package com.twitter.finagle.netty4.ssl.server;

import com.twitter.finagle.netty4.ssl.FinalizedSslContext;
import com.twitter.finagle.netty4.ssl.Netty4SslConfigurations$;
import com.twitter.finagle.netty4.ssl.RefCountedSsl$;
import com.twitter.finagle.ssl.ApplicationProtocols;
import com.twitter.finagle.ssl.Engine;
import com.twitter.finagle.ssl.Engine$;
import com.twitter.finagle.ssl.KeyCredentials;
import com.twitter.finagle.ssl.KeyCredentials$Unspecified$;
import com.twitter.finagle.ssl.SslConfigurationException$;
import com.twitter.finagle.ssl.server.SslServerConfiguration;
import com.twitter.finagle.ssl.server.SslServerEngineFactory$;
import com.twitter.util.Return;
import com.twitter.util.Try;
import com.twitter.util.security.PrivateKeyFile;
import com.twitter.util.security.X509CertificateFile;
import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.File;
import java.security.cert.X509Certificate;
import scala.MatchError;
import scala.collection.Seq$;
import scala.collection.TraversableOnce;
import scala.reflect.ClassTag$;

/* compiled from: Netty4ServerSslConfigurations.scala */
/* loaded from: input_file:com/twitter/finagle/netty4/ssl/server/Netty4ServerSslConfigurations$.class */
public final class Netty4ServerSslConfigurations$ {
    public static Netty4ServerSslConfigurations$ MODULE$;

    static {
        new Netty4ServerSslConfigurations$();
    }

    private SslContextBuilder configureServerApplicationProtocols(SslContextBuilder sslContextBuilder, ApplicationProtocols applicationProtocols) {
        return Netty4SslConfigurations$.MODULE$.configureApplicationProtocols(sslContextBuilder, applicationProtocols, ApplicationProtocolConfig.Protocol.NPN_AND_ALPN);
    }

    private SslContextBuilder startServerWithKey(KeyCredentials keyCredentials) {
        Try<SslContextBuilder> r6;
        if (KeyCredentials$Unspecified$.MODULE$.equals(keyCredentials)) {
            throw SslConfigurationException$.MODULE$.notSupported("KeyCredentials.Unspecified", "Netty4ServerEngineFactory");
        }
        if (keyCredentials instanceof KeyCredentials.CertAndKey) {
            KeyCredentials.CertAndKey certAndKey = (KeyCredentials.CertAndKey) keyCredentials;
            File certificateFile = certAndKey.certificateFile();
            r6 = new PrivateKeyFile(certAndKey.keyFile()).readPrivateKey().flatMap(privateKey -> {
                return new X509CertificateFile(certificateFile).readX509Certificate().map(x509Certificate -> {
                    return SslContextBuilder.forServer(privateKey, new X509Certificate[]{x509Certificate});
                });
            });
        } else if (keyCredentials instanceof KeyCredentials.CertsAndKey) {
            KeyCredentials.CertsAndKey certsAndKey = (KeyCredentials.CertsAndKey) keyCredentials;
            File certificatesFile = certsAndKey.certificatesFile();
            r6 = new PrivateKeyFile(certsAndKey.keyFile()).readPrivateKey().flatMap(privateKey2 -> {
                return new X509CertificateFile(certificatesFile).readX509Certificates().map(seq -> {
                    return SslContextBuilder.forServer(privateKey2, (X509Certificate[]) seq.toArray(ClassTag$.MODULE$.apply(X509Certificate.class)));
                });
            });
        } else if (keyCredentials instanceof KeyCredentials.CertKeyAndChain) {
            KeyCredentials.CertKeyAndChain certKeyAndChain = (KeyCredentials.CertKeyAndChain) keyCredentials;
            File certificateFile2 = certKeyAndChain.certificateFile();
            File keyFile = certKeyAndChain.keyFile();
            File caCertificateFile = certKeyAndChain.caCertificateFile();
            r6 = new PrivateKeyFile(keyFile).readPrivateKey().flatMap(privateKey3 -> {
                return new X509CertificateFile(certificateFile2).readX509Certificate().flatMap(x509Certificate -> {
                    return new X509CertificateFile(caCertificateFile).readX509Certificates().map(seq -> {
                        return SslContextBuilder.forServer(privateKey3, (X509Certificate[]) ((TraversableOnce) seq.$plus$colon(x509Certificate, Seq$.MODULE$.canBuildFrom())).toArray(ClassTag$.MODULE$.apply(X509Certificate.class)));
                    });
                });
            });
        } else {
            if (!(keyCredentials instanceof KeyCredentials.KeyManagerFactory)) {
                throw new MatchError(keyCredentials);
            }
            r6 = new Return<>(SslContextBuilder.forServer(((KeyCredentials.KeyManagerFactory) keyCredentials).keyManagerFactory()));
        }
        return Netty4SslConfigurations$.MODULE$.unwrapTryContextBuilder(r6);
    }

    public SslContext createServerContext(SslServerConfiguration sslServerConfiguration, boolean z) {
        SslContextBuilder configureServerApplicationProtocols = configureServerApplicationProtocols(Netty4SslConfigurations$.MODULE$.configureTrust(Netty4SslConfigurations$.MODULE$.configureProvider(startServerWithKey(sslServerConfiguration.keyCredentials()), z), sslServerConfiguration.trustCredentials()), sslServerConfiguration.applicationProtocols());
        return (z || !RefCountedSsl$.MODULE$.Enabled()) ? configureServerApplicationProtocols.build() : new FinalizedSslContext(configureServerApplicationProtocols.build());
    }

    public Engine createServerEngine(SslServerConfiguration sslServerConfiguration, SslContext sslContext, ByteBufAllocator byteBufAllocator) {
        Engine engine = new Engine(sslContext.newEngine(byteBufAllocator), Engine$.MODULE$.$lessinit$greater$default$2(), Engine$.MODULE$.$lessinit$greater$default$3());
        SslServerEngineFactory$.MODULE$.configureEngine(engine, sslServerConfiguration);
        return engine;
    }

    private Netty4ServerSslConfigurations$() {
        MODULE$ = this;
    }
}
