package net.shrine.crypto;

import ch.qos.logback.classic.Logger;
import com.typesafe.config.Config;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import net.shrine.config.ConfigSource$;
import net.shrine.config.package$;
import net.shrine.log.Loggable;
import net.shrine.problem.RawProblem;
import net.shrine.util.NonEmptySeq;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import scala.Function0;
import scala.Function1;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Some;
import scala.Tuple3;
import scala.UninitializedFieldError;
import scala.collection.Iterable;
import scala.collection.IterableOnceOps;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Set;
import scala.jdk.CollectionConverters$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.util.Either;

/* compiled from: BouncyKeyStoreCollection.scala */
/* loaded from: input_file:WEB-INF/lib/shrine-util-4.4.0-M1.jar:net/shrine/crypto/BouncyKeyStoreCollection$.class */
public final class BouncyKeyStoreCollection$ implements Loggable {
    public static final BouncyKeyStoreCollection$ MODULE$ = new BouncyKeyStoreCollection$();
    private static BouncyKeyStoreCollection fromConfig;
    private static final BouncyCastleProvider provider;
    private static Option<KeyStoreDescriptor> descriptor;
    private static Option<KeyStore> keyStore;
    private static final String SHA256;
    private static Logger net$shrine$log$Loggable$$internalLogger;
    private static volatile byte bitmap$init$0;
    private static volatile byte bitmap$0;

    static {
        Loggable.$init$(MODULE$);
        provider = new BouncyCastleProvider();
        bitmap$init$0 = (byte) (bitmap$init$0 | 1);
        Security.addProvider(MODULE$.provider());
        descriptor = None$.MODULE$;
        bitmap$init$0 = (byte) (bitmap$init$0 | 2);
        keyStore = None$.MODULE$;
        bitmap$init$0 = (byte) (bitmap$init$0 | 4);
        SHA256 = "SHA256withRSA";
        bitmap$init$0 = (byte) (bitmap$init$0 | 8);
    }

    @Override // net.shrine.log.Loggable
    public Logger logger() {
        Logger logger;
        logger = logger();
        return logger;
    }

    @Override // net.shrine.log.Loggable
    public final boolean debugEnabled() {
        boolean debugEnabled;
        debugEnabled = debugEnabled();
        return debugEnabled;
    }

    @Override // net.shrine.log.Loggable
    public final boolean infoEnabled() {
        boolean infoEnabled;
        infoEnabled = infoEnabled();
        return infoEnabled;
    }

    @Override // net.shrine.log.Loggable
    public void debug(Function0<String> function0) {
        debug(function0);
    }

    @Override // net.shrine.log.Loggable
    public final void debug(Function0<String> function0, Throwable th) {
        debug(function0, th);
    }

    @Override // net.shrine.log.Loggable
    public void info(Function0<String> function0) {
        info(function0);
    }

    @Override // net.shrine.log.Loggable
    public final void info(Function0<String> function0, Throwable th) {
        info(function0, th);
    }

    @Override // net.shrine.log.Loggable
    public void warn(Function0<String> function0) {
        warn(function0);
    }

    @Override // net.shrine.log.Loggable
    public final void warn(Function0<String> function0, Throwable th) {
        warn(function0, th);
    }

    @Override // net.shrine.log.Loggable
    public void error(Function0<String> function0) {
        error(function0);
    }

    @Override // net.shrine.log.Loggable
    public final void error(Function0<String> function0, Throwable th) {
        error(function0, th);
    }

    @Override // net.shrine.log.Loggable
    public void log(RawProblem rawProblem) {
        log(rawProblem);
    }

    @Override // net.shrine.log.Loggable
    public <T> T logDuration(String str, Function1<String, BoxedUnit> function1, Function0<T> function0) {
        Object logDuration;
        logDuration = logDuration(str, function1, function0);
        return (T) logDuration;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v11, types: [byte] */
    private Logger net$shrine$log$Loggable$$internalLogger$lzycompute() {
        Logger net$shrine$log$Loggable$$internalLogger2;
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (bitmap$0 & 2)) == 0) {
                net$shrine$log$Loggable$$internalLogger2 = net$shrine$log$Loggable$$internalLogger();
                net$shrine$log$Loggable$$internalLogger = net$shrine$log$Loggable$$internalLogger2;
                r0 = (byte) (bitmap$0 | 2);
                bitmap$0 = r0;
            }
        }
        return net$shrine$log$Loggable$$internalLogger;
    }

    @Override // net.shrine.log.Loggable
    public Logger net$shrine$log$Loggable$$internalLogger() {
        return ((byte) (bitmap$0 & 2)) == 0 ? net$shrine$log$Loggable$$internalLogger$lzycompute() : net$shrine$log$Loggable$$internalLogger;
    }

    public BouncyCastleProvider provider() {
        if (((byte) (bitmap$init$0 & 1)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: BouncyKeyStoreCollection.scala: 49");
        }
        BouncyCastleProvider bouncyCastleProvider = provider;
        return provider;
    }

    public Option<KeyStoreDescriptor> descriptor() {
        if (((byte) (bitmap$init$0 & 2)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: BouncyKeyStoreCollection.scala: 51");
        }
        Option<KeyStoreDescriptor> option = descriptor;
        return descriptor;
    }

    public void descriptor_$eq(Option<KeyStoreDescriptor> option) {
        descriptor = option;
        bitmap$init$0 = (byte) (bitmap$init$0 | 2);
    }

    public Option<KeyStore> keyStore() {
        if (((byte) (bitmap$init$0 & 4)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: BouncyKeyStoreCollection.scala: 52");
        }
        Option<KeyStore> option = keyStore;
        return keyStore;
    }

    public void keyStore_$eq(Option<KeyStore> option) {
        keyStore = option;
        bitmap$init$0 = (byte) (bitmap$init$0 | 4);
    }

    public String SHA256() {
        if (((byte) (bitmap$init$0 & 8)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: BouncyKeyStoreCollection.scala: 53");
        }
        String str = SHA256;
        return SHA256;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v16, types: [byte] */
    private BouncyKeyStoreCollection fromConfig$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (bitmap$0 & 1)) == 0) {
                Config config = ConfigSource$.MODULE$.config().getConfig("shrine");
                fromConfig = fromFileRecoverWithClassPath(KeyStoreDescriptor$.MODULE$.apply(config.getConfig("keystore"), package$.MODULE$.ConfigExtensions(config).getConfigOrEmpty("hub"), package$.MODULE$.ConfigExtensions(config).getConfigOrEmpty("queryEntryPoint")));
                r0 = (byte) (bitmap$0 | 1);
                bitmap$0 = r0;
            }
        }
        return fromConfig;
    }

    public BouncyKeyStoreCollection fromConfig() {
        return ((byte) (bitmap$0 & 1)) == 0 ? fromConfig$lzycompute() : fromConfig;
    }

    public Either<ImproperlyConfiguredKeyStoreProblem, BouncyKeyStoreCollection> createCertCollection(KeyStore keyStore2, KeyStoreDescriptor keyStoreDescriptor) {
        descriptor_$eq(new Some(keyStoreDescriptor));
        keyStore_$eq(new Some(keyStore2));
        Set<KeyStoreEntry> set = CollectionConverters$.MODULE$.EnumerationHasAsScala(keyStore2.aliases()).asScala().map(str -> {
            return new Tuple3(str, keyStore2.getCertificate(str), Option$.MODULE$.apply((PrivateKey) keyStore2.getKey(str, keyStoreDescriptor.password().toCharArray())));
        }).map(tuple3 -> {
            return new KeyStoreEntry((X509Certificate) tuple3._2(), new NonEmptySeq(tuple3._1(), Nil$.MODULE$), (Option) tuple3._3());
        }).toSet();
        if (set.exists(keyStoreEntry -> {
            return BoxesRunTime.boxToBoolean($anonfun$createCertCollection$3(keyStoreEntry));
        })) {
            CryptoErrors$.MODULE$.configureError(CryptoErrors$.MODULE$.ExpiredCertificates((Iterable) set.filter(keyStoreEntry2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$createCertCollection$4(keyStoreEntry2));
            })));
        } else {
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        }
        return createCentralCertCollection(set, keyStoreDescriptor, keyStoreDescriptor.trustModel().isCa());
    }

    public Either<ImproperlyConfiguredKeyStoreProblem, BouncyKeyStoreCollection> createCentralCertCollection(Set<KeyStoreEntry> set, KeyStoreDescriptor keyStoreDescriptor, boolean z) {
        return (Either) set.find(keyStoreEntry -> {
            return BoxesRunTime.boxToBoolean($anonfun$createCentralCertCollection$1(keyStoreDescriptor, keyStoreEntry));
        }).fold(() -> {
            return scala.package$.MODULE$.Left().apply(CryptoErrors$.MODULE$.configureError("You must specify at least one ca cert alias corresponding to a PrivateKey entry for the Hub"));
        }, keyStoreEntry2 -> {
            return (Either) set.find(keyStoreEntry2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$createCentralCertCollection$4(keyStoreEntry2, keyStoreEntry2));
            }).fold(() -> {
                return scala.package$.MODULE$.Left().apply(CryptoErrors$.MODULE$.configureError("There is no private entry signed by a public entry in the keystore corresponding to the Hub."));
            }, keyStoreEntry3 -> {
                return z ? scala.package$.MODULE$.Right().apply(new HubCertCollection(keyStoreEntry3, keyStoreEntry2)) : scala.package$.MODULE$.Right().apply(new DownStreamCertCollection(keyStoreEntry3, keyStoreEntry2));
            });
        });
    }

    public BouncyKeyStoreCollection fromFileRecoverWithClassPath(KeyStoreDescriptor keyStoreDescriptor) {
        KeyStore fromStreamHelper = new File(keyStoreDescriptor.file()).exists() ? fromStreamHelper(keyStoreDescriptor, str -> {
            return new FileInputStream(str);
        }) : fromStreamHelper(keyStoreDescriptor, str2 -> {
            return MODULE$.getClass().getClassLoader().getResourceAsStream(str2);
        });
        keyStore_$eq(new Some(fromStreamHelper));
        descriptor_$eq(new Some(keyStoreDescriptor));
        return (BouncyKeyStoreCollection) createCertCollection(fromStreamHelper, keyStoreDescriptor).fold(improperlyConfiguredKeyStoreProblem -> {
            throw improperlyConfiguredKeyStoreProblem.throwable().get();
        }, bouncyKeyStoreCollection -> {
            return (BouncyKeyStoreCollection) Predef$.MODULE$.identity(bouncyKeyStoreCollection);
        });
    }

    public KeyStore fromStreamHelper(KeyStoreDescriptor keyStoreDescriptor, Function1<String, InputStream> function1) {
        debug(() -> {
            return new StringBuilder(35).append("Loading keystore using descriptor: ").append(keyStoreDescriptor).toString();
        });
        InputStream apply = function1.apply(keyStoreDescriptor.file());
        Predef$.MODULE$.require(apply != null, () -> {
            return new StringBuilder(28).append("null stream for descriptor ").append(keyStoreDescriptor).append("¬").toString();
        });
        KeyStore keyStore2 = KeyStore.getInstance(keyStoreDescriptor.keyStoreFormat().name());
        try {
            keyStore2.load(apply, keyStoreDescriptor.password().toCharArray());
            debug(() -> {
                return new StringBuilder(18).append("Keystore aliases: ").append(CollectionConverters$.MODULE$.EnumerationHasAsScala(keyStore2.aliases()).asScala().mkString(",")).toString();
            });
            debug(() -> {
                return new StringBuilder(29).append("Keystore ").append(keyStoreDescriptor).append(" loaded successfully").toString();
            });
            return keyStore2;
        } catch (IOException e) {
            throw new IOException(new StringBuilder(29).append("Unable to load keystore from ").append(keyStoreDescriptor).toString(), e);
        }
    }

    public static final /* synthetic */ boolean $anonfun$createCertCollection$3(KeyStoreEntry keyStoreEntry) {
        return keyStoreEntry.isExpired(keyStoreEntry.isExpired$default$1());
    }

    public static final /* synthetic */ boolean $anonfun$createCertCollection$4(KeyStoreEntry keyStoreEntry) {
        return keyStoreEntry.isExpired(keyStoreEntry.isExpired$default$1());
    }

    public static final /* synthetic */ boolean $anonfun$createCentralCertCollection$1(KeyStoreDescriptor keyStoreDescriptor, KeyStoreEntry keyStoreEntry) {
        return keyStoreEntry.privateKey().isEmpty() && ((IterableOnceOps) keyStoreEntry.aliases().intersect(keyStoreDescriptor.caCertAliases())).nonEmpty();
    }

    public static final /* synthetic */ boolean $anonfun$createCentralCertCollection$4(KeyStoreEntry keyStoreEntry, KeyStoreEntry keyStoreEntry2) {
        return keyStoreEntry2.privateKey().isDefined() && keyStoreEntry2.wasSignedBy(keyStoreEntry);
    }

    private BouncyKeyStoreCollection$() {
    }
}
