package com.permutive.google.auth.oauth.service;

import cats.Applicative;
import cats.effect.kernel.Async;
import cats.syntax.package$all$;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.permutive.google.auth.oauth.models.ServiceAccountAccessToken;
import com.permutive.google.auth.oauth.models.api.AccessTokenApi;
import com.permutive.google.auth.oauth.utils.HttpUtils$;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.time.Instant;
import java.util.Date;
import org.http4s.EntityDecoder;
import org.http4s.Headers;
import org.http4s.Method;
import org.http4s.Method$;
import org.http4s.Uri;
import org.http4s.UrlForm;
import org.http4s.UrlForm$;
import org.http4s.client.Client;
import org.http4s.client.dsl.Http4sClientDsl;
import org.http4s.client.dsl.MethodOps$;
import org.typelevel.log4cats.Logger;
import scala.Function1;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Tuple2;
import scala.collection.immutable.Nil$;
import scala.concurrent.duration.FiniteDuration;
import scala.concurrent.duration.package;
import scala.concurrent.duration.package$;
import scala.reflect.ScalaSignature;
import scala.runtime.ScalaRunTime$;

/* compiled from: GoogleServiceAccountOAuth.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005=f\u0001B\t\u0013\u0005}A\u0001\"\u0012\u0001\u0003\u0002\u0003\u0006IA\u0012\u0005\t!\u0002\u0011\t\u0011)A\u0005#\"AQ\u000b\u0001B\u0001B\u0003%a\u000b\u0003\u0005[\u0001\t\r\t\u0015a\u0003\\\u0011!\u0019\u0007A!A!\u0002\u0017!\u0007\"\u00028\u0001\t\u0013y\u0007BB<\u0001A\u0003%\u0001\u0010\u0003\u0005\u0002\u0006\u0001\u0001\u000b\u0011BA\u0004\u0011!\t\u0019\u0002\u0001Q\u0001\n\u0005U\u0001bBA\u001a\u0001\u0011\u0005\u0013Q\u0007\u0005\n\u0003_\u0002!\u0019!C!\u0003cB\u0001\"a!\u0001A\u0003%\u00111O\u0004\b\u0003\u000b\u0013\u0002\u0012AAD\r\u0019\t\"\u0003#\u0001\u0002\n\"1aN\u0004C\u0001\u0003\u0017Cq!!$\u000f\t\u0003\tyIA\rH_><G.Z*feZL7-Z!dG>,h\u000e^(BkRD'BA\n\u0015\u0003\u001d\u0019XM\u001d<jG\u0016T!!\u0006\f\u0002\u000b=\fW\u000f\u001e5\u000b\u0005]A\u0012\u0001B1vi\"T!!\u0007\u000e\u0002\r\u001d|wn\u001a7f\u0015\tYB$A\u0005qKJlW\u000f^5wK*\tQ$A\u0002d_6\u001c\u0001!\u0006\u0002![M!\u0001!I\u0014:!\t\u0011S%D\u0001$\u0015\u0005!\u0013!B:dC2\f\u0017B\u0001\u0014$\u0005\u0019\te.\u001f*fMB\u0019\u0001&K\u0016\u000e\u0003II!A\u000b\n\u0003'M+'O^5dK\u0006\u001b7m\\;oi>\u000bU\u000f\u001e5\u0011\u00051jC\u0002\u0001\u0003\u0006]\u0001\u0011\ra\f\u0002\u0002\rV\u0011\u0001gN\t\u0003cQ\u0002\"A\t\u001a\n\u0005M\u001a#a\u0002(pi\"Lgn\u001a\t\u0003EUJ!AN\u0012\u0003\u0007\u0005s\u0017\u0010B\u00039[\t\u0007\u0001G\u0001\u0003`I\u0011\n\u0004c\u0001\u001eDW5\t1H\u0003\u0002={\u0005\u0019Am\u001d7\u000b\u0005yz\u0014AB2mS\u0016tGO\u0003\u0002A\u0003\u00061\u0001\u000e\u001e;qiMT\u0011AQ\u0001\u0004_J<\u0017B\u0001#<\u0005=AE\u000f\u001e95g\u000ec\u0017.\u001a8u\tNd\u0017aA6fsB\u0011qIT\u0007\u0002\u0011*\u0011\u0011JS\u0001\u000bS:$XM\u001d4bG\u0016\u001c(BA&M\u0003!\u0019XmY;sSRL(\"A'\u0002\t)\fg/Y\u0005\u0003\u001f\"\u0013QBU*B!JLg/\u0019;f\u0017\u0016L\u0018!F4p_\u001edWmT!vi\"\u0014V-];fgR,&/\u001b\t\u0003%Nk\u0011aP\u0005\u0003)~\u00121!\u0016:j\u0003)AG\u000f\u001e9DY&,g\u000e\u001e\t\u0004/b[S\"A\u001f\n\u0005ek$AB\"mS\u0016tG/\u0001\u0006fm&$WM\\2fIE\u00022\u0001X1,\u001b\u0005i&B\u00010`\u0003!awn\u001a\u001bdCR\u001c(B\u00011B\u0003%!\u0018\u0010]3mKZ,G.\u0003\u0002c;\n1Aj\\4hKJ\f\u0011A\u0012\t\u0004K2\\S\"\u00014\u000b\u0005\u001dD\u0017AB6fe:,GN\u0003\u0002jU\u00061QM\u001a4fGRT\u0011a[\u0001\u0005G\u0006$8/\u0003\u0002nM\n)\u0011i]=oG\u00061A(\u001b8jiz\"B\u0001\u001d;vmR\u0019\u0011O]:\u0011\u0007!\u00021\u0006C\u0003[\r\u0001\u000f1\fC\u0003d\r\u0001\u000fA\rC\u0003F\r\u0001\u0007a\tC\u0003Q\r\u0001\u0007\u0011\u000bC\u0003V\r\u0001\u0007a+A\u0005bY\u001e|'/\u001b;i[B\u0019\u00110!\u0001\u000e\u0003iT!a\u001f?\u0002\u0015\u0005dwm\u001c:ji\"l7O\u0003\u0002~}\u0006\u0019!n\u001e;\u000b\u0005}d\u0012!B1vi\"\u0004\u0014bAA\u0002u\nI\u0011\t\\4pe&$\b.\\\u0001\fI\u0016\u001c8M]5qi&|g\u000e\u0005\u0003\u0002\n\u0005=QBAA\u0006\u0015\r\ti\u0001T\u0001\u0005Y\u0006tw-\u0003\u0003\u0002\u0012\u0005-!AB*ue&tw-A\tba&$vnU3sm&\u001cW\rV8lK:\u0004rAIA\f\u00037\tY#C\u0002\u0002\u001a\r\u0012\u0011BR;oGRLwN\\\u0019\u0011\t\u0005u\u0011qE\u0007\u0003\u0003?QA!!\t\u0002$\u0005\u0019\u0011\r]5\u000b\u0007\u0005\u0015B#\u0001\u0004n_\u0012,Gn]\u0005\u0005\u0003S\tyB\u0001\bBG\u000e,7o\u001d+pW\u0016t\u0017\t]5\u0011\t\u00055\u0012qF\u0007\u0003\u0003GIA!!\r\u0002$\tI2+\u001a:wS\u000e,\u0017iY2pk:$\u0018iY2fgN$vn[3o\u00031\tW\u000f\u001e5f]RL7-\u0019;f))\t9$a\u0010\u0002X\u0005m\u00131\u000e\t\u0005Y5\nI\u0004E\u0003#\u0003w\tY#C\u0002\u0002>\r\u0012aa\u00149uS>t\u0007bBA!\u0015\u0001\u0007\u00111I\u0001\u0004SN\u001c\b\u0003BA#\u0003'rA!a\u0012\u0002PA\u0019\u0011\u0011J\u0012\u000e\u0005\u0005-#bAA'=\u00051AH]8pizJ1!!\u0015$\u0003\u0019\u0001&/\u001a3fM&!\u0011\u0011CA+\u0015\r\t\tf\t\u0005\b\u00033R\u0001\u0019AA\"\u0003\u0015\u00198m\u001c9f\u0011\u001d\tiF\u0003a\u0001\u0003?\n1!\u001a=q!\u0011\t\t'a\u001a\u000e\u0005\u0005\r$bAA3\u0019\u0006!A/[7f\u0013\u0011\tI'a\u0019\u0003\u000f%s7\u000f^1oi\"9\u0011Q\u000e\u0006A\u0002\u0005}\u0013aA5bi\u0006YQ.\u0019=EkJ\fG/[8o+\t\t\u0019\b\u0005\u0003\u0002v\u0005}TBAA<\u0015\u0011\tI(a\u001f\u0002\u0011\u0011,(/\u0019;j_:T1!! $\u0003)\u0019wN\\2veJ,g\u000e^\u0005\u0005\u0003\u0003\u000b9H\u0001\bGS:LG/\u001a#ve\u0006$\u0018n\u001c8\u0002\u00195\f\u0007\u0010R;sCRLwN\u001c\u0011\u00023\u001d{wn\u001a7f'\u0016\u0014h/[2f\u0003\u000e\u001cw.\u001e8u\u001f\u0006+H\u000f\u001b\t\u0003Q9\u0019\"AD\u0011\u0015\u0005\u0005\u001d\u0015AB2sK\u0006$X-\u0006\u0003\u0002\u0012\u0006]ECBAJ\u0003S\u000bY\u000b\u0006\u0003\u0002\u0016\u0006\r\u0006#\u0002\u0017\u0002\u0018\u0006}EA\u0002\u0018\u0011\u0005\u0004\tI*F\u00021\u00037#q!!(\u0002\u0018\n\u0007\u0001G\u0001\u0003`I\u0011\u0012\u0004\u0003\u0002\u0015*\u0003C\u00032\u0001LAL\u0011%\t)\u000bEA\u0001\u0002\b\t9+\u0001\u0006fm&$WM\\2fII\u0002B!\u001a7\u0002\"\")Q\t\u0005a\u0001\r\"1Q\u000b\u0005a\u0001\u0003[\u0003Ba\u0016-\u0002\"\u0002")
/* loaded from: input_file:com/permutive/google/auth/oauth/service/GoogleServiceAccountOAuth.class */
public final class GoogleServiceAccountOAuth<F> implements ServiceAccountOAuth<F>, Http4sClientDsl<F> {
    private final Uri googleOAuthRequestUri;
    private final Client<F> httpClient;
    private final Logger<F> evidence$1;
    private final Async<F> F;
    private final Algorithm algorithm;
    private final String description;
    private final Function1<AccessTokenApi, ServiceAccountAccessToken> apiToServiceToken;
    private final FiniteDuration maxDuration;

    public static <F> F create(RSAPrivateKey rSAPrivateKey, Client<F> client, Async<F> async) {
        return (F) GoogleServiceAccountOAuth$.MODULE$.create(rSAPrivateKey, client, async);
    }

    public Method http4sClientSyntaxMethod(Method method) {
        return Http4sClientDsl.http4sClientSyntaxMethod$(this, method);
    }

    public <T> EntityDecoder<F, Tuple2<Headers, T>> http4sHeadersDecoder(Applicative<F> applicative, EntityDecoder<F, T> entityDecoder) {
        return Http4sClientDsl.http4sHeadersDecoder$(this, applicative, entityDecoder);
    }

    @Override // com.permutive.google.auth.oauth.service.ServiceAccountOAuth
    public F authenticate(String str, String str2, Instant instant, Instant instant2) {
        return (F) package$all$.MODULE$.toFlatMapOps(this.F.delay(() -> {
            return JWT.create().withIssuedAt(Date.from(instant2)).withExpiresAt(Date.from(instant)).withAudience(new String[]{this.googleOAuthRequestUri.toString()}).withClaim("scope", str2).withClaim("iss", str).sign(this.algorithm);
        }), this.F).flatMap(str3 -> {
            return package$all$.MODULE$.toFunctorOps(HttpUtils$.MODULE$.fetchAccessTokenApi(this.httpClient, MethodOps$.MODULE$.apply$extension(this.http4sClientSyntaxMethod(Method$.MODULE$.POST()), new UrlForm(UrlForm$.MODULE$.apply(ScalaRunTime$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("grant_type"), "urn:ietf:params:oauth:grant-type:jwt-bearer"), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("assertion"), str3)}))), this.googleOAuthRequestUri, Nil$.MODULE$, UrlForm$.MODULE$.entityEncoder(UrlForm$.MODULE$.entityEncoder$default$1())), () -> {
                return this.description;
            }, this.evidence$1, this.F), this.F).map(option -> {
                return option.map(this.apiToServiceToken);
            });
        });
    }

    @Override // com.permutive.google.auth.oauth.service.ServiceAccountOAuth
    public FiniteDuration maxDuration() {
        return this.maxDuration;
    }

    public GoogleServiceAccountOAuth(RSAPrivateKey rSAPrivateKey, Uri uri, Client<F> client, Logger<F> logger, Async<F> async) {
        this.googleOAuthRequestUri = uri;
        this.httpClient = client;
        this.evidence$1 = logger;
        this.F = async;
        Http4sClientDsl.$init$(this);
        this.algorithm = Algorithm.RSA256((RSAPublicKey) null, rSAPrivateKey);
        this.description = "service account JWT";
        this.apiToServiceToken = accessTokenApi -> {
            return new ServiceAccountAccessToken(accessTokenApi.accessToken(), accessTokenApi.tokenType(), accessTokenApi.expiresIn());
        };
        this.maxDuration = new package.DurationInt(package$.MODULE$.DurationInt(1)).hour();
    }
}
