package com.permutive.google.auth.oauth.service;

import cats.Applicative;
import cats.effect.kernel.Async;
import cats.syntax.package$all$;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.permutive.google.auth.oauth.models.ServiceAccountAccessToken;
import com.permutive.google.auth.oauth.models.api.AccessTokenApi;
import com.permutive.google.auth.oauth.utils.HttpUtils$;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.time.Instant;
import java.util.Date;
import org.http4s.EntityDecoder;
import org.http4s.Header;
import org.http4s.Headers;
import org.http4s.Method;
import org.http4s.Method$;
import org.http4s.Uri;
import org.http4s.UrlForm;
import org.http4s.UrlForm$;
import org.http4s.client.Client;
import org.http4s.client.dsl.Http4sClientDsl;
import org.http4s.client.dsl.MethodOps$;
import org.typelevel.log4cats.Logger;
import scala.Function1;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Tuple2;
import scala.concurrent.duration.FiniteDuration;
import scala.concurrent.duration.package;
import scala.concurrent.duration.package$;
import scala.reflect.ScalaSignature;

/* compiled from: GoogleServiceAccountOAuth.scala */
@ScalaSignature(bytes = "\u0006\u0001\u00055f\u0001B\t\u0013\u0005}A\u0001\"\u0012\u0001\u0003\u0002\u0003\u0006IA\u0012\u0005\t!\u0002\u0011\t\u0011)A\u0005#\"AQ\u000b\u0001B\u0001B\u0003%a\u000b\u0003\u0005[\u0001\t\r\t\u0015a\u0003\\\u0011!\u0019\u0007A!A!\u0002\u0017!\u0007\"\u00028\u0001\t\u0013y\u0007BB<\u0001A\u0003%\u0001\u0010\u0003\u0005\u0002\u0006\u0001\u0001\u000b\u0011BA\u0004\u0011!\t\u0019\u0002\u0001Q\u0001\n\u0005U\u0001bBA\u001a\u0001\u0011\u0005\u0013Q\u0007\u0005\n\u0003_\u0002!\u0019!C!\u0003cB\u0001\"a!\u0001A\u0003%\u00111O\u0004\b\u0003\u000b\u0013\u0002\u0012AAD\r\u0019\t\"\u0003#\u0001\u0002\n\"1aN\u0004C\u0001\u0003\u0017Cq!!$\u000f\t\u0003\tyIA\rH_><G.Z*feZL7-Z!dG>,h\u000e^(BkRD'BA\n\u0015\u0003\u001d\u0019XM\u001d<jG\u0016T!!\u0006\f\u0002\u000b=\fW\u000f\u001e5\u000b\u0005]A\u0012\u0001B1vi\"T!!\u0007\u000e\u0002\r\u001d|wn\u001a7f\u0015\tYB$A\u0005qKJlW\u000f^5wK*\tQ$A\u0002d_6\u001c\u0001!\u0006\u0002![M!\u0001!I\u0014:!\t\u0011S%D\u0001$\u0015\u0005!\u0013!B:dC2\f\u0017B\u0001\u0014$\u0005\u0019\te.\u001f*fMB\u0019\u0001&K\u0016\u000e\u0003II!A\u000b\n\u0003'M+'O^5dK\u0006\u001b7m\\;oi>\u000bU\u000f\u001e5\u0011\u00051jC\u0002\u0001\u0003\u0006]\u0001\u0011\ra\f\u0002\u0002\rV\u0011\u0001gN\t\u0003cQ\u0002\"A\t\u001a\n\u0005M\u001a#a\u0002(pi\"Lgn\u001a\t\u0003EUJ!AN\u0012\u0003\u0007\u0005s\u0017\u0010B\u00039[\t\u0007\u0001GA\u0001`!\rQ4iK\u0007\u0002w)\u0011A(P\u0001\u0004INd'B\u0001 @\u0003\u0019\u0019G.[3oi*\u0011\u0001)Q\u0001\u0007QR$\b\u000fN:\u000b\u0003\t\u000b1a\u001c:h\u0013\t!5HA\bIiR\u0004Hg]\"mS\u0016tG\u000fR:m\u0003\rYW-\u001f\t\u0003\u000f:k\u0011\u0001\u0013\u0006\u0003\u0013*\u000b!\"\u001b8uKJ4\u0017mY3t\u0015\tYE*\u0001\u0005tK\u000e,(/\u001b;z\u0015\u0005i\u0015\u0001\u00026bm\u0006L!a\u0014%\u0003\u001bI\u001b\u0016\t\u0015:jm\u0006$XmS3z\u0003U9wn\\4mK>\u000bU\u000f\u001e5SKF,Xm\u001d;Ve&\u0004\"AU*\u000e\u0003}J!\u0001V \u0003\u0007U\u0013\u0018.\u0001\u0006iiR\u00048\t\\5f]R\u00042a\u0016-,\u001b\u0005i\u0014BA->\u0005\u0019\u0019E.[3oi\u0006QQM^5eK:\u001cW\rJ\u0019\u0011\u0007q\u000b7&D\u0001^\u0015\tqv,\u0001\u0005m_\u001e$4-\u0019;t\u0015\t\u0001\u0017)A\u0005usB,G.\u001a<fY&\u0011!-\u0018\u0002\u0007\u0019><w-\u001a:\u0002\u0003\u0019\u00032!\u001a7,\u001b\u00051'BA4i\u0003\u0019YWM\u001d8fY*\u0011\u0011N[\u0001\u0007K\u001a4Wm\u0019;\u000b\u0003-\fAaY1ug&\u0011QN\u001a\u0002\u0006\u0003NLhnY\u0001\u0007y%t\u0017\u000e\u001e \u0015\tA$XO\u001e\u000b\u0004cJ\u001c\bc\u0001\u0015\u0001W!)!L\u0002a\u00027\")1M\u0002a\u0002I\")QI\u0002a\u0001\r\")\u0001K\u0002a\u0001#\")QK\u0002a\u0001-\u0006I\u0011\r\\4pe&$\b.\u001c\t\u0004s\u0006\u0005Q\"\u0001>\u000b\u0005md\u0018AC1mO>\u0014\u0018\u000e\u001e5ng*\u0011QP`\u0001\u0004U^$(BA@\u001d\u0003\u0015\tW\u000f\u001e51\u0013\r\t\u0019A\u001f\u0002\n\u00032<wN]5uQ6\f1\u0002Z3tGJL\u0007\u000f^5p]B!\u0011\u0011BA\b\u001b\t\tYAC\u0002\u0002\u000e1\u000bA\u0001\\1oO&!\u0011\u0011CA\u0006\u0005\u0019\u0019FO]5oO\u0006\t\u0012\r]5U_N+'O^5dKR{7.\u001a8\u0011\u000f\t\n9\"a\u0007\u0002,%\u0019\u0011\u0011D\u0012\u0003\u0013\u0019+hn\u0019;j_:\f\u0004\u0003BA\u000f\u0003Oi!!a\b\u000b\t\u0005\u0005\u00121E\u0001\u0004CBL'bAA\u0013)\u00051Qn\u001c3fYNLA!!\u000b\u0002 \tq\u0011iY2fgN$vn[3o\u0003BL\u0007\u0003BA\u0017\u0003_i!!a\t\n\t\u0005E\u00121\u0005\u0002\u001a'\u0016\u0014h/[2f\u0003\u000e\u001cw.\u001e8u\u0003\u000e\u001cWm]:U_.,g.\u0001\u0007bkRDWM\u001c;jG\u0006$X\r\u0006\u0006\u00028\u0005}\u0012qKA.\u0003W\u0002B\u0001L\u0017\u0002:A)!%a\u000f\u0002,%\u0019\u0011QH\u0012\u0003\r=\u0003H/[8o\u0011\u001d\t\tE\u0003a\u0001\u0003\u0007\n1![:t!\u0011\t)%a\u0015\u000f\t\u0005\u001d\u0013q\n\t\u0004\u0003\u0013\u001aSBAA&\u0015\r\tiEH\u0001\u0007yI|w\u000e\u001e \n\u0007\u0005E3%\u0001\u0004Qe\u0016$WMZ\u0005\u0005\u0003#\t)FC\u0002\u0002R\rBq!!\u0017\u000b\u0001\u0004\t\u0019%A\u0003tG>\u0004X\rC\u0004\u0002^)\u0001\r!a\u0018\u0002\u0007\u0015D\b\u000f\u0005\u0003\u0002b\u0005\u001dTBAA2\u0015\r\t)\u0007T\u0001\u0005i&lW-\u0003\u0003\u0002j\u0005\r$aB%ogR\fg\u000e\u001e\u0005\b\u0003[R\u0001\u0019AA0\u0003\rI\u0017\r^\u0001\f[\u0006DH)\u001e:bi&|g.\u0006\u0002\u0002tA!\u0011QOA@\u001b\t\t9H\u0003\u0003\u0002z\u0005m\u0014\u0001\u00033ve\u0006$\u0018n\u001c8\u000b\u0007\u0005u4%\u0001\u0006d_:\u001cWO\u001d:f]RLA!!!\u0002x\tqa)\u001b8ji\u0016$UO]1uS>t\u0017\u0001D7bq\u0012+(/\u0019;j_:\u0004\u0013!G$p_\u001edWmU3sm&\u001cW-Q2d_VtGoT!vi\"\u0004\"\u0001\u000b\b\u0014\u00059\tCCAAD\u0003\u0019\u0019'/Z1uKV!\u0011\u0011SAL)\u0019\t\u0019*a*\u0002*R!\u0011QSAQ!\u0015a\u0013qSAO\t\u0019q\u0003C1\u0001\u0002\u001aV\u0019\u0001'a'\u0005\ra\n9J1\u00011!\u0011A\u0013&a(\u0011\u00071\n9\nC\u0005\u0002$B\t\t\u0011q\u0001\u0002&\u0006QQM^5eK:\u001cW\r\n\u001a\u0011\t\u0015d\u0017q\u0014\u0005\u0006\u000bB\u0001\rA\u0012\u0005\u0007+B\u0001\r!a+\u0011\t]C\u0016q\u0014")
/* loaded from: input_file:com/permutive/google/auth/oauth/service/GoogleServiceAccountOAuth.class */
public final class GoogleServiceAccountOAuth<F> implements ServiceAccountOAuth<F>, Http4sClientDsl<F> {
    private final Uri googleOAuthRequestUri;
    private final Client<F> httpClient;
    private final Logger<F> evidence$1;
    private final Async<F> F;
    private final Algorithm algorithm;
    private final String description;
    private final Function1<AccessTokenApi, ServiceAccountAccessToken> apiToServiceToken;
    private final FiniteDuration maxDuration;

    public static <F> F create(RSAPrivateKey rSAPrivateKey, Client<F> client, Async<F> async) {
        return (F) GoogleServiceAccountOAuth$.MODULE$.create(rSAPrivateKey, client, async);
    }

    public Method http4sClientSyntaxMethod(Method method) {
        return Http4sClientDsl.http4sClientSyntaxMethod$(this, method);
    }

    public <T> EntityDecoder<F, Tuple2<Headers, T>> http4sHeadersDecoder(Applicative<F> applicative, EntityDecoder<F, T> entityDecoder) {
        return Http4sClientDsl.http4sHeadersDecoder$(this, applicative, entityDecoder);
    }

    @Override // com.permutive.google.auth.oauth.service.ServiceAccountOAuth
    public F authenticate(String str, String str2, Instant instant, Instant instant2) {
        return (F) package$all$.MODULE$.toFlatMapOps(this.F.delay(() -> {
            return JWT.create().withIssuedAt(Date.from(instant2)).withExpiresAt(Date.from(instant)).withAudience(new String[]{this.googleOAuthRequestUri.toString()}).withClaim("scope", str2).withClaim("iss", str).sign(this.algorithm);
        }), this.F).flatMap(str3 -> {
            return package$all$.MODULE$.toFunctorOps(HttpUtils$.MODULE$.fetchAccessTokenApi(this.httpClient, MethodOps$.MODULE$.apply$extension1(this.http4sClientSyntaxMethod(Method$.MODULE$.POST()), new UrlForm(UrlForm$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("grant_type"), "urn:ietf:params:oauth:grant-type:jwt-bearer"), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("assertion"), str3)}))), this.googleOAuthRequestUri, Predef$.MODULE$.wrapRefArray(new Header.ToRaw[0]), UrlForm$.MODULE$.entityEncoder(UrlForm$.MODULE$.entityEncoder$default$1())), () -> {
                return this.description;
            }, this.evidence$1, this.F), this.F).map(option -> {
                return option.map(this.apiToServiceToken);
            });
        });
    }

    @Override // com.permutive.google.auth.oauth.service.ServiceAccountOAuth
    public FiniteDuration maxDuration() {
        return this.maxDuration;
    }

    public GoogleServiceAccountOAuth(RSAPrivateKey rSAPrivateKey, Uri uri, Client<F> client, Logger<F> logger, Async<F> async) {
        this.googleOAuthRequestUri = uri;
        this.httpClient = client;
        this.evidence$1 = logger;
        this.F = async;
        Http4sClientDsl.$init$(this);
        this.algorithm = Algorithm.RSA256((RSAPublicKey) null, rSAPrivateKey);
        this.description = "service account JWT";
        this.apiToServiceToken = accessTokenApi -> {
            return new ServiceAccountAccessToken(accessTokenApi.accessToken(), accessTokenApi.tokenType(), accessTokenApi.expiresIn());
        };
        this.maxDuration = new package.DurationInt(package$.MODULE$.DurationInt(1)).hour();
    }
}
