package com.twitter.finagle.netty4.ssl.client;

import com.twitter.finagle.Address;
import com.twitter.finagle.netty4.ssl.Netty4SslConfigurations$;
import com.twitter.finagle.ssl.ApplicationProtocols;
import com.twitter.finagle.ssl.Engine;
import com.twitter.finagle.ssl.Engine$;
import com.twitter.finagle.ssl.KeyCredentials;
import com.twitter.finagle.ssl.KeyCredentials$Unspecified$;
import com.twitter.finagle.ssl.client.SslClientConfiguration;
import com.twitter.finagle.ssl.client.SslClientEngineFactory$;
import com.twitter.util.Return;
import com.twitter.util.security.PrivateKeyFile;
import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.File;
import java.net.InetSocketAddress;
import javax.net.ssl.SSLEngine;
import scala.MatchError;

/* compiled from: Netty4ClientSslConfigurations.scala */
/* loaded from: input_file:com/twitter/finagle/netty4/ssl/client/Netty4ClientSslConfigurations$.class */
public final class Netty4ClientSslConfigurations$ {
    public static final Netty4ClientSslConfigurations$ MODULE$ = null;

    static {
        new Netty4ClientSslConfigurations$();
    }

    private SslContextBuilder configureClientApplicationProtocols(SslContextBuilder sslContextBuilder, ApplicationProtocols applicationProtocols) {
        return Netty4SslConfigurations$.MODULE$.configureApplicationProtocols(sslContextBuilder, applicationProtocols, ApplicationProtocolConfig.Protocol.ALPN);
    }

    private SslContextBuilder startClientWithKey(KeyCredentials keyCredentials) {
        Return r12;
        SslContextBuilder forClient = SslContextBuilder.forClient();
        if (KeyCredentials$Unspecified$.MODULE$.equals(keyCredentials)) {
            r12 = new Return(forClient);
        } else if (keyCredentials instanceof KeyCredentials.CertAndKey) {
            KeyCredentials.CertAndKey certAndKey = (KeyCredentials.CertAndKey) keyCredentials;
            r12 = new PrivateKeyFile(certAndKey.keyFile()).readPrivateKey().flatMap(new Netty4ClientSslConfigurations$$anonfun$1(forClient, certAndKey.certificateFile()));
        } else if (keyCredentials instanceof KeyCredentials.CertKeyAndChain) {
            KeyCredentials.CertKeyAndChain certKeyAndChain = (KeyCredentials.CertKeyAndChain) keyCredentials;
            File certificateFile = certKeyAndChain.certificateFile();
            r12 = new PrivateKeyFile(certKeyAndChain.keyFile()).readPrivateKey().flatMap(new Netty4ClientSslConfigurations$$anonfun$2(forClient, certificateFile, certKeyAndChain.caCertificateFile()));
        } else {
            if (!(keyCredentials instanceof KeyCredentials.KeyManagerFactory)) {
                throw new MatchError(keyCredentials);
            }
            r12 = new Return(forClient.keyManager(((KeyCredentials.KeyManagerFactory) keyCredentials).keyManagerFactory()));
        }
        return Netty4SslConfigurations$.MODULE$.unwrapTryContextBuilder(r12);
    }

    public SslContext createClientContext(SslClientConfiguration sslClientConfiguration, boolean z) {
        return configureClientApplicationProtocols(Netty4SslConfigurations$.MODULE$.configureTrust(Netty4SslConfigurations$.MODULE$.configureProvider(startClientWithKey(sslClientConfiguration.keyCredentials()), z), sslClientConfiguration.trustCredentials()), sslClientConfiguration.applicationProtocols()).build();
    }

    public Engine createClientEngine(Address address, SslClientConfiguration sslClientConfiguration, SslContext sslContext, ByteBufAllocator byteBufAllocator) {
        SSLEngine newEngine;
        if (address instanceof Address.Inet) {
            InetSocketAddress addr = ((Address.Inet) address).addr();
            newEngine = sslContext.newEngine(byteBufAllocator, SslClientEngineFactory$.MODULE$.getHostString(addr, sslClientConfiguration), addr.getPort());
        } else {
            newEngine = sslContext.newEngine(byteBufAllocator);
        }
        Engine engine = new Engine(newEngine, Engine$.MODULE$.apply$default$2(), Engine$.MODULE$.apply$default$3());
        SslClientEngineFactory$.MODULE$.configureEngine(engine, sslClientConfiguration);
        return engine;
    }

    private Netty4ClientSslConfigurations$() {
        MODULE$ = this;
    }
}
