package akka.http.scaladsl;

import akka.actor.ActorSystem;
import akka.event.LogSource$;
import akka.event.Logging$;
import akka.event.LoggingAdapter;
import akka.stream.TLSClientAuth$Need$;
import akka.stream.TLSClientAuth$None$;
import akka.stream.TLSClientAuth$Want$;
import com.typesafe.sslconfig.akka.AkkaSSLConfig;
import com.typesafe.sslconfig.akka.util.AkkaLoggerFactory;
import com.typesafe.sslconfig.ssl.ClientAuth;
import com.typesafe.sslconfig.ssl.ClientAuth$Default$;
import com.typesafe.sslconfig.ssl.ClientAuth$Need$;
import com.typesafe.sslconfig.ssl.ClientAuth$None$;
import com.typesafe.sslconfig.ssl.ClientAuth$Want$;
import com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder;
import com.typesafe.sslconfig.ssl.SSLConfigSettings;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import scala.MatchError;
import scala.None$;
import scala.Predef$;
import scala.Some;
import scala.collection.mutable.StringBuilder;
import scala.reflect.ScalaSignature;

/* compiled from: Http.scala */
@ScalaSignature(bytes = "\u0006\u0001\u001d3q!\u0001\u0002\u0011\u0002\u0007\u0005\u0011BA\rEK\u001a\fW\u000f\u001c;T'2\u001buN\u001c;fqR\u001c%/Z1uS>t'BA\u0002\u0005\u0003!\u00198-\u00197bINd'BA\u0003\u0007\u0003\u0011AG\u000f\u001e9\u000b\u0003\u001d\tA!Y6lC\u000e\u00011C\u0001\u0001\u000b!\tYa\"D\u0001\r\u0015\u0005i\u0011!B:dC2\f\u0017BA\b\r\u0005\u0019\te.\u001f*fM\")\u0011\u0003\u0001C\u0001%\u00051A%\u001b8ji\u0012\"\u0012a\u0005\t\u0003\u0017QI!!\u0006\u0007\u0003\tUs\u0017\u000e\u001e\u0005\u0006/\u00011\t\u0002G\u0001\u0007gf\u001cH/Z7\u0016\u0003e\u0001\"AG\u000f\u000e\u0003mQ!\u0001\b\u0004\u0002\u000b\u0005\u001cGo\u001c:\n\u0005yY\"aC!di>\u00148+_:uK6DQ\u0001\t\u0001\u0007\u0012\u0005\n\u0011b]:m\u0007>tg-[4\u0016\u0003\t\u0002\"aI\u0016\u000e\u0003\u0011R!aB\u0013\u000b\u0005\u0019:\u0013!C:tY\u000e|gNZ5h\u0015\tA\u0013&\u0001\u0005usB,7/\u00194f\u0015\u0005Q\u0013aA2p[&\u0011A\u0006\n\u0002\u000e\u0003.\\\u0017mU*M\u0007>tg-[4\t\r9\u0002\u0001\u0015\"\u00030\u0003\rawnZ\u000b\u0002aA\u0011\u0011\u0007N\u0007\u0002e)\u00111GB\u0001\u0006KZ,g\u000e^\u0005\u0003kI\u0012a\u0002T8hO&tw-\u00113baR,'\u000fC\u00038\u0001\u0011\u0005!#A\u0011wC2LG-\u0019;f\u0003:$w+\u0019:o\u0003\n|W\u000f\u001e'p_N,7+\u001a;uS:<7\u000fC\u0003:\u0001\u0011\u0005!(A\u0010de\u0016\fG/\u001a#fM\u0006,H\u000e^\"mS\u0016tG\u000f\u0013;uaN\u001cuN\u001c;fqR$\u0012a\u000f\t\u0003yuj\u0011AA\u0005\u0003}\t\u0011a\u0003\u0013;uaN\u001cuN\u001c8fGRLwN\\\"p]R,\u0007\u0010\u001e\u0005\u0006\u0001\u0002!\t!Q\u0001\u0019GJ,\u0017\r^3TKJ4XM\u001d%uiB\u001c8i\u001c8uKb$HCA\u001eC\u0011\u0015\u0001s\b1\u0001#\u0011\u0015!\u0005\u0001\"\u0001F\u0003a\u0019'/Z1uK\u000ec\u0017.\u001a8u\u0011R$\bo]\"p]R,\u0007\u0010\u001e\u000b\u0003w\u0019CQ\u0001I\"A\u0002\t\u0002")
/* loaded from: input_file:akka/http/scaladsl/DefaultSSLContextCreation.class */
public interface DefaultSSLContextCreation {

    /* compiled from: Http.scala */
    /* renamed from: akka.http.scaladsl.DefaultSSLContextCreation$class, reason: invalid class name */
    /* loaded from: input_file:akka/http/scaladsl/DefaultSSLContextCreation$class.class */
    public abstract class Cclass {
        public static LoggingAdapter akka$http$scaladsl$DefaultSSLContextCreation$$log(DefaultSSLContextCreation defaultSSLContextCreation) {
            return defaultSSLContextCreation.mo617system().log();
        }

        public static void validateAndWarnAboutLooseSettings(DefaultSSLContextCreation defaultSSLContextCreation) {
            if (defaultSSLContextCreation.sslConfig().config().loose().disableHostnameVerification()) {
                akka$http$scaladsl$DefaultSSLContextCreation$$log(defaultSSLContextCreation).warning(new StringBuilder().append("Detected that Hostname Verification is disabled globally (via ssl-config's akka.ssl-config.loose.disableHostnameVerification) for the Http extension! ").append("This is very dangerous and may expose you to man-in-the-middle attacks. If you are forced to interact with a server that is behaving such that you must disable this setting, please disable it for a given connection instead, by configuring a specific HttpsConnectionContext for use only for the trusted target that hostname verification would have blocked.").toString());
            }
            if (defaultSSLContextCreation.sslConfig().config().loose().disableSNI()) {
                akka$http$scaladsl$DefaultSSLContextCreation$$log(defaultSSLContextCreation).warning(new StringBuilder().append("Detected that Server Name Indication (SNI) is disabled globally (via ssl-config's akka.ssl-config.loose.disableSNI) for the Http extension! ").append("This is very dangerous and may expose you to man-in-the-middle attacks. If you are forced to interact with a server that is behaving such that you must disable this setting, please disable it for a given connection instead, by configuring a specific HttpsConnectionContext for use only for the trusted target that hostname verification would have blocked.").toString());
            }
        }

        public static HttpsConnectionContext createDefaultClientHttpsContext(DefaultSSLContextCreation defaultSSLContextCreation) {
            return defaultSSLContextCreation.createClientHttpsContext(defaultSSLContextCreation.sslConfig());
        }

        public static HttpsConnectionContext createServerHttpsContext(DefaultSSLContextCreation defaultSSLContextCreation, AkkaSSLConfig akkaSSLConfig) {
            akka$http$scaladsl$DefaultSSLContextCreation$$log(defaultSSLContextCreation).warning("Automatic server-side configuration is not supported yet, will attempt to use client-side settings. Instead it is recommended to construct the Servers HttpsConnectionContext manually (via SSLContext).");
            return defaultSSLContextCreation.createClientHttpsContext(akkaSSLConfig);
        }

        public static HttpsConnectionContext createClientHttpsContext(DefaultSSLContextCreation defaultSSLContextCreation, AkkaSSLConfig akkaSSLConfig) {
            SSLContext build;
            None$ some;
            SSLConfigSettings config = akkaSSLConfig.config();
            LoggingAdapter apply = Logging$.MODULE$.apply(defaultSSLContextCreation.mo617system(), defaultSSLContextCreation.getClass(), LogSource$.MODULE$.fromAnyClass());
            AkkaLoggerFactory akkaLoggerFactory = new AkkaLoggerFactory(defaultSSLContextCreation.mo617system());
            if (akkaSSLConfig.config().default()) {
                apply.debug("buildSSLContext: ssl-config.default is true, using default SSLContext");
                akkaSSLConfig.validateDefaultTrustManager(config);
                build = SSLContext.getDefault();
            } else {
                build = new ConfigSSLContextBuilder(akkaLoggerFactory, config, akkaSSLConfig.buildKeyManagerFactory(config), akkaSSLConfig.buildTrustManagerFactory(config)).build();
            }
            SSLContext sSLContext = build;
            SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
            String[] protocols = defaultSSLParameters.getProtocols();
            defaultSSLParameters.setProtocols(akkaSSLConfig.configureProtocols(protocols, config));
            String[] configureCipherSuites = akkaSSLConfig.configureCipherSuites(defaultSSLParameters.getCipherSuites(), config);
            defaultSSLParameters.setCipherSuites(configureCipherSuites);
            ClientAuth clientAuth = config.sslParametersConfig().clientAuth();
            if (ClientAuth$Default$.MODULE$.equals(clientAuth)) {
                some = None$.MODULE$;
            } else if (ClientAuth$Want$.MODULE$.equals(clientAuth)) {
                some = new Some(TLSClientAuth$Want$.MODULE$);
            } else if (ClientAuth$Need$.MODULE$.equals(clientAuth)) {
                some = new Some(TLSClientAuth$Need$.MODULE$);
            } else {
                if (!ClientAuth$None$.MODULE$.equals(clientAuth)) {
                    throw new MatchError(clientAuth);
                }
                some = new Some(TLSClientAuth$None$.MODULE$);
            }
            None$ none$ = some;
            if (!akkaSSLConfig.config().loose().disableHostnameVerification()) {
                defaultSSLParameters.setEndpointIdentificationAlgorithm("https");
            }
            return new HttpsConnectionContext(sSLContext, new Some(akkaSSLConfig), new Some(Predef$.MODULE$.refArrayOps(configureCipherSuites).toList()), new Some(Predef$.MODULE$.refArrayOps(protocols).toList()), none$, new Some(defaultSSLParameters), UseHttp2$Negotiated$.MODULE$);
        }

        public static void $init$(DefaultSSLContextCreation defaultSSLContextCreation) {
        }
    }

    /* renamed from: system */
    ActorSystem mo617system();

    AkkaSSLConfig sslConfig();

    void validateAndWarnAboutLooseSettings();

    HttpsConnectionContext createDefaultClientHttpsContext();

    HttpsConnectionContext createServerHttpsContext(AkkaSSLConfig akkaSSLConfig);

    HttpsConnectionContext createClientHttpsContext(AkkaSSLConfig akkaSSLConfig);
}
