package com.mdsol.mauth.http4s;

import cats.ApplicativeError;
import cats.Invariant$;
import cats.MonadError;
import cats.Semigroupal$;
import cats.package$ApplicativeThrow$;
import cats.syntax.ApplicativeErrorOps$;
import cats.syntax.ApplicativeIdOps$;
import cats.syntax.ApplyOps$;
import cats.syntax.package$all$;
import com.mdsol.mauth.MAuthRequest;
import com.mdsol.mauth.MAuthVersion;
import com.mdsol.mauth.scaladsl.utils.ClientPublicKeyProvider;
import com.mdsol.mauth.util.EpochTimeProvider;
import com.mdsol.mauth.util.MAuthSignatureHelper;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.util.Arrays;
import org.typelevel.log4cats.Logger;
import org.typelevel.log4cats.Logger$;
import scala.$less$colon$less$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Tuple2;
import scala.collection.StringOps$;
import scala.concurrent.duration.Duration;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;

/* compiled from: RequestAuthenticator.scala */
/* loaded from: input_file:com/mdsol/mauth/http4s/RequestAuthenticator$.class */
public final class RequestAuthenticator$ {
    public static final RequestAuthenticator$ MODULE$ = new RequestAuthenticator$();

    public <F> RequestAuthenticator<?> apply(ClientPublicKeyProvider<F> clientPublicKeyProvider, EpochTimeProvider epochTimeProvider, MonadError<F, Throwable> monadError, Logger<F> logger) {
        return new RequestAuthenticator<>(clientPublicKeyProvider, epochTimeProvider, false, monadError, logger);
    }

    public <F> F com$mdsol$mauth$http4s$RequestAuthenticator$$validateTime(long j, EpochTimeProvider epochTimeProvider, Duration duration, ApplicativeError<F, Throwable> applicativeError) {
        return (F) ApplicativeIdOps$.MODULE$.pure$extension(package$all$.MODULE$.catsSyntaxApplicativeId(BoxesRunTime.boxToBoolean(epochTimeProvider.inSeconds() - j < duration.toSeconds())), applicativeError);
    }

    public <F> F com$mdsol$mauth$http4s$RequestAuthenticator$$validateMauthVersion(MAuthRequest mAuthRequest, boolean z, ApplicativeError<F, Throwable> applicativeError) {
        boolean z2;
        ApplicativeIdOps$ applicativeIdOps$ = ApplicativeIdOps$.MODULE$;
        package$all$ package_all_ = package$all$.MODULE$;
        if (z) {
            MAuthVersion mauthVersion = mAuthRequest.getMauthVersion();
            MAuthVersion mAuthVersion = MAuthVersion.MWSV2;
            if (mauthVersion != null ? !mauthVersion.equals(mAuthVersion) : mAuthVersion != null) {
                z2 = false;
                return (F) applicativeIdOps$.pure$extension(package_all_.catsSyntaxApplicativeId(BoxesRunTime.boxToBoolean(z2)), applicativeError);
            }
        }
        z2 = true;
        return (F) applicativeIdOps$.pure$extension(package_all_.catsSyntaxApplicativeId(BoxesRunTime.boxToBoolean(z2)), applicativeError);
    }

    public <F> F com$mdsol$mauth$http4s$RequestAuthenticator$$validateSignatureV1(MAuthRequest mAuthRequest, PublicKey publicKey, MonadError<F, Throwable> monadError, Logger<F> logger) {
        return (F) ApplyOps$.MODULE$.$times$greater$extension(package$all$.MODULE$.catsSyntaxApplyOps(logAuthenticationRequest(mAuthRequest, logger)), ApplicativeErrorOps$.MODULE$.recoverWith$extension(package$all$.MODULE$.catsSyntaxApplicativeError(package$ApplicativeThrow$.MODULE$.apply(monadError).catchNonFatal(() -> {
            return Arrays.equals(MAuthSignatureHelper.generateDigestedMessageV1(mAuthRequest).getBytes(StandardCharsets.UTF_8), MAuthSignatureHelper.decryptSignature(publicKey, mAuthRequest.getRequestSignature()));
        }, $less$colon$less$.MODULE$.refl()), monadError), new RequestAuthenticator$$anonfun$com$mdsol$mauth$http4s$RequestAuthenticator$$validateSignatureV1$1(logger, monadError), monadError), monadError);
    }

    public <F> F com$mdsol$mauth$http4s$RequestAuthenticator$$validateSignatureV2(MAuthRequest mAuthRequest, PublicKey publicKey, ApplicativeError<F, Throwable> applicativeError, Logger<F> logger) {
        return (F) ApplyOps$.MODULE$.$times$greater$extension(package$all$.MODULE$.catsSyntaxApplyOps(logAuthenticationRequest(mAuthRequest, logger)), ApplicativeErrorOps$.MODULE$.recoverWith$extension(package$all$.MODULE$.catsSyntaxApplicativeError(package$ApplicativeThrow$.MODULE$.apply(applicativeError).catchNonFatal(() -> {
            return MAuthSignatureHelper.verifyRSA(MAuthSignatureHelper.generateStringToSignV2(mAuthRequest), mAuthRequest.getRequestSignature(), publicKey);
        }, $less$colon$less$.MODULE$.refl()), applicativeError), new RequestAuthenticator$$anonfun$com$mdsol$mauth$http4s$RequestAuthenticator$$validateSignatureV2$1(logger, applicativeError), applicativeError), applicativeError);
    }

    public <F> F com$mdsol$mauth$http4s$RequestAuthenticator$$fallbackValidateSignatureV1(MAuthRequest mAuthRequest, PublicKey publicKey, MonadError<F, Throwable> monadError, Logger<F> logger) {
        return (F) Option$.MODULE$.apply(mAuthRequest.getMessagePayload()).fold(() -> {
            return ApplyOps$.MODULE$.$times$greater$extension(package$all$.MODULE$.catsSyntaxApplyOps(Logger$.MODULE$.apply(logger).warn(() -> {
                return "V1 authentication fallback is not available because the full request body is not available in memory.";
            })), ApplicativeIdOps$.MODULE$.pure$extension(package$all$.MODULE$.catsSyntaxApplicativeId(BoxesRunTime.boxToBoolean(false)), monadError), monadError);
        }, bArr -> {
            return ((Option) package$all$.MODULE$.toFunctorOps(package$all$.MODULE$.catsSyntaxTuple2Semigroupal(new Tuple2(Option$.MODULE$.apply(mAuthRequest.getXmwsSignature()), Option$.MODULE$.apply(mAuthRequest.getXmwsTime()))).tupled(Invariant$.MODULE$.catsInstancesForOption(), Semigroupal$.MODULE$.catsSemigroupalForOption()), Invariant$.MODULE$.catsInstancesForOption()).void()).map(boxedUnit -> {
                return package$all$.MODULE$.toFlatMapOps(MODULE$.com$mdsol$mauth$http4s$RequestAuthenticator$$validateSignatureV1(new MAuthRequest(mAuthRequest.getXmwsSignature(), mAuthRequest.getMessagePayload(), mAuthRequest.getHttpMethod(), mAuthRequest.getXmwsTime(), mAuthRequest.getResourcePath(), mAuthRequest.getQueryParameters()), publicKey, monadError, logger), monadError).flatTap(obj -> {
                    return $anonfun$fallbackValidateSignatureV1$5(logger, monadError, BoxesRunTime.unboxToBoolean(obj));
                });
            }).getOrElse(() -> {
                return ApplyOps$.MODULE$.$times$greater$extension(package$all$.MODULE$.catsSyntaxApplyOps(Logger$.MODULE$.apply(logger).warn(() -> {
                    return "V1 authentication fallback is not available because the full request body is not available in memory.";
                })), ApplicativeIdOps$.MODULE$.pure$extension(package$all$.MODULE$.catsSyntaxApplicativeId(BoxesRunTime.boxToBoolean(false)), monadError), monadError);
            });
        });
    }

    private <F> F logAuthenticationRequest(MAuthRequest mAuthRequest, Logger<F> logger) {
        String format$extension = StringOps$.MODULE$.format$extension(Predef$.MODULE$.augmentString("Mauth-client attempting to authenticate request from app with mauth app uuid %s using version %s."), ScalaRunTime$.MODULE$.genericWrapArray(new Object[]{mAuthRequest.getAppUUID(), mAuthRequest.getMauthVersion().getValue()}));
        return (F) Logger$.MODULE$.apply(logger).info(() -> {
            return format$extension;
        });
    }

    public static final /* synthetic */ Object $anonfun$fallbackValidateSignatureV1$5(Logger logger, MonadError monadError, boolean z) {
        return z ? Logger$.MODULE$.apply(logger).warn(() -> {
            return "Completed successful authentication attempt after fallback to V1";
        }) : ApplicativeIdOps$.MODULE$.pure$extension(package$all$.MODULE$.catsSyntaxApplicativeId(BoxedUnit.UNIT), monadError);
    }

    private RequestAuthenticator$() {
    }
}
