package otoroshi.ssl;

import akka.http.scaladsl.util.FastFuture$;
import akka.stream.Materializer;
import akka.stream.scaladsl.Source;
import akka.util.ByteString;
import akka.util.ByteString$;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.OCSPRespBuilder;
import org.bouncycastle.cert.ocsp.Req;
import org.bouncycastle.cert.ocsp.RespID;
import org.bouncycastle.cert.ocsp.RevokedStatus;
import org.bouncycastle.cert.ocsp.UnknownStatus;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.joda.time.DateTime;
import org.joda.time.base.AbstractInstant;
import otoroshi.env.Env;
import otoroshi.utils.syntax.implicits$;
import otoroshi.utils.syntax.implicits$BetterConfiguration$;
import otoroshi.utils.syntax.implicits$BetterSyntax$;
import play.api.ConfigLoader$;
import play.api.Logger;
import play.api.Logger$;
import play.api.http.Writeable$;
import play.api.libs.json.Json$;
import play.api.libs.json.Writes$;
import play.api.mvc.Codec$;
import play.api.mvc.RequestHeader;
import play.api.mvc.Result;
import play.api.mvc.Results$;
import scala.Array$;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.Tuple3;
import scala.collection.immutable.List;
import scala.collection.immutable.List$;
import scala.collection.immutable.Nil$;
import scala.collection.mutable.ArrayOps;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.ObjectRef;
import scala.util.Failure;
import scala.util.Success;
import scala.util.Try$;

/* compiled from: ocsp.scala */
@ScalaSignature(bytes = "\u0006\u0001\u00055x!\u0002\r\u001a\u0011\u0003qb!\u0002\u0011\u001a\u0011\u0003\t\u0003\"\u0002\u0015\u0002\t\u0003I\u0003\"\u0002\u0016\u0002\t\u0003Yc\u0001\u0002\u0011\u001a\u00015B\u0001B\f\u0003\u0003\u0002\u0003\u0006Ia\f\u0005\ti\u0011\u0011)\u0019!C\u0002k!AA\b\u0002B\u0001B\u0003%a\u0007C\u0003)\t\u0011\u0005Q\bC\u0004A\t\t\u0007I1B!\t\r)#\u0001\u0015!\u0003C\u0011!YE\u0001#b\u0001\n\u0003a\u0005bB+\u0005\u0005\u0004%\tA\u0016\u0005\u00075\u0012\u0001\u000b\u0011B,\t\u000fm#!\u0019!C\u00019\"1\u0001\r\u0002Q\u0001\nuCQ!\u0019\u0003\u0005\u0002\tDq!!\u0001\u0005\t\u0003\t\u0019\u0001C\u0004\u0002@\u0011!\t!!\u0011\t\u000f\u0005\u001dD\u0001\"\u0001\u0002j!9\u0011Q\u0015\u0003\u0005\u0002\u0005\u001d\u0006bBAX\t\u0011\u0005\u0011\u0011\u0017\u0005\b\u00037$A\u0011AAo\u0011\u001d\t\u0019\u000f\u0002C\u0001\u0003K\fQbT2taJ+7\u000f]8oI\u0016\u0014(B\u0001\u000e\u001c\u0003\r\u00198\u000f\u001c\u0006\u00029\u0005Aq\u000e^8s_ND\u0017n\u0001\u0001\u0011\u0005}\tQ\"A\r\u0003\u001b=\u001b7\u000f\u001d*fgB|g\u000eZ3s'\t\t!\u0005\u0005\u0002$M5\tAEC\u0001&\u0003\u0015\u00198-\u00197b\u0013\t9CE\u0001\u0004B]f\u0014VMZ\u0001\u0007y%t\u0017\u000e\u001e \u0015\u0003y\tQ!\u00199qYf$R\u0001LAu\u0003W\u0004\"a\b\u0003\u0014\u0005\u0011\u0011\u0013aA3omB\u0011\u0001GM\u0007\u0002c)\u0011afG\u0005\u0003gE\u00121!\u00128w\u0003\t)7-F\u00017!\t9$(D\u00019\u0015\tID%\u0001\u0006d_:\u001cWO\u001d:f]RL!a\u000f\u001d\u0003!\u0015CXmY;uS>t7i\u001c8uKb$\u0018aA3dAQ\u0019AFP \t\u000b9B\u0001\u0019A\u0018\t\u000bQB\u00019\u0001\u001c\u0002\u00075\fG/F\u0001C!\t\u0019\u0005*D\u0001E\u0015\t)e)\u0001\u0004tiJ,\u0017-\u001c\u0006\u0002\u000f\u0006!\u0011m[6b\u0013\tIEI\u0001\u0007NCR,'/[1mSj,'/\u0001\u0003nCR\u0004\u0013A\u00027pO\u001e,'/F\u0001N!\tq5+D\u0001P\u0015\t\u0001\u0016+A\u0002ba&T\u0011AU\u0001\u0005a2\f\u00170\u0003\u0002U\u001f\n1Aj\\4hKJ\fQB]3kK\u000e$XK\\6o_^tW#A,\u0011\u0005\rB\u0016BA-%\u0005\u001d\u0011un\u001c7fC:\faB]3kK\u000e$XK\\6o_^t\u0007%\u0001\toKb$X\u000b\u001d3bi\u0016|eMZ:fiV\tQ\f\u0005\u0002$=&\u0011q\f\n\u0002\u0004\u0013:$\u0018!\u00058fqR,\u0006\u000fZ1uK>3gm]3uA\u0005\u0019\u0011-[1\u0015\u0007\rt7\u0010\u0006\u0002e[B\u0019q'Z4\n\u0005\u0019D$A\u0002$viV\u0014X\r\u0005\u0002iW6\t\u0011N\u0003\u0002k\u001f\u0006\u0019QN^2\n\u00051L'A\u0002*fgVdG\u000fC\u00035!\u0001\u000fa\u0007C\u0003p!\u0001\u0007\u0001/\u0001\u0002jIB\u0011\u0011\u000f\u001f\b\u0003eZ\u0004\"a\u001d\u0013\u000e\u0003QT!!^\u000f\u0002\rq\u0012xn\u001c;?\u0013\t9H%\u0001\u0004Qe\u0016$WMZ\u0005\u0003sj\u0014aa\u0015;sS:<'BA<%\u0011\u0015a\b\u00031\u0001~\u0003\r\u0011X-\u001d\t\u0003QzL!a`5\u0003\u001bI+\u0017/^3ti\"+\u0017\rZ3s\u0003\u001d\u0011Xm\u001d9p]\u0012$b!!\u0002\u0002\n\u0005-Ac\u00013\u0002\b!)A'\u0005a\u0002m!)A0\u0005a\u0001{\"9\u0011QB\tA\u0002\u0005=\u0011\u0001\u00022pIf\u0004D!!\u0005\u0002.AA\u00111CA\r\u0003;\tI#\u0004\u0002\u0002\u0016)\u0019\u0011q\u0003#\u0002\u0011M\u001c\u0017\r\\1eg2LA!a\u0007\u0002\u0016\t11k\\;sG\u0016\u0004B!a\b\u0002&5\u0011\u0011\u0011\u0005\u0006\u0004\u0003G1\u0015\u0001B;uS2LA!a\n\u0002\"\tQ!)\u001f;f'R\u0014\u0018N\\4\u0011\t\u0005-\u0012Q\u0006\u0007\u0001\t1\ty#a\u0003\u0002\u0002\u0003\u0005)\u0011AA\u0019\u0005\ryF%M\t\u0005\u0003g\tI\u0004E\u0002$\u0003kI1!a\u000e%\u0005\u001dqu\u000e\u001e5j]\u001e\u00042aIA\u001e\u0013\r\ti\u0004\n\u0002\u0004\u0003:L\u0018!D7b]\u0006<WMU3rk\u0016\u001cH\u000f\u0006\u0003\u0002D\u0005u\u0003\u0003B\u001cf\u0003\u000b\u0002B!a\u0012\u0002Z5\u0011\u0011\u0011\n\u0006\u0005\u0003\u0017\ni%\u0001\u0003pGN\u0004(\u0002BA(\u0003#\nAaY3si*!\u00111KA+\u00031\u0011w.\u001e8ds\u000e\f7\u000f\u001e7f\u0015\t\t9&A\u0002pe\u001eLA!a\u0017\u0002J\tAqjQ*Q%\u0016\u001c\b\u000fC\u0004\u0002`I\u0001\r!!\u0019\u0002\u000f=\u001c7\u000f\u001d*fcB!\u0011qIA2\u0013\u0011\t)'!\u0013\u0003\u000f=\u001b5\u000b\u0015*fc\u0006Y\u0011\r\u001a3SKN\u0004xN\\:f))\tY'!\u001d\u0002|\u0005\u0015\u0015Q\u0013\t\u0004G\u00055\u0014bAA8I\t!QK\\5u\u0011\u001d\t\u0019h\u0005a\u0001\u0003k\nqB]3ta>t7/\u001a\"vS2$WM\u001d\t\u0005\u0003\u000f\n9(\u0003\u0003\u0002z\u0005%#\u0001\u0006\"bg&\u001cwjQ*Q%\u0016\u001c\bOQ;jY\u0012,'\u000fC\u0004\u0002~M\u0001\r!a \u0002\u000fI,\u0017/^3tiB!\u0011qIAA\u0013\u0011\t\u0019)!\u0013\u0003\u0007I+\u0017\u000fC\u0004\u0002\bN\u0001\r!!#\u0002%%\u001c8/^5oO\u000e+'\u000f^5gS\u000e\fG/\u001a\t\u0005\u0003\u0017\u000b\t*\u0004\u0002\u0002\u000e*!\u0011qRA'\u0003\u0019Q7-\u00196dK&!\u00111SAG\u0005aQ5-\u0019-6ae\u001aUM\u001d;jM&\u001c\u0017\r^3I_2$WM\u001d\u0005\b\u0003/\u001b\u0002\u0019AAM\u0003a!\u0017nZ3ti\u000e\u000bGnY;mCR|'\u000f\u0015:pm&$WM\u001d\t\u0005\u00037\u000b\t+\u0004\u0002\u0002\u001e*!\u0011qTA)\u0003!y\u0007/\u001a:bi>\u0014\u0018\u0002BAR\u0003;\u0013\u0001\u0004R5hKN$8)\u00197dk2\fGo\u001c:Qe>4\u0018\u000eZ3s\u0003A9W\r^+oW:|wO\\*uCR,8/\u0006\u0002\u0002*B!\u0011qIAV\u0013\u0011\ti+!\u0013\u0003#\r+'\u000f^5gS\u000e\fG/Z*uCR,8/\u0001\rhKR|5i\u0015)DKJ$\u0018NZ5dCR,7\u000b^1ukN$B!a-\u0002PB)1%!.\u0002:&\u0019\u0011q\u0017\u0013\u0003\r=\u0003H/[8o!%\u0019\u00131XAU\u0003\u007f\u000by,C\u0002\u0002>\u0012\u0012a\u0001V;qY\u0016\u001c\u0004\u0003BAa\u0003\u0017l!!a1\u000b\t\u0005\u0015\u0017qY\u0001\u0005i&lWM\u0003\u0003\u0002J\u0006U\u0013\u0001\u00026pI\u0006LA!!4\u0002D\nAA)\u0019;f)&lW\rC\u0004\u0002RV\u0001\r!a5\u0002\u0011\r,'\u000f\u001e#bi\u0006\u0004RaIA[\u0003+\u00042aHAl\u0013\r\tI.\u0007\u0002\u0013\u001f\u000e\u001b\u0006kQ3siB\u0013xN[3di&|g.\u0001\u0007hKR\u001c%\u000b\u0014*fCN|g\u000eF\u0002^\u0003?Da!!9\u0017\u0001\u0004\u0001\u0018\u0001\u0005:fm>\u001c\u0017\r^5p]J+\u0017m]8o\u0003AI7oU5h]\u0006$XO]3WC2LG\rF\u0002X\u0003ODq!a\u0018\u0018\u0001\u0004\t\t\u0007C\u0003/\u0007\u0001\u0007q\u0006C\u00035\u0007\u0001\u0007a\u0007")
/* loaded from: input_file:otoroshi/ssl/OcspResponder.class */
public class OcspResponder {
    private Logger logger;
    private final Env env;
    private final ExecutionContext ec;
    private final Materializer mat;
    private final boolean rejectUnknown = true;
    private final int nextUpdateOffset;
    private volatile boolean bitmap$0;

    public static OcspResponder apply(Env env, ExecutionContext executionContext) {
        return OcspResponder$.MODULE$.apply(env, executionContext);
    }

    public ExecutionContext ec() {
        return this.ec;
    }

    private Materializer mat() {
        return this.mat;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8, types: [otoroshi.ssl.OcspResponder] */
    private Logger logger$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.logger = Logger$.MODULE$.apply("otoroshi-certificates-ocsp");
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        return this.logger;
    }

    public Logger logger() {
        return !this.bitmap$0 ? logger$lzycompute() : this.logger;
    }

    public boolean rejectUnknown() {
        return this.rejectUnknown;
    }

    public int nextUpdateOffset() {
        return this.nextUpdateOffset;
    }

    public Future<Result> aia(String str, RequestHeader requestHeader, ExecutionContext executionContext) {
        Future<Result> future$extension;
        Some find = DynamicSSLEngineProvider$.MODULE$.certificates().values().find(cert -> {
            return BoxesRunTime.boxToBoolean($anonfun$aia$1(str, cert));
        });
        if (None$.MODULE$.equals(find)) {
            future$extension = implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(Results$.MODULE$.NotFound().apply("", Writeable$.MODULE$.wString(Codec$.MODULE$.utf_8())).as("application/pkix-cert")));
        } else {
            if (!(find instanceof Some)) {
                throw new MatchError(find);
            }
            future$extension = implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(Results$.MODULE$.Ok().apply(SSLImplicits$EnhancedX509Certificate$.MODULE$.asPem$extension(SSLImplicits$.MODULE$.EnhancedX509Certificate((X509Certificate) ((Cert) find.value()).certificate().get())), Writeable$.MODULE$.wString(Codec$.MODULE$.utf_8())).as("application/pkix-cert")));
        }
        return future$extension;
    }

    public Future<Result> respond(RequestHeader requestHeader, Source<ByteString, ?> source, ExecutionContext executionContext) {
        return source.runFold(ByteString$.MODULE$.empty(), (byteString, byteString2) -> {
            return byteString.$plus$plus(byteString2);
        }, mat()).flatMap(byteString3 -> {
            if (byteString3.isEmpty()) {
                return (Future) FastFuture$.MODULE$.successful().apply(Results$.MODULE$.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("Missing body", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
            }
            OCSPReq oCSPReq = new OCSPReq((byte[]) byteString3.toArray(ClassTag$.MODULE$.Byte()));
            return (!oCSPReq.isSigned() || this.isSignatureValid(oCSPReq)) ? this.manageRequest(oCSPReq).map(oCSPResp -> {
                return Results$.MODULE$.Ok().apply(oCSPResp.getEncoded(), Writeable$.MODULE$.wByteArray());
            }, executionContext).recover(new OcspResponder$$anonfun$$nestedInanonfun$respond$2$1(this), executionContext) : implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(Results$.MODULE$.BadRequest().apply(new OCSPRespBuilder().build(1, (Object) null).getEncoded(), Writeable$.MODULE$.wByteArray())));
        }, executionContext);
    }

    public Future<OCSPResp> manageRequest(OCSPReq oCSPReq) {
        return this.env.datastores().certificatesDataStore().findById(Cert$.MODULE$.OtoroshiCA(), ec(), this.env).flatMap(option -> {
            return this.env.datastores().certificatesDataStore().findById(Cert$.MODULE$.OtoroshiIntermediateCA(), this.ec(), this.env).map(option -> {
                Tuple2 tuple2 = new Tuple2(option, option);
                if (tuple2 != null) {
                    Some some = (Option) tuple2._1();
                    Some some2 = (Option) tuple2._2();
                    if (some instanceof Some) {
                        Cert cert = (Cert) some.value();
                        if (some2 instanceof Some) {
                            Cert cert2 = (Cert) some2.value();
                            if (cert2.caFromChain().isDefined()) {
                                JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder((X509Certificate) cert2.caFromChain().get());
                                ContentSigner build = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(cert.cryptoKeyPair().getPrivate());
                                DigestCalculatorProvider build2 = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
                                BasicOCSPRespBuilder basicOCSPRespBuilder = new BasicOCSPRespBuilder(new RespID(SubjectPublicKeyInfo.getInstance(cert.cryptoKeyPair().getPublic().getEncoded()), build2.get(new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1"))));
                                Extension extension = oCSPReq.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
                                List list = Nil$.MODULE$;
                                if (extension != null) {
                                    list = (List) list.$colon$plus(extension, List$.MODULE$.canBuildFrom());
                                }
                                if (this.rejectUnknown()) {
                                    list = (List) list.$colon$plus(new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_extended_revoke, false, (byte[]) Array$.MODULE$.apply(Nil$.MODULE$, ClassTag$.MODULE$.Byte())), List$.MODULE$.canBuildFrom());
                                }
                                basicOCSPRespBuilder.setResponseExtensions(new Extensions((Extension[]) list.toArray(ClassTag$.MODULE$.apply(Extension.class))));
                                new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(oCSPReq.getRequestList())).foreach(req -> {
                                    this.addResponse(basicOCSPRespBuilder, req, jcaX509CertificateHolder, build2);
                                    return BoxedUnit.UNIT;
                                });
                                return new OCSPRespBuilder().build(0, basicOCSPRespBuilder.build(build, (X509CertificateHolder[]) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(cert.certificatesChain())).map(x509Certificate -> {
                                    return new JcaX509CertificateHolder(x509Certificate);
                                }, Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(X509CertificateHolder.class))), new Date()));
                            }
                        }
                    }
                }
                if (tuple2 != null) {
                    Option option = (Option) tuple2._1();
                    Option option2 = (Option) tuple2._2();
                    if (None$.MODULE$.equals(option) && None$.MODULE$.equals(option2)) {
                        throw new RuntimeException("Missing root CA, intermediate CA or intermediate CA chain");
                    }
                }
                throw new MatchError(tuple2);
            }, this.ec());
        }, ec());
    }

    public void addResponse(BasicOCSPRespBuilder basicOCSPRespBuilder, Req req, JcaX509CertificateHolder jcaX509CertificateHolder, DigestCalculatorProvider digestCalculatorProvider) {
        Extension extension;
        CertificateID certID = req.getCertID();
        ObjectRef create = ObjectRef.create(new Extensions((Extension[]) Array$.MODULE$.apply(Nil$.MODULE$, ClassTag$.MODULE$.apply(Extension.class))));
        Extensions singleRequestExtensions = req.getSingleRequestExtensions();
        if (singleRequestExtensions != null && (extension = singleRequestExtensions.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce)) != null) {
            create.elem = new Extensions(extension);
        }
        if (certID.matchesIssuer(jcaX509CertificateHolder, digestCalculatorProvider)) {
            getOCSPCertificateStatus(DynamicSSLEngineProvider$.MODULE$._ocspProjectionCertificates().get(certID.getSerialNumber())).foreach(tuple3 -> {
                return basicOCSPRespBuilder.addResponse(req.getCertID(), (CertificateStatus) tuple3._1(), ((AbstractInstant) tuple3._2()).toDate(), ((AbstractInstant) tuple3._3()).toDate(), (Extensions) create.elem);
            });
        } else {
            basicOCSPRespBuilder.addResponse(certID, getUnknownStatus(), DateTime.now().toDate(), DateTime.now().plusSeconds(nextUpdateOffset()).toDate(), (Extensions) create.elem);
        }
    }

    public CertificateStatus getUnknownStatus() {
        return rejectUnknown() ? new RevokedStatus(DateTime.now().toDate(), 0) : new UnknownStatus();
    }

    public Option<Tuple3<CertificateStatus, DateTime, DateTime>> getOCSPCertificateStatus(Option<OCSPCertProjection> option) {
        None$ some;
        if (None$.MODULE$.equals(option)) {
            some = None$.MODULE$;
        } else {
            if (!(option instanceof Some)) {
                throw new MatchError(option);
            }
            OCSPCertProjection oCSPCertProjection = (OCSPCertProjection) ((Some) option).value();
            RevokedStatus unknownStatus = getUnknownStatus();
            if (oCSPCertProjection.revoked()) {
                unknownStatus = new RevokedStatus(oCSPCertProjection.from(), getCRLReason(oCSPCertProjection.revocationReason()));
            } else if (oCSPCertProjection.expired()) {
                unknownStatus = new RevokedStatus(oCSPCertProjection.to(), getCRLReason(oCSPCertProjection.revocationReason()));
            } else if (oCSPCertProjection.valid()) {
                unknownStatus = CertificateStatus.GOOD;
            }
            DateTime now = DateTime.now();
            some = new Some(new Tuple3(unknownStatus, now, now.plusSeconds(nextUpdateOffset())));
        }
        return some;
    }

    public int getCRLReason(String str) {
        return "UNSPECIFIED".equals(str) ? 0 : "KEY_COMPROMISE".equals(str) ? 1 : "CA_COMPROMISE".equals(str) ? 2 : "AFFILIATION_CHANGED".equals(str) ? 3 : "SUPERSEDED".equals(str) ? 4 : "CESSATION_OF_OPERATION".equals(str) ? 5 : "CERTIFICATE_HOLD".equals(str) ? 6 : "REMOVE_FROM_CRL".equals(str) ? 8 : "PRIVILEGE_WITH_DRAWN".equals(str) ? 9 : "AA_COMPROMISE".equals(str) ? 10 : 0;
    }

    public boolean isSignatureValid(OCSPReq oCSPReq) {
        return oCSPReq.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build((X509CertificateHolder) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(oCSPReq.getCerts())).head()));
    }

    public static final /* synthetic */ boolean $anonfun$aia$1(String str, Cert cert) {
        boolean unboxToBoolean;
        Failure apply = Try$.MODULE$.apply(() -> {
            String bigInteger = ((X509Certificate) cert.certificate().get()).getSerialNumber().toString();
            if (bigInteger != null ? bigInteger.equals(str) : str == null) {
                if (cert.exposed() && CertParentHelper$.MODULE$.fromOtoroshiRootCa((X509Certificate) cert.certificate().get(), CertParentHelper$.MODULE$.fromOtoroshiRootCa$default$2())) {
                    return true;
                }
            }
            return false;
        });
        if (apply instanceof Failure) {
            apply.exception().printStackTrace();
            unboxToBoolean = false;
        } else {
            if (!(apply instanceof Success)) {
                throw new MatchError(apply);
            }
            unboxToBoolean = BoxesRunTime.unboxToBoolean(((Success) apply).value());
        }
        return unboxToBoolean;
    }

    public OcspResponder(Env env, ExecutionContext executionContext) {
        this.env = env;
        this.ec = executionContext;
        this.mat = env.otoroshiMaterializer();
        this.nextUpdateOffset = BoxesRunTime.unboxToInt(implicits$BetterConfiguration$.MODULE$.getOptionalWithFileSupport$extension(implicits$.MODULE$.BetterConfiguration(env.configuration()), "app.ocsp.caching.seconds", ConfigLoader$.MODULE$.intLoader(), ClassTag$.MODULE$.Int()).getOrElse(() -> {
            return 3600;
        }));
    }
}
