package dev.neeffect.nee.security.oauth;

import dev.neeffect.nee.Nee;
import dev.neeffect.nee.NoEffect;
import dev.neeffect.nee.effects.security.SecurityErrorType;
import dev.neeffect.nee.effects.utils.Logging;
import dev.neeffect.nee.security.jwt.MultiVerifier;
import io.fusionauth.jwks.JSONWebKeySetHelper;
import io.fusionauth.jwks.domain.JSONWebKey;
import io.fusionauth.jwt.JWTDecoder;
import io.fusionauth.jwt.Verifier;
import io.fusionauth.jwt.domain.JWT;
import io.fusionauth.jwt.json.Mapper;
import io.fusionauth.jwt.rsa.RSAVerifier;
import io.vavr.collection.Seq;
import io.vavr.control.Option;
import io.vavr.kotlin.CollectionsKt;
import java.io.InputStream;
import java.net.URL;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;
import java.util.function.Predicate;
import kotlin.Metadata;
import kotlin.coroutines.CoroutineContext;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import kotlinx.coroutines.CoroutineStart;
import kotlinx.coroutines.GlobalScope;
import kotlinx.coroutines.future.FutureKt;
import org.jetbrains.annotations.NotNull;

/* compiled from: GoogleOpenId.kt */
@Metadata(mv = {1, 4, 1}, bv = {1, 0, 3}, k = 1, d1 = {"��Z\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018�� \u001f*\u0004\b��\u0010\u0001*\u0004\b\u0001\u0010\u00022\u00020\u00032\u00020\u0004:\u0001\u001fB\u0019\u0012\u0012\u0010\u0005\u001a\u000e\u0012\u0004\u0012\u00028��\u0012\u0004\u0012\u00028\u00010\u0006¢\u0006\u0002\u0010\u0007J\u001e\u0010\r\u001a\b\u0012\u0004\u0012\u00020\u000f0\u000e2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u0011H\u0002J\b\u0010\u0013\u001a\u00020\fH\u0002J\u0010\u0010\u0014\u001a\u00020\u00112\u0006\u0010\u0015\u001a\u00020\u0011H\u0016J\u0016\u0010\u0016\u001a\b\u0012\u0004\u0012\u00020\u00180\u00172\u0006\u0010\u0019\u001a\u00020\u0011H\u0002J2\u0010\u001a\u001a\u001c\u0012\u0004\u0012\u00020\u001c\u0012\u0004\u0012\u00020\u001d\u0012\f\u0012\n \n*\u0004\u0018\u00010\u001e0\u001e0\u001b2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u0011H\u0016R\u0016\u0010\b\u001a\n \n*\u0004\u0018\u00010\t0\tX\u0082\u0004¢\u0006\u0002\n��R\u001a\u0010\u0005\u001a\u000e\u0012\u0004\u0012\u00028��\u0012\u0004\u0012\u00028\u00010\u0006X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u000b\u001a\u00020\fX\u0082\u0004¢\u0006\u0002\n��¨\u0006 "}, d2 = {"Ldev/neeffect/nee/security/oauth/GoogleOpenId;", "USER", "ROLE", "Ldev/neeffect/nee/security/oauth/OauthProvider;", "Ldev/neeffect/nee/effects/utils/Logging;", "oauthConfigModule", "Ldev/neeffect/nee/security/oauth/OauthConfigModule;", "(Ldev/neeffect/nee/security/oauth/OauthConfigModule;)V", "googleJwtDecoder", "Lio/fusionauth/jwt/JWTDecoder;", "kotlin.jvm.PlatformType", "verifier", "Ldev/neeffect/nee/security/jwt/MultiVerifier;", "callGoogle", "Ljava/util/concurrent/CompletableFuture;", "Ldev/neeffect/nee/security/oauth/OauthTokens;", "code", "", "redirectUri", "createVerifier", "generateApiCall", "redirect", "retrieveJsonKeys", "", "Lio/fusionauth/jwks/domain/JSONWebKey;", "url", "verifyOauthToken", "Ldev/neeffect/nee/Nee;", "", "Ldev/neeffect/nee/effects/security/SecurityErrorType;", "Ldev/neeffect/nee/security/oauth/OauthResponse;", "Companion", "nee-security"})
/* loaded from: input_file:dev/neeffect/nee/security/oauth/GoogleOpenId.class */
public final class GoogleOpenId<USER, ROLE> implements OauthProvider, Logging {
    private final JWTDecoder googleJwtDecoder;
    private final MultiVerifier verifier;
    private final OauthConfigModule<USER, ROLE> oauthConfigModule;

    @NotNull
    public static final Companion Companion = new Companion(null);

    /* compiled from: GoogleOpenId.kt */
    @Metadata(mv = {1, 4, 1}, bv = {1, 0, 3}, k = 1, d1 = {"��\u0014\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0005\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J&\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00042\u0006\u0010\u0006\u001a\u00020\u00042\u0006\u0010\u0007\u001a\u00020\u00042\u0006\u0010\b\u001a\u00020\u0004¨\u0006\t"}, d2 = {"Ldev/neeffect/nee/security/oauth/GoogleOpenId$Companion;", "", "()V", "apiUrlTemplate", "", "clientId", "redirect", "state", "nonce", "nee-security"})
    /* loaded from: input_file:dev/neeffect/nee/security/oauth/GoogleOpenId$Companion.class */
    public static final class Companion {
        @NotNull
        public final String apiUrlTemplate(@NotNull String str, @NotNull String str2, @NotNull String str3, @NotNull String str4) {
            Intrinsics.checkNotNullParameter(str, "clientId");
            Intrinsics.checkNotNullParameter(str2, "redirect");
            Intrinsics.checkNotNullParameter(str3, "state");
            Intrinsics.checkNotNullParameter(str4, "nonce");
            return StringsKt.replace$default(StringsKt.trimIndent("\n        https://accounts.google.com/o/oauth2/v2/auth?\n        response_type=code&\n        client_id=" + str + "&\n        scope=openid%20profile%20email%20https://www.googleapis.com/auth/user.organization.read&\n        redirect_uri=" + str2 + "&\n        state=" + str3 + "&\n        login_hint=jsmith@example.com&\n        nonce=" + str4), "\n", "", false, 4, (Object) null);
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @Override // dev.neeffect.nee.security.oauth.OauthProvider
    @NotNull
    public String generateApiCall(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "redirect");
        Companion companion = Companion;
        String clientId = this.oauthConfigModule.getConfig().getClientId(OauthProviderName.Google);
        Intrinsics.checkNotNullExpressionValue(clientId, "oauthConfigModule.config…OauthProviderName.Google)");
        return companion.apiUrlTemplate(clientId, str, this.oauthConfigModule.getServerVerifier().generateRandomSignedState(), String.valueOf(this.oauthConfigModule.getRandomGenerator().nextFloat()));
    }

    @Override // dev.neeffect.nee.security.oauth.OauthProvider
    @NotNull
    public Nee<Object, SecurityErrorType, OauthResponse> verifyOauthToken(@NotNull String str, @NotNull String str2) {
        Intrinsics.checkNotNullParameter(str, "code");
        Intrinsics.checkNotNullParameter(str2, "redirectUri");
        return Nee.Companion.constWithError(new NoEffect(), new GoogleOpenId$verifyOauthToken$1(this, str, str2));
    }

    private final MultiVerifier createVerifier() {
        String str = (String) this.oauthConfigModule.getConfig().getProviders().get(OauthProviderName.Google.getProviderName()).flatMap(new Function<ProviderConfig, Option<? extends String>>() { // from class: dev.neeffect.nee.security.oauth.GoogleOpenId$createVerifier$1
            @Override // java.util.function.Function
            public final Option<? extends String> apply(ProviderConfig providerConfig) {
                return providerConfig.getCertificatesFile();
            }
        }).getOrElse("https://www.googleapis.com/oauth2/v3/certs");
        Intrinsics.checkNotNullExpressionValue(str, "jwkFile");
        Seq map = CollectionsKt.toVavrList(retrieveJsonKeys(str)).map(new Function<JSONWebKey, PublicKey>() { // from class: dev.neeffect.nee.security.oauth.GoogleOpenId$createVerifier$2$verifiers$1
            @Override // java.util.function.Function
            public final PublicKey apply(JSONWebKey jSONWebKey) {
                return JSONWebKey.parse(jSONWebKey);
            }
        }).filter(new Predicate<PublicKey>() { // from class: dev.neeffect.nee.security.oauth.GoogleOpenId$createVerifier$2$verifiers$2
            @Override // java.util.function.Predicate
            public final boolean test(PublicKey publicKey) {
                return publicKey instanceof RSAPublicKey;
            }
        }).map(new Function<PublicKey, Verifier>() { // from class: dev.neeffect.nee.security.oauth.GoogleOpenId$createVerifier$2$verifiers$3
            @Override // java.util.function.Function
            public final Verifier apply(PublicKey publicKey) {
                if (publicKey == null) {
                    throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
                }
                Verifier newVerifier = RSAVerifier.newVerifier((RSAPublicKey) publicKey);
                if (newVerifier == null) {
                    throw new NullPointerException("null cannot be cast to non-null type io.fusionauth.jwt.Verifier");
                }
                return newVerifier;
            }
        });
        Intrinsics.checkNotNullExpressionValue(map, "verifiers");
        return new MultiVerifier(map);
    }

    private final List<JSONWebKey> retrieveJsonKeys(String str) {
        if (!StringsKt.startsWith$default(str, "file:/", false, 2, (Object) null)) {
            List<JSONWebKey> retrieveKeysFromJWKS = JSONWebKeySetHelper.retrieveKeysFromJWKS(str);
            Intrinsics.checkNotNullExpressionValue(retrieveKeysFromJWKS, "JSONWebKeySetHelper.retrieveKeysFromJWKS(url)");
            return retrieveKeysFromJWKS;
        }
        InputStream openStream = new URL(str).openStream();
        Throwable th = (Throwable) null;
        try {
            try {
                List<JSONWebKey> keys = ((LocalJSONWebKeySetResponse) Mapper.deserialize(openStream, LocalJSONWebKeySetResponse.class)).getKeys();
                CloseableKt.closeFinally(openStream, th);
                return keys;
            } catch (Throwable th2) {
                th = th2;
                throw th2;
            }
        } catch (Throwable th3) {
            CloseableKt.closeFinally(openStream, th);
            throw th3;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final CompletableFuture<OauthTokens> callGoogle(String str, String str2) {
        return FutureKt.future$default(GlobalScope.INSTANCE, (CoroutineContext) null, (CoroutineStart) null, new GoogleOpenId$callGoogle$1(this, str, str2, null), 3, (Object) null);
    }

    public GoogleOpenId(@NotNull OauthConfigModule<USER, ROLE> oauthConfigModule) {
        Intrinsics.checkNotNullParameter(oauthConfigModule, "oauthConfigModule");
        this.oauthConfigModule = oauthConfigModule;
        this.googleJwtDecoder = JWT.getTimeMachineDecoder(this.oauthConfigModule.getJwtConfigModule().getTimeProvider().getTimeSource().now());
        this.verifier = createVerifier();
    }
}
