package com.typesafe.sslconfig.pekko;

import com.typesafe.sslconfig.pekko.util.PekkoLoggerFactory;
import com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder;
import com.typesafe.sslconfig.ssl.DefaultHostnameVerifier;
import com.typesafe.sslconfig.ssl.DefaultKeyManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.DefaultTrustManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.DisabledComplainingHostnameVerifier;
import com.typesafe.sslconfig.ssl.KeyManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.NoopHostnameVerifier;
import com.typesafe.sslconfig.ssl.Protocols$;
import com.typesafe.sslconfig.ssl.SSLConfigSettings;
import com.typesafe.sslconfig.ssl.TrustManagerFactoryWrapper;
import com.typesafe.sslconfig.util.LoggerFactory;
import java.util.Collections;
import java.util.function.Function;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import org.apache.pekko.actor.ActorSystem;
import org.apache.pekko.actor.ClassicActorSystemProvider;
import org.apache.pekko.actor.ExtendedActorSystem;
import org.apache.pekko.actor.Extension;
import org.apache.pekko.annotation.InternalApi;
import org.apache.pekko.event.LogSource$;
import org.apache.pekko.event.Logging$;
import org.apache.pekko.event.LoggingAdapter;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.collection.ArrayOps$;
import scala.collection.IterableOnceOps;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Seq;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;

/* compiled from: PekkoSSLConfig.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005}x!B\u0011#\u0011\u0003Yc!B\u0017#\u0011\u0003q\u0003B\u0002*\u0002\t\u0003\tY\rC\u0004\u0002N\u0006!\t%a4\t\u000f\u00055\u0017\u0001\"\u0011\u0002Z\"9\u00111]\u0001\u0005\u0002\u0005\u0015\bbBAv\u0003\u0011\u0005\u0013Q\u001e\u0005\b\u0003_\fA\u0011IAy\u0011\u001d\t)0\u0001C\u0001\u0003o4A!\f\u0012\u0003\u0003\"AQ)\u0003B\u0001B\u0003%a\t\u0003\u0005J\u0013\t\u0015\r\u0011\"\u0001K\u0011!\t\u0016B!A!\u0002\u0013Y\u0005\"\u0002*\n\t\u0003\u0019\u0006b\u0002,\n\u0005\u0004%Ia\u0016\u0005\u0007=&\u0001\u000b\u0011\u0002-\t\u000f}K!\u0019!C\u0005A\"1q-\u0003Q\u0001\n\u0005DQ\u0001[\u0005\u0005\u0002%DQ\u0001\\\u0005\u0005\u00025DQa]\u0005\u0005\u0002QD\u0001b`\u0005C\u0002\u0013\u0005\u0011\u0011\u0001\u0005\t\u0003+I\u0001\u0015!\u0003\u0002\u0004!9\u0011qC\u0005\u0005\u0002\u0005e\u0001\"CA\u0018\u0013\t\u0007I\u0011AA\u0019\u0011!\tI$\u0003Q\u0001\n\u0005M\u0002bBA\u001e\u0013\u0011\u0005\u0011Q\b\u0005\b\u0003\u000fJA\u0011AA%\u0011\u001d\t\u0019&\u0003C\u0001\u0003+Bq!a\u0017\n\t\u0003\ti\u0006C\u0004\u0002~%!\t!a \t\u000f\u0005\r\u0016\u0002\"\u0001\u0002&\"9\u0011QV\u0005\u0005\n\u0005=\u0016A\u0004)fW.|7k\u0015'D_:4\u0017n\u001a\u0006\u0003G\u0011\nQ\u0001]3lW>T!!\n\u0014\u0002\u0013M\u001cHnY8oM&<'BA\u0014)\u0003!!\u0018\u0010]3tC\u001a,'\"A\u0015\u0002\u0007\r|Wn\u0001\u0001\u0011\u00051\nQ\"\u0001\u0012\u0003\u001dA+7n[8T'2\u001buN\u001c4jON)\u0011aL\u001b\u0002FB\u0011\u0001gM\u0007\u0002c)\t!'A\u0003tG\u0006d\u0017-\u0003\u00025c\t1\u0011I\\=SK\u001a\u00042A\u000e A\u001b\u00059$B\u0001\u001d:\u0003\u0015\t7\r^8s\u0015\t\u0019#H\u0003\u0002<y\u00051\u0011\r]1dQ\u0016T\u0011!P\u0001\u0004_J<\u0017BA 8\u0005-)\u0005\u0010^3og&|g.\u00133\u0011\u00051J1cA\u00050\u0005B\u0011agQ\u0005\u0003\t^\u0012\u0011\"\u0012=uK:\u001c\u0018n\u001c8\u0002\rML8\u000f^3n!\t1t)\u0003\u0002Io\t\u0019R\t\u001f;f]\u0012,G-Q2u_J\u001c\u0016p\u001d;f[\u000611m\u001c8gS\u001e,\u0012a\u0013\t\u0003\u0019>k\u0011!\u0014\u0006\u0003\u001d\u0012\n1a]:m\u0013\t\u0001VJA\tT'2\u001buN\u001c4jON+G\u000f^5oON\fqaY8oM&<\u0007%\u0001\u0004=S:LGO\u0010\u000b\u0004\u0001R+\u0006\"B#\u000e\u0001\u00041\u0005\"B%\u000e\u0001\u0004Y\u0015\u0001C7l\u0019><w-\u001a:\u0016\u0003a\u0003\"!\u0017/\u000e\u0003iS!a\u0017\u0012\u0002\tU$\u0018\u000e\\\u0005\u0003;j\u0013!\u0003U3lW>dunZ4fe\u001a\u000b7\r^8ss\u0006IQn\u001b'pO\u001e,'\u000fI\u0001\u0004Y><W#A1\u0011\u0005\t,W\"A2\u000b\u0005\u0011L\u0014!B3wK:$\u0018B\u00014d\u00059aunZ4j]\u001e\fE-\u00199uKJ\fA\u0001\\8hA\u0005aq/\u001b;i'\u0016$H/\u001b8hgR\u0011\u0001I\u001b\u0005\u0006WJ\u0001\raS\u0001\u0002G\u0006YQ.\u00199TKR$\u0018N\\4t)\t\u0001e\u000eC\u0003p'\u0001\u0007\u0001/A\u0001g!\u0011\u0001\u0014oS&\n\u0005I\f$!\u0003$v]\u000e$\u0018n\u001c82\u0003=\u0019wN\u001c<feR\u001cV\r\u001e;j]\u001e\u001cHC\u0001!v\u0011\u0015yG\u00031\u0001w!\u00119XpS&\u000e\u0003aT!!\u001f>\u0002\u0011\u0019,hn\u0019;j_:T!aW>\u000b\u0003q\fAA[1wC&\u0011a\u0010\u001f\u0002\t\rVt7\r^5p]\u0006\u0001\u0002n\\:u]\u0006lWMV3sS\u001aLWM]\u000b\u0003\u0003\u0007\u0001B!!\u0002\u0002\u00125\u0011\u0011q\u0001\u0006\u0004\u001d\u0006%!\u0002BA\u0006\u0003\u001b\t1A\\3u\u0015\t\ty!A\u0003kCZ\f\u00070\u0003\u0003\u0002\u0014\u0005\u001d!\u0001\u0005%pgRt\u0017-\\3WKJLg-[3s\u0003EAwn\u001d;oC6,g+\u001a:jM&,'\u000fI\u0001\u001bkN,'J^7I_N$h.Y7f-\u0016\u0014\u0018NZ5dCRLwN\\\u000b\u0003\u00037\u00012\u0001MA\u000f\u0013\r\ty\"\r\u0002\b\u0005>|G.Z1oQ\r9\u00121\u0005\t\u0005\u0003K\tY#\u0004\u0002\u0002()\u0019\u0011\u0011F\u001d\u0002\u0015\u0005tgn\u001c;bi&|g.\u0003\u0003\u0002.\u0005\u001d\"aC%oi\u0016\u0014h.\u00197Ba&\fQc]:m\u000b:<\u0017N\\3D_:4\u0017nZ;sCR|'/\u0006\u0002\u00024A\u0019A&!\u000e\n\u0007\u0005]\"E\u0001\u000fEK\u001a\fW\u000f\u001c;T'2+enZ5oK\u000e{gNZ5hkJ\fGo\u001c:\u0002-M\u001cH.\u00128hS:,7i\u001c8gS\u001e,(/\u0019;pe\u0002\naCY;jY\u0012\\U-_'b]\u0006<WM\u001d$bGR|'/\u001f\u000b\u0005\u0003\u007f\t)\u0005E\u0002M\u0003\u0003J1!a\u0011N\u0005aYU-_'b]\u0006<WM\u001d$bGR|'/_,sCB\u0004XM\u001d\u0005\u0006\u001dj\u0001\raS\u0001\u0019EVLG\u000e\u001a+skN$X*\u00198bO\u0016\u0014h)Y2u_JLH\u0003BA&\u0003#\u00022\u0001TA'\u0013\r\ty%\u0014\u0002\u001b)J,8\u000f^'b]\u0006<WM\u001d$bGR|'/_,sCB\u0004XM\u001d\u0005\u0006\u001dn\u0001\raS\u0001\u0016EVLG\u000e\u001a%pgRt\u0017-\\3WKJLg-[3s)\u0011\t\u0019!a\u0016\t\r\u0005eC\u00041\u0001L\u0003\u0011\u0019wN\u001c4\u00027Y\fG.\u001b3bi\u0016$UMZ1vYR$&/^:u\u001b\u0006t\u0017mZ3s)\u0011\ty&!\u001a\u0011\u0007A\n\t'C\u0002\u0002dE\u0012A!\u00168ji\"1\u0011qM\u000fA\u0002-\u000b\u0011b]:m\u0007>tg-[4)\u0017u\tY'!\u001d\u0002t\u0005]\u0014\u0011\u0010\t\u0004a\u00055\u0014bAA8c\tQA-\u001a9sK\u000e\fG/\u001a3\u0002\u000f5,7o]1hK\u0006\u0012\u0011QO\u0001[m\u0006d\u0017\u000eZ1uK\u0012+g-Y;miR\u0013Xo\u001d;NC:\fw-\u001a:!SN\u0004cn\u001c;!I>Lgn\u001a\u0011b]f$\b.\u001b8hAMLgnY3!C.\\\u0017\r\t\u001a/m9\n\u0014\bI1oI\u0002\u001a\bn\\;mI\u0002rw\u000e\u001e\u0011cK\u0002*8/\u001a3\u0002\u000bMLgnY3\"\u0005\u0005m\u0014aC!lW\u0006\u0004#G\f\u001c/ce\n!cY8oM&<WO]3Qe>$xnY8mgR1\u0011\u0011QAO\u0003C\u0003R\u0001MAB\u0003\u000fK1!!\"2\u0005\u0015\t%O]1z!\u0011\tI)a&\u000f\t\u0005-\u00151\u0013\t\u0004\u0003\u001b\u000bTBAAH\u0015\r\t\tJK\u0001\u0007yI|w\u000e\u001e \n\u0007\u0005U\u0015'\u0001\u0004Qe\u0016$WMZ\u0005\u0005\u00033\u000bYJ\u0001\u0004TiJLgn\u001a\u0006\u0004\u0003+\u000b\u0004bBAP=\u0001\u0007\u0011\u0011Q\u0001\u0012KbL7\u000f^5oOB\u0013x\u000e^8d_2\u001c\bBBA4=\u0001\u00071*A\u000bd_:4\u0017nZ;sK\u000eK\u0007\u000f[3s'VLG/Z:\u0015\r\u0005\u0005\u0015qUAV\u0011\u001d\tIk\ba\u0001\u0003\u0003\u000bq\"\u001a=jgRLgnZ\"ja\",'o\u001d\u0005\u0007\u0003Oz\u0002\u0019A&\u0002\u001f1|wn]3ESN\f'\r\\3T\u001d&#B!a\u0018\u00022\"9\u00111\u0017\u0011A\u0002\u0005U\u0016!\u00043fM\u0006,H\u000e\u001e)be\u0006l7\u000f\u0005\u0003\u0002\u0006\u0005]\u0016\u0002BA]\u0003\u000f\u0011QbU*M!\u0006\u0014\u0018-\\3uKJ\u001c\bfC\u0005\u0002l\u0005E\u0014QXA<\u0003\u0003\f#!a0\u0002=V\u001bX\r\t+da\u0002\ng\u000e\u001a\u0011U\u0019N\u0003s/\u001b;iAM\u001bF*\u00128hS:,\u0007\u0005]1sC6,G/\u001a:tA%t7\u000f^3bI:\u00023+\u001a;va\u0002\"\b.\u001a\u0011T'2+enZ5oK\u0002:\u0018\u000e\u001e5!]\u0016,G-\u001a3!a\u0006\u0014\u0018-\\3uKJ\u001ch&\t\u0002\u0002D\u0006Q\u0011i[6bAIrcG\f\u0019\u0011\u0007Y\n9-C\u0002\u0002J^\u00121#\u0012=uK:\u001c\u0018n\u001c8JIB\u0013xN^5eKJ$\u0012aK\u0001\u0004O\u0016$Hc\u0001!\u0002R\"1Qi\u0001a\u0001\u0003'\u00042ANAk\u0013\r\t9n\u000e\u0002\f\u0003\u000e$xN]*zgR,W\u000eF\u0002A\u00037Da!\u0012\u0003A\u0002\u0005u\u0007c\u0001\u001c\u0002`&\u0019\u0011\u0011]\u001c\u00035\rc\u0017m]:jG\u0006\u001bGo\u001c:TsN$X-\u001c)s_ZLG-\u001a:\u0002\u000b\u0005\u0004\b\u000f\\=\u0015\u0005\u0005\u001dHc\u0001!\u0002j\"1Q)\u0002a\u0002\u0003'\fa\u0001\\8pWV\u0004X#A\u0016\u0002\u001f\r\u0014X-\u0019;f\u000bb$XM\\:j_:$2\u0001QAz\u0011\u0015)u\u00011\u0001G\u0003a!WMZ1vYR\u001c6\u000bT\"p]\u001aLwmU3ui&twm\u001d\u000b\u0004\u0017\u0006e\bBB#\t\u0001\u0004\t\u0019\u000eK\u0006\u0002\u0003W\n\t(!0\u0002x\u0005\u0005\u0007f\u0003\u0001\u0002l\u0005E\u0014QXA<\u0003\u0003\u0004")
/* loaded from: input_file:com/typesafe/sslconfig/pekko/PekkoSSLConfig.class */
public final class PekkoSSLConfig implements Extension {
    private final ExtendedActorSystem system;
    private final SSLConfigSettings config;
    private final PekkoLoggerFactory mkLogger;
    private final LoggingAdapter log;
    private final HostnameVerifier hostnameVerifier;
    private final DefaultSSLEngineConfigurator sslEngineConfigurator;

    public static SSLConfigSettings defaultSSLConfigSettings(ActorSystem actorSystem) {
        return PekkoSSLConfig$.MODULE$.defaultSSLConfigSettings(actorSystem);
    }

    public static PekkoSSLConfig createExtension(ExtendedActorSystem extendedActorSystem) {
        return PekkoSSLConfig$.MODULE$.m1createExtension(extendedActorSystem);
    }

    public static PekkoSSLConfig$ lookup() {
        return PekkoSSLConfig$.MODULE$.m2lookup();
    }

    public static PekkoSSLConfig apply(ActorSystem actorSystem) {
        return PekkoSSLConfig$.MODULE$.m3apply(actorSystem);
    }

    public static PekkoSSLConfig get(ClassicActorSystemProvider classicActorSystemProvider) {
        return PekkoSSLConfig$.MODULE$.m4get(classicActorSystemProvider);
    }

    public static PekkoSSLConfig get(ActorSystem actorSystem) {
        return PekkoSSLConfig$.MODULE$.m5get(actorSystem);
    }

    public static Extension apply(ClassicActorSystemProvider classicActorSystemProvider) {
        return PekkoSSLConfig$.MODULE$.apply(classicActorSystemProvider);
    }

    public SSLConfigSettings config() {
        return this.config;
    }

    private PekkoLoggerFactory mkLogger() {
        return this.mkLogger;
    }

    private LoggingAdapter log() {
        return this.log;
    }

    public PekkoSSLConfig withSettings(SSLConfigSettings sSLConfigSettings) {
        return new PekkoSSLConfig(this.system, sSLConfigSettings);
    }

    public PekkoSSLConfig mapSettings(Function1<SSLConfigSettings, SSLConfigSettings> function1) {
        return new PekkoSSLConfig(this.system, (SSLConfigSettings) function1.apply(config()));
    }

    public PekkoSSLConfig convertSettings(Function<SSLConfigSettings, SSLConfigSettings> function) {
        return new PekkoSSLConfig(this.system, function.apply(config()));
    }

    public HostnameVerifier hostnameVerifier() {
        return this.hostnameVerifier;
    }

    @InternalApi
    public boolean useJvmHostnameVerification() {
        HostnameVerifier hostnameVerifier = hostnameVerifier();
        return hostnameVerifier instanceof DefaultHostnameVerifier ? true : hostnameVerifier instanceof NoopHostnameVerifier;
    }

    public DefaultSSLEngineConfigurator sslEngineConfigurator() {
        return this.sslEngineConfigurator;
    }

    public KeyManagerFactoryWrapper buildKeyManagerFactory(SSLConfigSettings sSLConfigSettings) {
        return new DefaultKeyManagerFactoryWrapper(sSLConfigSettings.keyManagerConfig().algorithm());
    }

    public TrustManagerFactoryWrapper buildTrustManagerFactory(SSLConfigSettings sSLConfigSettings) {
        return new DefaultTrustManagerFactoryWrapper(sSLConfigSettings.trustManagerConfig().algorithm());
    }

    public HostnameVerifier buildHostnameVerifier(SSLConfigSettings sSLConfigSettings) {
        if (sSLConfigSettings != null) {
        }
        Class<DisabledComplainingHostnameVerifier> hostnameVerifierClass = config().loose().disableHostnameVerification() ? DisabledComplainingHostnameVerifier.class : config().hostnameVerifierClass();
        HostnameVerifier hostnameVerifier = (HostnameVerifier) this.system.dynamicAccess().createInstanceFor(hostnameVerifierClass, Nil$.MODULE$, ClassTag$.MODULE$.apply(HostnameVerifier.class)).orElse(() -> {
            return this.system.dynamicAccess().createInstanceFor(hostnameVerifierClass, new $colon.colon(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(LoggerFactory.class), this.mkLogger()), Nil$.MODULE$), ClassTag$.MODULE$.apply(HostnameVerifier.class));
        }).getOrElse(() -> {
            throw new Exception(new StringBuilder(46).append("Unable to obtain hostname verifier for class: ").append(hostnameVerifierClass).toString());
        });
        log().debug("buildHostnameVerifier: created hostname verifier: {}", hostnameVerifier);
        return hostnameVerifier;
    }

    public void validateDefaultTrustManager(SSLConfigSettings sSLConfigSettings) {
        log().warning("validateDefaultTrustManager is not doing anything since akka 2.6.19, it was useful only in Java 7 and below");
    }

    public String[] configureProtocols(String[] strArr, SSLConfigSettings sSLConfigSettings) {
        String[] strArr2;
        Some enabledProtocols = sSLConfigSettings.enabledProtocols();
        if (enabledProtocols instanceof Some) {
            Seq seq = (Seq) enabledProtocols.value();
            Object refArrayOps = Predef$.MODULE$.refArrayOps(strArr);
            strArr2 = (String[]) ((IterableOnceOps) seq.filter(str -> {
                return BoxesRunTime.boxToBoolean($anonfun$configureProtocols$1(refArrayOps, str));
            })).toArray(ClassTag$.MODULE$.apply(String.class));
        } else {
            if (!None$.MODULE$.equals(enabledProtocols)) {
                throw new MatchError(enabledProtocols);
            }
            ArrayOps$ arrayOps$ = ArrayOps$.MODULE$;
            Object refArrayOps2 = Predef$.MODULE$.refArrayOps(Protocols$.MODULE$.recommendedProtocols());
            Object refArrayOps3 = Predef$.MODULE$.refArrayOps(strArr);
            strArr2 = (String[]) arrayOps$.filter$extension(refArrayOps2, str2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$configureProtocols$2(refArrayOps3, str2));
            });
        }
        return strArr2;
    }

    public String[] configureCipherSuites(String[] strArr, SSLConfigSettings sSLConfigSettings) {
        String[] strArr2;
        Some enabledCipherSuites = sSLConfigSettings.enabledCipherSuites();
        if (enabledCipherSuites instanceof Some) {
            strArr2 = (String[]) ((IterableOnceOps) ((Seq) enabledCipherSuites.value()).filter(str -> {
                return BoxesRunTime.boxToBoolean($anonfun$configureCipherSuites$1(strArr, str));
            })).toArray(ClassTag$.MODULE$.apply(String.class));
        } else {
            if (!None$.MODULE$.equals(enabledCipherSuites)) {
                throw new MatchError(enabledCipherSuites);
            }
            strArr2 = strArr;
        }
        return strArr2;
    }

    private void looseDisableSNI(SSLParameters sSLParameters) {
        if (config().loose().disableSNI()) {
            log().warning("You are using ssl-config.loose.disableSNI=true! It is strongly discouraged to disable Server Name Indication, as it is crucial to preventing man-in-the-middle attacks.");
            sSLParameters.setServerNames(Collections.emptyList());
            sSLParameters.setSNIMatchers(Collections.emptyList());
        }
    }

    public static final /* synthetic */ boolean $anonfun$configureProtocols$1(Object obj, String str) {
        return ArrayOps$.MODULE$.contains$extension(obj, str);
    }

    public static final /* synthetic */ boolean $anonfun$configureProtocols$2(Object obj, String str) {
        return ArrayOps$.MODULE$.contains$extension(obj, str);
    }

    public static final /* synthetic */ boolean $anonfun$configureCipherSuites$1(String[] strArr, String str) {
        return ArrayOps$.MODULE$.contains$extension(Predef$.MODULE$.refArrayOps(strArr), str);
    }

    public PekkoSSLConfig(ExtendedActorSystem extendedActorSystem, SSLConfigSettings sSLConfigSettings) {
        SSLContext build;
        this.system = extendedActorSystem;
        this.config = sSLConfigSettings;
        this.mkLogger = new PekkoLoggerFactory(extendedActorSystem);
        this.log = Logging$.MODULE$.apply(extendedActorSystem, PekkoSSLConfig.class, LogSource$.MODULE$.fromAnyClass());
        log().debug("Initializing PekkoSSLConfig extension...");
        this.hostnameVerifier = buildHostnameVerifier(sSLConfigSettings);
        if (sSLConfigSettings.default()) {
            log().info("ssl-config.default is true, using the JDK's default SSLContext");
            build = SSLContext.getDefault();
        } else {
            build = new ConfigSSLContextBuilder(mkLogger(), sSLConfigSettings, buildKeyManagerFactory(sSLConfigSettings), buildTrustManagerFactory(sSLConfigSettings)).build();
        }
        SSLParameters defaultSSLParameters = build.getDefaultSSLParameters();
        String[] configureProtocols = configureProtocols(defaultSSLParameters.getProtocols(), sSLConfigSettings);
        String[] configureCipherSuites = configureCipherSuites(defaultSSLParameters.getCipherSuites(), sSLConfigSettings);
        looseDisableSNI(defaultSSLParameters);
        this.sslEngineConfigurator = new DefaultSSLEngineConfigurator(sSLConfigSettings, configureProtocols, configureCipherSuites);
    }
}
