package akka.http.scaladsl;

import akka.actor.ActorSystem;
import akka.event.LogSource;
import akka.event.LogSource$;
import akka.event.Logging$;
import akka.event.LoggingAdapter;
import akka.stream.TLSClientAuth$Need$;
import akka.stream.TLSClientAuth$None$;
import akka.stream.TLSClientAuth$Want$;
import com.typesafe.sslconfig.akka.AkkaSSLConfig;
import com.typesafe.sslconfig.akka.util.AkkaLoggerFactory;
import com.typesafe.sslconfig.ssl.ClientAuth;
import com.typesafe.sslconfig.ssl.ClientAuth$Default$;
import com.typesafe.sslconfig.ssl.ClientAuth$Need$;
import com.typesafe.sslconfig.ssl.ClientAuth$None$;
import com.typesafe.sslconfig.ssl.ClientAuth$Want$;
import com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder;
import com.typesafe.sslconfig.ssl.SSLConfigSettings;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.collection.mutable.ArrayOps;
import scala.reflect.ScalaSignature;

/* compiled from: Http.scala */
@ScalaSignature(bytes = "\u0006\u0001\u001d3q!\u0003\u0006\u0011\u0002\u0007\u0005\u0011\u0003C\u0003\u0019\u0001\u0011\u0005\u0011\u0004C\u0003\u001e\u0001\u0019Ea\u0004C\u0003&\u0001\u0019Ea\u0005\u0003\u00043\u0001\u0001&Ia\r\u0005\u0006u\u0001!\t!\u0007\u0005\u0006w\u0001!\t\u0001\u0010\u0005\u0006\u0003\u0002!\tA\u0011\u0005\u0006\t\u0002!\t!\u0012\u0002\u001a\t\u00164\u0017-\u001e7u'Nc5i\u001c8uKb$8I]3bi&|gN\u0003\u0002\f\u0019\u0005A1oY1mC\u0012\u001cHN\u0003\u0002\u000e\u001d\u0005!\u0001\u000e\u001e;q\u0015\u0005y\u0011\u0001B1lW\u0006\u001c\u0001a\u0005\u0002\u0001%A\u00111CF\u0007\u0002))\tQ#A\u0003tG\u0006d\u0017-\u0003\u0002\u0018)\t1\u0011I\\=SK\u001a\fa\u0001J5oSR$C#\u0001\u000e\u0011\u0005MY\u0012B\u0001\u000f\u0015\u0005\u0011)f.\u001b;\u0002\rML8\u000f^3n+\u0005y\u0002C\u0001\u0011$\u001b\u0005\t#B\u0001\u0012\u000f\u0003\u0015\t7\r^8s\u0013\t!\u0013EA\u0006BGR|'oU=ti\u0016l\u0017!C:tY\u000e{gNZ5h+\u00059\u0003C\u0001\u00151\u001b\u0005I#BA\b+\u0015\tYC&A\u0005tg2\u001cwN\u001c4jO*\u0011QFL\u0001\tif\u0004Xm]1gK*\tq&A\u0002d_6L!!M\u0015\u0003\u001b\u0005[7.Y*T\u0019\u000e{gNZ5h\u0003\rawnZ\u000b\u0002iA\u0011Q\u0007O\u0007\u0002m)\u0011qGD\u0001\u0006KZ,g\u000e^\u0005\u0003sY\u0012a\u0002T8hO&tw-\u00113baR,'/A\u0011wC2LG-\u0019;f\u0003:$w+\u0019:o\u0003\n|W\u000f\u001e'p_N,7+\u001a;uS:<7/A\u0010de\u0016\fG/\u001a#fM\u0006,H\u000e^\"mS\u0016tG\u000f\u0013;uaN\u001cuN\u001c;fqR$\u0012!\u0010\t\u0003}}j\u0011AC\u0005\u0003\u0001*\u0011a\u0003\u0013;uaN\u001cuN\u001c8fGRLwN\\\"p]R,\u0007\u0010^\u0001\u0019GJ,\u0017\r^3TKJ4XM\u001d%uiB\u001c8i\u001c8uKb$HCA\u001fD\u0011\u0015)s\u00011\u0001(\u0003a\u0019'/Z1uK\u000ec\u0017.\u001a8u\u0011R$\bo]\"p]R,\u0007\u0010\u001e\u000b\u0003{\u0019CQ!\n\u0005A\u0002\u001d\u0002")
/* loaded from: input_file:akka/http/scaladsl/DefaultSSLContextCreation.class */
public interface DefaultSSLContextCreation {
    ActorSystem system();

    AkkaSSLConfig sslConfig();

    private default LoggingAdapter log() {
        return system().log();
    }

    default void validateAndWarnAboutLooseSettings() {
        if (sslConfig().config().loose().disableHostnameVerification()) {
            log().warning(new StringBuilder(150).append("Detected that Hostname Verification is disabled globally (via ssl-config's akka.ssl-config.loose.disableHostnameVerification) for the Http extension! ").append("This is very dangerous and may expose you to man-in-the-middle attacks. If you are forced to interact with a server that is behaving such that you must disable this setting, please disable it for a given connection instead, by configuring a specific HttpsConnectionContext for use only for the trusted target that hostname verification would have blocked.").toString());
        }
        if (sslConfig().config().loose().disableSNI()) {
            log().warning(new StringBuilder(140).append("Detected that Server Name Indication (SNI) is disabled globally (via ssl-config's akka.ssl-config.loose.disableSNI) for the Http extension! ").append("This is very dangerous and may expose you to man-in-the-middle attacks. If you are forced to interact with a server that is behaving such that you must disable this setting, please disable it for a given connection instead, by configuring a specific HttpsConnectionContext for use only for the trusted target that hostname verification would have blocked.").toString());
        }
    }

    default HttpsConnectionContext createDefaultClientHttpsContext() {
        return createClientHttpsContext(sslConfig());
    }

    default HttpsConnectionContext createServerHttpsContext(AkkaSSLConfig akkaSSLConfig) {
        log().warning("Automatic server-side configuration is not supported yet, will attempt to use client-side settings. Instead it is recommended to construct the Servers HttpsConnectionContext manually (via SSLContext).");
        return createClientHttpsContext(akkaSSLConfig);
    }

    default HttpsConnectionContext createClientHttpsContext(AkkaSSLConfig akkaSSLConfig) {
        SSLContext build;
        Option some;
        SSLConfigSettings config = akkaSSLConfig.config();
        LoggingAdapter apply = Logging$.MODULE$.apply(system(), (ActorSystem) getClass(), (LogSource<ActorSystem>) LogSource$.MODULE$.fromAnyClass());
        AkkaLoggerFactory akkaLoggerFactory = new AkkaLoggerFactory(system());
        if (akkaSSLConfig.config().m3914default()) {
            apply.debug("buildSSLContext: ssl-config.default is true, using default SSLContext");
            akkaSSLConfig.validateDefaultTrustManager(config);
            build = SSLContext.getDefault();
        } else {
            build = new ConfigSSLContextBuilder(akkaLoggerFactory, config, akkaSSLConfig.buildKeyManagerFactory(config), akkaSSLConfig.buildTrustManagerFactory(config)).build();
        }
        SSLContext sSLContext = build;
        SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
        String[] protocols = defaultSSLParameters.getProtocols();
        defaultSSLParameters.setProtocols(akkaSSLConfig.configureProtocols(protocols, config));
        String[] configureCipherSuites = akkaSSLConfig.configureCipherSuites(defaultSSLParameters.getCipherSuites(), config);
        defaultSSLParameters.setCipherSuites(configureCipherSuites);
        ClientAuth clientAuth = config.sslParametersConfig().clientAuth();
        if (ClientAuth$Default$.MODULE$.equals(clientAuth)) {
            some = None$.MODULE$;
        } else if (ClientAuth$Want$.MODULE$.equals(clientAuth)) {
            some = new Some(TLSClientAuth$Want$.MODULE$);
        } else if (ClientAuth$Need$.MODULE$.equals(clientAuth)) {
            some = new Some(TLSClientAuth$Need$.MODULE$);
        } else {
            if (!ClientAuth$None$.MODULE$.equals(clientAuth)) {
                throw new MatchError(clientAuth);
            }
            some = new Some(TLSClientAuth$None$.MODULE$);
        }
        Option option = some;
        if (!akkaSSLConfig.config().loose().disableHostnameVerification()) {
            defaultSSLParameters.setEndpointIdentificationAlgorithm("https");
        }
        return new HttpsConnectionContext(sSLContext, new Some(akkaSSLConfig), new Some(new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(configureCipherSuites)).toList()), new Some(new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(protocols)).toList()), option, new Some(defaultSSLParameters));
    }

    static void $init$(DefaultSSLContextCreation defaultSSLContextCreation) {
    }
}
