package com.twitter.finagle.buoyant;

import com.twitter.finagle.ServiceFactory;
import com.twitter.finagle.Stack;
import com.twitter.finagle.Stackable;
import com.twitter.finagle.buoyant.TlsClientPrep;
import com.twitter.finagle.ssl.Engine;
import com.twitter.finagle.ssl.Ssl$;
import com.twitter.finagle.transport.TlsConfig;
import java.io.FileInputStream;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Some;

/* compiled from: TlsClientPrep.scala */
/* loaded from: input_file:com/twitter/finagle/buoyant/TlsClientPrep$.class */
public final class TlsClientPrep$ {
    public static final TlsClientPrep$ MODULE$ = null;
    private final Stack.Role role;
    private final String description;

    static {
        new TlsClientPrep$();
    }

    public Stack.Role role() {
        return this.role;
    }

    public String description() {
        return this.description;
    }

    public <Req, Rsp> Stackable<ServiceFactory<Req, Rsp>> nop() {
        return new Stack.Module0<ServiceFactory<Req, Rsp>>() { // from class: com.twitter.finagle.buoyant.TlsClientPrep$$anon$4
            private final Stack.Role role = TlsClientPrep$.MODULE$.role();
            private final String description = TlsClientPrep$.MODULE$.description();

            public Stack.Role role() {
                return this.role;
            }

            public String description() {
                return this.description;
            }

            public ServiceFactory<Req, Rsp> make(ServiceFactory<Req, Rsp> serviceFactory) {
                return serviceFactory;
            }
        };
    }

    private SSLContext sslContext(String str) {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        keyStore.setCertificateEntry("caCert", certificateFactory.generateCertificate(new FileInputStream(str)));
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
        return sSLContext;
    }

    public Engine addrEngine(String str, Option<String> option, SocketAddress socketAddress) {
        Engine client;
        Engine client2;
        if (socketAddress instanceof InetSocketAddress) {
            InetSocketAddress inetSocketAddress = (InetSocketAddress) socketAddress;
            if (option instanceof Some) {
                client2 = Ssl$.MODULE$.client(sslContext((String) ((Some) option).x()), str, inetSocketAddress.getPort());
            } else {
                if (!None$.MODULE$.equals(option)) {
                    throw new MatchError(option);
                }
                client2 = Ssl$.MODULE$.client(str, inetSocketAddress.getPort());
            }
            client = client2;
        } else {
            client = Ssl$.MODULE$.client();
        }
        return client;
    }

    public TlsConfig mkTlsConfig(String str, Option<String> option) {
        TlsConfig.ClientSslContextAndHostname clientHostname;
        if (option instanceof Some) {
            clientHostname = new TlsConfig.ClientSslContextAndHostname(sslContext((String) ((Some) option).x()), str);
        } else {
            if (!None$.MODULE$.equals(option)) {
                throw new MatchError(option);
            }
            clientHostname = new TlsConfig.ClientHostname(str);
        }
        return clientHostname;
    }

    public <Req, Rsp> TlsClientPrep.Module<Req, Rsp> disable() {
        return new TlsClientPrep$$anon$1();
    }

    /* renamed from: static, reason: not valid java name */
    public <Req, Rsp> TlsClientPrep.Module<Req, Rsp> m33static(String str, Option<String> option) {
        return new TlsClientPrep$$anon$2(str, option);
    }

    public <Req, Rsp> TlsClientPrep.Module<Req, Rsp> withoutCertificateValidation() {
        return new TlsClientPrep$$anon$3();
    }

    private TlsClientPrep$() {
        MODULE$ = this;
        this.role = new Stack.Role("TlsClientPrep");
        this.description = "Configures per-endpoint TLS settings";
    }
}
