package com.daml.jwt;

import com.auth0.jwt.algorithms.Algorithm;
import java.nio.file.Paths;
import java.security.interfaces.ECPrivateKey;
import scala.Function2;
import scala.package$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.util.Either;
import scala.util.Try$;
import scopt.OptionParser;
import scopt.Read$;

/* compiled from: JwtVerifierConfigurationCli.scala */
/* loaded from: input_file:com/daml/jwt/JwtVerifierConfigurationCli$.class */
public final class JwtVerifierConfigurationCli$ {
    public static final JwtVerifierConfigurationCli$ MODULE$ = new JwtVerifierConfigurationCli$();

    public <C> void parse(OptionParser<C> optionParser, Function2<JwtVerifierBase, C, C> function2) {
        optionParser.opt("auth-jwt-hs256-unsafe", Read$.MODULE$.stringRead()).optional().hidden().validate(str -> {
            return package$.MODULE$.Either().cond(str.length() > 0, () -> {
            }, () -> {
                return "HMAC secret must be a non-empty string";
            });
        }).text("[UNSAFE] Enables JWT-based authorization with shared secret HMAC256 signing: USE THIS EXCLUSIVELY FOR TESTING").action((str2, obj) -> {
            return setJwtVerifier$1((JwtVerifier) HMAC256Verifier$.MODULE$.apply(str2).valueOr(error -> {
                return scala.sys.package$.MODULE$.error(new StringBuilder(35).append("Failed to create HMAC256 verifier: ").append(error).toString());
            }), obj, function2);
        });
        optionParser.opt("auth-jwt-rs256-crt", Read$.MODULE$.stringRead()).optional().validate(str3 -> {
            return MODULE$.validatePath(str3, "The certificate file specified via --auth-jwt-rs256-crt does not exist");
        }).text("Enables JWT-based authorization, where the JWT is signed by RSA256 with a public key loaded from the given X509 certificate file (.crt)").action((str4, obj2) -> {
            return setJwtVerifier$1((JwtVerifier) RSA256Verifier$.MODULE$.fromCrtFile(str4).valueOr(error -> {
                return scala.sys.package$.MODULE$.error(new StringBuilder(34).append("Failed to create RSA256 verifier: ").append(error).toString());
            }), obj2, function2);
        });
        optionParser.opt("auth-jwt-es256-crt", Read$.MODULE$.stringRead()).optional().validate(str5 -> {
            return MODULE$.validatePath(str5, "The certificate file specified via --auth-jwt-es256-crt does not exist");
        }).text("Enables JWT-based authorization, where the JWT is signed by ECDSA256 with a public key loaded from the given X509 certificate file (.crt)").action((str6, obj3) -> {
            return setJwtVerifier$1((JwtVerifier) ECDSAVerifier$.MODULE$.fromCrtFile(str6, eCPublicKey -> {
                return Algorithm.ECDSA256(eCPublicKey, (ECPrivateKey) null);
            }).valueOr(error -> {
                return scala.sys.package$.MODULE$.error(new StringBuilder(36).append("Failed to create ECDSA256 verifier: ").append(error).toString());
            }), obj3, function2);
        });
        optionParser.opt("auth-jwt-es512-crt", Read$.MODULE$.stringRead()).optional().validate(str7 -> {
            return MODULE$.validatePath(str7, "The certificate file specified via --auth-jwt-es512-crt does not exist");
        }).text("Enables JWT-based authorization, where the JWT is signed by ECDSA512 with a public key loaded from the given X509 certificate file (.crt)").action((str8, obj4) -> {
            return setJwtVerifier$1((JwtVerifier) ECDSAVerifier$.MODULE$.fromCrtFile(str8, eCPublicKey -> {
                return Algorithm.ECDSA512(eCPublicKey, (ECPrivateKey) null);
            }).valueOr(error -> {
                return scala.sys.package$.MODULE$.error(new StringBuilder(36).append("Failed to create ECDSA512 verifier: ").append(error).toString());
            }), obj4, function2);
        });
        optionParser.opt("auth-jwt-rs256-jwks", Read$.MODULE$.stringRead()).optional().validate(str9 -> {
            return package$.MODULE$.Either().cond(str9.length() > 0, () -> {
            }, () -> {
                return "JWK server URL must be a non-empty string";
            });
        }).text("Enables JWT-based authorization, where the JWT is signed by RSA256 with a public key loaded from the given JWKS URL").action((str10, obj5) -> {
            return setJwtVerifier$1(JwksVerifier$.MODULE$.apply(str10), obj5, function2);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Either<String, BoxedUnit> validatePath(String str, String str2) {
        return BoxesRunTime.unboxToBoolean(Try$.MODULE$.apply(() -> {
            return Paths.get(str, new String[0]).toFile().canRead();
        }).getOrElse(() -> {
            return false;
        })) ? package$.MODULE$.Right().apply(BoxedUnit.UNIT) : package$.MODULE$.Left().apply(str2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final Object setJwtVerifier$1(JwtVerifierBase jwtVerifierBase, Object obj, Function2 function2) {
        return function2.apply(jwtVerifierBase, obj);
    }

    private JwtVerifierConfigurationCli$() {
    }
}
