package lucuma.sso.client;

import cats.Invariant$;
import cats.Monad;
import cats.data.Kleisli;
import cats.data.OptionT;
import cats.effect.Sync;
import cats.syntax.ApplicativeIdOps$;
import cats.syntax.package$all$;
import io.chrisdavenport.log4cats.Logger;
import io.chrisdavenport.log4cats.Logger$;
import java.security.PublicKey;
import lucuma.core.model.User;
import lucuma.sso.client.util.JwtDecoder$;
import org.http4s.ContextRequest;
import org.http4s.EntityEncoder$;
import org.http4s.Request;
import org.http4s.Response;
import org.http4s.dsl.Http4sDsl;
import org.http4s.dsl.Http4sDsl$;
import org.http4s.dsl.impl.Responses;
import pdi.jwt.exceptions.JwtEmptyAlgorithmException;
import pdi.jwt.exceptions.JwtEmptySignatureException;
import pdi.jwt.exceptions.JwtException;
import pdi.jwt.exceptions.JwtExpirationException;
import pdi.jwt.exceptions.JwtLengthException;
import pdi.jwt.exceptions.JwtNonEmptyAlgorithmException;
import pdi.jwt.exceptions.JwtNonEmptySignatureException;
import pdi.jwt.exceptions.JwtNonNumberException;
import pdi.jwt.exceptions.JwtNonStringException;
import pdi.jwt.exceptions.JwtNonStringSetOrStringException;
import pdi.jwt.exceptions.JwtNonSupportedAlgorithm;
import pdi.jwt.exceptions.JwtNonSupportedCurve;
import pdi.jwt.exceptions.JwtNotBeforeException;
import pdi.jwt.exceptions.JwtSignatureFormatException;
import pdi.jwt.exceptions.JwtValidationException;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Some;
import scala.collection.immutable.Nil$;
import scala.util.Either;
import scala.util.Left;
import scala.util.Right;

/* compiled from: SsoMiddleware.scala */
/* loaded from: input_file:lucuma/sso/client/SsoMiddleware$.class */
public final class SsoMiddleware$ {
    public static final SsoMiddleware$ MODULE$ = new SsoMiddleware$();

    public <F> Function1<Kleisli<?, ContextRequest<F, User>, Response<F>>, Kleisli<?, Request<F>, Response<F>>> apply(PublicKey publicKey, Sync<F> sync, Logger<F> logger) {
        return apply((SsoJwtReader) SsoJwtReader$.MODULE$.apply(JwtDecoder$.MODULE$.withPublicKey(publicKey, sync), sync), (Monad) sync, (Logger) logger);
    }

    public <F> Function1<Kleisli<?, ContextRequest<F, User>, Response<F>>, Kleisli<?, Request<F>, Response<F>>> apply(SsoJwtReader<F> ssoJwtReader, Monad<F> monad, Logger<F> logger) {
        return kleisli -> {
            return new Kleisli(request -> {
                Http4sDsl apply = Http4sDsl$.MODULE$.apply();
                return new OptionT(package$all$.MODULE$.toFlatMapOps(ssoJwtReader.attemptFindClaim(request), monad).flatMap(option -> {
                    Object map;
                    Object obj;
                    Object map2;
                    boolean z = false;
                    Some some = null;
                    if (option instanceof Some) {
                        z = true;
                        some = (Some) option;
                        Right right = (Either) some.value();
                        if (right instanceof Right) {
                            Right user = ((SsoJwtClaim) right.value()).getUser();
                            if (user instanceof Right) {
                                User user2 = (User) user.value();
                                map2 = package$all$.MODULE$.catsSyntaxApply(Logger$.MODULE$.apply(logger).debug(() -> {
                                    return new StringBuilder(9).append("User is: ").append(user2).toString();
                                }), monad).$times$greater(((OptionT) kleisli.apply(new ContextRequest(user2, request))).value());
                            } else {
                                if (!(user instanceof Left)) {
                                    throw new MatchError(user);
                                }
                                map2 = package$all$.MODULE$.toFunctorOps(apply.http4sBadRequestSyntax(apply.BadRequest()).apply("JWT is valid but user struct is unreadable.", Nil$.MODULE$, monad, EntityEncoder$.MODULE$.stringEncoder(EntityEncoder$.MODULE$.stringEncoder$default$1())), monad).map(response -> {
                                    return (Option) ApplicativeIdOps$.MODULE$.pure$extension(package$all$.MODULE$.catsSyntaxApplicativeId(response), Invariant$.MODULE$.catsInstancesForOption());
                                });
                            }
                            map = map2;
                            return map;
                        }
                    }
                    if (z) {
                        Left left = (Either) some.value();
                        if (left instanceof Left) {
                            JwtException jwtException = (JwtException) left.value();
                            package$all$ package_all_ = package$all$.MODULE$;
                            Responses.BadRequestOps http4sBadRequestSyntax = apply.http4sBadRequestSyntax(apply.BadRequest());
                            if (jwtException instanceof JwtLengthException) {
                                obj = "JwtLengthException";
                            } else if (jwtException instanceof JwtValidationException) {
                                obj = "JwtValidationException";
                            } else if (jwtException instanceof JwtSignatureFormatException) {
                                obj = "JwtSignatureFormatException";
                            } else if (jwtException instanceof JwtEmptySignatureException) {
                                obj = "JwtEmptySignatureException";
                            } else if (jwtException instanceof JwtNonEmptySignatureException) {
                                obj = "JwtNonEmptySignatureException";
                            } else if (jwtException instanceof JwtEmptyAlgorithmException) {
                                obj = "JwtEmptyAlgorithmException";
                            } else if (jwtException instanceof JwtNonEmptyAlgorithmException) {
                                obj = "JwtNonEmptyAlgorithmException";
                            } else if (jwtException instanceof JwtExpirationException) {
                                obj = "JwtExpirationException";
                            } else if (jwtException instanceof JwtNotBeforeException) {
                                obj = "JwtNotBeforeException";
                            } else if (jwtException instanceof JwtNonSupportedAlgorithm) {
                                obj = "JwtNonSupportedAlgorithm";
                            } else if (jwtException instanceof JwtNonSupportedCurve) {
                                obj = "JwtNonSupportedCurve";
                            } else if (jwtException instanceof JwtNonStringException) {
                                obj = "JwtNonStringException";
                            } else if (jwtException instanceof JwtNonStringSetOrStringException) {
                                obj = "JwtNonStringSetOrStringException";
                            } else {
                                if (!(jwtException instanceof JwtNonNumberException)) {
                                    throw new MatchError(jwtException);
                                }
                                obj = "JwtNonNumberException";
                            }
                            map = package_all_.toFunctorOps(http4sBadRequestSyntax.apply(obj, Nil$.MODULE$, monad, EntityEncoder$.MODULE$.stringEncoder(EntityEncoder$.MODULE$.stringEncoder$default$1())), monad).map(response2 -> {
                                return (Option) ApplicativeIdOps$.MODULE$.pure$extension(package$all$.MODULE$.catsSyntaxApplicativeId(response2), Invariant$.MODULE$.catsInstancesForOption());
                            });
                            return map;
                        }
                    }
                    if (!None$.MODULE$.equals(option)) {
                        throw new MatchError(option);
                    }
                    map = package$all$.MODULE$.toFunctorOps(apply.http4sForbiddenSyntax(apply.Forbidden()).apply(Nil$.MODULE$, monad), monad).map(response3 -> {
                        return (Option) ApplicativeIdOps$.MODULE$.pure$extension(package$all$.MODULE$.catsSyntaxApplicativeId(response3), Invariant$.MODULE$.catsInstancesForOption());
                    });
                    return map;
                }));
            });
        };
    }

    private SsoMiddleware$() {
    }
}
