package net.shrine.crypto;

import ch.qos.logback.classic.Logger;
import com.typesafe.config.Config;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import net.shrine.config.package$;
import net.shrine.log.Loggable;
import net.shrine.source.ConfigSource$;
import net.shrine.util.NonEmptySeq;
import net.shrine.util.PeerToPeerModel$;
import net.shrine.util.SingleHubModel;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import scala.Function0;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Some;
import scala.Tuple2;
import scala.Tuple3;
import scala.UninitializedFieldError;
import scala.collection.GenTraversable;
import scala.collection.Iterable;
import scala.collection.JavaConverters$;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.TraversableOnce;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Set;
import scala.collection.immutable.Set$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.util.Either;
import scala.util.Left;

/* compiled from: BouncyKeyStoreCollection.scala */
/* loaded from: input_file:net/shrine/crypto/BouncyKeyStoreCollection$.class */
public final class BouncyKeyStoreCollection$ implements Loggable {
    public static BouncyKeyStoreCollection$ MODULE$;
    private BouncyKeyStoreCollection fromConfig;
    private final BouncyCastleProvider provider;
    private Option<KeyStoreDescriptor> descriptor;
    private Option<KeyStore> keyStore;
    private final String SHA256;
    private Logger net$shrine$log$Loggable$$internalLogger;
    private volatile byte bitmap$0;
    private volatile byte bitmap$init$0;

    static {
        new BouncyKeyStoreCollection$();
    }

    public Logger logger() {
        return Loggable.logger$(this);
    }

    public final boolean debugEnabled() {
        return Loggable.debugEnabled$(this);
    }

    public final boolean infoEnabled() {
        return Loggable.infoEnabled$(this);
    }

    public void debug(Function0<String> function0) {
        Loggable.debug$(this, function0);
    }

    public final void debug(Function0<String> function0, Throwable th) {
        Loggable.debug$(this, function0, th);
    }

    public void info(Function0<String> function0) {
        Loggable.info$(this, function0);
    }

    public final void info(Function0<String> function0, Throwable th) {
        Loggable.info$(this, function0, th);
    }

    public void warn(Function0<String> function0) {
        Loggable.warn$(this, function0);
    }

    public final void warn(Function0<String> function0, Throwable th) {
        Loggable.warn$(this, function0, th);
    }

    public void error(Function0<String> function0) {
        Loggable.error$(this, function0);
    }

    public final void error(Function0<String> function0, Throwable th) {
        Loggable.error$(this, function0, th);
    }

    public <T> T logDuration(String str, Function1<String, BoxedUnit> function1, Function0<T> function0) {
        return (T) Loggable.logDuration$(this, str, function1, function0);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [net.shrine.crypto.BouncyKeyStoreCollection$] */
    private Logger net$shrine$log$Loggable$$internalLogger$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 2)) == 0) {
                this.net$shrine$log$Loggable$$internalLogger = Loggable.net$shrine$log$Loggable$$internalLogger$(this);
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 2);
            }
        }
        return this.net$shrine$log$Loggable$$internalLogger;
    }

    public Logger net$shrine$log$Loggable$$internalLogger() {
        return ((byte) (this.bitmap$0 & 2)) == 0 ? net$shrine$log$Loggable$$internalLogger$lzycompute() : this.net$shrine$log$Loggable$$internalLogger;
    }

    public BouncyCastleProvider provider() {
        if (((byte) (this.bitmap$init$0 & 1)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /var/opt/bamboo/bamboo-agent-home/xml-data/build-dir/SHRINE-TRUNK70-JOB1/commons/crypto/src/main/scala/net/shrine/crypto/BouncyKeyStoreCollection.scala: 49");
        }
        BouncyCastleProvider bouncyCastleProvider = this.provider;
        return this.provider;
    }

    public Option<KeyStoreDescriptor> descriptor() {
        if (((byte) (this.bitmap$init$0 & 2)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /var/opt/bamboo/bamboo-agent-home/xml-data/build-dir/SHRINE-TRUNK70-JOB1/commons/crypto/src/main/scala/net/shrine/crypto/BouncyKeyStoreCollection.scala: 51");
        }
        Option<KeyStoreDescriptor> option = this.descriptor;
        return this.descriptor;
    }

    public void descriptor_$eq(Option<KeyStoreDescriptor> option) {
        this.descriptor = option;
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 2);
    }

    public Option<KeyStore> keyStore() {
        if (((byte) (this.bitmap$init$0 & 4)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /var/opt/bamboo/bamboo-agent-home/xml-data/build-dir/SHRINE-TRUNK70-JOB1/commons/crypto/src/main/scala/net/shrine/crypto/BouncyKeyStoreCollection.scala: 52");
        }
        Option<KeyStore> option = this.keyStore;
        return this.keyStore;
    }

    public void keyStore_$eq(Option<KeyStore> option) {
        this.keyStore = option;
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 4);
    }

    public String SHA256() {
        if (((byte) (this.bitmap$init$0 & 8)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /var/opt/bamboo/bamboo-agent-home/xml-data/build-dir/SHRINE-TRUNK70-JOB1/commons/crypto/src/main/scala/net/shrine/crypto/BouncyKeyStoreCollection.scala: 53");
        }
        String str = this.SHA256;
        return this.SHA256;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [net.shrine.crypto.BouncyKeyStoreCollection$] */
    private BouncyKeyStoreCollection fromConfig$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 1)) == 0) {
                Config config = ConfigSource$.MODULE$.config().getConfig("shrine");
                this.fromConfig = fromFileRecoverWithClassPath(KeyStoreDescriptorParser$.MODULE$.apply(config.getConfig("keystore"), package$.MODULE$.ConfigExtensions(config).getConfigOrEmpty("hub"), package$.MODULE$.ConfigExtensions(config).getConfigOrEmpty("queryEntryPoint")));
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 1);
            }
        }
        return this.fromConfig;
    }

    public BouncyKeyStoreCollection fromConfig() {
        return ((byte) (this.bitmap$0 & 1)) == 0 ? fromConfig$lzycompute() : this.fromConfig;
    }

    public Either<ImproperlyConfiguredKeyStoreProblem, BouncyKeyStoreCollection> createCertCollection(KeyStore keyStore, KeyStoreDescriptor keyStoreDescriptor) {
        Either<ImproperlyConfiguredKeyStoreProblem, BouncyKeyStoreCollection> createCentralCertCollection;
        descriptor_$eq(new Some(keyStoreDescriptor));
        keyStore_$eq(new Some(keyStore));
        Set<KeyStoreEntry> set = JavaConverters$.MODULE$.enumerationAsScalaIterator(keyStore.aliases()).map(str -> {
            return new Tuple3(str, keyStore.getCertificate(str), Option$.MODULE$.apply((PrivateKey) keyStore.getKey(str, keyStoreDescriptor.password().toCharArray())));
        }).map(tuple3 -> {
            return new KeyStoreEntry((X509Certificate) tuple3._2(), new NonEmptySeq(tuple3._1(), Nil$.MODULE$), (Option) tuple3._3());
        }).toSet();
        if (set.exists(keyStoreEntry -> {
            return BoxesRunTime.boxToBoolean($anonfun$createCertCollection$3(keyStoreEntry));
        })) {
            CryptoErrors$.MODULE$.configureError(CryptoErrors$.MODULE$.ExpiredCertificates((Iterable) set.filter(keyStoreEntry2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$createCertCollection$4(keyStoreEntry2));
            })));
        } else {
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        }
        SingleHubModel trustModel = keyStoreDescriptor.trustModel();
        if (PeerToPeerModel$.MODULE$.equals(trustModel)) {
            createCentralCertCollection = createPeerCertCollection(set, keyStoreDescriptor);
        } else {
            if (!(trustModel instanceof SingleHubModel)) {
                throw new MatchError(trustModel);
            }
            createCentralCertCollection = createCentralCertCollection(set, keyStoreDescriptor, trustModel.isCa());
        }
        return createCentralCertCollection;
    }

    public Either<ImproperlyConfiguredKeyStoreProblem, BouncyKeyStoreCollection> createCentralCertCollection(Set<KeyStoreEntry> set, KeyStoreDescriptor keyStoreDescriptor, boolean z) {
        Seq<RemoteSiteDescriptor> remoteSiteDescriptors = keyStoreDescriptor.remoteSiteDescriptors();
        return (Either) set.find(keyStoreEntry -> {
            return BoxesRunTime.boxToBoolean($anonfun$createCentralCertCollection$1(keyStoreDescriptor, keyStoreEntry));
        }).fold(() -> {
            return scala.package$.MODULE$.Left().apply(CryptoErrors$.MODULE$.configureError("You must specify at least one ca cert alias corresponding to a PrivateKey entry for the Hub in a non PeerToPeer network"));
        }, keyStoreEntry2 -> {
            return (Either) set.find(keyStoreEntry2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$createCentralCertCollection$4(keyStoreEntry2, keyStoreEntry2));
            }).fold(() -> {
                return scala.package$.MODULE$.Left().apply(CryptoErrors$.MODULE$.configureError("There is no private entry signed by a public entry in the keystore corresponding to the Hub."));
            }, keyStoreEntry3 -> {
                if (z) {
                    return scala.package$.MODULE$.Right().apply(new HubCertCollection(keyStoreEntry3, keyStoreEntry2));
                }
                return scala.package$.MODULE$.Right().apply(new DownStreamCertCollection(keyStoreEntry3, keyStoreEntry2));
            });
        });
    }

    public Either<ImproperlyConfiguredKeyStoreProblem, BouncyKeyStoreCollection> createPeerCertCollection(Set<KeyStoreEntry> set, KeyStoreDescriptor keyStoreDescriptor) {
        Left apply;
        Seq seq = (Seq) keyStoreDescriptor.remoteSiteDescriptors().map(remoteSiteDescriptor -> {
            return remoteSiteDescriptor.keyStoreAlias();
        }, Seq$.MODULE$.canBuildFrom());
        GenTraversable flatten = seq.toSet().flatten(option -> {
            return Option$.MODULE$.option2Iterable(option);
        });
        Object map = set.map(keyStoreEntry -> {
            return (String) keyStoreEntry.aliases().first();
        }, Set$.MODULE$.canBuildFrom());
        if (flatten != null ? !flatten.equals(map) : map != null) {
            return scala.package$.MODULE$.Left().apply(CryptoErrors$.MODULE$.configureError(CryptoErrors$.MODULE$.IncorrectAliasMapping((Iterable) seq.flatten(option2 -> {
                return Option$.MODULE$.option2Iterable(option2);
            }), set)));
        }
        Tuple2 tuple2 = new Tuple2(keyStoreDescriptor.privateKeyAlias(), set.filter(keyStoreEntry2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$createPeerCertCollection$5(keyStoreEntry2));
        }));
        if (tuple2 == null || !((Set) tuple2._2()).isEmpty()) {
            if (tuple2 != null) {
                Option option3 = (Option) tuple2._1();
                Set set2 = (Set) tuple2._2();
                if (None$.MODULE$.equals(option3) && set2.size() == 1) {
                    warn(() -> {
                        return new StringBuilder(69).append("No private key specified, using the only entry with a private key: `").append(((KeyStoreEntry) set2.head()).aliases().first()).append("`").toString();
                    });
                    apply = scala.package$.MODULE$.Right().apply(new PeerCertCollection((KeyStoreEntry) set2.head(), set.$minus$minus(set2)));
                }
            }
            if (tuple2 != null) {
                if (None$.MODULE$.equals((Option) tuple2._1())) {
                    apply = scala.package$.MODULE$.Left().apply(CryptoErrors$.MODULE$.configureError(CryptoErrors$.MODULE$.TooManyPrivateKeys(set)));
                }
            }
            if (tuple2 != null) {
                Some some = (Option) tuple2._1();
                Set set3 = (Set) tuple2._2();
                if (some instanceof Some) {
                    String str = (String) some.value();
                    if (set3.exists(keyStoreEntry3 -> {
                        return BoxesRunTime.boxToBoolean($anonfun$createPeerCertCollection$7(str, keyStoreEntry3));
                    })) {
                        KeyStoreEntry keyStoreEntry4 = (KeyStoreEntry) set3.find(keyStoreEntry5 -> {
                            return BoxesRunTime.boxToBoolean($anonfun$createPeerCertCollection$8(str, keyStoreEntry5));
                        }).get();
                        apply = scala.package$.MODULE$.Right().apply(new PeerCertCollection(keyStoreEntry4, set.$minus(keyStoreEntry4)));
                    }
                }
            }
            if (tuple2 != null) {
                Some some2 = (Option) tuple2._1();
                if (some2 instanceof Some) {
                    apply = scala.package$.MODULE$.Left().apply(CryptoErrors$.MODULE$.configureError(CryptoErrors$.MODULE$.CouldNotFindAlias((String) some2.value())));
                }
            }
            throw new MatchError(tuple2);
        }
        apply = scala.package$.MODULE$.Left().apply(CryptoErrors$.MODULE$.configureError("Could not find a key in the KeyStore with a PrivateKey. Without one, SHRINE cannot sign messages."));
        return apply;
    }

    public BouncyKeyStoreCollection fromFileRecoverWithClassPath(KeyStoreDescriptor keyStoreDescriptor) {
        KeyStore fromStreamHelper = new File(keyStoreDescriptor.file()).exists() ? fromStreamHelper(keyStoreDescriptor, str -> {
            return new FileInputStream(str);
        }) : fromStreamHelper(keyStoreDescriptor, str2 -> {
            return MODULE$.getClass().getClassLoader().getResourceAsStream(str2);
        });
        keyStore_$eq(new Some(fromStreamHelper));
        descriptor_$eq(new Some(keyStoreDescriptor));
        return (BouncyKeyStoreCollection) createCertCollection(fromStreamHelper, keyStoreDescriptor).fold(improperlyConfiguredKeyStoreProblem -> {
            throw ((Throwable) improperlyConfiguredKeyStoreProblem.throwable().get());
        }, bouncyKeyStoreCollection -> {
            return (BouncyKeyStoreCollection) Predef$.MODULE$.identity(bouncyKeyStoreCollection);
        });
    }

    public KeyStore fromStreamHelper(KeyStoreDescriptor keyStoreDescriptor, Function1<String, InputStream> function1) {
        debug(() -> {
            return new StringBuilder(35).append("Loading keystore using descriptor: ").append(toString$1(keyStoreDescriptor)).toString();
        });
        InputStream inputStream = (InputStream) function1.apply(keyStoreDescriptor.file());
        Predef$.MODULE$.require(inputStream != null, () -> {
            return new StringBuilder(28).append("null stream for descriptor ").append(toString$1(keyStoreDescriptor)).append("¬").toString();
        });
        KeyStore keyStore = KeyStore.getInstance(keyStoreDescriptor.keyStoreType().name());
        try {
            keyStore.load(inputStream, keyStoreDescriptor.password().toCharArray());
            debug(() -> {
                return new StringBuilder(18).append("Keystore aliases: ").append(((TraversableOnce) JavaConverters$.MODULE$.enumerationAsScalaIteratorConverter(keyStore.aliases()).asScala()).mkString(",")).toString();
            });
            debug(() -> {
                return new StringBuilder(29).append("Keystore ").append(toString$1(keyStoreDescriptor)).append(" loaded successfully").toString();
            });
            return keyStore;
        } catch (IOException e) {
            throw new IOException(new StringBuilder(29).append("Unable to load keystore from ").append(keyStoreDescriptor).toString(), e);
        }
    }

    public static final /* synthetic */ boolean $anonfun$createCertCollection$3(KeyStoreEntry keyStoreEntry) {
        return keyStoreEntry.isExpired(keyStoreEntry.isExpired$default$1());
    }

    public static final /* synthetic */ boolean $anonfun$createCertCollection$4(KeyStoreEntry keyStoreEntry) {
        return keyStoreEntry.isExpired(keyStoreEntry.isExpired$default$1());
    }

    public static final /* synthetic */ boolean $anonfun$createCentralCertCollection$1(KeyStoreDescriptor keyStoreDescriptor, KeyStoreEntry keyStoreEntry) {
        return keyStoreEntry.privateKey().isEmpty() && ((TraversableOnce) keyStoreEntry.aliases().intersect(keyStoreDescriptor.caCertAliases())).nonEmpty();
    }

    public static final /* synthetic */ boolean $anonfun$createCentralCertCollection$4(KeyStoreEntry keyStoreEntry, KeyStoreEntry keyStoreEntry2) {
        return keyStoreEntry2.privateKey().isDefined() && keyStoreEntry2.wasSignedBy(keyStoreEntry);
    }

    public static final /* synthetic */ boolean $anonfun$createPeerCertCollection$5(KeyStoreEntry keyStoreEntry) {
        return keyStoreEntry.privateKey().isDefined();
    }

    public static final /* synthetic */ boolean $anonfun$createPeerCertCollection$7(String str, KeyStoreEntry keyStoreEntry) {
        return keyStoreEntry.aliases().contains(str);
    }

    public static final /* synthetic */ boolean $anonfun$createPeerCertCollection$8(String str, KeyStoreEntry keyStoreEntry) {
        return keyStoreEntry.aliases().contains(str);
    }

    private static final String toString$1(KeyStoreDescriptor keyStoreDescriptor) {
        return keyStoreDescriptor.copy(keyStoreDescriptor.copy$default$1(), "********", keyStoreDescriptor.copy$default$3(), keyStoreDescriptor.copy$default$4(), keyStoreDescriptor.copy$default$5(), keyStoreDescriptor.copy$default$6(), keyStoreDescriptor.copy$default$7()).toString();
    }

    private BouncyKeyStoreCollection$() {
        MODULE$ = this;
        Loggable.$init$(this);
        this.provider = new BouncyCastleProvider();
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 1);
        Security.addProvider(provider());
        this.descriptor = None$.MODULE$;
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 2);
        this.keyStore = None$.MODULE$;
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 4);
        this.SHA256 = "SHA256withRSA";
        this.bitmap$init$0 = (byte) (this.bitmap$init$0 | 8);
    }
}
