package com.twitter.finagle.ssl.server;

import com.twitter.finagle.ssl.Engine;
import com.twitter.finagle.ssl.KeyCredentials;
import com.twitter.finagle.ssl.KeyCredentials$Unspecified$;
import com.twitter.finagle.ssl.SslConfigurationException;
import com.twitter.finagle.ssl.SslConfigurations$;
import com.twitter.finagle.ssl.TrustCredentials;
import com.twitter.util.Return;
import com.twitter.util.Throw;
import com.twitter.util.Try$;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;

/* compiled from: LegacyKeyServerEngineFactory.scala */
/* loaded from: input_file:com/twitter/finagle/ssl/server/LegacyKeyServerEngineFactory$.class */
public final class LegacyKeyServerEngineFactory$ extends SslServerEngineFactory {
    public static final LegacyKeyServerEngineFactory$ MODULE$ = null;

    static {
        new LegacyKeyServerEngineFactory$();
    }

    private Option<KeyManager[]> getKeyManagers(KeyCredentials keyCredentials) {
        None$ some;
        if (KeyCredentials$Unspecified$.MODULE$.equals(keyCredentials)) {
            some = None$.MODULE$;
        } else if (keyCredentials instanceof KeyCredentials.CertAndKey) {
            KeyCredentials.CertAndKey certAndKey = (KeyCredentials.CertAndKey) keyCredentials;
            Return apply = Try$.MODULE$.apply(new LegacyKeyServerEngineFactory$$anonfun$1(certAndKey.certificateFile(), certAndKey.keyFile()));
            if (!(apply instanceof Return)) {
                if (!(apply instanceof Throw)) {
                    throw new MatchError(apply);
                }
                Throwable e = ((Throw) apply).e();
                throw new SslConfigurationException(e.getMessage(), e);
            }
            some = new Some((KeyManager[]) apply.r());
        } else {
            if (!(keyCredentials instanceof KeyCredentials.CertKeyAndChain)) {
                throw new MatchError(keyCredentials);
            }
            KeyCredentials.CertKeyAndChain certKeyAndChain = (KeyCredentials.CertKeyAndChain) keyCredentials;
            Return apply2 = Try$.MODULE$.apply(new LegacyKeyServerEngineFactory$$anonfun$2(certKeyAndChain.certificateFile(), certKeyAndChain.keyFile(), certKeyAndChain.caCertificateFile()));
            if (!(apply2 instanceof Return)) {
                if (!(apply2 instanceof Throw)) {
                    throw new MatchError(apply2);
                }
                Throwable e2 = ((Throw) apply2).e();
                throw new SslConfigurationException(e2.getMessage(), e2);
            }
            some = new Some((KeyManager[]) apply2.r());
        }
        return some;
    }

    private SSLContext initializeSslContext(KeyCredentials keyCredentials, TrustCredentials trustCredentials) {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init((KeyManager[]) getKeyManagers(keyCredentials).orNull(Predef$.MODULE$.$conforms()), (TrustManager[]) SslConfigurations$.MODULE$.getTrustManagers(trustCredentials).orNull(Predef$.MODULE$.$conforms()), null);
        return sSLContext;
    }

    @Override // com.twitter.finagle.ssl.server.SslServerEngineFactory
    public Engine apply(SslServerConfiguration sslServerConfiguration) {
        SslConfigurations$.MODULE$.checkApplicationProtocolsNotSupported("LegacyKeyServerEngineFactory", sslServerConfiguration.applicationProtocols());
        Engine createEngine = SslServerEngineFactory$.MODULE$.createEngine(initializeSslContext(sslServerConfiguration.keyCredentials(), sslServerConfiguration.trustCredentials()));
        SslServerEngineFactory$.MODULE$.configureEngine(createEngine, sslServerConfiguration);
        return createEngine;
    }

    private LegacyKeyServerEngineFactory$() {
        MODULE$ = this;
    }
}
