package com.gu.googleauth;

import play.api.libs.json.JsLookup$;
import play.api.libs.json.JsValue;
import play.api.libs.json.JsValue$;
import play.api.libs.ws.WSClient;
import play.api.libs.ws.WSResponse;
import play.api.libs.ws.package$;
import play.api.mvc.RequestHeader;
import play.api.mvc.Result;
import play.api.mvc.Results$;
import scala.Function1;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.StringContext;
import scala.Tuple2;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.immutable.Map;
import scala.collection.mutable.ArrayOps;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: auth.scala */
/* loaded from: input_file:com/gu/googleauth/GoogleAuth$.class */
public final class GoogleAuth$ {
    public static GoogleAuth$ MODULE$;
    private Option<Future<DiscoveryDocument>> discoveryDocumentHolder;

    static {
        new GoogleAuth$();
    }

    public Option<Future<DiscoveryDocument>> discoveryDocumentHolder() {
        return this.discoveryDocumentHolder;
    }

    public void discoveryDocumentHolder_$eq(Option<Future<DiscoveryDocument>> option) {
        this.discoveryDocumentHolder = option;
    }

    public Future<DiscoveryDocument> discoveryDocument(ExecutionContext executionContext, WSClient wSClient) {
        if (discoveryDocumentHolder().isDefined()) {
            return (Future) discoveryDocumentHolder().get();
        }
        Future<DiscoveryDocument> map = wSClient.url(DiscoveryDocument$.MODULE$.url()).get().map(wSResponse -> {
            return DiscoveryDocument$.MODULE$.fromJson(wSResponse.json());
        }, executionContext);
        discoveryDocumentHolder_$eq(new Some(map));
        return map;
    }

    public <T> T googleResponse(WSResponse wSResponse, Function1<JsValue, T> function1) {
        int status = wSResponse.status();
        switch (status) {
            default:
                return status >= 400 ? (T) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(wSResponse.json()), "error").asOpt(Error$.MODULE$.errorReads()).map(error -> {
                    throw new GoogleAuthException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Error when calling Google: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{error.message()})), GoogleAuthException$.MODULE$.$lessinit$greater$default$2());
                }).getOrElse(() -> {
                    throw new GoogleAuthException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Unknown error when calling Google [status=", ", body=", "]"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{BoxesRunTime.boxToInteger(status), wSResponse.body()})), GoogleAuthException$.MODULE$.$lessinit$greater$default$2());
                }) : (T) function1.apply(wSResponse.json());
        }
    }

    public Future<Result> redirectToGoogle(GoogleAuthConfig googleAuthConfig, String str, RequestHeader requestHeader, ExecutionContext executionContext, WSClient wSClient) {
        Map $plus$plus = Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_id"), Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{googleAuthConfig.clientId()}))), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("response_type"), Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{"code"}))), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("scope"), Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{"openid email profile"}))), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("redirect_uri"), Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{googleAuthConfig.redirectUrl()}))), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("state"), Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{googleAuthConfig.antiForgeryChecker().generateToken(str, googleAuthConfig.antiForgeryChecker().generateToken$default$2(str))})))})).$plus$plus(Option$.MODULE$.option2Iterable(googleAuthConfig.domain().map(str2 -> {
            return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("hd"), Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{str2})));
        }))).$plus$plus(Option$.MODULE$.option2Iterable(googleAuthConfig.maxAuthAge().map(duration -> {
            return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("max_auth_age"), Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{BoxesRunTime.boxToLong(duration.getStandardSeconds())}))})));
        }))).$plus$plus(Option$.MODULE$.option2Iterable(googleAuthConfig.prompt().map(str3 -> {
            return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("prompt"), Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{str3})));
        }))).$plus$plus(Option$.MODULE$.option2Iterable(UserIdentity$.MODULE$.fromRequest(requestHeader).map(userIdentity -> {
            return userIdentity.email();
        }).map(str4 -> {
            return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("login_hint"), Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{str4})));
        })));
        return discoveryDocument(executionContext, wSClient).map(discoveryDocument -> {
            return Results$.MODULE$.Redirect(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{discoveryDocument.authorization_endpoint()})), $plus$plus, Results$.MODULE$.Redirect$default$3());
        }, executionContext);
    }

    public Future<UserIdentity> validatedUserIdentity(GoogleAuthConfig googleAuthConfig, RequestHeader requestHeader, ExecutionContext executionContext, WSClient wSClient) {
        return Future$.MODULE$.fromTry(googleAuthConfig.antiForgeryChecker().verifyToken(requestHeader)).flatMap(boxedUnit -> {
            return this.discoveryDocument(executionContext, wSClient);
        }, executionContext).flatMap(discoveryDocument -> {
            return wSClient.url(discoveryDocument.token_endpoint()).post(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("code"), (Seq) requestHeader.queryString().apply("code")), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_id"), Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{googleAuthConfig.clientId()}))), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("client_secret"), Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{googleAuthConfig.clientSecret()}))), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("redirect_uri"), Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{googleAuthConfig.redirectUrl()}))), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("grant_type"), Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{"authorization_code"})))})), package$.MODULE$.writeableOf_urlEncodedForm()).flatMap(wSResponse -> {
                return (Future) this.googleResponse(wSResponse, jsValue -> {
                    Token fromJson = Token$.MODULE$.fromJson(jsValue);
                    JsonWebToken jwt = fromJson.jwt();
                    googleAuthConfig.domain().foreach(str -> {
                        $anonfun$validatedUserIdentity$5(jwt, str);
                        return BoxedUnit.UNIT;
                    });
                    return wSClient.url(discoveryDocument.userinfo_endpoint()).withHttpHeaders(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("Authorization"), new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Bearer ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{fromJson.access_token()})))})).get().map(wSResponse -> {
                        return (UserIdentity) this.googleResponse(wSResponse, jsValue -> {
                            UserInfo fromJson2 = UserInfo$.MODULE$.fromJson(jsValue);
                            return new UserIdentity(jwt.claims().sub(), jwt.claims().email(), fromJson2.given_name(), fromJson2.family_name(), jwt.claims().exp(), fromJson2.picture());
                        });
                    }, executionContext);
                });
            }, executionContext);
        }, executionContext);
    }

    public static final /* synthetic */ void $anonfun$validatedUserIdentity$5(JsonWebToken jsonWebToken, String str) {
        if (!new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(jsonWebToken.claims().email().split("@"))).lastOption().contains(str)) {
            throw new GoogleAuthException("Configured Google domain does not match", GoogleAuthException$.MODULE$.$lessinit$greater$default$2());
        }
    }

    private GoogleAuth$() {
        MODULE$ = this;
        this.discoveryDocumentHolder = None$.MODULE$;
    }
}
