package me.wojnowski.oidc4s;

import cats.Bifunctor$;
import cats.Invariant$;
import cats.Monad;
import cats.data.EitherT;
import cats.data.EitherT$;
import cats.data.EitherT$FromEitherPartiallyApplied$;
import cats.effect.kernel.Clock;
import cats.syntax.ApplicativeIdOps$;
import cats.syntax.EitherIdOps$;
import cats.syntax.EitherObjectOps$;
import cats.syntax.EitherOps$;
import cats.syntax.package$all$;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.time.ZoneId;
import java.util.Base64;
import me.wojnowski.oidc4s.IdTokenClaims;
import me.wojnowski.oidc4s.IdTokenVerifier;
import me.wojnowski.oidc4s.config.OpenIdConnectDiscovery;
import me.wojnowski.oidc4s.json.JsonDecoder;
import me.wojnowski.oidc4s.json.JsonDecoder$;
import me.wojnowski.oidc4s.json.JsonSupport;
import pdi.jwt.Jwt$;
import pdi.jwt.JwtAlgorithm$RS256$;
import pdi.jwt.JwtAlgorithm$RS384$;
import pdi.jwt.JwtAlgorithm$RS512$;
import pdi.jwt.algorithms.JwtRSAAlgorithm;
import scala.Function1;
import scala.MatchError;
import scala.Predef$;
import scala.Tuple2;
import scala.collection.StringOps$;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Seq;
import scala.package$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.util.Either;
import scala.util.Try$;

/* compiled from: IdTokenVerifier.scala */
/* loaded from: input_file:me/wojnowski/oidc4s/IdTokenVerifier$.class */
public final class IdTokenVerifier$ {
    public static final IdTokenVerifier$ MODULE$ = new IdTokenVerifier$();

    public <F> IdTokenVerifier<F> create(PublicKeyProvider<F> publicKeyProvider, OpenIdConnectDiscovery<F> openIdConnectDiscovery, JsonSupport jsonSupport, Monad<F> monad, Clock<F> clock) {
        return discovery(publicKeyProvider, openIdConnectDiscovery, jsonSupport, monad, clock);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <F> IdTokenVerifier<F> discovery(PublicKeyProvider<F> publicKeyProvider, OpenIdConnectDiscovery<F> openIdConnectDiscovery, JsonSupport jsonSupport, Monad<F> monad, Clock<F> clock) {
        return instance(publicKeyProvider, package$all$.MODULE$.toFunctorOps(openIdConnectDiscovery.getConfig(), monad).map(either -> {
            return EitherOps$.MODULE$.bimap$extension(package$all$.MODULE$.catsSyntaxEither(either), error -> {
                return new IdTokenVerifier.Error.CouldNotDiscoverConfig(error);
            }, openIdConfig -> {
                return new Issuer(openIdConfig.issuer());
            });
        }), jsonSupport, monad, clock);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* renamed from: static, reason: not valid java name */
    public <F> IdTokenVerifier<F> m12static(PublicKeyProvider<F> publicKeyProvider, String str, JsonSupport jsonSupport, Monad<F> monad, Clock<F> clock) {
        return instance(publicKeyProvider, ApplicativeIdOps$.MODULE$.pure$extension(package$all$.MODULE$.catsSyntaxApplicativeId(EitherIdOps$.MODULE$.asRight$extension(package$all$.MODULE$.catsSyntaxEitherId(new Issuer(str)))), monad), jsonSupport, monad, clock);
    }

    public <F> IdTokenVerifier<F> instance(final PublicKeyProvider<F> publicKeyProvider, final F f, final JsonSupport jsonSupport, final Monad<F> monad, final Clock<F> clock) {
        return new IdTokenVerifier<F>(monad, jsonSupport, f, clock, publicKeyProvider) { // from class: me.wojnowski.oidc4s.IdTokenVerifier$$anon$1
            private final Seq<JwtRSAAlgorithm> supportedAlgorithms = new $colon.colon(JwtAlgorithm$RS256$.MODULE$, new $colon.colon(JwtAlgorithm$RS384$.MODULE$, new $colon.colon(JwtAlgorithm$RS512$.MODULE$, Nil$.MODULE$)));
            private final Monad evidence$7$1;
            private final JsonSupport jsonSupport$1;
            private final Object issuerF$1;
            private final Clock evidence$8$1;
            private final PublicKeyProvider publicKeyProvider$1;

            private Seq<JwtRSAAlgorithm> supportedAlgorithms() {
                return this.supportedAlgorithms;
            }

            @Override // me.wojnowski.oidc4s.IdTokenVerifier
            public F verify(String str, String str2) {
                return (F) package$all$.MODULE$.toFunctorOps(verifyAndDecode(str), this.evidence$7$1).map(either -> {
                    return EitherOps$.MODULE$.ensure$extension(package$all$.MODULE$.catsSyntaxEither(either), () -> {
                        return IdTokenVerifier$Error$ClientIdDoesNotMatch$.MODULE$;
                    }, idTokenClaims -> {
                        return BoxesRunTime.boxToBoolean($anonfun$verify$3(str2, idTokenClaims));
                    }).map(idTokenClaims2 -> {
                        return new IdTokenClaims.Subject(idTokenClaims2.subject());
                    });
                });
            }

            @Override // me.wojnowski.oidc4s.IdTokenVerifier
            public F verifyAndDecode(String str) {
                return verifyAndDecodeCustom(str, str2 -> {
                    return JsonDecoder$.MODULE$.apply(this.jsonSupport$1.idTokenDecoder()).decode(str2).map(idTokenClaims -> {
                        return new Tuple2(idTokenClaims, idTokenClaims);
                    });
                });
            }

            @Override // me.wojnowski.oidc4s.IdTokenVerifier
            public <A> F verifyAndDecodeCustom(String str, JsonDecoder<Tuple2<A, IdTokenClaims>> jsonDecoder) {
                return internalVerifyAndDecode(str, idTokenClaims -> {
                    return EitherObjectOps$.MODULE$.unit$extension(package$all$.MODULE$.catsSyntaxEitherObject(package$.MODULE$.Either()));
                }, jsonDecoder);
            }

            @Override // me.wojnowski.oidc4s.IdTokenVerifier
            public <A> F verifyAndDecodeCustom(String str, String str2, JsonDecoder<Tuple2<A, IdTokenClaims>> jsonDecoder) {
                return internalVerifyAndDecode(str, idTokenClaims -> {
                    return package$.MODULE$.Either().cond(idTokenClaims.matchesClientId(str2), () -> {
                    }, () -> {
                        return IdTokenVerifier$Error$ClientIdDoesNotMatch$.MODULE$;
                    });
                }, jsonDecoder);
            }

            private <A> F internalVerifyAndDecode(String str, Function1<IdTokenClaims, Either<IdTokenVerifier.Error, BoxedUnit>> function1, JsonDecoder<Tuple2<A, IdTokenClaims>> jsonDecoder) {
                return (F) new EitherT(this.issuerF$1).flatMap(obj -> {
                    return $anonfun$internalVerifyAndDecode$1(this, str, jsonDecoder, function1, ((Issuer) obj).value());
                }, this.evidence$7$1).value();
            }

            private <A> Either<IdTokenVerifier.Error, A> decodeAndVerifyToken(String str, java.time.Clock clock2, PublicKey publicKey, JsonDecoder<A> jsonDecoder) {
                return EitherOps$.MODULE$.leftMap$extension(package$all$.MODULE$.catsSyntaxEither(Jwt$.MODULE$.apply(clock2).decodeRaw(str, publicKey, supportedAlgorithms()).toEither()), th -> {
                    return new IdTokenVerifier.Error.JwtVerificationError(th);
                }).flatMap(str2 -> {
                    return EitherOps$.MODULE$.leftMap$extension(package$all$.MODULE$.catsSyntaxEither(JsonDecoder$.MODULE$.apply(jsonDecoder).decode(str2)), str2 -> {
                        return new IdTokenVerifier.Error.CouldNotDecodeClaim(str2);
                    });
                });
            }

            private Either<IdTokenVerifier.Error.UnexpectedIssuer, BoxedUnit> ensureExpectedIssuer(String str, String str2) {
                return package$.MODULE$.Either().cond(package$all$.MODULE$.catsSyntaxEq(new Issuer(str2), Issuer$.MODULE$.eq()).$eq$eq$eq(new Issuer(str)), () -> {
                }, () -> {
                    return new IdTokenVerifier.Error.UnexpectedIssuer(str, str2);
                });
            }

            private Either<IdTokenVerifier$Error$CouldNotExtractKeyId$, String> extractKid(String str) {
                return JsonDecoder$.MODULE$.apply(this.jsonSupport$1.jwtHeaderDecoder()).decode(str).toOption().flatMap(jwtHeader -> {
                    return jwtHeader.keyId();
                }).toRight(() -> {
                    return IdTokenVerifier$Error$CouldNotExtractKeyId$.MODULE$;
                });
            }

            private Either<IdTokenVerifier$Error$CouldNotExtractHeader$, String> extractHeaderJson(String str) {
                return EitherOps$.MODULE$.leftMap$extension(package$all$.MODULE$.catsSyntaxEither(Try$.MODULE$.apply(() -> {
                    return new String(Base64.getDecoder().decode(StringOps$.MODULE$.takeWhile$extension(Predef$.MODULE$.augmentString(str), obj -> {
                        return BoxesRunTime.boxToBoolean($anonfun$extractHeaderJson$2(BoxesRunTime.unboxToChar(obj)));
                    })), StandardCharsets.UTF_8);
                }).toEither()), th -> {
                    return IdTokenVerifier$Error$CouldNotExtractHeader$.MODULE$;
                });
            }

            public static final /* synthetic */ boolean $anonfun$verify$3(String str, IdTokenClaims idTokenClaims) {
                return idTokenClaims.matchesClientId(str);
            }

            public static final /* synthetic */ EitherT $anonfun$internalVerifyAndDecode$1(IdTokenVerifier$$anon$1 idTokenVerifier$$anon$1, String str, JsonDecoder jsonDecoder, Function1 function1, String str2) {
                return EitherT$.MODULE$.liftF(cats.effect.package$.MODULE$.Clock().apply(idTokenVerifier$$anon$1.evidence$8$1).realTimeInstant(), idTokenVerifier$$anon$1.evidence$7$1).map(instant -> {
                    return new Tuple2(instant, java.time.Clock.fixed(instant, ZoneId.of("UTC")));
                }, idTokenVerifier$$anon$1.evidence$7$1).flatMap(tuple2 -> {
                    if (tuple2 == null) {
                        throw new MatchError(tuple2);
                    }
                    java.time.Clock clock2 = (java.time.Clock) tuple2._2();
                    return EitherT$FromEitherPartiallyApplied$.MODULE$.apply$extension(EitherT$.MODULE$.fromEither(), idTokenVerifier$$anon$1.extractHeaderJson(str), idTokenVerifier$$anon$1.evidence$7$1).flatMap(str3 -> {
                        return EitherT$FromEitherPartiallyApplied$.MODULE$.apply$extension(EitherT$.MODULE$.fromEither(), idTokenVerifier$$anon$1.extractKid(str3), idTokenVerifier$$anon$1.evidence$7$1).flatMap(str3 -> {
                            return new EitherT(package$all$.MODULE$.toFunctorOps(idTokenVerifier$$anon$1.publicKeyProvider$1.getKey(str3), idTokenVerifier$$anon$1.evidence$7$1).map(either -> {
                                return EitherOps$.MODULE$.leftMap$extension(package$all$.MODULE$.catsSyntaxEither(either), error -> {
                                    return new IdTokenVerifier.Error.CouldNotFindPublicKey(error);
                                });
                            })).flatMap(publicKey -> {
                                return EitherT$FromEitherPartiallyApplied$.MODULE$.apply$extension(EitherT$.MODULE$.fromEither(), idTokenVerifier$$anon$1.decodeAndVerifyToken(str, clock2, publicKey, jsonDecoder).flatMap(tuple2 -> {
                                    if (tuple2 == null) {
                                        throw new MatchError(tuple2);
                                    }
                                    Object _1 = tuple2._1();
                                    IdTokenClaims idTokenClaims = (IdTokenClaims) tuple2._2();
                                    return (Either) package$all$.MODULE$.toFunctorOps(package$all$.MODULE$.toFlatMapOps(package$all$.MODULE$.toBifunctorOps(idTokenVerifier$$anon$1.ensureExpectedIssuer(idTokenClaims.issuer(), str2), Bifunctor$.MODULE$.catsBifunctorForEither()).leftWiden(), Invariant$.MODULE$.catsMonadErrorForEither()).flatTap(boxedUnit -> {
                                        return (Either) function1.apply(idTokenClaims);
                                    }), Invariant$.MODULE$.catsMonadErrorForEither()).as(_1);
                                }), idTokenVerifier$$anon$1.evidence$7$1).map(obj -> {
                                    return obj;
                                }, idTokenVerifier$$anon$1.evidence$7$1);
                            }, idTokenVerifier$$anon$1.evidence$7$1);
                        }, idTokenVerifier$$anon$1.evidence$7$1);
                    }, idTokenVerifier$$anon$1.evidence$7$1);
                }, idTokenVerifier$$anon$1.evidence$7$1);
            }

            public static final /* synthetic */ boolean $anonfun$extractHeaderJson$2(char c) {
                return c != '.';
            }

            {
                this.evidence$7$1 = monad;
                this.jsonSupport$1 = jsonSupport;
                this.issuerF$1 = f;
                this.evidence$8$1 = clock;
                this.publicKeyProvider$1 = publicKeyProvider;
            }
        };
    }

    private IdTokenVerifier$() {
    }
}
