package org.http4s.server.middleware;

import cats.Applicative;
import cats.Applicative$;
import cats.arrow.FunctionK;
import cats.effect.Sync;
import cats.effect.Sync$;
import cats.syntax.package$all$;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.time.Clock;
import javax.crypto.SecretKey;
import org.http4s.Headers$;
import org.http4s.Request;
import org.http4s.RequestCookie;
import org.http4s.Response;
import org.http4s.Response$;
import org.http4s.Status$;
import org.http4s.Uri;
import org.http4s.headers.Cookie$;
import org.http4s.headers.Host;
import org.http4s.headers.Host$;
import org.http4s.headers.Origin$;
import org.http4s.headers.Referer$;
import org.http4s.headers.X$minusForwarded$minusFor;
import org.http4s.headers.X$minusForwarded$minusFor$;
import org.http4s.internal.package$;
import org.http4s.server.middleware.CSRF;
import org.http4s.util.CaseInsensitiveString$;
import scala.Function1;
import scala.Function2;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Some;

/* compiled from: CSRF.scala */
/* loaded from: input_file:WEB-INF/lib/http4s-server_2.11-0.20.0.jar:org/http4s/server/middleware/CSRF$.class */
public final class CSRF$ {
    public static final CSRF$ MODULE$ = null;
    private final String SigningAlgo;
    private final int SHA1ByteLen;
    private final int CSRFTokenLength;
    private final int InitialSeedArraySize;
    private final SecureRandom CachedRandom;

    static {
        new CSRF$();
    }

    public <F, G> CSRF.CSRFBuilder<F, G> apply(SecretKey secretKey, Function1<Request<G>, Object> function1, Sync<F> sync, Applicative<G> applicative) {
        return new CSRF.CSRFBuilder<>(CaseInsensitiveString$.MODULE$.apply("X-Csrf-Token"), new CSRF.CookieSettings("csrf-token", false, true, CSRF$CookieSettings$.MODULE$.apply$default$4(), new Some("/"), CSRF$CookieSettings$.MODULE$.apply$default$6()), Clock.systemUTC(), new Response(Status$.MODULE$.Forbidden(), Response$.MODULE$.apply$default$2(), Response$.MODULE$.apply$default$3(), Response$.MODULE$.apply$default$4(), Response$.MODULE$.apply$default$5()), true, secretKey, function1, checkCSRFDefault(sync), sync, applicative);
    }

    public <F, G> CSRF.CSRFBuilder<F, G> withDefaultOriginCheck(SecretKey secretKey, String str, Uri.Scheme scheme, Option<Object> option, Sync<F> sync, Applicative<G> applicative) {
        return apply(secretKey, new CSRF$$anonfun$withDefaultOriginCheck$1(str, scheme, option), sync, applicative);
    }

    public <F, G> CSRF.CSRFBuilder<F, G> withDefaultOriginCheckFormAware(String str, FunctionK<G, F> functionK, SecretKey secretKey, String str2, Uri.Scheme scheme, Option<Object> option, Sync<F> sync, Sync<G> sync2) {
        return withDefaultOriginCheck(secretKey, str2, scheme, option, Sync$.MODULE$.apply(sync), Applicative$.MODULE$.apply(sync2)).withCSRFCheck(checkCSRFinHeaderAndForm(str, functionK, sync2, sync));
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <F, G> F withGeneratedKey(Function1<Request<G>, Object> function1, Sync<F> sync, Applicative<G> applicative) {
        return (F) package$all$.MODULE$.toFunctorOps(generateSigningKey(sync), sync).map(new CSRF$$anonfun$withGeneratedKey$1(function1, sync, applicative));
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <F, G> F withKeyBytes(byte[] bArr, Function1<Request<G>, Object> function1, Sync<F> sync, Applicative<G> applicative) {
        return (F) package$all$.MODULE$.toFunctorOps(buildSigningKey(bArr, sync), sync).map(new CSRF$$anonfun$withKeyBytes$1(function1, sync, applicative));
    }

    public <F, G> Function1<CSRF<F, G>, Function2<Request<G>, F, F>> checkCSRFDefault(Sync<F> sync) {
        return new CSRF$$anonfun$checkCSRFDefault$1(sync);
    }

    public <F, G> Function1<CSRF<F, G>, Function2<Request<G>, F, F>> checkCSRFinHeaderAndForm(String str, FunctionK<G, F> functionK, Sync<G> sync, Sync<F> sync2) {
        return new CSRF$$anonfun$checkCSRFinHeaderAndForm$1(str, functionK, sync, sync2);
    }

    public Object lift(String str) {
        return str;
    }

    public String unlift(Object obj) {
        return (String) obj;
    }

    public <F> boolean defaultOriginCheck(Request<F> request, String str, Uri.Scheme scheme, Option<Object> option) {
        return Headers$.MODULE$.get$extension0(request.headers(), Origin$.MODULE$).flatMap(new CSRF$$anonfun$defaultOriginCheck$1()).exists(new CSRF$$anonfun$defaultOriginCheck$2(str, scheme, option)) || Headers$.MODULE$.get$extension0(request.headers(), Referer$.MODULE$).exists(new CSRF$$anonfun$defaultOriginCheck$3(str, scheme, option));
    }

    public <F> boolean proxyOriginCheck(Request<F> request, Host host, X$minusForwarded$minusFor x$minusForwarded$minusFor) {
        return Headers$.MODULE$.get$extension0(request.headers(), Host$.MODULE$).contains(host) || Headers$.MODULE$.get$extension0(request.headers(), X$minusForwarded$minusFor$.MODULE$).contains(x$minusForwarded$minusFor);
    }

    public String SigningAlgo() {
        return this.SigningAlgo;
    }

    public int SHA1ByteLen() {
        return this.SHA1ByteLen;
    }

    public int CSRFTokenLength() {
        return this.CSRFTokenLength;
    }

    private int InitialSeedArraySize() {
        return this.InitialSeedArraySize;
    }

    private SecureRandom CachedRandom() {
        return this.CachedRandom;
    }

    public <F, G> F cookieFromHeadersF(Request<G> request, String str, Sync<F> sync) {
        F raiseError;
        Option<RequestCookie> cookieFromHeaders = cookieFromHeaders(request, str);
        if (cookieFromHeaders instanceof Some) {
            raiseError = sync.pure((RequestCookie) ((Some) cookieFromHeaders).x());
        } else {
            if (!None$.MODULE$.equals(cookieFromHeaders)) {
                throw new MatchError(cookieFromHeaders);
            }
            raiseError = sync.raiseError(CSRF$CSRFCheckFailed$.MODULE$);
        }
        return raiseError;
    }

    public <F> Option<RequestCookie> cookieFromHeaders(Request<F> request, String str) {
        return Cookie$.MODULE$.from(request.headers()).flatMap(new CSRF$$anonfun$cookieFromHeaders$1(str));
    }

    public boolean tokensEqual(Object obj, Object obj2) {
        return isEqual(unlift(obj), unlift(obj2));
    }

    public boolean isEqual(String str, String str2) {
        return MessageDigest.isEqual(str.getBytes(StandardCharsets.UTF_8), str2.getBytes(StandardCharsets.UTF_8));
    }

    public String genTokenString() {
        byte[] bArr = new byte[CSRFTokenLength()];
        CachedRandom().nextBytes(bArr);
        return package$.MODULE$.encodeHexString(bArr);
    }

    public <F> F generateSigningKey(Sync<F> sync) {
        return sync.delay2(new CSRF$$anonfun$generateSigningKey$1());
    }

    public <F> F buildSigningKey(byte[] bArr, Sync<F> sync) {
        return sync.delay2(new CSRF$$anonfun$buildSigningKey$1(bArr));
    }

    private CSRF$() {
        MODULE$ = this;
        this.SigningAlgo = "HmacSHA1";
        this.SHA1ByteLen = 20;
        this.CSRFTokenLength = 32;
        this.InitialSeedArraySize = 20;
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.nextBytes(new byte[InitialSeedArraySize()]);
        this.CachedRandom = secureRandom;
    }
}
