonfun$3(r1, r2, r3);
        });
    }

    public boolean verifyHmac(String str, String str2, String str3) {
        return BoxesRunTime.unboxToBoolean(Try$.MODULE$.apply(() -> {
            return verifyHmac$$anonfun$1(r1, r2, r3);
        }).getOrElse(CSRFGuardModule$::verifyHmac$$anonfun$2));
    }

    private static final String $anonfun$3() {
        return HMACUtil$.MODULE$.randomAlphaNumericString(16);
    }

    private static final String generateCSRFToken$$anonfun$3(String str, String str2, String str3) {
        StringBuilder append = new StringBuilder(1).append(str).append("!");
        HMACUtil$ hMACUtil$ = HMACUtil$.MODULE$;
        Base64.Encoder urlEncoder = Base64.getUrlEncoder();
        String sb = append.append(hMACUtil$.randomBytes(32, bArr -> {
            return urlEncoder.encodeToString(bArr);
        })).toString();
        HMACUtil$ hMACUtil$2 = HMACUtil$.MODULE$;
        byte[] bytes = sb.getBytes("UTF-8");
        byte[] bytes2 = str2.getBytes("UTF-8");
        Base64.Encoder urlEncoder2 = Base64.getUrlEncoder();
        return new StringBuilder(1).append((String) hMACUtil$2.hmac(bytes, bytes2, str3, bArr2 -> {
            return urlEncoder2.encodeToString(bArr2);
        })).append(".").append(sb).toString();
    }

    private static final boolean verifyHmac$$anonfun$1(String str, String str2, String str3) {
        if (str == null) {
            com$greenfossil$thorium$decorators$CSRFGuardModule$$$csrfLogger.trace("CSRF Token is null");
            return false;
        }
        String[] split = str.split("\\.", 2);
        if (split != null) {
            Object unapplySeq = Array$.MODULE$.unapplySeq(split);
            if (Array$UnapplySeqWrapper$.MODULE$.lengthCompare$extension(unapplySeq, 2) == 0) {
                Tuple2 apply = Tuple2$.MODULE$.apply((String) Array$UnapplySeqWrapper$.MODULE$.apply$extension(unapplySeq, 0), (String) Array$UnapplySeqWrapper$.MODULE$.apply$extension(unapplySeq, 1));
                String str4 = (String) apply._1();
                String str5 = (String) apply._2();
                HMACUtil$ hMACUtil$ = HMACUtil$.MODULE$;
                byte[] bytes = str5.getBytes("UTF-8");
                byte[] bytes2 = str2.getBytes("UTF-8");
                Base64.Encoder urlEncoder = Base64.getUrlEncoder();
                String str6 = (String) hMACUtil$.hmac(bytes, bytes2, str3, bArr -> {
                    return urlEncoder.encodeToString(bArr);
                });
                boolean constantTimeEquals = HMACUtil$.MODULE$.constantTimeEquals(str4.getBytes("UTF-8"), str6.getBytes("UTF-8"));
                if (!constantTimeEquals) {
                    com$greenfossil$thorium$decorators$CSRFGuardModule$$$csrfLogger.warn(new StringBuilder(32).append("HMAC invalid, token: ").append(str).append(", expected:").append(str6).toString());
                }
                return constantTimeEquals;
            }
        }
        throw new MatchError(split);
    }

    private static final boolean verifyHmac$$anonfun$2() {
        return false;
    }
}
