package org.http4s.server.middleware.authentication;

import cats.Functor;
import cats.Monad;
import cats.data.Kleisli;
import cats.data.NonEmptyList;
import cats.effect.kernel.Async;
import cats.effect.kernel.Sync;
import cats.syntax.EitherObjectOps$;
import cats.syntax.package$all$;
import org.apache.kafka.common.security.oauthbearer.internals.OAuthBearerClientInitialResponse;
import org.http4s.AuthScheme$;
import org.http4s.AuthedRequest$;
import org.http4s.Challenge;
import org.http4s.ContextRequest;
import org.http4s.Credentials;
import org.http4s.Header$Select$;
import org.http4s.Headers$;
import org.http4s.Request;
import org.http4s.Response;
import org.http4s.crypto.Hash;
import org.http4s.crypto.Hash$;
import org.http4s.headers.Authorization;
import org.http4s.headers.Authorization$;
import org.http4s.server.middleware.authentication.DigestAuth;
import org.typelevel.ci.CIString;
import scala.C$less$colon$less$;
import scala.Function1;
import scala.Function2;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.SetOps;
import scala.collection.immutable.Map;
import scala.concurrent.duration.Cpackage;
import scala.concurrent.duration.Duration;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;
import scala.util.Either;

/* compiled from: DigestAuth.scala */
/* loaded from: input_file:WEB-INF/lib/http4s-server_2.13-0.23.24.jar:org/http4s/server/middleware/authentication/DigestAuth$.class */
public final class DigestAuth$ {
    public static final DigestAuth$ MODULE$ = new DigestAuth$();

    public <F, A> Function1<Kleisli<?, ContextRequest<F, A>, Response<F>>, Kleisli<?, Request<F>, Response<F>>> apply(String str, Function1<String, F> function1, Duration duration, Duration duration2, int i, Sync<F> sync) {
        Kleisli<F, Request<F>, Either<Challenge, ContextRequest<F, A>>> challenge = challenge(str, function1, new NonceKeeper(duration2.toMillis(), duration.toMillis(), i), sync);
        return kleisli -> {
            return package$.MODULE$.challenged(challenge, kleisli, sync);
        };
    }

    public <F, A> Duration apply$default$3() {
        return new Cpackage.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).hour();
    }

    public <F, A> Duration apply$default$4() {
        return new Cpackage.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).hour();
    }

    public <F, A> int apply$default$5() {
        return 160;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <F, A> F applyF(String str, DigestAuth.AuthStore<F, A> authStore, Duration duration, Duration duration2, int i, Async<F> async) {
        return (F) package$all$.MODULE$.toFunctorOps(challenge(str, authStore, duration, duration2, i, async), async).map(kleisli -> {
            return kleisli -> {
                return package$.MODULE$.challenged(kleisli, kleisli, async);
            };
        });
    }

    public <F, A> Duration applyF$default$3() {
        return new Cpackage.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).hour();
    }

    public <F, A> Duration applyF$default$4() {
        return new Cpackage.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).hour();
    }

    public <F, A> int applyF$default$5() {
        return 160;
    }

    public <F, A> Kleisli<F, Request<F>, Either<Challenge, ContextRequest<F, A>>> challenge(String str, Function1<String, F> function1, NonceKeeper nonceKeeper, Sync<F> sync) {
        return challengeInterop(str, DigestAuth$PlainTextAuthStore$.MODULE$.apply(function1), sync.delay(() -> {
            return nonceKeeper.newNonce();
        }), (str2, obj) -> {
            return $anonfun$challenge$2(sync, nonceKeeper, str2, BoxesRunTime.unboxToInt(obj));
        }, sync);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <F, A> F challenge(String str, DigestAuth.AuthStore<F, A> authStore, Duration duration, Duration duration2, int i, Async<F> async) {
        return (F) package$all$.MODULE$.toFunctorOps(NonceKeeperF$.MODULE$.apply(duration2, duration, i, async), async).map(nonceKeeperF -> {
            return MODULE$.challengeInterop(str, authStore, nonceKeeperF.newNonce(), (str2, obj) -> {
                return nonceKeeperF.receiveNonce(str2, BoxesRunTime.unboxToInt(obj));
            }, async);
        });
    }

    public <F, A> Duration challenge$default$3() {
        return new Cpackage.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).hour();
    }

    public <F, A> Duration challenge$default$4() {
        return new Cpackage.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).hour();
    }

    public <F, A> int challenge$default$5() {
        return 160;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <F, A> Kleisli<F, Request<F>, Either<Challenge, ContextRequest<F, A>>> challengeInterop(String str, DigestAuth.AuthStore<F, A> authStore, F f, Function2<String, Object, F> function2, Sync<F> sync) {
        return new Kleisli<>(request -> {
            return package$all$.MODULE$.toFlatMapOps(MODULE$.checkAuth(str, authStore, function2, request, Hash$.MODULE$.forApplicativeThrow(sync), sync), sync).flatMap(authReply -> {
                if (authReply instanceof DigestAuth.OK) {
                    return sync.pure(EitherObjectOps$.MODULE$.right$extension(package$all$.MODULE$.catsSyntaxEitherObject(scala.package$.MODULE$.Either()), AuthedRequest$.MODULE$.apply((AuthedRequest$) ((DigestAuth.OK) authReply).authInfo(), request)));
                }
                return DigestAuth$StaleNonce$.MODULE$.equals(authReply) ? package$all$.MODULE$.toFunctorOps(MODULE$.getChallengeParams(f, true, sync), sync).map(map -> {
                    return paramsToChallenge$1(map, str);
                }) : package$all$.MODULE$.toFunctorOps(MODULE$.getChallengeParams(f, false, sync), sync).map(map2 -> {
                    return paramsToChallenge$1(map2, str);
                });
            });
        });
    }

    private <F, A> F checkAuth(String str, DigestAuth.AuthStore<F, A> authStore, Function2<String, Object, F> function2, Request<F> request, Hash<F> hash, Monad<F> monad) {
        boolean z = false;
        Option<Object> option = Headers$.MODULE$.get$extension(request.headers(), Header$Select$.MODULE$.singleHeaders(Authorization$.MODULE$.headerInstance()));
        if (option instanceof Some) {
            z = true;
            Authorization authorization = (Authorization) ((Some) option).value();
            if (authorization != null) {
                Credentials credentials = authorization.credentials();
                if (credentials instanceof Credentials.AuthParams) {
                    Credentials.AuthParams authParams = (Credentials.AuthParams) credentials;
                    CIString authScheme = authParams.authScheme();
                    NonEmptyList<Tuple2<String, String>> params = authParams.params();
                    CIString Digest = AuthScheme$.MODULE$.Digest();
                    if (Digest != null ? Digest.equals(authScheme) : authScheme == null) {
                        return (F) checkAuthParams(str, authStore, function2, request, params, hash, monad);
                    }
                }
            }
        }
        if (z) {
            return monad.pure(DigestAuth$NoCredentials$.MODULE$);
        }
        if (None$.MODULE$.equals(option)) {
            return monad.pure(DigestAuth$NoAuthorizationHeader$.MODULE$);
        }
        throw new MatchError(option);
    }

    private <F> F getChallengeParams(F f, boolean z, Functor<F> functor) {
        return (F) package$all$.MODULE$.toFunctorOps(f, functor).map(str -> {
            Map map = (Map) Predef$.MODULE$.Map().apply2(ScalaRunTime$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("qop"), OAuthBearerClientInitialResponse.AUTH_KEY), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("nonce"), str)}));
            return z ? (Map) map.$plus2(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("stale"), "TRUE")) : map;
        });
    }

    private <F, A> F checkAuthParams(String str, DigestAuth.AuthStore<F, A> authStore, Function2<String, Object, F> function2, Request<F> request, NonEmptyList<Tuple2<String, String>> nonEmptyList, Hash<F> hash, Monad<F> monad) {
        Map<K$, V$> map = nonEmptyList.toList().toMap(C$less$colon$less$.MODULE$.refl());
        if (!((SetOps) Predef$.MODULE$.Set().apply2(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{"realm", "nonce", "nc", "username", "cnonce", "qop"}))).subsetOf(map.keySet())) {
            return monad.pure(DigestAuth$BadParameters$.MODULE$);
        }
        String method = request.method().toString();
        if (!map.get("realm").contains(str)) {
            return monad.pure(DigestAuth$BadParameters$.MODULE$);
        }
        String str2 = (String) map.apply((Map<K$, V$>) "nonce");
        String str3 = (String) map.apply((Map<K$, V$>) "nc");
        return package$all$.MODULE$.toFlatMapOps(function2.mo7002apply(str2, BoxesRunTime.boxToInteger(Integer.parseInt(str3, 16))), monad).flatMap(reply -> {
            if (NonceKeeper$StaleReply$.MODULE$.equals(reply)) {
                return monad.pure(DigestAuth$StaleNonce$.MODULE$);
            }
            if (NonceKeeper$BadNCReply$.MODULE$.equals(reply)) {
                return monad.pure(DigestAuth$BadNC$.MODULE$);
            }
            if (!NonceKeeper$OKReply$.MODULE$.equals(reply)) {
                throw new MatchError(reply);
            }
            if (authStore instanceof DigestAuth.PlainTextAuthStore) {
                return package$all$.MODULE$.toFlatMapOps(((DigestAuth.PlainTextAuthStore) authStore).func().apply(map.apply((Map) "username")), monad).flatMap(option -> {
                    Tuple2 tuple2;
                    if (None$.MODULE$.equals(option)) {
                        return monad.pure(DigestAuth$UserUnknown$.MODULE$);
                    }
                    if (!(option instanceof Some) || (tuple2 = (Tuple2) ((Some) option).value()) == null) {
                        throw new MatchError(option);
                    }
                    Object mo6859_1 = tuple2.mo6859_1();
                    return package$all$.MODULE$.toFunctorOps(DigestUtil$.MODULE$.computeResponse(method, (String) map.apply((Map) "username"), str, (String) tuple2.mo6858_2(), request.uri(), str2, str3, (String) map.apply((Map) "cnonce"), (String) map.apply((Map) "qop"), monad, hash), monad).map(str4 -> {
                        Object apply = map.apply((Map) "response");
                        return (str4 != null ? !str4.equals(apply) : apply != null) ? DigestAuth$WrongResponse$.MODULE$ : new DigestAuth.OK(mo6859_1);
                    });
                });
            }
            if (authStore instanceof DigestAuth.Md5HashedAuthStore) {
                return package$all$.MODULE$.toFlatMapOps(((DigestAuth.Md5HashedAuthStore) authStore).func().apply(map.apply((Map) "username")), monad).flatMap(option2 -> {
                    Tuple2 tuple2;
                    if (None$.MODULE$.equals(option2)) {
                        return monad.pure(DigestAuth$UserUnknown$.MODULE$);
                    }
                    if (!(option2 instanceof Some) || (tuple2 = (Tuple2) ((Some) option2).value()) == null) {
                        throw new MatchError(option2);
                    }
                    Object mo6859_1 = tuple2.mo6859_1();
                    return package$all$.MODULE$.toFunctorOps(DigestUtil$.MODULE$.computeHashedResponse(method, (String) tuple2.mo6858_2(), request.uri(), str2, str3, (String) map.apply((Map) "cnonce"), (String) map.apply((Map) "qop"), monad, hash), monad).map(str4 -> {
                        Object apply = map.apply((Map) "response");
                        return (str4 != null ? !str4.equals(apply) : apply != null) ? DigestAuth$WrongResponse$.MODULE$ : new DigestAuth.OK(mo6859_1);
                    });
                });
            }
            throw new MatchError(authStore);
        });
    }

    public static final /* synthetic */ Object $anonfun$challenge$2(Sync sync, NonceKeeper nonceKeeper, String str, int i) {
        return sync.delay(() -> {
            return nonceKeeper.receiveNonce(str, i);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final Either paramsToChallenge$1(Map map, String str) {
        return EitherObjectOps$.MODULE$.left$extension(package$all$.MODULE$.catsSyntaxEitherObject(scala.package$.MODULE$.Either()), new Challenge("Digest", str, map));
    }

    private DigestAuth$() {
    }
}
