package org.http4s.server.middleware;

import cats.Applicative;
import cats.Applicative$;
import cats.arrow.FunctionK;
import cats.effect.Sync;
import cats.effect.Sync$;
import cats.syntax.package$all$;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.time.Clock;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.http4s.Header;
import org.http4s.Headers$;
import org.http4s.MediaType;
import org.http4s.MediaType$;
import org.http4s.ParseFailure;
import org.http4s.Request;
import org.http4s.RequestCookie;
import org.http4s.Response;
import org.http4s.Response$;
import org.http4s.Status$;
import org.http4s.Uri;
import org.http4s.Uri$;
import org.http4s.UrlForm;
import org.http4s.UrlForm$;
import org.http4s.headers.Content$minusType;
import org.http4s.headers.Content$minusType$;
import org.http4s.headers.Cookie$;
import org.http4s.headers.Host;
import org.http4s.headers.Host$;
import org.http4s.headers.Origin$;
import org.http4s.headers.Referer;
import org.http4s.headers.Referer$;
import org.http4s.headers.X$minusForwarded$minusFor;
import org.http4s.headers.X$minusForwarded$minusFor$;
import org.http4s.internal.package$;
import org.http4s.server.middleware.CSRF;
import org.http4s.util.CaseInsensitiveString$;
import scala.Function1;
import scala.Function2;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Some;
import scala.collection.immutable.Map;
import scala.runtime.BoxesRunTime;
import scala.util.Either;
import scala.util.Left;
import scala.util.Right;

/* compiled from: CSRF.scala */
/* loaded from: input_file:WEB-INF/lib/http4s-server_2.13-0.21.28.jar:org/http4s/server/middleware/CSRF$.class */
public final class CSRF$ {
    public static final CSRF$ MODULE$ = new CSRF$();
    private static final String SigningAlgo = "HmacSHA1";
    private static final int SHA1ByteLen = 20;
    private static final int CSRFTokenLength = 32;
    private static final int InitialSeedArraySize = 20;
    private static final SecureRandom CachedRandom;

    static {
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.nextBytes(new byte[MODULE$.InitialSeedArraySize()]);
        CachedRandom = secureRandom;
    }

    public <F, G> CSRF.CSRFBuilder<F, G> apply(SecretKey secretKey, Function1<Request<G>, Object> function1, Sync<F> sync, Applicative<G> applicative) {
        return new CSRF.CSRFBuilder<>(CaseInsensitiveString$.MODULE$.apply("X-Csrf-Token"), new CSRF.CookieSettings("csrf-token", false, true, CSRF$CookieSettings$.MODULE$.apply$default$4(), new Some("/"), CSRF$CookieSettings$.MODULE$.apply$default$6(), CSRF$CookieSettings$.MODULE$.apply$default$7()), Clock.systemUTC(), new Response(Status$.MODULE$.Forbidden(), Response$.MODULE$.apply$default$2(), Response$.MODULE$.apply$default$3(), Response$.MODULE$.apply$default$4(), Response$.MODULE$.apply$default$5()), true, secretKey, function1, checkCSRFDefault(sync), sync, applicative);
    }

    public <F, G> CSRF.CSRFBuilder<F, G> withDefaultOriginCheck(SecretKey secretKey, String str, Uri.Scheme scheme, Option<Object> option, Sync<F> sync, Applicative<G> applicative) {
        return apply(secretKey, request -> {
            return BoxesRunTime.boxToBoolean($anonfun$withDefaultOriginCheck$1(str, scheme, option, request));
        }, sync, applicative);
    }

    public <F, G> CSRF.CSRFBuilder<F, G> withDefaultOriginCheckFormAware(String str, FunctionK<G, F> functionK, SecretKey secretKey, String str2, Uri.Scheme scheme, Option<Object> option, Sync<F> sync, Sync<G> sync2) {
        return withDefaultOriginCheck(secretKey, str2, scheme, option, Sync$.MODULE$.apply(sync), Applicative$.MODULE$.apply(sync2)).withCSRFCheck(checkCSRFinHeaderAndForm(str, functionK, sync2, sync));
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <F, G> F withGeneratedKey(Function1<Request<G>, Object> function1, Sync<F> sync, Applicative<G> applicative) {
        return (F) package$all$.MODULE$.toFunctorOps(generateSigningKey(sync), sync).map(secretKey -> {
            return MODULE$.apply(secretKey, function1, sync, applicative);
        });
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <F, G> F withKeyBytes(byte[] bArr, Function1<Request<G>, Object> function1, Sync<F> sync, Applicative<G> applicative) {
        return (F) package$all$.MODULE$.toFunctorOps(buildSigningKey(bArr, sync), sync).map(secretKey -> {
            return MODULE$.apply(secretKey, function1, sync, applicative);
        });
    }

    public <F, G> Function1<CSRF<F, G>, Function2<Request<G>, F, F>> checkCSRFDefault(Sync<F> sync) {
        return csrf -> {
            return (request, obj) -> {
                return csrf.getHeaderToken(request).fold(() -> {
                    return csrf.onfailureF();
                }, str -> {
                    return csrf.checkCSRFToken(request, obj, str, sync);
                });
            };
        };
    }

    public <F, G> Function1<CSRF<F, G>, Function2<Request<G>, F, F>> checkCSRFinHeaderAndForm(String str, FunctionK<G, F> functionK, Sync<G> sync, Sync<F> sync2) {
        return csrf -> {
            return (request, obj) -> {
                return package$all$.MODULE$.toFlatMapOps(sync2.pure(csrf.getHeaderToken(request)), sync2).flatMap(option -> {
                    return package$all$.MODULE$.toFlatMapOps(option.isDefined() ? sync2.pure(option) : getFormToken$1(request, sync, str, functionK, sync2), sync2).flatMap(option -> {
                        return option.fold(() -> {
                            return csrf.onfailureF();
                        }, str2 -> {
                            return csrf.checkCSRFToken(request, obj, str2, sync2);
                        });
                    });
                });
            };
        };
    }

    public Object lift(String str) {
        return str;
    }

    public String unlift(Object obj) {
        return (String) obj;
    }

    public <F> boolean defaultOriginCheck(Request<F> request, String str, Uri.Scheme scheme, Option<Object> option) {
        return Headers$.MODULE$.get$extension(request.headers(), Origin$.MODULE$).flatMap(origin -> {
            Option option2;
            Either<ParseFailure, Uri> fromString = Uri$.MODULE$.fromString(origin.value());
            if (fromString instanceof Right) {
                option2 = new Some((Uri) ((Right) fromString).value());
            } else {
                if (!(fromString instanceof Left)) {
                    throw new MatchError(fromString);
                }
                option2 = None$.MODULE$;
            }
            return option2;
        }).exists(uri -> {
            return BoxesRunTime.boxToBoolean($anonfun$defaultOriginCheck$2(str, scheme, option, uri));
        }) || Headers$.MODULE$.get$extension(request.headers(), Referer$.MODULE$).exists(referer -> {
            return BoxesRunTime.boxToBoolean($anonfun$defaultOriginCheck$4(str, scheme, option, referer));
        });
    }

    public <F> boolean proxyOriginCheck(Request<F> request, Host host, X$minusForwarded$minusFor x$minusForwarded$minusFor) {
        return Headers$.MODULE$.get$extension(request.headers(), Host$.MODULE$).contains(host) || Headers$.MODULE$.get$extension(request.headers(), X$minusForwarded$minusFor$.MODULE$).contains(x$minusForwarded$minusFor);
    }

    public String SigningAlgo() {
        return SigningAlgo;
    }

    public int SHA1ByteLen() {
        return SHA1ByteLen;
    }

    public int CSRFTokenLength() {
        return CSRFTokenLength;
    }

    private int InitialSeedArraySize() {
        return InitialSeedArraySize;
    }

    private SecureRandom CachedRandom() {
        return CachedRandom;
    }

    public <F, G> F cookieFromHeadersF(Request<G> request, String str, Sync<F> sync) {
        F raiseError;
        Option<RequestCookie> cookieFromHeaders = cookieFromHeaders(request, str);
        if (cookieFromHeaders instanceof Some) {
            raiseError = sync.pure((RequestCookie) ((Some) cookieFromHeaders).value());
        } else {
            if (!None$.MODULE$.equals(cookieFromHeaders)) {
                throw new MatchError(cookieFromHeaders);
            }
            raiseError = sync.raiseError(CSRF$CSRFCheckFailed$.MODULE$);
        }
        return raiseError;
    }

    public <F> Option<RequestCookie> cookieFromHeaders(Request<F> request, String str) {
        return Cookie$.MODULE$.from(request.headers()).flatMap(cookie -> {
            return cookie.values().find(requestCookie -> {
                return BoxesRunTime.boxToBoolean($anonfun$cookieFromHeaders$2(str, requestCookie));
            });
        });
    }

    public boolean tokensEqual(Object obj, Object obj2) {
        return isEqual(unlift(obj), unlift(obj2));
    }

    public boolean isEqual(String str, String str2) {
        return MessageDigest.isEqual(str.getBytes(StandardCharsets.UTF_8), str2.getBytes(StandardCharsets.UTF_8));
    }

    public String genTokenString() {
        byte[] bArr = new byte[CSRFTokenLength()];
        CachedRandom().nextBytes(bArr);
        return package$.MODULE$.encodeHexString(bArr);
    }

    public <F> F generateSigningKey(Sync<F> sync) {
        return sync.delay2(() -> {
            return KeyGenerator.getInstance(MODULE$.SigningAlgo()).generateKey();
        });
    }

    public <F> F buildSigningKey(byte[] bArr, Sync<F> sync) {
        return sync.delay2(() -> {
            return new SecretKeySpec(bArr, MODULE$.SigningAlgo());
        });
    }

    public static final /* synthetic */ boolean $anonfun$withDefaultOriginCheck$1(String str, Uri.Scheme scheme, Option option, Request request) {
        return MODULE$.defaultOriginCheck(request, str, scheme, option);
    }

    public static final /* synthetic */ Option $anonfun$checkCSRFinHeaderAndForm$5(String str, Map map) {
        return map.get(str).flatMap(chain -> {
            return chain.uncons().map(tuple2 -> {
                return (String) tuple2.mo2174_1();
            });
        });
    }

    private static final Object extractToken$1(Request request, Sync sync, String str) {
        return package$all$.MODULE$.toFunctorOps(request.attemptAs(UrlForm$.MODULE$.entityDecoder(sync, UrlForm$.MODULE$.entityDecoder$default$2())).value(), sync).map(either -> {
            return (Option) either.fold(decodeFailure -> {
                return package$all$.MODULE$.none();
            }, obj -> {
                return $anonfun$checkCSRFinHeaderAndForm$5(str, ((UrlForm) obj).values());
            });
        });
    }

    private static final Object getFormToken$1(Request request, Sync sync, String str, FunctionK functionK, Sync sync2) {
        Object pure;
        Content$minusType content$minusType;
        Option<Header> option = Headers$.MODULE$.get$extension(request.headers(), Content$minusType$.MODULE$);
        if ((option instanceof Some) && (content$minusType = (Content$minusType) ((Some) option).value()) != null) {
            MediaType mediaType = content$minusType.mediaType();
            MediaType x$minuswww$minusform$minusurlencoded = MediaType$.MODULE$.application().x$minuswww$minusform$minusurlencoded();
            if (x$minuswww$minusform$minusurlencoded != null ? x$minuswww$minusform$minusurlencoded.equals(mediaType) : mediaType == null) {
                pure = functionK.apply2(extractToken$1(request, sync, str));
                return pure;
            }
        }
        pure = sync2.pure(package$all$.MODULE$.none());
        return pure;
    }

    public static final /* synthetic */ boolean $anonfun$defaultOriginCheck$3(String str, Uri.Host host) {
        String value = host.value();
        return value != null ? value.equals(str) : str == null;
    }

    public static final /* synthetic */ boolean $anonfun$defaultOriginCheck$2(String str, Uri.Scheme scheme, Option option, Uri uri) {
        if (uri.host().exists(host -> {
            return BoxesRunTime.boxToBoolean($anonfun$defaultOriginCheck$3(str, host));
        }) && uri.scheme().contains(scheme)) {
            Option<Object> port = uri.port();
            if (port != null ? port.equals(option) : option == null) {
                return true;
            }
        }
        return false;
    }

    public static final /* synthetic */ boolean $anonfun$defaultOriginCheck$5(String str, Uri.Host host) {
        String value = host.value();
        return value != null ? value.equals(str) : str == null;
    }

    public static final /* synthetic */ boolean $anonfun$defaultOriginCheck$4(String str, Uri.Scheme scheme, Option option, Referer referer) {
        if (referer.uri().host().exists(host -> {
            return BoxesRunTime.boxToBoolean($anonfun$defaultOriginCheck$5(str, host));
        }) && referer.uri().scheme().contains(scheme)) {
            Option<Object> port = referer.uri().port();
            if (port != null ? port.equals(option) : option == null) {
                return true;
            }
        }
        return false;
    }

    public static final /* synthetic */ boolean $anonfun$cookieFromHeaders$2(String str, RequestCookie requestCookie) {
        String name = requestCookie.name();
        return name != null ? name.equals(str) : str == null;
    }

    private CSRF$() {
    }
}
