package com.typesafe.sslconfig.ssl;

import com.typesafe.sslconfig.ssl.tracing.TracingSSLContext;
import com.typesafe.sslconfig.ssl.tracing.TracingX509ExtendedKeyManager;
import com.typesafe.sslconfig.ssl.tracing.TracingX509ExtendedTrustManager;
import com.typesafe.sslconfig.util.LoggerFactory;
import com.typesafe.sslconfig.util.NoDepsLogger;
import java.io.BufferedInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import javax.crypto.BadPaddingException;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import scala.C$less$colon$less$;
import scala.Option;
import scala.Predef$;
import scala.collection.ArrayOps$;
import scala.collection.IterableOnceOps;
import scala.collection.JavaConverters$;
import scala.collection.immutable.Seq;
import scala.runtime.BooleanRef;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;

/* compiled from: SSLContextBuilder.scala */
/* loaded from: input_file:com/typesafe/sslconfig/ssl/ConfigSSLContextBuilder.class */
public class ConfigSSLContextBuilder implements SSLContextBuilder {
    private final LoggerFactory mkLogger;
    private final SSLConfigSettings info;
    private final KeyManagerFactoryWrapper keyManagerFactory;
    private final TrustManagerFactoryWrapper trustManagerFactory;
    private final NoDepsLogger logger;

    public ConfigSSLContextBuilder(LoggerFactory loggerFactory, SSLConfigSettings sSLConfigSettings, KeyManagerFactoryWrapper keyManagerFactoryWrapper, TrustManagerFactoryWrapper trustManagerFactoryWrapper) {
        this.mkLogger = loggerFactory;
        this.info = sSLConfigSettings;
        this.keyManagerFactory = keyManagerFactoryWrapper;
        this.trustManagerFactory = trustManagerFactoryWrapper;
        this.logger = loggerFactory.apply(getClass());
    }

    public NoDepsLogger logger() {
        return this.logger;
    }

    @Override // com.typesafe.sslconfig.ssl.SSLContextBuilder
    public SSLContext build() {
        SSLContext buildSSLContext = buildSSLContext(this.info.protocol(), this.info.keyManagerConfig().keyStoreConfigs().nonEmpty() ? scala.package$.MODULE$.Seq().apply2((Seq) ScalaRunTime$.MODULE$.wrapRefArray(new CompositeX509KeyManager[]{buildCompositeKeyManager(this.info.keyManagerConfig(), this.info.debug())})) : scala.package$.MODULE$.Nil(), this.info.trustManagerConfig().trustStoreConfigs().nonEmpty() ? scala.package$.MODULE$.Seq().apply2((Seq) ScalaRunTime$.MODULE$.wrapRefArray(new CompositeX509TrustManager[]{buildCompositeTrustManager(this.info.trustManagerConfig(), BoxesRunTime.unboxToBoolean(this.info.checkRevocation().getOrElse(ConfigSSLContextBuilder::$anonfun$1)), certificateRevocationList(this.info), this.info.debug())})) : scala.package$.MODULE$.Nil(), this.info.secureRandom());
        return this.info.debug().enabled() ? new TracingSSLContext(buildSSLContext, this.info.debug(), this.mkLogger) : buildSSLContext;
    }

    public SSLContext buildSSLContext(String str, Seq<KeyManager> seq, Seq<TrustManager> seq2, Option<SecureRandom> option) {
        return new SimpleSSLContextBuilder(str, seq, seq2, option).build();
    }

    public CompositeX509KeyManager buildCompositeKeyManager(KeyManagerConfig keyManagerConfig, SSLDebugConfig sSLDebugConfig) {
        return new CompositeX509KeyManager(this.mkLogger, keyManagerConfig.keyStoreConfigs().map(keyStoreConfig -> {
            return buildKeyManager(keyStoreConfig, sSLDebugConfig);
        }));
    }

    public CompositeX509TrustManager buildCompositeTrustManager(TrustManagerConfig trustManagerConfig, boolean z, Option<Seq<CRL>> option, SSLDebugConfig sSLDebugConfig) {
        return new CompositeX509TrustManager(this.mkLogger, trustManagerConfig.trustStoreConfigs().map(trustStoreConfig -> {
            return buildTrustManager(trustStoreConfig, z, option, sSLDebugConfig);
        }));
    }

    public KeyStoreBuilder keyStoreBuilder(KeyStoreConfig keyStoreConfig) {
        Option<B> map = keyStoreConfig.password().map(str -> {
            return str.toCharArray();
        });
        return (KeyStoreBuilder) keyStoreConfig.filePath().map(str2 -> {
            return keyStoreConfig.isFileOnClasspath() ? fileOnClasspathBuilder(keyStoreConfig.storeType(), str2, map) : fileBuilder(keyStoreConfig.storeType(), str2, map);
        }).getOrElse(() -> {
            return r1.keyStoreBuilder$$anonfun$2(r2);
        });
    }

    public KeyStoreBuilder trustStoreBuilder(TrustStoreConfig trustStoreConfig) {
        return (KeyStoreBuilder) trustStoreConfig.filePath().map(str -> {
            Option<char[]> map = trustStoreConfig.password().map(str -> {
                return str.toCharArray();
            });
            return trustStoreConfig.isFileOnClasspath() ? fileOnClasspathBuilder(trustStoreConfig.storeType(), str, map) : fileBuilder(trustStoreConfig.storeType(), str, map);
        }).getOrElse(() -> {
            return r1.trustStoreBuilder$$anonfun$2(r2);
        });
    }

    public KeyStoreBuilder fileBuilder(String str, String str2, Option<char[]> option) {
        return new FileBasedKeyStoreBuilder(str, str2, option);
    }

    public KeyStoreBuilder fileOnClasspathBuilder(String str, String str2, Option<char[]> option) {
        return new FileOnClasspathBasedKeyStoreBuilder(str, str2, option);
    }

    public KeyStoreBuilder stringBuilder(String str) {
        return new StringBasedKeyStoreBuilder(str);
    }

    public boolean warnOnPKCS12EmptyPasswordBug(KeyStoreConfig keyStoreConfig) {
        return keyStoreConfig.storeType().equalsIgnoreCase("pkcs12") && !keyStoreConfig.password().exists(str -> {
            return !str.isEmpty();
        });
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    public X509KeyManager buildKeyManager(KeyStoreConfig keyStoreConfig, SSLDebugConfig sSLDebugConfig) {
        try {
            KeyStore build = keyStoreBuilder(keyStoreConfig).build();
            if (!validateStoreContainsPrivateKeys(keyStoreConfig, build)) {
                logger().warn("Client authentication is not possible as there are no private keys found in " + keyStoreConfig.filePath());
            }
            KeyManagerFactoryWrapper keyManagerFactoryWrapper = this.keyManagerFactory;
            try {
                keyManagerFactoryWrapper.init(build, (char[]) keyStoreConfig.password().map(str -> {
                    return str.toCharArray();
                }).orNull(C$less$colon$less$.MODULE$.refl()));
                KeyManager[] keyManagers = keyManagerFactoryWrapper.getKeyManagers();
                if (keyManagers == null) {
                    throw new IllegalStateException("Cannot create key manager with configuration " + keyStoreConfig);
                }
                X509ExtendedKeyManager x509ExtendedKeyManager = (X509ExtendedKeyManager) ((KeyManager) ArrayOps$.MODULE$.head$extension(Predef$.MODULE$.refArrayOps(keyManagers)));
                return new TracingX509ExtendedKeyManager(() -> {
                    return buildKeyManager$$anonfun$1(r2);
                }, sSLDebugConfig, this.mkLogger);
            } catch (UnrecoverableKeyException e) {
                logger().error("Unrecoverable key in keystore " + keyStoreConfig);
                throw new IllegalStateException(e);
            }
        } catch (BadPaddingException e2) {
            throw new SecurityException("Mac verify error: invalid password?", e2);
        }
    }

    public Option<Seq<CRL>> certificateRevocationList(SSLConfigSettings sSLConfigSettings) {
        return sSLConfigSettings.revocationLists().map(seq -> {
            return seq.map(url -> {
                return generateCRLFromURL(url);
            });
        });
    }

    public CRL generateCRL(InputStream inputStream) {
        return (X509CRL) CertificateFactory.getInstance("X509").generateCRL(inputStream);
    }

    public CRL generateCRLFromURL(URL url) {
        URLConnection openConnection = url.openConnection();
        openConnection.setDoInput(true);
        openConnection.setUseCaches(false);
        DataInputStream dataInputStream = new DataInputStream(openConnection.getInputStream());
        try {
            return generateCRL(dataInputStream);
        } finally {
            dataInputStream.close();
        }
    }

    public CRL generateCRLFromFile(File file) {
        DataInputStream dataInputStream = new DataInputStream(new BufferedInputStream(Files.newInputStream(file.toPath(), new OpenOption[0])));
        try {
            return generateCRL(dataInputStream);
        } finally {
            dataInputStream.close();
        }
    }

    public CertPathTrustManagerParameters buildTrustManagerParameters(KeyStore keyStore, boolean z, Option<Seq<CRL>> option) {
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.setRevocationEnabled(z);
        option.map(seq -> {
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(JavaConverters$.MODULE$.asJavaCollectionConverter(seq).asJavaCollection())));
        });
        return new CertPathTrustManagerParameters(pKIXBuilderParameters);
    }

    public X509TrustManager buildTrustManager(TrustStoreConfig trustStoreConfig, boolean z, Option<Seq<CRL>> option, SSLDebugConfig sSLDebugConfig) {
        TrustManagerFactoryWrapper trustManagerFactoryWrapper = this.trustManagerFactory;
        trustManagerFactoryWrapper.init(buildTrustManagerParameters(trustStoreBuilder(trustStoreConfig).build(), z, option));
        TrustManager[] trustManagers = trustManagerFactoryWrapper.getTrustManagers();
        if (trustManagers == null) {
            throw new IllegalStateException("Cannot create trust manager with configuration " + trustStoreConfig);
        }
        X509ExtendedTrustManager x509ExtendedTrustManager = (X509ExtendedTrustManager) ((TrustManager) ArrayOps$.MODULE$.head$extension(Predef$.MODULE$.refArrayOps(trustManagers)));
        return new TracingX509ExtendedTrustManager(() -> {
            return buildTrustManager$$anonfun$1(r2);
        }, sSLDebugConfig, this.mkLogger);
    }

    public boolean validateStoreContainsPrivateKeys(KeyStoreConfig keyStoreConfig, KeyStore keyStore) {
        char[] cArr = (char[]) keyStoreConfig.password().map(str -> {
            return str.toCharArray();
        }).orNull(C$less$colon$less$.MODULE$.refl());
        BooleanRef create = BooleanRef.create(false);
        ((IterableOnceOps) JavaConverters$.MODULE$.enumerationAsScalaIteratorConverter(keyStore.aliases()).asScala()).foreach(str2 -> {
            Key key = keyStore.getKey(str2, cArr);
            if (!(key instanceof PrivateKey)) {
                logger().warn("validateStoreContainsPrivateKeys: No private key found for alias " + str2 + ", it cannot be used for client authentication");
            } else {
                logger().debug("validateStoreContainsPrivateKeys: private key found for alias " + str2);
                create.elem = true;
            }
        });
        return create.elem;
    }

    private static final boolean $anonfun$1() {
        return false;
    }

    private static final String $anonfun$7() {
        throw new IllegalStateException("No keystore builder found!");
    }

    private final KeyStoreBuilder keyStoreBuilder$$anonfun$2(KeyStoreConfig keyStoreConfig) {
        return stringBuilder((String) keyStoreConfig.data().getOrElse(ConfigSSLContextBuilder::$anonfun$7));
    }

    private static final String $anonfun$9() {
        throw new IllegalStateException("No truststore builder found!");
    }

    private final KeyStoreBuilder trustStoreBuilder$$anonfun$2(TrustStoreConfig trustStoreConfig) {
        return stringBuilder((String) trustStoreConfig.data().getOrElse(ConfigSSLContextBuilder::$anonfun$9));
    }

    private static final X509ExtendedKeyManager buildKeyManager$$anonfun$1(X509ExtendedKeyManager x509ExtendedKeyManager) {
        return x509ExtendedKeyManager;
    }

    private static final X509ExtendedTrustManager buildTrustManager$$anonfun$1(X509ExtendedTrustManager x509ExtendedTrustManager) {
        return x509ExtendedTrustManager;
    }
}
