package me.wojnowski.googlecloud4s.auth;

import cats.Bifunctor$;
import cats.Invariant$;
import cats.effect.kernel.Ref;
import cats.effect.kernel.Ref$ApplyBuilders$;
import cats.effect.kernel.Ref$Make$;
import cats.effect.kernel.Sync;
import cats.effect.kernel.Sync$;
import cats.effect.package$;
import cats.syntax.ApplicativeErrorIdOps$;
import cats.syntax.ApplicativeErrorOps$;
import cats.syntax.ApplicativeIdOps$;
import cats.syntax.EitherIdOps$;
import cats.syntax.EitherOps$;
import cats.syntax.package$all$;
import io.circe.Decoder$;
import io.circe.KeyDecoder$;
import java.io.ByteArrayInputStream;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import me.wojnowski.googlecloud4s.auth.PublicKeyProvider;
import scala.$less$colon$less$;
import scala.MatchError;
import scala.Predef$;
import scala.StringContext;
import scala.Tuple2;
import scala.UninitializedFieldError;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.reflect.ClassTag$;
import scala.runtime.ScalaRunTime$;
import scala.util.Either;
import scala.util.Left;
import scala.util.Right;
import scala.util.Try$;
import sttp.client3.IsOption$;
import sttp.client3.ResponseException;
import sttp.client3.SttpBackend;
import sttp.model.Uri;

/* compiled from: PublicKeyProvider.scala */
/* loaded from: input_file:me/wojnowski/googlecloud4s/auth/PublicKeyProvider$.class */
public final class PublicKeyProvider$ {
    public static final PublicKeyProvider$ MODULE$ = new PublicKeyProvider$();
    private static final CertificateFactory me$wojnowski$googlecloud4s$auth$PublicKeyProvider$$certificateFactory = CertificateFactory.getInstance("X.509");
    private static final KeyFactory me$wojnowski$googlecloud4s$auth$PublicKeyProvider$$rsaKeyFactory = KeyFactory.getInstance("RSA");
    private static volatile byte bitmap$init$0;

    static {
        bitmap$init$0 = (byte) (bitmap$init$0 | 1);
        bitmap$init$0 = (byte) (bitmap$init$0 | 2);
    }

    public CertificateFactory me$wojnowski$googlecloud4s$auth$PublicKeyProvider$$certificateFactory() {
        if (((byte) (bitmap$init$0 & 1)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /home/runner/work/googlecloud4s/googlecloud4s/auth/src/main/scala/me/wojnowski/googlecloud4s/auth/PublicKeyProvider.scala: 35");
        }
        CertificateFactory certificateFactory = me$wojnowski$googlecloud4s$auth$PublicKeyProvider$$certificateFactory;
        return me$wojnowski$googlecloud4s$auth$PublicKeyProvider$$certificateFactory;
    }

    public KeyFactory me$wojnowski$googlecloud4s$auth$PublicKeyProvider$$rsaKeyFactory() {
        if (((byte) (bitmap$init$0 & 2)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /home/runner/work/googlecloud4s/googlecloud4s/auth/src/main/scala/me/wojnowski/googlecloud4s/auth/PublicKeyProvider.scala: 37");
        }
        KeyFactory keyFactory = me$wojnowski$googlecloud4s$auth$PublicKeyProvider$$rsaKeyFactory;
        return me$wojnowski$googlecloud4s$auth$PublicKeyProvider$$rsaKeyFactory;
    }

    public <F> F cached(PublicKeyProvider<F> publicKeyProvider, Sync<F> sync) {
        return (F) package$all$.MODULE$.toFunctorOps(Ref$ApplyBuilders$.MODULE$.of$extension(package$.MODULE$.Ref().apply(Ref$Make$.MODULE$.syncInstance(sync)), Predef$.MODULE$.Map().empty()), sync).map(ref -> {
            return new PublicKeyProvider<F>(ref, sync, publicKeyProvider) { // from class: me.wojnowski.googlecloud4s.auth.PublicKeyProvider$$anon$1
                private final Ref keyRef$1;
                private final Sync evidence$1$1;
                private final PublicKeyProvider delegate$1;

                @Override // me.wojnowski.googlecloud4s.auth.PublicKeyProvider
                public F getKey(String str) {
                    return (F) package$all$.MODULE$.toFlatMapOps(package$all$.MODULE$.toFunctorOps(this.keyRef$1.get(), this.evidence$1$1).map(map -> {
                        return map.get(str);
                    }), this.evidence$1$1).flatMap(option -> {
                        return package$all$.MODULE$.toFunctorOps(option.fold(() -> {
                            return this.refreshAndGet(str);
                        }, publicKey -> {
                            return ApplicativeIdOps$.MODULE$.pure$extension(package$all$.MODULE$.catsSyntaxApplicativeId(EitherIdOps$.MODULE$.asRight$extension(package$all$.MODULE$.catsSyntaxEitherId(publicKey))), this.evidence$1$1);
                        }), this.evidence$1$1).map(either -> {
                            return either;
                        });
                    });
                }

                @Override // me.wojnowski.googlecloud4s.auth.PublicKeyProvider
                public F getAllKeys() {
                    return (F) this.delegate$1.getAllKeys();
                }

                /* JADX INFO: Access modifiers changed from: private */
                public F refreshAndGet(String str) {
                    return (F) package$all$.MODULE$.toFlatMapOps(this.delegate$1.getAllKeys(), this.evidence$1$1).flatMap(either -> {
                        if (either instanceof Right) {
                            Map map = (Map) ((Right) either).value();
                            return this.keyRef$1.modify(map2 -> {
                                Map collect = map.collect(new PublicKeyProvider$$anon$1$$anonfun$1(null));
                                return new Tuple2(collect, collect.get(str).toRight(() -> {
                                    return new PublicKeyProvider.Error.CouldNotFindPublicKey(str);
                                }));
                            });
                        }
                        if (!(either instanceof Left)) {
                            throw new MatchError(either);
                        }
                        return Sync$.MODULE$.apply(this.evidence$1$1).raiseError((PublicKeyProvider.Error) ((Left) either).value());
                    });
                }

                {
                    this.keyRef$1 = ref;
                    this.evidence$1$1 = sync;
                    this.delegate$1 = publicKeyProvider;
                }
            };
        });
    }

    public <F> PublicKeyProvider<F> googleV1(final Uri uri, final Sync<F> sync, final SttpBackend<F, Object> sttpBackend) {
        return new PublicKeyProvider<F>(sync, sttpBackend, uri) { // from class: me.wojnowski.googlecloud4s.auth.PublicKeyProvider$$anon$2
            private final Sync evidence$2$1;
            private final SttpBackend backend$1;
            private final Uri certificatesLocation$1;

            @Override // me.wojnowski.googlecloud4s.auth.PublicKeyProvider
            public F getKey(String str) {
                return (F) package$all$.MODULE$.toFunctorOps(getAllKeys(), this.evidence$2$1).map(either -> {
                    return either.flatMap(map -> {
                        return map.get(str).toRight(() -> {
                            return new PublicKeyProvider.Error.CouldNotFindPublicKey(str);
                        }).flatten($less$colon$less$.MODULE$.refl());
                    });
                });
            }

            @Override // me.wojnowski.googlecloud4s.auth.PublicKeyProvider
            public F getAllKeys() {
                return (F) package$all$.MODULE$.toFunctorOps(this.backend$1.send(sttp.client3.package$.MODULE$.basicRequest().get(this.certificatesLocation$1).response(sttp.client3.circe.package$.MODULE$.asJson(Decoder$.MODULE$.decodeMap(KeyDecoder$.MODULE$.decodeKeyString(), Decoder$.MODULE$.decodeString()), IsOption$.MODULE$.otherIsNotOption()))), this.evidence$2$1).map(response -> {
                    Right right = (Either) response.body();
                    if (right instanceof Right) {
                        return EitherIdOps$.MODULE$.asRight$extension(package$all$.MODULE$.catsSyntaxEitherId(package$all$.MODULE$.toFunctorOps((Map) right.value(), Invariant$.MODULE$.catsFlatMapForMap()).fmap(str -> {
                            return this.fromX509CertificateString(str);
                        })));
                    }
                    if (!(right instanceof Left)) {
                        throw new MatchError(right);
                    }
                    return EitherIdOps$.MODULE$.asLeft$extension(package$all$.MODULE$.catsSyntaxEitherId(new PublicKeyProvider.Error.CouldNotParseResponse((ResponseException) ((Left) right).value())));
                });
            }

            /* JADX INFO: Access modifiers changed from: private */
            public Either<PublicKeyProvider.Error, PublicKey> fromX509CertificateString(String str) {
                return EitherOps$.MODULE$.leftMap$extension(package$all$.MODULE$.catsSyntaxEither(Try$.MODULE$.apply(() -> {
                    return PublicKeyProvider$.MODULE$.me$wojnowski$googlecloud4s$auth$PublicKeyProvider$$certificateFactory().generateCertificate(new ByteArrayInputStream(str.getBytes())).getPublicKey();
                }).toEither()), th -> {
                    return new PublicKeyProvider.Error.CouldNotDecodeKey(th);
                });
            }

            {
                this.evidence$2$1 = sync;
                this.backend$1 = sttpBackend;
                this.certificatesLocation$1 = uri;
            }
        };
    }

    public <F> Uri googleV1$default$1() {
        return sttp.client3.package$.MODULE$.UriContext(new StringContext(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{"https://www.googleapis.com/oauth2/v1/certs"}))).uri(Nil$.MODULE$);
    }

    public <F> PublicKeyProvider<F> jwk(final Uri uri, final Sync<F> sync, final SttpBackend<F, Object> sttpBackend) {
        return new PublicKeyProvider<F>(sync, sttpBackend, uri) { // from class: me.wojnowski.googlecloud4s.auth.PublicKeyProvider$$anon$3
            private final Sync evidence$3$1;
            private final SttpBackend backend$2;
            private final Uri certificatesLocation$2;

            @Override // me.wojnowski.googlecloud4s.auth.PublicKeyProvider
            public F getKey(String str) {
                return (F) package$all$.MODULE$.toFunctorOps(getAllKeys(), this.evidence$3$1).map(either -> {
                    return either.flatMap(map -> {
                        return map.get(str).toRight(() -> {
                            return new PublicKeyProvider.Error.CouldNotFindPublicKey(str);
                        }).flatten($less$colon$less$.MODULE$.refl());
                    });
                });
            }

            @Override // me.wojnowski.googlecloud4s.auth.PublicKeyProvider
            public F getAllKeys() {
                return (F) ApplicativeErrorOps$.MODULE$.attemptNarrow$extension(package$all$.MODULE$.catsSyntaxApplicativeError(package$all$.MODULE$.toFlatMapOps(this.backend$2.send(sttp.client3.package$.MODULE$.basicRequest().get(this.certificatesLocation$2).response(sttp.client3.circe.package$.MODULE$.asJson(PublicKeyProvider$JsonWebKeySet$.MODULE$.decoder(), IsOption$.MODULE$.otherIsNotOption()))), this.evidence$3$1).flatMap(response -> {
                    PublicKeyProvider.JsonWebKeySet jsonWebKeySet;
                    Right right = (Either) response.body();
                    if ((right instanceof Right) && (jsonWebKeySet = (PublicKeyProvider.JsonWebKeySet) right.value()) != null) {
                        return ApplicativeIdOps$.MODULE$.pure$extension(package$all$.MODULE$.catsSyntaxApplicativeId(jsonWebKeySet.keys().map(jsonWebKey -> {
                            return new Tuple2(jsonWebKey.keyId(), package$all$.MODULE$.toBifunctorOps(jsonWebKey.toPublicKey(), Bifunctor$.MODULE$.catsBifunctorForEither()).leftWiden());
                        }).toMap($less$colon$less$.MODULE$.refl())), this.evidence$3$1);
                    }
                    if (right instanceof Left) {
                        return ApplicativeErrorIdOps$.MODULE$.raiseError$extension(package$all$.MODULE$.catsSyntaxApplicativeErrorId(new PublicKeyProvider.Error.CouldNotParseResponse((ResponseException) ((Left) right).value())), this.evidence$3$1);
                    }
                    throw new MatchError(right);
                }), this.evidence$3$1), this.evidence$3$1, ClassTag$.MODULE$.apply(PublicKeyProvider.Error.class), $less$colon$less$.MODULE$.refl());
            }

            {
                this.evidence$3$1 = sync;
                this.backend$2 = sttpBackend;
                this.certificatesLocation$2 = uri;
            }
        };
    }

    public <F> Uri jwk$default$1() {
        return sttp.client3.package$.MODULE$.UriContext(new StringContext(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{"https://www.googleapis.com/oauth2/v3/certs"}))).uri(Nil$.MODULE$);
    }

    private PublicKeyProvider$() {
    }
}
