package com.typesafe.sslconfig.pekko;

import com.typesafe.sslconfig.pekko.util.PekkoLoggerFactory;
import com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder;
import com.typesafe.sslconfig.ssl.DefaultHostnameVerifier;
import com.typesafe.sslconfig.ssl.DefaultKeyManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.DefaultTrustManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.DisabledComplainingHostnameVerifier;
import com.typesafe.sslconfig.ssl.KeyManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.NoopHostnameVerifier;
import com.typesafe.sslconfig.ssl.Protocols$;
import com.typesafe.sslconfig.ssl.SSLConfigSettings;
import com.typesafe.sslconfig.ssl.TrustManagerFactoryWrapper;
import com.typesafe.sslconfig.util.LoggerFactory;
import java.util.Collections;
import java.util.function.Function;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import org.apache.pekko.actor.ActorSystem;
import org.apache.pekko.actor.ClassicActorSystemProvider;
import org.apache.pekko.actor.ExtendedActorSystem;
import org.apache.pekko.actor.Extension;
import org.apache.pekko.actor.ExtensionId;
import org.apache.pekko.annotation.InternalApi;
import org.apache.pekko.event.LogSource$;
import org.apache.pekko.event.Logging$;
import org.apache.pekko.event.LoggingAdapter;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.ArrayOps$;
import scala.collection.IterableOnceOps;
import scala.collection.immutable.Seq;
import scala.package$;
import scala.reflect.ClassTag$;
import scala.runtime.ScalaRunTime$;
import scala.util.Try;

/* compiled from: PekkoSSLConfig.scala */
/* loaded from: input_file:com/typesafe/sslconfig/pekko/PekkoSSLConfig.class */
public final class PekkoSSLConfig implements Extension {
    private final ExtendedActorSystem system;
    private final SSLConfigSettings config;
    private final PekkoLoggerFactory mkLogger;
    private final LoggingAdapter log;
    private final HostnameVerifier hostnameVerifier;
    private final DefaultSSLEngineConfigurator sslEngineConfigurator;

    public static Extension apply(ActorSystem actorSystem) {
        return PekkoSSLConfig$.MODULE$.apply(actorSystem);
    }

    /* renamed from: apply, reason: collision with other method in class */
    public static PekkoSSLConfig m0apply(ActorSystem actorSystem) {
        return PekkoSSLConfig$.MODULE$.m4apply(actorSystem);
    }

    public static Extension apply(ClassicActorSystemProvider classicActorSystemProvider) {
        return PekkoSSLConfig$.MODULE$.apply(classicActorSystemProvider);
    }

    public static PekkoSSLConfig createExtension(ExtendedActorSystem extendedActorSystem) {
        return PekkoSSLConfig$.MODULE$.m7createExtension(extendedActorSystem);
    }

    public static SSLConfigSettings defaultSSLConfigSettings(ActorSystem actorSystem) {
        return PekkoSSLConfig$.MODULE$.defaultSSLConfigSettings(actorSystem);
    }

    /* renamed from: get, reason: collision with other method in class */
    public static PekkoSSLConfig m1get(ActorSystem actorSystem) {
        return PekkoSSLConfig$.MODULE$.m5get(actorSystem);
    }

    /* renamed from: get, reason: collision with other method in class */
    public static PekkoSSLConfig m2get(ClassicActorSystemProvider classicActorSystemProvider) {
        return PekkoSSLConfig$.MODULE$.m6get(classicActorSystemProvider);
    }

    public static ExtensionId<? extends Extension> lookup() {
        return PekkoSSLConfig$.MODULE$.lookup();
    }

    public PekkoSSLConfig(ExtendedActorSystem extendedActorSystem, SSLConfigSettings sSLConfigSettings) {
        SSLContext build;
        this.system = extendedActorSystem;
        this.config = sSLConfigSettings;
        this.mkLogger = new PekkoLoggerFactory(extendedActorSystem);
        this.log = Logging$.MODULE$.apply(extendedActorSystem, PekkoSSLConfig.class, LogSource$.MODULE$.fromAnyClass());
        this.log.debug("Initializing PekkoSSLConfig extension...");
        this.hostnameVerifier = buildHostnameVerifier(sSLConfigSettings);
        if (sSLConfigSettings.default()) {
            this.log.info("ssl-config.default is true, using the JDK's default SSLContext");
            build = SSLContext.getDefault();
        } else {
            build = new ConfigSSLContextBuilder(this.mkLogger, sSLConfigSettings, buildKeyManagerFactory(sSLConfigSettings), buildTrustManagerFactory(sSLConfigSettings)).build();
        }
        SSLParameters defaultSSLParameters = build.getDefaultSSLParameters();
        String[] configureProtocols = configureProtocols(defaultSSLParameters.getProtocols(), sSLConfigSettings);
        String[] configureCipherSuites = configureCipherSuites(defaultSSLParameters.getCipherSuites(), sSLConfigSettings);
        looseDisableSNI(defaultSSLParameters);
        this.sslEngineConfigurator = new DefaultSSLEngineConfigurator(sSLConfigSettings, configureProtocols, configureCipherSuites);
    }

    public SSLConfigSettings config() {
        return this.config;
    }

    public PekkoSSLConfig withSettings(SSLConfigSettings sSLConfigSettings) {
        return new PekkoSSLConfig(this.system, sSLConfigSettings);
    }

    public PekkoSSLConfig mapSettings(Function1<SSLConfigSettings, SSLConfigSettings> function1) {
        return new PekkoSSLConfig(this.system, (SSLConfigSettings) function1.apply(config()));
    }

    public PekkoSSLConfig convertSettings(Function<SSLConfigSettings, SSLConfigSettings> function) {
        return new PekkoSSLConfig(this.system, function.apply(config()));
    }

    public HostnameVerifier hostnameVerifier() {
        return this.hostnameVerifier;
    }

    @InternalApi
    public boolean useJvmHostnameVerification() {
        HostnameVerifier hostnameVerifier = hostnameVerifier();
        return (hostnameVerifier instanceof DefaultHostnameVerifier) || (hostnameVerifier instanceof NoopHostnameVerifier);
    }

    public DefaultSSLEngineConfigurator sslEngineConfigurator() {
        return this.sslEngineConfigurator;
    }

    public KeyManagerFactoryWrapper buildKeyManagerFactory(SSLConfigSettings sSLConfigSettings) {
        return new DefaultKeyManagerFactoryWrapper(sSLConfigSettings.keyManagerConfig().algorithm());
    }

    public TrustManagerFactoryWrapper buildTrustManagerFactory(SSLConfigSettings sSLConfigSettings) {
        return new DefaultTrustManagerFactoryWrapper(sSLConfigSettings.trustManagerConfig().algorithm());
    }

    public HostnameVerifier buildHostnameVerifier(SSLConfigSettings sSLConfigSettings) {
        if (sSLConfigSettings != null) {
        }
        Class<DisabledComplainingHostnameVerifier> hostnameVerifierClass = config().loose().disableHostnameVerification() ? DisabledComplainingHostnameVerifier.class : config().hostnameVerifierClass();
        HostnameVerifier hostnameVerifier = (HostnameVerifier) this.system.dynamicAccess().createInstanceFor(hostnameVerifierClass, package$.MODULE$.Nil(), ClassTag$.MODULE$.apply(HostnameVerifier.class)).orElse(() -> {
            return r1.$anonfun$1(r2);
        }).getOrElse(() -> {
            return $anonfun$2(r1);
        });
        this.log.debug("buildHostnameVerifier: created hostname verifier: {}", hostnameVerifier);
        return hostnameVerifier;
    }

    public void validateDefaultTrustManager(SSLConfigSettings sSLConfigSettings) {
        this.log.warning("validateDefaultTrustManager is not doing anything since akka 2.6.19, it was useful only in Java 7 and below");
    }

    public String[] configureProtocols(String[] strArr, SSLConfigSettings sSLConfigSettings) {
        String[] strArr2;
        Some enabledProtocols = sSLConfigSettings.enabledProtocols();
        if (enabledProtocols instanceof Some) {
            Seq seq = (Seq) enabledProtocols.value();
            Object refArrayOps = Predef$.MODULE$.refArrayOps(strArr);
            strArr2 = (String[]) ((IterableOnceOps) seq.filter(str -> {
                return ArrayOps$.MODULE$.contains$extension(refArrayOps, str);
            })).toArray(ClassTag$.MODULE$.apply(String.class));
        } else {
            if (!None$.MODULE$.equals(enabledProtocols)) {
                throw new MatchError(enabledProtocols);
            }
            Object refArrayOps2 = Predef$.MODULE$.refArrayOps(Protocols$.MODULE$.recommendedProtocols());
            ArrayOps$ arrayOps$ = ArrayOps$.MODULE$;
            Object refArrayOps3 = Predef$.MODULE$.refArrayOps(strArr);
            strArr2 = (String[]) arrayOps$.filter$extension(refArrayOps2, str2 -> {
                return ArrayOps$.MODULE$.contains$extension(refArrayOps3, str2);
            });
        }
        return strArr2;
    }

    public String[] configureCipherSuites(String[] strArr, SSLConfigSettings sSLConfigSettings) {
        String[] strArr2;
        Some enabledCipherSuites = sSLConfigSettings.enabledCipherSuites();
        if (enabledCipherSuites instanceof Some) {
            strArr2 = (String[]) ((IterableOnceOps) ((Seq) enabledCipherSuites.value()).filter(str -> {
                return ArrayOps$.MODULE$.contains$extension(Predef$.MODULE$.refArrayOps(strArr), str);
            })).toArray(ClassTag$.MODULE$.apply(String.class));
        } else {
            if (!None$.MODULE$.equals(enabledCipherSuites)) {
                throw new MatchError(enabledCipherSuites);
            }
            strArr2 = strArr;
        }
        return strArr2;
    }

    private void looseDisableSNI(SSLParameters sSLParameters) {
        if (config().loose().disableSNI()) {
            this.log.warning("You are using ssl-config.loose.disableSNI=true! It is strongly discouraged to disable Server Name Indication, as it is crucial to preventing man-in-the-middle attacks.");
            sSLParameters.setServerNames(Collections.emptyList());
            sSLParameters.setSNIMatchers(Collections.emptyList());
        }
    }

    private final Try $anonfun$1(Class cls) {
        return this.system.dynamicAccess().createInstanceFor(cls, (Seq) package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension((Class) Predef$.MODULE$.ArrowAssoc(LoggerFactory.class), this.mkLogger)})), ClassTag$.MODULE$.apply(HostnameVerifier.class));
    }

    private static final HostnameVerifier $anonfun$2(Class cls) {
        throw new Exception(new StringBuilder(46).append("Unable to obtain hostname verifier for class: ").append(cls).toString());
    }
}
