package otoroshi.ssl;

import com.typesafe.config.Config;
import com.typesafe.sslconfig.ssl.Ciphers$;
import com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder;
import com.typesafe.sslconfig.ssl.DefaultKeyManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.DefaultTrustManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.KeyManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.Protocols$;
import com.typesafe.sslconfig.ssl.SSLConfigFactory$;
import com.typesafe.sslconfig.ssl.SSLConfigSettings;
import com.typesafe.sslconfig.ssl.TrustManagerFactoryWrapper;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import play.api.Logger;
import play.api.Logger$;
import scala.Function0;
import scala.MatchError;
import scala.None$;
import scala.Predef$;
import scala.Some;
import scala.Tuple2;
import scala.collection.TraversableOnce;
import scala.collection.immutable.Seq;
import scala.collection.mutable.ArrayOps;
import scala.reflect.ClassTag$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: dyn.scala */
/* loaded from: input_file:otoroshi/ssl/DynamicSSLContext$.class */
public final class DynamicSSLContext$ {
    public static DynamicSSLContext$ MODULE$;
    private final Logger logger;
    private final PlayLoggerFactory otoroshi$ssl$DynamicSSLContext$$mkLogger;

    static {
        new DynamicSSLContext$();
    }

    private Logger logger() {
        return this.logger;
    }

    public PlayLoggerFactory otoroshi$ssl$DynamicSSLContext$$mkLogger() {
        return this.otoroshi$ssl$DynamicSSLContext$$mkLogger;
    }

    public SSLContext fromConfig(Function0<ConfigAndHash> function0) {
        return fromSSLConfig(() -> {
            ConfigAndHash configAndHash = (ConfigAndHash) function0.apply();
            if (configAndHash == null) {
                throw new MatchError(configAndHash);
            }
            Tuple2 tuple2 = new Tuple2(configAndHash.config(), configAndHash.hash());
            Config config = (Config) tuple2._1();
            return new SSLConfigAndHash(SSLConfigFactory$.MODULE$.parse(config), (String) tuple2._2());
        });
    }

    public SSLContext fromSSLConfig(final Function0<SSLConfigAndHash> function0) {
        return new SSLContext(function0) { // from class: otoroshi.ssl.DynamicSSLContext$$anon$1
            {
                super(new SSLContextSpi(function0) { // from class: otoroshi.ssl.DynamicSSLContext$$anon$1$$anon$2
                    private final AtomicReference<String> lastHash = new AtomicReference<>("none");
                    private final AtomicReference<SSLContext> lastCtx = new AtomicReference<>();
                    private final AtomicReference<SSLConfigSettings> lastConfig = new AtomicReference<>();
                    private final Function0 config$2;

                    private AtomicReference<String> lastHash() {
                        return this.lastHash;
                    }

                    private AtomicReference<SSLContext> lastCtx() {
                        return this.lastCtx;
                    }

                    private AtomicReference<SSLConfigSettings> lastConfig() {
                        return this.lastConfig;
                    }

                    private void looseDisableSNI(SSLConfigSettings sSLConfigSettings, SSLParameters sSLParameters) {
                        if (sSLConfigSettings.loose().disableSNI()) {
                            sSLParameters.setServerNames(Collections.emptyList());
                            sSLParameters.setSNIMatchers(Collections.emptyList());
                        }
                    }

                    private KeyManagerFactoryWrapper buildKeyManagerFactory(SSLConfigSettings sSLConfigSettings) {
                        return new DefaultKeyManagerFactoryWrapper(sSLConfigSettings.keyManagerConfig().algorithm());
                    }

                    private TrustManagerFactoryWrapper buildTrustManagerFactory(SSLConfigSettings sSLConfigSettings) {
                        return new DefaultTrustManagerFactoryWrapper(sSLConfigSettings.trustManagerConfig().algorithm());
                    }

                    private String[] configureProtocols(String[] strArr, SSLConfigSettings sSLConfigSettings) {
                        String[] strArr2;
                        Some enabledProtocols = sSLConfigSettings.enabledProtocols();
                        if (enabledProtocols instanceof Some) {
                            Seq seq = (Seq) enabledProtocols.value();
                            Object[] refArrayOps = Predef$.MODULE$.refArrayOps(strArr);
                            strArr2 = (String[]) ((TraversableOnce) seq.filter(obj -> {
                                return BoxesRunTime.boxToBoolean($anonfun$configureProtocols$1(refArrayOps, obj));
                            })).toArray(ClassTag$.MODULE$.apply(String.class));
                        } else {
                            if (!None$.MODULE$.equals(enabledProtocols)) {
                                throw new MatchError(enabledProtocols);
                            }
                            ArrayOps.ofRef ofref = new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(Protocols$.MODULE$.recommendedProtocols()));
                            Object[] refArrayOps2 = Predef$.MODULE$.refArrayOps(strArr);
                            strArr2 = (String[]) ofref.filter(obj2 -> {
                                return BoxesRunTime.boxToBoolean($anonfun$configureProtocols$2(refArrayOps2, obj2));
                            });
                        }
                        String[] strArr3 = strArr2;
                        if (!sSLConfigSettings.loose().allowWeakProtocols()) {
                            Protocols$.MODULE$.deprecatedProtocols().foreach(str -> {
                                $anonfun$configureProtocols$3(strArr3, str);
                                return BoxedUnit.UNIT;
                            });
                        }
                        return strArr3;
                    }

                    private String[] configureCipherSuites(String[] strArr, SSLConfigSettings sSLConfigSettings) {
                        String[] strArr2;
                        Some enabledCipherSuites = sSLConfigSettings.enabledCipherSuites();
                        if (enabledCipherSuites instanceof Some) {
                            strArr2 = (String[]) ((TraversableOnce) ((Seq) enabledCipherSuites.value()).filter(str -> {
                                return BoxesRunTime.boxToBoolean($anonfun$configureCipherSuites$1(strArr, str));
                            })).toArray(ClassTag$.MODULE$.apply(String.class));
                        } else {
                            if (!None$.MODULE$.equals(enabledCipherSuites)) {
                                throw new MatchError(enabledCipherSuites);
                            }
                            strArr2 = (String[]) ((TraversableOnce) Ciphers$.MODULE$.recommendedCiphers().filter(str2 -> {
                                return BoxesRunTime.boxToBoolean($anonfun$configureCipherSuites$2(strArr, str2));
                            })).toArray(ClassTag$.MODULE$.apply(String.class));
                        }
                        String[] strArr3 = strArr2;
                        if (!sSLConfigSettings.loose().allowWeakCiphers()) {
                            Ciphers$.MODULE$.deprecatedCiphers().foreach(str3 -> {
                                $anonfun$configureCipherSuites$3(strArr3, str3);
                                return BoxedUnit.UNIT;
                            });
                        }
                        return strArr3;
                    }

                    private SSLConfigSettings getConfig() {
                        return lastConfig().get();
                    }

                    private SSLContext getCtx() {
                        SSLConfigSettings sSLConfigSettings = lastConfig().get();
                        SSLContext sSLContext = lastCtx().get();
                        SSLConfigAndHash sSLConfigAndHash = (SSLConfigAndHash) this.config$2.apply();
                        if (sSLConfigAndHash == null) {
                            throw new MatchError(sSLConfigAndHash);
                        }
                        Tuple2 tuple2 = new Tuple2(sSLConfigAndHash.config(), sSLConfigAndHash.hash());
                        SSLConfigSettings sSLConfigSettings2 = (SSLConfigSettings) tuple2._1();
                        String str = (String) tuple2._2();
                        if (sSLConfigSettings != null && sSLContext != null) {
                            String str2 = lastHash().get();
                            if (str != null ? str.equals(str2) : str2 == null) {
                                return sSLContext;
                            }
                        }
                        SSLContext build = new ConfigSSLContextBuilder(DynamicSSLContext$.MODULE$.otoroshi$ssl$DynamicSSLContext$$mkLogger(), sSLConfigSettings2, buildKeyManagerFactory(sSLConfigSettings2), buildTrustManagerFactory(sSLConfigSettings2)).build();
                        lastConfig().set(sSLConfigSettings2);
                        lastCtx().set(build);
                        return build;
                    }

                    private SSLEngine createSSLEngine() {
                        SSLParameters defaultSSLParameters = getCtx().getDefaultSSLParameters();
                        String[] protocols = defaultSSLParameters.getProtocols();
                        SSLConfigSettings config = getConfig();
                        String[] configureProtocols = configureProtocols(protocols, config);
                        String[] configureCipherSuites = configureCipherSuites(defaultSSLParameters.getCipherSuites(), config);
                        looseDisableSNI(config, defaultSSLParameters);
                        SSLEngine createSSLEngine = getCtx().createSSLEngine();
                        createSSLEngine.setSSLParameters(getCtx().getDefaultSSLParameters());
                        createSSLEngine.setEnabledProtocols(configureProtocols);
                        createSSLEngine.setEnabledCipherSuites(configureCipherSuites);
                        return createSSLEngine;
                    }

                    @Override // javax.net.ssl.SSLContextSpi
                    public SSLEngine engineCreateSSLEngine() {
                        return createSSLEngine();
                    }

                    @Override // javax.net.ssl.SSLContextSpi
                    public SSLEngine engineCreateSSLEngine(String str, int i) {
                        return engineCreateSSLEngine();
                    }

                    @Override // javax.net.ssl.SSLContextSpi
                    public void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) {
                    }

                    @Override // javax.net.ssl.SSLContextSpi
                    public SSLSessionContext engineGetClientSessionContext() {
                        return getCtx().getClientSessionContext();
                    }

                    @Override // javax.net.ssl.SSLContextSpi
                    public SSLSessionContext engineGetServerSessionContext() {
                        return getCtx().getServerSessionContext();
                    }

                    @Override // javax.net.ssl.SSLContextSpi
                    public SSLSocketFactory engineGetSocketFactory() {
                        return getCtx().getSocketFactory();
                    }

                    @Override // javax.net.ssl.SSLContextSpi
                    public SSLServerSocketFactory engineGetServerSocketFactory() {
                        return getCtx().getServerSocketFactory();
                    }

                    public static final /* synthetic */ boolean $anonfun$configureProtocols$1(Object[] objArr, Object obj) {
                        return new ArrayOps.ofRef(objArr).contains(obj);
                    }

                    public static final /* synthetic */ boolean $anonfun$configureProtocols$2(Object[] objArr, Object obj) {
                        return new ArrayOps.ofRef(objArr).contains(obj);
                    }

                    public static final /* synthetic */ void $anonfun$configureProtocols$3(String[] strArr, String str) {
                        if (new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(strArr)).contains(str)) {
                            throw new IllegalStateException(new StringBuilder(45).append("Weak protocol ").append(str).append(" found in ssl-config.protocols!").toString());
                        }
                    }

                    public static final /* synthetic */ boolean $anonfun$configureCipherSuites$1(String[] strArr, String str) {
                        return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(strArr)).contains(str);
                    }

                    public static final /* synthetic */ boolean $anonfun$configureCipherSuites$2(String[] strArr, String str) {
                        return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(strArr)).contains(str);
                    }

                    public static final /* synthetic */ void $anonfun$configureCipherSuites$3(String[] strArr, String str) {
                        if (new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(strArr)).contains(str)) {
                            throw new IllegalStateException(new StringBuilder(41).append("Weak cipher ").append(str).append(" found in ssl-config.ciphers!").toString());
                        }
                    }

                    {
                        this.config$2 = function0;
                    }
                }, new Provider() { // from class: otoroshi.ssl.DynamicSSLContext$$anon$1$$anon$3
                }, "Otoroshi dynamic SSLContext");
            }
        };
    }

    private DynamicSSLContext$() {
        MODULE$ = this;
        this.logger = Logger$.MODULE$.apply("otoroshi-dynamic-sslcontext");
        this.otoroshi$ssl$DynamicSSLContext$$mkLogger = new PlayLoggerFactory(logger());
    }
}
