package akka.remote.artery.tcp.ssl;

import akka.actor.ActorSystem;
import akka.annotation.ApiMayChange;
import akka.annotation.InternalApi;
import akka.event.LogSource$;
import akka.event.Logging$;
import akka.event.MarkerLoggingAdapter;
import akka.remote.artery.tcp.SSLEngineProvider;
import akka.remote.artery.tcp.SecureRandomFactory$;
import akka.remote.artery.tcp.SslTransportException;
import akka.stream.Client$;
import akka.stream.Server$;
import akka.stream.TLSRole;
import com.typesafe.config.Config;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Product;
import scala.Some;
import scala.Some$;
import scala.Tuple3;
import scala.Tuple3$;
import scala.collection.Iterator;
import scala.concurrent.duration.Deadline;
import scala.reflect.ClassTag$;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;

/* compiled from: RotatingKeysSSLEngineProvider.scala */
@ApiMayChange
/* loaded from: input_file:akka/remote/artery/tcp/ssl/RotatingKeysSSLEngineProvider.class */
public final class RotatingKeysSSLEngineProvider implements SSLEngineProvider {
    private final Config config;
    private final MarkerLoggingAdapter log;
    private final String SSLKeyFile;
    private final String SSLCertFile;
    private final String SSLCACertFile;
    private final SSLEngineConfig sslEngineConfig;
    private final SecureRandom rng;
    private volatile Option<CachedContext> cachedContext;

    /* compiled from: RotatingKeysSSLEngineProvider.scala */
    @InternalApi
    /* loaded from: input_file:akka/remote/artery/tcp/ssl/RotatingKeysSSLEngineProvider$CachedContext.class */
    public static class CachedContext implements Product, Serializable {
        private final ConfiguredContext cached;
        private final Deadline expires;

        public static CachedContext apply(ConfiguredContext configuredContext, Deadline deadline) {
            return RotatingKeysSSLEngineProvider$CachedContext$.MODULE$.apply(configuredContext, deadline);
        }

        public static CachedContext fromProduct(Product product) {
            return RotatingKeysSSLEngineProvider$CachedContext$.MODULE$.m2731fromProduct(product);
        }

        public static CachedContext unapply(CachedContext cachedContext) {
            return RotatingKeysSSLEngineProvider$CachedContext$.MODULE$.unapply(cachedContext);
        }

        public CachedContext(ConfiguredContext configuredContext, Deadline deadline) {
            this.cached = configuredContext;
            this.expires = deadline;
        }

        public /* bridge */ /* synthetic */ Iterator productIterator() {
            return Product.productIterator$(this);
        }

        public /* bridge */ /* synthetic */ Iterator productElementNames() {
            return Product.productElementNames$(this);
        }

        public int hashCode() {
            return ScalaRunTime$.MODULE$._hashCode(this);
        }

        public boolean equals(Object obj) {
            boolean z;
            if (this != obj) {
                if (obj instanceof CachedContext) {
                    CachedContext cachedContext = (CachedContext) obj;
                    ConfiguredContext cached = cached();
                    ConfiguredContext cached2 = cachedContext.cached();
                    if (cached != null ? cached.equals(cached2) : cached2 == null) {
                        Deadline expires = expires();
                        Deadline expires2 = cachedContext.expires();
                        if (expires != null ? expires.equals(expires2) : expires2 == null) {
                            if (cachedContext.canEqual(this)) {
                                z = true;
                            }
                        }
                    }
                    z = false;
                } else {
                    z = false;
                }
                if (!z) {
                    return false;
                }
            }
            return true;
        }

        public String toString() {
            return ScalaRunTime$.MODULE$._toString(this);
        }

        public boolean canEqual(Object obj) {
            return obj instanceof CachedContext;
        }

        public int productArity() {
            return 2;
        }

        public String productPrefix() {
            return "CachedContext";
        }

        public Object productElement(int i) {
            if (0 == i) {
                return _1();
            }
            if (1 == i) {
                return _2();
            }
            throw new IndexOutOfBoundsException(BoxesRunTime.boxToInteger(i).toString());
        }

        public String productElementName(int i) {
            if (0 == i) {
                return "cached";
            }
            if (1 == i) {
                return "expires";
            }
            throw new IndexOutOfBoundsException(BoxesRunTime.boxToInteger(i).toString());
        }

        public ConfiguredContext cached() {
            return this.cached;
        }

        public Deadline expires() {
            return this.expires;
        }

        public CachedContext copy(ConfiguredContext configuredContext, Deadline deadline) {
            return new CachedContext(configuredContext, deadline);
        }

        public ConfiguredContext copy$default$1() {
            return cached();
        }

        public Deadline copy$default$2() {
            return expires();
        }

        public ConfiguredContext _1() {
            return cached();
        }

        public Deadline _2() {
            return expires();
        }
    }

    /* compiled from: RotatingKeysSSLEngineProvider.scala */
    @InternalApi
    /* loaded from: input_file:akka/remote/artery/tcp/ssl/RotatingKeysSSLEngineProvider$ConfiguredContext.class */
    public static class ConfiguredContext implements Product, Serializable {
        private final SSLContext context;
        private final SessionVerifier sessionVerifier;

        public static ConfiguredContext apply(SSLContext sSLContext, SessionVerifier sessionVerifier) {
            return RotatingKeysSSLEngineProvider$ConfiguredContext$.MODULE$.apply(sSLContext, sessionVerifier);
        }

        public static ConfiguredContext fromProduct(Product product) {
            return RotatingKeysSSLEngineProvider$ConfiguredContext$.MODULE$.m2733fromProduct(product);
        }

        public static ConfiguredContext unapply(ConfiguredContext configuredContext) {
            return RotatingKeysSSLEngineProvider$ConfiguredContext$.MODULE$.unapply(configuredContext);
        }

        public ConfiguredContext(SSLContext sSLContext, SessionVerifier sessionVerifier) {
            this.context = sSLContext;
            this.sessionVerifier = sessionVerifier;
        }

        public /* bridge */ /* synthetic */ Iterator productIterator() {
            return Product.productIterator$(this);
        }

        public /* bridge */ /* synthetic */ Iterator productElementNames() {
            return Product.productElementNames$(this);
        }

        public int hashCode() {
            return ScalaRunTime$.MODULE$._hashCode(this);
        }

        public boolean equals(Object obj) {
            boolean z;
            if (this != obj) {
                if (obj instanceof ConfiguredContext) {
                    ConfiguredContext configuredContext = (ConfiguredContext) obj;
                    SSLContext context = context();
                    SSLContext context2 = configuredContext.context();
                    if (context != null ? context.equals(context2) : context2 == null) {
                        SessionVerifier sessionVerifier = sessionVerifier();
                        SessionVerifier sessionVerifier2 = configuredContext.sessionVerifier();
                        if (sessionVerifier != null ? sessionVerifier.equals(sessionVerifier2) : sessionVerifier2 == null) {
                            if (configuredContext.canEqual(this)) {
                                z = true;
                            }
                        }
                    }
                    z = false;
                } else {
                    z = false;
                }
                if (!z) {
                    return false;
                }
            }
            return true;
        }

        public String toString() {
            return ScalaRunTime$.MODULE$._toString(this);
        }

        public boolean canEqual(Object obj) {
            return obj instanceof ConfiguredContext;
        }

        public int productArity() {
            return 2;
        }

        public String productPrefix() {
            return "ConfiguredContext";
        }

        public Object productElement(int i) {
            if (0 == i) {
                return _1();
            }
            if (1 == i) {
                return _2();
            }
            throw new IndexOutOfBoundsException(BoxesRunTime.boxToInteger(i).toString());
        }

        public String productElementName(int i) {
            if (0 == i) {
                return "context";
            }
            if (1 == i) {
                return "sessionVerifier";
            }
            throw new IndexOutOfBoundsException(BoxesRunTime.boxToInteger(i).toString());
        }

        public SSLContext context() {
            return this.context;
        }

        public SessionVerifier sessionVerifier() {
            return this.sessionVerifier;
        }

        public ConfiguredContext copy(SSLContext sSLContext, SessionVerifier sessionVerifier) {
            return new ConfiguredContext(sSLContext, sessionVerifier);
        }

        public SSLContext copy$default$1() {
            return context();
        }

        public SessionVerifier copy$default$2() {
            return sessionVerifier();
        }

        public SSLContext _1() {
            return context();
        }

        public SessionVerifier _2() {
            return sessionVerifier();
        }
    }

    public RotatingKeysSSLEngineProvider(Config config, MarkerLoggingAdapter markerLoggingAdapter) {
        this.config = config;
        this.log = markerLoggingAdapter;
        this.SSLKeyFile = config.getString("key-file");
        this.SSLCertFile = config.getString("cert-file");
        this.SSLCACertFile = config.getString("ca-cert-file");
        this.sslEngineConfig = new SSLEngineConfig(config);
        this.rng = SecureRandomFactory$.MODULE$.createSecureRandom(this.sslEngineConfig.SSLRandomNumberGenerator(), markerLoggingAdapter);
        this.cachedContext = None$.MODULE$;
    }

    public Config config() {
        return this.config;
    }

    public MarkerLoggingAdapter log() {
        return this.log;
    }

    public RotatingKeysSSLEngineProvider(ActorSystem actorSystem) {
        this(actorSystem.settings().config().getConfig("akka.remote.artery.ssl.rotating-keys-engine"), Logging$.MODULE$.withMarker(actorSystem, RotatingKeysSSLEngineProvider.class.getName(), LogSource$.MODULE$.fromString()));
    }

    @InternalApi
    public SSLContext getSSLContext() {
        return getContext().context();
    }

    private ConfiguredContext getContext() {
        CachedContext cachedContext;
        Some some = this.cachedContext;
        if (!(some instanceof Some) || (cachedContext = (CachedContext) some.value()) == null) {
            if (!None$.MODULE$.equals(some)) {
                throw new MatchError(some);
            }
            ConfiguredContext constructContext = constructContext();
            this.cachedContext = Some$.MODULE$.apply(RotatingKeysSSLEngineProvider$CachedContext$.MODULE$.apply(constructContext, this.sslEngineConfig.SSLContextCacheTime().fromNow()));
            return constructContext;
        }
        CachedContext unapply = RotatingKeysSSLEngineProvider$CachedContext$.MODULE$.unapply(cachedContext);
        ConfiguredContext _1 = unapply._1();
        if (!unapply._2().isOverdue()) {
            return _1;
        }
        ConfiguredContext constructContext2 = constructContext();
        this.cachedContext = Some$.MODULE$.apply(RotatingKeysSSLEngineProvider$CachedContext$.MODULE$.apply(constructContext2, this.sslEngineConfig.SSLContextCacheTime().fromNow()));
        return constructContext2;
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private ConfiguredContext constructContext() {
        Tuple3<PrivateKey, X509Certificate, Certificate> readFiles = readFiles();
        if (readFiles == null) {
            throw new MatchError(readFiles);
        }
        Tuple3 apply = Tuple3$.MODULE$.apply((PrivateKey) readFiles._1(), (X509Certificate) readFiles._2(), (Certificate) readFiles._3());
        PrivateKey privateKey = (PrivateKey) apply._1();
        X509Certificate x509Certificate = (X509Certificate) apply._2();
        Certificate certificate = (Certificate) apply._3();
        try {
            KeyManager[] buildKeyManagers = PemManagersProvider$.MODULE$.buildKeyManagers(privateKey, x509Certificate, certificate);
            TrustManager[] buildTrustManagers = PemManagersProvider$.MODULE$.buildTrustManagers(certificate);
            PeerSubjectVerifier peerSubjectVerifier = new PeerSubjectVerifier(x509Certificate);
            SSLContext sSLContext = SSLContext.getInstance(this.sslEngineConfig.SSLProtocol());
            sSLContext.init(buildKeyManagers, buildTrustManagers, this.rng);
            return RotatingKeysSSLEngineProvider$ConfiguredContext$.MODULE$.apply(sSLContext, peerSubjectVerifier);
        } catch (IllegalArgumentException e) {
            throw new SslTransportException(new StringBuilder(56).append("Server SSL connection could not be established because: ").append(e.getMessage()).toString(), e);
        } catch (GeneralSecurityException e2) {
            throw new SslTransportException("Server SSL connection could not be established because SSL context could not be constructed", e2);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private Tuple3<PrivateKey, X509Certificate, Certificate> readFiles() {
        try {
            Certificate loadCertificate = PemManagersProvider$.MODULE$.loadCertificate(this.SSLCACertFile);
            X509Certificate x509Certificate = (X509Certificate) PemManagersProvider$.MODULE$.loadCertificate(this.SSLCertFile);
            return Tuple3$.MODULE$.apply(PemManagersProvider$.MODULE$.loadPrivateKey(this.SSLKeyFile), x509Certificate, loadCertificate);
        } catch (FileNotFoundException e) {
            throw new SslTransportException("Server SSL connection could not be established because a key or cert could not be loaded", e);
        } catch (IOException e2) {
            throw new SslTransportException(new StringBuilder(56).append("Server SSL connection could not be established because: ").append(e2.getMessage()).toString(), e2);
        }
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public SSLEngine createServerSSLEngine(String str, int i) {
        return createSSLEngine(Server$.MODULE$, str, i, getContext().context());
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public SSLEngine createClientSSLEngine(String str, int i) {
        return createSSLEngine(Client$.MODULE$, str, i, getContext().context());
    }

    private SSLEngine createSSLEngine(TLSRole tLSRole, String str, int i, SSLContext sSLContext) {
        SSLEngine createSSLEngine = sSLContext.createSSLEngine(str, i);
        Client$ client$ = Client$.MODULE$;
        createSSLEngine.setUseClientMode(tLSRole != null ? tLSRole.equals(client$) : client$ == null);
        createSSLEngine.setEnabledCipherSuites((String[]) this.sslEngineConfig.SSLEnabledAlgorithms().toArray(ClassTag$.MODULE$.apply(String.class)));
        createSSLEngine.setEnabledProtocols(new String[]{this.sslEngineConfig.SSLProtocol()});
        Client$ client$2 = Client$.MODULE$;
        if (tLSRole != null ? !tLSRole.equals(client$2) : client$2 != null) {
            createSSLEngine.setNeedClientAuth(true);
        }
        return createSSLEngine;
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public Option<Throwable> verifyClientSession(String str, SSLSession sSLSession) {
        return getContext().sessionVerifier().verifyClientSession(str, sSLSession);
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public Option<Throwable> verifyServerSession(String str, SSLSession sSLSession) {
        return getContext().sessionVerifier().verifyServerSession(str, sSLSession);
    }
}
