package otoroshi.ssl;

import akka.Done;
import akka.http.scaladsl.util.FastFuture$;
import akka.stream.Materializer;
import akka.stream.scaladsl.Sink$;
import akka.stream.scaladsl.Source$;
import java.io.File;
import java.nio.file.Files;
import java.security.cert.X509Certificate;
import org.joda.time.DateTime;
import org.joda.time.Interval;
import otoroshi.env.Env;
import otoroshi.events.Alerts$;
import otoroshi.events.CertExpiredAlert;
import otoroshi.events.CertExpiredAlert$;
import otoroshi.events.CertRenewalAlert;
import otoroshi.events.CertRenewalAlert$;
import otoroshi.models.AutoCert;
import otoroshi.models.GlobalConfig;
import otoroshi.security.IdGenerator$;
import otoroshi.ssl.pki.models.GenCertResponse;
import otoroshi.ssl.pki.models.GenCsrQuery;
import otoroshi.ssl.pki.models.GenCsrQuery$;
import otoroshi.storage.BasicStore;
import otoroshi.utils.RegexPool$;
import otoroshi.utils.syntax.implicits$;
import otoroshi.utils.syntax.implicits$BetterConfiguration$;
import otoroshi.utils.syntax.implicits$BetterJsReadable$;
import otoroshi.utils.syntax.implicits$BetterSyntax$;
import play.api.ConfigLoader$;
import play.api.Configuration;
import play.api.Logger;
import play.api.MarkerContext$;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.IterableLike;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.SeqLike;
import scala.collection.TraversableLike;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.concurrent.Await$;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.duration.package;
import scala.concurrent.duration.package$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.util.Failure;
import scala.util.Left;
import scala.util.Right;
import scala.util.Success;
import scala.util.Try$;

/* compiled from: ssl.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005UcaB\u0007\u000f!\u0003\r\ta\u0005\u0005\u0006I\u0001!\t!\n\u0005\u0006S\u0001!\tA\u000b\u0005\u0006e\u0001!\ta\r\u0005\u0006w\u0001!\t\u0001\u0010\u0005\u0006\u0007\u0002!\t\u0001\u0012\u0005\u0006'\u0002!\t\u0001\u0016\u0005\u0006a\u0002!\t!\u001d\u0005\n\u0003\u000f\u0001\u0011\u0013!C\u0001\u0003\u0013Aq!a\b\u0001\t\u0003\t\t\u0003C\u0004\u0002,\u0001!\t!!\f\t\u000f\u0005m\u0002\u0001\"\u0001\u0002>!9\u0011Q\n\u0001\u0005\u0002\u0005=#\u0001F\"feRLg-[2bi\u0016$\u0015\r^1Ti>\u0014XM\u0003\u0002\u0010!\u0005\u00191o\u001d7\u000b\u0003E\t\u0001b\u001c;pe>\u001c\b.[\u0002\u0001'\r\u0001AC\u0007\t\u0003+ai\u0011A\u0006\u0006\u0002/\u0005)1oY1mC&\u0011\u0011D\u0006\u0002\u0007\u0003:L(+\u001a4\u0011\u0007mq\u0002%D\u0001\u001d\u0015\ti\u0002#A\u0004ti>\u0014\u0018mZ3\n\u0005}a\"A\u0003\"bg&\u001c7\u000b^8sKB\u0011\u0011EI\u0007\u0002\u001d%\u00111E\u0004\u0002\u0005\u0007\u0016\u0014H/\u0001\u0004%S:LG\u000f\n\u000b\u0002MA\u0011QcJ\u0005\u0003QY\u0011A!\u00168ji\u0006a1/\u001f8d)\u0016l\u0007\u000f\\1uKR\u0011\u0001e\u000b\u0005\u0006Y\t\u0001\r!L\u0001\u0004K:4\bC\u0001\u00181\u001b\u0005y#B\u0001\u0017\u0011\u0013\t\ttFA\u0002F]Z\fQB\\1lK\u0012$V-\u001c9mCR,GC\u0001\u001b;!\r)\u0004\bI\u0007\u0002m)\u0011qGF\u0001\u000bG>t7-\u001e:sK:$\u0018BA\u001d7\u0005\u00191U\u000f^;sK\")Af\u0001a\u0001[\u0005AA/Z7qY\u0006$X\rF\u00025{\tCQA\u0010\u0003A\u0004}\n!!Z2\u0011\u0005U\u0002\u0015BA!7\u0005A)\u00050Z2vi&|gnQ8oi\u0016DH\u000fC\u0003-\t\u0001\u000fQ&A\tsK:,woQ3si&4\u0017nY1uKN$\u0012!\u0012\u000b\u0005\r\u001eC\u0015\nE\u00026q\u0019BQAP\u0003A\u0004}BQ\u0001L\u0003A\u00045BQAS\u0003A\u0004-\u000b1!\\1u!\ta\u0015+D\u0001N\u0015\tqu*\u0001\u0004tiJ,\u0017-\u001c\u0006\u0002!\u0006!\u0011m[6b\u0013\t\u0011VJ\u0001\u0007NCR,'/[1mSj,'/A\u0007sK\u0006$7)\u001a:u\u001fJ\\U-\u001f\u000b\u0005+\u000elw\u000eE\u0002\u0016-bK!a\u0016\f\u0003\r=\u0003H/[8o!\tI\u0006M\u0004\u0002[=B\u00111LF\u0007\u00029*\u0011QLE\u0001\u0007yI|w\u000e\u001e \n\u0005}3\u0012A\u0002)sK\u0012,g-\u0003\u0002bE\n11\u000b\u001e:j]\u001eT!a\u0018\f\t\u000b\u00114\u0001\u0019A3\u0002\t\r|gN\u001a\t\u0003M.l\u0011a\u001a\u0006\u0003Q&\f1!\u00199j\u0015\u0005Q\u0017\u0001\u00029mCfL!\u0001\\4\u0003\u001b\r{gNZ5hkJ\fG/[8o\u0011\u0015qg\u00011\u0001Y\u0003\u0011\u0001\u0018\r\u001e5\t\u000b12\u0001\u0019A\u0017\u0002\u001b%l\u0007o\u001c:u\u001f:,7)\u001a:u)!\u0011XO\u001e={y\u0006\rAc\u0001\u0014ti\")Af\u0002a\u0002[!)ah\u0002a\u0002\u007f!)Am\u0002a\u0001K\")qo\u0002a\u00011\u000611-\u0019)bi\"DQ!_\u0004A\u0002a\u000b\u0001bY3siB\u000bG\u000f\u001b\u0005\u0006w\u001e\u0001\r\u0001W\u0001\bW\u0016L\b+\u0019;i\u0011\u0015ix\u00011\u0001\u007f\u0003\u0019awnZ4feB\u0011am`\u0005\u0004\u0003\u00039'A\u0002'pO\u001e,'\u000f\u0003\u0005\u0002\u0006\u001d\u0001\n\u00111\u0001V\u0003\tIG-A\fj[B|'\u000f^(oK\u000e+'\u000f\u001e\u0013eK\u001a\fW\u000f\u001c;%mU\u0011\u00111\u0002\u0016\u0004+\u000651FAA\b!\u0011\t\t\"a\u0007\u000e\u0005\u0005M!\u0002BA\u000b\u0003/\t\u0011\"\u001e8dQ\u0016\u001c7.\u001a3\u000b\u0007\u0005ea#\u0001\u0006b]:|G/\u0019;j_:LA!!\b\u0002\u0014\t\tRO\\2iK\u000e\\W\r\u001a,be&\fgnY3\u0002%%l\u0007o\u001c:u\u0013:LG/[1m\u0007\u0016\u0014Ho\u001d\u000b\u0005\u0003G\tI\u0003F\u0003'\u0003K\t9\u0003C\u0003-\u0013\u0001\u000fQ\u0006C\u0003?\u0013\u0001\u000fq\bC\u0003~\u0013\u0001\u0007a0A\biCNLe.\u001b;jC2\u001cUM\u001d;t)\t\ty\u0003\u0006\u0004\u00022\u0005]\u0012\u0011\b\t\u0004+\u0005M\u0012bAA\u001b-\t9!i\\8mK\u0006t\u0007\"\u0002\u0017\u000b\u0001\bi\u0003\"\u0002 \u000b\u0001\by\u0014\u0001I1vi><UM\\3sCR,7)\u001a:uS\u001aL7-\u0019;f\r>\u0014Hi\\7bS:$B!a\u0010\u0002JQ1\u0011\u0011IA#\u0003\u000f\u0002B!\u000e\u001d\u0002DA\u0019QC\u0016\u0011\t\u000b1Z\u00019A\u0017\t\u000byZ\u00019A \t\r\u0005-3\u00021\u0001Y\u0003\u0019!w.\\1j]\u0006\t#.Y;u_\u001e+g.\u001a:bi\u0016\u001cUM\u001d;jM&\u001c\u0017\r^3G_J$u.\\1j]R1\u00111IA)\u0003'Ba!a\u0013\r\u0001\u0004A\u0006\"\u0002\u0017\r\u0001\u0004i\u0003")
/* loaded from: input_file:otoroshi/ssl/CertificateDataStore.class */
public interface CertificateDataStore extends BasicStore<Cert> {
    default Cert syncTemplate(Env env) {
        return new Cert(IdGenerator$.MODULE$.namedId("cert", env), "a new certificate", "a new certificate", "", "", None$.MODULE$, Cert$.MODULE$.apply$default$7(), Cert$.MODULE$.apply$default$8(), Cert$.MODULE$.apply$default$9(), Cert$.MODULE$.apply$default$10(), Cert$.MODULE$.apply$default$11(), false, Cert$.MODULE$.apply$default$13(), Cert$.MODULE$.apply$default$14(), Cert$.MODULE$.apply$default$15(), Cert$.MODULE$.apply$default$16(), Cert$.MODULE$.apply$default$17(), Cert$.MODULE$.apply$default$18(), Cert$.MODULE$.apply$default$19(), Cert$.MODULE$.apply$default$20(), Cert$.MODULE$.apply$default$21(), Cert$.MODULE$.apply$default$22(), Cert$.MODULE$.apply$default$23(), Cert$.MODULE$.apply$default$24());
    }

    default Future<Cert> nakedTemplate(Env env) {
        Cert syncTemplate = syncTemplate(env);
        return implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(env.datastores().globalConfigDataStore().latest(env.otoroshiExecutionContext(), env).templates().certificate().map(jsObject -> {
            return (Cert) Cert$.MODULE$._fmt().reads(implicits$BetterJsReadable$.MODULE$.asObject$extension(implicits$.MODULE$.BetterJsReadable(syncTemplate.json())).deepMerge(jsObject)).get();
        }).getOrElse(() -> {
            return syncTemplate;
        })));
    }

    default Future<Cert> template(ExecutionContext executionContext, Env env) {
        return nakedTemplate(env);
    }

    default Future<BoxedUnit> renewCertificates(ExecutionContext executionContext, Env env, Materializer materializer) {
        return findAll(findAll$default$1(), executionContext, env).flatMap(seq -> {
            return renewCAs$1(seq, env, executionContext, materializer).flatMap(boxedUnit -> {
                return this.findAll(this.findAll$default$1(), executionContext, env).flatMap(seq -> {
                    return renewNonCaCertificates$1(seq, env, executionContext, materializer).flatMap(boxedUnit -> {
                        return this.findAll(this.findAll$default$1(), executionContext, env).flatMap(seq -> {
                            return markExpiredCertsAsExpired$1(seq, executionContext, env, materializer).map(boxedUnit -> {
                                $anonfun$renewCertificates$39(boxedUnit);
                                return BoxedUnit.UNIT;
                            }, executionContext);
                        }, executionContext);
                    }, executionContext);
                }, executionContext);
            }, executionContext);
        }, executionContext);
    }

    default Option<String> readCertOrKey(Configuration configuration, String str, Env env) {
        return implicits$BetterConfiguration$.MODULE$.getOptionalWithFileSupport$extension(implicits$.MODULE$.BetterConfiguration(configuration), str, ConfigLoader$.MODULE$.stringLoader(), ClassTag$.MODULE$.apply(String.class)).flatMap(str2 -> {
            if ((str2.contains(PemHeaders$.MODULE$.BeginCertificate()) && str2.contains(PemHeaders$.MODULE$.EndCertificate())) || ((str2.contains(PemHeaders$.MODULE$.BeginPrivateKey()) && str2.contains(PemHeaders$.MODULE$.EndPrivateKey())) || ((str2.contains(PemHeaders$.MODULE$.BeginPrivateECKey()) && str2.contains(PemHeaders$.MODULE$.EndPrivateECKey())) || (str2.contains(PemHeaders$.MODULE$.BeginPrivateRSAKey()) && str2.contains(PemHeaders$.MODULE$.EndPrivateRSAKey()))))) {
                return new Some(str2);
            }
            File file = new File(str2);
            if (!file.exists()) {
                return None$.MODULE$;
            }
            String str2 = new String(Files.readAllBytes(file.toPath()));
            return ((str2.contains(PemHeaders$.MODULE$.BeginCertificate()) && str2.contains(PemHeaders$.MODULE$.EndCertificate())) || (str2.contains(PemHeaders$.MODULE$.BeginPrivateKey()) && str2.contains(PemHeaders$.MODULE$.EndPrivateKey())) || ((str2.contains(PemHeaders$.MODULE$.BeginPrivateECKey()) && str2.contains(PemHeaders$.MODULE$.EndPrivateECKey())) || (str2.contains(PemHeaders$.MODULE$.BeginPrivateRSAKey()) && str2.contains(PemHeaders$.MODULE$.EndPrivateRSAKey())))) ? new Some(str2) : None$.MODULE$;
        });
    }

    default void importOneCert(Configuration configuration, String str, String str2, String str3, Logger logger, Option<String> option, Env env, ExecutionContext executionContext) {
        readCertOrKey(configuration, str, env).foreach(str4 -> {
            Cert enrich = new Cert(IdGenerator$.MODULE$.uuid(), "none", "none", str4, "", None$.MODULE$, Cert$.MODULE$.apply$default$7(), Cert$.MODULE$.apply$default$8(), true, Cert$.MODULE$.apply$default$10(), false, false, Cert$.MODULE$.apply$default$13(), Cert$.MODULE$.apply$default$14(), false, Cert$.MODULE$.apply$default$16(), Cert$.MODULE$.apply$default$17(), Cert$.MODULE$.apply$default$18(), Cert$.MODULE$.apply$default$19(), Cert$.MODULE$.apply$default$20(), Cert$.MODULE$.apply$default$21(), Cert$.MODULE$.apply$default$22(), Cert$.MODULE$.apply$default$23(), Cert$.MODULE$.apply$default$24()).enrich();
            Cert copy = enrich.copy(enrich.copy$default$1(), enrich.domain(), new StringBuilder(16).append("Certificate for ").append(enrich.subject()).toString(), enrich.copy$default$4(), enrich.copy$default$5(), enrich.copy$default$6(), enrich.copy$default$7(), enrich.copy$default$8(), enrich.copy$default$9(), enrich.copy$default$10(), enrich.copy$default$11(), enrich.copy$default$12(), enrich.copy$default$13(), enrich.copy$default$14(), enrich.copy$default$15(), enrich.copy$default$16(), enrich.copy$default$17(), enrich.copy$default$18(), enrich.copy$default$19(), enrich.copy$default$20(), enrich.copy$default$21(), enrich.copy$default$22(), enrich.copy$default$23(), enrich.copy$default$24());
            return this.findAll(this.findAll$default$1(), executionContext, env).map(seq -> {
                return !((IterableLike) seq.map(cert -> {
                    return cert.enrich();
                }, Seq$.MODULE$.canBuildFrom())).exists(cert2 -> {
                    return BoxesRunTime.boxToBoolean($anonfun$importOneCert$4(copy, cert2));
                }) ? copy.save(executionContext, env).andThen(new CertificateDataStore$$anonfun$$nestedInanonfun$importOneCert$2$1(null, logger), executionContext) : BoxedUnit.UNIT;
            }, executionContext);
        });
        readCertOrKey(configuration, str2, env).flatMap(str5 -> {
            return this.readCertOrKey(configuration, str3, env).map(str5 -> {
                Cert enrich = new Cert(IdGenerator$.MODULE$.uuid(), "none", "none", str5, str5, None$.MODULE$, Cert$.MODULE$.apply$default$7(), Cert$.MODULE$.apply$default$8(), Cert$.MODULE$.apply$default$9(), Cert$.MODULE$.apply$default$10(), false, false, Cert$.MODULE$.apply$default$13(), Cert$.MODULE$.apply$default$14(), false, Cert$.MODULE$.apply$default$16(), Cert$.MODULE$.apply$default$17(), Cert$.MODULE$.apply$default$18(), Cert$.MODULE$.apply$default$19(), Cert$.MODULE$.apply$default$20(), Cert$.MODULE$.apply$default$21(), Cert$.MODULE$.apply$default$22(), Cert$.MODULE$.apply$default$23(), Cert$.MODULE$.apply$default$24()).enrich();
                Cert copy = enrich.copy(enrich.copy$default$1(), enrich.domain(), new StringBuilder(16).append("Certificate for ").append(enrich.subject()).toString(), enrich.copy$default$4(), enrich.copy$default$5(), enrich.copy$default$6(), enrich.copy$default$7(), enrich.copy$default$8(), enrich.copy$default$9(), enrich.copy$default$10(), enrich.copy$default$11(), enrich.copy$default$12(), enrich.copy$default$13(), enrich.copy$default$14(), enrich.copy$default$15(), enrich.copy$default$16(), enrich.copy$default$17(), enrich.copy$default$18(), enrich.copy$default$19(), enrich.copy$default$20(), enrich.copy$default$21(), enrich.copy$default$22(), enrich.copy$default$23(), enrich.copy$default$24());
                return this.findAll(this.findAll$default$1(), executionContext, env).map(seq -> {
                    return !((IterableLike) seq.map(cert -> {
                        return cert.enrich();
                    }, Seq$.MODULE$.canBuildFrom())).exists(cert2 -> {
                        return BoxesRunTime.boxToBoolean($anonfun$importOneCert$9(copy, cert2));
                    }) ? copy.save(executionContext, env).andThen(new CertificateDataStore$$anonfun$$nestedInanonfun$importOneCert$7$1(null, logger), executionContext) : BoxedUnit.UNIT;
                }, executionContext);
            });
        });
    }

    default Option<String> importOneCert$default$6() {
        return None$.MODULE$;
    }

    default void importInitialCerts(Logger logger, Env env, ExecutionContext executionContext) {
        importOneCert(env.configuration(), "otoroshi.ssl.rootCa.ca", "otoroshi.ssl.rootCa.cert", "otoroshi.ssl.rootCa.key", logger, new Some(Cert$.MODULE$.OtoroshiCA()), env, executionContext);
        importOneCert(env.configuration(), "otoroshi.ssl.initialCacert", "otoroshi.ssl.initialCert", "otoroshi.ssl.initialCertKey", logger, importOneCert$default$6(), env, executionContext);
        ((IterableLike) implicits$BetterConfiguration$.MODULE$.getOptionalWithFileSupport$extension(implicits$.MODULE$.BetterConfiguration(env.configuration()), "otoroshi.ssl.initialCerts", ConfigLoader$.MODULE$.seqConfigurationLoader(), ClassTag$.MODULE$.apply(Seq.class)).getOrElse(() -> {
            return Nil$.MODULE$;
        })).foreach(configuration -> {
            $anonfun$importInitialCerts$2(this, logger, env, executionContext, configuration);
            return BoxedUnit.UNIT;
        });
    }

    default boolean hasInitialCerts(Env env, ExecutionContext executionContext) {
        return (implicits$BetterConfiguration$.MODULE$.betterHas$extension(implicits$.MODULE$.BetterConfiguration(env.configuration()), "otoroshi.ssl.initialCacert") && implicits$BetterConfiguration$.MODULE$.betterHas$extension(implicits$.MODULE$.BetterConfiguration(env.configuration()), "otoroshi.ssl.initialCert") && implicits$BetterConfiguration$.MODULE$.betterHas$extension(implicits$.MODULE$.BetterConfiguration(env.configuration()), "otoroshi.ssl.initialCertKey")) || implicits$BetterConfiguration$.MODULE$.betterHas$extension(implicits$.MODULE$.BetterConfiguration(env.configuration()), "otoroshi.ssl.initialCerts") || (implicits$BetterConfiguration$.MODULE$.betterHas$extension(implicits$.MODULE$.BetterConfiguration(env.configuration()), "otoroshi.ssl.rootCa.cert") && implicits$BetterConfiguration$.MODULE$.betterHas$extension(implicits$.MODULE$.BetterConfiguration(env.configuration()), "otoroshi.ssl.rootCa.key"));
    }

    default Future<Option<Cert>> autoGenerateCertificateForDomain(String str, Env env, ExecutionContext executionContext) {
        Some latestSafe = env.datastores().globalConfigDataStore().latestSafe();
        if (None$.MODULE$.equals(latestSafe)) {
            return (Future) FastFuture$.MODULE$.successful().apply(None$.MODULE$);
        }
        if (!(latestSafe instanceof Some)) {
            throw new MatchError(latestSafe);
        }
        AutoCert autoCert = ((GlobalConfig) latestSafe.value()).autoCert();
        if (autoCert != null) {
            boolean enabled = autoCert.enabled();
            Some caRef = autoCert.caRef();
            Seq<String> allowed = autoCert.allowed();
            Seq<String> notAllowed = autoCert.notAllowed();
            boolean replyNicely = autoCert.replyNicely();
            if (true == enabled && (caRef instanceof Some)) {
                return env.datastores().certificatesDataStore().findById((String) caRef.value(), executionContext, env).flatMap(option -> {
                    if (None$.MODULE$.equals(option)) {
                        DynamicSSLEngineProvider$.MODULE$.logger().error(() -> {
                            return new StringBuilder(46).append("CA cert not found to generate certificate for ").append(str).toString();
                        }, MarkerContext$.MODULE$.NoMarker());
                        return (Future) FastFuture$.MODULE$.successful().apply(None$.MODULE$);
                    }
                    if (!(option instanceof Some)) {
                        throw new MatchError(option);
                    }
                    Cert cert = (Cert) ((Some) option).value();
                    boolean z = !notAllowed.exists(str2 -> {
                        return BoxesRunTime.boxToBoolean($anonfun$autoGenerateCertificateForDomain$3(str, str2));
                    }) && allowed.exists(str3 -> {
                        return BoxesRunTime.boxToBoolean($anonfun$autoGenerateCertificateForDomain$4(str, str3));
                    });
                    if (true == z) {
                        CertificateDataStore certificatesDataStore = env.datastores().certificatesDataStore();
                        return certificatesDataStore.findAll(certificatesDataStore.findAll$default$1(), executionContext, env).flatMap(seq -> {
                            if (seq.find(cert2 -> {
                                return BoxesRunTime.boxToBoolean($anonfun$autoGenerateCertificateForDomain$6(str, cert2));
                            }) instanceof Some) {
                                return (Future) FastFuture$.MODULE$.successful().apply(None$.MODULE$);
                            }
                            return env.pki().genCert(new GenCsrQuery(new $colon.colon(str, Nil$.MODULE$), GenCsrQuery$.MODULE$.apply$default$2(), GenCsrQuery$.MODULE$.apply$default$3(), new Some(new StringBuilder(72).append("CN=").append(str).append(",OU=Auto Generated Certificates, OU=Otoroshi Certificates, O=Otoroshi").toString()), GenCsrQuery$.MODULE$.apply$default$5(), GenCsrQuery$.MODULE$.apply$default$6(), GenCsrQuery$.MODULE$.apply$default$7(), GenCsrQuery$.MODULE$.apply$default$8(), GenCsrQuery$.MODULE$.apply$default$9(), GenCsrQuery$.MODULE$.apply$default$10(), GenCsrQuery$.MODULE$.apply$default$11(), GenCsrQuery$.MODULE$.apply$default$12()), (X509Certificate) cert.certificate().get(), (Seq<X509Certificate>) cert.certificates().tail(), cert.cryptoKeyPair().getPrivate(), executionContext).flatMap(either -> {
                                if (either instanceof Left) {
                                    String str4 = (String) ((Left) either).value();
                                    DynamicSSLEngineProvider$.MODULE$.logger().error(() -> {
                                        return new StringBuilder(41).append("error while generating certificate for ").append(str).append(": ").append(str4).toString();
                                    }, MarkerContext$.MODULE$.NoMarker());
                                    return (Future) FastFuture$.MODULE$.successful().apply(None$.MODULE$);
                                }
                                if (!(either instanceof Right)) {
                                    throw new MatchError(either);
                                }
                                Cert cert3 = ((GenCertResponse) ((Right) either).value()).toCert();
                                Cert copy = cert3.copy(cert3.copy$default$1(), new StringBuilder(16).append("Certificate for ").append(str).toString(), new StringBuilder(31).append("Auto Generated Certificate for ").append(str).toString(), cert3.copy$default$4(), cert3.copy$default$5(), cert3.copy$default$6(), cert3.copy$default$7(), cert3.copy$default$8(), cert3.copy$default$9(), cert3.copy$default$10(), cert3.copy$default$11(), cert3.copy$default$12(), true, cert3.copy$default$14(), cert3.copy$default$15(), cert3.copy$default$16(), cert3.copy$default$17(), cert3.copy$default$18(), cert3.copy$default$19(), cert3.copy$default$20(), cert3.copy$default$21(), cert3.copy$default$22(), cert3.copy$default$23(), cert3.copy$default$24());
                                return copy.save(executionContext, env).map(obj -> {
                                    return $anonfun$autoGenerateCertificateForDomain$9(copy, BoxesRunTime.unboxToBoolean(obj));
                                }, executionContext);
                            }, executionContext);
                        }, executionContext);
                    }
                    if (false == z && replyNicely) {
                        return env.pki().genCert(new GenCsrQuery(new $colon.colon(str, Nil$.MODULE$), GenCsrQuery$.MODULE$.apply$default$2(), GenCsrQuery$.MODULE$.apply$default$3(), new Some(SSLSessionJavaHelper$.MODULE$.BadDN()), GenCsrQuery$.MODULE$.apply$default$5(), GenCsrQuery$.MODULE$.apply$default$6(), GenCsrQuery$.MODULE$.apply$default$7(), GenCsrQuery$.MODULE$.apply$default$8(), GenCsrQuery$.MODULE$.apply$default$9(), GenCsrQuery$.MODULE$.apply$default$10(), GenCsrQuery$.MODULE$.apply$default$11(), GenCsrQuery$.MODULE$.apply$default$12()), (X509Certificate) cert.certificate().get(), (Seq<X509Certificate>) cert.certificates().tail(), cert.cryptoKeyPair().getPrivate(), executionContext).flatMap(either -> {
                            if (either instanceof Left) {
                                String str4 = (String) ((Left) either).value();
                                DynamicSSLEngineProvider$.MODULE$.logger().error(() -> {
                                    return new StringBuilder(41).append("error while generating certificate for ").append(str).append(": ").append(str4).toString();
                                }, MarkerContext$.MODULE$.NoMarker());
                                return (Future) FastFuture$.MODULE$.successful().apply(None$.MODULE$);
                            }
                            if (!(either instanceof Right)) {
                                throw new MatchError(either);
                            }
                            Cert cert2 = ((GenCertResponse) ((Right) either).value()).toCert();
                            return (Future) FastFuture$.MODULE$.successful().apply(new Some(cert2.copy(cert2.copy$default$1(), new StringBuilder(16).append("Certificate for ").append(str).toString(), new StringBuilder(31).append("Auto Generated Certificate for ").append(str).toString(), cert2.copy$default$4(), cert2.copy$default$5(), cert2.copy$default$6(), cert2.copy$default$7(), cert2.copy$default$8(), cert2.copy$default$9(), cert2.copy$default$10(), cert2.copy$default$11(), cert2.copy$default$12(), true, cert2.copy$default$14(), cert2.copy$default$15(), cert2.copy$default$16(), cert2.copy$default$17(), cert2.copy$default$18(), cert2.copy$default$19(), cert2.copy$default$20(), cert2.copy$default$21(), cert2.copy$default$22(), cert2.copy$default$23(), cert2.copy$default$24())));
                        }, executionContext);
                    }
                    return (Future) FastFuture$.MODULE$.successful().apply(None$.MODULE$);
                }, executionContext);
            }
        }
        return (Future) FastFuture$.MODULE$.successful().apply(None$.MODULE$);
    }

    default Option<Cert> jautoGenerateCertificateForDomain(String str, Env env) {
        Success apply = Try$.MODULE$.apply(() -> {
            return (Option) Await$.MODULE$.result(env.datastores().certificatesDataStore().autoGenerateCertificateForDomain(str, env, env.otoroshiExecutionContext()), new package.DurationInt(package$.MODULE$.DurationInt(10)).seconds());
        });
        if (apply instanceof Failure) {
            return None$.MODULE$;
        }
        if (apply instanceof Success) {
            return (Option) apply.value();
        }
        throw new MatchError(apply);
    }

    /* JADX INFO: Access modifiers changed from: private */
    static boolean willBeInvalidSoon$1(Cert cert) {
        Cert enrich = cert.enrich();
        return (new Interval(DateTime.now(), enrich.to()).toDurationMillis() * 100) / new Interval(enrich.from(), enrich.to()).toDurationMillis() < 20;
    }

    static /* synthetic */ boolean $anonfun$renewCertificates$5(Cert cert) {
        return cert.entityMetadata().get("untilExpiration").contains("true") || cert.name().startsWith("[UNTIL EXPIRATION] ");
    }

    static /* synthetic */ Cert $anonfun$renewCertificates$8(Cert cert, boolean z) {
        return cert;
    }

    static /* synthetic */ Cert $anonfun$renewCertificates$10(Cert cert, boolean z) {
        return cert;
    }

    static /* synthetic */ void $anonfun$renewCertificates$11(Env env, Cert cert) {
        Alerts$.MODULE$.send(new CertRenewalAlert(env.snowflakeGenerator().nextIdStr(), env.env(), cert, CertRenewalAlert$.MODULE$.apply$default$4()), env);
    }

    static /* synthetic */ void $anonfun$renewCertificates$12(Done done) {
    }

    private static Future renewCAs$1(Seq seq, Env env, ExecutionContext executionContext, Materializer materializer) {
        return ((Future) Source$.MODULE$.apply(((Seq) ((TraversableLike) ((TraversableLike) ((TraversableLike) ((TraversableLike) seq.filter(cert -> {
            return BoxesRunTime.boxToBoolean(cert.notRevoked());
        })).filter(cert2 -> {
            return BoxesRunTime.boxToBoolean(cert2.autoRenew());
        })).filter(cert3 -> {
            return BoxesRunTime.boxToBoolean(cert3.ca());
        })).filter(cert4 -> {
            return BoxesRunTime.boxToBoolean(willBeInvalidSoon$1(cert4));
        })).filterNot(cert5 -> {
            return BoxesRunTime.boxToBoolean($anonfun$renewCertificates$5(cert5));
        })).toList()).mapAsync(1, cert6 -> {
            return cert6.renew(cert6.renew$default$1(), env, executionContext, materializer).flatMap(cert6 -> {
                return cert6.copy(IdGenerator$.MODULE$.token(), new StringBuilder(19).append("[UNTIL EXPIRATION] ").append(cert6.name()).toString(), cert6.copy$default$3(), cert6.copy$default$4(), cert6.copy$default$5(), cert6.copy$default$6(), cert6.copy$default$7(), cert6.copy$default$8(), cert6.copy$default$9(), cert6.copy$default$10(), cert6.copy$default$11(), cert6.copy$default$12(), cert6.copy$default$13(), cert6.copy$default$14(), cert6.copy$default$15(), cert6.copy$default$16(), cert6.copy$default$17(), cert6.copy$default$18(), cert6.copy$default$19(), cert6.copy$default$20(), cert6.entityMetadata().$plus$plus(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("untilExpiration"), "true"), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("nextCertificate"), cert6.id())}))), cert6.copy$default$22(), cert6.copy$default$23(), cert6.copy$default$24()).save(executionContext, env).map(obj -> {
                    return $anonfun$renewCertificates$8(cert6, BoxesRunTime.unboxToBoolean(obj));
                }, executionContext);
            }, executionContext).flatMap(cert7 -> {
                return cert7.save(executionContext, env).map(obj -> {
                    return $anonfun$renewCertificates$10(cert7, BoxesRunTime.unboxToBoolean(obj));
                }, executionContext);
            }, executionContext);
        }).map(cert7 -> {
            $anonfun$renewCertificates$11(env, cert7);
            return BoxedUnit.UNIT;
        }).runWith(Sink$.MODULE$.ignore(), materializer)).map(done -> {
            $anonfun$renewCertificates$12(done);
            return BoxedUnit.UNIT;
        }, executionContext);
    }

    static /* synthetic */ boolean $anonfun$renewCertificates$17(Cert cert) {
        return cert.entityMetadata().get("untilExpiration").contains("true") || cert.name().startsWith("[UNTIL EXPIRATION] ");
    }

    static /* synthetic */ Cert $anonfun$renewCertificates$20(Cert cert, boolean z) {
        return cert;
    }

    static /* synthetic */ Cert $anonfun$renewCertificates$22(Cert cert, boolean z) {
        return cert;
    }

    static /* synthetic */ void $anonfun$renewCertificates$23(Env env, Cert cert) {
        Alerts$.MODULE$.send(new CertRenewalAlert(env.snowflakeGenerator().nextIdStr(), env.env(), cert, CertRenewalAlert$.MODULE$.apply$default$4()), env);
    }

    static /* synthetic */ void $anonfun$renewCertificates$24(Done done) {
    }

    private static Future renewNonCaCertificates$1(Seq seq, Env env, ExecutionContext executionContext, Materializer materializer) {
        return ((Future) Source$.MODULE$.apply(((Seq) ((TraversableLike) ((TraversableLike) ((TraversableLike) ((TraversableLike) seq.filter(cert -> {
            return BoxesRunTime.boxToBoolean(cert.notRevoked());
        })).filter(cert2 -> {
            return BoxesRunTime.boxToBoolean(cert2.autoRenew());
        })).filterNot(cert3 -> {
            return BoxesRunTime.boxToBoolean(cert3.ca());
        })).filter(cert4 -> {
            return BoxesRunTime.boxToBoolean(willBeInvalidSoon$1(cert4));
        })).filterNot(cert5 -> {
            return BoxesRunTime.boxToBoolean($anonfun$renewCertificates$17(cert5));
        })).toList()).mapAsync(1, cert6 -> {
            return cert6.renew(cert6.renew$default$1(), env, executionContext, materializer).flatMap(cert6 -> {
                return cert6.copy(IdGenerator$.MODULE$.token(), new StringBuilder(19).append("[UNTIL EXPIRATION] ").append(cert6.name()).toString(), cert6.copy$default$3(), cert6.copy$default$4(), cert6.copy$default$5(), cert6.copy$default$6(), cert6.copy$default$7(), cert6.copy$default$8(), cert6.copy$default$9(), cert6.copy$default$10(), cert6.copy$default$11(), cert6.copy$default$12(), cert6.copy$default$13(), cert6.copy$default$14(), cert6.copy$default$15(), cert6.copy$default$16(), cert6.copy$default$17(), cert6.copy$default$18(), cert6.copy$default$19(), cert6.copy$default$20(), cert6.entityMetadata().$plus$plus(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("untilExpiration"), "true"), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("nextCertificate"), cert6.id())}))), cert6.copy$default$22(), cert6.copy$default$23(), cert6.copy$default$24()).save(executionContext, env).map(obj -> {
                    return $anonfun$renewCertificates$20(cert6, BoxesRunTime.unboxToBoolean(obj));
                }, executionContext);
            }, executionContext).flatMap(cert7 -> {
                return cert7.save(executionContext, env).map(obj -> {
                    return $anonfun$renewCertificates$22(cert7, BoxesRunTime.unboxToBoolean(obj));
                }, executionContext);
            }, executionContext);
        }).map(cert7 -> {
            $anonfun$renewCertificates$23(env, cert7);
            return BoxedUnit.UNIT;
        }).runWith(Sink$.MODULE$.ignore(), materializer)).map(done -> {
            $anonfun$renewCertificates$24(done);
            return BoxedUnit.UNIT;
        }, executionContext);
    }

    static /* synthetic */ boolean $anonfun$renewCertificates$26(Cert cert) {
        return cert.from().isBefore(DateTime.now()) && cert.to().isAfter(DateTime.now());
    }

    static /* synthetic */ Cert $anonfun$renewCertificates$29(Cert cert, boolean z) {
        return cert;
    }

    static /* synthetic */ Cert $anonfun$renewCertificates$31(Cert cert, boolean z) {
        return cert;
    }

    static /* synthetic */ void $anonfun$renewCertificates$32(Env env, Cert cert) {
        Alerts$.MODULE$.send(new CertExpiredAlert(env.snowflakeGenerator().nextIdStr(), env.env(), cert, CertExpiredAlert$.MODULE$.apply$default$4()), env);
    }

    static /* synthetic */ void $anonfun$renewCertificates$33(Done done) {
    }

    private static Future markExpiredCertsAsExpired$1(Seq seq, ExecutionContext executionContext, Env env, Materializer materializer) {
        return ((Future) Source$.MODULE$.apply(((Seq) ((TraversableLike) seq.filter(cert -> {
            return BoxesRunTime.boxToBoolean(cert.notRevoked());
        })).filterNot(cert2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$renewCertificates$26(cert2));
        })).toList()).mapAsync(1, cert3 -> {
            if (cert3.entityMetadata().get("expired").contains("true") || cert3.name().startsWith("[EXPIRED] ")) {
                return (Future) implicits$BetterSyntax$.MODULE$.applyOn$extension(implicits$.MODULE$.BetterSyntax(cert3), cert3 -> {
                    return cert3.save(executionContext, env).map(obj -> {
                        return $anonfun$renewCertificates$29(cert3, BoxesRunTime.unboxToBoolean(obj));
                    }, executionContext);
                });
            }
            if (cert3.entityMetadata().get("expired").contains("true") || cert3.name().startsWith("[EXPIRED] ")) {
                throw new MatchError(cert3);
            }
            return (Future) implicits$BetterSyntax$.MODULE$.applyOn$extension(implicits$.MODULE$.BetterSyntax(cert3.copy(cert3.copy$default$1(), new StringBuilder(10).append("[EXPIRED] ").append(cert3.name()).toString(), cert3.copy$default$3(), cert3.copy$default$4(), cert3.copy$default$5(), cert3.copy$default$6(), cert3.copy$default$7(), cert3.copy$default$8(), cert3.copy$default$9(), cert3.copy$default$10(), cert3.copy$default$11(), cert3.copy$default$12(), cert3.copy$default$13(), cert3.copy$default$14(), cert3.copy$default$15(), cert3.copy$default$16(), cert3.copy$default$17(), cert3.copy$default$18(), cert3.copy$default$19(), cert3.copy$default$20(), cert3.entityMetadata().$plus$plus(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("expired"), "true")}))), cert3.copy$default$22(), cert3.copy$default$23(), cert3.copy$default$24())), cert4 -> {
                return cert4.save(executionContext, env).map(obj -> {
                    return $anonfun$renewCertificates$31(cert4, BoxesRunTime.unboxToBoolean(obj));
                }, executionContext);
            });
        }).map(cert4 -> {
            $anonfun$renewCertificates$32(env, cert4);
            return BoxedUnit.UNIT;
        }).runWith(Sink$.MODULE$.ignore(), materializer)).map(done -> {
            $anonfun$renewCertificates$33(done);
            return BoxedUnit.UNIT;
        }, executionContext);
    }

    static /* synthetic */ void $anonfun$renewCertificates$39(BoxedUnit boxedUnit) {
    }

    static /* synthetic */ boolean $anonfun$importOneCert$4(Cert cert, Cert cert2) {
        if (cert2.signature().isDefined()) {
            Option<String> signature = cert2.signature();
            Option<String> signature2 = cert.signature();
            if (signature != null ? signature.equals(signature2) : signature2 == null) {
                if (cert2.serialNumber().isDefined()) {
                    Option<String> serialNumber = cert2.serialNumber();
                    Option<String> serialNumber2 = cert.serialNumber();
                    if (serialNumber != null ? serialNumber.equals(serialNumber2) : serialNumber2 == null) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    static /* synthetic */ boolean $anonfun$importOneCert$9(Cert cert, Cert cert2) {
        if (cert2.signature().isDefined()) {
            Option<String> signature = cert2.signature();
            Option<String> signature2 = cert.signature();
            if (signature != null ? signature.equals(signature2) : signature2 == null) {
                if (cert2.serialNumber().isDefined()) {
                    Option<String> serialNumber = cert2.serialNumber();
                    Option<String> serialNumber2 = cert.serialNumber();
                    if (serialNumber != null ? serialNumber.equals(serialNumber2) : serialNumber2 == null) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    static /* synthetic */ void $anonfun$importInitialCerts$2(CertificateDataStore certificateDataStore, Logger logger, Env env, ExecutionContext executionContext, Configuration configuration) {
        certificateDataStore.importOneCert(configuration, "ca", "cert", "key", logger, certificateDataStore.importOneCert$default$6(), env, executionContext);
    }

    static /* synthetic */ boolean $anonfun$autoGenerateCertificateForDomain$3(String str, String str2) {
        return RegexPool$.MODULE$.apply(str2).matches(str);
    }

    static /* synthetic */ boolean $anonfun$autoGenerateCertificateForDomain$4(String str, String str2) {
        return RegexPool$.MODULE$.apply(str2).matches(str);
    }

    static /* synthetic */ boolean $anonfun$autoGenerateCertificateForDomain$6(String str, Cert cert) {
        return ((SeqLike) cert.sans().$colon$plus(cert.domain(), Seq$.MODULE$.canBuildFrom())).contains(str);
    }

    static /* synthetic */ Some $anonfun$autoGenerateCertificateForDomain$9(Cert cert, boolean z) {
        return new Some(cert);
    }

    static void $init$(CertificateDataStore certificateDataStore) {
    }
}
