package io.buoyant.linkerd.tls;

import io.buoyant.linkerd.tls.TlsUtils;
import java.io.File;
import java.io.FileWriter;
import java.io.PrintWriter;
import scala.Function1;
import scala.MatchError;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.StringContext;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.TraversableLike;
import scala.collection.TraversableOnce;
import scala.collection.immutable.StringOps;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.sys.process.ProcessBuilder;
import scala.sys.process.ProcessLogger;
import scala.sys.process.ProcessLogger$;
import scala.sys.process.package$;

/* compiled from: TlsUtils.scala */
/* loaded from: input_file:io/buoyant/linkerd/tls/TlsUtils$.class */
public final class TlsUtils$ {
    public static TlsUtils$ MODULE$;
    private final ProcessLogger DevNull;

    static {
        new TlsUtils$();
    }

    public int run(ProcessBuilder processBuilder) {
        return processBuilder.$bang(DevNull());
    }

    public void withCerts(Seq<String> seq, Function1<TlsUtils.Certs, BoxedUnit> function1) {
        withCertsWithCustomDnsAltNames(seq, seq, function1);
    }

    public void withCertsWithCustomDnsAltNames(Seq<String> seq, Seq<String> seq2, Function1<TlsUtils.Certs, BoxedUnit> function1) {
        File file = new File(new StringOps(Predef$.MODULE$.augmentString(package$.MODULE$.stringToProcess("mktemp -d -t linkerd-tls.XXXXXX").$bang$bang())).stripLineEnd());
        try {
            File mkCaDirs = mkCaDirs(file);
            if (seq2 != null) {
                addDnsAltNamesInConfig(file, seq2);
            }
            File file2 = new File(file, "ca+cert.pem");
            File file3 = new File(file, "private/ca_key.pem");
            assertOk(newKeyAndCert("/C=US/CN=Test CA", mkCaDirs, file3, file2));
            function1.apply(new TlsUtils.Certs(file2, ((TraversableOnce) seq.map(str -> {
                File file4 = new File(file, new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", "_req.pem"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str})));
                File file5 = new File(file, new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"", "_cert.pem"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str})));
                File file6 = new File(file, new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"private/", "_key.tmp.pem"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str})));
                File file7 = new File(file, new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"private/", "_pk8.pem"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str})));
                this.assertOk(this.newReq(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"/C=US/CN=", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str})), mkCaDirs, file4, file6));
                this.assertOk(this.signReq(mkCaDirs, file3, file2, file4, file5));
                this.assertOk(this.toPk8(file6, file7));
                return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(str), new TlsUtils.ServiceCert(file5, file7));
            }, Seq$.MODULE$.canBuildFrom())).toMap(Predef$.MODULE$.$conforms())));
            package$.MODULE$.stringSeqToProcess(Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{"rm", "-rf", file.getPath()}))).$bang();
        } catch (Throwable th) {
            package$.MODULE$.stringSeqToProcess(Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{"rm", "-rf", file.getPath()}))).$bang();
            throw th;
        }
    }

    public void assertOk(ProcessBuilder processBuilder) {
        Predef$.MODULE$.assert(run(processBuilder) == 0, () -> {
            return new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"`", "` failed"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{processBuilder}));
        });
    }

    public ProcessLogger DevNull() {
        return this.DevNull;
    }

    public File mkCaDirs(File file) {
        new File(file, "newcerts").mkdir();
        new File(file, "private").mkdir();
        new File(file, "index.txt").createNewFile();
        PrintWriter printWriter = new PrintWriter(new File(file, "serial"));
        printWriter.println("01");
        printWriter.close();
        File file2 = new File(file, "openssl.cfg");
        PrintWriter printWriter2 = new PrintWriter(file2);
        printWriter2.print(opensslCfg(file.getPath()));
        printWriter2.close();
        return file2;
    }

    public void addDnsAltNamesInConfig(File file, Seq<String> seq) {
        FileWriter fileWriter = new FileWriter(new File(file, "openssl.cfg"), true);
        fileWriter.write(dnsAltNames(seq));
        fileWriter.close();
    }

    public String dnsAltNames(Seq<String> seq) {
        return ((Seq) ((TraversableLike) seq.zipWithIndex(Seq$.MODULE$.canBuildFrom())).map(tuple2 -> {
            if (tuple2 == null) {
                throw new MatchError(tuple2);
            }
            return new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"DNS.", " = ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{BoxesRunTime.boxToInteger(tuple2._2$mcI$sp() + 1), (String) tuple2._1()}));
        }, Seq$.MODULE$.canBuildFrom())).mkString("\n");
    }

    public String opensslCfg(String str) {
        return new StringOps(Predef$.MODULE$.augmentString(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"\n    |dir = ", "\n    |\n    |[ ca ]\n    |default_ca = CA_default\n    |\n    |[ CA_default ]\n    |serial = $dir/serial\n    |database = $dir/index.txt\n    |new_certs_dir = $dir/newcerts\n    |certificate  = $dir/cacert.pem\n    |private_key = $dir/private/cakey.pem\n    |default_days = 1\n    |default_md  = sha256\n    |preserve = no\n    |email_in_dn  = no\n    |nameopt = default_ca\n    |certopt = default_ca\n    |policy = policy_match\n    |x509_extensions = x509_extensions\n    |\n    |[ policy_match ]\n    |commonName = supplied\n    |countryName = optional\n    |stateOrProvinceName = optional\n    |organizationName = optional\n    |organizationalUnitName = optional\n    |emailAddress = optional\n    |\n    |[ req ]\n    |default_bits = 2048\n    |default_keyfile = priv.pem\n    |default_md = sha256\n    |distinguished_name = req_distinguished_name\n    |req_extensions = v3_req\n    |encrypt_key = no\n    |\n    |[ req_distinguished_name ]\n    |\n    |[ v3_ca ]\n    |basicConstraints = CA:TRUE\n    |subjectKeyIdentifier = hash\n    |authorityKeyIdentifier = keyid:always,issuer:always\n    |\n    |[ v3_req ]\n    |basicConstraints = CA:FALSE\n    |subjectKeyIdentifier = hash\n    |\n    |[ x509_extensions ]\n    |subjectAltName = @alt_names\n    |\n    |[alt_names]\n    |URI.1 = https://buoyant.io\n    |IP.1 = 127.0.0.1\n    |"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str})))).stripMargin();
    }

    public ProcessBuilder newKeyAndCert(String str, File file, File file2, File file3) {
        return package$.MODULE$.stringSeqToProcess(Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{"openssl", "req", "-x509", "-nodes", "-newkey", "rsa:2048", "-config", file.getPath(), "-subj", str, "-keyout", file2.getPath(), "-out", file3.getPath()})));
    }

    public ProcessBuilder newReq(String str, File file, File file2, File file3) {
        return package$.MODULE$.stringSeqToProcess(Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{"openssl", "req", "-new", "-nodes", "-config", file.getPath(), "-subj", str, "-keyout", file3.getPath(), "-out", file2.getPath()})));
    }

    public ProcessBuilder signReq(File file, File file2, File file3, File file4, File file5) {
        return package$.MODULE$.stringSeqToProcess(Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{"openssl", "ca", "-batch", "-config", file.getPath(), "-keyfile", file2.getPath(), "-cert", file3.getPath(), "-out", file5.getPath(), "-infiles", file4.getPath()})));
    }

    public ProcessBuilder toPk8(File file, File file2) {
        return package$.MODULE$.stringSeqToProcess(Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{"openssl", "pkcs8", "-topk8", "-nocrypt", "-in", file.getPath(), "-out", file2.getPath()})));
    }

    public static final /* synthetic */ void $anonfun$DevNull$1(String str) {
    }

    private TlsUtils$() {
        MODULE$ = this;
        this.DevNull = ProcessLogger$.MODULE$.apply(str -> {
            $anonfun$DevNull$1(str);
            return BoxedUnit.UNIT;
        });
    }
}
