package polynote.server.auth;

import java.util.NoSuchElementException;
import java.util.ServiceLoader;
import org.http4s.Request;
import org.http4s.Response;
import polynote.config.AuthProvider;
import polynote.env.ops.Enrich;
import polynote.kernel.environment.Config;
import polynote.kernel.environment.Env$;
import polynote.kernel.logging.Logging;
import polynote.server.auth.IdentityProvider;
import polynote.server.auth.Permission;
import scala.Function2;
import scala.None$;
import scala.Option;
import scala.PartialFunction;
import scala.PartialFunction$;
import scala.Predef$;
import scala.Predef$$eq$colon$eq$;
import scala.Predef$ArrowAssoc$;
import scala.collection.JavaConverters$;
import scala.collection.TraversableOnce;
import scala.collection.immutable.List$;
import scala.collection.immutable.Map;
import scala.runtime.BoxedUnit;
import scala.runtime.Nothing$;
import zio.ZIO;
import zio.ZIO$;
import zio.ZIO$AccessPartiallyApplied$;
import zio.blocking.Blocking;
import zio.blocking.package$;
import zio.clock.Clock;
import zio.system.System;

/* compiled from: IdentityProvider.scala */
/* loaded from: input_file:polynote/server/auth/IdentityProvider$.class */
public final class IdentityProvider$ {
    public static IdentityProvider$ MODULE$;
    private Map<String, ProviderLoader> loaders;
    private final IdentityProvider.Service noneService;
    private final IdentityProvider none;
    private final ZIO<Blocking, Throwable, IdentityProvider> load;
    private volatile boolean bitmap$0;

    static {
        new IdentityProvider$();
    }

    public IdentityProvider.Service noneService() {
        return this.noneService;
    }

    public IdentityProvider none() {
        return this.none;
    }

    public IdentityProvider of(final IdentityProvider.Service service) {
        return new IdentityProvider(service) { // from class: polynote.server.auth.IdentityProvider$$anon$2
            private final IdentityProvider.Service service$1;

            @Override // polynote.server.auth.IdentityProvider
            public IdentityProvider.Service identityProvider() {
                return this.service$1;
            }

            {
                this.service$1 = service;
            }
        };
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8, types: [polynote.server.auth.IdentityProvider$] */
    private Map<String, ProviderLoader> loaders$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.loaders = ((TraversableOnce) ((TraversableOnce) JavaConverters$.MODULE$.asScalaIteratorConverter(ServiceLoader.load(ProviderLoader.class).iterator()).asScala()).toList().map(providerLoader -> {
                    return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(providerLoader.providerKey()), providerLoader);
                }, List$.MODULE$.canBuildFrom())).toMap(Predef$.MODULE$.$conforms());
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        return this.loaders;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, ProviderLoader> loaders() {
        return !this.bitmap$0 ? loaders$lzycompute() : this.loaders;
    }

    public ZIO<Blocking, Throwable, IdentityProvider.Service> find(AuthProvider authProvider) {
        return package$.MODULE$.effectBlocking(() -> {
            return MODULE$.loaders();
        }).map(map -> {
            return map.get(authProvider.provider());
        }).someOrFail(new NoSuchElementException(new StringBuilder(45).append("No identity provider could be found with key ").append(authProvider.provider()).toString()), Predef$.MODULE$.$conforms()).flatMap(providerLoader -> {
            return providerLoader.provider(authProvider.config());
        });
    }

    public ZIO<Blocking, Throwable, IdentityProvider> load() {
        return this.load;
    }

    public ZIO<IdentityProvider, Nothing$, IdentityProvider.Service> access() {
        return ZIO$AccessPartiallyApplied$.MODULE$.apply$extension(ZIO$.MODULE$.access(), identityProvider -> {
            return identityProvider.identityProvider();
        });
    }

    public ZIO<IdentityProvider, Throwable, PartialFunction<Request<ZIO>, ZIO<Blocking, Throwable, Response<ZIO>>>> authRoutes() {
        return ZIO$AccessPartiallyApplied$.MODULE$.apply$extension(ZIO$.MODULE$.access(), identityProvider -> {
            return (PartialFunction) identityProvider.identityProvider().authRoutes().getOrElse(() -> {
                return PartialFunction$.MODULE$.empty();
            });
        });
    }

    public ZIO<Blocking, Permission.PermissionDenied, BoxedUnit> checkPermission(Permission permission) {
        return access().flatMap(service -> {
            return UserIdentity$.MODULE$.access().flatMap(option -> {
                return service.checkPermission(option, permission).map(boxedUnit -> {
                    $anonfun$checkPermission$3(boxedUnit);
                    return BoxedUnit.UNIT;
                });
            });
        });
    }

    public <Env extends Blocking & Clock & System & Logging & Config> ZIO<Env, Throwable, Function2<Request<ZIO>, ZIO<Env, Throwable, Response<ZIO>>, ZIO<Env, Throwable, Response<ZIO>>>> authorize(Enrich<Env, UserIdentity> enrich) {
        return access().map(service -> {
            return (request, zio) -> {
                return service.checkAuth(request).foldM(response -> {
                    return ZIO$.MODULE$.succeed(response);
                }, option -> {
                    return zio.provideSomeM(Env$.MODULE$.enrich().apply(UserIdentity$.MODULE$.of(option), enrich));
                });
            };
        });
    }

    public static final /* synthetic */ void $anonfun$checkPermission$3(BoxedUnit boxedUnit) {
    }

    private IdentityProvider$() {
        MODULE$ = this;
        this.noneService = new IdentityProvider.Service() { // from class: polynote.server.auth.IdentityProvider$$anon$1
            @Override // polynote.server.auth.IdentityProvider.Service
            public Option<PartialFunction<Request<ZIO>, ZIO<Blocking, Throwable, Response<ZIO>>>> authRoutes() {
                return None$.MODULE$;
            }

            @Override // polynote.server.auth.IdentityProvider.Service
            public ZIO<Blocking, Response<ZIO>, Option<Identity>> checkAuth(Request<ZIO> request) {
                return ZIO$.MODULE$.succeed(None$.MODULE$);
            }

            @Override // polynote.server.auth.IdentityProvider.Service
            public ZIO<Blocking, Permission.PermissionDenied, BoxedUnit> checkPermission(Option<Identity> option, Permission permission) {
                return ZIO$.MODULE$.unit();
            }
        };
        this.none = of(noneService());
        this.load = ZIO$AccessPartiallyApplied$.MODULE$.apply$extension(ZIO$.MODULE$.access(), config -> {
            return config.polynoteConfig().security().auth();
        }).get(Predef$$eq$colon$eq$.MODULE$.tpEquals(), Predef$.MODULE$.$conforms()).foldM(boxedUnit -> {
            return ZIO$.MODULE$.succeed(MODULE$.none());
        }, authProvider -> {
            return MODULE$.find(authProvider).map(service -> {
                return MODULE$.of(service);
            });
        });
    }
}
