package akka.remote.transport.netty;

import akka.actor.ActorSystem;
import akka.event.LogSource$;
import akka.event.Logging$;
import akka.event.MarkerLoggingAdapter;
import akka.remote.RemoteTransportException;
import akka.remote.artery.tcp.SecureRandomFactory$;
import akka.stream.Client$;
import akka.stream.Server$;
import akka.stream.TLSRole;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import scala.reflect.ClassTag$;
import scala.runtime.BoxedUnit;
import scala.runtime.LazyVals$;
import scala.util.Try$;

/* compiled from: SSLEngineProvider.scala */
/* loaded from: input_file:akka/remote/transport/netty/ConfigSSLEngineProvider.class */
public class ConfigSSLEngineProvider implements SSLEngineProvider {
    public static final long OFFSET$0 = LazyVals$.MODULE$.getOffset(ConfigSSLEngineProvider.class, "0bitmap$1");

    /* renamed from: 0bitmap$1, reason: not valid java name */
    public long f160bitmap$1;
    private final MarkerLoggingAdapter log;
    private final SSLSettings settings;
    private SSLContext sslContext$lzy1;

    public ConfigSSLEngineProvider(MarkerLoggingAdapter markerLoggingAdapter, SSLSettings sSLSettings) {
        this.log = markerLoggingAdapter;
        this.settings = sSLSettings;
    }

    public MarkerLoggingAdapter log() {
        return this.log;
    }

    private SSLSettings settings() {
        return this.settings;
    }

    public ConfigSSLEngineProvider(ActorSystem actorSystem) {
        this(Logging$.MODULE$.withMarker(actorSystem, ConfigSSLEngineProvider.class.getName(), LogSource$.MODULE$.fromString()), new SSLSettings(actorSystem.settings().config().getConfig("akka.remote.classic.netty.ssl.security")));
    }

    /* JADX WARN: Unreachable blocks removed: 5, instructions: 5 */
    private SSLContext sslContext() {
        while (true) {
            long j = LazyVals$.MODULE$.get(this, OFFSET$0);
            long STATE = LazyVals$.MODULE$.STATE(j, 0);
            if (STATE == 3) {
                return this.sslContext$lzy1;
            }
            if (STATE != 0) {
                LazyVals$.MODULE$.wait4Notification(this, OFFSET$0, j, 0);
            } else if (LazyVals$.MODULE$.CAS(this, OFFSET$0, j, 1, 0)) {
                try {
                    SSLContext liftedTree1$1 = liftedTree1$1();
                    this.sslContext$lzy1 = liftedTree1$1;
                    LazyVals$.MODULE$.setFlag(this, OFFSET$0, 3, 0);
                    return liftedTree1$1;
                } catch (Throwable th) {
                    LazyVals$.MODULE$.setFlag(this, OFFSET$0, 0, 0);
                    throw th;
                }
            }
        }
    }

    public KeyStore loadKeystore(String str, String str2) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        try {
            keyStore.load(newInputStream, str2.toCharArray());
            return keyStore;
        } finally {
            Try$.MODULE$.apply(() -> {
                newInputStream.close();
                return BoxedUnit.UNIT;
            });
        }
    }

    public KeyManager[] keyManagers() {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(loadKeystore(settings().SSLKeyStore(), settings().SSLKeyStorePassword()), settings().SSLKeyPassword().toCharArray());
        return keyManagerFactory.getKeyManagers();
    }

    public TrustManager[] trustManagers() {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(loadKeystore(settings().SSLTrustStore(), settings().SSLTrustStorePassword()));
        return trustManagerFactory.getTrustManagers();
    }

    public SecureRandom createSecureRandom() {
        return SecureRandomFactory$.MODULE$.createSecureRandom(settings().SSLRandomNumberGenerator(), log());
    }

    @Override // akka.remote.transport.netty.SSLEngineProvider
    public SSLEngine createServerSSLEngine() {
        return createSSLEngine(Server$.MODULE$);
    }

    @Override // akka.remote.transport.netty.SSLEngineProvider
    public SSLEngine createClientSSLEngine() {
        return createSSLEngine(Client$.MODULE$);
    }

    private SSLEngine createSSLEngine(TLSRole tLSRole) {
        return createSSLEngine(sslContext(), tLSRole);
    }

    private SSLEngine createSSLEngine(SSLContext sSLContext, TLSRole tLSRole) {
        SSLEngine createSSLEngine = sSLContext.createSSLEngine();
        Client$ client$ = Client$.MODULE$;
        createSSLEngine.setUseClientMode(tLSRole != null ? tLSRole.equals(client$) : client$ == null);
        createSSLEngine.setEnabledCipherSuites((String[]) settings().SSLEnabledAlgorithms().toArray(ClassTag$.MODULE$.apply(String.class)));
        createSSLEngine.setEnabledProtocols(new String[]{settings().SSLProtocol()});
        Client$ client$2 = Client$.MODULE$;
        if (tLSRole != null ? !tLSRole.equals(client$2) : client$2 != null) {
            if (settings().SSLRequireMutualAuthentication()) {
                createSSLEngine.setNeedClientAuth(true);
            }
        }
        return createSSLEngine;
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    private final SSLContext liftedTree1$1() {
        try {
            SecureRandom createSecureRandom = createSecureRandom();
            SSLContext sSLContext = SSLContext.getInstance(settings().SSLProtocol());
            sSLContext.init(keyManagers(), trustManagers(), createSecureRandom);
            return sSLContext;
        } catch (FileNotFoundException e) {
            throw new RemoteTransportException("Server SSL connection could not be established because key store could not be loaded", e);
        } catch (IOException e2) {
            throw new RemoteTransportException(new StringBuilder(56).append("Server SSL connection could not be established because: ").append(e2.getMessage()).toString(), e2);
        } catch (GeneralSecurityException e3) {
            throw new RemoteTransportException("Server SSL connection could not be established because SSL context could not be constructed", e3);
        }
    }
}
