package blended.security.ssl;

import blended.util.logging.Logger;
import blended.util.logging.Logger$;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Some;
import scala.collection.TraversableOnce;
import scala.collection.immutable.$colon;
import scala.collection.immutable.List;
import scala.collection.immutable.List$;
import scala.collection.immutable.Nil$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.util.Try;
import scala.util.Try$;

/* compiled from: SelfSignedCertificateProvider.scala */
@ScalaSignature(bytes = "\u0006\u0001\u001d3AAB\u0004\u0001\u001d!A\u0011\u0004\u0001B\u0001B\u0003%!\u0004C\u0003\u001e\u0001\u0011\u0005a\u0004\u0003\u0004\"\u0001\u0001\u0006IA\t\u0005\u0006U\u0001!Ia\u000b\u0005\u0006g\u0001!\t\u0005\u000e\u0002\u001e'\u0016dgmU5h]\u0016$7)\u001a:uS\u001aL7-\u0019;f!J|g/\u001b3fe*\u0011\u0001\"C\u0001\u0004gNd'B\u0001\u0006\f\u0003!\u0019XmY;sSRL(\"\u0001\u0007\u0002\u000f\tdWM\u001c3fI\u000e\u00011c\u0001\u0001\u0010+A\u0011\u0001cE\u0007\u0002#)\t!#A\u0003tG\u0006d\u0017-\u0003\u0002\u0015#\t1\u0011I\\=SK\u001a\u0004\"AF\f\u000e\u0003\u001dI!\u0001G\u0004\u0003'\r+'\u000f^5gS\u000e\fG/\u001a)s_ZLG-\u001a:\u0002\u0007\r4w\r\u0005\u0002\u00177%\u0011Ad\u0002\u0002\u0011'\u0016dgmU5h]\u0016$7i\u001c8gS\u001e\fa\u0001P5oSRtDCA\u0010!!\t1\u0002\u0001C\u0003\u001a\u0005\u0001\u0007!$A\u0002m_\u001e\u0004\"a\t\u0015\u000e\u0003\u0011R!!\n\u0014\u0002\u000f1|wmZ5oO*\u0011qeC\u0001\u0005kRLG.\u0003\u0002*I\t1Aj\\4hKJ\fqbZ3oKJ\fG/Z&fsB\u000b\u0017N\u001d\u000b\u0002YA\u0011Q&M\u0007\u0002])\u0011!b\f\u0006\u0002a\u0005!!.\u0019<b\u0013\t\u0011dFA\u0004LKf\u0004\u0016-\u001b:\u0002%I,gM]3tQ\u000e+'\u000f^5gS\u000e\fG/\u001a\u000b\u0004ku\u0012\u0005c\u0001\u001c9u5\tqG\u0003\u0002(#%\u0011\u0011h\u000e\u0002\u0004)JL\bC\u0001\f<\u0013\tatAA\tTKJ4XM]\"feRLg-[2bi\u0016DQAP\u0003A\u0002}\n\u0001\"\u001a=jgRLgn\u001a\t\u0004!\u0001S\u0014BA!\u0012\u0005\u0019y\u0005\u000f^5p]\")1)\u0002a\u0001\t\u0006Q1M\u001c)s_ZLG-\u001a:\u0011\u0005Y)\u0015B\u0001$\b\u0005I\u0019u.\\7p]:\u000bW.\u001a)s_ZLG-\u001a:")
/* loaded from: input_file:blended/security/ssl/SelfSignedCertificateProvider.class */
public class SelfSignedCertificateProvider implements CertificateProvider {
    private final SelfSignedConfig cfg;
    private final Logger log = Logger$.MODULE$.apply(ClassTag$.MODULE$.apply(SelfSignedCertificateProvider.class));

    private KeyPair generateKeyPair() {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(this.cfg.keyStrength());
        return keyPairGenerator.genKeyPair();
    }

    @Override // blended.security.ssl.CertificateProvider
    public Try<ServerCertificate> refreshCertificate(Option<ServerCertificate> option, CommonNameProvider commonNameProvider) {
        return Try$.MODULE$.apply(() -> {
            BigInteger bigInteger;
            Some map = option.map(serverCertificate -> {
                return (X509Certificate) serverCertificate.chain().head();
            });
            KeyPair generateKeyPair = this.generateKeyPair();
            X500Principal x500Principal = new X500Principal((String) commonNameProvider.commonName().get());
            if (map instanceof Some) {
                bigInteger = ((X509Certificate) map.value()).getSerialNumber().add(BigInteger.ONE);
            } else {
                if (!None$.MODULE$.equals(map)) {
                    throw new MatchError(map);
                }
                bigInteger = BigInteger.ONE;
            }
            Calendar calendar = Calendar.getInstance();
            calendar.add(5, -1);
            Date time = calendar.getTime();
            calendar.add(5, 1 + this.cfg.validDays());
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Principal, bigInteger, time, calendar.getTime(), x500Principal, generateKeyPair.getPublic());
            if (((TraversableOnce) this.cfg.commonNameProvider().alternativeNames().get()).nonEmpty()) {
                GeneralNames generalNames = new GeneralNames((GeneralName[]) ((TraversableOnce) ((List) commonNameProvider.alternativeNames().get()).map(str -> {
                    this.log.debug(() -> {
                        return new StringBuilder(46).append("Adding alternative dns name [").append(str).append("] to certificate.").toString();
                    });
                    return new GeneralName(2, str);
                }, List$.MODULE$.canBuildFrom())).toArray(ClassTag$.MODULE$.apply(GeneralName.class)));
                this.log.debug(() -> {
                    return new StringBuilder(16).append("General Names : ").append(generalNames).toString();
                });
                jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectAlternativeName, false, (ASN1Encodable) generalNames);
            } else {
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
            }
            jcaX509v3CertificateBuilder.addExtension(X509Extension.keyUsage, false, (ASN1Encodable) new KeyUsage(128));
            X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(this.cfg.sigAlg()).build(generateKeyPair.getPrivate())));
            this.log.debug(() -> {
                return new StringBuilder(22).append("Generated certificate ").append(X509CertificateInfo$.MODULE$.apply(certificate)).toString();
            });
            return ServerCertificate$.MODULE$.apply(generateKeyPair, new $colon.colon(certificate, Nil$.MODULE$));
        });
    }

    public SelfSignedCertificateProvider(SelfSignedConfig selfSignedConfig) {
        this.cfg = selfSignedConfig;
    }
}
