package blended.security.scep.internal;

import blended.security.ssl.CommonNameProvider;
import blended.security.ssl.ServerCertificate;
import blended.security.ssl.ServerCertificate$;
import blended.security.ssl.X509CertificateInfo$;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.jscep.client.EnrollmentResponse;
import org.jscep.transaction.FailInfo;
import scala.Predef$;
import scala.Serializable;
import scala.StringContext;
import scala.collection.JavaConverters$;
import scala.collection.TraversableOnce;
import scala.collection.immutable.List;
import scala.runtime.AbstractFunction0;
import scala.runtime.BoxesRunTime;
import scala.sys.package$;

/* compiled from: ScepCertificateProvider.scala */
/* loaded from: input_file:blended/security/scep/internal/ScepCertificateProvider$$anonfun$enroll$1.class */
public final class ScepCertificateProvider$$anonfun$enroll$1 extends AbstractFunction0<ServerCertificate> implements Serializable {
    public static final long serialVersionUID = 0;
    private final /* synthetic */ ScepCertificateProvider $outer;
    private final ServerCertificate inCert$1;
    private final CommonNameProvider cnProvider$1;

    /* renamed from: apply, reason: merged with bridge method [inline-methods] */
    public final ServerCertificate m1apply() {
        X509Certificate x509Certificate = (X509Certificate) this.inCert$1.chain().head();
        if (this.$outer.blended$security$scep$internal$ScepCertificateProvider$$log().isInfoEnabled()) {
            this.$outer.blended$security$scep$internal$ScepCertificateProvider$$log().info(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Trying to obtain server certificate from SCEP server at [", "] with existing certificate [", "]"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{this.$outer.blended$security$scep$internal$ScepCertificateProvider$$cfg.url(), X509CertificateInfo$.MODULE$.apply(x509Certificate)})));
        }
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Principal((String) this.cnProvider$1.commonName().get()), this.inCert$1.keyPair().getPublic());
        jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(this.$outer.blended$security$scep$internal$ScepCertificateProvider$$cfg.scepChallenge()));
        EnrollmentResponse enrol = this.$outer.blended$security$scep$internal$ScepCertificateProvider$$scepClient().enrol(x509Certificate, this.inCert$1.keyPair().getPrivate(), jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder(this.$outer.blended$security$scep$internal$ScepCertificateProvider$$cfg.csrSignAlgorithm()).build(this.inCert$1.keyPair().getPrivate())));
        while (enrol.isPending()) {
            if (this.$outer.blended$security$scep$internal$ScepCertificateProvider$$log().isInfoEnabled()) {
                this.$outer.blended$security$scep$internal$ScepCertificateProvider$$log().info(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Waiting for PKI response from [", "]"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{this.$outer.blended$security$scep$internal$ScepCertificateProvider$$cfg.url()})));
            }
            Thread.sleep(1000L);
        }
        if (enrol.isFailure()) {
            FailInfo failInfo = enrol.getFailInfo();
            if (this.$outer.blended$security$scep$internal$ScepCertificateProvider$$log().isErrorEnabled()) {
                this.$outer.blended$security$scep$internal$ScepCertificateProvider$$log().error(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Certificate provisioning failed: [", "]"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{failInfo})));
            }
            throw package$.MODULE$.error(failInfo.toString());
        }
        List list = ((TraversableOnce) JavaConverters$.MODULE$.collectionAsScalaIterableConverter(enrol.getCertStore().getCertificates(null)).asScala()).toList();
        if (this.$outer.blended$security$scep$internal$ScepCertificateProvider$$log().isInfoEnabled()) {
            this.$outer.blended$security$scep$internal$ScepCertificateProvider$$log().info(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Retrieved [", "] certificates from [", "]."})).s(Predef$.MODULE$.genericWrapArray(new Object[]{BoxesRunTime.boxToInteger(list.length()), this.$outer.blended$security$scep$internal$ScepCertificateProvider$$cfg.url()})));
        }
        return (ServerCertificate) ServerCertificate$.MODULE$.create(this.inCert$1.keyPair(), list).get();
    }

    public ScepCertificateProvider$$anonfun$enroll$1(ScepCertificateProvider scepCertificateProvider, ServerCertificate serverCertificate, CommonNameProvider commonNameProvider) {
        if (scepCertificateProvider == null) {
            throw null;
        }
        this.$outer = scepCertificateProvider;
        this.inCert$1 = serverCertificate;
        this.cnProvider$1 = commonNameProvider;
    }
}
