package io.unsecurity.auth.auth0.m2m;

import cats.Monad;
import cats.data.EitherT;
import cats.data.OptionT;
import cats.effect.Sync;
import cats.kernel.Eq;
import com.auth0.jwk.JwkProvider;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.RSAKeyProvider;
import io.circe.Encoder;
import io.circe.parser.package$;
import io.unsecurity.SecurityContext;
import io.unsecurity.UnsecurityOps;
import io.unsecurity.UnsecurityOps$StreamResponse$;
import io.unsecurity.UnsecurityOps$responses$;
import io.unsecurity.auth.auth0.oidc.Jwt;
import io.unsecurity.auth.auth0.oidc.Jwt$JwtHeader$;
import io.unsecurity.hlinx.ParamConverter;
import java.net.URI;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.time.Instant;
import java.time.OffsetDateTime;
import java.time.ZoneId;
import java.time.ZoneOffset;
import no.scalabin.http4s.directives.Directive;
import no.scalabin.http4s.directives.Directive$;
import no.scalabin.http4s.directives.DirectiveOps;
import no.scalabin.http4s.directives.RequestDirectives;
import no.scalabin.http4s.directives.RequestDirectives$request$;
import no.scalabin.http4s.directives.WhenOps;
import no.scalabin.http4s.directives.when;
import okio.ByteString;
import org.http4s.Header;
import org.http4s.HeaderKey;
import org.http4s.Method;
import org.http4s.Request;
import org.http4s.RequestCookie;
import org.http4s.Response;
import org.http4s.Uri;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.Function1;
import scala.MatchError;
import scala.Option;
import scala.PartialFunction;
import scala.Predef$;
import scala.Tuple3;
import scala.collection.ArrayOps$;
import scala.collection.immutable.List;
import scala.reflect.ScalaSignature;
import scala.runtime.Nothing$;
import scala.util.Either;
import scala.util.Try;
import scala.util.Try$;

/* compiled from: Auth0M2MSecurityContext.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005Eg\u0001\u0002\u000b\u0016\u0001\u0001B\u0001\u0002\u0012\u0001\u0003\u0002\u0003\u0006I!\u0012\u0005\t\u0019\u0002\u0011\t\u0011)A\u0005\u001b\"A\u0001\f\u0001B\u0001B\u0003%Q\n\u0003\u0005Z\u0001\t\u0005\t\u0015!\u0003[\u0011!\u0019\u0007AaA!\u0002\u0017!\u0007\"\u00027\u0001\t\u0003i\u0007BB;\u0001A\u0003%a\u000fC\u0003\u007f\u0001\u0011\u0005s\u0010C\u0004\u0002\u001a\u0001!\t%a\u0007\t\u000f\u0005}\u0001\u0001\"\u0011\u0002\"!9\u0011q\u0005\u0001\u0005\n\u0005m\u0001bBA\u0015\u0001\u0011%\u00111\u0006\u0005\b\u0003\u0007\u0002A\u0011BA#\u0011\u001d\t\u0019\b\u0001C\u0005\u0003kBq!a\u001f\u0001\t\u0013\ti\bC\u0004\u0002\u001c\u0002!I!!(\t\u000f\u0005E\u0004\u0001\"\u0003\u00028\"9\u0011Q\u0019\u0001\u0005\n\u0005\u001d\u0007bBAf\u0001\u0011%\u0011Q\u001a\u0002\u0018\u0003V$\b\u000eM'3\u001bN+7-\u001e:jif\u001cuN\u001c;fqRT!AF\f\u0002\u00075\u0014TN\u0003\u0002\u00193\u0005)\u0011-\u001e;ia)\u0011!dG\u0001\u0005CV$\bN\u0003\u0002\u001d;\u0005QQO\\:fGV\u0014\u0018\u000e^=\u000b\u0003y\t!![8\u0004\u0001U\u0019\u0011EL \u0014\t\u0001\u0011\u0003&\u0011\t\u0003G\u0019j\u0011\u0001\n\u0006\u0002K\u0005)1oY1mC&\u0011q\u0005\n\u0002\u0007\u0003:L(+\u001a4\u0011\u000b%RCF\u000f \u000e\u0003mI!aK\u000e\u0003\u001fM+7-\u001e:jif\u001cuN\u001c;fqR\u0004\"!\f\u0018\r\u0001\u0011)q\u0006\u0001b\u0001a\t\ta)\u0006\u00022qE\u0011!'\u000e\t\u0003GMJ!\u0001\u000e\u0013\u0003\u000f9{G\u000f[5oOB\u00111EN\u0005\u0003o\u0011\u00121!\u00118z\t\u0015IdF1\u00012\u0005\u0005y\u0006CA\u001e=\u001b\u0005)\u0012BA\u001f\u0016\u0005uy\u0015-\u001e;i\u0003V$\b.\u001a8uS\u000e\fG/\u001a3BaBd\u0017nY1uS>t\u0007CA\u0017@\t\u0015\u0001\u0005A1\u00012\u0005\u0005)\u0006cA\u0015CY%\u00111i\u0007\u0002\u000e+:\u001cXmY;sSRLx\n]:\u0002\r1|wn[;q!\u0011\u0019cI\u000f%\n\u0005\u001d##!\u0003$v]\u000e$\u0018n\u001c82!\ric&\u0013\t\u0004G)s\u0014BA&%\u0005\u0019y\u0005\u000f^5p]\u0006Q\u0011-\u001e;i\t>l\u0017-\u001b8\u0011\u00059+fBA(T!\t\u0001F%D\u0001R\u0015\t\u0011v$\u0001\u0004=e>|GOP\u0005\u0003)\u0012\na\u0001\u0015:fI\u00164\u0017B\u0001,X\u0005\u0019\u0019FO]5oO*\u0011A\u000bJ\u0001\tCV$\u0017.\u001a8dK\u0006Y!n^6Qe>4\u0018\u000eZ3s!\tY\u0016-D\u0001]\u0015\tif,A\u0002ko.T!\u0001G0\u000b\u0003\u0001\f1aY8n\u0013\t\u0011GLA\u0006Ko.\u0004&o\u001c<jI\u0016\u0014\u0018AC3wS\u0012,gnY3%cA\u0019QM\u001b\u0017\u000e\u0003\u0019T!a\u001a5\u0002\r\u00154g-Z2u\u0015\u0005I\u0017\u0001B2biNL!a\u001b4\u0003\tMKhnY\u0001\u0007y%t\u0017\u000e\u001e \u0015\u000b9\f(o\u001d;\u0015\u0005=\u0004\b\u0003B\u001e\u0001YyBQa\u0019\u0004A\u0004\u0011DQ\u0001\u0012\u0004A\u0002\u0015CQ\u0001\u0014\u0004A\u00025CQ\u0001\u0017\u0004A\u00025CQ!\u0017\u0004A\u0002i\u000b1\u0001\\8h!\t9H0D\u0001y\u0015\tI(0A\u0003m_\u001e$4OC\u0001|\u0003\ry'oZ\u0005\u0003{b\u0014a\u0001T8hO\u0016\u0014\u0018\u0001D1vi\",g\u000e^5dCR,WCAA\u0001!\u0019\t\u0019!!\u0006-u5\u0011\u0011Q\u0001\u0006\u0005\u0003\u000f\tI!\u0001\u0006eSJ,7\r^5wKNTA!a\u0003\u0002\u000e\u00051\u0001\u000e\u001e;qiMTA!a\u0004\u0002\u0012\u0005A1oY1mC\nLgN\u0003\u0002\u0002\u0014\u0005\u0011an\\\u0005\u0005\u0003/\t)AA\u0005ESJ,7\r^5wK\u0006I\u0001p\u001d:g\u0007\",7m[\u000b\u0003\u0003;\u0001b!a\u0001\u0002\u00161j\u0015!\u0004;sC:\u001chm\u001c:n+N,'\u000fF\u0002I\u0003GAa!!\n\u000b\u0001\u0004Q\u0014a\u0002:boV\u001bXM]\u0001\u0011e\u0016\fX/Z:u\u0003V$\b\u000eV8lK:\f!\u0002Z3d_\u0012,GMS,U)\u0011\ti#a\u0010\u0011\u000f\u0005\r\u0011Q\u0003\u0017\u00020A!\u0011\u0011GA\u001e\u001b\t\t\u0019D\u0003\u0003\u00026\u0005]\u0012AC5oi\u0016\u0014h-Y2fg*\u0019\u0011\u0011\b0\u0002\u0007)<H/\u0003\u0003\u0002>\u0005M\"A\u0003#fG>$W\r\u001a&X)\"1\u0011\u0011\t\u0007A\u00025\u000bQ\u0001^8lK:\f\u0011B[<u\u0011\u0016\fG-\u001a:\u0015\t\u0005\u001d\u0013q\u000e\t\b\u0003\u0007\t)\u0002LA%!\u0011\tY%!\u001b\u000f\t\u00055\u00131\r\b\u0005\u0003\u001f\nyF\u0004\u0003\u0002R\u0005uc\u0002BA*\u00037rA!!\u0016\u0002Z9\u0019\u0001+a\u0016\n\u0003yI!\u0001H\u000f\n\u0005iY\u0012B\u0001\r\u001a\u0013\r\t\tgF\u0001\u0005_&$7-\u0003\u0003\u0002f\u0005\u001d\u0014a\u0001&xi*\u0019\u0011\u0011M\f\n\t\u0005-\u0014Q\u000e\u0002\n\u0015^$\b*Z1eKJTA!!\u001a\u0002h!9\u0011\u0011O\u0007A\u0002\u0005=\u0012\u0001\u00036xiR{7.\u001a8\u0002\u0019\u0011,7m\u001c3f\u0005\u0006\u001cXM\u000e\u001b\u0015\t\u0005u\u0011q\u000f\u0005\u0007\u0003sr\u0001\u0019A'\u0002\u000bY\fG.^3\u0002/\r\u0014X-\u0019;f!V\u0014G.[2LKf\u0004&o\u001c<jI\u0016\u0014H\u0003BA@\u0003\u000b\u0003B!!\r\u0002\u0002&!\u00111QA\u001a\u00059\u00116+Q&fsB\u0013xN^5eKJDq!a\"\u0010\u0001\u0004\tI)A\u0005qk\nd\u0017nY&fsB!\u00111RAL\u001b\t\tiI\u0003\u0003\u00026\u0005=%\u0002BAI\u0003'\u000b\u0001b]3dkJLG/\u001f\u0006\u0003\u0003+\u000bAA[1wC&!\u0011\u0011TAG\u00051\u00116+\u0011)vE2L7mS3z\u0003E1XM]5gs\u0006\u001b7-Z:t)>\\WM\u001c\u000b\t\u0003[\ty*a,\u00024\"9\u0011\u0011\u0015\tA\u0002\u0005\r\u0016aA1mOB!\u0011QUAV\u001b\t\t9K\u0003\u0003\u0002*\u0006]\u0012AC1mO>\u0014\u0018\u000e\u001e5ng&!\u0011QVAT\u0005%\tEnZ8sSRDW\u000e\u0003\u0004\u00022B\u0001\r!T\u0001\fC\u000e\u001cWm]:U_.,g\u000e\u0003\u0004\u00026B\u0001\r!T\u0001\u000eCR$X-\u001c9uK\u0012\u0004\u0016\r\u001e5\u0015\t\u0005e\u0016\u0011\u0019\t\b\u0003\u0007\t)\u0002LA^!\rY\u0014QX\u0005\u0004\u0003\u007f+\"\u0001\u0003&xiR{7.\u001a8\t\u000f\u0005\r\u0017\u00031\u0001\u00020\u0005ia/\u001a:jM&,G\rV8lK:\fqb\u00195fG.,\u0005\u0010]5sCRLwN\u001c\u000b\u0005\u0003;\tI\rC\u0004\u0002rI\u0001\r!a/\u0002\u001d\u0015DHO]1diB\u0013xNZ5mKR!\u0011\u0011AAh\u0011\u001d\t\th\u0005a\u0001\u0003w\u0003")
/* loaded from: input_file:io/unsecurity/auth/auth0/m2m/Auth0M2MSecurityContext.class */
public class Auth0M2MSecurityContext<F, U> implements SecurityContext<F, OauthAuthenticatedApplication, U>, UnsecurityOps<F> {
    private final Function1<OauthAuthenticatedApplication, F> lookup;
    private final String authDomain;
    private final String audience;
    private final JwkProvider jwkProvider;
    private final Sync<F> evidence$1;
    private final Logger log;
    private volatile UnsecurityOps<F>.UnsecurityOps$StreamResponse$ StreamResponse$module;
    private volatile UnsecurityOps<F>.UnsecurityOps$responses$ responses$module;
    private volatile RequestDirectives<F>.RequestDirectives$request$ request$module;

    public <E, A> Directive<F, A> eitherToDirective(Either<E, A> either, Function1<E, Response<F>> function1, Monad<F> monad) {
        return UnsecurityOps.eitherToDirective$(this, either, function1, monad);
    }

    public <A> UnsecurityOps<F>.TryDirectives<A> TryDirectives(Try<A> r5, Sync<F> sync) {
        return UnsecurityOps.TryDirectives$(this, r5, sync);
    }

    public UnsecurityOps<F>.BooleanDirectives BooleanDirectives(boolean z, Sync<F> sync) {
        return UnsecurityOps.BooleanDirectives$(this, z, sync);
    }

    public Directive<F, RequestCookie> cookie(String str, Sync<F> sync) {
        return UnsecurityOps.cookie$(this, str, sync);
    }

    public Directive<F, List<RequestCookie>> requestCookies(Sync<F> sync) {
        return UnsecurityOps.requestCookies$(this, sync);
    }

    public <A> Directive<F, Option<A>> queryParamAs(String str, ParamConverter<A> paramConverter, Sync<F> sync) {
        return UnsecurityOps.queryParamAs$(this, str, paramConverter, sync);
    }

    public Directive<F, String> requiredQueryParam(String str, Sync<F> sync) {
        return UnsecurityOps.requiredQueryParam$(this, str, sync);
    }

    public <A> Directive<F, A> requiredQueryParamAs(String str, ParamConverter<A> paramConverter, Sync<F> sync) {
        return UnsecurityOps.requiredQueryParamAs$(this, str, paramConverter, sync);
    }

    public Response<F> Redirect(Uri uri, Sync<F> sync) {
        return UnsecurityOps.Redirect$(this, uri, sync);
    }

    public Response<F> Redirect(String str, Sync<F> sync) {
        return UnsecurityOps.Redirect$(this, str, sync);
    }

    public Response<F> Redirect(URI uri, Sync<F> sync) {
        return UnsecurityOps.Redirect$(this, uri, sync);
    }

    public <B> Directive<F, B> BadRequest(String str, Sync<F> sync) {
        return UnsecurityOps.BadRequest$(this, str, sync);
    }

    public <A> Directive<F, A> NotFound(Sync<F> sync) {
        return UnsecurityOps.NotFound$(this, sync);
    }

    public <B> Directive<F, B> Unauthorized(String str, Sync<F> sync) {
        return UnsecurityOps.Unauthorized$(this, str, sync);
    }

    public <A> Directive<F, A> Forbidden(Sync<F> sync) {
        return UnsecurityOps.Forbidden$(this, sync);
    }

    public <B> Directive<F, B> InternalServerError(String str, Option<String> option, Sync<F> sync) {
        return UnsecurityOps.InternalServerError$(this, str, option, sync);
    }

    public <B> Option<String> InternalServerError$default$2() {
        return UnsecurityOps.InternalServerError$default$2$(this);
    }

    public <A> Directive<F, Response<F>> Ok(A a, Encoder<A> encoder, Sync<F> sync) {
        return UnsecurityOps.Ok$(this, a, encoder, sync);
    }

    public <A> Directive<F, Response<F>> Accepted(A a, Encoder<A> encoder, Sync<F> sync) {
        return UnsecurityOps.Accepted$(this, a, encoder, sync);
    }

    public Directive<F, Method> MethodDirective(Method method, Eq<Method> eq, Monad<F> monad) {
        return RequestDirectives.MethodDirective$(this, method, eq, monad);
    }

    public <KEY extends HeaderKey> Directive<F, Option<Header>> liftHeaderDirective(KEY key, Monad<F> monad) {
        return RequestDirectives.liftHeaderDirective$(this, key, monad);
    }

    public <KEY extends HeaderKey> RequestDirectives<F>.HeaderDirective<KEY> HeaderDirective(KEY key, Monad<F> monad) {
        return RequestDirectives.HeaderDirective$(this, key, monad);
    }

    public <A> when<F, A> when(PartialFunction<Request<F>, A> partialFunction, Monad<F> monad) {
        return WhenOps.when$(this, partialFunction, monad);
    }

    public DirectiveOps<F>.DirectiveResponseOps DirectiveResponseOps(Directive<F, Response<F>> directive, Monad<F> monad) {
        return DirectiveOps.DirectiveResponseOps$(this, directive, monad);
    }

    public DirectiveOps<F>.FilterSyntax FilterSyntax(boolean z) {
        return DirectiveOps.FilterSyntax$(this, z);
    }

    public <X> DirectiveOps<F>.MonadDecorator<X> MonadDecorator(F f, Monad<F> monad) {
        return DirectiveOps.MonadDecorator$(this, f, monad);
    }

    public <A> DirectiveOps<F>.OptionDirectives<A> OptionDirectives(Option<A> option, Monad<F> monad) {
        return DirectiveOps.OptionDirectives$(this, option, monad);
    }

    public <E, A> DirectiveOps<F>.EitherDirectives<E, A> EitherDirectives(Either<E, A> either, Monad<F> monad) {
        return DirectiveOps.EitherDirectives$(this, either, monad);
    }

    public <E, A> DirectiveOps<F>.EitherTDirectives<E, A> EitherTDirectives(EitherT<F, E, A> eitherT, Monad<F> monad) {
        return DirectiveOps.EitherTDirectives$(this, eitherT, monad);
    }

    public <A> DirectiveOps<F>.OptionTDirectives<A> OptionTDirectives(OptionT<F, A> optionT, Monad<F> monad) {
        return DirectiveOps.OptionTDirectives$(this, optionT, monad);
    }

    public UnsecurityOps<F>.UnsecurityOps$StreamResponse$ StreamResponse() {
        if (this.StreamResponse$module == null) {
            StreamResponse$lzycompute$1();
        }
        return this.StreamResponse$module;
    }

    public UnsecurityOps<F>.UnsecurityOps$responses$ responses() {
        if (this.responses$module == null) {
            responses$lzycompute$1();
        }
        return this.responses$module;
    }

    public RequestDirectives<F>.RequestDirectives$request$ request() {
        if (this.request$module == null) {
            request$lzycompute$1();
        }
        return this.request$module;
    }

    public Directive<F, OauthAuthenticatedApplication> authenticate() {
        return request().path(this.evidence$1).flatMap(str -> {
            return this.requestAuthToken().flatMap(str -> {
                return this.decodedJWT(str).flatMap(decodedJWT -> {
                    return this.jwtHeader(decodedJWT).map(jwtHeader -> {
                        RSAPublicKey rSAPublicKey = (RSAPublicKey) this.jwkProvider.get(jwtHeader.kid()).getPublicKey();
                        return new Tuple3(jwtHeader, rSAPublicKey, Algorithm.RSA256(this.createPublicKeyProvider(rSAPublicKey)));
                    }).flatMap(tuple3 -> {
                        if (tuple3 != null) {
                            return this.verifyAccessToken((Algorithm) tuple3._3(), str, str).flatMap(decodedJWT -> {
                                return this.jwtToken(decodedJWT).flatMap(jwtToken -> {
                                    return this.checkExpiration(jwtToken).flatMap(str -> {
                                        return this.extractProfile(jwtToken).map(oauthAuthenticatedApplication -> {
                                            return oauthAuthenticatedApplication;
                                        });
                                    });
                                });
                            });
                        }
                        throw new MatchError(tuple3);
                    });
                });
            });
        });
    }

    public Directive<F, String> xsrfCheck() {
        return Directive$.MODULE$.success(() -> {
            return "";
        }, this.evidence$1);
    }

    public F transformUser(OauthAuthenticatedApplication oauthAuthenticatedApplication) {
        return (F) this.lookup.apply(oauthAuthenticatedApplication);
    }

    private Directive<F, String> requestAuthToken() {
        return request().header("authorization", this.evidence$1).flatMap(option -> {
            return this.OptionDirectives(option.map(header -> {
                return (String) ArrayOps$.MODULE$.last$extension(Predef$.MODULE$.refArrayOps(header.value().split(" ")));
            }), this.evidence$1).toSuccess(this.Unauthorized("Authorization header not found. Please log in", this.evidence$1)).map(str -> {
                return str;
            });
        });
    }

    private Directive<F, DecodedJWT> decodedJWT(String str) {
        return TryDirectives(Try$.MODULE$.apply(() -> {
            return JWT.decode(str);
        }), this.evidence$1).toSuccess(th -> {
            this.log.warn("Could not extract token from request", th);
            return this.Unauthorized("Could not extract token from request", this.evidence$1);
        });
    }

    private Directive<F, Jwt.JwtHeader> jwtHeader(DecodedJWT decodedJWT) {
        return decodeBase64(decodedJWT.getHeader()).flatMap(str -> {
            return this.EitherDirectives(package$.MODULE$.decode(str, Jwt$JwtHeader$.MODULE$.jwtDeaderDecoder()), this.evidence$1).toSuccess(error -> {
                this.log.warn("Could not decode jwt header", error);
                return this.Unauthorized("Could not decode jwt header", this.evidence$1);
            }).map(jwtHeader -> {
                return jwtHeader;
            });
        });
    }

    private Directive<F, String> decodeBase64(String str) {
        return Directive$.MODULE$.success(() -> {
            return ByteString.decodeBase64(str).utf8();
        }, this.evidence$1);
    }

    private RSAKeyProvider createPublicKeyProvider(final RSAPublicKey rSAPublicKey) {
        final Auth0M2MSecurityContext auth0M2MSecurityContext = null;
        return new RSAKeyProvider(auth0M2MSecurityContext, rSAPublicKey) { // from class: io.unsecurity.auth.auth0.m2m.Auth0M2MSecurityContext$$anon$1
            private final RSAPublicKey publicKey$1;

            public Nothing$ getPrivateKeyId() {
                throw new UnsupportedOperationException("The private key is stored at the IdP and should never hit our app. Use this KeyProvider only for verification, not signing!");
            }

            /* renamed from: getPublicKeyById, reason: merged with bridge method [inline-methods] */
            public RSAPublicKey m4getPublicKeyById(String str) {
                return this.publicKey$1;
            }

            /* renamed from: getPrivateKey, reason: merged with bridge method [inline-methods] */
            public RSAPrivateKey m3getPrivateKey() {
                throw new UnsupportedOperationException("The private key is stored at the IdP and should never hit our app. Use this KeyProvider only for verification, not signing!");
            }

            /* renamed from: getPrivateKeyId, reason: collision with other method in class */
            public /* bridge */ /* synthetic */ String m5getPrivateKeyId() {
                throw getPrivateKeyId();
            }

            {
                this.publicKey$1 = rSAPublicKey;
            }
        };
    }

    private Directive<F, DecodedJWT> verifyAccessToken(Algorithm algorithm, String str, String str2) {
        JWTVerifier build = JWT.require(algorithm).withIssuer(new String[]{new StringBuilder(9).append("https://").append(this.authDomain).append("/").toString()}).withAudience(new String[]{this.audience}).build();
        return TryDirectives(Try$.MODULE$.apply(() -> {
            return build.verify(str);
        }), this.evidence$1).toSuccess(th -> {
            if (this.log.isWarnEnabled()) {
                this.log.warn(new StringBuilder(33).append("Could not verify token for path: ").append(str2).toString(), th);
            }
            return this.Unauthorized("Could not verify token", this.evidence$1);
        });
    }

    private Directive<F, JwtToken> jwtToken(DecodedJWT decodedJWT) {
        return decodeBase64(decodedJWT.getPayload()).flatMap(str -> {
            return this.EitherDirectives(package$.MODULE$.decode(str, JwtToken$.MODULE$.jwtTokenDecoder()), this.evidence$1).toSuccess(error -> {
                if (this.log.isWarnEnabled()) {
                    this.log.warn(new StringBuilder(30).append("Unable to decode JWT payload: ").append(error).toString());
                }
                return this.Unauthorized("Unable to decode JWT payload", this.evidence$1);
            }).map(jwtToken -> {
                return jwtToken;
            });
        });
    }

    private Directive<F, String> checkExpiration(JwtToken jwtToken) {
        OffsetDateTime from = OffsetDateTime.from(Instant.ofEpochSecond(jwtToken.exp()).atOffset(ZoneOffset.UTC));
        OffsetDateTime now = OffsetDateTime.now(ZoneId.from(ZoneOffset.UTC));
        return now.isAfter(from) ? (Directive<F, String>) Unauthorized(new StringBuilder(44).append("Token is expired! ").append(now).append(" is after expirationTime: ").append(from).toString(), this.evidence$1) : Directive$.MODULE$.success(() -> {
            return "Valid token";
        }, this.evidence$1);
    }

    private Directive<F, OauthAuthenticatedApplication> extractProfile(JwtToken jwtToken) {
        return Directive$.MODULE$.success(() -> {
            return new OauthAuthenticatedApplication(jwtToken.sub(), jwtToken.scopes());
        }, this.evidence$1);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v5, types: [io.unsecurity.auth.auth0.m2m.Auth0M2MSecurityContext] */
    private final void StreamResponse$lzycompute$1() {
        ?? r0 = this;
        synchronized (r0) {
            if (this.StreamResponse$module == null) {
                r0 = this;
                r0.StreamResponse$module = new UnsecurityOps$StreamResponse$(this);
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v5, types: [io.unsecurity.auth.auth0.m2m.Auth0M2MSecurityContext] */
    private final void responses$lzycompute$1() {
        ?? r0 = this;
        synchronized (r0) {
            if (this.responses$module == null) {
                r0 = this;
                r0.responses$module = new UnsecurityOps$responses$(this);
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v5, types: [io.unsecurity.auth.auth0.m2m.Auth0M2MSecurityContext] */
    private final void request$lzycompute$1() {
        ?? r0 = this;
        synchronized (r0) {
            if (this.request$module == null) {
                r0 = this;
                r0.request$module = new RequestDirectives$request$(this);
            }
        }
    }

    public Auth0M2MSecurityContext(Function1<OauthAuthenticatedApplication, F> function1, String str, String str2, JwkProvider jwkProvider, Sync<F> sync) {
        this.lookup = function1;
        this.authDomain = str;
        this.audience = str2;
        this.jwkProvider = jwkProvider;
        this.evidence$1 = sync;
        DirectiveOps.$init$(this);
        WhenOps.$init$(this);
        RequestDirectives.$init$(this);
        UnsecurityOps.$init$(this);
        this.log = LoggerFactory.getLogger("io.unsecurity.auth.auth0.m2m.Auth0M2MSecurityContext");
    }
}
