package blended.security.ssl;

import blended.util.logging.Logger;
import blended.util.logging.Logger$;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Some;
import scala.collection.immutable.List;
import scala.package$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.ScalaRunTime$;
import scala.runtime.Statics;
import scala.util.Try;
import scala.util.Try$;

/* compiled from: SelfSignedCertificateProvider.scala */
@ScalaSignature(bytes = "\u0006\u000553AAB\u0004\u0001\u001d!Aq\u0004\u0001B\u0001B\u0003%\u0001\u0005C\u0003$\u0001\u0011\u0005A\u0005\u0003\u0004(\u0001\u0001\u0006I\u0001\u000b\u0005\u0006a\u0001!I!\r\u0005\u0006s\u0001!\tE\u000f\u0002\u001e'\u0016dgmU5h]\u0016$7)\u001a:uS\u001aL7-\u0019;f!J|g/\u001b3fe*\u0011\u0001\"C\u0001\u0004gNd'B\u0001\u0006\f\u0003!\u0019XmY;sSRL(\"\u0001\u0007\u0002\u000f\tdWM\u001c3fI\u000e\u00011#\u0002\u0001\u0010+ea\u0002C\u0001\t\u0014\u001b\u0005\t\"\"\u0001\n\u0002\u000bM\u001c\u0017\r\\1\n\u0005Q\t\"AB!osJ+g\r\u0005\u0002\u0017/5\tq!\u0003\u0002\u0019\u000f\t\u00192)\u001a:uS\u001aL7-\u0019;f!J|g/\u001b3feB\u0011aCG\u0005\u00037\u001d\u0011\u0011dQ3si&4\u0017nY1uKJ+\u0017/^3ti\n+\u0018\u000e\u001c3feB\u0011a#H\u0005\u0003=\u001d\u0011\u0011cQ3si&4\u0017nY1uKNKwM\\3s\u0003\r\u0019gm\u001a\t\u0003-\u0005J!AI\u0004\u0003!M+GNZ*jO:,GmQ8oM&<\u0017A\u0002\u001fj]&$h\b\u0006\u0002&MA\u0011a\u0003\u0001\u0005\u0006?\t\u0001\r\u0001I\u0001\u0004Y><\u0007CA\u0015/\u001b\u0005Q#BA\u0016-\u0003\u001dawnZ4j]\u001eT!!L\u0006\u0002\tU$\u0018\u000e\\\u0005\u0003_)\u0012a\u0001T8hO\u0016\u0014\u0018aD4f]\u0016\u0014\u0018\r^3LKf\u0004\u0016-\u001b:\u0015\u0003I\u0002\"aM\u001c\u000e\u0003QR!AC\u001b\u000b\u0003Y\nAA[1wC&\u0011\u0001\b\u000e\u0002\b\u0017\u0016L\b+Y5s\u0003I\u0011XM\u001a:fg\"\u001cUM\u001d;jM&\u001c\u0017\r^3\u0015\u0007m\u001a\u0005\nE\u0002=}\u0001k\u0011!\u0010\u0006\u0003[EI!aP\u001f\u0003\u0007Q\u0013\u0018\u0010\u0005\u0002\u0017\u0003&\u0011!i\u0002\u0002\u0012\u0007\u0016\u0014H/\u001b4jG\u0006$X\rS8mI\u0016\u0014\b\"\u0002#\u0006\u0001\u0004)\u0015\u0001C3ySN$\u0018N\\4\u0011\u0007A1\u0005)\u0003\u0002H#\t1q\n\u001d;j_:DQ!S\u0003A\u0002)\u000b!b\u00198Qe>4\u0018\u000eZ3s!\t12*\u0003\u0002M\u000f\t\u00112i\\7n_:t\u0015-\\3Qe>4\u0018\u000eZ3s\u0001")
/* loaded from: input_file:blended/security/ssl/SelfSignedCertificateProvider.class */
public class SelfSignedCertificateProvider implements CertificateProvider, CertificateRequestBuilder, CertificateSigner {
    private final SelfSignedConfig cfg;
    private final Logger log;
    private Logger blended$security$ssl$CertificateRequestBuilder$$log;
    private int blended$security$ssl$CertificateRequestBuilder$$defaultValidDays;

    @Override // blended.security.ssl.CertificateSigner
    public Try<X509Certificate> sign(X509v3CertificateBuilder x509v3CertificateBuilder, String str, PrivateKey privateKey) {
        Try<X509Certificate> sign;
        sign = sign(x509v3CertificateBuilder, str, privateKey);
        return sign;
    }

    @Override // blended.security.ssl.CertificateRequestBuilder
    public Try<X509v3CertificateBuilder> hostCertificateRequest(CommonNameProvider commonNameProvider, KeyPair keyPair, BigInteger bigInteger, int i, Option<CertificateHolder> option) {
        Try<X509v3CertificateBuilder> hostCertificateRequest;
        hostCertificateRequest = hostCertificateRequest(commonNameProvider, keyPair, bigInteger, i, option);
        return hostCertificateRequest;
    }

    @Override // blended.security.ssl.CertificateRequestBuilder
    public BigInteger hostCertificateRequest$default$3() {
        BigInteger hostCertificateRequest$default$3;
        hostCertificateRequest$default$3 = hostCertificateRequest$default$3();
        return hostCertificateRequest$default$3;
    }

    @Override // blended.security.ssl.CertificateRequestBuilder
    public int hostCertificateRequest$default$4() {
        int hostCertificateRequest$default$4;
        hostCertificateRequest$default$4 = hostCertificateRequest$default$4();
        return hostCertificateRequest$default$4;
    }

    @Override // blended.security.ssl.CertificateRequestBuilder
    public Option<CertificateHolder> hostCertificateRequest$default$5() {
        Option<CertificateHolder> hostCertificateRequest$default$5;
        hostCertificateRequest$default$5 = hostCertificateRequest$default$5();
        return hostCertificateRequest$default$5;
    }

    @Override // blended.security.ssl.CertificateProvider
    public Try<Option<MemoryKeystore>> rootCertificates() {
        Try<Option<MemoryKeystore>> rootCertificates;
        rootCertificates = rootCertificates();
        return rootCertificates;
    }

    @Override // blended.security.ssl.CertificateRequestBuilder
    public Logger blended$security$ssl$CertificateRequestBuilder$$log() {
        return this.blended$security$ssl$CertificateRequestBuilder$$log;
    }

    @Override // blended.security.ssl.CertificateRequestBuilder
    public int blended$security$ssl$CertificateRequestBuilder$$defaultValidDays() {
        return this.blended$security$ssl$CertificateRequestBuilder$$defaultValidDays;
    }

    @Override // blended.security.ssl.CertificateRequestBuilder
    public final void blended$security$ssl$CertificateRequestBuilder$_setter_$blended$security$ssl$CertificateRequestBuilder$$log_$eq(Logger logger) {
        this.blended$security$ssl$CertificateRequestBuilder$$log = logger;
    }

    @Override // blended.security.ssl.CertificateRequestBuilder
    public final void blended$security$ssl$CertificateRequestBuilder$_setter_$blended$security$ssl$CertificateRequestBuilder$$defaultValidDays_$eq(int i) {
        this.blended$security$ssl$CertificateRequestBuilder$$defaultValidDays = i;
    }

    private KeyPair generateKeyPair() {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(this.cfg.keyStrength(), new SecureRandom());
        return keyPairGenerator.genKeyPair();
    }

    @Override // blended.security.ssl.CertificateProvider
    public Try<CertificateHolder> refreshCertificate(Option<CertificateHolder> option, CommonNameProvider commonNameProvider) {
        return Try$.MODULE$.apply(() -> {
            KeyPair generateKeyPair;
            BigInteger bigInteger;
            Some map = option.map(certificateHolder -> {
                return (X509Certificate) certificateHolder.chain().head();
            });
            if (option instanceof Some) {
                CertificateHolder certificateHolder2 = (CertificateHolder) ((Some) option).value();
                Some privateKey = certificateHolder2.privateKey();
                if (None$.MODULE$.equals(privateKey)) {
                    throw new NoPrivateKeyException("Existing certificate must have a private key to update");
                }
                if (!(privateKey instanceof Some)) {
                    throw new MatchError(privateKey);
                }
                generateKeyPair = new KeyPair(certificateHolder2.publicKey(), (PrivateKey) privateKey.value());
            } else {
                if (!None$.MODULE$.equals(option)) {
                    throw new MatchError(option);
                }
                generateKeyPair = this.generateKeyPair();
            }
            KeyPair keyPair = generateKeyPair;
            if (map instanceof Some) {
                bigInteger = ((X509Certificate) map.value()).getSerialNumber().add(BigInteger.ONE);
            } else {
                if (!None$.MODULE$.equals(map)) {
                    throw new MatchError(map);
                }
                bigInteger = BigInteger.ONE;
            }
            X509Certificate x509Certificate = (X509Certificate) this.sign((X509v3CertificateBuilder) this.hostCertificateRequest(commonNameProvider, keyPair, bigInteger, this.cfg.validDays(), this.hostCertificateRequest$default$5()).get(), this.cfg.sigAlg(), keyPair.getPrivate()).get();
            this.log.debug(() -> {
                return new StringBuilder(24).append("Generated certificate [").append(X509CertificateInfo$.MODULE$.apply(x509Certificate)).append("]").toString();
            });
            return (CertificateHolder) CertificateHolder$.MODULE$.create(keyPair, (List<Certificate>) package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new X509Certificate[]{x509Certificate}))).get();
        });
    }

    public SelfSignedCertificateProvider(SelfSignedConfig selfSignedConfig) {
        this.cfg = selfSignedConfig;
        CertificateProvider.$init$(this);
        CertificateRequestBuilder.$init$(this);
        CertificateSigner.$init$(this);
        this.log = Logger$.MODULE$.apply(ClassTag$.MODULE$.apply(SelfSignedCertificateProvider.class));
        Statics.releaseFence();
    }
}
