package com.typesafe.sslconfig.akka;

import akka.actor.ActorSystem;
import akka.actor.ExtendedActorSystem;
import akka.actor.Extension;
import akka.event.LogSource;
import akka.event.LogSource$;
import akka.event.Logging$;
import akka.event.LoggingAdapter;
import com.typesafe.config.ConfigMergeable;
import com.typesafe.sslconfig.akka.util.AkkaLoggerFactory;
import com.typesafe.sslconfig.ssl.AlgorithmChecker;
import com.typesafe.sslconfig.ssl.AlgorithmConstraintsParser$;
import com.typesafe.sslconfig.ssl.Ciphers$;
import com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder;
import com.typesafe.sslconfig.ssl.DefaultKeyManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.DefaultTrustManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.KeyManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.Protocols$;
import com.typesafe.sslconfig.ssl.SSLConfig;
import com.typesafe.sslconfig.ssl.SSLConfigFactory$;
import com.typesafe.sslconfig.ssl.TrustManagerFactoryWrapper;
import java.security.KeyStore;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.collection.Seq;
import scala.collection.TraversableOnce;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Set;
import scala.collection.mutable.StringBuilder;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;

/* compiled from: AkkaSSLConfig.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005es!B\u0001\u0003\u0011\u0003Y\u0011!D!lW\u0006\u001c6\u000bT\"p]\u001aLwM\u0003\u0002\u0004\t\u0005!\u0011m[6b\u0015\t)a!A\u0005tg2\u001cwN\u001c4jO*\u0011q\u0001C\u0001\tif\u0004Xm]1gK*\t\u0011\"A\u0002d_6\u001c\u0001\u0001\u0005\u0002\r\u001b5\t!AB\u0003\u000f\u0005!\u0005qBA\u0007BW.\f7k\u0015'D_:4\u0017nZ\n\u0006\u001bA1\u0012q\u0006\t\u0003#Qi\u0011A\u0005\u0006\u0002'\u0005)1oY1mC&\u0011QC\u0005\u0002\u0007\u0003:L(+\u001a4\u0011\u0007]YR$D\u0001\u0019\u0015\tI\"$A\u0003bGR|'OC\u0001\u0004\u0013\ta\u0002DA\u0006FqR,gn]5p]&#\u0007C\u0001\u0007\u001f\r\u0011q!AA\u0010\u0014\u0007y\u0001\u0002\u0005\u0005\u0002\u0018C%\u0011!\u0005\u0007\u0002\n\u000bb$XM\\:j_:D\u0001\u0002\n\u0010\u0003\u0002\u0003\u0006I!J\u0001\u0007gf\u001cH/Z7\u0011\u0005]1\u0013BA\u0014\u0019\u0005M)\u0005\u0010^3oI\u0016$\u0017i\u0019;peNK8\u000f^3n\u0011\u0015Ic\u0004\"\u0001+\u0003\u0019a\u0014N\\5u}Q\u0011Qd\u000b\u0005\u0006I!\u0002\r!\n\u0005\b[y\u0011\r\u0011\"\u0003/\u0003!i7\u000eT8hO\u0016\u0014X#A\u0018\u0011\u0005A\u001aT\"A\u0019\u000b\u0005I\u0012\u0011\u0001B;uS2L!\u0001N\u0019\u0003#\u0005[7.\u0019'pO\u001e,'OR1di>\u0014\u0018\u0010\u0003\u00047=\u0001\u0006IaL\u0001\n[.dunZ4fe\u0002Bq\u0001\u000f\u0010C\u0002\u0013%\u0011(A\u0002m_\u001e,\u0012A\u000f\t\u0003wyj\u0011\u0001\u0010\u0006\u0003{i\tQ!\u001a<f]RL!a\u0010\u001f\u0003\u001d1{wmZ5oO\u0006#\u0017\r\u001d;fe\"1\u0011I\bQ\u0001\ni\nA\u0001\\8hA!91I\bb\u0001\n\u0003!\u0015AB2p]\u001aLw-F\u0001F!\t1\u0015*D\u0001H\u0015\tAE!A\u0002tg2L!AS$\u0003\u0013M\u001bFjQ8oM&<\u0007B\u0002'\u001fA\u0003%Q)A\u0004d_:4\u0017n\u001a\u0011\t\u000f9s\"\u0019!C\u0001\u001f\u0006\u0001\u0002n\\:u]\u0006lWMV3sS\u001aLWM]\u000b\u0002!B\u0011\u0011kV\u0007\u0002%*\u0011\u0001j\u0015\u0006\u0003)V\u000b1A\\3u\u0015\u00051\u0016!\u00026bm\u0006D\u0018B\u0001-S\u0005AAun\u001d;oC6,g+\u001a:jM&,'\u000f\u0003\u0004[=\u0001\u0006I\u0001U\u0001\u0012Q>\u001cHO\\1nKZ+'/\u001b4jKJ\u0004\u0003b\u0002/\u001f\u0005\u0004%\t!X\u0001\u0016gNdWI\\4j]\u0016\u001cuN\u001c4jOV\u0014\u0018\r^8s+\u0005q\u0006C\u0001\u0007`\u0013\t\u0001'A\u0001\u000fEK\u001a\fW\u000f\u001c;T'2+enZ5oK\u000e{gNZ5hkJ\fGo\u001c:\t\r\tt\u0002\u0015!\u0003_\u0003Y\u00198\u000f\\#oO&tWmQ8oM&<WO]1u_J\u0004\u0003\"\u00023\u001f\t\u0003)\u0017!\u0003:v]\u000eCWmY6t)\u00051\u0007CA\th\u0013\tA'C\u0001\u0003V]&$\b\"\u00026\u001f\t\u0003Y\u0017A\u00062vS2$7*Z=NC:\fw-\u001a:GC\u000e$xN]=\u0015\u00051|\u0007C\u0001$n\u0013\tqwI\u0001\rLKfl\u0015M\\1hKJ4\u0015m\u0019;pef<&/\u00199qKJDQ\u0001S5A\u0002\u0015CQ!\u001d\u0010\u0005\u0002I\f\u0001DY;jY\u0012$&/^:u\u001b\u0006t\u0017mZ3s\r\u0006\u001cGo\u001c:z)\t\u0019h\u000f\u0005\u0002Gi&\u0011Qo\u0012\u0002\u001b)J,8\u000f^'b]\u0006<WM\u001d$bGR|'/_,sCB\u0004XM\u001d\u0005\u0006\u0011B\u0004\r!\u0012\u0005\u0006qz!\t!_\u0001\u0016EVLG\u000e\u001a%pgRt\u0017-\\3WKJLg-[3s)\t\u0001&\u0010C\u0003|o\u0002\u0007Q)\u0001\u0003d_:4\u0007\"B?\u001f\t\u0003q\u0018a\u0007<bY&$\u0017\r^3EK\u001a\fW\u000f\u001c;UeV\u001cH/T1oC\u001e,'\u000f\u0006\u0002g\u007f\"1\u0011\u0011\u0001?A\u0002\u0015\u000b\u0011b]:m\u0007>tg-[4\t\u000f\u0005\u0015a\u0004\"\u0001\u0002\b\u0005\u00112m\u001c8gS\u001e,(/\u001a)s_R|7m\u001c7t)\u0019\tI!!\b\u0002\"A)\u0011#a\u0003\u0002\u0010%\u0019\u0011Q\u0002\n\u0003\u000b\u0005\u0013(/Y=\u0011\t\u0005E\u0011q\u0003\b\u0004#\u0005M\u0011bAA\u000b%\u00051\u0001K]3eK\u001aLA!!\u0007\u0002\u001c\t11\u000b\u001e:j]\u001eT1!!\u0006\u0013\u0011!\ty\"a\u0001A\u0002\u0005%\u0011!E3ySN$\u0018N\\4Qe>$xnY8mg\"9\u0011\u0011AA\u0002\u0001\u0004)\u0005bBA\u0013=\u0011\u0005\u0011qE\u0001\u0016G>tg-[4ve\u0016\u001c\u0015\u000e\u001d5feN+\u0018\u000e^3t)\u0019\tI!!\u000b\u0002.!A\u00111FA\u0012\u0001\u0004\tI!A\bfq&\u001cH/\u001b8h\u0007&\u0004\b.\u001a:t\u0011\u001d\t\t!a\tA\u0002\u0015\u00032aFA\u0019\u0013\r\t\u0019\u0004\u0007\u0002\u0014\u000bb$XM\\:j_:LE\r\u0015:pm&$WM\u001d\u0005\u0007S5!\t!a\u000e\u0015\u0003-Aq!a\u000f\u000e\t\u0003\ti$A\u0003baBd\u0017\u0010\u0006\u0002\u0002@Q\u0019Q$!\u0011\t\u000f\u0011\nI\u0004q\u0001\u0002DA\u0019q#!\u0012\n\u0007\u0005\u001d\u0003DA\u0006BGR|'oU=ti\u0016l\u0007bBA&\u001b\u0011\u0005\u0013QJ\u0001\u0007Y>|7.\u001e9\u0015\u0005\u0005=cB\u0001\u0007\u0001\u0011\u001d\t\u0019&\u0004C!\u0003+\nqb\u0019:fCR,W\t\u001f;f]NLwN\u001c\u000b\u0004;\u0005]\u0003B\u0002\u0013\u0002R\u0001\u0007Q\u0005")
/* loaded from: input_file:com/typesafe/sslconfig/akka/AkkaSSLConfig.class */
public final class AkkaSSLConfig implements Extension {
    public final ExtendedActorSystem com$typesafe$sslconfig$akka$AkkaSSLConfig$$system;
    private final AkkaLoggerFactory com$typesafe$sslconfig$akka$AkkaSSLConfig$$mkLogger;
    private final LoggingAdapter com$typesafe$sslconfig$akka$AkkaSSLConfig$$log;
    private final SSLConfig config;
    private final HostnameVerifier hostnameVerifier;
    private final DefaultSSLEngineConfigurator sslEngineConfigurator;

    public static Extension get(ActorSystem actorSystem) {
        return AkkaSSLConfig$.MODULE$.get(actorSystem);
    }

    public static AkkaSSLConfig createExtension(ExtendedActorSystem extendedActorSystem) {
        return AkkaSSLConfig$.MODULE$.createExtension(extendedActorSystem);
    }

    public static AkkaSSLConfig$ lookup() {
        return AkkaSSLConfig$.MODULE$.lookup();
    }

    public static AkkaSSLConfig apply(ActorSystem actorSystem) {
        return AkkaSSLConfig$.MODULE$.apply(actorSystem);
    }

    public AkkaLoggerFactory com$typesafe$sslconfig$akka$AkkaSSLConfig$$mkLogger() {
        return this.com$typesafe$sslconfig$akka$AkkaSSLConfig$$mkLogger;
    }

    public LoggingAdapter com$typesafe$sslconfig$akka$AkkaSSLConfig$$log() {
        return this.com$typesafe$sslconfig$akka$AkkaSSLConfig$$log;
    }

    public SSLConfig config() {
        return this.config;
    }

    public HostnameVerifier hostnameVerifier() {
        return this.hostnameVerifier;
    }

    public DefaultSSLEngineConfigurator sslEngineConfigurator() {
        return this.sslEngineConfigurator;
    }

    public void runChecks() {
    }

    public KeyManagerFactoryWrapper buildKeyManagerFactory(SSLConfig sSLConfig) {
        return new DefaultKeyManagerFactoryWrapper(sSLConfig.keyManagerConfig().algorithm());
    }

    public TrustManagerFactoryWrapper buildTrustManagerFactory(SSLConfig sSLConfig) {
        return new DefaultTrustManagerFactoryWrapper(sSLConfig.trustManagerConfig().algorithm());
    }

    public HostnameVerifier buildHostnameVerifier(SSLConfig sSLConfig) {
        Class<? extends HostnameVerifier> hostnameVerifierClass = sSLConfig.hostnameVerifierClass();
        com$typesafe$sslconfig$akka$AkkaSSLConfig$$log().debug("buildHostnameVerifier: enabling hostname verification using {}", hostnameVerifierClass);
        try {
            return hostnameVerifierClass.newInstance();
        } catch (Exception e) {
            throw new IllegalStateException("Cannot configure hostname verifier!", e);
        }
    }

    public void validateDefaultTrustManager(SSLConfig sSLConfig) {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        Predef$.MODULE$.refArrayOps(((X509TrustManager) trustManagerFactory.getTrustManagers()[0]).getAcceptedIssuers()).foreach(new AkkaSSLConfig$$anonfun$validateDefaultTrustManager$1(this, new AlgorithmChecker(com$typesafe$sslconfig$akka$AkkaSSLConfig$$mkLogger(), (Set) Predef$.MODULE$.Set().apply(Nil$.MODULE$), ((TraversableOnce) AlgorithmConstraintsParser$.MODULE$.parseAll(AlgorithmConstraintsParser$.MODULE$.line(), sSLConfig.disabledKeyAlgorithms().mkString(",")).get()).toSet())));
    }

    public String[] configureProtocols(String[] strArr, SSLConfig sSLConfig) {
        String[] strArr2;
        Option<Seq<String>> enabledProtocols = sSLConfig.enabledProtocols();
        if (enabledProtocols instanceof Some) {
            strArr2 = (String[]) ((Seq) ((Some) enabledProtocols).x()).filter(new AkkaSSLConfig$$anonfun$3(this, Predef$.MODULE$.refArrayOps(strArr))).toArray(ClassTag$.MODULE$.apply(String.class));
        } else {
            None$ none$ = None$.MODULE$;
            if (none$ != null ? !none$.equals(enabledProtocols) : enabledProtocols != null) {
                throw new MatchError(enabledProtocols);
            }
            strArr2 = (String[]) Predef$.MODULE$.refArrayOps(Protocols$.MODULE$.recommendedProtocols()).filter(new AkkaSSLConfig$$anonfun$4(this, Predef$.MODULE$.refArrayOps(strArr)));
        }
        String[] strArr3 = strArr2;
        if (!sSLConfig.loose().allowWeakProtocols()) {
            Protocols$.MODULE$.deprecatedProtocols().foreach(new AkkaSSLConfig$$anonfun$configureProtocols$1(this, strArr3));
        }
        return strArr3;
    }

    public String[] configureCipherSuites(String[] strArr, SSLConfig sSLConfig) {
        String[] strArr2;
        Option<Seq<String>> enabledCipherSuites = sSLConfig.enabledCipherSuites();
        if (enabledCipherSuites instanceof Some) {
            strArr2 = (String[]) ((Seq) ((Some) enabledCipherSuites).x()).filter(new AkkaSSLConfig$$anonfun$5(this, strArr)).toArray(ClassTag$.MODULE$.apply(String.class));
        } else {
            None$ none$ = None$.MODULE$;
            if (none$ != null ? !none$.equals(enabledCipherSuites) : enabledCipherSuites != null) {
                throw new MatchError(enabledCipherSuites);
            }
            strArr2 = (String[]) Ciphers$.MODULE$.recommendedCiphers().filter(new AkkaSSLConfig$$anonfun$6(this, strArr)).toArray(ClassTag$.MODULE$.apply(String.class));
        }
        String[] strArr3 = strArr2;
        if (!sSLConfig.loose().allowWeakCiphers()) {
            Ciphers$.MODULE$.deprecatedCiphers().foreach(new AkkaSSLConfig$$anonfun$configureCipherSuites$1(this, strArr3));
        }
        return strArr3;
    }

    public AkkaSSLConfig(ExtendedActorSystem extendedActorSystem) {
        SSLContext build;
        this.com$typesafe$sslconfig$akka$AkkaSSLConfig$$system = extendedActorSystem;
        this.com$typesafe$sslconfig$akka$AkkaSSLConfig$$mkLogger = new AkkaLoggerFactory(extendedActorSystem);
        this.com$typesafe$sslconfig$akka$AkkaSSLConfig$$log = Logging$.MODULE$.apply((ActorSystem) extendedActorSystem, (ExtendedActorSystem) getClass(), (LogSource<ExtendedActorSystem>) LogSource$.MODULE$.fromAnyClass());
        com$typesafe$sslconfig$akka$AkkaSSLConfig$$log().debug("Initializing AkkaSSLConfig extension...");
        this.config = SSLConfigFactory$.MODULE$.parse(extendedActorSystem.settings().config().getConfig("akka.ssl-config").withFallback((ConfigMergeable) extendedActorSystem.settings().config().getConfig("ssl-config")));
        HostnameVerifier hostnameVerifier = (HostnameVerifier) extendedActorSystem.dynamicAccess().createInstanceFor(config().hostnameVerifierClass(), Nil$.MODULE$, ClassTag$.MODULE$.apply(HostnameVerifier.class)).orElse(new AkkaSSLConfig$$anonfun$1(this)).getOrElse(new AkkaSSLConfig$$anonfun$2(this));
        com$typesafe$sslconfig$akka$AkkaSSLConfig$$log().debug(new StringBuilder().append((Object) "hostnameVerifier: ").append(hostnameVerifier).toString());
        this.hostnameVerifier = hostnameVerifier;
        if (config().m3935default()) {
            com$typesafe$sslconfig$akka$AkkaSSLConfig$$log().info("buildSSLContext: ssl-config.default is true, using default SSLContext");
            validateDefaultTrustManager(config());
            build = SSLContext.getDefault();
        } else {
            build = new ConfigSSLContextBuilder(com$typesafe$sslconfig$akka$AkkaSSLConfig$$mkLogger(), config(), buildKeyManagerFactory(config()), buildTrustManagerFactory(config())).build();
        }
        SSLParameters defaultSSLParameters = build.getDefaultSSLParameters();
        this.sslEngineConfigurator = new DefaultSSLEngineConfigurator(config(), configureProtocols(defaultSSLParameters.getProtocols(), config()), configureCipherSuites(defaultSSLParameters.getCipherSuites(), config()));
        runChecks();
    }
}
