package blended.security.ssl.internal;

import blended.mgmt.base.FrameworkService;
import blended.security.ssl.internal.RefresherConfig;
import blended.util.logging.Logger;
import blended.util.logging.Logger$;
import domino.DominoImplicits;
import domino.RichServiceReference;
import domino.capsule.Capsule;
import domino.capsule.CapsuleScope;
import domino.service_consuming.ServiceConsuming;
import java.util.Date;
import java.util.Timer;
import java.util.TimerTask;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Some;
import scala.collection.Seq;
import scala.reflect.ClassTag;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.reflect.api.TypeTags;
import scala.runtime.BoxedUnit;
import scala.util.Failure;
import scala.util.Success;

/* compiled from: CertificateRefresher.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005\rs!B\f\u0019\u0011\u0003\tc!B\u0012\u0019\u0011\u0003!\u0003\"B\u0016\u0002\t\u0003a\u0003\"B\u0017\u0002\t\u0003q\u0003bB\"\u0002#\u0003%\t\u0001\u0012\u0004\u0005Ga\u0001q\n\u0003\u0005_\u000b\t\u0015\r\u0011\"\u0011`\u0011!QWA!A!\u0002\u0013\u0001\u0007\u0002C6\u0006\u0005\u0003\u0005\u000b\u0011\u00027\t\u0011=,!\u0011!Q\u0001\nmB\u0001\u0002]\u0003\u0003\u0002\u0003\u0006I!\u001d\u0005\u0006W\u0015!\t\u0001\u001e\u0005\u0007u\u0016\u0001\u000b\u0011B>\t\u0011\u0005\u0015Q\u0001)A\u0005\u0003\u000fA\u0001\"a\u0005\u0006A\u0003%\u0011Q\u0003\u0005\b\u00037)A\u0011IA\u000f\u0011\u001d\t)#\u0002C!\u0003;Aq!a\n\u0006\t\u0003\tIC\u0002\u0004\u0002.\u0015\u0001\u0011q\u0006\u0005\tWJ\u0011\t\u0011)A\u0005Y\"A!H\u0005B\u0001B\u0003%1\b\u0003\u0004,%\u0011\u0005\u0011q\u0007\u0005\b\u0003\u0003\u0012B\u0011IA\u000f\u0003Q\u0019UM\u001d;jM&\u001c\u0017\r^3SK\u001a\u0014Xm\u001d5fe*\u0011\u0011DG\u0001\tS:$XM\u001d8bY*\u00111\u0004H\u0001\u0004gNd'BA\u000f\u001f\u0003!\u0019XmY;sSRL(\"A\u0010\u0002\u000f\tdWM\u001c3fI\u000e\u0001\u0001C\u0001\u0012\u0002\u001b\u0005A\"\u0001F\"feRLg-[2bi\u0016\u0014VM\u001a:fg\",'o\u0005\u0002\u0002KA\u0011a%K\u0007\u0002O)\t\u0001&A\u0003tG\u0006d\u0017-\u0003\u0002+O\t1\u0011I\\=SK\u001a\fa\u0001P5oSRtD#A\u0011\u0002/9,\u0007\u0010\u001e*fMJ,7\u000f[*dQ\u0016$W\u000f\\3US6,G\u0003B\u00188sy\u0002\"\u0001M\u001b\u000e\u0003ER!AM\u001a\u0002\tU$\u0018\u000e\u001c\u0006\u0002i\u0005!!.\u0019<b\u0013\t1\u0014G\u0001\u0003ECR,\u0007\"\u0002\u001d\u0004\u0001\u0004y\u0013\u0001\u0003<bY&$WI\u001c3\t\u000bi\u001a\u0001\u0019A\u001e\u0002\u001fI,gM]3tQ\u0016\u00148i\u001c8gS\u001e\u0004\"A\t\u001f\n\u0005uB\"a\u0004*fMJ,7\u000f[3s\u0007>tg-[4\t\u000f}\u001a\u0001\u0013!a\u0001\u0001\u0006\u0019an\\<\u0011\u0007\u0019\nu&\u0003\u0002CO\t1q\n\u001d;j_:\f\u0011E\\3yiJ+gM]3tQN\u001b\u0007.\u001a3vY\u0016$\u0016.\\3%I\u00164\u0017-\u001e7uIM*\u0012!\u0012\u0016\u0003\u0001\u001a[\u0013a\u0012\t\u0003\u00116k\u0011!\u0013\u0006\u0003\u0015.\u000b\u0011\"\u001e8dQ\u0016\u001c7.\u001a3\u000b\u00051;\u0013AC1o]>$\u0018\r^5p]&\u0011a*\u0013\u0002\u0012k:\u001c\u0007.Z2lK\u00124\u0016M]5b]\u000e,7\u0003B\u0003&!b\u0003\"!\u0015,\u000e\u0003IS!a\u0015+\u0002\u000f\r\f\u0007o];mK*\tQ+\u0001\u0004e_6Lgn\\\u0005\u0003/J\u0013qaQ1qgVdW\r\u0005\u0002Z96\t!L\u0003\u0002\\)\u0006\t2/\u001a:wS\u000e,wlY8ogVl\u0017N\\4\n\u0005uS&\u0001E*feZL7-Z\"p]N,X.\u001b8h\u00035\u0011WO\u001c3mK\u000e{g\u000e^3yiV\t\u0001\r\u0005\u0002bQ6\t!M\u0003\u0002dI\u0006IaM]1nK^|'o\u001b\u0006\u0003K\u001a\fAa\\:hS*\tq-A\u0002pe\u001eL!!\u001b2\u0003\u001b\t+h\u000e\u001a7f\u0007>tG/\u001a=u\u00039\u0011WO\u001c3mK\u000e{g\u000e^3yi\u0002\nqaY3si6;'\u000f\u0005\u0002#[&\u0011a\u000e\u0007\u0002\u0017\u0007\u0016\u0014H/\u001b4jG\u0006$X-T1oC\u001e,'/S7qY\u0006\u00191MZ4\u0002\u000bM\u001cw\u000e]3\u0011\u0005E\u0013\u0018BA:S\u00051\u0019\u0015\r]:vY\u0016\u001c6m\u001c9f)\u0015)ho\u001e=z!\t\u0011S\u0001C\u0003_\u0017\u0001\u0007\u0001\rC\u0003l\u0017\u0001\u0007A\u000eC\u0003p\u0017\u0001\u00071\bC\u0003q\u0017\u0001\u0007\u0011/A\u0002m_\u001e\u00042\u0001`A\u0001\u001b\u0005i(B\u0001@��\u0003\u001dawnZ4j]\u001eT!A\r\u0010\n\u0007\u0005\rQP\u0001\u0004M_\u001e<WM]\u0001\ni&lWM\u001d(b[\u0016\u0004B!!\u0003\u0002\u00105\u0011\u00111\u0002\u0006\u0004\u0003\u001b\u0019\u0014\u0001\u00027b]\u001eLA!!\u0005\u0002\f\t11\u000b\u001e:j]\u001e\fQ\u0001^5nKJ\u00042\u0001MA\f\u0013\r\tI\"\r\u0002\u0006)&lWM]\u0001\u0006gR\f'\u000f\u001e\u000b\u0003\u0003?\u00012AJA\u0011\u0013\r\t\u0019c\n\u0002\u0005+:LG/\u0001\u0003ti>\u0004\u0018aD:dQ\u0016$W\u000f\\3SK\u001a\u0014Xm\u001d5\u0015\t\u0005}\u00111\u0006\u0005\u0006uE\u0001\ra\u000f\u0002\f%\u00164'/Z:i)\u0006\u001c8nE\u0002\u0013\u0003c\u00012\u0001MA\u001a\u0013\r\t)$\r\u0002\n)&lWM\u001d+bg.$b!!\u000f\u0002>\u0005}\u0002cAA\u001e%5\tQ\u0001C\u0003l+\u0001\u0007A\u000eC\u0003;+\u0001\u00071(A\u0002sk:\u0004")
/* loaded from: input_file:blended/security/ssl/internal/CertificateRefresher.class */
public class CertificateRefresher implements Capsule, ServiceConsuming {
    private final BundleContext bundleContext;
    private final CertificateManagerImpl certMgr;
    private final RefresherConfig cfg;
    public final CapsuleScope blended$security$ssl$internal$CertificateRefresher$$scope;
    public final Logger blended$security$ssl$internal$CertificateRefresher$$log;
    private final String timerName;
    private final Timer timer;

    /* compiled from: CertificateRefresher.scala */
    /* loaded from: input_file:blended/security/ssl/internal/CertificateRefresher$RefreshTask.class */
    public class RefreshTask extends TimerTask {
        private final CertificateManagerImpl certMgr;
        private final RefresherConfig refresherConfig;
        public final /* synthetic */ CertificateRefresher $outer;

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            BoxedUnit boxedUnit;
            blended$security$ssl$internal$CertificateRefresher$RefreshTask$$$outer().blended$security$ssl$internal$CertificateRefresher$$log.debug(() -> {
                return "About to start refresh timer task. Trying to update certificate(s)";
            });
            Failure checkCertificates = this.certMgr.checkCertificates();
            if (checkCertificates instanceof Failure) {
                blended$security$ssl$internal$CertificateRefresher$RefreshTask$$$outer().blended$security$ssl$internal$CertificateRefresher$$log.debug(checkCertificates.exception(), () -> {
                    return "Automatic certifcate refresh failed. Countinuing with old SslContextProvider";
                });
                blended$security$ssl$internal$CertificateRefresher$RefreshTask$$$outer().scheduleRefresh(this.refresherConfig);
                BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
                return;
            }
            if (!(checkCertificates instanceof Success)) {
                throw new MatchError(checkCertificates);
            }
            if (((MemoryKeystore) ((Success) checkCertificates).value()).changedAliases().isEmpty()) {
                blended$security$ssl$internal$CertificateRefresher$RefreshTask$$$outer().blended$security$ssl$internal$CertificateRefresher$$log.debug(() -> {
                    return "Automatic certificate refresh could not obtain an updated certificate. Continuing with old SslContextProviver";
                });
                blended$security$ssl$internal$CertificateRefresher$RefreshTask$$$outer().scheduleRefresh(this.refresherConfig);
                boxedUnit = BoxedUnit.UNIT;
            } else {
                blended$security$ssl$internal$CertificateRefresher$RefreshTask$$$outer().blended$security$ssl$internal$CertificateRefresher$$log.info(() -> {
                    return "Automatic certificate refresh returned new certificate(s)";
                });
                RefresherConfig.Action onRefreshAction = this.refresherConfig.onRefreshAction();
                if (RefresherConfig$Refresh$.MODULE$.equals(onRefreshAction)) {
                    blended$security$ssl$internal$CertificateRefresher$RefreshTask$$$outer().blended$security$ssl$internal$CertificateRefresher$$log.info(() -> {
                        return "About to remove old SslContextProvider from registry";
                    });
                    blended$security$ssl$internal$CertificateRefresher$RefreshTask$$$outer().blended$security$ssl$internal$CertificateRefresher$$scope.stop();
                    blended$security$ssl$internal$CertificateRefresher$RefreshTask$$$outer().blended$security$ssl$internal$CertificateRefresher$$log.info(() -> {
                        return "Registering new SslContextProvider for new KeyStore";
                    });
                    this.certMgr.registerSslContextProvider();
                    blended$security$ssl$internal$CertificateRefresher$RefreshTask$$$outer().scheduleRefresh(this.refresherConfig);
                    BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
                } else {
                    if (!RefresherConfig$Restart$.MODULE$.equals(onRefreshAction)) {
                        throw new MatchError(onRefreshAction);
                    }
                }
                boxedUnit = BoxedUnit.UNIT;
            }
        }

        public /* synthetic */ CertificateRefresher blended$security$ssl$internal$CertificateRefresher$RefreshTask$$$outer() {
            return this.$outer;
        }

        public static final /* synthetic */ void $anonfun$run$7(RefreshTask refreshTask, Option option) {
            if (option instanceof Some) {
                FrameworkService frameworkService = (FrameworkService) ((Some) option).value();
                refreshTask.blended$security$ssl$internal$CertificateRefresher$RefreshTask$$$outer().blended$security$ssl$internal$CertificateRefresher$$log.warn(() -> {
                    return "Requesting framework restart";
                });
                frameworkService.restartContainer("The certificate required for the SSL context was refreshed. An restart is required to cleanly use the new certificate.", true);
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
                return;
            }
            if (!None$.MODULE$.equals(option)) {
                throw new MatchError(option);
            }
            refreshTask.blended$security$ssl$internal$CertificateRefresher$RefreshTask$$$outer().blended$security$ssl$internal$CertificateRefresher$$log.error(() -> {
                return "Could not aquire a FrameworkService to restart the OSGi container. Skipping certificate refresh.";
            });
            refreshTask.blended$security$ssl$internal$CertificateRefresher$RefreshTask$$$outer().scheduleRefresh(refreshTask.refresherConfig);
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }

        public RefreshTask(CertificateRefresher certificateRefresher, CertificateManagerImpl certificateManagerImpl, RefresherConfig refresherConfig) {
            this.certMgr = certificateManagerImpl;
            this.refresherConfig = refresherConfig;
            if (certificateRefresher == null) {
                throw null;
            }
            this.$outer = certificateRefresher;
        }
    }

    public static Date nextRefreshScheduleTime(Date date, RefresherConfig refresherConfig, Option<Date> option) {
        return CertificateRefresher$.MODULE$.nextRefreshScheduleTime(date, refresherConfig, option);
    }

    public <S, R> R withService(Function1<Option<S>, R> function1, ClassTag<S> classTag) {
        return (R) ServiceConsuming.withService$(this, function1, classTag);
    }

    public <S, R> R withAdvancedService(String str, Function1<Option<S>, R> function1, TypeTags.TypeTag<S> typeTag, ClassTag<S> classTag) {
        return (R) ServiceConsuming.withAdvancedService$(this, str, function1, typeTag, classTag);
    }

    public <S> Option<S> service(ClassTag<S> classTag) {
        return ServiceConsuming.service$(this, classTag);
    }

    public <S> Option<ServiceReference<S>> serviceRef(ClassTag<S> classTag) {
        return ServiceConsuming.serviceRef$(this, classTag);
    }

    public <S> Option<S> service(String str, TypeTags.TypeTag<S> typeTag, ClassTag<S> classTag) {
        return ServiceConsuming.service$(this, str, typeTag, classTag);
    }

    public <S> Option<ServiceReference<S>> serviceRef(String str, TypeTags.TypeTag<S> typeTag, ClassTag<S> classTag) {
        return ServiceConsuming.serviceRef$(this, str, typeTag, classTag);
    }

    public <S> Seq<S> services(TypeTags.TypeTag<S> typeTag, ClassTag<S> classTag) {
        return ServiceConsuming.services$(this, typeTag, classTag);
    }

    public <S> Seq<ServiceReference<S>> serviceRefs(TypeTags.TypeTag<S> typeTag, ClassTag<S> classTag) {
        return ServiceConsuming.serviceRefs$(this, typeTag, classTag);
    }

    public <S> Seq<S> services(String str, TypeTags.TypeTag<S> typeTag, ClassTag<S> classTag) {
        return ServiceConsuming.services$(this, str, typeTag, classTag);
    }

    public <S> Seq<ServiceReference<S>> serviceRefs(String str, TypeTags.TypeTag<S> typeTag, ClassTag<S> classTag) {
        return ServiceConsuming.serviceRefs$(this, str, typeTag, classTag);
    }

    public <S> RichServiceReference<S> serviceRefToRichServiceRef(ServiceReference<S> serviceReference) {
        return DominoImplicits.serviceRefToRichServiceRef$(this, serviceReference);
    }

    public BundleContext bundleContext() {
        return this.bundleContext;
    }

    public void start() {
        scheduleRefresh(this.cfg);
    }

    public void stop() {
        this.blended$security$ssl$internal$CertificateRefresher$$log.debug(() -> {
            return new StringBuilder(19).append("Cancelling timer [").append(this.timerName).append("]").toString();
        });
        this.timer.cancel();
    }

    public void scheduleRefresh(RefresherConfig refresherConfig) {
        Date nextRefreshScheduleTime = CertificateRefresher$.MODULE$.nextRefreshScheduleTime((Date) this.certMgr.nextCertificateTimeout().get(), refresherConfig, CertificateRefresher$.MODULE$.nextRefreshScheduleTime$default$3());
        RefreshTask refreshTask = new RefreshTask(this, this.certMgr, refresherConfig);
        this.blended$security$ssl$internal$CertificateRefresher$$log.debug(() -> {
            return new StringBuilder(52).append("Scheduling new timer task with timer [").append(this.timerName).append("] to start at ").append(nextRefreshScheduleTime).toString();
        });
        this.timer.schedule(refreshTask, nextRefreshScheduleTime);
    }

    public CertificateRefresher(BundleContext bundleContext, CertificateManagerImpl certificateManagerImpl, RefresherConfig refresherConfig, CapsuleScope capsuleScope) {
        this.bundleContext = bundleContext;
        this.certMgr = certificateManagerImpl;
        this.cfg = refresherConfig;
        this.blended$security$ssl$internal$CertificateRefresher$$scope = capsuleScope;
        DominoImplicits.$init$(this);
        ServiceConsuming.$init$(this);
        this.blended$security$ssl$internal$CertificateRefresher$$log = Logger$.MODULE$.apply(ClassTag$.MODULE$.apply(CertificateRefresher.class));
        this.timerName = "refresh-certificate";
        this.timer = new Timer(this.timerName, true);
    }
}
