package org.http4s.server.middleware.authentication;

import cats.Applicative;
import cats.data.Kleisli;
import cats.data.NonEmptyList;
import cats.effect.kernel.Sync;
import cats.syntax.EitherObjectOps$;
import cats.syntax.package$all$;
import org.http4s.AuthScheme$;
import org.http4s.AuthedRequest$;
import org.http4s.Challenge;
import org.http4s.ContextRequest;
import org.http4s.Credentials;
import org.http4s.Header$Select$;
import org.http4s.Headers$;
import org.http4s.Request;
import org.http4s.Response;
import org.http4s.headers.Authorization;
import org.http4s.headers.Authorization$;
import org.http4s.server.middleware.authentication.DigestAuth;
import org.http4s.server.middleware.authentication.NonceKeeper;
import org.typelevel.ci.CIString;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.immutable.Map;
import scala.concurrent.duration.Duration;
import scala.concurrent.duration.package;
import scala.util.Either;

/* compiled from: DigestAuth.scala */
/* loaded from: input_file:org/http4s/server/middleware/authentication/DigestAuth$.class */
public final class DigestAuth$ {
    public static DigestAuth$ MODULE$;

    static {
        new DigestAuth$();
    }

    public <F, A> Function1<Kleisli<?, ContextRequest<F, A>, Response<F>>, Kleisli<?, Request<F>, Response<F>>> apply(String str, Function1<String, F> function1, Duration duration, Duration duration2, int i, Sync<F> sync) {
        Kleisli<F, Request<F>, Either<Challenge, ContextRequest<F, A>>> challenge = challenge(str, function1, new NonceKeeper(duration2.toMillis(), duration.toMillis(), i), sync);
        return kleisli -> {
            return package$.MODULE$.challenged(challenge, kleisli, sync);
        };
    }

    public <F, A> Duration apply$default$3() {
        return new package.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).hour();
    }

    public <F, A> Duration apply$default$4() {
        return new package.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).hour();
    }

    public <F, A> int apply$default$5() {
        return 160;
    }

    public <F, A> Kleisli<F, Request<F>, Either<Challenge, ContextRequest<F, A>>> challenge(String str, Function1<String, F> function1, NonceKeeper nonceKeeper, Sync<F> sync) {
        return new Kleisli<>(request -> {
            return package$all$.MODULE$.toFlatMapOps(MODULE$.checkAuth(str, function1, nonceKeeper, request, sync), sync).flatMap(authReply -> {
                return authReply instanceof DigestAuth.OK ? sync.pure(EitherObjectOps$.MODULE$.right$extension(package$all$.MODULE$.catsSyntaxEitherObject(scala.package$.MODULE$.Either()), AuthedRequest$.MODULE$.apply(((DigestAuth.OK) authReply).authInfo(), request))) : DigestAuth$StaleNonce$.MODULE$.equals(authReply) ? package$all$.MODULE$.toFunctorOps(MODULE$.getChallengeParams(nonceKeeper, true, sync), sync).map(map -> {
                    return paramsToChallenge$1(map, str);
                }) : package$all$.MODULE$.toFunctorOps(MODULE$.getChallengeParams(nonceKeeper, false, sync), sync).map(map2 -> {
                    return paramsToChallenge$1(map2, str);
                });
            });
        });
    }

    private <F, A> F checkAuth(String str, Function1<String, F> function1, NonceKeeper nonceKeeper, Request<F> request, Applicative<F> applicative) {
        Object pure;
        boolean z = false;
        Some some = Headers$.MODULE$.get$extension0(request.headers(), Header$Select$.MODULE$.singleHeaders(Authorization$.MODULE$.headerInstance()));
        if (some instanceof Some) {
            z = true;
            Authorization authorization = (Authorization) some.value();
            if (authorization != null) {
                Credentials.AuthParams credentials = authorization.credentials();
                if (credentials instanceof Credentials.AuthParams) {
                    Credentials.AuthParams authParams = credentials;
                    CIString authScheme = authParams.authScheme();
                    NonEmptyList<Tuple2<String, String>> params = authParams.params();
                    CIString Digest = AuthScheme$.MODULE$.Digest();
                    if (Digest != null ? Digest.equals(authScheme) : authScheme == null) {
                        pure = checkAuthParams(str, function1, nonceKeeper, request, params, applicative);
                        return (F) pure;
                    }
                }
            }
        }
        if (z) {
            pure = applicative.pure(DigestAuth$NoCredentials$.MODULE$);
        } else {
            if (!None$.MODULE$.equals(some)) {
                throw new MatchError(some);
            }
            pure = applicative.pure(DigestAuth$NoAuthorizationHeader$.MODULE$);
        }
        return (F) pure;
    }

    private <F> F getChallengeParams(NonceKeeper nonceKeeper, boolean z, Sync<F> sync) {
        return (F) sync.delay(() -> {
            Map apply = Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("qop"), "auth"), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("nonce"), nonceKeeper.newNonce())}));
            return z ? apply.$plus(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("stale"), "TRUE")) : apply;
        });
    }

    private <F, A> F checkAuthParams(String str, Function1<String, F> function1, NonceKeeper nonceKeeper, Request<F> request, NonEmptyList<Tuple2<String, String>> nonEmptyList, Applicative<F> applicative) {
        Object map;
        Map map2 = nonEmptyList.toList().toMap(Predef$.MODULE$.$conforms());
        if (!Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new String[]{"realm", "nonce", "nc", "username", "cnonce", "qop"})).subsetOf(map2.keySet())) {
            return (F) applicative.pure(DigestAuth$BadParameters$.MODULE$);
        }
        String method = request.method().toString();
        String uri = request.uri().toString();
        Option option = map2.get("realm");
        Some some = new Some(str);
        if (option != null ? !option.equals(some) : some != null) {
            return (F) applicative.pure(DigestAuth$BadParameters$.MODULE$);
        }
        String str2 = (String) map2.apply("nonce");
        String str3 = (String) map2.apply("nc");
        NonceKeeper.Reply receiveNonce = nonceKeeper.receiveNonce(str2, Integer.parseInt(str3, 16));
        if (NonceKeeper$StaleReply$.MODULE$.equals(receiveNonce)) {
            map = applicative.pure(DigestAuth$StaleNonce$.MODULE$);
        } else if (NonceKeeper$BadNCReply$.MODULE$.equals(receiveNonce)) {
            map = applicative.pure(DigestAuth$BadNC$.MODULE$);
        } else {
            if (!NonceKeeper$OKReply$.MODULE$.equals(receiveNonce)) {
                throw new MatchError(receiveNonce);
            }
            map = package$all$.MODULE$.toFunctorOps(function1.apply(map2.apply("username")), applicative).map(option2 -> {
                Tuple2 tuple2;
                DigestAuth.AuthReply ok;
                if (None$.MODULE$.equals(option2)) {
                    ok = DigestAuth$UserUnknown$.MODULE$;
                } else {
                    if (!(option2 instanceof Some) || (tuple2 = (Tuple2) ((Some) option2).value()) == null) {
                        throw new MatchError(option2);
                    }
                    Object _1 = tuple2._1();
                    String computeResponse = DigestUtil$.MODULE$.computeResponse(method, (String) map2.apply("username"), str, (String) tuple2._2(), uri, str2, str3, (String) map2.apply("cnonce"), (String) map2.apply("qop"));
                    Object apply = map2.apply("response");
                    ok = (computeResponse != null ? !computeResponse.equals(apply) : apply != null) ? DigestAuth$WrongResponse$.MODULE$ : new DigestAuth.OK(_1);
                }
                return ok;
            });
        }
        return (F) map;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final Either paramsToChallenge$1(Map map, String str) {
        return EitherObjectOps$.MODULE$.left$extension(package$all$.MODULE$.catsSyntaxEitherObject(scala.package$.MODULE$.Either()), new Challenge("Digest", str, map));
    }

    private DigestAuth$() {
        MODULE$ = this;
    }
}
