package dev.neeffect.nee.security.oauth;

import dev.neeffect.nee.Nee;
import dev.neeffect.nee.NoEffect;
import dev.neeffect.nee.effects.Out;
import dev.neeffect.nee.effects.security.SecurityErrorType;
import dev.neeffect.nee.security.jwt.JWTError;
import dev.neeffect.nee.security.jwt.SimpleUserCoder;
import dev.neeffect.nee.security.jwt.UserCoder;
import io.fusionauth.jwt.domain.JWT;
import io.vavr.control.Either;
import io.vavr.control.Option;
import io.vavr.kotlin.CollectionsKt;
import io.vavr.kotlin.ControlKt;
import java.util.Map;
import java.util.function.Function;
import java.util.function.Supplier;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;

/* compiled from: OauthService.kt */
@Metadata(mv = {1, 4, 1}, bv = {1, 0, 3}, k = 1, d1 = {"��J\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\u0018��*\u0004\b��\u0010\u0001*\u0004\b\u0001\u0010\u00022\u00020\u0003B\u0019\u0012\u0012\u0010\u0004\u001a\u000e\u0012\u0004\u0012\u00028��\u0012\u0004\u0012\u00028\u00010\u0005¢\u0006\u0002\u0010\u0006J\u001a\u0010\t\u001a\u000e\u0012\u0004\u0012\u00020\u000b\u0012\u0004\u0012\u00028��0\n2\u0006\u0010\f\u001a\u00020\rJ\u0016\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u00100\u000f2\u0006\u0010\u0011\u001a\u00020\u0012H\u0002J\u001c\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\r0\u000f2\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0014\u001a\u00020\rJ8\u0010\u0015\u001a\u0014\u0012\u0004\u0012\u00020\u0003\u0012\u0004\u0012\u00020\u000b\u0012\u0004\u0012\u00020\u00170\u00162\u0006\u0010\u0018\u001a\u00020\r2\u0006\u0010\u0019\u001a\u00020\r2\u0006\u0010\u001a\u001a\u00020\r2\u0006\u0010\u0011\u001a\u00020\u0012R\u001a\u0010\u0007\u001a\u000e\u0012\u0004\u0012\u00028��\u0012\u0004\u0012\u00028\u00010\bX\u0082\u0004¢\u0006\u0002\n��R\u001a\u0010\u0004\u001a\u000e\u0012\u0004\u0012\u00028��\u0012\u0004\u0012\u00028\u00010\u0005X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u001b"}, d2 = {"Ldev/neeffect/nee/security/oauth/OauthService;", "USER", "ROLE", "", "oauthConfig", "Ldev/neeffect/nee/security/oauth/OauthConfigModule;", "(Ldev/neeffect/nee/security/oauth/OauthConfigModule;)V", "googleOpenId", "Ldev/neeffect/nee/security/oauth/GoogleOpenId;", "decodeUser", "Lio/vavr/control/Either;", "Ldev/neeffect/nee/effects/security/SecurityErrorType;", "jwtToken", "", "findOauthProvider", "Lio/vavr/control/Option;", "Ldev/neeffect/nee/security/oauth/OauthProvider;", "oauthProvider", "Ldev/neeffect/nee/security/oauth/OauthProviderName;", "generateApiCall", "redirectUrl", SimpleUserCoder.loginKey, "Ldev/neeffect/nee/Nee;", "Ldev/neeffect/nee/security/oauth/LoginResult;", "code", "state", "redirectUri", "nee-security"})
/* loaded from: input_file:dev/neeffect/nee/security/oauth/OauthService.class */
public final class OauthService<USER, ROLE> {
    private final GoogleOpenId<USER, ROLE> googleOpenId;
    private final OauthConfigModule<USER, ROLE> oauthConfig;

    @NotNull
    public final Nee<Object, SecurityErrorType, LoginResult> login(@NotNull final String str, @NotNull final String str2, @NotNull final String str3, @NotNull final OauthProviderName oauthProviderName) {
        Intrinsics.checkNotNullParameter(str, "code");
        Intrinsics.checkNotNullParameter(str2, "state");
        Intrinsics.checkNotNullParameter(str3, "redirectUri");
        Intrinsics.checkNotNullParameter(oauthProviderName, "oauthProvider");
        Object orElse = findOauthProvider(oauthProviderName).map(new Function<OauthProvider, Nee<Object, SecurityErrorType, ? extends LoginResult>>() { // from class: dev.neeffect.nee.security.oauth.OauthService$login$1
            @Override // java.util.function.Function
            public final Nee<Object, SecurityErrorType, LoginResult> apply(OauthProvider oauthProvider) {
                OauthConfigModule oauthConfigModule;
                oauthConfigModule = OauthService.this.oauthConfig;
                Boolean verifySignedText = oauthConfigModule.getServerVerifier().verifySignedText(str2);
                Intrinsics.checkNotNullExpressionValue(verifySignedText, "oauthConfig.serverVerifier.verifySignedText(state)");
                return verifySignedText.booleanValue() ? oauthProvider.verifyOauthToken(str, str3).map(new Function1<OauthResponse, LoginResult>() { // from class: dev.neeffect.nee.security.oauth.OauthService$login$1.1
                    @NotNull
                    public final LoginResult invoke(@NotNull OauthResponse oauthResponse) {
                        OauthConfigModule oauthConfigModule2;
                        OauthConfigModule oauthConfigModule3;
                        OauthConfigModule oauthConfigModule4;
                        Intrinsics.checkNotNullParameter(oauthResponse, "oauthResponse");
                        System.out.println((Object) ("validate idToken " + oauthResponse));
                        oauthConfigModule2 = OauthService.this.oauthConfig;
                        Object invoke = oauthConfigModule2.getUserEncoder().invoke(oauthProviderName, oauthResponse);
                        oauthConfigModule3 = OauthService.this.oauthConfig;
                        JWT encodeUser = oauthConfigModule3.getJwtConfigModule().getJwtUsersCoder().encodeUser(invoke);
                        oauthConfigModule4 = OauthService.this.oauthConfig;
                        String signJwt = oauthConfigModule4.getJwtConfigModule().getJwtCoder().signJwt(encodeUser);
                        Intrinsics.checkNotNullExpressionValue(signJwt, "signedJwt");
                        return new LoginResult(signJwt, oauthResponse.getDisplayName(), oauthResponse.getSubject());
                    }

                    {
                        super(1);
                    }
                }) : Nee.Companion.constWithError(new NoEffect(), new Function1<Object, Out<SecurityErrorType, ? extends LoginResult>>() { // from class: dev.neeffect.nee.security.oauth.OauthService$login$1.2
                    @NotNull
                    public final Out<SecurityErrorType, LoginResult> invoke(@NotNull Object obj) {
                        Intrinsics.checkNotNullParameter(obj, "<anonymous parameter 0>");
                        return Out.Companion.left(new SecurityErrorType.MalformedCredentials("state unrecognized: " + str2));
                    }

                    {
                        super(1);
                    }
                });
            }
        }).getOrElse(new Supplier<Nee<Object, SecurityErrorType, ? extends LoginResult>>() { // from class: dev.neeffect.nee.security.oauth.OauthService$login$2
            @Override // java.util.function.Supplier
            public final Nee<Object, SecurityErrorType, ? extends LoginResult> get() {
                return Nee.Companion.constWithError(new NoEffect(), new Function1<Object, Out<SecurityErrorType, ? extends LoginResult>>() { // from class: dev.neeffect.nee.security.oauth.OauthService$login$2.1
                    @NotNull
                    public final Out<SecurityErrorType, LoginResult> invoke(@NotNull Object obj) {
                        Intrinsics.checkNotNullParameter(obj, "<anonymous parameter 0>");
                        return Out.Companion.left(SecurityErrorType.NoSecurityCtx.INSTANCE);
                    }
                });
            }
        });
        Intrinsics.checkNotNullExpressionValue(orElse, "findOauthProvider(oauthP…)\n            }\n        }");
        return (Nee) orElse;
    }

    @NotNull
    public final Option<String> generateApiCall(@NotNull OauthProviderName oauthProviderName, @NotNull final String str) {
        Intrinsics.checkNotNullParameter(oauthProviderName, "oauthProvider");
        Intrinsics.checkNotNullParameter(str, "redirectUrl");
        Option<String> map = findOauthProvider(oauthProviderName).map(new Function<OauthProvider, String>() { // from class: dev.neeffect.nee.security.oauth.OauthService$generateApiCall$1
            @Override // java.util.function.Function
            public final String apply(OauthProvider oauthProvider) {
                return oauthProvider.generateApiCall(str);
            }
        });
        Intrinsics.checkNotNullExpressionValue(map, "findOauthProvider(oauthP…ll(redirectUrl)\n        }");
        return map;
    }

    private final Option<OauthProvider> findOauthProvider(OauthProviderName oauthProviderName) {
        switch (oauthProviderName) {
            case Google:
                return ControlKt.some(this.googleOpenId);
            default:
                throw new NoWhenBranchMatchedException();
        }
    }

    @NotNull
    public final Either<SecurityErrorType, USER> decodeUser(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "jwtToken");
        Either<SecurityErrorType, USER> flatMap = this.oauthConfig.getJwtConfigModule().getJwtCoder().decodeJwt(str).mapLeft(new Function<JWTError, SecurityErrorType>() { // from class: dev.neeffect.nee.security.oauth.OauthService$decodeUser$1
            @Override // java.util.function.Function
            public final SecurityErrorType apply(JWTError jWTError) {
                return new SecurityErrorType.MalformedCredentials(jWTError.toString());
            }
        }).flatMap(new Function<JWT, Either<SecurityErrorType, ? extends USER>>() { // from class: dev.neeffect.nee.security.oauth.OauthService$decodeUser$2
            @Override // java.util.function.Function
            public final Either<SecurityErrorType, ? extends USER> apply(JWT jwt) {
                OauthConfigModule oauthConfigModule;
                oauthConfigModule = OauthService.this.oauthConfig;
                UserCoder userCoder = oauthConfigModule.getUserCoder();
                String str2 = jwt.subject;
                Intrinsics.checkNotNullExpressionValue(str2, "jwt.subject");
                Intrinsics.checkNotNullExpressionValue(jwt, "jwt");
                Map allClaims = jwt.getAllClaims();
                Intrinsics.checkNotNullExpressionValue(allClaims, "jwt.allClaims");
                io.vavr.collection.Map<String, String> mapValues = CollectionsKt.toVavrMap(allClaims).mapValues(new Function<Object, String>() { // from class: dev.neeffect.nee.security.oauth.OauthService$decodeUser$2.1
                    @Override // java.util.function.Function
                    public final String apply(Object obj) {
                        return obj.toString();
                    }
                });
                Intrinsics.checkNotNullExpressionValue(mapValues, "jwt.allClaims.toVavrMap(…pValues { it.toString() }");
                return userCoder.mapToUser(str2, mapValues).toEither(new Supplier<SecurityErrorType>() { // from class: dev.neeffect.nee.security.oauth.OauthService$decodeUser$2.2
                    @Override // java.util.function.Supplier
                    public final SecurityErrorType get() {
                        return SecurityErrorType.UnknownUser.INSTANCE;
                    }
                });
            }
        });
        Intrinsics.checkNotNullExpressionValue(flatMap, "oauthConfig.jwtConfigMod…              }\n        }");
        return flatMap;
    }

    public OauthService(@NotNull OauthConfigModule<USER, ROLE> oauthConfigModule) {
        Intrinsics.checkNotNullParameter(oauthConfigModule, "oauthConfig");
        this.oauthConfig = oauthConfigModule;
        this.googleOpenId = new GoogleOpenId<>(this.oauthConfig);
    }
}
