package gridscale.egi;

import gridscale.authentication.P12Authentication;
import gridscale.authentication.P12Authentication$;
import gridscale.effectaside.package;
import gridscale.http.package;
import gridscale.http.package$HTTPS$;
import gridscale.http.package$HTTPS$KeyStoreOperations$Credential$;
import gridscale.http.package$HTTPSServer$;
import java.io.File;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.TimeZone;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AttributeCertificate;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import scala.Function0;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.Some$;
import scala.Tuple2;
import scala.Tuple2$;
import scala.collection.ArrayOps$;
import scala.collection.IterableOnce;
import scala.collection.IterableOnceOps;
import scala.collection.IterableOps;
import scala.collection.StrictOptimizedIterableOps;
import scala.collection.immutable.Seq;
import scala.collection.immutable.Vector;
import scala.math.Numeric$IntIsIntegral$;
import scala.runtime.BoxesRunTime;
import scala.runtime.LazyRef;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.ScalaRunTime$;
import scala.util.Random$;
import scala.xml.Elem;
import scala.xml.NodeSeq;
import scala.xml.NodeSeq$;
import scala.xml.XML$;
import squants.time.Time;
import squants.time.TimeConversions$;

/* compiled from: package.scala */
/* loaded from: input_file:gridscale/egi/package$VOMS$.class */
public final class package$VOMS$ implements Serializable {
    public static final package$VOMS$VOMSCredential$ VOMSCredential = null;
    public static final package$VOMS$ProxyError$ ProxyError = null;
    public static final package$VOMS$Reason$ Reason = null;
    public static final package$VOMS$ProxySize$ ProxySize = null;
    public static final package$VOMS$ MODULE$ = new package$VOMS$();

    private Object writeReplace() {
        return new ModuleSerializationProxy(package$VOMS$.class);
    }

    public String gridscale$egi$package$VOMS$$$ProxyError$superArg$1(package$VOMS$Reason package_voms_reason, Option<String> option) {
        return package_voms_reason + ": " + option.getOrElse(this::ProxyError$superArg$1$$anonfun$1);
    }

    public package$VOMS$VOMSCredential renewProxy(Function0<package$VOMS$VOMSCredential> function0, package$VOMS$VOMSCredential package_voms_vomscredential, Time time, package.Effect<package.System> effect) {
        return renew$1(function0, package_voms_vomscredential, time, ((package.System) effect.apply()).currentTime());
    }

    public Time renewProxy$default$3(Function0<package$VOMS$VOMSCredential> function0) {
        return TimeConversions$.MODULE$.TimeConversions(BoxesRunTime.boxToInteger(1), Numeric$IntIsIntegral$.MODULE$).hours();
    }

    public Option<Seq<String>> get(String str, String str2) {
        Elem loadString = XML$.MODULE$.loadString(gridscale.http.package$.MODULE$.get("https://operations-portal.egi.eu/api/vo-idcard/" + str + "/xml", scala.package$.MODULE$.Seq().apply(ScalaRunTime$.MODULE$.wrapRefArray(new Tuple2[]{Tuple2$.MODULE$.apply("X-API-Key", str2)}))));
        return loadString.$bslash("Vo").isEmpty() ? None$.MODULE$ : Some$.MODULE$.apply((Seq) loadString.$bslash("Vo").$bslash("Registries").$bslash("VoVomsServer").map(node -> {
            return node.$bslash("hostname").text() + ":" + NodeSeq$.MODULE$.seqToNodeSeq((scala.collection.Seq) node.attribute("vomses_port").get()).text();
        }));
    }

    public package$VOMS$VOMSCredential proxy(String str, P12Authentication p12Authentication, File file, Time time, Option<String> option, package$VOMS$ProxySize package_voms_proxysize, Time time2, package.Effect<package.HTTP> effect, package.Effect<package.FileSystem> effect2) {
        LazyRef lazyRef = new LazyRef();
        String mkString = ((IterableOnceOps) ((StrictOptimizedIterableOps) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new Option[]{Some$.MODULE$.apply("lifetime=" + ((long) time.toSeconds())), option.map(str2 -> {
            return "fqans=" + str2;
        })}))).flatten(Predef$.MODULE$.$conforms())).mkString("&");
        String str3 = "/generate-ac" + (!mkString.isEmpty() ? "?" + mkString : "");
        package.HTTPS.KeyStoreOperations.Credential readP12 = package$HTTPS$.MODULE$.readP12(p12Authentication.certificate(), p12Authentication.password(), effect2);
        Vector<package.HTTPS.KeyStoreOperations.Certificate> readPEMCertificates = package$HTTPS$.MODULE$.readPEMCertificates(file, effect2, effect);
        package.HTTPSServer apply = package$HTTPSServer$.MODULE$.apply("https://" + str, package$HTTPS$.MODULE$.socketFactory((Vector) readPEMCertificates.$plus$plus((IterableOnce) scala.package$.MODULE$.Vector().apply(ScalaRunTime$.MODULE$.wrapRefArray(new package.HTTPS.KeyStoreOperations.Credential[]{readP12}))), p12Authentication.password(), package$HTTPS$.MODULE$.socketFactory$default$3()), time2, package$HTTPSServer$.MODULE$.apply$default$4(), package$HTTPSServer$.MODULE$.apply$default$5());
        package.HTTP http = (package.HTTP) effect.apply();
        Tuple2 credential$2 = credential$2(time, package_voms_proxysize, parseAC$1(lazyRef, http.content(apply, str3, http.content$default$3()), p12Authentication, readPEMCertificates));
        if (credential$2 == null) {
            throw new MatchError(credential$2);
        }
        Tuple2 apply2 = Tuple2$.MODULE$.apply((package.HTTPS.KeyStoreOperations.Credential) credential$2._1(), (Date) credential$2._2());
        package.HTTPS.KeyStoreOperations.Credential credential = (package.HTTPS.KeyStoreOperations.Credential) apply2._1();
        return package$VOMS$VOMSCredential$.MODULE$.apply(credential, p12Authentication, readPEMCertificates, (Date) apply2._2(), time, socketFactory$1(credential, readPEMCertificates, p12Authentication.password(), effect));
    }

    public Time proxy$default$4() {
        return TimeConversions$.MODULE$.TimeConversions(BoxesRunTime.boxToInteger(24), Numeric$IntIsIntegral$.MODULE$).hours();
    }

    public Option<String> proxy$default$5() {
        return None$.MODULE$;
    }

    public package$VOMS$ProxySize proxy$default$6() {
        return package$VOMS$ProxySize$PS2048$.MODULE$;
    }

    public Time proxy$default$7() {
        return TimeConversions$.MODULE$.TimeConversions(BoxesRunTime.boxToInteger(1), Numeric$IntIsIntegral$.MODULE$).minutes();
    }

    private final String ProxyError$superArg$1$$anonfun$1() {
        return "No message";
    }

    private final package$VOMS$VOMSCredential renew$1(Function0 function0, package$VOMS$VOMSCredential package_voms_vomscredential, Time time, long j) {
        return package_voms_vomscredential.ending().getTime() - time.millis() > j ? (package$VOMS$VOMSCredential) function0.apply() : package_voms_vomscredential;
    }

    private final package$VOMS$VOMSProxy$3$ VOMSProxy$lzyINIT1$1(LazyRef lazyRef) {
        package$VOMS$VOMSProxy$3$ package_voms_vomsproxy_3_;
        synchronized (lazyRef) {
            package_voms_vomsproxy_3_ = (package$VOMS$VOMSProxy$3$) (lazyRef.initialized() ? lazyRef.value() : lazyRef.initialize(new package$VOMS$VOMSProxy$3$()));
        }
        return package_voms_vomsproxy_3_;
    }

    private final package$VOMS$VOMSProxy$3$ VOMSProxy$2(LazyRef lazyRef) {
        return (package$VOMS$VOMSProxy$3$) (lazyRef.initialized() ? lazyRef.value() : VOMSProxy$lzyINIT1$1(lazyRef));
    }

    private final Option content$1(Elem elem) {
        return elem.$bslash$bslash("voms").$bslash$bslash("ac").headOption().map(node -> {
            return node.text();
        });
    }

    private final NodeSeq error$1(Elem elem) {
        return elem.$bslash$bslash("voms").$bslash$bslash("error");
    }

    private final Option message$1(Elem elem) {
        return error$1(elem).$bslash$bslash("message").headOption().map(node -> {
            return node.text();
        });
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private final package$VOMS$VOMSProxy$1 parseAC$1(LazyRef lazyRef, String str, P12Authentication p12Authentication, Vector vector) {
        Elem elem = (Elem) XML$.MODULE$.loadString(str);
        Some content$1 = content$1(elem);
        if (content$1 instanceof Some) {
            return VOMSProxy$2(lazyRef).apply((String) content$1.value(), p12Authentication, vector);
        }
        if (!None$.MODULE$.equals(content$1)) {
            throw new MatchError(content$1);
        }
        Some map = error$1(elem).$bslash$bslash("code").headOption().map(node -> {
            return node.text();
        });
        if (!(map instanceof Some)) {
            throw package$VOMS$ProxyError$.MODULE$.apply(package$VOMS$Reason$Unknown$.MODULE$, message$1(elem));
        }
        String str2 = (String) map.value();
        switch (str2 == null ? 0 : str2.hashCode()) {
            case 423409702:
                if ("SuspendedUser".equals(str2)) {
                    throw package$VOMS$ProxyError$.MODULE$.apply(package$VOMS$Reason$SuspendedUser$.MODULE$, message$1(elem));
                }
                break;
            case 1108929459:
                if ("NoSuchUser".equals(str2)) {
                    throw package$VOMS$ProxyError$.MODULE$.apply(package$VOMS$Reason$NoSuchUser$.MODULE$, message$1(elem));
                }
                break;
            case 1633307370:
                if ("BadRequest".equals(str2)) {
                    throw package$VOMS$ProxyError$.MODULE$.apply(package$VOMS$Reason$BadRequest$.MODULE$, message$1(elem));
                }
                break;
        }
        throw package$VOMS$ProxyError$.MODULE$.apply(package$VOMS$Reason$InternalError$.MODULE$, message$1(elem));
    }

    private final Tuple2 credential$2(Time time, package$VOMS$ProxySize package_voms_proxysize, package$VOMS$VOMSProxy$1 package_voms_vomsproxy_1) {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new Base64().decode(package_voms_vomsproxy_1.ac().trim().replaceAll("\n", "")));
        AttributeCertificate attributeCertificate = AttributeCertificate.getInstance(aSN1InputStream.readObject());
        aSN1InputStream.close();
        P12Authentication.Loaded loadPKCS12Credentials = P12Authentication$.MODULE$.loadPKCS12Credentials(package_voms_vomsproxy_1.p12());
        Security.addProvider(new BouncyCastleProvider());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        if (package$VOMS$ProxySize$PS1024$.MODULE$.equals(package_voms_proxysize)) {
            keyPairGenerator.initialize(1024);
        } else {
            if (!package$VOMS$ProxySize$PS2048$.MODULE$.equals(package_voms_proxysize)) {
                throw new MatchError(package_voms_proxysize);
            }
            keyPairGenerator.initialize(2048);
        }
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        long abs = Math.abs(Random$.MODULE$.nextLong());
        BigInteger bigInteger = new BigInteger(String.valueOf(Math.abs(abs)));
        X500Name x500Name = new X500Name(RFC4519Style.INSTANCE, loadPKCS12Credentials.certificate().getSubjectDN().getName());
        Date date = new Date();
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("GMT"));
        gregorianCalendar.setGregorianChange(date);
        gregorianCalendar.add(12, -5);
        org.bouncycastle.asn1.x509.Time time2 = new org.bouncycastle.asn1.x509.Time(gregorianCalendar.getTime());
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar(TimeZone.getTimeZone("GMT"));
        gregorianCalendar2.setGregorianChange(date);
        gregorianCalendar2.add(13, (int) time.toSeconds());
        Tuple2 apply = Tuple2$.MODULE$.apply(new org.bouncycastle.asn1.x509.Time(gregorianCalendar2.getTime()), gregorianCalendar2.getTime());
        org.bouncycastle.asn1.x509.Time time3 = (org.bouncycastle.asn1.x509.Time) apply._1();
        Date date2 = (Date) apply._2();
        X500Name x500Name2 = new X500Name(RFC4519Style.INSTANCE, loadPKCS12Credentials.certificate().getSubjectDN().getName());
        X500NameBuilder x500NameBuilder = new X500NameBuilder(RFC4519Style.INSTANCE);
        ArrayOps$.MODULE$.foreach$extension(Predef$.MODULE$.refArrayOps(x500Name2.getRDNs()), rdn -> {
            return x500NameBuilder.addMultiValuedRDN(rdn.getTypesAndValues());
        });
        x500NameBuilder.addRDN(RFC4519Style.cn, BoxesRunTime.boxToLong(abs).toString());
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, bigInteger, time2, time3, x500NameBuilder.build(), SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(genKeyPair.getPublic().getEncoded())));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(attributeCertificate);
        x509v3CertificateBuilder.addExtension(new ASN1ObjectIdentifier("1.3.6.1.4.1.8005.100.100.5").intern(), false, new DERSequence(new DERSequence(aSN1EncodableVector)));
        ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.21.1");
        new ASN1ObjectIdentifier("1.3.6.1.5.5.7.21.2");
        new ASN1ObjectIdentifier("1.3.6.1.4.1.3536.1.1.1.9");
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(aSN1ObjectIdentifier);
        x509v3CertificateBuilder.addExtension(new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.14").intern(), true, new DERSequence(new DERSequence(aSN1EncodableVector2)));
        return Tuple2$.MODULE$.apply(package$HTTPS$KeyStoreOperations$Credential$.MODULE$.apply(genKeyPair.getPrivate(), (Vector) ((IterableOps) scala.package$.MODULE$.Vector().apply(ScalaRunTime$.MODULE$.wrapRefArray(new X509Certificate[]{new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA512WithRSAEncryption").setProvider("BC").build(loadPKCS12Credentials.key())))}))).$plus$plus(Predef$.MODULE$.wrapRefArray(loadPKCS12Credentials.chain()).toVector()), package_voms_vomsproxy_1.p12().password()), date2);
    }

    private final Function1 socketFactory$1(package.HTTPS.KeyStoreOperations.Credential credential, Vector vector, String str, package.Effect effect) {
        return package$HTTPS$.MODULE$.socketFactory((Vector) ((IterableOps) scala.package$.MODULE$.Vector().apply(ScalaRunTime$.MODULE$.wrapRefArray(new package.HTTPS.KeyStoreOperations.Credential[]{credential}))).$plus$plus(vector), str, package$HTTPS$.MODULE$.socketFactory$default$3());
    }
}
