package me.wojnowski.oidc4s;

import cats.Invariant$;
import cats.Monad;
import cats.UnorderedFoldable$;
import cats.data.EitherT;
import cats.data.EitherT$;
import cats.data.EitherT$FromEitherPartiallyApplied$;
import cats.effect.kernel.Clock;
import cats.syntax.ApplicativeIdOps$;
import cats.syntax.EitherIdOps$;
import cats.syntax.EitherObjectOps$;
import cats.syntax.EitherOps$;
import cats.syntax.package$all$;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.security.Signature;
import java.time.Instant;
import java.util.Base64;
import me.wojnowski.oidc4s.IdTokenClaims;
import me.wojnowski.oidc4s.IdTokenVerifier;
import me.wojnowski.oidc4s.config.OpenIdConfig;
import me.wojnowski.oidc4s.config.OpenIdConnectDiscovery;
import me.wojnowski.oidc4s.json.JsonDecoder;
import me.wojnowski.oidc4s.json.JsonDecoder$;
import me.wojnowski.oidc4s.json.JsonDecoder$ClaimsDecoder$;
import me.wojnowski.oidc4s.json.JsonSupport;
import scala.$less$colon$less$;
import scala.Array$;
import scala.Array$UnapplySeqWrapper$;
import scala.Function1;
import scala.MatchError;
import scala.Predef$;
import scala.Tuple2;
import scala.Tuple2$;
import scala.collection.StringOps$;
import scala.package$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.ScalaRunTime$;
import scala.util.Either;
import scala.util.Success;
import scala.util.Try$;

/* compiled from: IdTokenVerifier.scala */
/* loaded from: input_file:me/wojnowski/oidc4s/IdTokenVerifier$.class */
public final class IdTokenVerifier$ implements Serializable {
    public static final IdTokenVerifier$Error$ Error = null;
    public static final IdTokenVerifier$ MODULE$ = new IdTokenVerifier$();

    private IdTokenVerifier$() {
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(IdTokenVerifier$.class);
    }

    public <F> IdTokenVerifier<F> create(PublicKeyProvider<F> publicKeyProvider, OpenIdConnectDiscovery<F> openIdConnectDiscovery, JsonSupport jsonSupport, Monad<F> monad, Clock<F> clock) {
        return discovery(publicKeyProvider, openIdConnectDiscovery, jsonSupport, monad, clock);
    }

    public <F> IdTokenVerifier<F> discovery(PublicKeyProvider<F> publicKeyProvider, OpenIdConnectDiscovery<F> openIdConnectDiscovery, JsonSupport jsonSupport, Monad<F> monad, Clock<F> clock) {
        return instance(publicKeyProvider, package$all$.MODULE$.toFunctorOps(openIdConnectDiscovery.getConfig(), monad).map(either -> {
            return EitherOps$.MODULE$.bimap$extension(package$all$.MODULE$.catsSyntaxEither(either), error -> {
                return IdTokenVerifier$Error$CouldNotDiscoverConfig$.MODULE$.apply(error);
            }, openIdConfig -> {
                return new Issuer(discovery$$anonfun$1$$anonfun$2(openIdConfig));
            });
        }), jsonSupport, monad, clock);
    }

    /* renamed from: static, reason: not valid java name */
    public <F> IdTokenVerifier<F> m21static(PublicKeyProvider<F> publicKeyProvider, String str, JsonSupport jsonSupport, Monad<F> monad, Clock<F> clock) {
        return instance(publicKeyProvider, ApplicativeIdOps$.MODULE$.pure$extension((Either) package$all$.MODULE$.catsSyntaxApplicativeId(EitherIdOps$.MODULE$.asRight$extension((Issuer) package$all$.MODULE$.catsSyntaxEitherId(new Issuer(str)))), monad), jsonSupport, monad, clock);
    }

    public <F> IdTokenVerifier<F> instance(final PublicKeyProvider<F> publicKeyProvider, final Object obj, final JsonSupport jsonSupport, final Monad<F> monad, final Clock<F> clock) {
        return new IdTokenVerifier<F>(publicKeyProvider, obj, jsonSupport, monad, clock, this) { // from class: me.wojnowski.oidc4s.IdTokenVerifier$$anon$1
            private final PublicKeyProvider publicKeyProvider$1;
            private final Object issuerF$1;
            private final JsonSupport jsonSupport$1;
            private final Monad evidence$7$1;
            private final Clock evidence$8$1;

            {
                this.publicKeyProvider$1 = publicKeyProvider;
                this.issuerF$1 = obj;
                this.jsonSupport$1 = jsonSupport;
                this.evidence$7$1 = monad;
                this.evidence$8$1 = clock;
                if (this == null) {
                    throw new NullPointerException();
                }
            }

            @Override // me.wojnowski.oidc4s.IdTokenVerifier
            public Object verify(String str, String str2) {
                return package$all$.MODULE$.toFunctorOps(verifyAndDecode(str), this.evidence$7$1).map((v1) -> {
                    return IdTokenVerifier$.me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verify$$anonfun$1(r1, v1);
                });
            }

            @Override // me.wojnowski.oidc4s.IdTokenVerifier
            public Object verifyAndDecode(String str) {
                return verifyAndDecodeCustom(str, str2 -> {
                    return JsonDecoder$.MODULE$.apply(this.jsonSupport$1.idTokenDecoder()).decode(str2).map(IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecode$$anonfun$1$$anonfun$1);
                });
            }

            @Override // me.wojnowski.oidc4s.IdTokenVerifier
            public Object verifyAndDecodeCustom(String str, JsonDecoder jsonDecoder) {
                return internalVerifyAndDecode(str, IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecodeCustom$$anonfun$1, jsonDecoder);
            }

            @Override // me.wojnowski.oidc4s.IdTokenVerifier
            public Object verifyAndDecodeCustom(String str, String str2, JsonDecoder jsonDecoder) {
                return internalVerifyAndDecode(str, (v1) -> {
                    return IdTokenVerifier$.me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecodeCustom$$anonfun$2(r2, v1);
                }, jsonDecoder);
            }

            private Object internalVerifyAndDecode(String str, Function1 function1, JsonDecoder jsonDecoder) {
                return EitherT$.MODULE$.apply(this.issuerF$1).flatMap(obj2 -> {
                    return internalVerifyAndDecode$$anonfun$1(str, function1, jsonDecoder, obj2 == null ? null : ((Issuer) obj2).value());
                }, this.evidence$7$1).value();
            }

            private Either ensureExpectedIssuer(String str, String str2) {
                return package$.MODULE$.Either().cond(package$all$.MODULE$.catsSyntaxEq(new Issuer(str2), Issuer$.MODULE$.eq()).$eq$eq$eq(new Issuer(str)), IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$ensureExpectedIssuer$$anonfun$adapted$1, () -> {
                    return IdTokenVerifier$.me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$ensureExpectedIssuer$$anonfun$2(r3, r4);
                });
            }

            private Either ensureNotExpired(Instant instant, Instant instant2) {
                return EitherObjectOps$.MODULE$.raiseWhen$extension(package$all$.MODULE$.catsSyntaxEitherObject(package$.MODULE$.Either()), instant2.isBefore(instant), () -> {
                    return IdTokenVerifier$.me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$ensureNotExpired$$anonfun$1(r3);
                });
            }

            private Either decodeHeader(String str) {
                return EitherOps$.MODULE$.leftMap$extension(package$all$.MODULE$.catsSyntaxEither(JsonDecoder$.MODULE$.apply(this.jsonSupport$1.joseHeaderDecoder()).decode(str)), IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$decodeHeader$$anonfun$1);
            }

            private Either decodeJwtAndVerifySignature(String str, PublicKey publicKey, JoseHeader joseHeader, JsonDecoder jsonDecoder) {
                String[] split$extension = StringOps$.MODULE$.split$extension(Predef$.MODULE$.augmentString(str), '.');
                if (split$extension != null) {
                    Object unapplySeq = Array$.MODULE$.unapplySeq(split$extension);
                    if (Array$UnapplySeqWrapper$.MODULE$.lengthCompare$extension(unapplySeq, 3) == 0) {
                        String str2 = (String) Array$UnapplySeqWrapper$.MODULE$.apply$extension(unapplySeq, 0);
                        String str3 = (String) Array$UnapplySeqWrapper$.MODULE$.apply$extension(unapplySeq, 1);
                        return verifySignature(joseHeader.algorithm().fullName(), publicKey, str2, str3, (String) Array$UnapplySeqWrapper$.MODULE$.apply$extension(unapplySeq, 2)).flatMap(boxedUnit -> {
                            BoxedUnit boxedUnit = BoxedUnit.UNIT;
                            return parseClaims(str3, jsonDecoder).map(IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$decodeJwtAndVerifySignature$$anonfun$1$$anonfun$1);
                        });
                    }
                }
                return EitherIdOps$.MODULE$.asLeft$extension((IdTokenVerifier$Error$MalformedToken$) package$all$.MODULE$.catsSyntaxEitherId(IdTokenVerifier$Error$MalformedToken$.MODULE$));
            }

            private Either parseClaims(String str, JsonDecoder jsonDecoder) {
                return EitherOps$.MODULE$.leftMap$extension(package$all$.MODULE$.catsSyntaxEither(Try$.MODULE$.apply(() -> {
                    return IdTokenVerifier$.me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$parseClaims$$anonfun$1(r2);
                }).toEither()), IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$parseClaims$$anonfun$2).flatMap((v1) -> {
                    return IdTokenVerifier$.me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$parseClaims$$anonfun$3(r1, v1);
                });
            }

            private Either verifySignature(String str, PublicKey publicKey, String str2, String str3, String str4) {
                Success apply = Try$.MODULE$.apply(() -> {
                    return IdTokenVerifier$.me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifySignature$$anonfun$1(r1, r2, r3, r4, r5);
                });
                if ((apply instanceof Success) && true == BoxesRunTime.unboxToBoolean(apply.value())) {
                    return EitherObjectOps$.MODULE$.unit$extension(package$all$.MODULE$.catsSyntaxEitherObject(package$.MODULE$.Either()));
                }
                return EitherIdOps$.MODULE$.asLeft$extension((IdTokenVerifier$Error$InvalidSignature$) package$all$.MODULE$.catsSyntaxEitherId(IdTokenVerifier$Error$InvalidSignature$.MODULE$));
            }

            private Either extractHeaderJson(String str) {
                return EitherOps$.MODULE$.leftMap$extension(package$all$.MODULE$.catsSyntaxEither(Try$.MODULE$.apply(() -> {
                    return IdTokenVerifier$.me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$extractHeaderJson$$anonfun$1(r2);
                }).toEither()), IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$extractHeaderJson$$anonfun$2);
            }

            private final /* synthetic */ EitherT internalVerifyAndDecode$$anonfun$1(String str, Function1 function1, JsonDecoder jsonDecoder, String str2) {
                return EitherT$.MODULE$.liftF(cats.effect.package$.MODULE$.Clock().apply(this.evidence$8$1).realTimeInstant(), this.evidence$7$1).flatMap(instant -> {
                    return EitherT$FromEitherPartiallyApplied$.MODULE$.apply$extension(EitherT$.MODULE$.fromEither(), extractHeaderJson(str), this.evidence$7$1).flatMap(str3 -> {
                        return EitherT$FromEitherPartiallyApplied$.MODULE$.apply$extension(EitherT$.MODULE$.fromEither(), decodeHeader(str3), this.evidence$7$1).flatMap(joseHeader -> {
                            return EitherT$.MODULE$.apply(package$all$.MODULE$.toFunctorOps(this.publicKeyProvider$1.getKey(joseHeader.keyId()), this.evidence$7$1).map(IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$internalVerifyAndDecode$$anonfun$1$$anonfun$1$$anonfun$1$$anonfun$1$$anonfun$1)).flatMap(publicKey -> {
                                return EitherT$FromEitherPartiallyApplied$.MODULE$.apply$extension(EitherT$.MODULE$.fromEither(), decodeJwtAndVerifySignature(str, publicKey, joseHeader, jsonDecoder).flatMap(tuple2 -> {
                                    if (tuple2 == null) {
                                        throw new MatchError(tuple2);
                                    }
                                    Object _1 = tuple2._1();
                                    IdTokenClaims idTokenClaims = (IdTokenClaims) tuple2._2();
                                    return (Either) package$all$.MODULE$.toFunctorOps(package$all$.MODULE$.toTraverseOps(package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new Either[]{ensureNotExpired(instant, idTokenClaims.expiration()), ensureExpectedIssuer(idTokenClaims.issuer(), str2), (Either) function1.apply(idTokenClaims)})), UnorderedFoldable$.MODULE$.catsTraverseForList()).sequence($less$colon$less$.MODULE$.refl(), Invariant$.MODULE$.catsMonadErrorForEither()), Invariant$.MODULE$.catsMonadErrorForEither()).as(_1);
                                }), this.evidence$7$1).map(IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$internalVerifyAndDecode$$anonfun$1$$anonfun$1$$anonfun$1$$anonfun$1$$anonfun$2$$anonfun$2, this.evidence$7$1);
                            }, this.evidence$7$1);
                        }, this.evidence$7$1);
                    }, this.evidence$7$1);
                }, this.evidence$7$1);
            }
        };
    }

    private final /* synthetic */ String discovery$$anonfun$1$$anonfun$2(OpenIdConfig openIdConfig) {
        return openIdConfig.issuer();
    }

    private static final IdTokenVerifier.Error verify$$anonfun$1$$anonfun$1() {
        return IdTokenVerifier$Error$ClientIdDoesNotMatch$.MODULE$;
    }

    public static final /* synthetic */ Either me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verify$$anonfun$1(String str, Either either) {
        return EitherOps$.MODULE$.ensure$extension(package$all$.MODULE$.catsSyntaxEither(either), IdTokenVerifier$::verify$$anonfun$1$$anonfun$1, idTokenClaims -> {
            return idTokenClaims.matchesClientId(str);
        }).map(idTokenClaims2 -> {
            return new IdTokenClaims.Subject(idTokenClaims2.subject());
        });
    }

    public static final /* synthetic */ Tuple2 me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecode$$anonfun$1$$anonfun$1(IdTokenClaims idTokenClaims) {
        return Tuple2$.MODULE$.apply(idTokenClaims, idTokenClaims);
    }

    public static final /* synthetic */ Either me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecodeCustom$$anonfun$1(IdTokenClaims idTokenClaims) {
        return EitherObjectOps$.MODULE$.unit$extension(package$all$.MODULE$.catsSyntaxEitherObject(package$.MODULE$.Either()));
    }

    private static final void verifyAndDecodeCustom$$anonfun$2$$anonfun$1() {
    }

    private static final IdTokenVerifier$Error$ClientIdDoesNotMatch$ verifyAndDecodeCustom$$anonfun$2$$anonfun$2() {
        return IdTokenVerifier$Error$ClientIdDoesNotMatch$.MODULE$;
    }

    public static final /* synthetic */ Either me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecodeCustom$$anonfun$2(String str, IdTokenClaims idTokenClaims) {
        return package$.MODULE$.Either().cond(idTokenClaims.matchesClientId(str), () -> {
            verifyAndDecodeCustom$$anonfun$2$$anonfun$1();
            return BoxedUnit.UNIT;
        }, IdTokenVerifier$::verifyAndDecodeCustom$$anonfun$2$$anonfun$2);
    }

    public static final /* synthetic */ Either me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$internalVerifyAndDecode$$anonfun$1$$anonfun$1$$anonfun$1$$anonfun$1$$anonfun$1(Either either) {
        return EitherOps$.MODULE$.leftMap$extension(package$all$.MODULE$.catsSyntaxEither(either), error -> {
            return IdTokenVerifier$Error$CouldNotFindPublicKey$.MODULE$.apply(error);
        });
    }

    public static final /* synthetic */ Object me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$internalVerifyAndDecode$$anonfun$1$$anonfun$1$$anonfun$1$$anonfun$1$$anonfun$2$$anonfun$2(Object obj) {
        return obj;
    }

    private static final void ensureExpectedIssuer$$anonfun$1() {
    }

    public static /* bridge */ /* synthetic */ Object me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$ensureExpectedIssuer$$anonfun$adapted$1() {
        ensureExpectedIssuer$$anonfun$1();
        return BoxedUnit.UNIT;
    }

    public static final IdTokenVerifier.Error.UnexpectedIssuer me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$ensureExpectedIssuer$$anonfun$2(String str, String str2) {
        return IdTokenVerifier$Error$UnexpectedIssuer$.MODULE$.apply(str, str2);
    }

    public static final IdTokenVerifier.Error.TokenExpired me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$ensureNotExpired$$anonfun$1(Instant instant) {
        return IdTokenVerifier$Error$TokenExpired$.MODULE$.apply(instant);
    }

    private static final IdTokenVerifier.Error decodeHeader$$anonfun$1$$anonfun$1(String str) {
        return IdTokenVerifier$Error$CouldNotDecodeHeader$.MODULE$.apply(str);
    }

    public static final /* synthetic */ IdTokenVerifier.Error me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$decodeHeader$$anonfun$1(String str) {
        return (IdTokenVerifier.Error) IdTokenVerifier$Error$UnsupportedAlgorithm$.MODULE$.fromRawError(str).getOrElse(() -> {
            return decodeHeader$$anonfun$1$$anonfun$1(r1);
        });
    }

    public static final /* synthetic */ Tuple2 me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$decodeJwtAndVerifySignature$$anonfun$1$$anonfun$1(Tuple2 tuple2) {
        return tuple2;
    }

    public static final String me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$parseClaims$$anonfun$1(String str) {
        return new String(Base64.getUrlDecoder().decode(str));
    }

    public static final /* synthetic */ IdTokenVerifier.Error.CouldNotDecodeClaim me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$parseClaims$$anonfun$2(Throwable th) {
        return IdTokenVerifier$Error$CouldNotDecodeClaim$.MODULE$.apply(th.getMessage());
    }

    public static final /* synthetic */ Either me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$parseClaims$$anonfun$3(JsonDecoder jsonDecoder, String str) {
        return EitherOps$.MODULE$.leftMap$extension(package$all$.MODULE$.catsSyntaxEither(JsonDecoder$ClaimsDecoder$.MODULE$.apply(jsonDecoder).decode(str)), str2 -> {
            return IdTokenVerifier$Error$CouldNotDecodeClaim$.MODULE$.apply(str2);
        });
    }

    public static final boolean me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifySignature$$anonfun$1(String str, PublicKey publicKey, String str2, String str3, String str4) {
        byte[] decode = Base64.getUrlDecoder().decode(str4);
        Signature signature = Signature.getInstance(str);
        signature.initVerify(publicKey);
        signature.update(new StringBuilder(1).append(str2).append(".").append(str3).toString().getBytes(StandardCharsets.UTF_8));
        return signature.verify(decode);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final /* synthetic */ boolean extractHeaderJson$$anonfun$1$$anonfun$1(char c) {
        return c != '.';
    }

    public static final String me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$extractHeaderJson$$anonfun$1(String str) {
        return new String(Base64.getDecoder().decode(StringOps$.MODULE$.takeWhile$extension(Predef$.MODULE$.augmentString(str), obj -> {
            return extractHeaderJson$$anonfun$1$$anonfun$1(BoxesRunTime.unboxToChar(obj));
        })), StandardCharsets.UTF_8);
    }

    public static final /* synthetic */ IdTokenVerifier$Error$CouldNotExtractHeader$ me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$extractHeaderJson$$anonfun$2(Throwable th) {
        return IdTokenVerifier$Error$CouldNotExtractHeader$.MODULE$;
    }
}
