package akka.remote.transport.netty;

import akka.event.LoggingAdapter;
import akka.remote.RemoteTransportException;
import akka.remote.security.provider.AkkaProvider$;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.jboss.netty.handler.ssl.SslHandler;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Some;
import scala.StringContext;
import scala.Tuple3;
import scala.Tuple4;
import scala.collection.immutable.StringOps;
import scala.collection.mutable.StringBuilder;
import scala.reflect.ClassTag$;
import scala.util.Try$;

/* compiled from: NettySSLSupport.scala */
/* loaded from: input_file:akka/remote/transport/netty/NettySSLSupport$.class */
public final class NettySSLSupport$ {
    public static final NettySSLSupport$ MODULE$ = null;

    static {
        new NettySSLSupport$();
    }

    public SslHandler apply(SSLSettings sSLSettings, LoggingAdapter loggingAdapter, boolean z) {
        return z ? initializeClientSSL(sSLSettings, loggingAdapter) : initializeServerSSL(sSLSettings, loggingAdapter);
    }

    public SecureRandom initializeCustomSecureRandom(Option<String> option, LoggingAdapter loggingAdapter) {
        SecureRandom secureRandom;
        boolean z = false;
        Some some = null;
        if (option instanceof Some) {
            z = true;
            some = (Some) option;
            String str = (String) some.x();
            if ("AES128CounterSecureRNG".equals(str) ? true : "AES256CounterSecureRNG".equals(str) ? true : "AES128CounterInetRNG".equals(str) ? true : "AES256CounterInetRNG".equals(str)) {
                loggingAdapter.debug("SSL random number generator set to: {}", str);
                secureRandom = SecureRandom.getInstance(str, AkkaProvider$.MODULE$);
                SecureRandom secureRandom2 = secureRandom;
                secureRandom2.nextInt();
                return secureRandom2;
            }
        }
        if (z) {
            String str2 = (String) some.x();
            if ("SHA1PRNG".equals(str2) ? true : "NativePRNG".equals(str2)) {
                loggingAdapter.debug(new StringBuilder().append((Object) "SSL random number generator set to: ").append((Object) str2).toString());
                secureRandom = SecureRandom.getInstance(str2);
                SecureRandom secureRandom22 = secureRandom;
                secureRandom22.nextInt();
                return secureRandom22;
            }
        }
        if (z) {
            loggingAdapter.debug("Unknown SSLRandomNumberGenerator [{}] falling back to SecureRandom", (String) some.x());
            secureRandom = new SecureRandom();
        } else {
            if (!None$.MODULE$.equals(option)) {
                throw new MatchError(option);
            }
            loggingAdapter.debug("SSLRandomNumberGenerator not specified, falling back to SecureRandom");
            secureRandom = new SecureRandom();
        }
        SecureRandom secureRandom222 = secureRandom;
        secureRandom222.nextInt();
        return secureRandom222;
    }

    public SslHandler initializeClientSSL(SSLSettings sSLSettings, LoggingAdapter loggingAdapter) {
        loggingAdapter.debug("Client SSL is enabled, initialising ...");
        Tuple3 tuple3 = new Tuple3(sSLSettings.SSLTrustStore(), sSLSettings.SSLTrustStorePassword(), sSLSettings.SSLProtocol());
        if (tuple3 != null) {
            Option option = (Option) tuple3._1();
            Option option2 = (Option) tuple3._2();
            Option option3 = (Option) tuple3._3();
            if (option instanceof Some) {
                String str = (String) ((Some) option).x();
                if (option2 instanceof Some) {
                    String str2 = (String) ((Some) option2).x();
                    if (option3 instanceof Some) {
                        Option constructClientContext$1 = constructClientContext$1(sSLSettings, loggingAdapter, str, str2, (String) ((Some) option3).x());
                        if (!(constructClientContext$1 instanceof Some)) {
                            if (None$.MODULE$.equals(constructClientContext$1)) {
                                throw new GeneralSecurityException(new StringOps(Predef$.MODULE$.augmentString("Failed to initialize client SSL because SSL context could not be found.\" +\n              \"Make sure your settings are correct: [trust-store: %s] [trust-store-password: %s] [protocol: %s]")).format(Predef$.MODULE$.genericWrapArray(new Object[]{sSLSettings.SSLTrustStore(), sSLSettings.SSLTrustStorePassword(), sSLSettings.SSLProtocol()})));
                            }
                            throw new MatchError(constructClientContext$1);
                        }
                        SSLContext sSLContext = (SSLContext) ((Some) constructClientContext$1).x();
                        loggingAdapter.debug("Using client SSL context to create SSLEngine ...");
                        SSLEngine createSSLEngine = sSLContext.createSSLEngine();
                        createSSLEngine.setUseClientMode(true);
                        createSSLEngine.setEnabledCipherSuites((String[]) sSLSettings.SSLEnabledAlgorithms().toArray(ClassTag$.MODULE$.apply(String.class)));
                        return new SslHandler(createSSLEngine);
                    }
                }
            }
        }
        if (tuple3 == null) {
            throw new MatchError(tuple3);
        }
        throw new GeneralSecurityException(new StringOps(Predef$.MODULE$.augmentString("One or several SSL trust store settings are missing: [trust-store: %s] [trust-store-password: %s] [protocol: %s]")).format(Predef$.MODULE$.genericWrapArray(new Object[]{(Option) tuple3._1(), (Option) tuple3._2(), (Option) tuple3._3()})));
    }

    public SslHandler initializeServerSSL(SSLSettings sSLSettings, LoggingAdapter loggingAdapter) {
        loggingAdapter.debug("Server SSL is enabled, initialising ...");
        Tuple4 tuple4 = new Tuple4(sSLSettings.SSLKeyStore(), sSLSettings.SSLKeyStorePassword(), sSLSettings.SSLKeyPassword(), sSLSettings.SSLProtocol());
        if (tuple4 != null) {
            Option option = (Option) tuple4._1();
            Option option2 = (Option) tuple4._2();
            Option option3 = (Option) tuple4._3();
            Option option4 = (Option) tuple4._4();
            if (option instanceof Some) {
                String str = (String) ((Some) option).x();
                if (option2 instanceof Some) {
                    String str2 = (String) ((Some) option2).x();
                    if (option3 instanceof Some) {
                        String str3 = (String) ((Some) option3).x();
                        if (option4 instanceof Some) {
                            Option constructServerContext$1 = constructServerContext$1(sSLSettings, loggingAdapter, str, str2, str3, (String) ((Some) option4).x());
                            if (!(constructServerContext$1 instanceof Some)) {
                                if (None$.MODULE$.equals(constructServerContext$1)) {
                                    throw new GeneralSecurityException(new StringOps(Predef$.MODULE$.augmentString("Failed to initialize server SSL because SSL context could not be found.\n           Make sure your settings are correct: [key-store: %s] [key-store-password: %s] [protocol: %s]")).format(Predef$.MODULE$.genericWrapArray(new Object[]{sSLSettings.SSLKeyStore(), sSLSettings.SSLKeyStorePassword(), sSLSettings.SSLProtocol()})));
                                }
                                throw new MatchError(constructServerContext$1);
                            }
                            SSLContext sSLContext = (SSLContext) ((Some) constructServerContext$1).x();
                            loggingAdapter.debug("Using server SSL context to create SSLEngine ...");
                            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
                            createSSLEngine.setUseClientMode(false);
                            createSSLEngine.setEnabledCipherSuites((String[]) sSLSettings.SSLEnabledAlgorithms().toArray(ClassTag$.MODULE$.apply(String.class)));
                            return new SslHandler(createSSLEngine);
                        }
                    }
                }
            }
        }
        if (tuple4 == null) {
            throw new MatchError(tuple4);
        }
        throw new GeneralSecurityException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"SSL key store settings went missing. [key-store: ", "] [key-store-password: ", "] [key-password: ", "] [protocol: ", DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END})).s(Predef$.MODULE$.genericWrapArray(new Object[]{(Option) tuple4._1(), (Option) tuple4._2(), (Option) tuple4._3(), (Option) tuple4._4()})));
    }

    private final Option constructClientContext$1(SSLSettings sSLSettings, LoggingAdapter loggingAdapter, String str, String str2, String str3) {
        try {
            SecureRandom initializeCustomSecureRandom = initializeCustomSecureRandom(sSLSettings.SSLRandomNumberGenerator(), loggingAdapter);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = new FileInputStream(str);
            try {
                keyStore.load(fileInputStream, str2.toCharArray());
                Try$.MODULE$.apply(new NettySSLSupport$$anonfun$1(fileInputStream));
                trustManagerFactory.init(keyStore);
                return Option$.MODULE$.apply(SSLContext.getInstance(str3)).map(new NettySSLSupport$$anonfun$constructClientContext$1$1(initializeCustomSecureRandom, trustManagerFactory.getTrustManagers()));
            } catch (Throwable th) {
                Try$.MODULE$.apply(new NettySSLSupport$$anonfun$1(fileInputStream));
                throw th;
            }
        } catch (FileNotFoundException e) {
            throw new RemoteTransportException("Client SSL connection could not be established because trust store could not be loaded", e);
        } catch (IOException e2) {
            throw new RemoteTransportException(new StringBuilder().append((Object) "Client SSL connection could not be established because: ").append((Object) e2.getMessage()).toString(), e2);
        } catch (GeneralSecurityException e3) {
            throw new RemoteTransportException("Client SSL connection could not be established because SSL context could not be constructed", e3);
        }
    }

    private final Option constructServerContext$1(SSLSettings sSLSettings, LoggingAdapter loggingAdapter, String str, String str2, String str3, String str4) {
        try {
            SecureRandom initializeCustomSecureRandom = initializeCustomSecureRandom(sSLSettings.SSLRandomNumberGenerator(), loggingAdapter);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = new FileInputStream(str);
            try {
                keyStore.load(fileInputStream, str2.toCharArray());
                Try$.MODULE$.apply(new NettySSLSupport$$anonfun$constructServerContext$1$1(fileInputStream));
                keyManagerFactory.init(keyStore, str3.toCharArray());
                return Option$.MODULE$.apply(SSLContext.getInstance(str4)).map(new NettySSLSupport$$anonfun$constructServerContext$1$2(initializeCustomSecureRandom, keyManagerFactory, sSLSettings.SSLTrustStore().map(new NettySSLSupport$$anonfun$2(sSLSettings))));
            } catch (Throwable th) {
                Try$.MODULE$.apply(new NettySSLSupport$$anonfun$constructServerContext$1$1(fileInputStream));
                throw th;
            }
        } catch (FileNotFoundException e) {
            throw new RemoteTransportException("Server SSL connection could not be established because key store could not be loaded", e);
        } catch (IOException e2) {
            throw new RemoteTransportException(new StringBuilder().append((Object) "Server SSL connection could not be established because: ").append((Object) e2.getMessage()).toString(), e2);
        } catch (GeneralSecurityException e3) {
            throw new RemoteTransportException("Server SSL connection could not be established because SSL context could not be constructed", e3);
        }
    }

    private NettySSLSupport$() {
        MODULE$ = this;
        Security.addProvider(AkkaProvider$.MODULE$);
    }
}
