package com.twitter.finagle.ssl;

import com.twitter.finagle.Stack;
import com.twitter.finagle.param.OppTls;
import com.twitter.finagle.param.OppTls$;
import com.twitter.finagle.ssl.OpportunisticTls;
import com.twitter.finagle.ssl.SnoopingLevelInterpreter;
import com.twitter.finagle.ssl.server.SslServerConfiguration;
import com.twitter.finagle.transport.Transport;
import com.twitter.finagle.transport.Transport$ServerSsl$;
import com.twitter.logging.Logger;
import com.twitter.logging.Logger$;
import scala.Function2;
import scala.MatchError;
import scala.None$;
import scala.Some;
import scala.collection.immutable.Nil$;
import scala.runtime.BoxesRunTime;

/* compiled from: SnoopingLevelInterpreter.scala */
/* loaded from: input_file:com/twitter/finagle/ssl/SnoopingLevelInterpreter$.class */
public final class SnoopingLevelInterpreter$ {
    public static final SnoopingLevelInterpreter$ MODULE$ = new SnoopingLevelInterpreter$();
    private static final Logger logger = Logger$.MODULE$.get();
    private static final SnoopingLevelInterpreter.Param Off = new SnoopingLevelInterpreter.Param(SnoopingLevelInterpreter$Disabled$.MODULE$);
    private static final SnoopingLevelInterpreter.Param EnabledForNonNegotiatingProtocols = new SnoopingLevelInterpreter.Param(new SnoopingLevelInterpreter.Enabled((level, sslServerConfiguration) -> {
        return BoxesRunTime.boxToBoolean($anonfun$EnabledForNonNegotiatingProtocols$1(level, sslServerConfiguration));
    }));
    private static final SnoopingLevelInterpreter.Param EnabledForNegotiatingProtocols = new SnoopingLevelInterpreter.Param(new SnoopingLevelInterpreter.Enabled((level, sslServerConfiguration) -> {
        return BoxesRunTime.boxToBoolean($anonfun$EnabledForNegotiatingProtocols$1(level, sslServerConfiguration));
    }));

    private Logger logger() {
        return logger;
    }

    public SnoopingLevelInterpreter.Param Off() {
        return Off;
    }

    public SnoopingLevelInterpreter.Param EnabledForNonNegotiatingProtocols() {
        return EnabledForNonNegotiatingProtocols;
    }

    public SnoopingLevelInterpreter.Param EnabledForNegotiatingProtocols() {
        return EnabledForNegotiatingProtocols;
    }

    public boolean shouldEnableSnooping(Stack.Params params) {
        boolean z;
        boolean z2;
        SnoopingLevelInterpreter.Interpreter interpreter = ((SnoopingLevelInterpreter.Param) params.apply(SnoopingLevelInterpreter$Param$.MODULE$.param())).interpreter();
        if (SnoopingLevelInterpreter$Disabled$.MODULE$.equals(interpreter)) {
            z2 = false;
        } else {
            if (!(interpreter instanceof SnoopingLevelInterpreter.Enabled)) {
                throw new MatchError(interpreter);
            }
            Function2<OpportunisticTls.Level, SslServerConfiguration, Object> predicate = ((SnoopingLevelInterpreter.Enabled) interpreter).predicate();
            OpportunisticTls.Level level = (OpportunisticTls.Level) ((OppTls) params.apply(OppTls$.MODULE$.param())).level().getOrElse(() -> {
                return OpportunisticTls$Desired$.MODULE$;
            });
            Some sslServerConfiguration = ((Transport.ServerSsl) params.apply(Transport$ServerSsl$.MODULE$.param())).sslServerConfiguration();
            if (sslServerConfiguration instanceof Some) {
                z = BoxesRunTime.unboxToBoolean(predicate.apply(level, (SslServerConfiguration) sslServerConfiguration.value()));
            } else {
                if (!None$.MODULE$.equals(sslServerConfiguration)) {
                    throw new MatchError(sslServerConfiguration);
                }
                OpportunisticTls$Off$ opportunisticTls$Off$ = OpportunisticTls$Off$.MODULE$;
                if (level != null ? !level.equals(opportunisticTls$Off$) : opportunisticTls$Off$ != null) {
                    logger().warning("Tls snooping was potentially desired but not enabled because a security configuration was not specified", Nil$.MODULE$);
                }
                z = false;
            }
            z2 = z;
        }
        return z2;
    }

    private boolean nonNegotiating(OpportunisticTls.Level level, SslServerConfiguration sslServerConfiguration) {
        OpportunisticTls$Desired$ opportunisticTls$Desired$ = OpportunisticTls$Desired$.MODULE$;
        if (level != null ? !level.equals(opportunisticTls$Desired$) : opportunisticTls$Desired$ != null) {
            return false;
        }
        ClientAuth clientAuth = sslServerConfiguration.clientAuth();
        ClientAuth$Needed$ clientAuth$Needed$ = ClientAuth$Needed$.MODULE$;
        if (clientAuth != null ? !clientAuth.equals(clientAuth$Needed$) : clientAuth$Needed$ != null) {
            return true;
        }
        logger().warning("Opportunistic Tls was desired but not enabled because client authorization required.", Nil$.MODULE$);
        return false;
    }

    private boolean withNegotiating(OpportunisticTls.Level level, SslServerConfiguration sslServerConfiguration) {
        OpportunisticTls$Off$ opportunisticTls$Off$ = OpportunisticTls$Off$.MODULE$;
        return level != null ? !level.equals(opportunisticTls$Off$) : opportunisticTls$Off$ != null;
    }

    public static final /* synthetic */ boolean $anonfun$EnabledForNonNegotiatingProtocols$1(OpportunisticTls.Level level, SslServerConfiguration sslServerConfiguration) {
        return MODULE$.nonNegotiating(level, sslServerConfiguration);
    }

    public static final /* synthetic */ boolean $anonfun$EnabledForNegotiatingProtocols$1(OpportunisticTls.Level level, SslServerConfiguration sslServerConfiguration) {
        return MODULE$.withNegotiating(level, sslServerConfiguration);
    }

    private SnoopingLevelInterpreter$() {
    }
}
