package com.twitter.finagle.ssl;

import com.twitter.finagle.ssl.ApplicationProtocols;
import com.twitter.finagle.ssl.CipherSuites;
import com.twitter.finagle.ssl.KeyCredentials;
import com.twitter.finagle.ssl.Protocols;
import com.twitter.finagle.ssl.TrustCredentials;
import com.twitter.util.Return;
import com.twitter.util.Throw;
import com.twitter.util.security.Pkcs8KeyManagerFactory;
import com.twitter.util.security.X509TrustManagerFactory;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.reflect.ClassTag$;
import scala.runtime.BoxedUnit;

/* compiled from: SslConfigurations.scala */
/* loaded from: input_file:com/twitter/finagle/ssl/SslConfigurations$.class */
public final class SslConfigurations$ {
    public static final SslConfigurations$ MODULE$ = null;

    static {
        new SslConfigurations$();
    }

    public Option<KeyManager[]> getKeyManagers(KeyCredentials keyCredentials) {
        None$ some;
        if (KeyCredentials$Unspecified$.MODULE$.equals(keyCredentials)) {
            some = None$.MODULE$;
        } else {
            if (!(keyCredentials instanceof KeyCredentials.CertAndKey)) {
                if (keyCredentials instanceof KeyCredentials.CertKeyAndChain) {
                    throw SslConfigurationException$.MODULE$.notSupported("KeyCredentials.CertKeyAndChain", "SslConfigurations");
                }
                throw new MatchError(keyCredentials);
            }
            KeyCredentials.CertAndKey certAndKey = (KeyCredentials.CertAndKey) keyCredentials;
            Return keyManagers = new Pkcs8KeyManagerFactory(certAndKey.certificateFile(), certAndKey.keyFile()).getKeyManagers();
            if (!(keyManagers instanceof Return)) {
                if (!(keyManagers instanceof Throw)) {
                    throw new MatchError(keyManagers);
                }
                Throwable e = ((Throw) keyManagers).e();
                throw new SslConfigurationException(e.getMessage(), e);
            }
            some = new Some((KeyManager[]) keyManagers.r());
        }
        return some;
    }

    public Option<TrustManager[]> getTrustManagers(TrustCredentials trustCredentials) {
        None$ some;
        if (TrustCredentials$Unspecified$.MODULE$.equals(trustCredentials)) {
            some = None$.MODULE$;
        } else if (TrustCredentials$Insecure$.MODULE$.equals(trustCredentials)) {
            some = new Some(new TrustManager[]{new IgnorantTrustManager()});
        } else {
            if (!(trustCredentials instanceof TrustCredentials.CertCollection)) {
                throw new MatchError(trustCredentials);
            }
            Return trustManagers = new X509TrustManagerFactory(((TrustCredentials.CertCollection) trustCredentials).file()).getTrustManagers();
            if (!(trustManagers instanceof Return)) {
                if (!(trustManagers instanceof Throw)) {
                    throw new MatchError(trustManagers);
                }
                Throwable e = ((Throw) trustManagers).e();
                throw new SslConfigurationException(e.getMessage(), e);
            }
            some = new Some((TrustManager[]) trustManagers.r());
        }
        return some;
    }

    public SSLContext initializeSslContext(KeyCredentials keyCredentials, TrustCredentials trustCredentials) {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init((KeyManager[]) getKeyManagers(keyCredentials).orNull(Predef$.MODULE$.$conforms()), (TrustManager[]) getTrustManagers(trustCredentials).orNull(Predef$.MODULE$.$conforms()), null);
        return sSLContext;
    }

    public void configureCipherSuites(SSLEngine sSLEngine, CipherSuites cipherSuites) {
        if (CipherSuites$Unspecified$.MODULE$.equals(cipherSuites)) {
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (!(cipherSuites instanceof CipherSuites.Enabled)) {
                throw new MatchError(cipherSuites);
            }
            sSLEngine.setEnabledCipherSuites((String[]) ((CipherSuites.Enabled) cipherSuites).ciphers().toArray(ClassTag$.MODULE$.apply(String.class)));
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
    }

    public void configureProtocols(SSLEngine sSLEngine, Protocols protocols) {
        if (Protocols$Unspecified$.MODULE$.equals(protocols)) {
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (!(protocols instanceof Protocols.Enabled)) {
                throw new MatchError(protocols);
            }
            sSLEngine.setEnabledProtocols((String[]) ((Protocols.Enabled) protocols).protocols().toArray(ClassTag$.MODULE$.apply(String.class)));
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
    }

    public void configureHostnameVerification(SSLEngine sSLEngine, Option<String> option) {
        if (!(option instanceof Some)) {
            if (!None$.MODULE$.equals(option)) {
                throw new MatchError(option);
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            SSLParameters sSLParameters = sSLEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            sSLEngine.setSSLParameters(sSLParameters);
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
    }

    public void checkKeyCredentialsNotSupported(String str, KeyCredentials keyCredentials) {
        if (KeyCredentials$Unspecified$.MODULE$.equals(keyCredentials)) {
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (keyCredentials instanceof KeyCredentials.CertAndKey) {
                throw SslConfigurationException$.MODULE$.notSupported("KeyCredentials.CertAndKey", str);
            }
            if (!(keyCredentials instanceof KeyCredentials.CertKeyAndChain)) {
                throw new MatchError(keyCredentials);
            }
            throw SslConfigurationException$.MODULE$.notSupported("KeyCredentials.CertKeyAndChain", str);
        }
    }

    public void checkTrustCredentialsNotSupported(String str, TrustCredentials trustCredentials) {
        if (TrustCredentials$Unspecified$.MODULE$.equals(trustCredentials)) {
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (TrustCredentials$Insecure$.MODULE$.equals(trustCredentials)) {
                throw SslConfigurationException$.MODULE$.notSupported("TrustCredentials.Insecure", str);
            }
            if (!(trustCredentials instanceof TrustCredentials.CertCollection)) {
                throw new MatchError(trustCredentials);
            }
            throw SslConfigurationException$.MODULE$.notSupported("TrustCredentials.CertCollection", str);
        }
    }

    public void checkProtocolsNotSupported(String str, Protocols protocols) {
        if (Protocols$Unspecified$.MODULE$.equals(protocols)) {
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (!(protocols instanceof Protocols.Enabled)) {
                throw new MatchError(protocols);
            }
            throw SslConfigurationException$.MODULE$.notSupported("Protocols.Enabled", str);
        }
    }

    public void checkApplicationProtocolsNotSupported(String str, ApplicationProtocols applicationProtocols) {
        if (ApplicationProtocols$Unspecified$.MODULE$.equals(applicationProtocols)) {
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (!(applicationProtocols instanceof ApplicationProtocols.Supported)) {
                throw new MatchError(applicationProtocols);
            }
            throw SslConfigurationException$.MODULE$.notSupported("ApplicationProtocols.Supported", str);
        }
    }

    public void checkClientAuthNotSupported(String str, ClientAuth clientAuth) {
        if (ClientAuth$Unspecified$.MODULE$.equals(clientAuth)) {
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (ClientAuth$Off$.MODULE$.equals(clientAuth)) {
                throw SslConfigurationException$.MODULE$.notSupported("ClientAuth.Off", str);
            }
            if (ClientAuth$Wanted$.MODULE$.equals(clientAuth)) {
                throw SslConfigurationException$.MODULE$.notSupported("ClientAuth.Wanted", str);
            }
            if (!ClientAuth$Needed$.MODULE$.equals(clientAuth)) {
                throw new MatchError(clientAuth);
            }
            throw SslConfigurationException$.MODULE$.notSupported("ClientAuth.Needed", str);
        }
    }

    private SslConfigurations$() {
        MODULE$ = this;
    }
}
