package org.http4s.server.middleware.authentication;

import cats.Applicative;
import cats.data.Kleisli;
import cats.data.NonEmptyList;
import cats.effect.Sync;
import cats.syntax.EitherObjectOps$;
import cats.syntax.package$all$;
import org.apache.kafka.common.security.oauthbearer.internals.OAuthBearerClientInitialResponse;
import org.http4s.AuthScheme$;
import org.http4s.AuthedRequest$;
import org.http4s.Challenge;
import org.http4s.ContextRequest;
import org.http4s.Credentials;
import org.http4s.Header;
import org.http4s.Headers$;
import org.http4s.Request;
import org.http4s.Response;
import org.http4s.headers.Authorization;
import org.http4s.headers.Authorization$;
import org.http4s.server.middleware.authentication.DigestAuth;
import org.http4s.server.middleware.authentication.NonceKeeper;
import org.http4s.util.CaseInsensitiveString;
import scala.C$less$colon$less$;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.SetOps;
import scala.collection.immutable.Map;
import scala.concurrent.duration.Cpackage;
import scala.concurrent.duration.Duration;
import scala.runtime.ScalaRunTime$;
import scala.util.Either;

/* compiled from: DigestAuth.scala */
/* loaded from: input_file:WEB-INF/lib/http4s-server_2.13-0.21.34.jar:org/http4s/server/middleware/authentication/DigestAuth$.class */
public final class DigestAuth$ {
    public static final DigestAuth$ MODULE$ = new DigestAuth$();

    public <F, A> Function1<Kleisli<?, ContextRequest<F, A>, Response<F>>, Kleisli<?, Request<F>, Response<F>>> apply(String str, Function1<String, F> function1, Duration duration, Duration duration2, int i, Sync<F> sync) {
        Kleisli<F, Request<F>, Either<Challenge, ContextRequest<F, A>>> challenge = challenge(str, function1, new NonceKeeper(duration2.toMillis(), duration.toMillis(), i), sync);
        return kleisli -> {
            return package$.MODULE$.challenged(challenge, kleisli, sync);
        };
    }

    public <F, A> Duration apply$default$3() {
        return new Cpackage.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).hour();
    }

    public <F, A> Duration apply$default$4() {
        return new Cpackage.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).hour();
    }

    public <F, A> int apply$default$5() {
        return 160;
    }

    public <F, A> Kleisli<F, Request<F>, Either<Challenge, ContextRequest<F, A>>> challenge(String str, Function1<String, F> function1, NonceKeeper nonceKeeper, Sync<F> sync) {
        return new Kleisli<>(request -> {
            return package$all$.MODULE$.toFlatMapOps(MODULE$.checkAuth(str, function1, nonceKeeper, request, sync), sync).flatMap(authReply -> {
                return authReply instanceof DigestAuth.OK ? sync.pure(EitherObjectOps$.MODULE$.right$extension(package$all$.MODULE$.catsSyntaxEitherObject(scala.package$.MODULE$.Either()), AuthedRequest$.MODULE$.apply((AuthedRequest$) ((DigestAuth.OK) authReply).authInfo(), request))) : DigestAuth$StaleNonce$.MODULE$.equals(authReply) ? package$all$.MODULE$.toFunctorOps(MODULE$.getChallengeParams(nonceKeeper, true, sync), sync).map(map -> {
                    return paramsToChallenge$1(map, str);
                }) : package$all$.MODULE$.toFunctorOps(MODULE$.getChallengeParams(nonceKeeper, false, sync), sync).map(map2 -> {
                    return paramsToChallenge$1(map2, str);
                });
            });
        });
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <F, A> F checkAuth(String str, Function1<String, F> function1, NonceKeeper nonceKeeper, Request<F> request, Applicative<F> applicative) {
        F pure;
        boolean z = false;
        Option<Header> option = Headers$.MODULE$.get$extension(request.headers(), Authorization$.MODULE$);
        if (option instanceof Some) {
            z = true;
            Authorization authorization = (Authorization) ((Some) option).value();
            if (authorization != null) {
                Credentials credentials = authorization.credentials();
                if (credentials instanceof Credentials.AuthParams) {
                    Credentials.AuthParams authParams = (Credentials.AuthParams) credentials;
                    CaseInsensitiveString authScheme = authParams.authScheme();
                    NonEmptyList<Tuple2<String, String>> params = authParams.params();
                    CaseInsensitiveString Digest = AuthScheme$.MODULE$.Digest();
                    if (Digest != null ? Digest.equals(authScheme) : authScheme == null) {
                        pure = checkAuthParams(str, function1, nonceKeeper, request, params, applicative);
                        return pure;
                    }
                }
            }
        }
        if (z) {
            pure = applicative.pure(DigestAuth$NoCredentials$.MODULE$);
        } else {
            if (!None$.MODULE$.equals(option)) {
                throw new MatchError(option);
            }
            pure = applicative.pure(DigestAuth$NoAuthorizationHeader$.MODULE$);
        }
        return pure;
    }

    private <F> F getChallengeParams(NonceKeeper nonceKeeper, boolean z, Sync<F> sync) {
        return sync.delay2(() -> {
            Map map = (Map) Predef$.MODULE$.Map().apply2(ScalaRunTime$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("qop"), OAuthBearerClientInitialResponse.AUTH_KEY), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("nonce"), nonceKeeper.newNonce())}));
            return z ? (Map) map.$plus2(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("stale"), "TRUE")) : map;
        });
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <F, A> F checkAuthParams(String str, Function1<String, F> function1, NonceKeeper nonceKeeper, Request<F> request, NonEmptyList<Tuple2<String, String>> nonEmptyList, Applicative<F> applicative) {
        F map;
        Map<K$, V$> map2 = nonEmptyList.toList().toMap(C$less$colon$less$.MODULE$.refl());
        if (!((SetOps) Predef$.MODULE$.Set().apply2(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{"realm", "nonce", "nc", "username", "cnonce", "qop"}))).subsetOf(map2.keySet())) {
            return applicative.pure(DigestAuth$BadParameters$.MODULE$);
        }
        String method = request.method().toString();
        String uri = request.uri().toString();
        Option option = map2.get("realm");
        Some some = new Some(str);
        if (option != null ? !option.equals(some) : some != null) {
            return applicative.pure(DigestAuth$BadParameters$.MODULE$);
        }
        String str2 = (String) map2.apply((Map<K$, V$>) "nonce");
        String str3 = (String) map2.apply((Map<K$, V$>) "nc");
        NonceKeeper.Reply receiveNonce = nonceKeeper.receiveNonce(str2, Integer.parseInt(str3, 16));
        if (NonceKeeper$StaleReply$.MODULE$.equals(receiveNonce)) {
            map = applicative.pure(DigestAuth$StaleNonce$.MODULE$);
        } else if (NonceKeeper$BadNCReply$.MODULE$.equals(receiveNonce)) {
            map = applicative.pure(DigestAuth$BadNC$.MODULE$);
        } else {
            if (!NonceKeeper$OKReply$.MODULE$.equals(receiveNonce)) {
                throw new MatchError(receiveNonce);
            }
            map = package$all$.MODULE$.toFunctorOps(function1.apply(map2.apply((Map<K$, V$>) "username")), applicative).map(option2 -> {
                Tuple2 tuple2;
                DigestAuth.AuthReply ok;
                if (None$.MODULE$.equals(option2)) {
                    ok = DigestAuth$UserUnknown$.MODULE$;
                } else {
                    if (!(option2 instanceof Some) || (tuple2 = (Tuple2) ((Some) option2).value()) == null) {
                        throw new MatchError(option2);
                    }
                    Object mo5953_1 = tuple2.mo5953_1();
                    String computeResponse = DigestUtil$.MODULE$.computeResponse(method, (String) map2.apply((Map) "username"), str, (String) tuple2.mo5952_2(), uri, str2, str3, (String) map2.apply((Map) "cnonce"), (String) map2.apply((Map) "qop"));
                    Object apply = map2.apply((Map) "response");
                    ok = (computeResponse != null ? !computeResponse.equals(apply) : apply != null) ? DigestAuth$WrongResponse$.MODULE$ : new DigestAuth.OK(mo5953_1);
                }
                return ok;
            });
        }
        return map;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final Either paramsToChallenge$1(Map map, String str) {
        return EitherObjectOps$.MODULE$.left$extension(package$all$.MODULE$.catsSyntaxEitherObject(scala.package$.MODULE$.Either()), new Challenge("Digest", str, map));
    }

    private DigestAuth$() {
    }
}
