package org.http4s.server.middleware.authentication;

import cats.Monad;
import cats.data.Kleisli;
import cats.data.Kleisli$;
import cats.data.NonEmptyList;
import cats.data.OptionT;
import cats.effect.kernel.Async;
import cats.effect.kernel.Sync;
import cats.syntax.EitherObjectOps$;
import cats.syntax.package$all$;
import java.io.Serializable;
import org.http4s.AuthScheme$;
import org.http4s.AuthedRequest$;
import org.http4s.Challenge;
import org.http4s.Challenge$;
import org.http4s.ContextRequest;
import org.http4s.Credentials;
import org.http4s.Credentials$AuthParams$;
import org.http4s.Header$Select$;
import org.http4s.Headers$;
import org.http4s.Request;
import org.http4s.Response;
import org.http4s.crypto.Hash;
import org.http4s.crypto.Hash$;
import org.http4s.crypto.Priority$;
import org.http4s.headers.Authorization;
import org.http4s.headers.Authorization$;
import org.http4s.server.middleware.authentication.DigestAuth;
import org.http4s.server.middleware.authentication.NonceKeeper;
import org.typelevel.ci.CIString;
import scala.$less$colon$less$;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Some$;
import scala.Tuple2;
import scala.collection.SetOps;
import scala.collection.immutable.Map;
import scala.concurrent.duration.Duration;
import scala.concurrent.duration.package;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.ScalaRunTime$;
import scala.util.Either;

/* compiled from: DigestAuth.scala */
/* loaded from: input_file:org/http4s/server/middleware/authentication/DigestAuth$.class */
public final class DigestAuth$ implements Serializable {
    private static final DigestAuth$OK$ OK = null;
    private static final DigestAuth$StaleNonce$ StaleNonce = null;
    private static final DigestAuth$BadNC$ BadNC = null;
    private static final DigestAuth$WrongResponse$ WrongResponse = null;
    private static final DigestAuth$BadParameters$ BadParameters = null;
    private static final DigestAuth$UserUnknown$ UserUnknown = null;
    private static final DigestAuth$NoCredentials$ NoCredentials = null;
    private static final DigestAuth$NoAuthorizationHeader$ NoAuthorizationHeader = null;
    public static final DigestAuth$ MODULE$ = new DigestAuth$();

    private DigestAuth$() {
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(DigestAuth$.class);
    }

    public <F, A> Function1<Kleisli<OptionT, ContextRequest<F, A>, Response<F>>, Kleisli<OptionT, Request<F>, Response<F>>> apply(String str, Function1<String, Object> function1, Duration duration, Duration duration2, int i, Async<F> async) {
        Kleisli<F, Request<F>, Either<Challenge, ContextRequest<F, A>>> challenge = challenge(str, function1, new NonceKeeper(duration2.toMillis(), duration.toMillis(), i), async);
        return kleisli -> {
            return package$.MODULE$.challenged(challenge, kleisli, async);
        };
    }

    public <F, A> Duration apply$default$3() {
        return new package.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).hour();
    }

    public <F, A> Duration apply$default$4() {
        return new package.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).hour();
    }

    public int apply$default$5() {
        return 160;
    }

    public <F, A> Kleisli<F, Request<F>, Either<Challenge, ContextRequest<F, A>>> challenge(String str, Function1<String, Object> function1, NonceKeeper nonceKeeper, Async<F> async) {
        return Kleisli$.MODULE$.apply(request -> {
            return package$all$.MODULE$.toFlatMapOps(checkAuth(str, function1, nonceKeeper, request, Hash$.MODULE$.forAsyncOrMonadThrow(Priority$.MODULE$.preferred(async)), async), async).flatMap(authReply -> {
                if (authReply instanceof DigestAuth.OK) {
                    return async.pure(EitherObjectOps$.MODULE$.right$extension(package$all$.MODULE$.catsSyntaxEitherObject(scala.package$.MODULE$.Either()), AuthedRequest$.MODULE$.apply(DigestAuth$OK$.MODULE$.unapply((DigestAuth.OK) authReply)._1(), request)));
                }
                return DigestAuth$StaleNonce$.MODULE$.equals(authReply) ? package$all$.MODULE$.toFunctorOps(getChallengeParams(nonceKeeper, true, async), async).map(map -> {
                    return paramsToChallenge$1(str, map);
                }) : package$all$.MODULE$.toFunctorOps(getChallengeParams(nonceKeeper, false, async), async).map(map2 -> {
                    return paramsToChallenge$1(str, map2);
                });
            });
        });
    }

    private <F, A> Object checkAuth(String str, Function1<String, Object> function1, NonceKeeper nonceKeeper, Request<F> request, Hash<F> hash, Monad<F> monad) {
        Some some = Headers$.MODULE$.get$extension(request.headers(), Header$Select$.MODULE$.singleHeaders(Authorization$.MODULE$.headerInstance()));
        if (!(some instanceof Some)) {
            if (None$.MODULE$.equals(some)) {
                return monad.pure(DigestAuth$NoAuthorizationHeader$.MODULE$);
            }
            throw new MatchError(some);
        }
        Authorization authorization = (Authorization) some.value();
        if (authorization != null) {
            Credentials.AuthParams _1 = Authorization$.MODULE$.unapply(authorization)._1();
            if (_1 instanceof Credentials.AuthParams) {
                Credentials.AuthParams unapply = Credentials$AuthParams$.MODULE$.unapply(_1);
                CIString _12 = unapply._1();
                NonEmptyList<Tuple2<String, String>> _2 = unapply._2();
                CIString Digest = AuthScheme$.MODULE$.Digest();
                if (Digest != null ? Digest.equals(_12) : _12 == null) {
                    return checkAuthParams(str, function1, nonceKeeper, request, _2, hash, monad);
                }
            }
        }
        return monad.pure(DigestAuth$NoCredentials$.MODULE$);
    }

    private <F> Object getChallengeParams(NonceKeeper nonceKeeper, boolean z, Sync<F> sync) {
        return sync.delay(() -> {
            return r1.getChallengeParams$$anonfun$1(r2, r3);
        });
    }

    private <F, A> Object checkAuthParams(String str, Function1<String, Object> function1, NonceKeeper nonceKeeper, Request<F> request, NonEmptyList<Tuple2<String, String>> nonEmptyList, Hash<F> hash, Monad<F> monad) {
        Map map = nonEmptyList.toList().toMap($less$colon$less$.MODULE$.refl());
        if (!((SetOps) Predef$.MODULE$.Set().apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{"realm", "nonce", "nc", "username", "cnonce", "qop"}))).subsetOf(map.keySet())) {
            return monad.pure(DigestAuth$BadParameters$.MODULE$);
        }
        String method = request.method().toString();
        String uri = request.uri().toString();
        Option option = map.get("realm");
        Some apply = Some$.MODULE$.apply(str);
        if (option != null ? !option.equals(apply) : apply != null) {
            return monad.pure(DigestAuth$BadParameters$.MODULE$);
        }
        String str2 = (String) map.apply("nonce");
        String str3 = (String) map.apply("nc");
        NonceKeeper.Reply receiveNonce = nonceKeeper.receiveNonce(str2, Integer.parseInt(str3, 16));
        if (NonceKeeper$StaleReply$.MODULE$.equals(receiveNonce)) {
            return monad.pure(DigestAuth$StaleNonce$.MODULE$);
        }
        if (NonceKeeper$BadNCReply$.MODULE$.equals(receiveNonce)) {
            return monad.pure(DigestAuth$BadNC$.MODULE$);
        }
        if (NonceKeeper$OKReply$.MODULE$.equals(receiveNonce)) {
            return package$all$.MODULE$.toFlatMapOps(function1.apply(map.apply("username")), monad).flatMap(option2 -> {
                Tuple2 tuple2;
                if (None$.MODULE$.equals(option2)) {
                    return monad.pure(DigestAuth$UserUnknown$.MODULE$);
                }
                if (!(option2 instanceof Some) || (tuple2 = (Tuple2) ((Some) option2).value()) == null) {
                    throw new MatchError(option2);
                }
                Object _1 = tuple2._1();
                return package$all$.MODULE$.toFunctorOps(DigestUtil$.MODULE$.computeResponse(method, (String) map.apply("username"), str, (String) tuple2._2(), uri, str2, str3, (String) map.apply("cnonce"), (String) map.apply("qop"), monad, hash), monad).map(str4 -> {
                    Object apply2 = map.apply("response");
                    return (str4 != null ? !str4.equals(apply2) : apply2 != null) ? DigestAuth$WrongResponse$.MODULE$ : DigestAuth$OK$.MODULE$.apply(_1);
                });
            });
        }
        throw new MatchError(receiveNonce);
    }

    private final Either paramsToChallenge$1(String str, Map map) {
        return EitherObjectOps$.MODULE$.left$extension(package$all$.MODULE$.catsSyntaxEitherObject(scala.package$.MODULE$.Either()), Challenge$.MODULE$.apply("Digest", str, map));
    }

    private final Map getChallengeParams$$anonfun$1(NonceKeeper nonceKeeper, boolean z) {
        Map map = (Map) Predef$.MODULE$.Map().apply(ScalaRunTime$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension((String) Predef$.MODULE$.ArrowAssoc("qop"), "auth"), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension((String) Predef$.MODULE$.ArrowAssoc("nonce"), nonceKeeper.newNonce())}));
        return z ? map.$plus(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension((String) Predef$.MODULE$.ArrowAssoc("stale"), "TRUE")) : map;
    }
}
