package zio.http.netty.server;

import java.io.FileInputStream;
import java.io.InputStream;
import java.io.Serializable;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import scala.$less$colon$less$;
import scala.MatchError;
import scala.Option;
import scala.Tuple3;
import scala.Tuple3$;
import scala.reflect.ClassTag$;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.ObjectRef;
import scala.util.Using$Manager$;
import scala.util.Using$Releasable$AutoCloseableIsReleasable$;
import zio.Config;
import zio.http.ClientAuth$Optional$;
import zio.http.ClientAuth$Required$;
import zio.http.SSLConfig;
import zio.http.SSLConfig$Data$FromFile$;
import zio.http.SSLConfig$Data$FromJavaxNetSsl$;
import zio.http.SSLConfig$Data$FromJavaxNetSsl$File$;
import zio.http.SSLConfig$Data$FromJavaxNetSsl$Resource$;
import zio.http.SSLConfig$Data$FromResource$;
import zio.http.SSLConfig$Data$Generate$;
import zio.http.netty.server.SSLUtil;
import zio.http.shaded.netty.handler.ssl.ClientAuth;
import zio.http.shaded.netty.handler.ssl.SslContext;
import zio.http.shaded.netty.handler.ssl.SslContextBuilder;
import zio.http.shaded.netty.pkitesting.CertificateBuilder;
import zio.http.shaded.netty.pkitesting.X509Bundle;

/* compiled from: ServerSSLDecoder.scala */
/* loaded from: input_file:zio/http/netty/server/SSLUtil$.class */
public final class SSLUtil$ implements Serializable {
    public static final SSLUtil$ MODULE$ = new SSLUtil$();

    private SSLUtil$() {
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(SSLUtil$.class);
    }

    public final SSLUtil.SslContextBuilderOps SslContextBuilderOps(SslContextBuilder sslContextBuilder) {
        return new SSLUtil.SslContextBuilderOps(sslContextBuilder);
    }

    public ClientAuth getClientAuth(zio.http.ClientAuth clientAuth) {
        return ClientAuth$Required$.MODULE$.equals(clientAuth) ? ClientAuth.REQUIRE : ClientAuth$Optional$.MODULE$.equals(clientAuth) ? ClientAuth.OPTIONAL : ClientAuth.NONE;
    }

    public SslContext buildSslServerContext(SSLConfig sSLConfig, InputStream inputStream, InputStream inputStream2, Option<InputStream> option) {
        SslContextBuilder forServer = SslContextBuilder.forServer(inputStream, inputStream2);
        option.foreach(inputStream3 -> {
            return forServer.trustManager(inputStream3);
        });
        return SslContextBuilderOps(forServer).buildWithDefaultOptions(sSLConfig);
    }

    public SslContext sslConfigToSslContext(SSLConfig sSLConfig) {
        Tuple3<String, InputStream, Option<Config.Secret>> apply;
        SSLConfig.Data data = sSLConfig.data();
        if (SSLConfig$Data$Generate$.MODULE$.equals(data)) {
            X509Bundle buildSelfSigned = new CertificateBuilder().rsa2048().buildSelfSigned();
            return SslContextBuilderOps(SslContextBuilder.forServer(buildSelfSigned.getKeyPair().getPrivate(), buildSelfSigned.getCertificate())).buildWithDefaultOptions(sSLConfig);
        }
        if (data instanceof SSLConfig.Data.FromFile) {
            SSLConfig.Data.FromFile unapply = SSLConfig$Data$FromFile$.MODULE$.unapply((SSLConfig.Data.FromFile) data);
            String _1 = unapply._1();
            String _2 = unapply._2();
            Option<String> _3 = unapply._3();
            return (SslContext) Using$Manager$.MODULE$.apply(manager -> {
                return MODULE$.buildSslServerContext(sSLConfig, (FileInputStream) manager.apply(new FileInputStream(_1), Using$Releasable$AutoCloseableIsReleasable$.MODULE$), (FileInputStream) manager.apply(new FileInputStream(_2), Using$Releasable$AutoCloseableIsReleasable$.MODULE$), _3.map(str -> {
                    return (FileInputStream) manager.apply(new FileInputStream(str), Using$Releasable$AutoCloseableIsReleasable$.MODULE$);
                }));
            }).get();
        }
        if (data instanceof SSLConfig.Data.FromResource) {
            SSLConfig.Data.FromResource unapply2 = SSLConfig$Data$FromResource$.MODULE$.unapply((SSLConfig.Data.FromResource) data);
            String _12 = unapply2._1();
            String _22 = unapply2._2();
            Option<String> _32 = unapply2._3();
            ClassLoader classLoader = getClass().getClassLoader();
            return (SslContext) Using$Manager$.MODULE$.apply(manager2 -> {
                return MODULE$.buildSslServerContext(sSLConfig, (InputStream) manager2.apply(classLoader.getResourceAsStream(_12), Using$Releasable$AutoCloseableIsReleasable$.MODULE$), (InputStream) manager2.apply(classLoader.getResourceAsStream(_22), Using$Releasable$AutoCloseableIsReleasable$.MODULE$), _32.map(str -> {
                    return (InputStream) manager2.apply(classLoader.getResourceAsStream(str), Using$Releasable$AutoCloseableIsReleasable$.MODULE$);
                }));
            }).get();
        }
        if (!(data instanceof SSLConfig.Data.FromJavaxNetSsl)) {
            throw new MatchError(data);
        }
        SSLConfig.Data.FromJavaxNetSsl unapply3 = SSLConfig$Data$FromJavaxNetSsl$.MODULE$.unapply((SSLConfig.Data.FromJavaxNetSsl) data);
        String _13 = unapply3._1();
        SSLConfig.Data.FromJavaxNetSsl.Source _23 = unapply3._2();
        Option<Config.Secret> _33 = unapply3._3();
        Option<SSLConfig.Data.TrustManagerKeyStore> _4 = unapply3._4();
        if (_23 instanceof SSLConfig.Data.FromJavaxNetSsl.File) {
            apply = Tuple3$.MODULE$.apply(_13, new FileInputStream(SSLConfig$Data$FromJavaxNetSsl$File$.MODULE$.unapply((SSLConfig.Data.FromJavaxNetSsl.File) _23)._1()), _33);
        } else {
            if (!(_23 instanceof SSLConfig.Data.FromJavaxNetSsl.Resource)) {
                throw new MatchError(_23);
            }
            apply = Tuple3$.MODULE$.apply(_13, getClass().getClassLoader().getResourceAsStream(SSLConfig$Data$FromJavaxNetSsl$Resource$.MODULE$.unapply((SSLConfig.Data.FromJavaxNetSsl.Resource) _23)._1()), _33);
        }
        return SslContextBuilderOps(keyManagerTrustManagerToSslContext(apply, _4.map(trustManagerKeyStore -> {
            InputStream resourceAsStream;
            SSLConfig.Data.FromJavaxNetSsl.Source trustManagerSource = trustManagerKeyStore.trustManagerSource();
            if (trustManagerSource instanceof SSLConfig.Data.FromJavaxNetSsl.File) {
                resourceAsStream = new FileInputStream(SSLConfig$Data$FromJavaxNetSsl$File$.MODULE$.unapply((SSLConfig.Data.FromJavaxNetSsl.File) trustManagerSource)._1());
            } else {
                if (!(trustManagerSource instanceof SSLConfig.Data.FromJavaxNetSsl.Resource)) {
                    throw new MatchError(trustManagerSource);
                }
                resourceAsStream = MODULE$.getClass().getClassLoader().getResourceAsStream(SSLConfig$Data$FromJavaxNetSsl$Resource$.MODULE$.unapply((SSLConfig.Data.FromJavaxNetSsl.Resource) trustManagerSource)._1());
            }
            return Tuple3$.MODULE$.apply(trustManagerKeyStore.trustManagerKeyStoreType(), resourceAsStream, trustManagerKeyStore.trustManagerPassword());
        }))).buildWithDefaultOptions(sSLConfig);
    }

    private SslContextBuilder keyManagerTrustManagerToSslContext(Tuple3<String, InputStream, Option<Config.Secret>> tuple3, Option<Tuple3<String, InputStream, Option<Config.Secret>>> option) {
        if (tuple3 == null) {
            throw new MatchError(tuple3);
        }
        String str = (String) tuple3._1();
        InputStream inputStream = (InputStream) tuple3._2();
        Option option2 = (Option) tuple3._3();
        KeyStore keyStore = KeyStore.getInstance(str);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        char[] cArr = (char[]) option2.map(secret -> {
            return (char[]) secret.value().toArray(ClassTag$.MODULE$.apply(Character.TYPE));
        }).orNull($less$colon$less$.MODULE$.refl());
        keyStore.load(inputStream, cArr);
        keyManagerFactory.init(keyStore, cArr);
        Option map = option.map(tuple32 -> {
            if (tuple32 == null) {
                throw new MatchError(tuple32);
            }
            String str2 = (String) tuple32._1();
            InputStream inputStream2 = (InputStream) tuple32._2();
            Option option3 = (Option) tuple32._3();
            KeyStore keyStore2 = KeyStore.getInstance(str2);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            keyStore2.load(inputStream2, (char[]) option3.map(secret2 -> {
                return (char[]) secret2.value().toArray(ClassTag$.MODULE$.apply(Character.TYPE));
            }).orNull($less$colon$less$.MODULE$.refl()));
            trustManagerFactory.init(keyStore2);
            return trustManagerFactory;
        });
        ObjectRef create = ObjectRef.create(SslContextBuilder.forServer(keyManagerFactory));
        map.foreach(trustManagerFactory -> {
            create.elem = ((SslContextBuilder) create.elem).trustManager(trustManagerFactory);
        });
        return (SslContextBuilder) create.elem;
    }
}
