package otoroshi.plugins.clientcert;

import akka.actor.ActorRef;
import akka.http.scaladsl.util.FastFuture$;
import java.security.cert.X509Certificate;
import java.util.concurrent.atomic.AtomicReference;
import otoroshi.env.Env;
import otoroshi.events.OtoroshiEvent;
import otoroshi.script.Access;
import otoroshi.script.AccessContext;
import otoroshi.script.AccessValidator;
import otoroshi.script.NamedPlugin;
import otoroshi.script.PluginType;
import otoroshi.utils.RegexPool$;
import otoroshi.utils.http.DN;
import otoroshi.utils.http.MtlsConfig;
import otoroshi.utils.http.MtlsConfig$;
import play.api.libs.json.JsLookup$;
import play.api.libs.json.JsObject;
import play.api.libs.json.JsObject$;
import play.api.libs.json.JsValue;
import play.api.libs.json.JsValue$;
import play.api.libs.json.Json$;
import play.api.libs.json.Reads$;
import play.api.libs.json.Writes$;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.IndexedSeq;
import scala.collection.IndexedSeq$;
import scala.collection.Seq;
import scala.collection.concurrent.TrieMap;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.StringOps;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: clientcert.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005Ec\u0001B\u0006\r\u0001MAQ\u0001\t\u0001\u0005\u0002\u0005BQ\u0001\n\u0001\u0005B\u0015BQ!\r\u0001\u0005BIBQA\u0011\u0001\u0005B\rCQ!\u0012\u0001\u0005BIBqA\u0012\u0001C\u0002\u0013%q\t\u0003\u0004Z\u0001\u0001\u0006I\u0001\u0013\u0005\u00065\u0002!Ia\u0017\u0005\u0006m\u0002!Ia\u001e\u0005\b\u0003w\u0001A\u0011IA\u001f\u0005\tB\u0015m]\"mS\u0016tGoQ3si6\u000bGo\u00195j]\u001eDE\u000f\u001e9WC2LG-\u0019;pe*\u0011QBD\u0001\u000bG2LWM\u001c;dKJ$(BA\b\u0011\u0003\u001d\u0001H.^4j]NT\u0011!E\u0001\t_R|'o\\:iS\u000e\u00011c\u0001\u0001\u00155A\u0011Q\u0003G\u0007\u0002-)\tq#A\u0003tG\u0006d\u0017-\u0003\u0002\u001a-\t1\u0011I\\=SK\u001a\u0004\"a\u0007\u0010\u000e\u0003qQ!!\b\t\u0002\rM\u001c'/\u001b9u\u0013\tyBDA\bBG\u000e,7o\u001d,bY&$\u0017\r^8s\u0003\u0019a\u0014N\\5u}Q\t!\u0005\u0005\u0002$\u00015\tA\"\u0001\u0003oC6,W#\u0001\u0014\u0011\u0005\u001drcB\u0001\u0015-!\tIc#D\u0001+\u0015\tY##\u0001\u0004=e>|GOP\u0005\u0003[Y\ta\u0001\u0015:fI\u00164\u0017BA\u00181\u0005\u0019\u0019FO]5oO*\u0011QFF\u0001\u000eI\u00164\u0017-\u001e7u\u0007>tg-[4\u0016\u0003M\u00022!\u0006\u001b7\u0013\t)dC\u0001\u0004PaRLwN\u001c\t\u0003o\u0001k\u0011\u0001\u000f\u0006\u0003si\nAA[:p]*\u00111\bP\u0001\u0005Y&\u00147O\u0003\u0002>}\u0005\u0019\u0011\r]5\u000b\u0003}\nA\u0001\u001d7bs&\u0011\u0011\t\u000f\u0002\t\u0015N|%M[3di\u0006YA-Z:de&\u0004H/[8o+\u0005!\u0005cA\u000b5M\u0005a1m\u001c8gS\u001e\u001c6\r[3nC\u0006)1-Y2iKV\t\u0001\n\u0005\u0003J\u001d\u001a\u0002V\"\u0001&\u000b\u0005-c\u0015AC2p]\u000e,(O]3oi*\u0011QJF\u0001\u000bG>dG.Z2uS>t\u0017BA(K\u0005\u001d!&/[3NCB\u0004B!F)T-&\u0011!K\u0006\u0002\u0007)V\u0004H.\u001a\u001a\u0011\u0005U!\u0016BA+\u0017\u0005\u0011auN\\4\u0011\u0005]:\u0016B\u0001-9\u0005\u001dQ5OV1mk\u0016\faaY1dQ\u0016\u0004\u0013\u0001\u0003<bY&$\u0017\r^3\u0015\u0007q{F\u000f\u0005\u0002\u0016;&\u0011aL\u0006\u0002\b\u0005>|G.Z1o\u0011\u0015\u0001\u0007\u00021\u0001b\u0003\u0015\u0019WM\u001d;t!\r\u0011wM\u001b\b\u0003G\u0016t!!\u000b3\n\u0003]I!A\u001a\f\u0002\u000fA\f7m[1hK&\u0011\u0001.\u001b\u0002\u0004'\u0016\f(B\u00014\u0017!\tY'/D\u0001m\u0015\tig.\u0001\u0003dKJ$(BA8q\u0003!\u0019XmY;sSRL(\"A9\u0002\t)\fg/Y\u0005\u0003g2\u0014q\u0002W\u001b1s\r+'\u000f^5gS\u000e\fG/\u001a\u0005\u0006k\"\u0001\rAV\u0001\u0007m\u0006dW/Z:\u0002\u000b\u0019,Go\u00195\u0015\u0013a\f)\"!\u0007\u0002$\u0005\u001dB\u0003B=\u007f\u0003\u0017\u00012A\u001f?W\u001b\u0005Y(BA&\u0017\u0013\ti8P\u0001\u0004GkR,(/\u001a\u0005\u0007\u007f&\u0001\u001d!!\u0001\u0002\u0007\u0015tg\u000f\u0005\u0003\u0002\u0004\u0005\u001dQBAA\u0003\u0015\ty\b#\u0003\u0003\u0002\n\u0005\u0015!aA#om\"9\u0011QB\u0005A\u0004\u0005=\u0011AA3d!\rQ\u0018\u0011C\u0005\u0004\u0003'Y(\u0001E#yK\u000e,H/[8o\u0007>tG/\u001a=u\u0011\u0019\t9\"\u0003a\u0001M\u0005\u0019QO\u001d7\t\u000f\u0005m\u0011\u00021\u0001\u0002\u001e\u00059\u0001.Z1eKJ\u001c\b#B\u0014\u0002 \u00192\u0013bAA\u0011a\t\u0019Q*\u00199\t\r\u0005\u0015\u0012\u00021\u0001T\u0003\r!H\u000f\u001c\u0005\b\u0003SI\u0001\u0019AA\u0016\u0003)iG\u000f\\:D_:4\u0017n\u001a\t\u0005\u0003[\t9$\u0004\u0002\u00020)!\u0011\u0011GA\u001a\u0003\u0011AG\u000f\u001e9\u000b\u0007\u0005U\u0002#A\u0003vi&d7/\u0003\u0003\u0002:\u0005=\"AC'uYN\u001cuN\u001c4jO\u0006I1-\u00198BG\u000e,7o\u001d\u000b\u0005\u0003\u007f\t9\u0005\u0006\u0004\u0002B\u0005\r\u0013Q\t\t\u0004urd\u0006BB@\u000b\u0001\b\t\t\u0001C\u0004\u0002\u000e)\u0001\u001d!a\u0004\t\u000f\u0005%#\u00021\u0001\u0002L\u000591m\u001c8uKb$\bcA\u000e\u0002N%\u0019\u0011q\n\u000f\u0003\u001b\u0005\u001b7-Z:t\u0007>tG/\u001a=u\u0001")
/* loaded from: input_file:otoroshi/plugins/clientcert/HasClientCertMatchingHttpValidator.class */
public class HasClientCertMatchingHttpValidator implements AccessValidator {
    private final TrieMap<String, Tuple2<Object, JsValue>> otoroshi$plugins$clientcert$HasClientCertMatchingHttpValidator$$cache;
    private final AtomicReference<ActorRef> otoroshi$script$InternalEventListener$$ref;
    private final Future<BoxedUnit> funit;

    @Override // otoroshi.script.AccessValidator, otoroshi.script.NamedPlugin
    public PluginType pluginType() {
        PluginType pluginType;
        pluginType = pluginType();
        return pluginType;
    }

    @Override // otoroshi.script.AccessValidator
    public Future<Access> access(AccessContext accessContext, Env env, ExecutionContext executionContext) {
        Future<Access> access;
        access = access(accessContext, env, executionContext);
        return access;
    }

    @Override // otoroshi.script.InternalEventListener
    public boolean listening() {
        boolean listening;
        listening = listening();
        return listening;
    }

    @Override // otoroshi.script.InternalEventListener
    public void onEvent(OtoroshiEvent otoroshiEvent, Env env) {
        onEvent(otoroshiEvent, env);
    }

    @Override // otoroshi.script.InternalEventListener
    public void startEvent(String str, Env env) {
        startEvent(str, env);
    }

    @Override // otoroshi.script.InternalEventListener
    public void stopEvent(Env env) {
        stopEvent(env);
    }

    @Override // otoroshi.script.NamedPlugin
    public boolean deprecated() {
        boolean deprecated;
        deprecated = deprecated();
        return deprecated;
    }

    @Override // otoroshi.script.NamedPlugin
    public boolean core() {
        boolean core;
        core = core();
        return core;
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> documentation() {
        Option<String> documentation;
        documentation = documentation();
        return documentation;
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> configRoot() {
        Option<String> configRoot;
        configRoot = configRoot();
        return configRoot;
    }

    @Override // otoroshi.script.NamedPlugin
    public Seq<String> configFlow() {
        Seq<String> configFlow;
        configFlow = configFlow();
        return configFlow;
    }

    @Override // otoroshi.script.NamedPlugin
    public JsObject jsonDescription() {
        JsObject jsonDescription;
        jsonDescription = jsonDescription();
        return jsonDescription;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> startWithPluginId(String str, Env env) {
        Future<BoxedUnit> startWithPluginId;
        startWithPluginId = startWithPluginId(str, env);
        return startWithPluginId;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> start(Env env) {
        Future<BoxedUnit> start;
        start = start(env);
        return start;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> stop(Env env) {
        Future<BoxedUnit> stop;
        stop = stop(env);
        return stop;
    }

    @Override // otoroshi.script.InternalEventListener
    public AtomicReference<ActorRef> otoroshi$script$InternalEventListener$$ref() {
        return this.otoroshi$script$InternalEventListener$$ref;
    }

    @Override // otoroshi.script.InternalEventListener
    public final void otoroshi$script$InternalEventListener$_setter_$otoroshi$script$InternalEventListener$$ref_$eq(AtomicReference<ActorRef> atomicReference) {
        this.otoroshi$script$InternalEventListener$$ref = atomicReference;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public Future<BoxedUnit> funit() {
        return this.funit;
    }

    @Override // otoroshi.script.StartableAndStoppable
    public void otoroshi$script$StartableAndStoppable$_setter_$funit_$eq(Future<BoxedUnit> future) {
        this.funit = future;
    }

    @Override // otoroshi.script.NamedPlugin
    public String name() {
        return "Client certificate matching (over http)";
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<JsObject> defaultConfig() {
        return new Some(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("HasClientCertMatchingHttpValidator"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("url"), Json$.MODULE$.toJsFieldJsValueWrapper("http://foo.bar", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("ttl"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToInteger(600000), Writes$.MODULE$.IntWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("headers"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Nil$.MODULE$), JsObject$.MODULE$.writes())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("mtlsConfig"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("certId"), Json$.MODULE$.toJsFieldJsValueWrapper("...", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("mtls"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToBoolean(false), Writes$.MODULE$.BooleanWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("loose"), Json$.MODULE$.toJsFieldJsValueWrapper(BoxesRunTime.boxToBoolean(false), Writes$.MODULE$.BooleanWrites()))})), JsObject$.MODULE$.writes()))})), JsObject$.MODULE$.writes()))})));
    }

    @Override // otoroshi.script.NamedPlugin
    public Option<String> description() {
        return new Some(new StringOps(Predef$.MODULE$.augmentString("Check if client certificate matches the following configuration\n      |\n      |expected response from http service is\n      |\n      |```json\n      |{\n      |  \"serialNumbers\": [],   // allowed certificated serial numbers\n      |  \"subjectDNs\": [],      // allowed certificated DNs\n      |  \"issuerDNs\": [],       // allowed certificated issuer DNs\n      |  \"regexSubjectDNs\": [], // allowed certificated DNs matching regex\n      |  \"regexIssuerDNs\": [],  // allowed certificated issuer DNs matching regex\n      |}\n      |```\n      |\n      |This plugin can accept the following configuration\n      |\n      |```json\n      |{\n      |  \"HasClientCertMatchingValidator\": {\n      |    \"url\": \"...\",   // url for the call\n      |    \"headers\": {},  // http header for the call\n      |    \"ttl\": 600000,  // cache ttl,\n      |    \"mtlsConfig\": {\n      |      \"certId\": \"xxxxx\",\n      |       \"mtls\": false,\n      |       \"loose\": false\n      |    }\n      |  }\n      |}\n      |```\n    ")).stripMargin());
    }

    @Override // otoroshi.script.NamedPlugin
    /* renamed from: configSchema */
    public Option<JsObject> mo428configSchema() {
        Option mo428configSchema;
        mo428configSchema = mo428configSchema();
        return mo428configSchema.map(jsObject -> {
            return jsObject.$plus$plus(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("mtlsConfig.certId"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("type"), Json$.MODULE$.toJsFieldJsValueWrapper("select", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("props"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("label"), Json$.MODULE$.toJsFieldJsValueWrapper("certId", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("placeholer"), Json$.MODULE$.toJsFieldJsValueWrapper("Client cert used for mTLS call", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("valuesFrom"), Json$.MODULE$.toJsFieldJsValueWrapper("/bo/api/proxy/api/certificates?client=true", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("transformerMapping"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("label"), Json$.MODULE$.toJsFieldJsValueWrapper("name", Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("value"), Json$.MODULE$.toJsFieldJsValueWrapper("id", Writes$.MODULE$.StringWrites()))})), JsObject$.MODULE$.writes()))})), JsObject$.MODULE$.writes()))})), JsObject$.MODULE$.writes()))})));
        });
    }

    public TrieMap<String, Tuple2<Object, JsValue>> otoroshi$plugins$clientcert$HasClientCertMatchingHttpValidator$$cache() {
        return this.otoroshi$plugins$clientcert$HasClientCertMatchingHttpValidator$$cache;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean validate(Seq<X509Certificate> seq, JsValue jsValue) {
        Seq seq2 = (Seq) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "serialNumbers").asOpt(Reads$.MODULE$.JsArrayReads()).map(jsArray -> {
            return (IndexedSeq) jsArray.value().map(jsValue2 -> {
                return (String) jsValue2.as(Reads$.MODULE$.StringReads());
            }, IndexedSeq$.MODULE$.canBuildFrom());
        }).getOrElse(() -> {
            return Nil$.MODULE$;
        });
        Seq seq3 = (Seq) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "subjectDNs").asOpt(Reads$.MODULE$.JsArrayReads()).map(jsArray2 -> {
            return (IndexedSeq) jsArray2.value().map(jsValue2 -> {
                return (String) jsValue2.as(Reads$.MODULE$.StringReads());
            }, IndexedSeq$.MODULE$.canBuildFrom());
        }).getOrElse(() -> {
            return Nil$.MODULE$;
        });
        Seq seq4 = (Seq) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "issuerDNs").asOpt(Reads$.MODULE$.JsArrayReads()).map(jsArray3 -> {
            return (IndexedSeq) jsArray3.value().map(jsValue2 -> {
                return (String) jsValue2.as(Reads$.MODULE$.StringReads());
            }, IndexedSeq$.MODULE$.canBuildFrom());
        }).getOrElse(() -> {
            return Nil$.MODULE$;
        });
        Seq seq5 = (Seq) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "regexSubjectDNs").asOpt(Reads$.MODULE$.JsArrayReads()).map(jsArray4 -> {
            return (IndexedSeq) jsArray4.value().map(jsValue2 -> {
                return (String) jsValue2.as(Reads$.MODULE$.StringReads());
            }, IndexedSeq$.MODULE$.canBuildFrom());
        }).getOrElse(() -> {
            return Nil$.MODULE$;
        });
        Seq seq6 = (Seq) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "regexIssuerDNs").asOpt(Reads$.MODULE$.JsArrayReads()).map(jsArray5 -> {
            return (IndexedSeq) jsArray5.value().map(jsValue2 -> {
                return (String) jsValue2.as(Reads$.MODULE$.StringReads());
            }, IndexedSeq$.MODULE$.canBuildFrom());
        }).getOrElse(() -> {
            return Nil$.MODULE$;
        });
        return seq.exists(x509Certificate -> {
            return BoxesRunTime.boxToBoolean($anonfun$validate$16(seq2, x509Certificate));
        }) || seq.exists(x509Certificate2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$validate$18(seq3, x509Certificate2));
        }) || seq.exists(x509Certificate3 -> {
            return BoxesRunTime.boxToBoolean($anonfun$validate$20(seq4, x509Certificate3));
        }) || seq.exists(x509Certificate4 -> {
            return BoxesRunTime.boxToBoolean($anonfun$validate$22(seq5, x509Certificate4));
        }) || seq.exists(x509Certificate5 -> {
            return BoxesRunTime.boxToBoolean($anonfun$validate$24(seq6, x509Certificate5));
        });
    }

    private Future<JsValue> fetch(String str, Map<String, String> map, long j, MtlsConfig mtlsConfig, Env env, ExecutionContext executionContext) {
        return env.MtlsWs().url(str, mtlsConfig).withHttpHeaders(map.toSeq()).get().map(wSResponse -> {
            JsValue obj;
            if (wSResponse.status() == 200) {
                this.otoroshi$plugins$clientcert$HasClientCertMatchingHttpValidator$$cache().put(str, new Tuple2(BoxesRunTime.boxToLong(System.currentTimeMillis()), wSResponse.json()));
                obj = wSResponse.json();
            } else {
                this.otoroshi$plugins$clientcert$HasClientCertMatchingHttpValidator$$cache().put(str, new Tuple2(BoxesRunTime.boxToLong(System.currentTimeMillis()), Json$.MODULE$.obj(Nil$.MODULE$)));
                obj = Json$.MODULE$.obj(Nil$.MODULE$);
            }
            return obj;
        }, executionContext).recover(new HasClientCertMatchingHttpValidator$$anonfun$fetch$2(this, str), executionContext);
    }

    @Override // otoroshi.script.AccessValidator
    public Future<Object> canAccess(AccessContext accessContext, Env env, ExecutionContext executionContext) {
        Future<Object> future;
        Tuple2 tuple2;
        Future<Object> future2;
        Some clientCertificateChain = accessContext.request().clientCertificateChain();
        if (clientCertificateChain instanceof Some) {
            Seq<X509Certificate> seq = (Seq) clientCertificateChain.value();
            JsValue jsValue = (JsValue) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(accessContext.config()), "HasClientCertMatchingHttpValidator").asOpt(Reads$.MODULE$.JsValueReads()).orElse(() -> {
                return JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(accessContext.globalConfig()), "HasClientCertMatchingHttpValidator").asOpt(Reads$.MODULE$.JsValueReads());
            }).getOrElse(() -> {
                return accessContext.config();
            });
            MtlsConfig read = MtlsConfig$.MODULE$.read(JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "mtlsConfig").asOpt(Reads$.MODULE$.JsValueReads()));
            String str = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "url").as(Reads$.MODULE$.StringReads());
            Map<String, String> map = (Map) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "headers").asOpt(Reads$.MODULE$.mapReads(Reads$.MODULE$.StringReads())).getOrElse(() -> {
                return Predef$.MODULE$.Map().empty();
            });
            long unboxToLong = BoxesRunTime.unboxToLong(JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "ttl").asOpt(Reads$.MODULE$.LongReads()).getOrElse(() -> {
                return 600000L;
            }));
            long currentTimeMillis = System.currentTimeMillis();
            boolean z = false;
            Some some = null;
            Option option = otoroshi$plugins$clientcert$HasClientCertMatchingHttpValidator$$cache().get(str);
            if (!None$.MODULE$.equals(option)) {
                if (option instanceof Some) {
                    z = true;
                    some = (Some) option;
                    Tuple2 tuple22 = (Tuple2) some.value();
                    if (tuple22 != null) {
                        long _1$mcJ$sp = tuple22._1$mcJ$sp();
                        JsValue jsValue2 = (JsValue) tuple22._2();
                        if (currentTimeMillis - _1$mcJ$sp <= unboxToLong) {
                            future2 = (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(validate(seq, jsValue2)));
                        }
                    }
                }
                if (z && (tuple2 = (Tuple2) some.value()) != null) {
                    long _1$mcJ$sp2 = tuple2._1$mcJ$sp();
                    JsValue jsValue3 = (JsValue) tuple2._2();
                    if (currentTimeMillis - _1$mcJ$sp2 > unboxToLong) {
                        fetch(str, map, unboxToLong, read, env, executionContext);
                        future2 = (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(validate(seq, jsValue3)));
                    }
                }
                throw new MatchError(option);
            }
            future2 = fetch(str, map, unboxToLong, read, env, executionContext).map(jsValue4 -> {
                return BoxesRunTime.boxToBoolean(this.validate(seq, jsValue4));
            }, executionContext);
            future = future2;
        } else {
            future = (Future) FastFuture$.MODULE$.successful().apply(BoxesRunTime.boxToBoolean(false));
        }
        return future;
    }

    public static final /* synthetic */ boolean $anonfun$validate$17(X509Certificate x509Certificate, String str) {
        String bigInteger = x509Certificate.getSerialNumber().toString(16);
        return str != null ? str.equals(bigInteger) : bigInteger == null;
    }

    public static final /* synthetic */ boolean $anonfun$validate$16(Seq seq, X509Certificate x509Certificate) {
        return seq.exists(str -> {
            return BoxesRunTime.boxToBoolean($anonfun$validate$17(x509Certificate, str));
        });
    }

    public static final /* synthetic */ boolean $anonfun$validate$19(X509Certificate x509Certificate, String str) {
        return RegexPool$.MODULE$.apply(str).matches(new DN(x509Certificate.getSubjectDN().getName()).stringify());
    }

    public static final /* synthetic */ boolean $anonfun$validate$18(Seq seq, X509Certificate x509Certificate) {
        return seq.exists(str -> {
            return BoxesRunTime.boxToBoolean($anonfun$validate$19(x509Certificate, str));
        });
    }

    public static final /* synthetic */ boolean $anonfun$validate$21(X509Certificate x509Certificate, String str) {
        return RegexPool$.MODULE$.apply(str).matches(new DN(x509Certificate.getIssuerDN().getName()).stringify());
    }

    public static final /* synthetic */ boolean $anonfun$validate$20(Seq seq, X509Certificate x509Certificate) {
        return seq.exists(str -> {
            return BoxesRunTime.boxToBoolean($anonfun$validate$21(x509Certificate, str));
        });
    }

    public static final /* synthetic */ boolean $anonfun$validate$23(X509Certificate x509Certificate, String str) {
        return RegexPool$.MODULE$.regex(str).matches(new DN(x509Certificate.getSubjectDN().getName()).stringify());
    }

    public static final /* synthetic */ boolean $anonfun$validate$22(Seq seq, X509Certificate x509Certificate) {
        return seq.exists(str -> {
            return BoxesRunTime.boxToBoolean($anonfun$validate$23(x509Certificate, str));
        });
    }

    public static final /* synthetic */ boolean $anonfun$validate$25(X509Certificate x509Certificate, String str) {
        return RegexPool$.MODULE$.regex(str).matches(new DN(x509Certificate.getIssuerDN().getName()).stringify());
    }

    public static final /* synthetic */ boolean $anonfun$validate$24(Seq seq, X509Certificate x509Certificate) {
        return seq.exists(str -> {
            return BoxesRunTime.boxToBoolean($anonfun$validate$25(x509Certificate, str));
        });
    }

    public HasClientCertMatchingHttpValidator() {
        otoroshi$script$StartableAndStoppable$_setter_$funit_$eq((Future) FastFuture$.MODULE$.successful().apply(BoxedUnit.UNIT));
        NamedPlugin.$init$(this);
        otoroshi$script$InternalEventListener$_setter_$otoroshi$script$InternalEventListener$$ref_$eq(new AtomicReference<>());
        AccessValidator.$init$((AccessValidator) this);
        this.otoroshi$plugins$clientcert$HasClientCertMatchingHttpValidator$$cache = new TrieMap<>();
    }
}
