package fi.vm.sade.security;

import fi.vm.sade.security.ldap.LdapUser;
import org.scalatra.Unauthorized$;
import org.springframework.security.cas.ServiceProperties;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Serializable;
import scala.Some;
import scala.StringContext;
import scala.runtime.AbstractFunction0;
import scala.runtime.BoxedUnit;
import scala.util.Failure;
import scala.util.Success;
import scala.util.Try;
import scala.util.Try$;

/* compiled from: CasLdapFilter.scala */
/* loaded from: input_file:WEB-INF/classes/fi/vm/sade/security/CasLdapFilter$$anonfun$1.class */
public final class CasLdapFilter$$anonfun$1 extends AbstractFunction0<Object> implements Serializable {
    public static final long serialVersionUID = 0;
    private final /* synthetic */ CasLdapFilter $outer;

    @Override // scala.Function0
    /* renamed from: apply */
    public final Object mo557apply() {
        this.$outer.contentType_$eq(this.$outer.formats().apply("json"));
        Serializable orElse = this.$outer.params(this.$outer.request()).get(ServiceProperties.DEFAULT_CAS_ARTIFACT_PARAMETER).orElse(new CasLdapFilter$$anonfun$1$$anonfun$2(this));
        if (!(orElse instanceof Some)) {
            throw this.$outer.halt(Unauthorized$.MODULE$.apply(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), "CAS ticket required"), Unauthorized$.MODULE$.apply$default$2(), Unauthorized$.MODULE$.apply$default$3()));
        }
        Try apply = Try$.MODULE$.apply(new CasLdapFilter$$anonfun$1$$anonfun$3(this, (String) ((Some) orElse).x()));
        if (!(apply instanceof Success)) {
            if (!(apply instanceof Failure)) {
                throw new MatchError(apply);
            }
            Throwable exception = ((Failure) apply).exception();
            if (this.$outer.logger().underlying().isWarnEnabled()) {
                this.$outer.logger().underlying().warn("Cas ticket rejected", exception);
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
            } else {
                BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
            }
            throw this.$outer.halt(Unauthorized$.MODULE$.apply(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), "CAS ticket rejected"), Unauthorized$.MODULE$.apply$default$2(), Unauthorized$.MODULE$.apply$default$3()));
        }
        String str = (String) ((Success) apply).value();
        boolean z = false;
        Some some = null;
        Option<LdapUser> findUser = this.$outer.fi$vm$sade$security$CasLdapFilter$$ldapClient.findUser(str);
        if (findUser instanceof Some) {
            z = true;
            some = (Some) findUser;
            if (this.$outer.fi$vm$sade$security$CasLdapFilter$$requiredRoles.forall(new CasLdapFilter$$anonfun$1$$anonfun$apply$1(this, (LdapUser) some.x()))) {
                return BoxedUnit.UNIT;
            }
        }
        if (z) {
            LdapUser ldapUser = (LdapUser) some.x();
            if (this.$outer.logger().underlying().isWarnEnabled()) {
                this.$outer.logger().underlying().warn(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"User ", " does not have all required roles ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{ldapUser, this.$outer.fi$vm$sade$security$CasLdapFilter$$requiredRoles})));
                BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
            } else {
                BoxedUnit boxedUnit4 = BoxedUnit.UNIT;
            }
            throw this.$outer.halt(Unauthorized$.MODULE$.apply(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), "LDAP access denied"), Unauthorized$.MODULE$.apply$default$2(), Unauthorized$.MODULE$.apply$default$3()));
        }
        if (!None$.MODULE$.equals(findUser)) {
            throw new MatchError(findUser);
        }
        if (this.$outer.logger().underlying().isWarnEnabled()) {
            this.$outer.logger().underlying().warn(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"User \"", "\" not found in LDAP"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str})));
            BoxedUnit boxedUnit5 = BoxedUnit.UNIT;
        } else {
            BoxedUnit boxedUnit6 = BoxedUnit.UNIT;
        }
        throw this.$outer.halt(Unauthorized$.MODULE$.apply(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), "LDAP access denied"), Unauthorized$.MODULE$.apply$default$2(), Unauthorized$.MODULE$.apply$default$3()));
    }

    public /* synthetic */ CasLdapFilter fi$vm$sade$security$CasLdapFilter$$anonfun$$$outer() {
        return this.$outer;
    }

    public CasLdapFilter$$anonfun$1(CasLdapFilter casLdapFilter) {
        if (casLdapFilter == null) {
            throw null;
        }
        this.$outer = casLdapFilter;
    }
}
