package akka.remote.artery.tcp;

import akka.actor.ActorSystem;
import akka.annotation.ApiMayChange;
import akka.event.LogMarker$;
import akka.event.LogSource$;
import akka.event.Logging$;
import akka.event.MarkerLoggingAdapter;
import akka.japi.Util$;
import akka.stream.Client$;
import akka.stream.IgnoreComplete$;
import akka.stream.Server$;
import akka.stream.TLSClosing;
import akka.stream.TLSRole;
import com.typesafe.config.Config;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import scala.None$;
import scala.Option;
import scala.collection.immutable.Set;
import scala.collection.immutable.Set$;
import scala.collection.mutable.StringBuilder;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.util.Try$;

/* compiled from: SSLEngineProvider.scala */
@ApiMayChange
@ScalaSignature(bytes = "\u0006\u0001\tEa\u0001B\u0001\u0003\u0001-\u0011qcQ8oM&<7k\u0015'F]\u001eLg.\u001a)s_ZLG-\u001a:\u000b\u0005\r!\u0011a\u0001;da*\u0011QAB\u0001\u0007CJ$XM]=\u000b\u0005\u001dA\u0011A\u0002:f[>$XMC\u0001\n\u0003\u0011\t7n[1\u0004\u0001M\u0019\u0001\u0001\u0004\n\u0011\u00055\u0001R\"\u0001\b\u000b\u0003=\tQa]2bY\u0006L!!\u0005\b\u0003\r\u0005s\u0017PU3g!\t\u0019B#D\u0001\u0003\u0013\t)\"AA\tT'2+enZ5oKB\u0013xN^5eKJD\u0001b\u0006\u0001\u0003\u0006\u0004%\t\u0002G\u0001\u0007G>tg-[4\u0016\u0003e\u0001\"A\u0007\u0011\u000e\u0003mQ!a\u0006\u000f\u000b\u0005uq\u0012\u0001\u0003;za\u0016\u001c\u0018MZ3\u000b\u0003}\t1aY8n\u0013\t\t3D\u0001\u0004D_:4\u0017n\u001a\u0005\tG\u0001\u0011\t\u0011)A\u00053\u000591m\u001c8gS\u001e\u0004\u0003\u0002C\u0013\u0001\u0005\u000b\u0007I\u0011\u0003\u0014\u0002\u00071|w-F\u0001(!\tA3&D\u0001*\u0015\tQ\u0003\"A\u0003fm\u0016tG/\u0003\u0002-S\t!R*\u0019:lKJdunZ4j]\u001e\fE-\u00199uKJD\u0001B\f\u0001\u0003\u0002\u0003\u0006IaJ\u0001\u0005Y><\u0007\u0005C\u00031\u0001\u0011\u0005\u0011'\u0001\u0004=S:LGO\u0010\u000b\u0004eM\"\u0004CA\n\u0001\u0011\u00159r\u00061\u0001\u001a\u0011\u0015)s\u00061\u0001(\u0011\u0015\u0001\u0004\u0001\"\u00017)\t\u0011t\u0007C\u00039k\u0001\u0007\u0011(\u0001\u0004tsN$X-\u001c\t\u0003uuj\u0011a\u000f\u0006\u0003y!\tQ!Y2u_JL!AP\u001e\u0003\u0017\u0005\u001bGo\u001c:TsN$X-\u001c\u0005\b\u0001\u0002\u0011\r\u0011\"\u0001B\u0003-\u00196\u000bT&fsN#xN]3\u0016\u0003\t\u0003\"a\u0011$\u000f\u00055!\u0015BA#\u000f\u0003\u0019\u0001&/\u001a3fM&\u0011q\t\u0013\u0002\u0007'R\u0014\u0018N\\4\u000b\u0005\u0015s\u0001B\u0002&\u0001A\u0003%!)\u0001\u0007T'2[U-_*u_J,\u0007\u0005C\u0004M\u0001\t\u0007I\u0011A!\u0002\u001bM\u001bF\n\u0016:vgR\u001cFo\u001c:f\u0011\u0019q\u0005\u0001)A\u0005\u0005\u0006q1k\u0015'UeV\u001cHo\u0015;pe\u0016\u0004\u0003b\u0002)\u0001\u0005\u0004%\t!Q\u0001\u0014'Nc5*Z=Ti>\u0014X\rU1tg^|'\u000f\u001a\u0005\u0007%\u0002\u0001\u000b\u0011\u0002\"\u0002)M\u001bFjS3z'R|'/\u001a)bgN<xN\u001d3!\u0011\u001d!\u0006A1A\u0005\u0002\u0005\u000babU*M\u0017\u0016L\b+Y:to>\u0014H\r\u0003\u0004W\u0001\u0001\u0006IAQ\u0001\u0010'Nc5*Z=QCN\u001cxo\u001c:eA!9\u0001\f\u0001b\u0001\n\u0003\t\u0015!F*T\u0019R\u0013Xo\u001d;Ti>\u0014X\rU1tg^|'\u000f\u001a\u0005\u00075\u0002\u0001\u000b\u0011\u0002\"\u0002-M\u001bF\n\u0016:vgR\u001cFo\u001c:f!\u0006\u001c8o^8sI\u0002Bq\u0001\u0018\u0001C\u0002\u0013\u0005Q,\u0001\u000bT'2+e.\u00192mK\u0012\fEnZ8sSRDWn]\u000b\u0002=B\u00191i\u0018\"\n\u0005\u0001D%aA*fi\"1!\r\u0001Q\u0001\ny\u000bQcU*M\u000b:\f'\r\\3e\u00032<wN]5uQ6\u001c\b\u0005C\u0004e\u0001\t\u0007I\u0011A!\u0002\u0017M\u001bF\n\u0015:pi>\u001cw\u000e\u001c\u0005\u0007M\u0002\u0001\u000b\u0011\u0002\"\u0002\u0019M\u001bF\n\u0015:pi>\u001cw\u000e\u001c\u0011\t\u000f!\u0004!\u0019!C\u0001\u0003\u0006A2k\u0015'SC:$w.\u001c(v[\n,'oR3oKJ\fGo\u001c:\t\r)\u0004\u0001\u0015!\u0003C\u0003e\u00196\u000b\u0014*b]\u0012|WNT;nE\u0016\u0014x)\u001a8fe\u0006$xN\u001d\u0011\t\u000f1\u0004!\u0019!C\u0001[\u0006q2k\u0015'SKF,\u0018N]3NkR,\u0018\r\\!vi\",g\u000e^5dCRLwN\\\u000b\u0002]B\u0011Qb\\\u0005\u0003a:\u0011qAQ8pY\u0016\fg\u000e\u0003\u0004s\u0001\u0001\u0006IA\\\u0001 'Nc%+Z9vSJ,W*\u001e;vC2\fU\u000f\u001e5f]RL7-\u0019;j_:\u0004\u0003b\u0002;\u0001\u0005\u0004%\t!\\\u0001\u0015\u0011>\u001cHO\\1nKZ+'/\u001b4jG\u0006$\u0018n\u001c8\t\rY\u0004\u0001\u0015!\u0003o\u0003UAun\u001d;oC6,g+\u001a:jM&\u001c\u0017\r^5p]\u0002B\u0001\u0002\u001f\u0001\t\u0006\u0004%I!_\u0001\u000bgNd7i\u001c8uKb$X#\u0001>\u0011\u0007m\f)!D\u0001}\u0015\tih0A\u0002tg2T1a`A\u0001\u0003\rqW\r\u001e\u0006\u0003\u0003\u0007\tQA[1wCbL1!a\u0002}\u0005)\u00196\u000bT\"p]R,\u0007\u0010\u001e\u0005\n\u0003\u0017\u0001\u0001\u0012!Q!\ni\f1b]:m\u0007>tG/\u001a=uA!9\u0011q\u0002\u0001\u0005\n\u0005E\u0011\u0001E2p]N$(/^2u\u0007>tG/\u001a=u)\u0005Q\bbBA\u000b\u0001\u0011E\u0011qC\u0001\rY>\fGmS3zgR|'/\u001a\u000b\u0007\u00033\tI#!\f\u0011\t\u0005m\u0011QE\u0007\u0003\u0003;QA!a\b\u0002\"\u0005A1/Z2ve&$\u0018P\u0003\u0002\u0002$\u0005!!.\u0019<b\u0013\u0011\t9#!\b\u0003\u0011-+\u0017p\u0015;pe\u0016Dq!a\u000b\u0002\u0014\u0001\u0007!)\u0001\u0005gS2,g.Y7f\u0011\u001d\ty#a\u0005A\u0002\t\u000b\u0001\u0002]1tg^|'\u000f\u001a\u0005\b\u0003g\u0001A\u0011CA\u001b\u0003-YW-_'b]\u0006<WM]:\u0016\u0005\u0005]\u0002#B\u0007\u0002:\u0005u\u0012bAA\u001e\u001d\t)\u0011I\u001d:bsB\u001910a\u0010\n\u0007\u0005\u0005CP\u0001\u0006LKfl\u0015M\\1hKJDq!!\u0012\u0001\t#\t9%A\u0007ueV\u001cH/T1oC\u001e,'o]\u000b\u0003\u0003\u0013\u0002R!DA\u001d\u0003\u0017\u00022a_A'\u0013\r\ty\u0005 \u0002\r)J,8\u000f^'b]\u0006<WM\u001d\u0005\b\u0003'\u0002A\u0011AA+\u0003I\u0019'/Z1uKN+7-\u001e:f%\u0006tGm\\7\u0015\u0005\u0005]\u0003\u0003BA\u000e\u00033JA!a\u0017\u0002\u001e\ta1+Z2ve\u0016\u0014\u0016M\u001c3p[\"9\u0011q\f\u0001\u0005B\u0005\u0005\u0014!F2sK\u0006$XmU3sm\u0016\u00148k\u0015'F]\u001eLg.\u001a\u000b\u0007\u0003G\nI'!\u001c\u0011\u0007m\f)'C\u0002\u0002hq\u0014\u0011bU*M\u000b:<\u0017N\\3\t\u000f\u0005-\u0014Q\fa\u0001\u0005\u0006A\u0001n\\:u]\u0006lW\r\u0003\u0005\u0002p\u0005u\u0003\u0019AA9\u0003\u0011\u0001xN\u001d;\u0011\u00075\t\u0019(C\u0002\u0002v9\u00111!\u00138u\u0011\u001d\tI\b\u0001C!\u0003w\nQc\u0019:fCR,7\t\\5f]R\u001c6\u000bT#oO&tW\r\u0006\u0004\u0002d\u0005u\u0014q\u0010\u0005\b\u0003W\n9\b1\u0001C\u0011!\ty'a\u001eA\u0002\u0005E\u0004bBAB\u0001\u0011%\u0011QQ\u0001\u0010GJ,\u0017\r^3T'2+enZ5oKRA\u00111MAD\u0003/\u000bI\n\u0003\u0005\u0002\n\u0006\u0005\u0005\u0019AAF\u0003\u0011\u0011x\u000e\\3\u0011\t\u00055\u00151S\u0007\u0003\u0003\u001fS1!!%\t\u0003\u0019\u0019HO]3b[&!\u0011QSAH\u0005\u001d!Fj\u0015*pY\u0016Dq!a\u001b\u0002\u0002\u0002\u0007!\t\u0003\u0005\u0002p\u0005\u0005\u0005\u0019AA9\u0011\u001d\t\u0019\t\u0001C\u0005\u0003;#B\"a\u0019\u0002 \u0006\u0005\u00161UAS\u0003OCa\u0001_AN\u0001\u0004Q\b\u0002CAE\u00037\u0003\r!a#\t\u000f\u0005-\u00141\u0014a\u0001\u0005\"A\u0011qNAN\u0001\u0004\t\t\b\u0003\u0006\u0002*\u0006m\u0005\u0013!a\u0001\u0003W\u000bqa\u00197pg&tw\r\u0005\u0003\u0002\u000e\u00065\u0016\u0002BAX\u0003\u001f\u0013!\u0002\u0016'T\u00072|7/\u001b8h\u0011\u001d\t\u0019\f\u0001C!\u0003k\u000b1C^3sS\u001aL8\t\\5f]R\u001cVm]:j_:$b!a.\u0002V\u0006]\u0007#B\u0007\u0002:\u0006u\u0016bAA^\u001d\t1q\n\u001d;j_:\u0004B!a0\u0002P:!\u0011\u0011YAf\u001d\u0011\t\u0019-!3\u000e\u0005\u0005\u0015'bAAd\u0015\u00051AH]8pizJ\u0011aD\u0005\u0004\u0003\u001bt\u0011a\u00029bG.\fw-Z\u0005\u0005\u0003#\f\u0019NA\u0005UQJ|w/\u00192mK*\u0019\u0011Q\u001a\b\t\u000f\u0005-\u0014\u0011\u0017a\u0001\u0005\"A\u0011\u0011\\AY\u0001\u0004\tY.A\u0004tKN\u001c\u0018n\u001c8\u0011\u0007m\fi.C\u0002\u0002`r\u0014!bU*M'\u0016\u001c8/[8o\u0011\u001d\t\u0019\u000f\u0001C!\u0003K\f1C^3sS\u001aL8+\u001a:wKJ\u001cVm]:j_:$b!a.\u0002h\u0006%\bbBA6\u0003C\u0004\rA\u0011\u0005\t\u00033\f\t\u000f1\u0001\u0002\\\"I\u0011Q\u001e\u0001\u0012\u0002\u0013%\u0011q^\u0001\u001aGJ,\u0017\r^3T'2+enZ5oK\u0012\"WMZ1vYR$S'\u0006\u0002\u0002r*\"\u00111VAzW\t\t)\u0010\u0005\u0003\u0002x\n\u0005QBAA}\u0015\u0011\tY0!@\u0002\u0013Ut7\r[3dW\u0016$'bAA��\u001d\u0005Q\u0011M\u001c8pi\u0006$\u0018n\u001c8\n\t\t\r\u0011\u0011 \u0002\u0012k:\u001c\u0007.Z2lK\u00124\u0016M]5b]\u000e,\u0007f\u0001\u0001\u0003\bA!!\u0011\u0002B\u0007\u001b\t\u0011YAC\u0002\u0002��\"IAAa\u0004\u0003\f\ta\u0011\t]5NCf\u001c\u0005.\u00198hK\u0002")
/* loaded from: input_file:akka/remote/artery/tcp/ConfigSSLEngineProvider.class */
public class ConfigSSLEngineProvider implements SSLEngineProvider {
    private final Config config;
    private final MarkerLoggingAdapter log;
    private final String SSLKeyStore;
    private final String SSLTrustStore;
    private final String SSLKeyStorePassword;
    private final String SSLKeyPassword;
    private final String SSLTrustStorePassword;
    private final Set<String> SSLEnabledAlgorithms;
    private final String SSLProtocol;
    private final String SSLRandomNumberGenerator;
    private final boolean SSLRequireMutualAuthentication;
    private final boolean HostnameVerification;
    private SSLContext sslContext;
    private volatile boolean bitmap$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v5 */
    private SSLContext sslContext$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                if (HostnameVerification()) {
                    log().debug("TLS/SSL hostname verification is enabled.");
                } else {
                    log().warning(LogMarker$.MODULE$.Security(), "TLS/SSL hostname verification is disabled. Please configure akka.remote.artery.ssl.config-ssl-engine.hostname-verification=on and ensure the X.509 certificate on the host is correct to remove this warning. See Akka reference documentation for more information.");
                }
                this.sslContext = constructContext();
                this.bitmap$0 = true;
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.sslContext;
        }
    }

    public Config config() {
        return this.config;
    }

    public MarkerLoggingAdapter log() {
        return this.log;
    }

    public String SSLKeyStore() {
        return this.SSLKeyStore;
    }

    public String SSLTrustStore() {
        return this.SSLTrustStore;
    }

    public String SSLKeyStorePassword() {
        return this.SSLKeyStorePassword;
    }

    public String SSLKeyPassword() {
        return this.SSLKeyPassword;
    }

    public String SSLTrustStorePassword() {
        return this.SSLTrustStorePassword;
    }

    public Set<String> SSLEnabledAlgorithms() {
        return this.SSLEnabledAlgorithms;
    }

    public String SSLProtocol() {
        return this.SSLProtocol;
    }

    public String SSLRandomNumberGenerator() {
        return this.SSLRandomNumberGenerator;
    }

    public boolean SSLRequireMutualAuthentication() {
        return this.SSLRequireMutualAuthentication;
    }

    public boolean HostnameVerification() {
        return this.HostnameVerification;
    }

    private SSLContext sslContext() {
        return this.bitmap$0 ? this.sslContext : sslContext$lzycompute();
    }

    private SSLContext constructContext() {
        try {
            SecureRandom createSecureRandom = createSecureRandom();
            SSLContext sSLContext = SSLContext.getInstance(SSLProtocol());
            sSLContext.init(keyManagers(), trustManagers(), createSecureRandom);
            return sSLContext;
        } catch (FileNotFoundException e) {
            throw new SslTransportException("Server SSL connection could not be established because key store could not be loaded", e);
        } catch (IOException e2) {
            throw new SslTransportException(new StringBuilder().append("Server SSL connection could not be established because: ").append(e2.getMessage()).toString(), e2);
        } catch (GeneralSecurityException e3) {
            throw new SslTransportException("Server SSL connection could not be established because SSL context could not be constructed", e3);
        }
    }

    public KeyStore loadKeystore(String str, String str2) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        try {
            keyStore.load(newInputStream, str2.toCharArray());
            Try$.MODULE$.apply(new ConfigSSLEngineProvider$$anonfun$loadKeystore$1(this, newInputStream));
            return keyStore;
        } catch (Throwable th) {
            Try$.MODULE$.apply(new ConfigSSLEngineProvider$$anonfun$loadKeystore$1(this, newInputStream));
            throw th;
        }
    }

    public KeyManager[] keyManagers() {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(loadKeystore(SSLKeyStore(), SSLKeyStorePassword()), SSLKeyPassword().toCharArray());
        return keyManagerFactory.getKeyManagers();
    }

    public TrustManager[] trustManagers() {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(loadKeystore(SSLTrustStore(), SSLTrustStorePassword()));
        return trustManagerFactory.getTrustManagers();
    }

    public SecureRandom createSecureRandom() {
        return SecureRandomFactory$.MODULE$.createSecureRandom(SSLRandomNumberGenerator(), log());
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public SSLEngine createServerSSLEngine(String str, int i) {
        return createSSLEngine(Server$.MODULE$, str, i);
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public SSLEngine createClientSSLEngine(String str, int i) {
        return createSSLEngine(Client$.MODULE$, str, i);
    }

    private SSLEngine createSSLEngine(TLSRole tLSRole, String str, int i) {
        return createSSLEngine(sslContext(), tLSRole, str, i, createSSLEngine$default$5());
    }

    private SSLEngine createSSLEngine(SSLContext sSLContext, TLSRole tLSRole, String str, int i, TLSClosing tLSClosing) {
        SSLEngine createSSLEngine = sSLContext.createSSLEngine(str, i);
        if (HostnameVerification()) {
            SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
            defaultSSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            createSSLEngine.setSSLParameters(defaultSSLParameters);
        }
        Client$ client$ = Client$.MODULE$;
        createSSLEngine.setUseClientMode(tLSRole != null ? tLSRole.equals(client$) : client$ == null);
        createSSLEngine.setEnabledCipherSuites((String[]) SSLEnabledAlgorithms().toArray(ClassTag$.MODULE$.apply(String.class)));
        createSSLEngine.setEnabledProtocols(new String[]{SSLProtocol()});
        Client$ client$2 = Client$.MODULE$;
        if (tLSRole != null ? !tLSRole.equals(client$2) : client$2 != null) {
            if (SSLRequireMutualAuthentication()) {
                createSSLEngine.setNeedClientAuth(true);
            }
        }
        return createSSLEngine;
    }

    private TLSClosing createSSLEngine$default$5() {
        return IgnoreComplete$.MODULE$;
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public Option<Throwable> verifyClientSession(String str, SSLSession sSLSession) {
        return None$.MODULE$;
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public Option<Throwable> verifyServerSession(String str, SSLSession sSLSession) {
        return None$.MODULE$;
    }

    public ConfigSSLEngineProvider(Config config, MarkerLoggingAdapter markerLoggingAdapter) {
        this.config = config;
        this.log = markerLoggingAdapter;
        this.SSLKeyStore = config.getString("key-store");
        this.SSLTrustStore = config.getString("trust-store");
        this.SSLKeyStorePassword = config.getString("key-store-password");
        this.SSLKeyPassword = config.getString("key-password");
        this.SSLTrustStorePassword = config.getString("trust-store-password");
        this.SSLEnabledAlgorithms = (Set) Util$.MODULE$.immutableSeq(config.getStringList("enabled-algorithms")).to(Set$.MODULE$.canBuildFrom());
        this.SSLProtocol = config.getString("protocol");
        this.SSLRandomNumberGenerator = config.getString("random-number-generator");
        this.SSLRequireMutualAuthentication = config.getBoolean("require-mutual-authentication");
        this.HostnameVerification = config.getBoolean("hostname-verification");
    }

    public ConfigSSLEngineProvider(ActorSystem actorSystem) {
        this(actorSystem.settings().config().getConfig("akka.remote.artery.ssl.config-ssl-engine"), Logging$.MODULE$.withMarker(actorSystem, ConfigSSLEngineProvider.class.getName(), LogSource$.MODULE$.fromString()));
    }
}
