package com.karasiq.tls.internal;

import com.karasiq.tls.TLS;
import com.karasiq.tls.x509.CertificateVerifier;
import com.typesafe.config.Config;
import com.typesafe.config.ConfigFactory;
import java.security.Provider;
import java.util.Vector;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DSAKeyParameters;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.HashAlgorithm;
import org.bouncycastle.crypto.tls.ProtocolVersion;
import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.crypto.tls.TlsUtils;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import scala.Array$;
import scala.MatchError;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Predef$Ensuring$;
import scala.StringContext;
import scala.collection.GenTraversableOnce;
import scala.collection.Iterable;
import scala.collection.JavaConversions$;
import scala.collection.TraversableOnce;
import scala.collection.immutable.Set$;
import scala.collection.mutable.ArrayOps;
import scala.collection.mutable.Buffer$;
import scala.reflect.ClassTag$;
import scala.runtime.BoxesRunTime;
import scala.util.Try$;

/* compiled from: TLSUtils.scala */
/* loaded from: input_file:com/karasiq/tls/internal/TLSUtils$.class */
public final class TLSUtils$ {
    public static TLSUtils$ MODULE$;
    private final Provider provider;
    private final Config config;

    static {
        new TLSUtils$();
    }

    public Provider provider() {
        return this.provider;
    }

    private Config config() {
        return this.config;
    }

    public SignatureAndHashAlgorithm signatureAlgorithm(AsymmetricKeyParameter asymmetricKeyParameter, String str) {
        return new SignatureAndHashAlgorithm(BoxesRunTime.unboxToShort(Try$.MODULE$.apply(() -> {
            return HashAlgorithm.class.getField(str.replace("-", "").toLowerCase()).getShort(null);
        }).getOrElse(() -> {
            throw new IllegalArgumentException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Invalid hash algorithm: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str})));
        })), asymmetricKeyParameter instanceof RSAKeyParameters ? (short) 1 : asymmetricKeyParameter instanceof ECKeyParameters ? (short) 3 : asymmetricKeyParameter instanceof DSAKeyParameters ? (short) 2 : (short) 0);
    }

    public String signatureAlgorithm$default$2() {
        return defaultHashAlgorithm();
    }

    private Vector<?> authoritiesOf(CertificateVerifier certificateVerifier) {
        return asJavaVector$1((GenTraversableOnce) certificateVerifier.trustedRootCertificates().map(certificate -> {
            return certificate.getSubject();
        }, Set$.MODULE$.canBuildFrom()));
    }

    public CertificateRequest certificateRequest(ProtocolVersion protocolVersion, CertificateVerifier certificateVerifier) {
        return new CertificateRequest(new short[]{1, 64, 2}, defaultSignatureAlgorithms(protocolVersion), authoritiesOf(certificateVerifier));
    }

    public Option<TLS.CertificateKey> certificateFor(TLS.KeySet keySet, CertificateRequest certificateRequest) {
        return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps((TLS.CertificateKey[]) new ArrayOps.ofShort(Predef$.MODULE$.shortArrayOps(certificateRequest.getCertificateTypes())).flatMap(obj -> {
            return $anonfun$certificateFor$1(keySet, BoxesRunTime.unboxToShort(obj));
        }, Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(TLS.CertificateKey.class))))).find(certificateKey -> {
            return BoxesRunTime.boxToBoolean($anonfun$certificateFor$2(certificateRequest, certificateKey));
        });
    }

    public boolean isInAuthorities(Certificate certificate, CertificateRequest certificateRequest) {
        return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(certificate.getCertificateList())).exists(certificate2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$isInAuthorities$1(certificateRequest, certificate2));
        });
    }

    private ProtocolVersion asProtocolVersion(String str) {
        ProtocolVersion protocolVersion;
        if ("SSLv3".equals(str)) {
            protocolVersion = ProtocolVersion.SSLv3;
        } else {
            if ("TLSv1".equals(str) ? true : "TLSv1.0".equals(str)) {
                protocolVersion = ProtocolVersion.TLSv10;
            } else if ("TLSv1.1".equals(str)) {
                protocolVersion = ProtocolVersion.TLSv11;
            } else if ("TLSv1.2".equals(str)) {
                protocolVersion = ProtocolVersion.TLSv12;
            } else {
                if ("DTLSv1".equals(str) ? true : "DTLSv1.0".equals(str)) {
                    protocolVersion = ProtocolVersion.DTLSv10;
                } else {
                    if (!"DTLSv1.2".equals(str)) {
                        throw new IllegalArgumentException("Invalid TLS version: " + str);
                    }
                    protocolVersion = ProtocolVersion.DTLSv12;
                }
            }
        }
        return protocolVersion;
    }

    public int[] defaultCipherSuites() {
        return (int[]) ((TraversableOnce) Predef$Ensuring$.MODULE$.ensuring$extension3(Predef$.MODULE$.Ensuring(JavaConversions$.MODULE$.deprecated$u0020asScalaBuffer(config().getStringList("cipher-suites")).map(str -> {
            return BoxesRunTime.boxToInteger($anonfun$defaultCipherSuites$1(str));
        }, Buffer$.MODULE$.canBuildFrom())), buffer -> {
            return BoxesRunTime.boxToBoolean(buffer.nonEmpty());
        }, () -> {
            return "Cipher suites is empty";
        })).toArray(ClassTag$.MODULE$.Int());
    }

    public String defaultHashAlgorithm() {
        return config().getString("hash-algorithm");
    }

    public Vector<?> defaultSignatureAlgorithms(ProtocolVersion protocolVersion) {
        if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(protocolVersion)) {
            return TlsUtils.getDefaultSupportedSignatureAlgorithms();
        }
        return null;
    }

    public ProtocolVersion minVersion() {
        return asProtocolVersion(config().getString("min-version"));
    }

    public ProtocolVersion maxVersion() {
        return asProtocolVersion(config().getString("max-version"));
    }

    public ECParameterSpec getEllipticCurve(String str) {
        return (ECParameterSpec) Option$.MODULE$.apply(ECNamedCurveTable.getParameterSpec(str)).getOrElse(() -> {
            throw new IllegalArgumentException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Elliptic curve not defined: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str})));
        });
    }

    private static final Vector asJavaVector$1(GenTraversableOnce genTraversableOnce) {
        Vector vector = new Vector();
        genTraversableOnce.foreach(obj -> {
            return BoxesRunTime.boxToBoolean(vector.add(obj));
        });
        return vector;
    }

    public static final /* synthetic */ Iterable $anonfun$certificateFor$1(TLS.KeySet keySet, short s) {
        switch (s) {
            case 1:
                return Option$.MODULE$.option2Iterable(keySet.rsa());
            case 2:
                return Option$.MODULE$.option2Iterable(keySet.dsa());
            case 64:
                return Option$.MODULE$.option2Iterable(keySet.ecdsa());
            default:
                throw new MatchError(BoxesRunTime.boxToShort(s));
        }
    }

    public static final /* synthetic */ boolean $anonfun$certificateFor$2(CertificateRequest certificateRequest, TLS.CertificateKey certificateKey) {
        return MODULE$.isInAuthorities(certificateKey.certificateChain(), certificateRequest);
    }

    public static final /* synthetic */ boolean $anonfun$isInAuthorities$1(CertificateRequest certificateRequest, org.bouncycastle.asn1.x509.Certificate certificate) {
        return certificateRequest.getCertificateAuthorities().contains(certificate.getSubject()) || certificateRequest.getCertificateAuthorities().contains(certificate.getIssuer());
    }

    public static final /* synthetic */ int $anonfun$defaultCipherSuites$1(String str) {
        return BCConversions$CipherSuiteId$.MODULE$.apply(str);
    }

    private TLSUtils$() {
        MODULE$ = this;
        this.provider = new BouncyCastleProvider();
        this.config = ConfigFactory.load().getConfig("karasiq.tls");
    }
}
