package me.wojnowski.oidc4s;

import cats.Invariant$;
import cats.Monad;
import cats.data.EitherT$;
import cats.data.EitherT$FromEitherPartiallyApplied$;
import cats.effect.kernel.Clock;
import cats.syntax.EitherOps$;
import cats.syntax.package$all$;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.time.Instant;
import java.time.ZoneId;
import java.util.Base64;
import me.wojnowski.oidc4s.IdTokenClaims;
import me.wojnowski.oidc4s.IdTokenVerifier;
import me.wojnowski.oidc4s.config.OpenIdConnectDiscovery;
import me.wojnowski.oidc4s.json.JsonDecoder$;
import me.wojnowski.oidc4s.json.JsonSupport;
import pdi.jwt.Jwt$;
import pdi.jwt.JwtAlgorithm$RS256$;
import pdi.jwt.JwtHeader;
import scala.MatchError;
import scala.Option;
import scala.Predef$;
import scala.Tuple2;
import scala.Tuple2$;
import scala.collection.StringOps$;
import scala.collection.immutable.Seq;
import scala.package$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.ScalaRunTime$;
import scala.util.Either;
import scala.util.Try$;

/* compiled from: IdTokenVerifier.scala */
/* loaded from: input_file:me/wojnowski/oidc4s/IdTokenVerifier$.class */
public final class IdTokenVerifier$ implements Serializable {
    public static final IdTokenVerifier$Result$ Result = null;
    public static final IdTokenVerifier$Error$ Error = null;
    public static final IdTokenVerifier$ MODULE$ = new IdTokenVerifier$();

    private IdTokenVerifier$() {
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(IdTokenVerifier$.class);
    }

    public <F> IdTokenVerifier<F> create(final PublicKeyProvider<F> publicKeyProvider, final OpenIdConnectDiscovery<F> openIdConnectDiscovery, final JsonSupport jsonSupport, final Monad<F> monad, final Clock<F> clock) {
        return new IdTokenVerifier<F>(publicKeyProvider, openIdConnectDiscovery, jsonSupport, monad, clock) { // from class: me.wojnowski.oidc4s.IdTokenVerifier$$anon$1
            private final PublicKeyProvider publicKeyProvider$1;
            private final OpenIdConnectDiscovery discovery$1;
            private final JsonSupport jsonSupport$1;
            private final Monad evidence$1$1;
            private final Clock evidence$2$1;
            private final Seq supportedAlgorithms = package$.MODULE$.Seq().apply(ScalaRunTime$.MODULE$.wrapRefArray(new JwtAlgorithm$RS256$[]{JwtAlgorithm$RS256$.MODULE$}));

            {
                this.publicKeyProvider$1 = publicKeyProvider;
                this.discovery$1 = openIdConnectDiscovery;
                this.jsonSupport$1 = jsonSupport;
                this.evidence$1$1 = monad;
                this.evidence$2$1 = clock;
            }

            @Override // me.wojnowski.oidc4s.IdTokenVerifier
            public Object verify(String str, String str2) {
                return package$all$.MODULE$.toFunctorOps(verifyAndDecode(str), this.evidence$1$1).map((v1) -> {
                    return IdTokenVerifier$.me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verify$$anonfun$1(r1, v1);
                });
            }

            @Override // me.wojnowski.oidc4s.IdTokenVerifier
            public Object verifyAndDecode(String str) {
                return package$all$.MODULE$.toFunctorOps(verifyAndDecodeFullResult(str), this.evidence$1$1).map(IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecode$$anonfun$1);
            }

            @Override // me.wojnowski.oidc4s.IdTokenVerifier
            public Object verifyAndDecodeFullResult(String str) {
                return EitherT$.MODULE$.apply(this.discovery$1.getConfig()).leftMap(IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecodeFullResult$$anonfun$1, this.evidence$1$1).flatMap(openIdConfig -> {
                    return EitherT$.MODULE$.liftF(cats.effect.package$.MODULE$.Clock().apply(this.evidence$2$1).realTimeInstant(), this.evidence$1$1).map(IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecodeFullResult$$anonfun$2$$anonfun$1, this.evidence$1$1).flatMap(tuple2 -> {
                        if (tuple2 == null) {
                            throw new MatchError(tuple2);
                        }
                        java.time.Clock clock2 = (java.time.Clock) tuple2._2();
                        return EitherT$FromEitherPartiallyApplied$.MODULE$.apply$extension(EitherT$.MODULE$.fromEither(), extractHeaderJson(str), this.evidence$1$1).flatMap(str2 -> {
                            return EitherT$FromEitherPartiallyApplied$.MODULE$.apply$extension(EitherT$.MODULE$.fromEither(), extractKid(str2), this.evidence$1$1).flatMap(str2 -> {
                                return EitherT$.MODULE$.apply(package$all$.MODULE$.toFunctorOps(this.publicKeyProvider$1.getKey(str2), this.evidence$1$1).map(IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecodeFullResult$$anonfun$2$$anonfun$2$$anonfun$1$$anonfun$1$$anonfun$1)).flatMap(publicKey -> {
                                    return EitherT$FromEitherPartiallyApplied$.MODULE$.apply$extension(EitherT$.MODULE$.fromEither(), decodeAndVerifyToken(str, clock2, publicKey, openIdConfig.issuer()), this.evidence$1$1).map((v1) -> {
                                        return IdTokenVerifier$.me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecodeFullResult$$anonfun$2$$anonfun$2$$anonfun$1$$anonfun$1$$anonfun$2$$anonfun$1(r1, v1);
                                    }, this.evidence$1$1).map(IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecodeFullResult$$anonfun$2$$anonfun$2$$anonfun$1$$anonfun$1$$anonfun$2$$anonfun$2, this.evidence$1$1);
                                }, this.evidence$1$1);
                            }, this.evidence$1$1);
                        }, this.evidence$1$1);
                    }, this.evidence$1$1);
                }, this.evidence$1$1).value();
            }

            private Either decodeAndVerifyToken(String str, java.time.Clock clock2, PublicKey publicKey, String str2) {
                return (Either) package$all$.MODULE$.toFlatMapOps(EitherOps$.MODULE$.leftMap$extension(package$all$.MODULE$.catsSyntaxEither(Jwt$.MODULE$.apply(clock2).decodeRaw(str, publicKey, this.supportedAlgorithms).toEither()), IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$decodeAndVerifyToken$$anonfun$1).flatMap(str3 -> {
                    return EitherOps$.MODULE$.leftMap$extension(package$all$.MODULE$.catsSyntaxEither(JsonDecoder$.MODULE$.apply(this.jsonSupport$1.idTokenDecoder()).decode(str3)), IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$decodeAndVerifyToken$$anonfun$2$$anonfun$1).map((v1) -> {
                        return IdTokenVerifier$.me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$decodeAndVerifyToken$$anonfun$2$$anonfun$2(r1, v1);
                    });
                }), Invariant$.MODULE$.catsMonadErrorForEither()).flatTap(tuple2 -> {
                    if (tuple2 != null) {
                        return ensureExpectedIssuer(((IdTokenClaims) tuple2._1()).issuer(), str2);
                    }
                    throw new MatchError(tuple2);
                });
            }

            private Either ensureExpectedIssuer(String str, String str2) {
                return package$.MODULE$.Either().cond(package$all$.MODULE$.catsSyntaxEq(new Issuer(str2), Issuer$.MODULE$.eq()).$eq$eq$eq(new Issuer(str)), IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$ensureExpectedIssuer$$anonfun$adapted$1, () -> {
                    return IdTokenVerifier$.me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$ensureExpectedIssuer$$anonfun$2(r3, r4);
                });
            }

            private Either extractKid(String str) {
                return JsonDecoder$.MODULE$.apply(this.jsonSupport$1.jwtHeaderDecoder()).decode(str).toOption().flatMap(IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$extractKid$$anonfun$1).toRight(IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$extractKid$$anonfun$2);
            }

            private Either extractHeaderJson(String str) {
                return EitherOps$.MODULE$.leftMap$extension(package$all$.MODULE$.catsSyntaxEither(Try$.MODULE$.apply(() -> {
                    return IdTokenVerifier$.me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$extractHeaderJson$$anonfun$1(r2);
                }).toEither()), IdTokenVerifier$::me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$extractHeaderJson$$anonfun$2);
            }
        };
    }

    private static final IdTokenVerifier.Error verify$$anonfun$1$$anonfun$1() {
        return IdTokenVerifier$Error$ClientIdDoesNotMatch$.MODULE$;
    }

    public static final /* synthetic */ Either me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verify$$anonfun$1(String str, Either either) {
        return EitherOps$.MODULE$.ensure$extension(package$all$.MODULE$.catsSyntaxEither(either), IdTokenVerifier$::verify$$anonfun$1$$anonfun$1, idTokenClaims -> {
            return idTokenClaims.matchesClientId(str);
        }).map(idTokenClaims2 -> {
            return new IdTokenClaims.Subject(idTokenClaims2.subject());
        });
    }

    public static final /* synthetic */ Either me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecode$$anonfun$1(Either either) {
        return either.map(result -> {
            return result.decodedClaims();
        });
    }

    public static final /* synthetic */ IdTokenVerifier.Error.CouldNotDiscoverConfig me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecodeFullResult$$anonfun$1(OpenIdConnectDiscovery.Error error) {
        return IdTokenVerifier$Error$CouldNotDiscoverConfig$.MODULE$.apply(error);
    }

    public static final /* synthetic */ Tuple2 me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecodeFullResult$$anonfun$2$$anonfun$1(Instant instant) {
        return Tuple2$.MODULE$.apply(instant, java.time.Clock.fixed(instant, ZoneId.of("UTC")));
    }

    public static final /* synthetic */ Either me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecodeFullResult$$anonfun$2$$anonfun$2$$anonfun$1$$anonfun$1$$anonfun$1(Either either) {
        return EitherOps$.MODULE$.leftMap$extension(package$all$.MODULE$.catsSyntaxEither(either), error -> {
            return IdTokenVerifier$Error$CouldNotFindPublicKey$.MODULE$.apply(error);
        });
    }

    public static final /* synthetic */ IdTokenVerifier.Result me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecodeFullResult$$anonfun$2$$anonfun$2$$anonfun$1$$anonfun$1$$anonfun$2$$anonfun$1(String str, Tuple2 tuple2) {
        if (tuple2 == null) {
            throw new MatchError(tuple2);
        }
        IdTokenClaims idTokenClaims = (IdTokenClaims) tuple2._1();
        return IdTokenVerifier$Result$.MODULE$.apply(str, (String) tuple2._2(), idTokenClaims);
    }

    public static final /* synthetic */ IdTokenVerifier.Result me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$verifyAndDecodeFullResult$$anonfun$2$$anonfun$2$$anonfun$1$$anonfun$1$$anonfun$2$$anonfun$2(IdTokenVerifier.Result result) {
        return result;
    }

    public static final /* synthetic */ IdTokenVerifier.Error me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$decodeAndVerifyToken$$anonfun$1(Throwable th) {
        return IdTokenVerifier$Error$JwtVerificationError$.MODULE$.apply(th);
    }

    public static final /* synthetic */ IdTokenVerifier.Error.CouldNotDecodeClaim me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$decodeAndVerifyToken$$anonfun$2$$anonfun$1(String str) {
        return IdTokenVerifier$Error$CouldNotDecodeClaim$.MODULE$.apply(str);
    }

    public static final /* synthetic */ Tuple2 me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$decodeAndVerifyToken$$anonfun$2$$anonfun$2(String str, IdTokenClaims idTokenClaims) {
        return Tuple2$.MODULE$.apply(idTokenClaims, str);
    }

    private static final void ensureExpectedIssuer$$anonfun$1() {
    }

    public static /* bridge */ /* synthetic */ Object me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$ensureExpectedIssuer$$anonfun$adapted$1() {
        ensureExpectedIssuer$$anonfun$1();
        return BoxedUnit.UNIT;
    }

    public static final IdTokenVerifier.Error.UnexpectedIssuer me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$ensureExpectedIssuer$$anonfun$2(String str, String str2) {
        return IdTokenVerifier$Error$UnexpectedIssuer$.MODULE$.apply(str, str2);
    }

    public static final /* synthetic */ Option me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$extractKid$$anonfun$1(JwtHeader jwtHeader) {
        return jwtHeader.keyId();
    }

    public static final IdTokenVerifier$Error$CouldNotExtractKeyId$ me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$extractKid$$anonfun$2() {
        return IdTokenVerifier$Error$CouldNotExtractKeyId$.MODULE$;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final /* synthetic */ boolean extractHeaderJson$$anonfun$1$$anonfun$1(char c) {
        return c != '.';
    }

    public static final String me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$extractHeaderJson$$anonfun$1(String str) {
        return new String(Base64.getDecoder().decode(StringOps$.MODULE$.takeWhile$extension(Predef$.MODULE$.augmentString(str), obj -> {
            return extractHeaderJson$$anonfun$1$$anonfun$1(BoxesRunTime.unboxToChar(obj));
        })), StandardCharsets.UTF_8);
    }

    public static final /* synthetic */ IdTokenVerifier$Error$CouldNotExtractHeader$ me$wojnowski$oidc4s$IdTokenVerifier$$anon$1$$_$extractHeaderJson$$anonfun$2(Throwable th) {
        return IdTokenVerifier$Error$CouldNotExtractHeader$.MODULE$;
    }
}
