package otoroshi.ssl;

import akka.Done;
import akka.http.scaladsl.util.FastFuture$;
import akka.stream.Materializer;
import akka.stream.scaladsl.Sink$;
import akka.stream.scaladsl.Source$;
import java.io.File;
import java.nio.file.Files;
import java.security.cert.X509Certificate;
import org.joda.time.DateTime;
import org.joda.time.Interval;
import otoroshi.env.Env;
import otoroshi.events.Alerts$;
import otoroshi.events.CertExpiredAlert;
import otoroshi.events.CertExpiredAlert$;
import otoroshi.events.CertRenewalAlert;
import otoroshi.events.CertRenewalAlert$;
import otoroshi.models.AutoCert;
import otoroshi.models.GlobalConfig;
import otoroshi.security.IdGenerator$;
import otoroshi.ssl.pki.models.GenCertResponse;
import otoroshi.ssl.pki.models.GenCsrQuery;
import otoroshi.ssl.pki.models.GenCsrQuery$;
import otoroshi.storage.BasicStore;
import otoroshi.utils.RegexPool$;
import otoroshi.utils.syntax.implicits$;
import otoroshi.utils.syntax.implicits$BetterConfiguration$;
import otoroshi.utils.syntax.implicits$BetterSyntax$;
import play.api.ConfigLoader$;
import play.api.Configuration;
import play.api.Logger;
import play.api.MarkerContext$;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.IterableLike;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.SeqLike;
import scala.collection.TraversableLike;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.concurrent.Await$;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.duration.package;
import scala.concurrent.duration.package$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.util.Failure;
import scala.util.Left;
import scala.util.Right;
import scala.util.Success;
import scala.util.Try$;

/* compiled from: ssl.scala */
@ScalaSignature(bytes = "\u0006\u0001\u00055ca\u0002\u0007\u000e!\u0003\r\tA\u0005\u0005\u0006G\u0001!\t\u0001\n\u0005\u0006Q\u0001!\t!\u000b\u0005\u0006c\u0001!\tA\r\u0005\u0006\u007f\u0001!\t\u0001\u0011\u0005\u0006\u001f\u0002!\t\u0001\u0015\u0005\u0006Y\u0002!\t!\u001c\u0005\t\u007f\u0002\t\n\u0011\"\u0001\u0002\u0002!9\u0011q\u0003\u0001\u0005\u0002\u0005e\u0001bBA\u0012\u0001\u0011\u0005\u0011Q\u0005\u0005\b\u0003g\u0001A\u0011AA\u001b\u0011\u001d\t)\u0005\u0001C\u0001\u0003\u000f\u0012AcQ3si&4\u0017nY1uK\u0012\u000bG/Y*u_J,'B\u0001\b\u0010\u0003\r\u00198\u000f\u001c\u0006\u0002!\u0005Aq\u000e^8s_ND\u0017n\u0001\u0001\u0014\u0007\u0001\u0019\u0012\u0004\u0005\u0002\u0015/5\tQCC\u0001\u0017\u0003\u0015\u00198-\u00197b\u0013\tARC\u0001\u0004B]f\u0014VM\u001a\t\u00045uyR\"A\u000e\u000b\u0005qy\u0011aB:u_J\fw-Z\u0005\u0003=m\u0011!BQ1tS\u000e\u001cFo\u001c:f!\t\u0001\u0013%D\u0001\u000e\u0013\t\u0011SB\u0001\u0003DKJ$\u0018A\u0002\u0013j]&$H\u0005F\u0001&!\t!b%\u0003\u0002(+\t!QK\\5u\u00035q\u0017m[3e)\u0016l\u0007\u000f\\1uKR\u0011qD\u000b\u0005\u0006W\t\u0001\r\u0001L\u0001\u0004K:4\bCA\u00170\u001b\u0005q#BA\u0016\u0010\u0013\t\u0001dFA\u0002F]Z\f\u0001\u0002^3na2\fG/\u001a\u000b\u0004ger\u0004c\u0001\u001b8?5\tQG\u0003\u00027+\u0005Q1m\u001c8dkJ\u0014XM\u001c;\n\u0005a*$A\u0002$viV\u0014X\rC\u0003;\u0007\u0001\u000f1(\u0001\u0002fGB\u0011A\u0007P\u0005\u0003{U\u0012\u0001#\u0012=fGV$\u0018n\u001c8D_:$X\r\u001f;\t\u000b-\u001a\u00019\u0001\u0017\u0002#I,g.Z<DKJ$\u0018NZ5dCR,7\u000fF\u0001B)\u0011\u00115\tR#\u0011\u0007Q:T\u0005C\u0003;\t\u0001\u000f1\bC\u0003,\t\u0001\u000fA\u0006C\u0003G\t\u0001\u000fq)A\u0002nCR\u0004\"\u0001S'\u000e\u0003%S!AS&\u0002\rM$(/Z1n\u0015\u0005a\u0015\u0001B1lW\u0006L!AT%\u0003\u00195\u000bG/\u001a:jC2L'0\u001a:\u0002\u001bI,\u0017\rZ\"feR|%oS3z)\u0011\tv,[6\u0011\u0007Q\u0011F+\u0003\u0002T+\t1q\n\u001d;j_:\u0004\"!\u0016/\u000f\u0005YS\u0006CA,\u0016\u001b\u0005A&BA-\u0012\u0003\u0019a$o\\8u}%\u00111,F\u0001\u0007!J,G-\u001a4\n\u0005us&AB*ue&twM\u0003\u0002\\+!)\u0001-\u0002a\u0001C\u0006!1m\u001c8g!\t\u0011w-D\u0001d\u0015\t!W-A\u0002ba&T\u0011AZ\u0001\u0005a2\f\u00170\u0003\u0002iG\ni1i\u001c8gS\u001e,(/\u0019;j_:DQA[\u0003A\u0002Q\u000bA\u0001]1uQ\")1&\u0002a\u0001Y\u0005i\u0011.\u001c9peR|e.Z\"feR$rA\\9siZDX\u0010F\u0002&_BDQa\u000b\u0004A\u00041BQA\u000f\u0004A\u0004mBQ\u0001\u0019\u0004A\u0002\u0005DQa\u001d\u0004A\u0002Q\u000baaY1QCRD\u0007\"B;\u0007\u0001\u0004!\u0016\u0001C2feR\u0004\u0016\r\u001e5\t\u000b]4\u0001\u0019\u0001+\u0002\u000f-,\u0017\u0010U1uQ\")\u0011P\u0002a\u0001u\u00061An\\4hKJ\u0004\"AY>\n\u0005q\u001c'A\u0002'pO\u001e,'\u000fC\u0004\u007f\rA\u0005\t\u0019A)\u0002\u0005%$\u0017aF5na>\u0014Ho\u00148f\u0007\u0016\u0014H\u000f\n3fM\u0006,H\u000e\u001e\u00137+\t\t\u0019AK\u0002R\u0003\u000bY#!a\u0002\u0011\t\u0005%\u00111C\u0007\u0003\u0003\u0017QA!!\u0004\u0002\u0010\u0005IQO\\2iK\u000e\\W\r\u001a\u0006\u0004\u0003#)\u0012AC1o]>$\u0018\r^5p]&!\u0011QCA\u0006\u0005E)hn\u00195fG.,GMV1sS\u0006t7-Z\u0001\u0013S6\u0004xN\u001d;J]&$\u0018.\u00197DKJ$8\u000f\u0006\u0003\u0002\u001c\u0005\u0005B#B\u0013\u0002\u001e\u0005}\u0001\"B\u0016\t\u0001\ba\u0003\"\u0002\u001e\t\u0001\bY\u0004\"B=\t\u0001\u0004Q\u0018a\u00045bg&s\u0017\u000e^5bY\u000e+'\u000f^:\u0015\u0005\u0005\u001dBCBA\u0015\u0003_\t\t\u0004E\u0002\u0015\u0003WI1!!\f\u0016\u0005\u001d\u0011un\u001c7fC:DQaK\u0005A\u00041BQAO\u0005A\u0004m\n\u0001%Y;u_\u001e+g.\u001a:bi\u0016\u001cUM\u001d;jM&\u001c\u0017\r^3G_J$u.\\1j]R!\u0011qGA!)\u0019\tI$!\u0010\u0002@A!AgNA\u001e!\r!\"k\b\u0005\u0006W)\u0001\u001d\u0001\f\u0005\u0006u)\u0001\u001da\u000f\u0005\u0007\u0003\u0007R\u0001\u0019\u0001+\u0002\r\u0011|W.Y5o\u0003\u0005R\u0017-\u001e;p\u000f\u0016tWM]1uK\u000e+'\u000f^5gS\u000e\fG/\u001a$pe\u0012{W.Y5o)\u0019\tY$!\u0013\u0002L!1\u00111I\u0006A\u0002QCQaK\u0006A\u00021\u0002")
/* loaded from: input_file:otoroshi/ssl/CertificateDataStore.class */
public interface CertificateDataStore extends BasicStore<Cert> {
    default Cert nakedTemplate(Env env) {
        return new Cert(IdGenerator$.MODULE$.namedId("cert", env), "a new certificate", "a new certificate", "", "", None$.MODULE$, Cert$.MODULE$.apply$default$7(), Cert$.MODULE$.apply$default$8(), Cert$.MODULE$.apply$default$9(), Cert$.MODULE$.apply$default$10(), Cert$.MODULE$.apply$default$11(), false, Cert$.MODULE$.apply$default$13(), Cert$.MODULE$.apply$default$14(), Cert$.MODULE$.apply$default$15(), Cert$.MODULE$.apply$default$16(), Cert$.MODULE$.apply$default$17(), Cert$.MODULE$.apply$default$18(), Cert$.MODULE$.apply$default$19(), Cert$.MODULE$.apply$default$20(), Cert$.MODULE$.apply$default$21(), Cert$.MODULE$.apply$default$22(), Cert$.MODULE$.apply$default$23(), Cert$.MODULE$.apply$default$24());
    }

    default Future<Cert> template(ExecutionContext executionContext, Env env) {
        return env.pki().genSelfSignedCert(new GenCsrQuery(new $colon.colon("www.oto.tools", Nil$.MODULE$), GenCsrQuery$.MODULE$.apply$default$2(), GenCsrQuery$.MODULE$.apply$default$3(), new Some("C=FR, OU=Foo, O=Bar"), GenCsrQuery$.MODULE$.apply$default$5(), GenCsrQuery$.MODULE$.apply$default$6(), GenCsrQuery$.MODULE$.apply$default$7(), GenCsrQuery$.MODULE$.apply$default$8(), GenCsrQuery$.MODULE$.apply$default$9(), GenCsrQuery$.MODULE$.apply$default$10(), GenCsrQuery$.MODULE$.apply$default$11(), GenCsrQuery$.MODULE$.apply$default$12()), executionContext).map(either -> {
            Cert cert = ((GenCertResponse) either.toOption().get()).toCert();
            return cert.copy(IdGenerator$.MODULE$.namedId("cert", env), "a new certificate", "a new certificate", "", "", cert.copy$default$6(), cert.copy$default$7(), cert.copy$default$8(), cert.copy$default$9(), cert.copy$default$10(), cert.copy$default$11(), cert.copy$default$12(), cert.copy$default$13(), cert.copy$default$14(), cert.copy$default$15(), cert.copy$default$16(), cert.copy$default$17(), cert.copy$default$18(), cert.copy$default$19(), cert.copy$default$20(), cert.copy$default$21(), cert.copy$default$22(), cert.copy$default$23(), cert.copy$default$24());
        }, executionContext);
    }

    default Future<BoxedUnit> renewCertificates(ExecutionContext executionContext, Env env, Materializer materializer) {
        return findAll(findAll$default$1(), executionContext, env).flatMap(seq -> {
            return renewCAs$1(seq, env, executionContext, materializer).flatMap(boxedUnit -> {
                return this.findAll(this.findAll$default$1(), executionContext, env).flatMap(seq -> {
                    return renewNonCaCertificates$1(seq, env, executionContext, materializer).flatMap(boxedUnit -> {
                        return this.findAll(this.findAll$default$1(), executionContext, env).flatMap(seq -> {
                            return markExpiredCertsAsExpired$1(seq, executionContext, env, materializer).map(boxedUnit -> {
                                $anonfun$renewCertificates$39(boxedUnit);
                                return BoxedUnit.UNIT;
                            }, executionContext);
                        }, executionContext);
                    }, executionContext);
                }, executionContext);
            }, executionContext);
        }, executionContext);
    }

    default Option<String> readCertOrKey(Configuration configuration, String str, Env env) {
        return implicits$BetterConfiguration$.MODULE$.getOptionalWithFileSupport$extension(implicits$.MODULE$.BetterConfiguration(configuration), str, ConfigLoader$.MODULE$.stringLoader(), ClassTag$.MODULE$.apply(String.class)).flatMap(str2 -> {
            if ((str2.contains(PemHeaders$.MODULE$.BeginCertificate()) && str2.contains(PemHeaders$.MODULE$.EndCertificate())) || ((str2.contains(PemHeaders$.MODULE$.BeginPrivateKey()) && str2.contains(PemHeaders$.MODULE$.EndPrivateKey())) || ((str2.contains(PemHeaders$.MODULE$.BeginPrivateECKey()) && str2.contains(PemHeaders$.MODULE$.EndPrivateECKey())) || (str2.contains(PemHeaders$.MODULE$.BeginPrivateRSAKey()) && str2.contains(PemHeaders$.MODULE$.EndPrivateRSAKey()))))) {
                return new Some(str2);
            }
            File file = new File(str2);
            if (!file.exists()) {
                return None$.MODULE$;
            }
            String str2 = new String(Files.readAllBytes(file.toPath()));
            return ((str2.contains(PemHeaders$.MODULE$.BeginCertificate()) && str2.contains(PemHeaders$.MODULE$.EndCertificate())) || (str2.contains(PemHeaders$.MODULE$.BeginPrivateKey()) && str2.contains(PemHeaders$.MODULE$.EndPrivateKey())) || ((str2.contains(PemHeaders$.MODULE$.BeginPrivateECKey()) && str2.contains(PemHeaders$.MODULE$.EndPrivateECKey())) || (str2.contains(PemHeaders$.MODULE$.BeginPrivateRSAKey()) && str2.contains(PemHeaders$.MODULE$.EndPrivateRSAKey())))) ? new Some(str2) : None$.MODULE$;
        });
    }

    default void importOneCert(Configuration configuration, String str, String str2, String str3, Logger logger, Option<String> option, Env env, ExecutionContext executionContext) {
        readCertOrKey(configuration, str, env).foreach(str4 -> {
            Cert enrich = new Cert(IdGenerator$.MODULE$.uuid(), "none", "none", str4, "", None$.MODULE$, Cert$.MODULE$.apply$default$7(), Cert$.MODULE$.apply$default$8(), true, Cert$.MODULE$.apply$default$10(), false, false, Cert$.MODULE$.apply$default$13(), Cert$.MODULE$.apply$default$14(), false, Cert$.MODULE$.apply$default$16(), Cert$.MODULE$.apply$default$17(), Cert$.MODULE$.apply$default$18(), Cert$.MODULE$.apply$default$19(), Cert$.MODULE$.apply$default$20(), Cert$.MODULE$.apply$default$21(), Cert$.MODULE$.apply$default$22(), Cert$.MODULE$.apply$default$23(), Cert$.MODULE$.apply$default$24()).enrich();
            Cert copy = enrich.copy(enrich.copy$default$1(), enrich.domain(), new StringBuilder(16).append("Certificate for ").append(enrich.subject()).toString(), enrich.copy$default$4(), enrich.copy$default$5(), enrich.copy$default$6(), enrich.copy$default$7(), enrich.copy$default$8(), enrich.copy$default$9(), enrich.copy$default$10(), enrich.copy$default$11(), enrich.copy$default$12(), enrich.copy$default$13(), enrich.copy$default$14(), enrich.copy$default$15(), enrich.copy$default$16(), enrich.copy$default$17(), enrich.copy$default$18(), enrich.copy$default$19(), enrich.copy$default$20(), enrich.copy$default$21(), enrich.copy$default$22(), enrich.copy$default$23(), enrich.copy$default$24());
            return this.findAll(this.findAll$default$1(), executionContext, env).map(seq -> {
                return !((IterableLike) seq.map(cert -> {
                    return cert.enrich();
                }, Seq$.MODULE$.canBuildFrom())).exists(cert2 -> {
                    return BoxesRunTime.boxToBoolean($anonfun$importOneCert$4(copy, cert2));
                }) ? copy.save(executionContext, env).andThen(new CertificateDataStore$$anonfun$$nestedInanonfun$importOneCert$2$1(null, logger), executionContext) : BoxedUnit.UNIT;
            }, executionContext);
        });
        readCertOrKey(configuration, str2, env).flatMap(str5 -> {
            return this.readCertOrKey(configuration, str3, env).map(str5 -> {
                Cert enrich = new Cert(IdGenerator$.MODULE$.uuid(), "none", "none", str5, str5, None$.MODULE$, Cert$.MODULE$.apply$default$7(), Cert$.MODULE$.apply$default$8(), Cert$.MODULE$.apply$default$9(), Cert$.MODULE$.apply$default$10(), false, false, Cert$.MODULE$.apply$default$13(), Cert$.MODULE$.apply$default$14(), false, Cert$.MODULE$.apply$default$16(), Cert$.MODULE$.apply$default$17(), Cert$.MODULE$.apply$default$18(), Cert$.MODULE$.apply$default$19(), Cert$.MODULE$.apply$default$20(), Cert$.MODULE$.apply$default$21(), Cert$.MODULE$.apply$default$22(), Cert$.MODULE$.apply$default$23(), Cert$.MODULE$.apply$default$24()).enrich();
                Cert copy = enrich.copy(enrich.copy$default$1(), enrich.domain(), new StringBuilder(16).append("Certificate for ").append(enrich.subject()).toString(), enrich.copy$default$4(), enrich.copy$default$5(), enrich.copy$default$6(), enrich.copy$default$7(), enrich.copy$default$8(), enrich.copy$default$9(), enrich.copy$default$10(), enrich.copy$default$11(), enrich.copy$default$12(), enrich.copy$default$13(), enrich.copy$default$14(), enrich.copy$default$15(), enrich.copy$default$16(), enrich.copy$default$17(), enrich.copy$default$18(), enrich.copy$default$19(), enrich.copy$default$20(), enrich.copy$default$21(), enrich.copy$default$22(), enrich.copy$default$23(), enrich.copy$default$24());
                return this.findAll(this.findAll$default$1(), executionContext, env).map(seq -> {
                    return !((IterableLike) seq.map(cert -> {
                        return cert.enrich();
                    }, Seq$.MODULE$.canBuildFrom())).exists(cert2 -> {
                        return BoxesRunTime.boxToBoolean($anonfun$importOneCert$9(copy, cert2));
                    }) ? copy.save(executionContext, env).andThen(new CertificateDataStore$$anonfun$$nestedInanonfun$importOneCert$7$1(null, logger), executionContext) : BoxedUnit.UNIT;
                }, executionContext);
            });
        });
    }

    default Option<String> importOneCert$default$6() {
        return None$.MODULE$;
    }

    default void importInitialCerts(Logger logger, Env env, ExecutionContext executionContext) {
        importOneCert(env.configuration(), "otoroshi.ssl.rootCa.ca", "otoroshi.ssl.rootCa.cert", "otoroshi.ssl.rootCa.key", logger, new Some(Cert$.MODULE$.OtoroshiCA()), env, executionContext);
        importOneCert(env.configuration(), "otoroshi.ssl.initialCacert", "otoroshi.ssl.initialCert", "otoroshi.ssl.initialCertKey", logger, importOneCert$default$6(), env, executionContext);
        ((IterableLike) implicits$BetterConfiguration$.MODULE$.getOptionalWithFileSupport$extension(implicits$.MODULE$.BetterConfiguration(env.configuration()), "otoroshi.ssl.initialCerts", ConfigLoader$.MODULE$.seqConfigurationLoader(), ClassTag$.MODULE$.apply(Seq.class)).getOrElse(() -> {
            return Nil$.MODULE$;
        })).foreach(configuration -> {
            $anonfun$importInitialCerts$2(this, logger, env, executionContext, configuration);
            return BoxedUnit.UNIT;
        });
    }

    default boolean hasInitialCerts(Env env, ExecutionContext executionContext) {
        return (env.configuration().has("otoroshi.ssl.initialCacert") && env.configuration().has("otoroshi.ssl.initialCert") && env.configuration().has("otoroshi.ssl.initialCertKey")) || env.configuration().has("otoroshi.ssl.initialCerts") || (env.configuration().has("otoroshi.ssl.rootCa.cert") && env.configuration().has("otoroshi.ssl.rootCa.key"));
    }

    default Future<Option<Cert>> autoGenerateCertificateForDomain(String str, Env env, ExecutionContext executionContext) {
        Future<Option<Cert>> future;
        Future<Option<Cert>> future2;
        Some latestSafe = env.datastores().globalConfigDataStore().latestSafe();
        if (None$.MODULE$.equals(latestSafe)) {
            future2 = (Future) FastFuture$.MODULE$.successful().apply(None$.MODULE$);
        } else {
            if (!(latestSafe instanceof Some)) {
                throw new MatchError(latestSafe);
            }
            AutoCert autoCert = ((GlobalConfig) latestSafe.value()).autoCert();
            if (autoCert != null) {
                boolean enabled = autoCert.enabled();
                Some caRef = autoCert.caRef();
                Seq<String> allowed = autoCert.allowed();
                Seq<String> notAllowed = autoCert.notAllowed();
                boolean replyNicely = autoCert.replyNicely();
                if (true == enabled && (caRef instanceof Some)) {
                    future = env.datastores().certificatesDataStore().findById((String) caRef.value(), executionContext, env).flatMap(option -> {
                        Future flatMap;
                        Future future3;
                        if (None$.MODULE$.equals(option)) {
                            DynamicSSLEngineProvider$.MODULE$.logger().error(() -> {
                                return new StringBuilder(46).append("CA cert not found to generate certificate for ").append(str).toString();
                            }, MarkerContext$.MODULE$.NoMarker());
                            future3 = (Future) FastFuture$.MODULE$.successful().apply(None$.MODULE$);
                        } else {
                            if (!(option instanceof Some)) {
                                throw new MatchError(option);
                            }
                            Cert cert = (Cert) ((Some) option).value();
                            boolean z = !notAllowed.exists(str2 -> {
                                return BoxesRunTime.boxToBoolean($anonfun$autoGenerateCertificateForDomain$3(str, str2));
                            }) && allowed.exists(str3 -> {
                                return BoxesRunTime.boxToBoolean($anonfun$autoGenerateCertificateForDomain$4(str, str3));
                            });
                            if (true == z) {
                                CertificateDataStore certificatesDataStore = env.datastores().certificatesDataStore();
                                flatMap = certificatesDataStore.findAll(certificatesDataStore.findAll$default$1(), executionContext, env).flatMap(seq -> {
                                    Future flatMap2;
                                    if (seq.find(cert2 -> {
                                        return BoxesRunTime.boxToBoolean($anonfun$autoGenerateCertificateForDomain$6(str, cert2));
                                    }) instanceof Some) {
                                        flatMap2 = (Future) FastFuture$.MODULE$.successful().apply(None$.MODULE$);
                                    } else {
                                        flatMap2 = env.pki().genCert(new GenCsrQuery(new $colon.colon(str, Nil$.MODULE$), GenCsrQuery$.MODULE$.apply$default$2(), GenCsrQuery$.MODULE$.apply$default$3(), new Some(new StringBuilder(72).append("CN=").append(str).append(",OU=Auto Generated Certificates, OU=Otoroshi Certificates, O=Otoroshi").toString()), GenCsrQuery$.MODULE$.apply$default$5(), GenCsrQuery$.MODULE$.apply$default$6(), GenCsrQuery$.MODULE$.apply$default$7(), GenCsrQuery$.MODULE$.apply$default$8(), GenCsrQuery$.MODULE$.apply$default$9(), GenCsrQuery$.MODULE$.apply$default$10(), GenCsrQuery$.MODULE$.apply$default$11(), GenCsrQuery$.MODULE$.apply$default$12()), (X509Certificate) cert.certificate().get(), (Seq<X509Certificate>) cert.certificates().tail(), cert.cryptoKeyPair().getPrivate(), executionContext).flatMap(either -> {
                                            Future map;
                                            if (either instanceof Left) {
                                                String str4 = (String) ((Left) either).value();
                                                DynamicSSLEngineProvider$.MODULE$.logger().error(() -> {
                                                    return new StringBuilder(41).append("error while generating certificate for ").append(str).append(": ").append(str4).toString();
                                                }, MarkerContext$.MODULE$.NoMarker());
                                                map = (Future) FastFuture$.MODULE$.successful().apply(None$.MODULE$);
                                            } else {
                                                if (!(either instanceof Right)) {
                                                    throw new MatchError(either);
                                                }
                                                Cert cert3 = ((GenCertResponse) ((Right) either).value()).toCert();
                                                Cert copy = cert3.copy(cert3.copy$default$1(), new StringBuilder(16).append("Certificate for ").append(str).toString(), new StringBuilder(31).append("Auto Generated Certificate for ").append(str).toString(), cert3.copy$default$4(), cert3.copy$default$5(), cert3.copy$default$6(), cert3.copy$default$7(), cert3.copy$default$8(), cert3.copy$default$9(), cert3.copy$default$10(), cert3.copy$default$11(), cert3.copy$default$12(), true, cert3.copy$default$14(), cert3.copy$default$15(), cert3.copy$default$16(), cert3.copy$default$17(), cert3.copy$default$18(), cert3.copy$default$19(), cert3.copy$default$20(), cert3.copy$default$21(), cert3.copy$default$22(), cert3.copy$default$23(), cert3.copy$default$24());
                                                map = copy.save(executionContext, env).map(obj -> {
                                                    return $anonfun$autoGenerateCertificateForDomain$9(copy, BoxesRunTime.unboxToBoolean(obj));
                                                }, executionContext);
                                            }
                                            return map;
                                        }, executionContext);
                                    }
                                    return flatMap2;
                                }, executionContext);
                            } else {
                                flatMap = (false == z && replyNicely) ? env.pki().genCert(new GenCsrQuery(new $colon.colon(str, Nil$.MODULE$), GenCsrQuery$.MODULE$.apply$default$2(), GenCsrQuery$.MODULE$.apply$default$3(), new Some(SSLSessionJavaHelper$.MODULE$.BadDN()), GenCsrQuery$.MODULE$.apply$default$5(), GenCsrQuery$.MODULE$.apply$default$6(), GenCsrQuery$.MODULE$.apply$default$7(), GenCsrQuery$.MODULE$.apply$default$8(), GenCsrQuery$.MODULE$.apply$default$9(), GenCsrQuery$.MODULE$.apply$default$10(), GenCsrQuery$.MODULE$.apply$default$11(), GenCsrQuery$.MODULE$.apply$default$12()), (X509Certificate) cert.certificate().get(), (Seq<X509Certificate>) cert.certificates().tail(), cert.cryptoKeyPair().getPrivate(), executionContext).flatMap(either -> {
                                    Future future4;
                                    if (either instanceof Left) {
                                        String str4 = (String) ((Left) either).value();
                                        DynamicSSLEngineProvider$.MODULE$.logger().error(() -> {
                                            return new StringBuilder(41).append("error while generating certificate for ").append(str).append(": ").append(str4).toString();
                                        }, MarkerContext$.MODULE$.NoMarker());
                                        future4 = (Future) FastFuture$.MODULE$.successful().apply(None$.MODULE$);
                                    } else {
                                        if (!(either instanceof Right)) {
                                            throw new MatchError(either);
                                        }
                                        Cert cert2 = ((GenCertResponse) ((Right) either).value()).toCert();
                                        future4 = (Future) FastFuture$.MODULE$.successful().apply(new Some(cert2.copy(cert2.copy$default$1(), new StringBuilder(16).append("Certificate for ").append(str).toString(), new StringBuilder(31).append("Auto Generated Certificate for ").append(str).toString(), cert2.copy$default$4(), cert2.copy$default$5(), cert2.copy$default$6(), cert2.copy$default$7(), cert2.copy$default$8(), cert2.copy$default$9(), cert2.copy$default$10(), cert2.copy$default$11(), cert2.copy$default$12(), true, cert2.copy$default$14(), cert2.copy$default$15(), cert2.copy$default$16(), cert2.copy$default$17(), cert2.copy$default$18(), cert2.copy$default$19(), cert2.copy$default$20(), cert2.copy$default$21(), cert2.copy$default$22(), cert2.copy$default$23(), cert2.copy$default$24())));
                                    }
                                    return future4;
                                }, executionContext) : (Future) FastFuture$.MODULE$.successful().apply(None$.MODULE$);
                            }
                            future3 = flatMap;
                        }
                        return future3;
                    }, executionContext);
                    future2 = future;
                }
            }
            future = (Future) FastFuture$.MODULE$.successful().apply(None$.MODULE$);
            future2 = future;
        }
        return future2;
    }

    default Option<Cert> jautoGenerateCertificateForDomain(String str, Env env) {
        None$ none$;
        Success apply = Try$.MODULE$.apply(() -> {
            return (Option) Await$.MODULE$.result(env.datastores().certificatesDataStore().autoGenerateCertificateForDomain(str, env, env.otoroshiExecutionContext()), new package.DurationInt(package$.MODULE$.DurationInt(10)).seconds());
        });
        if (apply instanceof Failure) {
            none$ = None$.MODULE$;
        } else {
            if (!(apply instanceof Success)) {
                throw new MatchError(apply);
            }
            none$ = (Option) apply.value();
        }
        return none$;
    }

    /* JADX INFO: Access modifiers changed from: private */
    static boolean willBeInvalidSoon$1(Cert cert) {
        Cert enrich = cert.enrich();
        return (new Interval(DateTime.now(), enrich.to()).toDurationMillis() * 100) / new Interval(enrich.from(), enrich.to()).toDurationMillis() < 20;
    }

    static /* synthetic */ boolean $anonfun$renewCertificates$5(Cert cert) {
        return cert.entityMetadata().get("untilExpiration").contains("true") || cert.name().startsWith("[UNTIL EXPIRATION] ");
    }

    static /* synthetic */ Cert $anonfun$renewCertificates$8(Cert cert, boolean z) {
        return cert;
    }

    static /* synthetic */ Cert $anonfun$renewCertificates$10(Cert cert, boolean z) {
        return cert;
    }

    static /* synthetic */ void $anonfun$renewCertificates$11(Env env, Cert cert) {
        Alerts$.MODULE$.send(new CertRenewalAlert(env.snowflakeGenerator().nextIdStr(), env.env(), cert, CertRenewalAlert$.MODULE$.apply$default$4()), env);
    }

    static /* synthetic */ void $anonfun$renewCertificates$12(Done done) {
    }

    private static Future renewCAs$1(Seq seq, Env env, ExecutionContext executionContext, Materializer materializer) {
        return ((Future) Source$.MODULE$.apply(((Seq) ((TraversableLike) ((TraversableLike) ((TraversableLike) ((TraversableLike) seq.filter(cert -> {
            return BoxesRunTime.boxToBoolean(cert.notRevoked());
        })).filter(cert2 -> {
            return BoxesRunTime.boxToBoolean(cert2.autoRenew());
        })).filter(cert3 -> {
            return BoxesRunTime.boxToBoolean(cert3.ca());
        })).filter(cert4 -> {
            return BoxesRunTime.boxToBoolean(willBeInvalidSoon$1(cert4));
        })).filterNot(cert5 -> {
            return BoxesRunTime.boxToBoolean($anonfun$renewCertificates$5(cert5));
        })).toList()).mapAsync(1, cert6 -> {
            return cert6.renew(cert6.renew$default$1(), env, executionContext, materializer).flatMap(cert6 -> {
                return cert6.copy(IdGenerator$.MODULE$.token(), new StringBuilder(19).append("[UNTIL EXPIRATION] ").append(cert6.name()).toString(), cert6.copy$default$3(), cert6.copy$default$4(), cert6.copy$default$5(), cert6.copy$default$6(), cert6.copy$default$7(), cert6.copy$default$8(), cert6.copy$default$9(), cert6.copy$default$10(), cert6.copy$default$11(), cert6.copy$default$12(), cert6.copy$default$13(), cert6.copy$default$14(), cert6.copy$default$15(), cert6.copy$default$16(), cert6.copy$default$17(), cert6.copy$default$18(), cert6.copy$default$19(), cert6.copy$default$20(), cert6.entityMetadata().$plus$plus(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("untilExpiration"), "true"), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("nextCertificate"), cert6.id())}))), cert6.copy$default$22(), cert6.copy$default$23(), cert6.copy$default$24()).save(executionContext, env).map(obj -> {
                    return $anonfun$renewCertificates$8(cert6, BoxesRunTime.unboxToBoolean(obj));
                }, executionContext);
            }, executionContext).flatMap(cert7 -> {
                return cert7.save(executionContext, env).map(obj -> {
                    return $anonfun$renewCertificates$10(cert7, BoxesRunTime.unboxToBoolean(obj));
                }, executionContext);
            }, executionContext);
        }).map(cert7 -> {
            $anonfun$renewCertificates$11(env, cert7);
            return BoxedUnit.UNIT;
        }).runWith(Sink$.MODULE$.ignore(), materializer)).map(done -> {
            $anonfun$renewCertificates$12(done);
            return BoxedUnit.UNIT;
        }, executionContext);
    }

    static /* synthetic */ boolean $anonfun$renewCertificates$17(Cert cert) {
        return cert.entityMetadata().get("untilExpiration").contains("true") || cert.name().startsWith("[UNTIL EXPIRATION] ");
    }

    static /* synthetic */ Cert $anonfun$renewCertificates$20(Cert cert, boolean z) {
        return cert;
    }

    static /* synthetic */ Cert $anonfun$renewCertificates$22(Cert cert, boolean z) {
        return cert;
    }

    static /* synthetic */ void $anonfun$renewCertificates$23(Env env, Cert cert) {
        Alerts$.MODULE$.send(new CertRenewalAlert(env.snowflakeGenerator().nextIdStr(), env.env(), cert, CertRenewalAlert$.MODULE$.apply$default$4()), env);
    }

    static /* synthetic */ void $anonfun$renewCertificates$24(Done done) {
    }

    private static Future renewNonCaCertificates$1(Seq seq, Env env, ExecutionContext executionContext, Materializer materializer) {
        return ((Future) Source$.MODULE$.apply(((Seq) ((TraversableLike) ((TraversableLike) ((TraversableLike) ((TraversableLike) seq.filter(cert -> {
            return BoxesRunTime.boxToBoolean(cert.notRevoked());
        })).filter(cert2 -> {
            return BoxesRunTime.boxToBoolean(cert2.autoRenew());
        })).filterNot(cert3 -> {
            return BoxesRunTime.boxToBoolean(cert3.ca());
        })).filter(cert4 -> {
            return BoxesRunTime.boxToBoolean(willBeInvalidSoon$1(cert4));
        })).filterNot(cert5 -> {
            return BoxesRunTime.boxToBoolean($anonfun$renewCertificates$17(cert5));
        })).toList()).mapAsync(1, cert6 -> {
            return cert6.renew(cert6.renew$default$1(), env, executionContext, materializer).flatMap(cert6 -> {
                return cert6.copy(IdGenerator$.MODULE$.token(), new StringBuilder(19).append("[UNTIL EXPIRATION] ").append(cert6.name()).toString(), cert6.copy$default$3(), cert6.copy$default$4(), cert6.copy$default$5(), cert6.copy$default$6(), cert6.copy$default$7(), cert6.copy$default$8(), cert6.copy$default$9(), cert6.copy$default$10(), cert6.copy$default$11(), cert6.copy$default$12(), cert6.copy$default$13(), cert6.copy$default$14(), cert6.copy$default$15(), cert6.copy$default$16(), cert6.copy$default$17(), cert6.copy$default$18(), cert6.copy$default$19(), cert6.copy$default$20(), cert6.entityMetadata().$plus$plus(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("untilExpiration"), "true"), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("nextCertificate"), cert6.id())}))), cert6.copy$default$22(), cert6.copy$default$23(), cert6.copy$default$24()).save(executionContext, env).map(obj -> {
                    return $anonfun$renewCertificates$20(cert6, BoxesRunTime.unboxToBoolean(obj));
                }, executionContext);
            }, executionContext).flatMap(cert7 -> {
                return cert7.save(executionContext, env).map(obj -> {
                    return $anonfun$renewCertificates$22(cert7, BoxesRunTime.unboxToBoolean(obj));
                }, executionContext);
            }, executionContext);
        }).map(cert7 -> {
            $anonfun$renewCertificates$23(env, cert7);
            return BoxedUnit.UNIT;
        }).runWith(Sink$.MODULE$.ignore(), materializer)).map(done -> {
            $anonfun$renewCertificates$24(done);
            return BoxedUnit.UNIT;
        }, executionContext);
    }

    static /* synthetic */ boolean $anonfun$renewCertificates$26(Cert cert) {
        return cert.from().isBefore(DateTime.now()) && cert.to().isAfter(DateTime.now());
    }

    static /* synthetic */ Cert $anonfun$renewCertificates$29(Cert cert, boolean z) {
        return cert;
    }

    static /* synthetic */ Cert $anonfun$renewCertificates$31(Cert cert, boolean z) {
        return cert;
    }

    static /* synthetic */ void $anonfun$renewCertificates$32(Env env, Cert cert) {
        Alerts$.MODULE$.send(new CertExpiredAlert(env.snowflakeGenerator().nextIdStr(), env.env(), cert, CertExpiredAlert$.MODULE$.apply$default$4()), env);
    }

    static /* synthetic */ void $anonfun$renewCertificates$33(Done done) {
    }

    private static Future markExpiredCertsAsExpired$1(Seq seq, ExecutionContext executionContext, Env env, Materializer materializer) {
        return ((Future) Source$.MODULE$.apply(((Seq) ((TraversableLike) seq.filter(cert -> {
            return BoxesRunTime.boxToBoolean(cert.notRevoked());
        })).filterNot(cert2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$renewCertificates$26(cert2));
        })).toList()).mapAsync(1, cert3 -> {
            Future future;
            if (cert3.entityMetadata().get("expired").contains("true") || cert3.name().startsWith("[EXPIRED] ")) {
                future = (Future) implicits$BetterSyntax$.MODULE$.applyOn$extension(implicits$.MODULE$.BetterSyntax(cert3), cert3 -> {
                    return cert3.save(executionContext, env).map(obj -> {
                        return $anonfun$renewCertificates$29(cert3, BoxesRunTime.unboxToBoolean(obj));
                    }, executionContext);
                });
            } else {
                if (cert3.entityMetadata().get("expired").contains("true") || cert3.name().startsWith("[EXPIRED] ")) {
                    throw new MatchError(cert3);
                }
                future = (Future) implicits$BetterSyntax$.MODULE$.applyOn$extension(implicits$.MODULE$.BetterSyntax(cert3.copy(cert3.copy$default$1(), new StringBuilder(10).append("[EXPIRED] ").append(cert3.name()).toString(), cert3.copy$default$3(), cert3.copy$default$4(), cert3.copy$default$5(), cert3.copy$default$6(), cert3.copy$default$7(), cert3.copy$default$8(), cert3.copy$default$9(), cert3.copy$default$10(), cert3.copy$default$11(), cert3.copy$default$12(), cert3.copy$default$13(), cert3.copy$default$14(), cert3.copy$default$15(), cert3.copy$default$16(), cert3.copy$default$17(), cert3.copy$default$18(), cert3.copy$default$19(), cert3.copy$default$20(), cert3.entityMetadata().$plus$plus(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("expired"), "true")}))), cert3.copy$default$22(), cert3.copy$default$23(), cert3.copy$default$24())), cert4 -> {
                    return cert4.save(executionContext, env).map(obj -> {
                        return $anonfun$renewCertificates$31(cert4, BoxesRunTime.unboxToBoolean(obj));
                    }, executionContext);
                });
            }
            return future;
        }).map(cert4 -> {
            $anonfun$renewCertificates$32(env, cert4);
            return BoxedUnit.UNIT;
        }).runWith(Sink$.MODULE$.ignore(), materializer)).map(done -> {
            $anonfun$renewCertificates$33(done);
            return BoxedUnit.UNIT;
        }, executionContext);
    }

    static /* synthetic */ void $anonfun$renewCertificates$39(BoxedUnit boxedUnit) {
    }

    static /* synthetic */ boolean $anonfun$importOneCert$4(Cert cert, Cert cert2) {
        if (cert2.signature().isDefined()) {
            Option<String> signature = cert2.signature();
            Option<String> signature2 = cert.signature();
            if (signature != null ? signature.equals(signature2) : signature2 == null) {
                if (cert2.serialNumber().isDefined()) {
                    Option<String> serialNumber = cert2.serialNumber();
                    Option<String> serialNumber2 = cert.serialNumber();
                    if (serialNumber != null ? serialNumber.equals(serialNumber2) : serialNumber2 == null) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    static /* synthetic */ boolean $anonfun$importOneCert$9(Cert cert, Cert cert2) {
        if (cert2.signature().isDefined()) {
            Option<String> signature = cert2.signature();
            Option<String> signature2 = cert.signature();
            if (signature != null ? signature.equals(signature2) : signature2 == null) {
                if (cert2.serialNumber().isDefined()) {
                    Option<String> serialNumber = cert2.serialNumber();
                    Option<String> serialNumber2 = cert.serialNumber();
                    if (serialNumber != null ? serialNumber.equals(serialNumber2) : serialNumber2 == null) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    static /* synthetic */ void $anonfun$importInitialCerts$2(CertificateDataStore certificateDataStore, Logger logger, Env env, ExecutionContext executionContext, Configuration configuration) {
        certificateDataStore.importOneCert(configuration, "ca", "cert", "key", logger, certificateDataStore.importOneCert$default$6(), env, executionContext);
    }

    static /* synthetic */ boolean $anonfun$autoGenerateCertificateForDomain$3(String str, String str2) {
        return RegexPool$.MODULE$.apply(str2).matches(str);
    }

    static /* synthetic */ boolean $anonfun$autoGenerateCertificateForDomain$4(String str, String str2) {
        return RegexPool$.MODULE$.apply(str2).matches(str);
    }

    static /* synthetic */ boolean $anonfun$autoGenerateCertificateForDomain$6(String str, Cert cert) {
        return ((SeqLike) cert.sans().$colon$plus(cert.domain(), Seq$.MODULE$.canBuildFrom())).contains(str);
    }

    static /* synthetic */ Some $anonfun$autoGenerateCertificateForDomain$9(Cert cert, boolean z) {
        return new Some(cert);
    }

    static void $init$(CertificateDataStore certificateDataStore) {
    }
}
