package blended.security.ssl.internal;

import blended.security.ssl.CertificateHolder;
import blended.security.ssl.CertificateHolder$;
import blended.security.ssl.MemoryKeystore;
import blended.util.logging.Logger;
import blended.util.logging.Logger$;
import java.io.File;
import java.security.cert.X509Certificate;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Some;
import scala.Tuple2;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.util.Try;
import scala.util.Try$;

/* compiled from: TrustStoreRefresher.scala */
@ScalaSignature(bytes = "\u0006\u0001\u001d3A\u0001C\u0005\u0001%!A\u0011\u0004\u0001B\u0001B\u0003%!\u0004C\u0003\u001f\u0001\u0011\u0005q\u0004C\u0004$\u0001\t\u0007I\u0011\u0002\u0013\t\r5\u0002\u0001\u0015!\u0003&\u0011\u0015q\u0003\u0001\"\u00010\u0011\u0015A\u0004\u0001\"\u0003:\u0011\u0015\u0011\u0005\u0001\"\u0003D\u0005M!&/^:u'R|'/\u001a*fMJ,7\u000f[3s\u0015\tQ1\"\u0001\u0005j]R,'O\\1m\u0015\taQ\"A\u0002tg2T!AD\b\u0002\u0011M,7-\u001e:jifT\u0011\u0001E\u0001\bE2,g\u000eZ3e\u0007\u0001\u0019\"\u0001A\n\u0011\u0005Q9R\"A\u000b\u000b\u0003Y\tQa]2bY\u0006L!\u0001G\u000b\u0003\r\u0005s\u0017PU3g\u0003\ti7\u000f\u0005\u0002\u001c95\t1\"\u0003\u0002\u001e\u0017\tqQ*Z7pef\\U-_:u_J,\u0017A\u0002\u001fj]&$h\b\u0006\u0002!EA\u0011\u0011\u0005A\u0007\u0002\u0013!)\u0011D\u0001a\u00015\u0005\u0019An\\4\u0016\u0003\u0015\u0002\"AJ\u0016\u000e\u0003\u001dR!\u0001K\u0015\u0002\u000f1|wmZ5oO*\u0011!fD\u0001\u0005kRLG.\u0003\u0002-O\t1Aj\\4hKJ\fA\u0001\\8hA\u0005\t\"/\u001a4sKNDGK];tiN$xN]3\u0015\u0003A\u00022!M\u001a6\u001b\u0005\u0011$B\u0001\u0016\u0016\u0013\t!$GA\u0002Uef\u00042\u0001\u0006\u001c\u001b\u0013\t9TC\u0001\u0004PaRLwN\\\u0001\u000bkB$\u0017\r^3S_>$Hc\u0001\u001e<{A\u0019\u0011g\r\u000e\t\u000bq2\u0001\u0019\u0001\u000e\u0002\u000fQ\u0014Xo\u001d;fI\")aH\u0002a\u0001\u007f\u0005!1-\u001a:u!\tY\u0002)\u0003\u0002B\u0017\t\t2)\u001a:uS\u001aL7-\u0019;f\u0011>dG-\u001a:\u0002\u0017U\u0004H-\u0019;f%>|Go\u001d\u000b\u0004u\u0011+\u0005\"\u0002\u001f\b\u0001\u0004Q\u0002\"\u0002$\b\u0001\u0004Q\u0012\u0001C6fsN$xN]3")
/* loaded from: input_file:blended/security/ssl/internal/TrustStoreRefresher.class */
public class TrustStoreRefresher {
    private final MemoryKeystore ms;
    private final Logger log = Logger$.MODULE$.apply(ClassTag$.MODULE$.apply(TrustStoreRefresher.class));

    private Logger log() {
        return this.log;
    }

    public Try<Option<MemoryKeystore>> refreshTruststore() {
        return Try$.MODULE$.apply(() -> {
            Some some;
            Tuple2 tuple2 = new Tuple2(Option$.MODULE$.apply(System.getProperty(SslContextProvider$.MODULE$.propTrustStore())), Option$.MODULE$.apply(System.getProperty(SslContextProvider$.MODULE$.propTrustStorePwd())));
            if (tuple2 != null) {
                Some some2 = (Option) tuple2._1();
                Some some3 = (Option) tuple2._2();
                if (some2 instanceof Some) {
                    String str = (String) some2.value();
                    if (some3 instanceof Some) {
                        String str2 = (String) some3.value();
                        File file = new File(str);
                        this.log().info(() -> {
                            return new StringBuilder(40).append("Reading trust store certificates from [").append(file.getAbsolutePath()).append("]").toString();
                        });
                        JavaKeystore javaKeystore = new JavaKeystore(new File(str), str2.toCharArray(), None$.MODULE$);
                        some = new Some(javaKeystore.saveKeyStore((MemoryKeystore) this.updateRoots((MemoryKeystore) javaKeystore.loadKeyStore().get(), this.ms).get()).get());
                        return some;
                    }
                }
            }
            some = None$.MODULE$;
            return some;
        });
    }

    private Try<MemoryKeystore> updateRoot(MemoryKeystore memoryKeystore, CertificateHolder certificateHolder) {
        return Try$.MODULE$.apply(() -> {
            MemoryKeystore memoryKeystore2;
            X509Certificate x509Certificate = (X509Certificate) certificateHolder.chain().last();
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            this.log().info(() -> {
                return new StringBuilder(35).append("Checking trusted certificate for [").append(subjectX500Principal).append("]").toString();
            });
            Option<CertificateHolder> findByPrincipal = memoryKeystore.findByPrincipal(subjectX500Principal);
            if (None$.MODULE$.equals(findByPrincipal)) {
                this.log().info(() -> {
                    return new StringBuilder(44).append("Updating trust store with certificate for [").append(subjectX500Principal).append("]").toString();
                });
                memoryKeystore2 = (MemoryKeystore) memoryKeystore.update(memoryKeystore.certificates().isDefinedAt(subjectX500Principal.toString()) ? UUID.randomUUID().toString() : subjectX500Principal.toString(), CertificateHolder$.MODULE$.create(x509Certificate)).get();
            } else {
                if (!(findByPrincipal instanceof Some)) {
                    throw new MatchError(findByPrincipal);
                }
                this.log().info(() -> {
                    return new StringBuilder(49).append("Certificate for [").append(subjectX500Principal).append("] already exists in trust store.").toString();
                });
                memoryKeystore2 = memoryKeystore;
            }
            return memoryKeystore2;
        });
    }

    private Try<MemoryKeystore> updateRoots(MemoryKeystore memoryKeystore, MemoryKeystore memoryKeystore2) {
        return Try$.MODULE$.apply(() -> {
            return (MemoryKeystore) memoryKeystore2.certificates().foldLeft(memoryKeystore, (memoryKeystore3, tuple2) -> {
                Tuple2 tuple2 = new Tuple2(memoryKeystore3, tuple2);
                if (tuple2 != null) {
                    MemoryKeystore memoryKeystore3 = (MemoryKeystore) tuple2._1();
                    Tuple2 tuple22 = (Tuple2) tuple2._2();
                    if (tuple22 != null) {
                        return (MemoryKeystore) this.updateRoot(memoryKeystore3, (CertificateHolder) tuple22._2()).get();
                    }
                }
                throw new MatchError(tuple2);
            });
        });
    }

    public TrustStoreRefresher(MemoryKeystore memoryKeystore) {
        this.ms = memoryKeystore;
    }
}
