package otoroshi.ssl;

import com.github.blemale.scaffeine.Cache;
import com.github.blemale.scaffeine.Scaffeine$;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLSession;
import otoroshi.env.Env;
import otoroshi.models.TlsSettings;
import otoroshi.models.TlsSettings$;
import otoroshi.utils.syntax.implicits$;
import otoroshi.utils.syntax.implicits$BetterSyntax$;
import play.api.Logger;
import play.api.MarkerContext$;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.Tuple2;
import scala.Tuple3;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.SeqLike;
import scala.collection.TraversableLike;
import scala.collection.TraversableOnce;
import scala.collection.immutable.Map;
import scala.collection.immutable.StringOps;
import scala.concurrent.duration.package;
import scala.concurrent.duration.package$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: dynkeymanager.scala */
/* loaded from: input_file:otoroshi/ssl/DynamicKeyManager$.class */
public final class DynamicKeyManager$ {
    public static DynamicKeyManager$ MODULE$;
    private final Cache<String, Cert> cache;
    private final Cache<String, Tuple3<SSLSession, PrivateKey, X509Certificate[]>> sessions;

    static {
        new DynamicKeyManager$();
    }

    public Cache<String, Cert> cache() {
        return this.cache;
    }

    public Cache<String, Tuple3<SSLSession, PrivateKey, X509Certificate[]>> sessions() {
        return this.sessions;
    }

    public Seq<Cert> validCertificates(Seq<Cert> seq) {
        return (Seq) ((SeqLike) ((TraversableLike) seq.map(cert -> {
            return cert.enrich();
        }, Seq$.MODULE$.canBuildFrom())).filter(cert2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$validCertificates$2(cert2));
        })).sortWith((cert3, cert4) -> {
            return BoxesRunTime.boxToBoolean($anonfun$validCertificates$3(cert3, cert4));
        });
    }

    public Map<String, Cert> certificatesByDomains(Seq<Cert> seq) {
        return ((TraversableOnce) validCertificates(seq).flatMap(cert -> {
            return (Seq) cert.allDomains().map(str -> {
                return new Tuple2(str, cert);
            }, Seq$.MODULE$.canBuildFrom());
        }, Seq$.MODULE$.canBuildFrom())).toMap(Predef$.MODULE$.$conforms());
    }

    public Tuple2<Seq<Cert>, Map<String, Cert>> validCertificatesByDomains(Seq<Cert> seq) {
        Seq<Cert> validCertificates = validCertificates(seq);
        return new Tuple2<>(validCertificates, ((TraversableOnce) validCertificates.flatMap(cert -> {
            return (Seq) cert.allDomains().map(str -> {
                return new Tuple2(str, cert);
            }, Seq$.MODULE$.canBuildFrom());
        }, Seq$.MODULE$.canBuildFrom())).toMap(Predef$.MODULE$.$conforms()));
    }

    public Option<Cert> getServerCertificateForDomain(String str, Seq<Cert> seq, Map<String, Cert> map, Env env, Logger logger) {
        Some ifPresent = cache().getIfPresent(str);
        if (ifPresent instanceof Some) {
            return new Some((Cert) ifPresent.value());
        }
        if (!None$.MODULE$.equals(ifPresent)) {
            throw new MatchError(ifPresent);
        }
        TlsSettings tlsSettings = (TlsSettings) env.datastores().globalConfigDataStore().latestSafe().map(globalConfig -> {
            return globalConfig.tlsSettings();
        }).getOrElse(() -> {
            return new TlsSettings(TlsSettings$.MODULE$.apply$default$1(), TlsSettings$.MODULE$.apply$default$2(), TlsSettings$.MODULE$.apply$default$3(), TlsSettings$.MODULE$.apply$default$4(), TlsSettings$.MODULE$.apply$default$5(), TlsSettings$.MODULE$.apply$default$6());
        });
        boolean z = false;
        Some map2 = map.get(str).orElse(() -> {
            return (Option) implicits$BetterSyntax$.MODULE$.seffectOnIf$extension(implicits$.MODULE$.BetterSyntax(((TraversableLike) ((TraversableLike) implicits$BetterSyntax$.MODULE$.seffectOnIf$extension(implicits$.MODULE$.BetterSyntax(((SeqLike) ((TraversableLike) seq.flatMap(cert -> {
                return (Seq) cert.allDomains().map(str2 -> {
                    return new Tuple2(str2, cert);
                }, Seq$.MODULE$.canBuildFrom());
            }, Seq$.MODULE$.canBuildFrom())).filter(tuple2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$getServerCertificateForDomain$6(str, tuple2));
            })).sortWith((tuple22, tuple23) -> {
                return BoxesRunTime.boxToBoolean($anonfun$getServerCertificateForDomain$7(tuple22, tuple23));
            })), () -> {
                return logger.isDebugEnabled(MarkerContext$.MODULE$.NoMarker());
            }, seq2 -> {
                $anonfun$getServerCertificateForDomain$9(logger, str, seq2);
                return BoxedUnit.UNIT;
            })).map(tuple24 -> {
                return (Cert) tuple24._2();
            }, Seq$.MODULE$.canBuildFrom())).headOption()), () -> {
                return logger.isDebugEnabled(MarkerContext$.MODULE$.NoMarker());
            }, option -> {
                $anonfun$getServerCertificateForDomain$14(logger, option);
                return BoxedUnit.UNIT;
            });
        }).orElse(() -> {
            return tlsSettings.defaultDomain().flatMap(str2 -> {
                return ((TraversableLike) ((TraversableLike) ((SeqLike) ((TraversableLike) seq.flatMap(cert -> {
                    return (Seq) cert.allDomains().map(str2 -> {
                        return new Tuple2(str2, cert);
                    }, Seq$.MODULE$.canBuildFrom());
                }, Seq$.MODULE$.canBuildFrom())).filter(tuple2 -> {
                    return BoxesRunTime.boxToBoolean($anonfun$getServerCertificateForDomain$22(str, tuple2));
                })).sortWith((tuple22, tuple23) -> {
                    return BoxesRunTime.boxToBoolean($anonfun$getServerCertificateForDomain$23(tuple22, tuple23));
                })).map(tuple24 -> {
                    return (Cert) tuple24._2();
                }, Seq$.MODULE$.canBuildFrom())).headOption();
            });
        }).map(cert -> {
            MODULE$.cache().put(str, cert);
            return cert;
        });
        if (None$.MODULE$.equals(map2)) {
            z = true;
            if (tlsSettings.randomIfNotFound()) {
                return ((TraversableLike) seq.filterNot(cert2 -> {
                    return BoxesRunTime.boxToBoolean(cert2.client());
                })).headOption().map(cert3 -> {
                    MODULE$.cache().put(str, cert3);
                    return cert3;
                });
            }
        }
        if (z) {
            return None$.MODULE$;
        }
        if (map2 instanceof Some) {
            return map2;
        }
        throw new MatchError(map2);
    }

    public static final /* synthetic */ boolean $anonfun$validCertificates$2(Cert cert) {
        return cert.notRevoked() && cert.notExpired() && !cert.ca() && !cert.keypair();
    }

    public static final /* synthetic */ boolean $anonfun$validCertificates$3(Cert cert, Cert cert2) {
        return cert.to().compareTo(cert2.to()) > 0;
    }

    public static final /* synthetic */ boolean $anonfun$getServerCertificateForDomain$6(String str, Tuple2 tuple2) {
        return ((Cert) tuple2._2()).sanMatchesDomain(str, (String) tuple2._1());
    }

    public static final /* synthetic */ boolean $anonfun$getServerCertificateForDomain$7(Tuple2 tuple2, Tuple2 tuple22) {
        Tuple2 tuple23 = new Tuple2(tuple2, tuple22);
        if (tuple23 != null) {
            Tuple2 tuple24 = (Tuple2) tuple23._1();
            Tuple2 tuple25 = (Tuple2) tuple23._2();
            if (tuple24 != null) {
                String str = (String) tuple24._1();
                if (tuple25 != null) {
                    String str2 = (String) tuple25._1();
                    if (str.contains("*") && str2.contains("*")) {
                        return new StringOps(Predef$.MODULE$.augmentString(str)).size() > new StringOps(Predef$.MODULE$.augmentString(str2)).size();
                    }
                }
            }
        }
        if (tuple23 != null) {
            Tuple2 tuple26 = (Tuple2) tuple23._1();
            Tuple2 tuple27 = (Tuple2) tuple23._2();
            if (tuple26 != null) {
                String str3 = (String) tuple26._1();
                if (tuple27 != null) {
                    String str4 = (String) tuple27._1();
                    if (str3.contains("*") && !str4.contains("*")) {
                        return false;
                    }
                }
            }
        }
        if (tuple23 != null) {
            Tuple2 tuple28 = (Tuple2) tuple23._1();
            Tuple2 tuple29 = (Tuple2) tuple23._2();
            if (tuple28 != null) {
                String str5 = (String) tuple28._1();
                if (tuple29 != null) {
                    String str6 = (String) tuple29._1();
                    if (!str5.contains("*") && str6.contains("*")) {
                        return true;
                    }
                }
            }
        }
        if (tuple23 != null) {
            Tuple2 tuple210 = (Tuple2) tuple23._1();
            Tuple2 tuple211 = (Tuple2) tuple23._2();
            if (tuple210 != null) {
                String str7 = (String) tuple210._1();
                if (tuple211 != null) {
                    String str8 = (String) tuple211._1();
                    if (!str7.contains("*") && !str8.contains("*")) {
                        return true;
                    }
                }
            }
        }
        throw new MatchError(tuple23);
    }

    public static final /* synthetic */ void $anonfun$getServerCertificateForDomain$9(Logger logger, String str, Seq seq) {
        logger.debug(() -> {
            return new StringBuilder(31).append("possible certificates for '").append(str).append("': \n").append(((TraversableOnce) seq.map(tuple2 -> {
                return new StringBuilder(16).append("  * '").append(((Cert) tuple2._2()).name()).append("' | '").append(tuple2._1()).append("' | - ").append(((Cert) tuple2._2()).allDomains().mkString(", ")).toString();
            }, Seq$.MODULE$.canBuildFrom())).mkString("\n")).toString();
        }, MarkerContext$.MODULE$.NoMarker());
    }

    public static final /* synthetic */ void $anonfun$getServerCertificateForDomain$14(Logger logger, Option option) {
        logger.debug(() -> {
            return new StringBuilder(11).append("choosing '").append(option.map(cert -> {
                return cert.name();
            }).getOrElse(() -> {
                return "--";
            })).append("'").toString();
        }, MarkerContext$.MODULE$.NoMarker());
    }

    public static final /* synthetic */ boolean $anonfun$getServerCertificateForDomain$22(String str, Tuple2 tuple2) {
        return ((Cert) tuple2._2()).sanMatchesDomain(str, (String) tuple2._1());
    }

    public static final /* synthetic */ boolean $anonfun$getServerCertificateForDomain$23(Tuple2 tuple2, Tuple2 tuple22) {
        Tuple2 tuple23 = new Tuple2(tuple2, tuple22);
        if (tuple23 != null) {
            Tuple2 tuple24 = (Tuple2) tuple23._1();
            Tuple2 tuple25 = (Tuple2) tuple23._2();
            if (tuple24 != null) {
                String str = (String) tuple24._1();
                if (tuple25 != null) {
                    String str2 = (String) tuple25._1();
                    if (str.contains("*") && str2.contains("*")) {
                        return new StringOps(Predef$.MODULE$.augmentString(str)).size() > new StringOps(Predef$.MODULE$.augmentString(str2)).size();
                    }
                }
            }
        }
        if (tuple23 != null) {
            Tuple2 tuple26 = (Tuple2) tuple23._1();
            Tuple2 tuple27 = (Tuple2) tuple23._2();
            if (tuple26 != null) {
                String str3 = (String) tuple26._1();
                if (tuple27 != null) {
                    String str4 = (String) tuple27._1();
                    if (str3.contains("*") && !str4.contains("*")) {
                        return false;
                    }
                }
            }
        }
        if (tuple23 != null) {
            Tuple2 tuple28 = (Tuple2) tuple23._1();
            Tuple2 tuple29 = (Tuple2) tuple23._2();
            if (tuple28 != null) {
                String str5 = (String) tuple28._1();
                if (tuple29 != null) {
                    String str6 = (String) tuple29._1();
                    if (!str5.contains("*") && str6.contains("*")) {
                        return true;
                    }
                }
            }
        }
        if (tuple23 != null) {
            Tuple2 tuple210 = (Tuple2) tuple23._1();
            Tuple2 tuple211 = (Tuple2) tuple23._2();
            if (tuple210 != null) {
                String str7 = (String) tuple210._1();
                if (tuple211 != null) {
                    String str8 = (String) tuple211._1();
                    if (!str7.contains("*") && !str8.contains("*")) {
                        return true;
                    }
                }
            }
        }
        throw new MatchError(tuple23);
    }

    private DynamicKeyManager$() {
        MODULE$ = this;
        this.cache = Scaffeine$.MODULE$.apply().maximumSize(1000L).expireAfterWrite(new package.DurationInt(package$.MODULE$.DurationInt(5)).seconds()).build();
        this.sessions = Scaffeine$.MODULE$.apply().maximumSize(1000L).expireAfterWrite(new package.DurationInt(package$.MODULE$.DurationInt(5)).seconds()).build();
    }
}
