package akka.remote.artery.tcp;

import akka.actor.ActorSystem;
import akka.annotation.ApiMayChange;
import akka.event.LogMarker$;
import akka.event.LogSource;
import akka.event.LogSource$;
import akka.event.Logging$;
import akka.event.MarkerLoggingAdapter;
import akka.japi.Util$;
import akka.stream.Client$;
import akka.stream.IgnoreComplete$;
import akka.stream.Server$;
import akka.stream.TLSClosing;
import akka.stream.TLSRole;
import com.typesafe.config.Config;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.eclipse.ditto.model.connectivity.Connection;
import scala.None$;
import scala.Option;
import scala.collection.immutable.Set;
import scala.collection.immutable.Set$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.util.Try$;

/* compiled from: SSLEngineProvider.scala */
@ApiMayChange
@ScalaSignature(bytes = "\u0006\u0001\t=a\u0001B\u0001\u0003\u0001-\u0011qcQ8oM&<7k\u0015'F]\u001eLg.\u001a)s_ZLG-\u001a:\u000b\u0005\r!\u0011a\u0001;da*\u0011QAB\u0001\u0007CJ$XM]=\u000b\u0005\u001dA\u0011A\u0002:f[>$XMC\u0001\n\u0003\u0011\t7n[1\u0004\u0001M\u0019\u0001\u0001\u0004\n\u0011\u00055\u0001R\"\u0001\b\u000b\u0003=\tQa]2bY\u0006L!!\u0005\b\u0003\r\u0005s\u0017PU3g!\t\u0019B#D\u0001\u0003\u0013\t)\"AA\tT'2+enZ5oKB\u0013xN^5eKJD\u0001b\u0006\u0001\u0003\u0006\u0004%\t\u0002G\u0001\u0007G>tg-[4\u0016\u0003e\u0001\"A\u0007\u0011\u000e\u0003mQ!a\u0006\u000f\u000b\u0005uq\u0012\u0001\u0003;za\u0016\u001c\u0018MZ3\u000b\u0003}\t1aY8n\u0013\t\t3D\u0001\u0004D_:4\u0017n\u001a\u0005\tG\u0001\u0011\t\u0011)A\u00053\u000591m\u001c8gS\u001e\u0004\u0003\u0002C\u0013\u0001\u0005\u000b\u0007I\u0011\u0003\u0014\u0002\u00071|w-F\u0001(!\tA3&D\u0001*\u0015\tQ\u0003\"A\u0003fm\u0016tG/\u0003\u0002-S\t!R*\u0019:lKJdunZ4j]\u001e\fE-\u00199uKJD\u0001B\f\u0001\u0003\u0002\u0003\u0006IaJ\u0001\u0005Y><\u0007\u0005C\u00031\u0001\u0011\u0005\u0011'\u0001\u0004=S:LGO\u0010\u000b\u0004eM\"\u0004CA\n\u0001\u0011\u00159r\u00061\u0001\u001a\u0011\u0015)s\u00061\u0001(\u0011\u0015\u0001\u0004\u0001\"\u00017)\t\u0011t\u0007C\u00039k\u0001\u0007\u0011(\u0001\u0004tsN$X-\u001c\t\u0003uuj\u0011a\u000f\u0006\u0003y!\tQ!Y2u_JL!AP\u001e\u0003\u0017\u0005\u001bGo\u001c:TsN$X-\u001c\u0005\b\u0001\u0002\u0011\r\u0011\"\u0001B\u0003-\u00196\u000bT&fsN#xN]3\u0016\u0003\t\u0003\"a\u0011&\u000f\u0005\u0011C\u0005CA#\u000f\u001b\u00051%BA$\u000b\u0003\u0019a$o\\8u}%\u0011\u0011JD\u0001\u0007!J,G-\u001a4\n\u0005-c%AB*ue&twM\u0003\u0002J\u001d!1a\n\u0001Q\u0001\n\t\u000bAbU*M\u0017\u0016L8\u000b^8sK\u0002Bq\u0001\u0015\u0001C\u0002\u0013\u0005\u0011)A\u0007T'2#&/^:u'R|'/\u001a\u0005\u0007%\u0002\u0001\u000b\u0011\u0002\"\u0002\u001dM\u001bF\n\u0016:vgR\u001cFo\u001c:fA!9A\u000b\u0001b\u0001\n\u0003\t\u0015aE*T\u0019.+\u0017p\u0015;pe\u0016\u0004\u0016m]:x_J$\u0007B\u0002,\u0001A\u0003%!)\u0001\u000bT'2[U-_*u_J,\u0007+Y:to>\u0014H\r\t\u0005\b1\u0002\u0011\r\u0011\"\u0001B\u00039\u00196\u000bT&fsB\u000b7o]<pe\u0012DaA\u0017\u0001!\u0002\u0013\u0011\u0015aD*T\u0019.+\u0017\u0010U1tg^|'\u000f\u001a\u0011\t\u000fq\u0003!\u0019!C\u0001\u0003\u0006)2k\u0015'UeV\u001cHo\u0015;pe\u0016\u0004\u0016m]:x_J$\u0007B\u00020\u0001A\u0003%!)\u0001\fT'2#&/^:u'R|'/\u001a)bgN<xN\u001d3!\u0011\u001d\u0001\u0007A1A\u0005\u0002\u0005\fAcU*M\u000b:\f'\r\\3e\u00032<wN]5uQ6\u001cX#\u00012\u0011\u0007\r\u001b')\u0003\u0002e\u0019\n\u00191+\u001a;\t\r\u0019\u0004\u0001\u0015!\u0003c\u0003U\u00196\u000bT#oC\ndW\rZ!mO>\u0014\u0018\u000e\u001e5ng\u0002Bq\u0001\u001b\u0001C\u0002\u0013\u0005\u0011)A\u0006T'2\u0003&o\u001c;pG>d\u0007B\u00026\u0001A\u0003%!)\u0001\u0007T'2\u0003&o\u001c;pG>d\u0007\u0005C\u0004m\u0001\t\u0007I\u0011A!\u00021M\u001bFJU1oI>lg*^7cKJ<UM\\3sCR|'\u000f\u0003\u0004o\u0001\u0001\u0006IAQ\u0001\u001a'Nc%+\u00198e_6tU/\u001c2fe\u001e+g.\u001a:bi>\u0014\b\u0005C\u0004q\u0001\t\u0007I\u0011A9\u0002=M\u001bFJU3rk&\u0014X-T;uk\u0006d\u0017)\u001e;iK:$\u0018nY1uS>tW#\u0001:\u0011\u00055\u0019\u0018B\u0001;\u000f\u0005\u001d\u0011un\u001c7fC:DaA\u001e\u0001!\u0002\u0013\u0011\u0018aH*T\u0019J+\u0017/^5sK6+H/^1m\u0003V$\b.\u001a8uS\u000e\fG/[8oA!9\u0001\u0010\u0001b\u0001\n\u0003\t\u0018\u0001\u0006%pgRt\u0017-\\3WKJLg-[2bi&|g\u000e\u0003\u0004{\u0001\u0001\u0006IA]\u0001\u0016\u0011>\u001cHO\\1nKZ+'/\u001b4jG\u0006$\u0018n\u001c8!\u0011!a\b\u0001#b\u0001\n\u0013i\u0018AC:tY\u000e{g\u000e^3yiV\ta\u0010E\u0002��\u0003\u001bi!!!\u0001\u000b\t\u0005\r\u0011QA\u0001\u0004gNd'\u0002BA\u0004\u0003\u0013\t1A\\3u\u0015\t\tY!A\u0003kCZ\f\u00070\u0003\u0003\u0002\u0010\u0005\u0005!AC*T\u0019\u000e{g\u000e^3yi\"9\u00111\u0003\u0001\u0005\n\u0005U\u0011\u0001E2p]N$(/^2u\u0007>tG/\u001a=u)\u0005q\bbBA\r\u0001\u0011E\u00111D\u0001\rY>\fGmS3zgR|'/\u001a\u000b\u0007\u0003;\ti#!\r\u0011\t\u0005}\u0011\u0011F\u0007\u0003\u0003CQA!a\t\u0002&\u0005A1/Z2ve&$\u0018P\u0003\u0002\u0002(\u0005!!.\u0019<b\u0013\u0011\tY#!\t\u0003\u0011-+\u0017p\u0015;pe\u0016Dq!a\f\u0002\u0018\u0001\u0007!)\u0001\u0005gS2,g.Y7f\u0011\u001d\t\u0019$a\u0006A\u0002\t\u000b\u0001\u0002]1tg^|'\u000f\u001a\u0005\b\u0003o\u0001A\u0011CA\u001d\u0003-YW-_'b]\u0006<WM]:\u0016\u0005\u0005m\u0002#B\u0007\u0002>\u0005\u0005\u0013bAA \u001d\t)\u0011I\u001d:bsB\u0019q0a\u0011\n\t\u0005\u0015\u0013\u0011\u0001\u0002\u000b\u0017\u0016LX*\u00198bO\u0016\u0014\bbBA%\u0001\u0011E\u00111J\u0001\u000eiJ,8\u000f^'b]\u0006<WM]:\u0016\u0005\u00055\u0003#B\u0007\u0002>\u0005=\u0003cA@\u0002R%!\u00111KA\u0001\u00051!&/^:u\u001b\u0006t\u0017mZ3s\u0011\u001d\t9\u0006\u0001C\u0001\u00033\n!c\u0019:fCR,7+Z2ve\u0016\u0014\u0016M\u001c3p[R\u0011\u00111\f\t\u0005\u0003?\ti&\u0003\u0003\u0002`\u0005\u0005\"\u0001D*fGV\u0014XMU1oI>l\u0007bBA2\u0001\u0011\u0005\u0013QM\u0001\u0016GJ,\u0017\r^3TKJ4XM]*T\u0019\u0016sw-\u001b8f)\u0019\t9'!\u001c\u0002rA\u0019q0!\u001b\n\t\u0005-\u0014\u0011\u0001\u0002\n'NcUI\\4j]\u0016Dq!a\u001c\u0002b\u0001\u0007!)\u0001\u0005i_N$h.Y7f\u0011!\t\u0019(!\u0019A\u0002\u0005U\u0014\u0001\u00029peR\u00042!DA<\u0013\r\tIH\u0004\u0002\u0004\u0013:$\bbBA?\u0001\u0011\u0005\u0013qP\u0001\u0016GJ,\u0017\r^3DY&,g\u000e^*T\u0019\u0016sw-\u001b8f)\u0019\t9'!!\u0002\u0004\"9\u0011qNA>\u0001\u0004\u0011\u0005\u0002CA:\u0003w\u0002\r!!\u001e\t\u000f\u0005\u001d\u0005\u0001\"\u0003\u0002\n\u0006y1M]3bi\u0016\u001c6\u000bT#oO&tW\r\u0006\u0005\u0002h\u0005-\u00151TAO\u0011!\ti)!\"A\u0002\u0005=\u0015\u0001\u0002:pY\u0016\u0004B!!%\u0002\u00186\u0011\u00111\u0013\u0006\u0004\u0003+C\u0011AB:ue\u0016\fW.\u0003\u0003\u0002\u001a\u0006M%a\u0002+M'J{G.\u001a\u0005\b\u0003_\n)\t1\u0001C\u0011!\t\u0019(!\"A\u0002\u0005U\u0004bBAD\u0001\u0011%\u0011\u0011\u0015\u000b\r\u0003O\n\u0019+!*\u0002(\u0006%\u00161\u0016\u0005\u0007y\u0006}\u0005\u0019\u0001@\t\u0011\u00055\u0015q\u0014a\u0001\u0003\u001fCq!a\u001c\u0002 \u0002\u0007!\t\u0003\u0005\u0002t\u0005}\u0005\u0019AA;\u0011)\ti+a(\u0011\u0002\u0003\u0007\u0011qV\u0001\bG2|7/\u001b8h!\u0011\t\t*!-\n\t\u0005M\u00161\u0013\u0002\u000b)2\u001b6\t\\8tS:<\u0007bBA\\\u0001\u0011\u0005\u0013\u0011X\u0001\u0014m\u0016\u0014\u0018NZ=DY&,g\u000e^*fgNLwN\u001c\u000b\u0007\u0003w\u000b\u0019.!6\u0011\u000b5\ti,!1\n\u0007\u0005}fB\u0001\u0004PaRLwN\u001c\t\u0005\u0003\u0007\fiM\u0004\u0003\u0002F\u0006%gbA#\u0002H&\tq\"C\u0002\u0002L:\tq\u0001]1dW\u0006<W-\u0003\u0003\u0002P\u0006E'!\u0003+ie><\u0018M\u00197f\u0015\r\tYM\u0004\u0005\b\u0003_\n)\f1\u0001C\u0011!\t9.!.A\u0002\u0005e\u0017aB:fgNLwN\u001c\t\u0004\u007f\u0006m\u0017\u0002BAo\u0003\u0003\u0011!bU*M'\u0016\u001c8/[8o\u0011\u001d\t\t\u000f\u0001C!\u0003G\f1C^3sS\u001aL8+\u001a:wKJ\u001cVm]:j_:$b!a/\u0002f\u0006\u001d\bbBA8\u0003?\u0004\rA\u0011\u0005\t\u0003/\fy\u000e1\u0001\u0002Z\"I\u00111\u001e\u0001\u0012\u0002\u0013%\u0011Q^\u0001\u001aGJ,\u0017\r^3T'2+enZ5oK\u0012\"WMZ1vYR$S'\u0006\u0002\u0002p*\"\u0011qVAyW\t\t\u0019\u0010\u0005\u0003\u0002v\u0006}XBAA|\u0015\u0011\tI0a?\u0002\u0013Ut7\r[3dW\u0016$'bAA\u007f\u001d\u0005Q\u0011M\u001c8pi\u0006$\u0018n\u001c8\n\t\t\u0005\u0011q\u001f\u0002\u0012k:\u001c\u0007.Z2lK\u00124\u0016M]5b]\u000e,\u0007f\u0001\u0001\u0003\u0006A!!q\u0001B\u0006\u001b\t\u0011IAC\u0002\u0002~\"IAA!\u0004\u0003\n\ta\u0011\t]5NCf\u001c\u0005.\u00198hK\u0002")
/* loaded from: input_file:akka/remote/artery/tcp/ConfigSSLEngineProvider.class */
public class ConfigSSLEngineProvider implements SSLEngineProvider {
    private SSLContext sslContext;
    private final Config config;
    private final MarkerLoggingAdapter log;
    private final String SSLKeyStore;
    private final String SSLTrustStore;
    private final String SSLKeyStorePassword;
    private final String SSLKeyPassword;
    private final String SSLTrustStorePassword;
    private final Set<String> SSLEnabledAlgorithms;
    private final String SSLProtocol;
    private final String SSLRandomNumberGenerator;
    private final boolean SSLRequireMutualAuthentication;
    private final boolean HostnameVerification;
    private volatile boolean bitmap$0;

    public Config config() {
        return this.config;
    }

    public MarkerLoggingAdapter log() {
        return this.log;
    }

    public String SSLKeyStore() {
        return this.SSLKeyStore;
    }

    public String SSLTrustStore() {
        return this.SSLTrustStore;
    }

    public String SSLKeyStorePassword() {
        return this.SSLKeyStorePassword;
    }

    public String SSLKeyPassword() {
        return this.SSLKeyPassword;
    }

    public String SSLTrustStorePassword() {
        return this.SSLTrustStorePassword;
    }

    public Set<String> SSLEnabledAlgorithms() {
        return this.SSLEnabledAlgorithms;
    }

    public String SSLProtocol() {
        return this.SSLProtocol;
    }

    public String SSLRandomNumberGenerator() {
        return this.SSLRandomNumberGenerator;
    }

    public boolean SSLRequireMutualAuthentication() {
        return this.SSLRequireMutualAuthentication;
    }

    public boolean HostnameVerification() {
        return this.HostnameVerification;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8, types: [akka.remote.artery.tcp.ConfigSSLEngineProvider] */
    private SSLContext sslContext$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                if (HostnameVerification()) {
                    log().debug("TLS/SSL hostname verification is enabled.");
                } else {
                    log().warning(LogMarker$.MODULE$.Security(), "TLS/SSL hostname verification is disabled. Please configure akka.remote.artery.ssl.config-ssl-engine.hostname-verification=on and ensure the X.509 certificate on the host is correct to remove this warning. See Akka reference documentation for more information.");
                }
                this.sslContext = constructContext();
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        return this.sslContext;
    }

    private SSLContext sslContext() {
        return !this.bitmap$0 ? sslContext$lzycompute() : this.sslContext;
    }

    private SSLContext constructContext() {
        try {
            SecureRandom createSecureRandom = createSecureRandom();
            SSLContext sSLContext = SSLContext.getInstance(SSLProtocol());
            sSLContext.init(keyManagers(), trustManagers(), createSecureRandom);
            return sSLContext;
        } catch (FileNotFoundException e) {
            throw new SslTransportException("Server SSL connection could not be established because key store could not be loaded", e);
        } catch (IOException e2) {
            throw new SslTransportException(new StringBuilder(56).append("Server SSL connection could not be established because: ").append(e2.getMessage()).toString(), e2);
        } catch (GeneralSecurityException e3) {
            throw new SslTransportException("Server SSL connection could not be established because SSL context could not be constructed", e3);
        }
    }

    public KeyStore loadKeystore(String str, String str2) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        try {
            keyStore.load(newInputStream, str2.toCharArray());
            return keyStore;
        } finally {
            Try$.MODULE$.apply(() -> {
                newInputStream.close();
            });
        }
    }

    public KeyManager[] keyManagers() {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(loadKeystore(SSLKeyStore(), SSLKeyStorePassword()), SSLKeyPassword().toCharArray());
        return keyManagerFactory.getKeyManagers();
    }

    public TrustManager[] trustManagers() {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(loadKeystore(SSLTrustStore(), SSLTrustStorePassword()));
        return trustManagerFactory.getTrustManagers();
    }

    public SecureRandom createSecureRandom() {
        return SecureRandomFactory$.MODULE$.createSecureRandom(SSLRandomNumberGenerator(), log());
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public SSLEngine createServerSSLEngine(String str, int i) {
        return createSSLEngine(Server$.MODULE$, str, i);
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public SSLEngine createClientSSLEngine(String str, int i) {
        return createSSLEngine(Client$.MODULE$, str, i);
    }

    private SSLEngine createSSLEngine(TLSRole tLSRole, String str, int i) {
        return createSSLEngine(sslContext(), tLSRole, str, i, createSSLEngine$default$5());
    }

    private SSLEngine createSSLEngine(SSLContext sSLContext, TLSRole tLSRole, String str, int i, TLSClosing tLSClosing) {
        SSLEngine createSSLEngine = sSLContext.createSSLEngine(str, i);
        if (HostnameVerification()) {
            SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
            defaultSSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            createSSLEngine.setSSLParameters(defaultSSLParameters);
        }
        Client$ client$ = Client$.MODULE$;
        createSSLEngine.setUseClientMode(tLSRole != null ? tLSRole.equals(client$) : client$ == null);
        createSSLEngine.setEnabledCipherSuites((String[]) SSLEnabledAlgorithms().toArray(ClassTag$.MODULE$.apply(String.class)));
        createSSLEngine.setEnabledProtocols(new String[]{SSLProtocol()});
        Client$ client$2 = Client$.MODULE$;
        if (tLSRole != null ? !tLSRole.equals(client$2) : client$2 != null) {
            if (SSLRequireMutualAuthentication()) {
                createSSLEngine.setNeedClientAuth(true);
            }
        }
        return createSSLEngine;
    }

    private TLSClosing createSSLEngine$default$5() {
        return IgnoreComplete$.MODULE$;
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public Option<Throwable> verifyClientSession(String str, SSLSession sSLSession) {
        return None$.MODULE$;
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public Option<Throwable> verifyServerSession(String str, SSLSession sSLSession) {
        return None$.MODULE$;
    }

    public ConfigSSLEngineProvider(Config config, MarkerLoggingAdapter markerLoggingAdapter) {
        this.config = config;
        this.log = markerLoggingAdapter;
        this.SSLKeyStore = config.getString("key-store");
        this.SSLTrustStore = config.getString("trust-store");
        this.SSLKeyStorePassword = config.getString("key-store-password");
        this.SSLKeyPassword = config.getString("key-password");
        this.SSLTrustStorePassword = config.getString("trust-store-password");
        this.SSLEnabledAlgorithms = (Set) Util$.MODULE$.immutableSeq((Iterable) config.getStringList("enabled-algorithms")).to(Set$.MODULE$.canBuildFrom());
        this.SSLProtocol = config.getString(Connection.UriRegex.PROTOCOL_REGEX_GROUP);
        this.SSLRandomNumberGenerator = config.getString("random-number-generator");
        this.SSLRequireMutualAuthentication = config.getBoolean("require-mutual-authentication");
        this.HostnameVerification = config.getBoolean("hostname-verification");
    }

    public ConfigSSLEngineProvider(ActorSystem actorSystem) {
        this(actorSystem.settings().config().getConfig("akka.remote.artery.ssl.config-ssl-engine"), Logging$.MODULE$.withMarker(actorSystem, (ActorSystem) ConfigSSLEngineProvider.class.getName(), (LogSource<ActorSystem>) LogSource$.MODULE$.fromString()));
    }
}
