package akka.remote.artery.tcp;

import akka.actor.ActorSystem;
import akka.annotation.ApiMayChange;
import akka.event.LogMarker$;
import akka.event.LogSource;
import akka.event.LogSource$;
import akka.event.Logging$;
import akka.event.MarkerLoggingAdapter;
import akka.japi.Util$;
import akka.stream.Client$;
import akka.stream.Server$;
import akka.stream.TLSRole;
import akka.util.ccompat.package$;
import com.typesafe.config.Config;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.collection.immutable.Set;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.util.Try$;

/* compiled from: SSLEngineProvider.scala */
@ApiMayChange
@ScalaSignature(bytes = "\u0006\u0001\u00055h\u0001B\u0014)\u0001EB\u0001\u0002\u0010\u0001\u0003\u0006\u0004%\t\"\u0010\u0005\t\u000f\u0002\u0011\t\u0011)A\u0005}!A\u0001\n\u0001BC\u0002\u0013E\u0011\n\u0003\u0005Q\u0001\t\u0005\t\u0015!\u0003K\u0011\u0015\t\u0006\u0001\"\u0001S\u0011\u0015\t\u0006\u0001\"\u0001W\u0011\u001dy\u0006A1A\u0005\u0002\u0001Da\u0001\u001c\u0001!\u0002\u0013\t\u0007bB7\u0001\u0005\u0004%\t\u0001\u0019\u0005\u0007]\u0002\u0001\u000b\u0011B1\t\u000f=\u0004!\u0019!C\u0001A\"1\u0001\u000f\u0001Q\u0001\n\u0005Dq!\u001d\u0001C\u0002\u0013\u0005\u0001\r\u0003\u0004s\u0001\u0001\u0006I!\u0019\u0005\bg\u0002\u0011\r\u0011\"\u0001a\u0011\u0019!\b\u0001)A\u0005C\"9Q\u000f\u0001b\u0001\n\u00031\bB\u0002>\u0001A\u0003%q\u000fC\u0004|\u0001\t\u0007I\u0011\u00011\t\rq\u0004\u0001\u0015!\u0003b\u0011\u001di\bA1A\u0005\u0002\u0001DaA \u0001!\u0002\u0013\t\u0007\u0002C@\u0001\u0005\u0004%\t!!\u0001\t\u0011\u0005%\u0001\u0001)A\u0005\u0003\u0007A\u0011\"a\u0003\u0001\u0005\u0004%\t!!\u0001\t\u0011\u00055\u0001\u0001)A\u0005\u0003\u0007A!\"a\u0004\u0001\u0011\u000b\u0007I\u0011BA\t\u0011\u001d\t9\u0003\u0001C\u0005\u0003SAq!a\u000b\u0001\t#\ti\u0003C\u0004\u0002H\u0001!\t\"!\u0013\t\u000f\u0005]\u0003\u0001\"\u0005\u0002Z!9\u00111\r\u0001\u0005\u0002\u0005\u0015\u0004bBA7\u0001\u0011\u0005\u0013q\u000e\u0005\b\u0003\u000b\u0003A\u0011IAD\u0011\u001d\ti\t\u0001C\u0005\u0003\u001fCq!!$\u0001\t\u0013\t)\u000bC\u0004\u00020\u0002!\t%!-\t\u000f\u0005]\u0007\u0001\"\u0011\u0002Z\n92i\u001c8gS\u001e\u001c6\u000bT#oO&tW\r\u0015:pm&$WM\u001d\u0006\u0003S)\n1\u0001^2q\u0015\tYC&\u0001\u0004beR,'/\u001f\u0006\u0003[9\naA]3n_R,'\"A\u0018\u0002\t\u0005\\7.Y\u0002\u0001'\r\u0001!\u0007\u000f\t\u0003gYj\u0011\u0001\u000e\u0006\u0002k\u0005)1oY1mC&\u0011q\u0007\u000e\u0002\u0007\u0003:L(+\u001a4\u0011\u0005eRT\"\u0001\u0015\n\u0005mB#!E*T\u0019\u0016sw-\u001b8f!J|g/\u001b3fe\u000611m\u001c8gS\u001e,\u0012A\u0010\t\u0003\u007f\u0015k\u0011\u0001\u0011\u0006\u0003y\u0005S!AQ\"\u0002\u0011QL\b/Z:bM\u0016T\u0011\u0001R\u0001\u0004G>l\u0017B\u0001$A\u0005\u0019\u0019uN\u001c4jO\u000691m\u001c8gS\u001e\u0004\u0013a\u00017pOV\t!\n\u0005\u0002L\u001d6\tAJ\u0003\u0002N]\u0005)QM^3oi&\u0011q\n\u0014\u0002\u0015\u001b\u0006\u00148.\u001a:M_\u001e<\u0017N\\4BI\u0006\u0004H/\u001a:\u0002\t1|w\rI\u0001\u0007y%t\u0017\u000e\u001e \u0015\u0007M#V\u000b\u0005\u0002:\u0001!)A(\u0002a\u0001}!)\u0001*\u0002a\u0001\u0015R\u00111k\u0016\u0005\u00061\u001a\u0001\r!W\u0001\u0007gf\u001cH/Z7\u0011\u0005ikV\"A.\u000b\u0005qs\u0013!B1di>\u0014\u0018B\u00010\\\u0005-\t5\r^8s'f\u001cH/Z7\u0002\u0017M\u001bFjS3z'R|'/Z\u000b\u0002CB\u0011!-\u001b\b\u0003G\u001e\u0004\"\u0001\u001a\u001b\u000e\u0003\u0015T!A\u001a\u0019\u0002\rq\u0012xn\u001c;?\u0013\tAG'\u0001\u0004Qe\u0016$WMZ\u0005\u0003U.\u0014aa\u0015;sS:<'B\u000155\u00031\u00196\u000bT&fsN#xN]3!\u00035\u00196\u000b\u0014+skN$8\u000b^8sK\u0006q1k\u0015'UeV\u001cHo\u0015;pe\u0016\u0004\u0013aE*T\u0019.+\u0017p\u0015;pe\u0016\u0004\u0016m]:x_J$\u0017\u0001F*T\u0019.+\u0017p\u0015;pe\u0016\u0004\u0016m]:x_J$\u0007%\u0001\bT'2[U-\u001f)bgN<xN\u001d3\u0002\u001fM\u001bFjS3z!\u0006\u001c8o^8sI\u0002\nQcU*M)J,8\u000f^*u_J,\u0007+Y:to>\u0014H-\u0001\fT'2#&/^:u'R|'/\u001a)bgN<xN\u001d3!\u0003Q\u00196\u000bT#oC\ndW\rZ!mO>\u0014\u0018\u000e\u001e5ngV\tq\u000fE\u0002cq\u0006L!!_6\u0003\u0007M+G/A\u000bT'2+e.\u00192mK\u0012\fEnZ8sSRDWn\u001d\u0011\u0002\u0017M\u001bF\n\u0015:pi>\u001cw\u000e\\\u0001\r'Nc\u0005K]8u_\u000e|G\u000eI\u0001\u0019'Nc%+\u00198e_6tU/\u001c2fe\u001e+g.\u001a:bi>\u0014\u0018!G*T\u0019J\u000bg\u000eZ8n\u001dVl'-\u001a:HK:,'/\u0019;pe\u0002\nadU*M%\u0016\fX/\u001b:f\u001bV$X/\u00197BkRDWM\u001c;jG\u0006$\u0018n\u001c8\u0016\u0005\u0005\r\u0001cA\u001a\u0002\u0006%\u0019\u0011q\u0001\u001b\u0003\u000f\t{w\u000e\\3b]\u0006y2k\u0015'SKF,\u0018N]3NkR,\u0018\r\\!vi\",g\u000e^5dCRLwN\u001c\u0011\u0002)!{7\u000f\u001e8b[\u00164VM]5gS\u000e\fG/[8o\u0003UAun\u001d;oC6,g+\u001a:jM&\u001c\u0017\r^5p]\u0002\n!b]:m\u0007>tG/\u001a=u+\t\t\u0019\u0002\u0005\u0003\u0002\u0016\u0005\rRBAA\f\u0015\u0011\tI\"a\u0007\u0002\u0007M\u001cHN\u0003\u0003\u0002\u001e\u0005}\u0011a\u00018fi*\u0011\u0011\u0011E\u0001\u0006U\u00064\u0018\r_\u0005\u0005\u0003K\t9B\u0001\u0006T'2\u001buN\u001c;fqR\f\u0001cY8ogR\u0014Xo\u0019;D_:$X\r\u001f;\u0015\u0005\u0005M\u0011\u0001\u00047pC\u0012\\U-_:u_J,GCBA\u0018\u0003\u007f\t\u0019\u0005\u0005\u0003\u00022\u0005mRBAA\u001a\u0015\u0011\t)$a\u000e\u0002\u0011M,7-\u001e:jifT!!!\u000f\u0002\t)\fg/Y\u0005\u0005\u0003{\t\u0019D\u0001\u0005LKf\u001cFo\u001c:f\u0011\u0019\t\t%\ba\u0001C\u0006Aa-\u001b7f]\u0006lW\r\u0003\u0004\u0002Fu\u0001\r!Y\u0001\ta\u0006\u001c8o^8sI\u0006Y1.Z=NC:\fw-\u001a:t+\t\tY\u0005E\u00034\u0003\u001b\n\t&C\u0002\u0002PQ\u0012Q!\u0011:sCf\u0004B!!\u0006\u0002T%!\u0011QKA\f\u0005)YU-_'b]\u0006<WM]\u0001\u000eiJ,8\u000f^'b]\u0006<WM]:\u0016\u0005\u0005m\u0003#B\u001a\u0002N\u0005u\u0003\u0003BA\u000b\u0003?JA!!\u0019\u0002\u0018\taAK];ti6\u000bg.Y4fe\u0006\u00112M]3bi\u0016\u001cVmY;sKJ\u000bg\u000eZ8n)\t\t9\u0007\u0005\u0003\u00022\u0005%\u0014\u0002BA6\u0003g\u0011AbU3dkJ,'+\u00198e_6\fQc\u0019:fCR,7+\u001a:wKJ\u001c6\u000bT#oO&tW\r\u0006\u0004\u0002r\u0005]\u00141\u0010\t\u0005\u0003+\t\u0019(\u0003\u0003\u0002v\u0005]!!C*T\u0019\u0016sw-\u001b8f\u0011\u0019\tI(\ta\u0001C\u0006A\u0001n\\:u]\u0006lW\rC\u0004\u0002~\u0005\u0002\r!a \u0002\tA|'\u000f\u001e\t\u0004g\u0005\u0005\u0015bAABi\t\u0019\u0011J\u001c;\u0002+\r\u0014X-\u0019;f\u00072LWM\u001c;T'2+enZ5oKR1\u0011\u0011OAE\u0003\u0017Ca!!\u001f#\u0001\u0004\t\u0007bBA?E\u0001\u0007\u0011qP\u0001\u0010GJ,\u0017\r^3T'2+enZ5oKRA\u0011\u0011OAI\u0003C\u000b\u0019\u000bC\u0004\u0002\u0014\u000e\u0002\r!!&\u0002\tI|G.\u001a\t\u0005\u0003/\u000bi*\u0004\u0002\u0002\u001a*\u0019\u00111\u0014\u0018\u0002\rM$(/Z1n\u0013\u0011\ty*!'\u0003\u000fQc5KU8mK\"1\u0011\u0011P\u0012A\u0002\u0005Dq!! $\u0001\u0004\ty\b\u0006\u0006\u0002r\u0005\u001d\u0016\u0011VAV\u0003[Cq!a\u0004%\u0001\u0004\t\u0019\u0002C\u0004\u0002\u0014\u0012\u0002\r!!&\t\r\u0005eD\u00051\u0001b\u0011\u001d\ti\b\na\u0001\u0003\u007f\n1C^3sS\u001aL8\t\\5f]R\u001cVm]:j_:$b!a-\u0002L\u00065\u0007#B\u001a\u00026\u0006e\u0016bAA\\i\t1q\n\u001d;j_:\u0004B!a/\u0002F:!\u0011QXAa\u001d\r!\u0017qX\u0005\u0002k%\u0019\u00111\u0019\u001b\u0002\u000fA\f7m[1hK&!\u0011qYAe\u0005%!\u0006N]8xC\ndWMC\u0002\u0002DRBa!!\u001f&\u0001\u0004\t\u0007bBAhK\u0001\u0007\u0011\u0011[\u0001\bg\u0016\u001c8/[8o!\u0011\t)\"a5\n\t\u0005U\u0017q\u0003\u0002\u000b'Nc5+Z:tS>t\u0017a\u0005<fe&4\u0017pU3sm\u0016\u00148+Z:tS>tGCBAZ\u00037\fi\u000e\u0003\u0004\u0002z\u0019\u0002\r!\u0019\u0005\b\u0003\u001f4\u0003\u0019AAiQ\r\u0001\u0011\u0011\u001d\t\u0005\u0003G\fI/\u0004\u0002\u0002f*\u0019\u0011q\u001d\u0018\u0002\u0015\u0005tgn\u001c;bi&|g.\u0003\u0003\u0002l\u0006\u0015(\u0001D!qS6\u000b\u0017p\u00115b]\u001e,\u0007")
/* loaded from: input_file:BOOT-INF/lib/akka-remote_2.12-2.5.32.jar:akka/remote/artery/tcp/ConfigSSLEngineProvider.class */
public class ConfigSSLEngineProvider implements SSLEngineProvider {
    private SSLContext sslContext;
    private final Config config;
    private final MarkerLoggingAdapter log;
    private final String SSLKeyStore;
    private final String SSLTrustStore;
    private final String SSLKeyStorePassword;
    private final String SSLKeyPassword;
    private final String SSLTrustStorePassword;
    private final Set<String> SSLEnabledAlgorithms;
    private final String SSLProtocol;
    private final String SSLRandomNumberGenerator;
    private final boolean SSLRequireMutualAuthentication;
    private final boolean HostnameVerification;
    private volatile boolean bitmap$0;

    public Config config() {
        return this.config;
    }

    public MarkerLoggingAdapter log() {
        return this.log;
    }

    public String SSLKeyStore() {
        return this.SSLKeyStore;
    }

    public String SSLTrustStore() {
        return this.SSLTrustStore;
    }

    public String SSLKeyStorePassword() {
        return this.SSLKeyStorePassword;
    }

    public String SSLKeyPassword() {
        return this.SSLKeyPassword;
    }

    public String SSLTrustStorePassword() {
        return this.SSLTrustStorePassword;
    }

    public Set<String> SSLEnabledAlgorithms() {
        return this.SSLEnabledAlgorithms;
    }

    public String SSLProtocol() {
        return this.SSLProtocol;
    }

    public String SSLRandomNumberGenerator() {
        return this.SSLRandomNumberGenerator;
    }

    public boolean SSLRequireMutualAuthentication() {
        return this.SSLRequireMutualAuthentication;
    }

    public boolean HostnameVerification() {
        return this.HostnameVerification;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8, types: [akka.remote.artery.tcp.ConfigSSLEngineProvider] */
    private SSLContext sslContext$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                if (HostnameVerification()) {
                    log().debug("TLS/SSL hostname verification is enabled.");
                } else {
                    log().warning(LogMarker$.MODULE$.Security(), "TLS/SSL hostname verification is disabled. Please configure akka.remote.artery.ssl.config-ssl-engine.hostname-verification=on and ensure the X.509 certificate on the host is correct to remove this warning. See Akka reference documentation for more information.");
                }
                this.sslContext = constructContext();
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        return this.sslContext;
    }

    private SSLContext sslContext() {
        return !this.bitmap$0 ? sslContext$lzycompute() : this.sslContext;
    }

    private SSLContext constructContext() {
        try {
            SecureRandom createSecureRandom = createSecureRandom();
            SSLContext sSLContext = SSLContext.getInstance(SSLProtocol());
            sSLContext.init(keyManagers(), trustManagers(), createSecureRandom);
            return sSLContext;
        } catch (FileNotFoundException e) {
            throw new SslTransportException("Server SSL connection could not be established because key store could not be loaded", e);
        } catch (IOException e2) {
            throw new SslTransportException(new StringBuilder(56).append("Server SSL connection could not be established because: ").append(e2.getMessage()).toString(), e2);
        } catch (GeneralSecurityException e3) {
            throw new SslTransportException("Server SSL connection could not be established because SSL context could not be constructed", e3);
        }
    }

    public KeyStore loadKeystore(String str, String str2) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        try {
            keyStore.load(newInputStream, str2.toCharArray());
            return keyStore;
        } finally {
            Try$.MODULE$.apply(() -> {
                newInputStream.close();
            });
        }
    }

    public KeyManager[] keyManagers() {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(loadKeystore(SSLKeyStore(), SSLKeyStorePassword()), SSLKeyPassword().toCharArray());
        return keyManagerFactory.getKeyManagers();
    }

    public TrustManager[] trustManagers() {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(loadKeystore(SSLTrustStore(), SSLTrustStorePassword()));
        return trustManagerFactory.getTrustManagers();
    }

    public SecureRandom createSecureRandom() {
        return SecureRandomFactory$.MODULE$.createSecureRandom(SSLRandomNumberGenerator(), log());
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public SSLEngine createServerSSLEngine(String str, int i) {
        return createSSLEngine(Server$.MODULE$, str, i);
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public SSLEngine createClientSSLEngine(String str, int i) {
        return createSSLEngine(Client$.MODULE$, str, i);
    }

    private SSLEngine createSSLEngine(TLSRole tLSRole, String str, int i) {
        return createSSLEngine(sslContext(), tLSRole, str, i);
    }

    private SSLEngine createSSLEngine(SSLContext sSLContext, TLSRole tLSRole, String str, int i) {
        SSLEngine createSSLEngine = sSLContext.createSSLEngine(str, i);
        if (HostnameVerification()) {
            SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
            defaultSSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            createSSLEngine.setSSLParameters(defaultSSLParameters);
        }
        Client$ client$ = Client$.MODULE$;
        createSSLEngine.setUseClientMode(tLSRole != null ? tLSRole.equals(client$) : client$ == null);
        createSSLEngine.setEnabledCipherSuites((String[]) SSLEnabledAlgorithms().toArray(ClassTag$.MODULE$.apply(String.class)));
        createSSLEngine.setEnabledProtocols(new String[]{SSLProtocol()});
        Client$ client$2 = Client$.MODULE$;
        if (tLSRole != null ? !tLSRole.equals(client$2) : client$2 != null) {
            if (SSLRequireMutualAuthentication()) {
                createSSLEngine.setNeedClientAuth(true);
            }
        }
        return createSSLEngine;
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public Option<Throwable> verifyClientSession(String str, SSLSession sSLSession) {
        return None$.MODULE$;
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public Option<Throwable> verifyServerSession(String str, SSLSession sSLSession) {
        return None$.MODULE$;
    }

    public ConfigSSLEngineProvider(Config config, MarkerLoggingAdapter markerLoggingAdapter) {
        this.config = config;
        this.log = markerLoggingAdapter;
        this.SSLKeyStore = config.getString("key-store");
        this.SSLTrustStore = config.getString("trust-store");
        this.SSLKeyStorePassword = config.getString("key-store-password");
        this.SSLKeyPassword = config.getString("key-password");
        this.SSLTrustStorePassword = config.getString("trust-store-password");
        this.SSLEnabledAlgorithms = (Set) Util$.MODULE$.immutableSeq((Iterable) config.getStringList("enabled-algorithms")).to(package$.MODULE$.genericCompanionToCBF(Predef$.MODULE$.Set()));
        this.SSLProtocol = config.getString("protocol");
        this.SSLRandomNumberGenerator = config.getString("random-number-generator");
        this.SSLRequireMutualAuthentication = config.getBoolean("require-mutual-authentication");
        this.HostnameVerification = config.getBoolean("hostname-verification");
    }

    public ConfigSSLEngineProvider(ActorSystem actorSystem) {
        this(actorSystem.settings().config().getConfig("akka.remote.artery.ssl.config-ssl-engine"), Logging$.MODULE$.withMarker(actorSystem, (ActorSystem) ConfigSSLEngineProvider.class.getName(), (LogSource<ActorSystem>) LogSource$.MODULE$.fromString()));
    }
}
