package com.karasiq.tls.x509.crl;

import com.karasiq.tls.TLS;
import com.karasiq.tls.internal.BCConversions$;
import com.karasiq.tls.internal.BCConversions$AsymmetricKeyParameterOps$;
import com.karasiq.tls.internal.ObjectLoader;
import com.karasiq.tls.x509.X509Utils$;
import com.karasiq.tls.x509.crl.CRLHolder;
import com.typesafe.config.Config;
import com.typesafe.config.ConfigFactory;
import java.io.File;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.URI;
import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.file.Path;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509ExtensionUtils;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.bouncycastle.operator.ContentSigner;
import scala.MatchError;
import scala.Predef$;
import scala.collection.Seq;
import scala.math.BigInt;

/* compiled from: CRL.scala */
/* loaded from: input_file:com/karasiq/tls/x509/crl/CRL$.class */
public final class CRL$ implements CRLBuilder, CRLReader {
    public static CRL$ MODULE$;
    private final Config config;

    static {
        new CRL$();
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.karasiq.tls.internal.ObjectLoader
    public X509CRLHolder fromInputStream(InputStream inputStream) {
        X509CRLHolder fromInputStream;
        fromInputStream = fromInputStream(inputStream);
        return fromInputStream;
    }

    @Override // com.karasiq.tls.x509.crl.CRLReader
    public boolean verify(X509CRLHolder x509CRLHolder, Certificate certificate) {
        boolean verify;
        verify = verify(x509CRLHolder, certificate);
        return verify;
    }

    @Override // com.karasiq.tls.x509.crl.CRLReader
    public boolean contains(X509CRLHolder x509CRLHolder, Certificate certificate) {
        boolean contains;
        contains = contains(x509CRLHolder, certificate);
        return contains;
    }

    @Override // com.karasiq.tls.x509.crl.CRLReader
    public Seq<X509CRLHolder> getRevocationLists(Certificate certificate, Certificate certificate2) {
        Seq<X509CRLHolder> revocationLists;
        revocationLists = getRevocationLists(certificate, certificate2);
        return revocationLists;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object, org.bouncycastle.cert.X509CRLHolder] */
    @Override // com.karasiq.tls.internal.ObjectLoader
    public X509CRLHolder fromResource(String str) {
        ?? fromResource;
        fromResource = fromResource(str);
        return fromResource;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object, org.bouncycastle.cert.X509CRLHolder] */
    @Override // com.karasiq.tls.internal.ObjectLoader
    public X509CRLHolder fromFile(File file) {
        ?? fromFile;
        fromFile = fromFile(file);
        return fromFile;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object, org.bouncycastle.cert.X509CRLHolder] */
    @Override // com.karasiq.tls.internal.ObjectLoader
    public final X509CRLHolder fromFile(Path path) {
        ?? fromFile;
        fromFile = fromFile(path);
        return fromFile;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object, org.bouncycastle.cert.X509CRLHolder] */
    @Override // com.karasiq.tls.internal.ObjectLoader
    public final X509CRLHolder fromFile(String str) {
        ?? fromFile;
        fromFile = fromFile(str);
        return fromFile;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object, org.bouncycastle.cert.X509CRLHolder] */
    @Override // com.karasiq.tls.internal.ObjectLoader
    public X509CRLHolder fromURL(URL url) {
        ?? fromURL;
        fromURL = fromURL(url);
        return fromURL;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object, org.bouncycastle.cert.X509CRLHolder] */
    @Override // com.karasiq.tls.internal.ObjectLoader
    public final X509CRLHolder fromURL(String str) {
        ?? fromURL;
        fromURL = fromURL(str);
        return fromURL;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object, org.bouncycastle.cert.X509CRLHolder] */
    @Override // com.karasiq.tls.internal.ObjectLoader
    public final X509CRLHolder fromURI(URI uri) {
        ?? fromURI;
        fromURI = fromURI(uri);
        return fromURI;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object, org.bouncycastle.cert.X509CRLHolder] */
    @Override // com.karasiq.tls.internal.ObjectLoader
    public X509CRLHolder fromBytes(byte[] bArr) {
        ?? fromBytes;
        fromBytes = fromBytes(bArr);
        return fromBytes;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object, org.bouncycastle.cert.X509CRLHolder] */
    @Override // com.karasiq.tls.internal.ObjectLoader
    public final X509CRLHolder fromByteBuffer(ByteBuffer byteBuffer) {
        ?? fromByteBuffer;
        fromByteBuffer = fromByteBuffer(byteBuffer);
        return fromByteBuffer;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object, org.bouncycastle.cert.X509CRLHolder] */
    @Override // com.karasiq.tls.internal.ObjectLoader
    public final X509CRLHolder fromString(String str, String str2) {
        ?? fromString;
        fromString = fromString(str, str2);
        return fromString;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object, org.bouncycastle.cert.X509CRLHolder] */
    @Override // com.karasiq.tls.internal.ObjectLoader
    public final X509CRLHolder fromString(String str) {
        ?? fromString;
        fromString = fromString(str);
        return fromString;
    }

    private Config config() {
        return this.config;
    }

    public String defaultKeyIdAlgorithm() {
        return config().getString("key-id-algorithm");
    }

    public String defaultSignAlgorithm() {
        return config().getString("sign-algorithm");
    }

    public Instant defaultNextUpdate() {
        return Instant.now().plus(config().getDuration("next-update-in", TimeUnit.SECONDS), (TemporalUnit) ChronoUnit.SECONDS);
    }

    private X509v2CRLBuilder addSerial(X509v2CRLBuilder x509v2CRLBuilder, TLS.CertificateKey certificateKey, BigInteger bigInteger, int i, Instant instant) {
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.reasonCode, false, CRLReason.lookup(i));
        extensionsGenerator.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(certificateKey.certificate().getSubject())));
        return x509v2CRLBuilder.addCRLEntry(bigInteger, Date.from(instant), extensionsGenerator.generate());
    }

    @Override // com.karasiq.tls.x509.crl.CRLBuilder
    public X509CRLHolder build(TLS.CertificateKey certificateKey, Seq<CRLHolder.Revoked> seq, Instant instant) {
        Predef$.MODULE$.assert(X509Utils$.MODULE$.isKeyUsageAllowed(certificateKey.certificate(), 2), () -> {
            return "CRL signing not allowed";
        });
        X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(certificateKey.certificate().getSubject(), new Date());
        X509ExtensionUtils extensionUtils = X509Utils$.MODULE$.extensionUtils(defaultKeyIdAlgorithm());
        ContentSigner contentSigner = X509Utils$.MODULE$.contentSigner(BCConversions$AsymmetricKeyParameterOps$.MODULE$.toPrivateKey$extension(BCConversions$.MODULE$.AsymmetricKeyParameterOps(certificateKey.key().getPrivate())), defaultSignAlgorithm());
        x509v2CRLBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(new X509CertificateHolder(certificateKey.certificate())));
        x509v2CRLBuilder.setNextUpdate(Date.from(instant));
        seq.foreach(revoked -> {
            X509v2CRLBuilder addSerial;
            if (revoked instanceof CRLHolder.RevokedCerts) {
                addSerial = x509v2CRLBuilder.addCRL(((CRLHolder.RevokedCerts) revoked).crl());
            } else if (revoked instanceof CRLHolder.RevokedCert) {
                CRLHolder.RevokedCert revokedCert = (CRLHolder.RevokedCert) revoked;
                Certificate cert = revokedCert.cert();
                addSerial = MODULE$.addSerial(x509v2CRLBuilder, certificateKey, cert.getSerialNumber().getValue(), revokedCert.reason(), revokedCert.revocationDate());
            } else {
                if (!(revoked instanceof CRLHolder.RevokedSerial)) {
                    throw new MatchError(revoked);
                }
                CRLHolder.RevokedSerial revokedSerial = (CRLHolder.RevokedSerial) revoked;
                BigInt serial = revokedSerial.serial();
                addSerial = MODULE$.addSerial(x509v2CRLBuilder, certificateKey, serial.underlying(), revokedSerial.reason(), revokedSerial.revocationDate());
            }
            return addSerial;
        });
        return x509v2CRLBuilder.build(contentSigner);
    }

    public Instant build$default$3() {
        return defaultNextUpdate();
    }

    private CRL$() {
        MODULE$ = this;
        ObjectLoader.$init$(this);
        CRLReader.$init$((CRLReader) this);
        this.config = ConfigFactory.load().getConfig("karasiq.tls.crl-defaults");
    }
}
