package com.karasiq.tls;

import com.karasiq.tls.internal.BCConversions$CipherSuiteId$;
import com.karasiq.tls.internal.TLSUtils$;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.DefaultTlsClient;
import org.bouncycastle.crypto.tls.DefaultTlsSignerCredentials;
import org.bouncycastle.crypto.tls.ProtocolVersion;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsClientContext;
import org.bouncycastle.crypto.tls.TlsCredentials;
import org.bouncycastle.crypto.tls.TlsFatalAlert;
import scala.Predef$;
import scala.StringContext;
import scala.collection.TraversableOnce;
import scala.collection.immutable.List;
import scala.collection.immutable.List$;
import scala.collection.mutable.ArrayOps;
import scala.runtime.BoxesRunTime;

/* compiled from: TLSClientWrapper.scala */
/* loaded from: input_file:com/karasiq/tls/TLSClientWrapper$$anon$1.class */
public final class TLSClientWrapper$$anon$1 extends DefaultTlsClient {
    private final /* synthetic */ TLSClientWrapper $outer;

    public /* synthetic */ TlsClientContext protected$context(TLSClientWrapper$$anon$1 tLSClientWrapper$$anon$1) {
        return tLSClientWrapper$$anon$1.context;
    }

    public ProtocolVersion getMinimumVersion() {
        return TLSUtils$.MODULE$.minVersion();
    }

    public int[] getCipherSuites() {
        return TLSUtils$.MODULE$.defaultCipherSuites();
    }

    public void notifyHandshakeComplete() {
        this.$outer.handshake().trySuccess(BoxesRunTime.boxToBoolean(true));
        this.$outer.onInfo(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Selected cipher suite: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{BCConversions$CipherSuiteId$.MODULE$.asString(this.selectedCipherSuite)})));
    }

    public TlsAuthentication getAuthentication() {
        return new TlsAuthentication(this) { // from class: com.karasiq.tls.TLSClientWrapper$$anon$1$$anon$2
            private final /* synthetic */ TLSClientWrapper$$anon$1 $outer;

            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) {
                return (TlsCredentials) this.$outer.com$karasiq$tls$TLSClientWrapper$$anon$$$outer().wrapException("Could not provide client credentials", () -> {
                    return (TlsCredentials) this.$outer.com$karasiq$tls$TLSClientWrapper$$anon$$$outer().getClientCertificate(certificateRequest).map(certificateKey -> {
                        return new DefaultTlsSignerCredentials(this.$outer.protected$context(this.$outer), certificateKey.certificateChain(), certificateKey.key().getPrivate(), TLSUtils$.MODULE$.signatureAlgorithm(certificateKey.key().getPrivate(), TLSUtils$.MODULE$.signatureAlgorithm$default$2()));
                    }).orNull(Predef$.MODULE$.$conforms());
                });
            }

            public void notifyServerCertificate(Certificate certificate) {
                this.$outer.com$karasiq$tls$TLSClientWrapper$$anon$$$outer().wrapException("Server certificate error", () -> {
                    List<org.bouncycastle.asn1.x509.Certificate> list = new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(certificate.getCertificateList())).toList();
                    if (list.nonEmpty()) {
                        this.$outer.com$karasiq$tls$TLSClientWrapper$$anon$$$outer().onInfo(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Server certificate chain: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{((TraversableOnce) list.map(certificate2 -> {
                            return certificate2.getSubject();
                        }, List$.MODULE$.canBuildFrom())).mkString("; ")})));
                        if (this.$outer.com$karasiq$tls$TLSClientWrapper$$anon$$$outer().com$karasiq$tls$TLSClientWrapper$$address != null && !this.$outer.com$karasiq$tls$TLSClientWrapper$$anon$$$outer().com$karasiq$tls$TLSClientWrapper$$verifier.isHostValid((org.bouncycastle.asn1.x509.Certificate) list.head(), this.$outer.com$karasiq$tls$TLSClientWrapper$$anon$$$outer().com$karasiq$tls$TLSClientWrapper$$address.getHostString())) {
                            String s = new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Certificate hostname not match: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{this.$outer.com$karasiq$tls$TLSClientWrapper$$anon$$$outer().com$karasiq$tls$TLSClientWrapper$$address.getHostString()}));
                            Throwable tlsFatalAlert = new TlsFatalAlert((short) 42, new TLSException(s, TLSException$.MODULE$.$lessinit$greater$default$2()));
                            this.$outer.com$karasiq$tls$TLSClientWrapper$$anon$$$outer().onError(s, tlsFatalAlert);
                            throw tlsFatalAlert;
                        }
                    }
                    if (this.$outer.com$karasiq$tls$TLSClientWrapper$$anon$$$outer().com$karasiq$tls$TLSClientWrapper$$verifier.isChainValid(list)) {
                        return;
                    }
                    String s2 = new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Invalid server certificate: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{list.headOption().fold(() -> {
                        return "<none>";
                    }, certificate3 -> {
                        return certificate3.getSubject().toString();
                    })}));
                    Throwable tlsFatalAlert2 = new TlsFatalAlert((short) 42, new TLSException(s2, TLSException$.MODULE$.$lessinit$greater$default$2()));
                    this.$outer.com$karasiq$tls$TLSClientWrapper$$anon$$$outer().onError(s2, tlsFatalAlert2);
                    throw tlsFatalAlert2;
                });
            }

            {
                if (this == null) {
                    throw null;
                }
                this.$outer = this;
            }
        };
    }

    public /* synthetic */ TLSClientWrapper com$karasiq$tls$TLSClientWrapper$$anon$$$outer() {
        return this.$outer;
    }

    public TLSClientWrapper$$anon$1(TLSClientWrapper tLSClientWrapper) {
        if (tLSClientWrapper == null) {
            throw null;
        }
        this.$outer = tLSClientWrapper;
    }
}
