package blended.security.ssl;

import blended.security.ssl.internal.CertificateConfig;
import blended.util.logging.Logger;
import blended.util.logging.Logger$;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Product;
import scala.Serializable;
import scala.Some;
import scala.Tuple2;
import scala.collection.Iterable$;
import scala.collection.Iterator;
import scala.collection.MapLike;
import scala.collection.TraversableOnce;
import scala.collection.immutable.$colon;
import scala.collection.immutable.List;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.concurrent.duration.package;
import scala.concurrent.duration.package$;
import scala.math.Ordering$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;
import scala.util.Failure;
import scala.util.Success;
import scala.util.Try;
import scala.util.Try$;

/* compiled from: MemoryKeystore.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005]h\u0001\u0002\u0011\"\u0001\"B\u0001\"\u000e\u0001\u0003\u0016\u0004%\tA\u000e\u0005\t\u0013\u0002\u0011\t\u0012)A\u0005o!)!\n\u0001C\u0001\u0017\"1a\n\u0001Q\u0001\n=Caa\u0016\u0001!\u0002\u0013A\u0006bB.\u0001\u0005\u0004%\t\u0001\u0018\u0005\u0007M\u0002\u0001\u000b\u0011B/\t\u000b\u001d\u0004A\u0011\u00015\t\u000b1\u0004A\u0011A7\t\u000b]\u0004A\u0011\u0001=\t\u000f\u0005M\u0001\u0001\"\u0001\u0002\u0016!A\u0011q\u0005\u0001!\n\u0013\tI\u0003\u0003\u0005\u0002L\u0001!\t!IA'\u0011\u001d\t9\u0006\u0001C\u0001\u00033B\u0011\"!\u0019\u0001\u0003\u0003%\t!a\u0019\t\u0013\u0005\u001d\u0004!%A\u0005\u0002\u0005%\u0004\"CA@\u0001\u0005\u0005I\u0011IAA\u0011%\ti\tAA\u0001\n\u0003\ty\tC\u0005\u0002\u0018\u0002\t\t\u0011\"\u0001\u0002\u001a\"I\u0011Q\u0015\u0001\u0002\u0002\u0013\u0005\u0013q\u0015\u0005\n\u0003k\u0003\u0011\u0011!C\u0001\u0003oC\u0011\"a/\u0001\u0003\u0003%\t%!0\t\u0013\u0005}\u0006!!A\u0005B\u0005\u0005\u0007\"CAb\u0001\u0005\u0005I\u0011IAc\u000f%\tI-IA\u0001\u0012\u0003\tYM\u0002\u0005!C\u0005\u0005\t\u0012AAg\u0011\u0019Q%\u0004\"\u0001\u0002\\\"I\u0011q\u0018\u000e\u0002\u0002\u0013\u0015\u0013\u0011\u0019\u0005\n\u0003;T\u0012\u0011!CA\u0003?D\u0011\"a9\u001b\u0003\u0003%\t)!:\t\u0013\u00055($!A\u0005\n\u0005=(AD'f[>\u0014\u0018pS3zgR|'/\u001a\u0006\u0003E\r\n1a]:m\u0015\t!S%\u0001\u0005tK\u000e,(/\u001b;z\u0015\u00051\u0013a\u00022mK:$W\rZ\u0002\u0001'\u0011\u0001\u0011f\f\u001a\u0011\u0005)jS\"A\u0016\u000b\u00031\nQa]2bY\u0006L!AL\u0016\u0003\r\u0005s\u0017PU3g!\tQ\u0003'\u0003\u00022W\t9\u0001K]8ek\u000e$\bC\u0001\u00164\u0013\t!4F\u0001\u0007TKJL\u0017\r\\5{C\ndW-\u0001\u0007dKJ$\u0018NZ5dCR,7/F\u00018!\u0011AtHQ#\u000f\u0005ej\u0004C\u0001\u001e,\u001b\u0005Y$B\u0001\u001f(\u0003\u0019a$o\\8u}%\u0011ahK\u0001\u0007!J,G-\u001a4\n\u0005\u0001\u000b%aA'ba*\u0011ah\u000b\t\u0003q\rK!\u0001R!\u0003\rM#(/\u001b8h!\t1u)D\u0001\"\u0013\tA\u0015EA\tDKJ$\u0018NZ5dCR,\u0007j\u001c7eKJ\fQbY3si&4\u0017nY1uKN\u0004\u0013A\u0002\u001fj]&$h\b\u0006\u0002M\u001bB\u0011a\t\u0001\u0005\u0006k\r\u0001\raN\u0001\u0004Y><\u0007C\u0001)V\u001b\u0005\t&B\u0001*T\u0003\u001dawnZ4j]\u001eT!\u0001V\u0013\u0002\tU$\u0018\u000e\\\u0005\u0003-F\u0013a\u0001T8hO\u0016\u0014\u0018\u0001D7jY2L7\u000fU3s\t\u0006L\bC\u0001\u0016Z\u0013\tQ6F\u0001\u0003M_:<\u0017AD2iC:<W\rZ!mS\u0006\u001cXm]\u000b\u0002;B\u0019al\u0019\"\u000f\u0005}\u000bgB\u0001\u001ea\u0013\u0005a\u0013B\u00012,\u0003\u001d\u0001\u0018mY6bO\u0016L!\u0001Z3\u0003\t1K7\u000f\u001e\u0006\u0003E.\nqb\u00195b]\u001e,G-\u00117jCN,7\u000fI\u0001\u000bG>t7/[:uK:$X#A5\u0011\u0005)R\u0017BA6,\u0005\u001d\u0011un\u001c7fC:\fa!\u001e9eCR,Gc\u00018tkB\u0019q.\u001d'\u000e\u0003AT!\u0001V\u0016\n\u0005I\u0004(a\u0001+ss\")A/\u0003a\u0001\u0005\u0006)\u0011\r\\5bg\")a/\u0003a\u0001\u000b\u0006!1-\u001a:u\u0003=1\u0017N\u001c3CsB\u0013\u0018N\\2ja\u0006dGCA=}!\rQ#0R\u0005\u0003w.\u0012aa\u00149uS>t\u0007\"B?\u000b\u0001\u0004q\u0018!\u00039sS:\u001c\u0017\u000e]1m!\ry\u0018qB\u0007\u0003\u0003\u0003QA!a\u0001\u0002\u0006\u0005!\u00010\u000e\u00191\u0015\u0011\t9!!\u0003\u0002\t\u0005,H\u000f\u001b\u0006\u0004I\u0005-!BAA\u0007\u0003\u0015Q\u0017M^1y\u0013\u0011\t\t\"!\u0001\u0003\u001ba+\u0004\u0007\r)sS:\u001c\u0017\u000e]1m\u0003YqW\r\u001f;DKJ$\u0018NZ5dCR,G+[7f_V$HCAA\f!\u0011y\u0017/!\u0007\u0011\t\u0005m\u00111E\u0007\u0003\u0003;Q1\u0001VA\u0010\u0015\t\t\t#\u0001\u0003kCZ\f\u0017\u0002BA\u0013\u0003;\u0011A\u0001R1uK\u0006\u0011\"/\u001a4sKND7)\u001a:uS\u001aL7-\u0019;f)\u001dq\u00171FA\u001e\u0003\u000fBq!!\f\r\u0001\u0004\ty#A\u0004dKJ$8IZ4\u0011\t\u0005E\u0012qG\u0007\u0003\u0003gQ1!!\u000e\"\u0003!Ig\u000e^3s]\u0006d\u0017\u0002BA\u001d\u0003g\u0011\u0011cQ3si&4\u0017nY1uK\u000e{gNZ5h\u0011\u001d\ti\u0004\u0004a\u0001\u0003\u007f\t1\u0002\u001d:pm&$WM]'baB)\u0001h\u0010\"\u0002BA\u0019a)a\u0011\n\u0007\u0005\u0015\u0013EA\nDKJ$\u0018NZ5dCR,\u0007K]8wS\u0012,'\u000f\u0003\u0004\u0002J1\u0001\r!_\u0001\b_2$7)\u001a:u\u0003\u001d\u0019\u0007.\u00198hK\u0012$RA\\A(\u0003+Bq!!\u0015\u000e\u0001\u0004\t\u0019&A\u0006dKJ$8i\u001c8gS\u001e\u001c\b\u0003\u00020d\u0003_Aq!!\u0010\u000e\u0001\u0004\ty$A\nsK\u001a\u0014Xm\u001d5DKJ$\u0018NZ5dCR,7\u000fF\u0003o\u00037\ny\u0006C\u0004\u0002^9\u0001\r!a\u0015\u0002\u0011\r,'\u000f^\"gONDq!!\u0010\u000f\u0001\u0004\ty$\u0001\u0003d_BLHc\u0001'\u0002f!9Qg\u0004I\u0001\u0002\u00049\u0014AD2paf$C-\u001a4bk2$H%M\u000b\u0003\u0003WR3aNA7W\t\ty\u0007\u0005\u0003\u0002r\u0005mTBAA:\u0015\u0011\t)(a\u001e\u0002\u0013Ut7\r[3dW\u0016$'bAA=W\u0005Q\u0011M\u001c8pi\u0006$\u0018n\u001c8\n\t\u0005u\u00141\u000f\u0002\u0012k:\u001c\u0007.Z2lK\u00124\u0016M]5b]\u000e,\u0017!\u00049s_\u0012,8\r\u001e)sK\u001aL\u00070\u0006\u0002\u0002\u0004B!\u0011QQAF\u001b\t\t9I\u0003\u0003\u0002\n\u0006}\u0011\u0001\u00027b]\u001eL1\u0001RAD\u00031\u0001(o\u001c3vGR\f%/\u001b;z+\t\t\t\nE\u0002+\u0003'K1!!&,\u0005\rIe\u000e^\u0001\u000faJ|G-^2u\u000b2,W.\u001a8u)\u0011\tY*!)\u0011\u0007)\ni*C\u0002\u0002 .\u00121!\u00118z\u0011%\t\u0019kEA\u0001\u0002\u0004\t\t*A\u0002yIE\nq\u0002\u001d:pIV\u001cG/\u0013;fe\u0006$xN]\u000b\u0003\u0003S\u0003b!a+\u00022\u0006mUBAAW\u0015\r\tykK\u0001\u000bG>dG.Z2uS>t\u0017\u0002BAZ\u0003[\u0013\u0001\"\u0013;fe\u0006$xN]\u0001\tG\u0006tW)];bYR\u0019\u0011.!/\t\u0013\u0005\rV#!AA\u0002\u0005m\u0015\u0001\u00035bg\"\u001cu\u000eZ3\u0015\u0005\u0005E\u0015\u0001\u0003;p'R\u0014\u0018N\\4\u0015\u0005\u0005\r\u0015AB3rk\u0006d7\u000fF\u0002j\u0003\u000fD\u0011\"a)\u0019\u0003\u0003\u0005\r!a'\u0002\u001d5+Wn\u001c:z\u0017\u0016L8\u000f^8sKB\u0011aIG\n\u00055\u0005='\u0007\u0005\u0004\u0002R\u0006]w\u0007T\u0007\u0003\u0003'T1!!6,\u0003\u001d\u0011XO\u001c;j[\u0016LA!!7\u0002T\n\t\u0012IY:ue\u0006\u001cGOR;oGRLwN\\\u0019\u0015\u0005\u0005-\u0017!B1qa2LHc\u0001'\u0002b\")Q'\ba\u0001o\u00059QO\\1qa2LH\u0003BAt\u0003S\u00042A\u000b>8\u0011!\tYOHA\u0001\u0002\u0004a\u0015a\u0001=%a\u0005Y!/Z1e%\u0016\u001cx\u000e\u001c<f)\t\t\t\u0010\u0005\u0003\u0002\u0006\u0006M\u0018\u0002BA{\u0003\u000f\u0013aa\u00142kK\u000e$\b")
/* loaded from: input_file:blended/security/ssl/MemoryKeystore.class */
public class MemoryKeystore implements Product, Serializable {
    private final Map<String, CertificateHolder> certificates;
    private final Logger log;
    private final long millisPerDay;
    private final List<String> changedAliases;

    public static Option<Map<String, CertificateHolder>> unapply(MemoryKeystore memoryKeystore) {
        return MemoryKeystore$.MODULE$.unapply(memoryKeystore);
    }

    public static MemoryKeystore apply(Map<String, CertificateHolder> map) {
        return MemoryKeystore$.MODULE$.apply(map);
    }

    public static <A> Function1<Map<String, CertificateHolder>, A> andThen(Function1<MemoryKeystore, A> function1) {
        return MemoryKeystore$.MODULE$.andThen(function1);
    }

    public static <A> Function1<A, MemoryKeystore> compose(Function1<A, Map<String, CertificateHolder>> function1) {
        return MemoryKeystore$.MODULE$.compose(function1);
    }

    public Map<String, CertificateHolder> certificates() {
        return this.certificates;
    }

    public List<String> changedAliases() {
        return this.changedAliases;
    }

    public boolean consistent() {
        return certificates().values().forall(certificateHolder -> {
            return BoxesRunTime.boxToBoolean($anonfun$consistent$1(certificateHolder));
        }) || certificates().values().forall(certificateHolder2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$consistent$2(certificateHolder2));
        });
    }

    public Try<MemoryKeystore> update(String str, CertificateHolder certificateHolder) {
        return Try$.MODULE$.apply(() -> {
            this.log.info(() -> {
                return new StringBuilder(33).append("Updating memory keystore [alias=").append(str).append("]").toString();
            });
            MemoryKeystore memoryKeystore = new MemoryKeystore(this.certificates().filterKeys(str2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$update$3(str, str2));
            }).$plus(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(str), certificateHolder.copy(certificateHolder.copy$default$1(), certificateHolder.copy$default$2(), certificateHolder.copy$default$3(), true))));
            if (!memoryKeystore.consistent()) {
                throw new InconsistentKeystoreException("Keystore must be consistent after update");
            }
            this.log.info(() -> {
                return new StringBuilder(29).append("Updated keystore aliases : [").append(memoryKeystore.certificates().keys()).append("]").toString();
            });
            return memoryKeystore;
        });
    }

    public Option<CertificateHolder> findByPrincipal(X500Principal x500Principal) {
        return certificates().values().find(certificateHolder -> {
            return BoxesRunTime.boxToBoolean($anonfun$findByPrincipal$1(x500Principal, certificateHolder));
        });
    }

    public Try<Date> nextCertificateTimeout() {
        return Try$.MODULE$.apply(() -> {
            Map<String, CertificateHolder> certificates = this.certificates();
            return certificates.isEmpty() ? new Date() : (Date) ((TraversableOnce) certificates.values().map(certificateHolder -> {
                return ((X509Certificate) certificateHolder.chain().head()).getNotAfter();
            }, Iterable$.MODULE$.canBuildFrom())).min(Ordering$.MODULE$.ordered(Predef$.MODULE$.$conforms()));
        });
    }

    private Try<MemoryKeystore> refreshCertificate(CertificateConfig certificateConfig, Map<String, CertificateProvider> map, Option<CertificateHolder> option) {
        return Try$.MODULE$.apply(() -> {
            MemoryKeystore memoryKeystore;
            Some some = map.get(certificateConfig.provider());
            if (None$.MODULE$.equals(some)) {
                this.log.warn(() -> {
                    return new StringBuilder(62).append("Certificate provider [").append(certificateConfig.provider()).append("] not found, not updating certificate [").append(certificateConfig.alias()).append("]").toString();
                });
                memoryKeystore = this;
            } else {
                if (!(some instanceof Some)) {
                    throw new MatchError(some);
                }
                CertificateHolder certificateHolder = (CertificateHolder) ((CertificateProvider) some.value()).refreshCertificate(option, certificateConfig.cnProvider()).get();
                this.log.info(() -> {
                    return new StringBuilder(38).append("Obtained certificate for alias [").append(certificateConfig.alias()).append("] : [").append(certificateHolder).append("]").toString();
                });
                memoryKeystore = (MemoryKeystore) this.update(certificateConfig.alias(), certificateHolder).get();
            }
            return memoryKeystore;
        });
    }

    public Try<MemoryKeystore> changed(List<CertificateConfig> list, Map<String, CertificateProvider> map) {
        return Try$.MODULE$.apply(() -> {
            MemoryKeystore memoryKeystore;
            MemoryKeystore memoryKeystore2;
            MemoryKeystore memoryKeystore3;
            MemoryKeystore memoryKeystore4;
            MemoryKeystore memoryKeystore5;
            if (Nil$.MODULE$.equals(list)) {
                memoryKeystore3 = this;
            } else {
                if (!(list instanceof $colon.colon)) {
                    throw new MatchError(list);
                }
                $colon.colon colonVar = ($colon.colon) list;
                CertificateConfig certificateConfig = (CertificateConfig) colonVar.head();
                List<CertificateConfig> tl$access$1 = colonVar.tl$access$1();
                Some some = this.certificates().get(certificateConfig.alias());
                if (some instanceof Some) {
                    CertificateHolder certificateHolder = (CertificateHolder) some.value();
                    long time = X509CertificateInfo$.MODULE$.apply((X509Certificate) certificateHolder.chain().head()).notAfter().getTime() - System.currentTimeMillis();
                    if (time <= certificateConfig.minValidDays() * this.millisPerDay) {
                        this.log.info(() -> {
                            return new StringBuilder(67).append("Certificate [").append(certificateConfig.alias()).append("] is about to expire in ").append(time / this.millisPerDay).append(" days...refreshing certificate").toString();
                        });
                        Success refreshCertificate = this.refreshCertificate(certificateConfig, map, new Some(certificateHolder));
                        if (refreshCertificate instanceof Success) {
                            memoryKeystore5 = (MemoryKeystore) ((MemoryKeystore) refreshCertificate.value()).changed(tl$access$1, map).get();
                        } else {
                            if (!(refreshCertificate instanceof Failure)) {
                                throw new MatchError(refreshCertificate);
                            }
                            this.log.info(() -> {
                                return new StringBuilder(59).append("Could not refresh certificate [").append(certificateConfig.alias()).append("], reusing the existing one.").toString();
                            });
                            memoryKeystore5 = (MemoryKeystore) this.changed(tl$access$1, map).get();
                        }
                        memoryKeystore4 = memoryKeystore5;
                    } else {
                        this.log.info(() -> {
                            return new StringBuilder(37).append("Server certificate [").append(certificateConfig.alias()).append("] is still valid.").toString();
                        });
                        memoryKeystore4 = (MemoryKeystore) this.changed(tl$access$1, map).get();
                    }
                    memoryKeystore2 = memoryKeystore4;
                } else {
                    if (!None$.MODULE$.equals(some)) {
                        throw new MatchError(some);
                    }
                    this.log.info(() -> {
                        return new StringBuilder(45).append("Certificate with alias [").append(certificateConfig.alias()).append("] does not yet exist.").toString();
                    });
                    Success refreshCertificate2 = this.refreshCertificate(certificateConfig, map, None$.MODULE$);
                    if (refreshCertificate2 instanceof Success) {
                        memoryKeystore = (MemoryKeystore) ((MemoryKeystore) refreshCertificate2.value()).changed(tl$access$1, map).get();
                    } else {
                        if (!(refreshCertificate2 instanceof Failure)) {
                            throw new MatchError(refreshCertificate2);
                        }
                        Throwable exception = ((Failure) refreshCertificate2).exception();
                        this.log.info(() -> {
                            return new StringBuilder(67).append("Could not refresh certificate [").append(certificateConfig.alias()).append("] : [").append(exception.getMessage()).append("] ... reusing the existing one.").toString();
                        });
                        memoryKeystore = (MemoryKeystore) this.changed(tl$access$1, map).get();
                    }
                    memoryKeystore2 = memoryKeystore;
                }
                memoryKeystore3 = memoryKeystore2;
            }
            return memoryKeystore3;
        });
    }

    public Try<MemoryKeystore> refreshCertificates(List<CertificateConfig> list, Map<String, CertificateProvider> map) {
        return changed(list, map);
    }

    public MemoryKeystore copy(Map<String, CertificateHolder> map) {
        return new MemoryKeystore(map);
    }

    public Map<String, CertificateHolder> copy$default$1() {
        return certificates();
    }

    public String productPrefix() {
        return "MemoryKeystore";
    }

    public int productArity() {
        return 1;
    }

    public Object productElement(int i) {
        switch (i) {
            case 0:
                return certificates();
            default:
                throw new IndexOutOfBoundsException(BoxesRunTime.boxToInteger(i).toString());
        }
    }

    public Iterator<Object> productIterator() {
        return ScalaRunTime$.MODULE$.typedProductIterator(this);
    }

    public boolean canEqual(Object obj) {
        return obj instanceof MemoryKeystore;
    }

    public int hashCode() {
        return ScalaRunTime$.MODULE$._hashCode(this);
    }

    public String toString() {
        return ScalaRunTime$.MODULE$._toString(this);
    }

    public boolean equals(Object obj) {
        boolean z;
        if (this != obj) {
            if (obj instanceof MemoryKeystore) {
                MemoryKeystore memoryKeystore = (MemoryKeystore) obj;
                Map<String, CertificateHolder> certificates = certificates();
                Map<String, CertificateHolder> certificates2 = memoryKeystore.certificates();
                if (certificates != null ? certificates.equals(certificates2) : certificates2 == null) {
                    if (memoryKeystore.canEqual(this)) {
                        z = true;
                        if (!z) {
                        }
                    }
                }
                z = false;
                if (!z) {
                }
            }
            return false;
        }
        return true;
    }

    public static final /* synthetic */ boolean $anonfun$changedAliases$1(Tuple2 tuple2) {
        if (tuple2 != null) {
            return ((CertificateHolder) tuple2._2()).changed();
        }
        throw new MatchError(tuple2);
    }

    public static final /* synthetic */ boolean $anonfun$consistent$1(CertificateHolder certificateHolder) {
        return certificateHolder.privateKey().isDefined();
    }

    public static final /* synthetic */ boolean $anonfun$consistent$2(CertificateHolder certificateHolder) {
        return certificateHolder.privateKey().isEmpty();
    }

    public static final /* synthetic */ boolean $anonfun$update$3(String str, String str2) {
        return str2 != null ? !str2.equals(str) : str != null;
    }

    public static final /* synthetic */ boolean $anonfun$findByPrincipal$2(X500Principal x500Principal, X500Principal x500Principal2) {
        return x500Principal2.equals(x500Principal);
    }

    public static final /* synthetic */ boolean $anonfun$findByPrincipal$1(X500Principal x500Principal, CertificateHolder certificateHolder) {
        return certificateHolder.subjectPrincipal().isDefined() && certificateHolder.subjectPrincipal().forall(x500Principal2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$findByPrincipal$2(x500Principal, x500Principal2));
        });
    }

    public MemoryKeystore(Map<String, CertificateHolder> map) {
        this.certificates = map;
        Product.$init$(this);
        this.log = Logger$.MODULE$.apply(ClassTag$.MODULE$.apply(MemoryKeystore.class));
        this.millisPerDay = new package.DurationInt(package$.MODULE$.DurationInt(1)).day().toMillis();
        this.changedAliases = ((MapLike) map.filter(tuple2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$changedAliases$1(tuple2));
        })).keys().toList();
    }
}
