package akka.remote.artery.tcp;

import akka.actor.ActorSystem;
import akka.event.LogMarker$;
import akka.event.LogSource;
import akka.event.LogSource$;
import akka.event.Logging$;
import akka.event.MarkerLoggingAdapter;
import akka.remote.artery.tcp.ssl.SSLEngineConfig;
import akka.stream.Client$;
import akka.stream.Server$;
import akka.stream.TLSRole;
import com.typesafe.config.Config;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import scala.None$;
import scala.Option;
import scala.collection.immutable.Set;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.util.Try$;

/* compiled from: ConfigSSLEngineProvider.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005Mh\u0001B\u0015+\u0001MB\u0001B\u0010\u0001\u0003\u0006\u0004%\tb\u0010\u0005\t\u0013\u0002\u0011\t\u0011)A\u0005\u0001\"A!\n\u0001BC\u0002\u0013E1\n\u0003\u0005S\u0001\t\u0005\t\u0015!\u0003M\u0011\u0015\u0019\u0006\u0001\"\u0001U\u0011\u0015\u0019\u0006\u0001\"\u0001Y\u0011\u001d\t\u0007A1A\u0005\n\tDa!\u001b\u0001!\u0002\u0013\u0019\u0007b\u00026\u0001\u0005\u0004%\ta\u001b\u0005\u0007o\u0002\u0001\u000b\u0011\u00027\t\u000fa\u0004!\u0019!C\u0001W\"1\u0011\u0010\u0001Q\u0001\n1DqA\u001f\u0001C\u0002\u0013\u00051\u000e\u0003\u0004|\u0001\u0001\u0006I\u0001\u001c\u0005\by\u0002\u0011\r\u0011\"\u0001l\u0011\u0019i\b\u0001)A\u0005Y\"9a\u0010\u0001b\u0001\n\u0003Y\u0007BB@\u0001A\u0003%A\u000eC\u0005\u0002\u0002\u0001\u0011\r\u0011\"\u0001\u0002\u0004!A\u00111\u0002\u0001!\u0002\u0013\t)\u0001\u0003\u0005\u0002\u000e\u0001\u0011\r\u0011\"\u0001l\u0011\u001d\ty\u0001\u0001Q\u0001\n1D\u0001\"!\u0005\u0001\u0005\u0004%\ta\u001b\u0005\b\u0003'\u0001\u0001\u0015!\u0003m\u0011%\t)\u0002\u0001b\u0001\n\u0003\t9\u0002\u0003\u0005\u0002 \u0001\u0001\u000b\u0011BA\r\u0011%\t\t\u0003\u0001b\u0001\n\u0003\t9\u0002\u0003\u0005\u0002$\u0001\u0001\u000b\u0011BA\r\u0011)\t)\u0003\u0001EC\u0002\u0013%\u0011q\u0005\u0005\b\u0003w\u0001A\u0011BA\u001f\u0011\u001d\ty\u0004\u0001C\t\u0003\u0003Bq!a\u0017\u0001\t#\ti\u0006C\u0004\u0002l\u0001!\t\"!\u001c\t\u000f\u0005]\u0004\u0001\"\u0001\u0002z!9\u0011\u0011\u0011\u0001\u0005B\u0005\r\u0005bBAM\u0001\u0011\u0005\u00131\u0014\u0005\b\u0003C\u0003A\u0011BAR\u0011\u001d\t\t\u000b\u0001C\u0005\u0003sCq!a1\u0001\t\u0003\n)\rC\u0004\u0002l\u0002!\t%!<\u0003/\r{gNZ5h'NcUI\\4j]\u0016\u0004&o\u001c<jI\u0016\u0014(BA\u0016-\u0003\r!8\r\u001d\u0006\u0003[9\na!\u0019:uKJL(BA\u00181\u0003\u0019\u0011X-\\8uK*\t\u0011'\u0001\u0003bW.\f7\u0001A\n\u0004\u0001QR\u0004CA\u001b9\u001b\u00051$\"A\u001c\u0002\u000bM\u001c\u0017\r\\1\n\u0005e2$AB!osJ+g\r\u0005\u0002<y5\t!&\u0003\u0002>U\t\t2k\u0015'F]\u001eLg.\u001a)s_ZLG-\u001a:\u0002\r\r|gNZ5h+\u0005\u0001\u0005CA!H\u001b\u0005\u0011%B\u0001 D\u0015\t!U)\u0001\u0005usB,7/\u00194f\u0015\u00051\u0015aA2p[&\u0011\u0001J\u0011\u0002\u0007\u0007>tg-[4\u0002\u000f\r|gNZ5hA\u0005\u0019An\\4\u0016\u00031\u0003\"!\u0014)\u000e\u00039S!a\u0014\u0019\u0002\u000b\u00154XM\u001c;\n\u0005Es%\u0001F'be.,'\u000fT8hO&tw-\u00113baR,'/\u0001\u0003m_\u001e\u0004\u0013A\u0002\u001fj]&$h\bF\u0002V-^\u0003\"a\u000f\u0001\t\u000by*\u0001\u0019\u0001!\t\u000b)+\u0001\u0019\u0001'\u0015\u0005UK\u0006\"\u0002.\u0007\u0001\u0004Y\u0016AB:zgR,W\u000e\u0005\u0002]?6\tQL\u0003\u0002_a\u0005)\u0011m\u0019;pe&\u0011\u0001-\u0018\u0002\f\u0003\u000e$xN]*zgR,W.A\btg2,enZ5oK\u000e{gNZ5h+\u0005\u0019\u0007C\u00013h\u001b\u0005)'B\u00014+\u0003\r\u00198\u000f\\\u0005\u0003Q\u0016\u0014qbU*M\u000b:<\u0017N\\3D_:4\u0017nZ\u0001\u0011gNdWI\\4j]\u0016\u001cuN\u001c4jO\u0002\n1bU*M\u0017\u0016L8\u000b^8sKV\tA\u000e\u0005\u0002ni:\u0011aN\u001d\t\u0003_Zj\u0011\u0001\u001d\u0006\u0003cJ\na\u0001\u0010:p_Rt\u0014BA:7\u0003\u0019\u0001&/\u001a3fM&\u0011QO\u001e\u0002\u0007'R\u0014\u0018N\\4\u000b\u0005M4\u0014\u0001D*T\u0019.+\u0017p\u0015;pe\u0016\u0004\u0013!D*T\u0019R\u0013Xo\u001d;Ti>\u0014X-\u0001\bT'2#&/^:u'R|'/\u001a\u0011\u0002'M\u001bFjS3z'R|'/\u001a)bgN<xN\u001d3\u0002)M\u001bFjS3z'R|'/\u001a)bgN<xN\u001d3!\u00039\u00196\u000bT&fsB\u000b7o]<pe\u0012\fqbU*M\u0017\u0016L\b+Y:to>\u0014H\rI\u0001\u0016'NcEK];tiN#xN]3QCN\u001cxo\u001c:e\u0003Y\u00196\u000b\u0014+skN$8\u000b^8sKB\u000b7o]<pe\u0012\u0004\u0013\u0001F*T\u0019\u0016s\u0017M\u00197fI\u0006cwm\u001c:ji\"l7/\u0006\u0002\u0002\u0006A!Q.a\u0002m\u0013\r\tIA\u001e\u0002\u0004'\u0016$\u0018!F*T\u0019\u0016s\u0017M\u00197fI\u0006cwm\u001c:ji\"l7\u000fI\u0001\f'Nc\u0005K]8u_\u000e|G.\u0001\u0007T'2\u0003&o\u001c;pG>d\u0007%\u0001\rT'2\u0013\u0016M\u001c3p[:+XNY3s\u000f\u0016tWM]1u_J\f\u0011dU*M%\u0006tGm\\7Ok6\u0014WM]$f]\u0016\u0014\u0018\r^8sA\u0005q2k\u0015'SKF,\u0018N]3NkR,\u0018\r\\!vi\",g\u000e^5dCRLwN\\\u000b\u0003\u00033\u00012!NA\u000e\u0013\r\tiB\u000e\u0002\b\u0005>|G.Z1o\u0003}\u00196\u000b\u0014*fcVL'/Z'viV\fG.Q;uQ\u0016tG/[2bi&|g\u000eI\u0001\u0015\u0011>\u001cHO\\1nKZ+'/\u001b4jG\u0006$\u0018n\u001c8\u0002+!{7\u000f\u001e8b[\u00164VM]5gS\u000e\fG/[8oA\u0005Q1o\u001d7D_:$X\r\u001f;\u0016\u0005\u0005%\u0002\u0003BA\u0016\u0003oi!!!\f\u000b\u0007\u0019\fyC\u0003\u0003\u00022\u0005M\u0012a\u00018fi*\u0011\u0011QG\u0001\u0006U\u00064\u0018\r_\u0005\u0005\u0003s\tiC\u0001\u0006T'2\u001buN\u001c;fqR\f\u0001cY8ogR\u0014Xo\u0019;D_:$X\r\u001f;\u0015\u0005\u0005%\u0012\u0001\u00047pC\u0012\\U-_:u_J,GCBA\"\u0003'\n9\u0006\u0005\u0003\u0002F\u0005=SBAA$\u0015\u0011\tI%a\u0013\u0002\u0011M,7-\u001e:jifT!!!\u0014\u0002\t)\fg/Y\u0005\u0005\u0003#\n9E\u0001\u0005LKf\u001cFo\u001c:f\u0011\u0019\t)f\ba\u0001Y\u0006Aa-\u001b7f]\u0006lW\r\u0003\u0004\u0002Z}\u0001\r\u0001\\\u0001\ta\u0006\u001c8o^8sI\u0006Y1.Z=NC:\fw-\u001a:t+\t\ty\u0006E\u00036\u0003C\n)'C\u0002\u0002dY\u0012Q!\u0011:sCf\u0004B!a\u000b\u0002h%!\u0011\u0011NA\u0017\u0005)YU-_'b]\u0006<WM]\u0001\u000eiJ,8\u000f^'b]\u0006<WM]:\u0016\u0005\u0005=\u0004#B\u001b\u0002b\u0005E\u0004\u0003BA\u0016\u0003gJA!!\u001e\u0002.\taAK];ti6\u000bg.Y4fe\u0006\u00112M]3bi\u0016\u001cVmY;sKJ\u000bg\u000eZ8n)\t\tY\b\u0005\u0003\u0002F\u0005u\u0014\u0002BA@\u0003\u000f\u0012AbU3dkJ,'+\u00198e_6\fQc\u0019:fCR,7+\u001a:wKJ\u001c6\u000bT#oO&tW\r\u0006\u0004\u0002\u0006\u0006-\u0015q\u0012\t\u0005\u0003W\t9)\u0003\u0003\u0002\n\u00065\"!C*T\u0019\u0016sw-\u001b8f\u0011\u0019\tii\ta\u0001Y\u0006A\u0001n\\:u]\u0006lW\rC\u0004\u0002\u0012\u000e\u0002\r!a%\u0002\tA|'\u000f\u001e\t\u0004k\u0005U\u0015bAALm\t\u0019\u0011J\u001c;\u0002+\r\u0014X-\u0019;f\u00072LWM\u001c;T'2+enZ5oKR1\u0011QQAO\u0003?Ca!!$%\u0001\u0004a\u0007bBAII\u0001\u0007\u00111S\u0001\u0010GJ,\u0017\r^3T'2+enZ5oKRA\u0011QQAS\u0003k\u000b9\fC\u0004\u0002(\u0016\u0002\r!!+\u0002\tI|G.\u001a\t\u0005\u0003W\u000b\t,\u0004\u0002\u0002.*\u0019\u0011q\u0016\u0019\u0002\rM$(/Z1n\u0013\u0011\t\u0019,!,\u0003\u000fQc5KU8mK\"1\u0011QR\u0013A\u00021Dq!!%&\u0001\u0004\t\u0019\n\u0006\u0006\u0002\u0006\u0006m\u0016QXA`\u0003\u0003Dq!!\n'\u0001\u0004\tI\u0003C\u0004\u0002(\u001a\u0002\r!!+\t\r\u00055e\u00051\u0001m\u0011\u001d\t\tJ\na\u0001\u0003'\u000b1C^3sS\u001aL8\t\\5f]R\u001cVm]:j_:$b!a2\u0002`\u0006\u0005\b#B\u001b\u0002J\u00065\u0017bAAfm\t1q\n\u001d;j_:\u0004B!a4\u0002Z:!\u0011\u0011[Ak\u001d\ry\u00171[\u0005\u0002o%\u0019\u0011q\u001b\u001c\u0002\u000fA\f7m[1hK&!\u00111\\Ao\u0005%!\u0006N]8xC\ndWMC\u0002\u0002XZBa!!$(\u0001\u0004a\u0007bBArO\u0001\u0007\u0011Q]\u0001\bg\u0016\u001c8/[8o!\u0011\tY#a:\n\t\u0005%\u0018Q\u0006\u0002\u000b'Nc5+Z:tS>t\u0017a\u0005<fe&4\u0017pU3sm\u0016\u00148+Z:tS>tGCBAd\u0003_\f\t\u0010\u0003\u0004\u0002\u000e\"\u0002\r\u0001\u001c\u0005\b\u0003GD\u0003\u0019AAs\u0001")
/* loaded from: input_file:akka/remote/artery/tcp/ConfigSSLEngineProvider.class */
public class ConfigSSLEngineProvider implements SSLEngineProvider {
    private SSLContext sslContext;
    private final Config config;
    private final MarkerLoggingAdapter log;
    private final SSLEngineConfig sslEngineConfig;
    private final String SSLKeyStore;
    private final String SSLTrustStore;
    private final String SSLKeyStorePassword;
    private final String SSLKeyPassword;
    private final String SSLTrustStorePassword;
    private final Set<String> SSLEnabledAlgorithms;
    private final String SSLProtocol;
    private final String SSLRandomNumberGenerator;
    private final boolean SSLRequireMutualAuthentication;
    private final boolean HostnameVerification;
    private volatile boolean bitmap$0;

    public Config config() {
        return this.config;
    }

    public MarkerLoggingAdapter log() {
        return this.log;
    }

    private SSLEngineConfig sslEngineConfig() {
        return this.sslEngineConfig;
    }

    public String SSLKeyStore() {
        return this.SSLKeyStore;
    }

    public String SSLTrustStore() {
        return this.SSLTrustStore;
    }

    public String SSLKeyStorePassword() {
        return this.SSLKeyStorePassword;
    }

    public String SSLKeyPassword() {
        return this.SSLKeyPassword;
    }

    public String SSLTrustStorePassword() {
        return this.SSLTrustStorePassword;
    }

    public Set<String> SSLEnabledAlgorithms() {
        return this.SSLEnabledAlgorithms;
    }

    public String SSLProtocol() {
        return this.SSLProtocol;
    }

    public String SSLRandomNumberGenerator() {
        return this.SSLRandomNumberGenerator;
    }

    public boolean SSLRequireMutualAuthentication() {
        return this.SSLRequireMutualAuthentication;
    }

    public boolean HostnameVerification() {
        return this.HostnameVerification;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v8, types: [akka.remote.artery.tcp.ConfigSSLEngineProvider] */
    private SSLContext sslContext$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                if (HostnameVerification()) {
                    log().debug("TLS/SSL hostname verification is enabled.");
                } else {
                    log().info(LogMarker$.MODULE$.Security(), "TLS/SSL hostname verification is disabled. See Akka reference documentation for more information.");
                }
                this.sslContext = constructContext();
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        return this.sslContext;
    }

    private SSLContext sslContext() {
        return !this.bitmap$0 ? sslContext$lzycompute() : this.sslContext;
    }

    private SSLContext constructContext() {
        try {
            SecureRandom createSecureRandom = createSecureRandom();
            SSLContext sSLContext = SSLContext.getInstance(SSLProtocol());
            sSLContext.init(keyManagers(), trustManagers(), createSecureRandom);
            return sSLContext;
        } catch (FileNotFoundException e) {
            throw new SslTransportException("Server SSL connection could not be established because key store could not be loaded", e);
        } catch (IOException e2) {
            throw new SslTransportException(new StringBuilder(56).append("Server SSL connection could not be established because: ").append(e2.getMessage()).toString(), e2);
        } catch (GeneralSecurityException e3) {
            throw new SslTransportException("Server SSL connection could not be established because SSL context could not be constructed", e3);
        }
    }

    public KeyStore loadKeystore(String str, String str2) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        try {
            keyStore.load(newInputStream, str2.toCharArray());
            return keyStore;
        } finally {
            Try$.MODULE$.apply(() -> {
                newInputStream.close();
            });
        }
    }

    public KeyManager[] keyManagers() {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(loadKeystore(SSLKeyStore(), SSLKeyStorePassword()), SSLKeyPassword().toCharArray());
        return keyManagerFactory.getKeyManagers();
    }

    public TrustManager[] trustManagers() {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(loadKeystore(SSLTrustStore(), SSLTrustStorePassword()));
        return trustManagerFactory.getTrustManagers();
    }

    public SecureRandom createSecureRandom() {
        return SecureRandomFactory$.MODULE$.createSecureRandom(SSLRandomNumberGenerator(), log());
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public SSLEngine createServerSSLEngine(String str, int i) {
        return createSSLEngine(Server$.MODULE$, str, i);
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public SSLEngine createClientSSLEngine(String str, int i) {
        return createSSLEngine(Client$.MODULE$, str, i);
    }

    private SSLEngine createSSLEngine(TLSRole tLSRole, String str, int i) {
        return createSSLEngine(sslContext(), tLSRole, str, i);
    }

    private SSLEngine createSSLEngine(SSLContext sSLContext, TLSRole tLSRole, String str, int i) {
        SSLEngine createSSLEngine = sSLContext.createSSLEngine(str, i);
        if (HostnameVerification()) {
            Client$ client$ = Client$.MODULE$;
            if (tLSRole != null ? tLSRole.equals(client$) : client$ == null) {
                SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
                defaultSSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
                createSSLEngine.setSSLParameters(defaultSSLParameters);
            }
        }
        Client$ client$2 = Client$.MODULE$;
        createSSLEngine.setUseClientMode(tLSRole != null ? tLSRole.equals(client$2) : client$2 == null);
        createSSLEngine.setEnabledCipherSuites((String[]) SSLEnabledAlgorithms().toArray(ClassTag$.MODULE$.apply(String.class)));
        createSSLEngine.setEnabledProtocols(new String[]{SSLProtocol()});
        Client$ client$3 = Client$.MODULE$;
        if (tLSRole != null ? !tLSRole.equals(client$3) : client$3 != null) {
            if (SSLRequireMutualAuthentication()) {
                createSSLEngine.setNeedClientAuth(true);
            }
        }
        return createSSLEngine;
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public Option<Throwable> verifyClientSession(String str, SSLSession sSLSession) {
        return None$.MODULE$;
    }

    @Override // akka.remote.artery.tcp.SSLEngineProvider
    public Option<Throwable> verifyServerSession(String str, SSLSession sSLSession) {
        return None$.MODULE$;
    }

    public ConfigSSLEngineProvider(Config config, MarkerLoggingAdapter markerLoggingAdapter) {
        this.config = config;
        this.log = markerLoggingAdapter;
        this.sslEngineConfig = new SSLEngineConfig(config);
        this.SSLKeyStore = config.getString("key-store");
        this.SSLTrustStore = config.getString("trust-store");
        this.SSLKeyStorePassword = config.getString("key-store-password");
        this.SSLKeyPassword = config.getString("key-password");
        this.SSLTrustStorePassword = config.getString("trust-store-password");
        this.SSLEnabledAlgorithms = sslEngineConfig().SSLEnabledAlgorithms();
        this.SSLProtocol = sslEngineConfig().SSLProtocol();
        this.SSLRandomNumberGenerator = sslEngineConfig().SSLRandomNumberGenerator();
        this.SSLRequireMutualAuthentication = sslEngineConfig().SSLRequireMutualAuthentication();
        this.HostnameVerification = sslEngineConfig().HostnameVerification();
    }

    public ConfigSSLEngineProvider(ActorSystem actorSystem) {
        this(actorSystem.settings().config().getConfig("akka.remote.artery.ssl.config-ssl-engine"), Logging$.MODULE$.withMarker(actorSystem, (ActorSystem) ConfigSSLEngineProvider.class.getName(), (LogSource<ActorSystem>) LogSource$.MODULE$.fromString()));
    }
}
