package blended.security.ssl;

import blended.util.logging.Logger;
import blended.util.logging.Logger$;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.collection.TraversableOnce;
import scala.collection.immutable.List;
import scala.collection.immutable.List$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.util.Try;
import scala.util.Try$;

/* compiled from: SelfSignedCertificateProvider.scala */
@ScalaSignature(bytes = "\u0006\u0001\u001d3A!\u0001\u0002\u0001\u0013\ti2+\u001a7g'&<g.\u001a3DKJ$\u0018NZ5dCR,\u0007K]8wS\u0012,'O\u0003\u0002\u0004\t\u0005\u00191o\u001d7\u000b\u0005\u00151\u0011\u0001C:fGV\u0014\u0018\u000e^=\u000b\u0003\u001d\tqA\u00197f]\u0012,Gm\u0001\u0001\u0014\u0007\u0001Q\u0001\u0003\u0005\u0002\f\u001d5\tABC\u0001\u000e\u0003\u0015\u00198-\u00197b\u0013\tyAB\u0001\u0004B]f\u0014VM\u001a\t\u0003#Ii\u0011AA\u0005\u0003'\t\u00111cQ3si&4\u0017nY1uKB\u0013xN^5eKJD\u0001\"\u0006\u0001\u0003\u0002\u0003\u0006IAF\u0001\u0004G\u001a<\u0007CA\t\u0018\u0013\tA\"A\u0001\tTK247+[4oK\u0012\u001cuN\u001c4jO\")!\u0004\u0001C\u00017\u00051A(\u001b8jiz\"\"\u0001H\u000f\u0011\u0005E\u0001\u0001\"B\u000b\u001a\u0001\u00041\u0002BB\u0010\u0001A\u0003%\u0001%A\u0002m_\u001e\u0004\"!\t\u0014\u000e\u0003\tR!a\t\u0013\u0002\u000f1|wmZ5oO*\u0011QEB\u0001\u0005kRLG.\u0003\u0002(E\t1Aj\\4hKJDQ!\u000b\u0001\u0005\n)\nqbZ3oKJ\fG/Z&fsB\u000b\u0017N\u001d\u000b\u0002WA\u0011A\u0006M\u0007\u0002[)\u0011QA\f\u0006\u0002_\u0005!!.\u0019<b\u0013\t\tTFA\u0004LKf\u0004\u0016-\u001b:\t\u000bM\u0002A\u0011\t\u001b\u0002%I,gM]3tQ\u000e+'\u000f^5gS\u000e\fG/\u001a\u000b\u0004ku\u0012\u0005c\u0001\u001c9u5\tqG\u0003\u0002&\u0019%\u0011\u0011h\u000e\u0002\u0004)JL\bCA\t<\u0013\ta$AA\tTKJ4XM]\"feRLg-[2bi\u0016DQA\u0010\u001aA\u0002}\n\u0001\"\u001a=jgRLgn\u001a\t\u0004\u0017\u0001S\u0014BA!\r\u0005\u0019y\u0005\u000f^5p]\")1I\ra\u0001\t\u0006Q1M\u001c)s_ZLG-\u001a:\u0011\u0005E)\u0015B\u0001$\u0003\u0005I\u0019u.\\7p]:\u000bW.\u001a)s_ZLG-\u001a:")
/* loaded from: input_file:blended/security/ssl/SelfSignedCertificateProvider.class */
public class SelfSignedCertificateProvider implements CertificateProvider {
    private final SelfSignedConfig cfg;
    private final Logger log = Logger$.MODULE$.apply(ClassTag$.MODULE$.apply(SelfSignedCertificateProvider.class));

    private KeyPair generateKeyPair() {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(this.cfg.keyStrength());
        return keyPairGenerator.genKeyPair();
    }

    @Override // blended.security.ssl.CertificateProvider
    public Try<ServerCertificate> refreshCertificate(Option<ServerCertificate> option, CommonNameProvider commonNameProvider) {
        return Try$.MODULE$.apply(() -> {
            BigInteger bigInteger;
            Some map = option.map(serverCertificate -> {
                return (X509Certificate) serverCertificate.chain().head();
            });
            KeyPair generateKeyPair = this.generateKeyPair();
            X500Principal x500Principal = new X500Principal((String) commonNameProvider.commonName().get());
            if (map instanceof Some) {
                bigInteger = ((X509Certificate) map.value()).getSerialNumber().add(BigInteger.ONE);
            } else {
                if (!None$.MODULE$.equals(map)) {
                    throw new MatchError(map);
                }
                bigInteger = BigInteger.ONE;
            }
            Calendar calendar = Calendar.getInstance();
            calendar.add(5, -1);
            Date time = calendar.getTime();
            calendar.add(5, 1 + this.cfg.validDays());
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Principal, bigInteger, time, calendar.getTime(), x500Principal, generateKeyPair.getPublic());
            if (((TraversableOnce) this.cfg.commonNameProvider().alternativeNames().get()).nonEmpty()) {
                GeneralNames generalNames = new GeneralNames((GeneralName[]) ((TraversableOnce) ((List) commonNameProvider.alternativeNames().get()).map(str -> {
                    this.log.debug(() -> {
                        return new StringBuilder(46).append("Adding alternative dns name [").append(str).append("] to certificate.").toString();
                    });
                    return new GeneralName(2, str);
                }, List$.MODULE$.canBuildFrom())).toArray(ClassTag$.MODULE$.apply(GeneralName.class)));
                this.log.debug(() -> {
                    return new StringBuilder(16).append("General Names : ").append(generalNames).toString();
                });
                jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectAlternativeName, false, (ASN1Encodable) generalNames);
            } else {
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
            }
            jcaX509v3CertificateBuilder.addExtension(X509Extension.keyUsage, false, (ASN1Encodable) new KeyUsage(128));
            X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(this.cfg.sigAlg()).build(generateKeyPair.getPrivate())));
            this.log.debug(() -> {
                return new StringBuilder(22).append("Generated certificate ").append(X509CertificateInfo$.MODULE$.apply(certificate)).toString();
            });
            return ServerCertificate$.MODULE$.apply(generateKeyPair, List$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new X509Certificate[]{certificate})));
        });
    }

    public SelfSignedCertificateProvider(SelfSignedConfig selfSignedConfig) {
        this.cfg = selfSignedConfig;
    }
}
