package play.api.libs.ws.ahc;

import com.typesafe.sslconfig.ssl.AlgorithmChecker;
import com.typesafe.sslconfig.ssl.AlgorithmConstraint;
import com.typesafe.sslconfig.ssl.AlgorithmConstraintsParser$;
import com.typesafe.sslconfig.ssl.Ciphers$;
import com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder;
import com.typesafe.sslconfig.ssl.DefaultKeyManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.DefaultTrustManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.KeyManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.Protocols$;
import com.typesafe.sslconfig.ssl.SSLConfigSettings;
import com.typesafe.sslconfig.ssl.TrustManagerFactoryWrapper;
import java.security.KeyStore;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import play.api.libs.ws.WSClientConfig;
import play.shaded.ahc.io.netty.handler.ssl.SslContextBuilder;
import play.shaded.ahc.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import play.shaded.ahc.org.asynchttpclient.AsyncHttpClientConfig;
import play.shaded.ahc.org.asynchttpclient.DefaultAsyncHttpClientConfig;
import play.shaded.ahc.org.asynchttpclient.netty.ssl.JsseSslEngineFactory;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Predef$;
import scala.Some;
import scala.StringContext;
import scala.collection.TraversableOnce;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Seq;
import scala.collection.immutable.Seq$;
import scala.collection.mutable.ArrayOps;
import scala.concurrent.duration.Duration;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: AhcConfig.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005-d\u0001B\u0001\u0003\u00015\u0011\u0001#\u00115d\u0007>tg-[4Ck&dG-\u001a:\u000b\u0005\r!\u0011aA1iG*\u0011QAB\u0001\u0003oNT!a\u0002\u0005\u0002\t1L'm\u001d\u0006\u0003\u0013)\t1!\u00199j\u0015\u0005Y\u0011\u0001\u00029mCf\u001c\u0001a\u0005\u0002\u0001\u001dA\u0011qBE\u0007\u0002!)\t\u0011#A\u0003tG\u0006d\u0017-\u0003\u0002\u0014!\t1\u0011I\\=SK\u001aD\u0001\"\u0006\u0001\u0003\u0002\u0003\u0006IAF\u0001\nC\"\u001c7i\u001c8gS\u001e\u0004\"a\u0006\r\u000e\u0003\tI!!\u0007\u0002\u0003#\u0005C7mV*DY&,g\u000e^\"p]\u001aLw\rC\u0003\u001c\u0001\u0011\u0005A$\u0001\u0004=S:LGO\u0010\u000b\u0003;y\u0001\"a\u0006\u0001\t\u000fUQ\u0002\u0013!a\u0001-!9\u0001\u0005\u0001b\u0001\n#\t\u0013!E1eI\u000e+8\u000f^8n'\u0016$H/\u001b8hgV\t!\u0005\u0005\u0003\u0010G\u0015*\u0013B\u0001\u0013\u0011\u0005%1UO\\2uS>t\u0017\u0007\u0005\u0002'c9\u0011qeL\u0007\u0002Q)\u0011\u0011FK\u0001\u0010CNLhn\u00195uiB\u001cG.[3oi*\u00111\u0006L\u0001\u0004_J<'BA\u0002.\u0015\tq#\"\u0001\u0004tQ\u0006$W\rZ\u0005\u0003a!\nA\u0004R3gCVdG/Q:z]\u000eDE\u000f\u001e9DY&,g\u000e^\"p]\u001aLw-\u0003\u00023g\t9!)^5mI\u0016\u0014(B\u0001\u0019)\u0011\u0019)\u0004\u0001)A\u0005E\u0005\u0011\u0012\r\u001a3DkN$x.\\*fiRLgnZ:!\u0011\u001d9\u0004A1A\u0005\u0002a\nqAY;jY\u0012,'/F\u0001&\u0011\u0019Q\u0004\u0001)A\u0005K\u0005A!-^5mI\u0016\u0014\b\u0005\u0003\u0005=\u0001\t\u0007I\u0011\u0001\u0002>\u0003\u0019awnZ4feV\ta\b\u0005\u0002@\u00076\t\u0001I\u0003\u0002B\u0005\u0006)1\u000f\u001c45U*\t1&\u0003\u0002E\u0001\n1Aj\\4hKJDaA\u0012\u0001!\u0002\u0013q\u0014a\u00027pO\u001e,'\u000f\t\u0005\t\u0011\u0002\u0011\r\u0011\"\u0001\u0003\u0013\u0006iAn\\4hKJ4\u0015m\u0019;pef,\u0012A\u0013\t\u0003/-K!\u0001\u0014\u0002\u0003!\u0005C7\rT8hO\u0016\u0014h)Y2u_JL\bB\u0002(\u0001A\u0003%!*\u0001\bm_\u001e<WM\u001d$bGR|'/\u001f\u0011\t\u000bA\u0003A\u0011A)\u0002\u0013\r|gNZ5hkJ,G#A\u0013\t\u000bM\u0003A\u0011\u0001+\u0002\u000b\t,\u0018\u000e\u001c3\u0015\u0003U\u0003\"a\n,\n\u0005]C#!F!ts:\u001c\u0007\n\u001e;q\u00072LWM\u001c;D_:4\u0017n\u001a\u0005\u00063\u0002!\tAW\u0001\u0011[>$\u0017NZ=V]\u0012,'\u000f\\=j]\u001e$\"!H.\t\u000bqC\u0006\u0019\u0001\u0012\u0002\r5|G-\u001b4z\u0011\u0015q\u0006\u0001\"\u0001`\u0003-\u0019wN\u001c4jOV\u0014XmV*\u0015\u0005\u0001\u001c\u0007CA\bb\u0013\t\u0011\u0007C\u0001\u0003V]&$\b\"B\u000b^\u0001\u00041\u0002\"B3\u0001\t\u00031\u0017AE2p]\u001aLw-\u001e:f!J|Go\\2pYN$2aZ;x!\ry\u0001N[\u0005\u0003SB\u0011Q!\u0011:sCf\u0004\"a\u001b:\u000f\u00051\u0004\bCA7\u0011\u001b\u0005q'BA8\r\u0003\u0019a$o\\8u}%\u0011\u0011\u000fE\u0001\u0007!J,G-\u001a4\n\u0005M$(AB*ue&twM\u0003\u0002r!!)a\u000f\u001aa\u0001O\u0006\tR\r_5ti&tw\r\u0015:pi>\u001cw\u000e\\:\t\u000ba$\u0007\u0019A=\u0002\u0013M\u001cHnQ8oM&<\u0007c\u0001>\u0002\b5\t1P\u0003\u0002}{\u0006\u00191o\u001d7\u000b\u0005y|\u0018!C:tY\u000e|gNZ5h\u0015\u0011\t\t!a\u0001\u0002\u0011QL\b/Z:bM\u0016T!!!\u0002\u0002\u0007\r|W.C\u0002\u0002\nm\u0014\u0011cU*M\u0007>tg-[4TKR$\u0018N\\4t\u0011\u001d\ti\u0001\u0001C\u0001\u0003\u001f\tQcY8oM&<WO]3DSBDWM]*vSR,7\u000fF\u0003h\u0003#\t)\u0002C\u0004\u0002\u0014\u0005-\u0001\u0019A4\u0002\u001f\u0015D\u0018n\u001d;j]\u001e\u001c\u0015\u000e\u001d5feNDa\u0001_A\u0006\u0001\u0004I\bbBA\r\u0001\u0011\u0005\u00111D\u0001\rG>tg-[4ve\u0016\u001c6\u000b\u0014\u000b\u0004A\u0006u\u0001B\u0002=\u0002\u0018\u0001\u0007\u0011\u0010C\u0004\u0002\"\u0001!\t!a\t\u0002-\t,\u0018\u000e\u001c3LKfl\u0015M\\1hKJ4\u0015m\u0019;pef$B!!\n\u0002,A\u0019!0a\n\n\u0007\u0005%2P\u0001\rLKfl\u0015M\\1hKJ4\u0015m\u0019;pef<&/\u00199qKJDa\u0001`A\u0010\u0001\u0004I\bbBA\u0018\u0001\u0011\u0005\u0011\u0011G\u0001\u0019EVLG\u000e\u001a+skN$X*\u00198bO\u0016\u0014h)Y2u_JLH\u0003BA\u001a\u0003s\u00012A_A\u001b\u0013\r\t9d\u001f\u0002\u001b)J,8\u000f^'b]\u0006<WM\u001d$bGR|'/_,sCB\u0004XM\u001d\u0005\u0007y\u00065\u0002\u0019A=\t\u000f\u0005u\u0002\u0001\"\u0001\u0002@\u0005Yb/\u00197jI\u0006$X\rR3gCVdG\u000f\u0016:vgRl\u0015M\\1hKJ$2\u0001YA!\u0011\u0019A\u00181\ba\u0001s\u001eI\u0011Q\t\u0002\u0002\u0002#\u0005\u0011qI\u0001\u0011\u0003\"\u001c7i\u001c8gS\u001e\u0014U/\u001b7eKJ\u00042aFA%\r!\t!!!A\t\u0002\u0005-3cAA%\u001d!91$!\u0013\u0005\u0002\u0005=CCAA$\u0011)\t\u0019&!\u0013\u0012\u0002\u0013\u0005\u0011QK\u0001\u001cI1,7o]5oSR$sM]3bi\u0016\u0014H\u0005Z3gCVdG\u000fJ\u0019\u0016\u0005\u0005]#f\u0001\f\u0002Z-\u0012\u00111\f\t\u0005\u0003;\n9'\u0004\u0002\u0002`)!\u0011\u0011MA2\u0003%)hn\u00195fG.,GMC\u0002\u0002fA\t!\"\u00198o_R\fG/[8o\u0013\u0011\tI'a\u0018\u0003#Ut7\r[3dW\u0016$g+\u0019:jC:\u001cW\r")
/* loaded from: input_file:play/api/libs/ws/ahc/AhcConfigBuilder.class */
public class AhcConfigBuilder {
    public final AhcWSClientConfig play$api$libs$ws$ahc$AhcConfigBuilder$$ahcConfig;
    private final Function1<DefaultAsyncHttpClientConfig.Builder, DefaultAsyncHttpClientConfig.Builder> addCustomSettings = builder -> {
        return (DefaultAsyncHttpClientConfig.Builder) Predef$.MODULE$.identity(builder);
    };
    private final DefaultAsyncHttpClientConfig.Builder builder = new DefaultAsyncHttpClientConfig.Builder();
    private final Logger logger = LoggerFactory.getLogger(getClass().getName());
    private final AhcLoggerFactory loggerFactory = new AhcLoggerFactory(LoggerFactory.getILoggerFactory());

    public Function1<DefaultAsyncHttpClientConfig.Builder, DefaultAsyncHttpClientConfig.Builder> addCustomSettings() {
        return this.addCustomSettings;
    }

    public DefaultAsyncHttpClientConfig.Builder builder() {
        return this.builder;
    }

    public Logger logger() {
        return this.logger;
    }

    public AhcLoggerFactory loggerFactory() {
        return this.loggerFactory;
    }

    public DefaultAsyncHttpClientConfig.Builder configure() {
        WSClientConfig wsClientConfig = this.play$api$libs$ws$ahc$AhcConfigBuilder$$ahcConfig.wsClientConfig();
        configureWS(this.play$api$libs$ws$ahc$AhcConfigBuilder$$ahcConfig);
        configureSSL(wsClientConfig.ssl());
        return (DefaultAsyncHttpClientConfig.Builder) addCustomSettings().apply(builder());
    }

    public AsyncHttpClientConfig build() {
        return configure().build();
    }

    public AhcConfigBuilder modifyUnderlying(final Function1<DefaultAsyncHttpClientConfig.Builder, DefaultAsyncHttpClientConfig.Builder> function1) {
        return new AhcConfigBuilder(this, function1) { // from class: play.api.libs.ws.ahc.AhcConfigBuilder$$anon$1
            private final Function1<DefaultAsyncHttpClientConfig.Builder, DefaultAsyncHttpClientConfig.Builder> addCustomSettings;
            private final DefaultAsyncHttpClientConfig.Builder builder;

            @Override // play.api.libs.ws.ahc.AhcConfigBuilder
            public Function1<DefaultAsyncHttpClientConfig.Builder, DefaultAsyncHttpClientConfig.Builder> addCustomSettings() {
                return this.addCustomSettings;
            }

            @Override // play.api.libs.ws.ahc.AhcConfigBuilder
            public DefaultAsyncHttpClientConfig.Builder builder() {
                return this.builder;
            }

            {
                super(this.play$api$libs$ws$ahc$AhcConfigBuilder$$ahcConfig);
                this.addCustomSettings = function1.compose(this.addCustomSettings());
                this.builder = this.builder();
            }
        };
    }

    public void configureWS(AhcWSClientConfig ahcWSClientConfig) {
        WSClientConfig wsClientConfig = ahcWSClientConfig.wsClientConfig();
        builder().setConnectTimeout(toMillis$1(wsClientConfig.connectionTimeout())).setReadTimeout(toMillis$1(wsClientConfig.idleTimeout())).setRequestTimeout(toMillis$1(wsClientConfig.requestTimeout())).setFollowRedirect(wsClientConfig.followRedirects()).setUseProxyProperties(wsClientConfig.useProxyProperties()).setCompressionEnforced(wsClientConfig.compressionEnabled());
        wsClientConfig.userAgent().foreach(str -> {
            return this.builder().setUserAgent(str);
        });
        builder().setMaxConnectionsPerHost(ahcWSClientConfig.maxConnectionsPerHost());
        builder().setMaxConnections(ahcWSClientConfig.maxConnectionsTotal());
        builder().setConnectionTtl(toMillis$1(ahcWSClientConfig.maxConnectionLifetime()));
        builder().setPooledConnectionIdleTimeout(toMillis$1(ahcWSClientConfig.idleConnectionInPoolTimeout()));
        builder().setMaxRedirects(ahcWSClientConfig.maxNumberOfRedirects());
        builder().setMaxRequestRetry(ahcWSClientConfig.maxRequestRetry());
        builder().setDisableUrlEncodingForBoundRequests(ahcWSClientConfig.disableUrlEncoding());
        builder().setKeepAlive(ahcWSClientConfig.keepAlive());
        builder().setShutdownQuietPeriod(0);
        builder().setShutdownTimeout(0);
    }

    public String[] configureProtocols(String[] strArr, SSLConfigSettings sSLConfigSettings) {
        String[] strArr2;
        Some enabledProtocols = sSLConfigSettings.enabledProtocols();
        if (enabledProtocols instanceof Some) {
            Seq seq = (Seq) enabledProtocols.value();
            Object[] refArrayOps = Predef$.MODULE$.refArrayOps(strArr);
            strArr2 = (String[]) ((TraversableOnce) seq.filter(obj -> {
                return BoxesRunTime.boxToBoolean($anonfun$configureProtocols$1(refArrayOps, obj));
            })).toArray(ClassTag$.MODULE$.apply(String.class));
        } else {
            if (!None$.MODULE$.equals(enabledProtocols)) {
                throw new MatchError(enabledProtocols);
            }
            Predef$ predef$ = Predef$.MODULE$;
            ArrayOps.ofRef ofref = new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(Protocols$.MODULE$.recommendedProtocols()));
            Object[] refArrayOps2 = Predef$.MODULE$.refArrayOps(strArr);
            strArr2 = (String[]) new ArrayOps.ofRef(predef$.refArrayOps((Object[]) ofref.filter(obj2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$configureProtocols$2(refArrayOps2, obj2));
            }))).toArray(ClassTag$.MODULE$.apply(String.class));
        }
        String[] strArr3 = strArr2;
        if (!sSLConfigSettings.loose().allowWeakProtocols()) {
            Protocols$.MODULE$.deprecatedProtocols().foreach(str -> {
                $anonfun$configureProtocols$3(strArr3, str);
                return BoxedUnit.UNIT;
            });
        }
        return strArr3;
    }

    public String[] configureCipherSuites(String[] strArr, SSLConfigSettings sSLConfigSettings) {
        String[] strArr2;
        Some enabledCipherSuites = sSLConfigSettings.enabledCipherSuites();
        if (enabledCipherSuites instanceof Some) {
            strArr2 = (String[]) ((TraversableOnce) ((Seq) enabledCipherSuites.value()).filter(str -> {
                return BoxesRunTime.boxToBoolean($anonfun$configureCipherSuites$1(strArr, str));
            })).toArray(ClassTag$.MODULE$.apply(String.class));
        } else {
            if (!None$.MODULE$.equals(enabledCipherSuites)) {
                throw new MatchError(enabledCipherSuites);
            }
            strArr2 = (String[]) ((TraversableOnce) Ciphers$.MODULE$.recommendedCiphers().filter(str2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$configureCipherSuites$2(strArr, str2));
            })).toArray(ClassTag$.MODULE$.apply(String.class));
        }
        String[] strArr3 = strArr2;
        if (!sSLConfigSettings.loose().allowWeakCiphers()) {
            Ciphers$.MODULE$.deprecatedCiphers().foreach(str3 -> {
                $anonfun$configureCipherSuites$3(strArr3, str3);
                return BoxedUnit.UNIT;
            });
        }
        return strArr3;
    }

    public void configureSSL(SSLConfigSettings sSLConfigSettings) {
        SSLContext build;
        if (sSLConfigSettings.default()) {
            logger().info("buildSSLContext: play.ws.ssl.default is true, using default SSLContext");
            validateDefaultTrustManager(sSLConfigSettings);
            build = SSLContext.getDefault();
        } else {
            build = new ConfigSSLContextBuilder(loggerFactory(), sSLConfigSettings, buildKeyManagerFactory(sSLConfigSettings), buildTrustManagerFactory(sSLConfigSettings)).build();
        }
        SSLContext sSLContext = build;
        SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
        String[] configureProtocols = configureProtocols(defaultSSLParameters.getProtocols(), sSLConfigSettings);
        defaultSSLParameters.setProtocols(configureProtocols);
        builder().setEnabledProtocols(configureProtocols);
        String[] configureCipherSuites = configureCipherSuites(defaultSSLParameters.getCipherSuites(), sSLConfigSettings);
        defaultSSLParameters.setCipherSuites(configureCipherSuites);
        builder().setEnabledCipherSuites(configureCipherSuites);
        builder().setAcceptAnyCertificate(sSLConfigSettings.loose().acceptAnyCertificate());
        if (sSLConfigSettings.loose().acceptAnyCertificate()) {
            builder().setSslContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build());
        } else {
            builder().setSslEngineFactory(new JsseSslEngineFactory(sSLContext));
        }
    }

    public KeyManagerFactoryWrapper buildKeyManagerFactory(SSLConfigSettings sSLConfigSettings) {
        return new DefaultKeyManagerFactoryWrapper(sSLConfigSettings.keyManagerConfig().algorithm());
    }

    public TrustManagerFactoryWrapper buildTrustManagerFactory(SSLConfigSettings sSLConfigSettings) {
        return new DefaultTrustManagerFactoryWrapper(sSLConfigSettings.trustManagerConfig().algorithm());
    }

    public void validateDefaultTrustManager(SSLConfigSettings sSLConfigSettings) {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        X509TrustManager x509TrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        AlgorithmChecker algorithmChecker = new AlgorithmChecker(loggerFactory(), Predef$.MODULE$.Set().apply(Nil$.MODULE$), ((TraversableOnce) sSLConfigSettings.disabledKeyAlgorithms().map(str -> {
            return (AlgorithmConstraint) AlgorithmConstraintsParser$.MODULE$.parseAll(AlgorithmConstraintsParser$.MODULE$.expression(), str).get();
        }, Seq$.MODULE$.canBuildFrom())).toSet());
        new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(x509TrustManager.getAcceptedIssuers())).foreach(x509Certificate -> {
            $anonfun$validateDefaultTrustManager$2(this, algorithmChecker, x509Certificate);
            return BoxedUnit.UNIT;
        });
    }

    private static final int toMillis$1(Duration duration) {
        if (duration.isFinite()) {
            return (int) duration.toMillis();
        }
        return -1;
    }

    public static final /* synthetic */ boolean $anonfun$configureProtocols$1(Object[] objArr, Object obj) {
        return new ArrayOps.ofRef(objArr).contains(obj);
    }

    public static final /* synthetic */ boolean $anonfun$configureProtocols$2(Object[] objArr, Object obj) {
        return new ArrayOps.ofRef(objArr).contains(obj);
    }

    public static final /* synthetic */ void $anonfun$configureProtocols$3(String[] strArr, String str) {
        if (new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(strArr)).contains(str)) {
            throw new IllegalStateException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Weak protocol ", " found in ws.ssl.protocols!"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str})));
        }
    }

    public static final /* synthetic */ boolean $anonfun$configureCipherSuites$1(String[] strArr, String str) {
        return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(strArr)).contains(str);
    }

    public static final /* synthetic */ boolean $anonfun$configureCipherSuites$2(String[] strArr, String str) {
        return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(strArr)).contains(str);
    }

    public static final /* synthetic */ void $anonfun$configureCipherSuites$3(String[] strArr, String str) {
        if (new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(strArr)).contains(str)) {
            throw new IllegalStateException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Weak cipher ", " found in ws.ssl.ciphers!"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str})));
        }
    }

    public static final /* synthetic */ void $anonfun$validateDefaultTrustManager$2(AhcConfigBuilder ahcConfigBuilder, AlgorithmChecker algorithmChecker, X509Certificate x509Certificate) {
        try {
            algorithmChecker.checkKeyAlgorithms(x509Certificate);
        } catch (CertPathValidatorException e) {
            ahcConfigBuilder.logger().warn("You are using play.ws.ssl.default=true and have a weak certificate in your default trust store!  (You can modify play.ws.ssl.disabledKeyAlgorithms to remove this message.)", e);
        }
    }

    public AhcConfigBuilder(AhcWSClientConfig ahcWSClientConfig) {
        this.play$api$libs$ws$ahc$AhcConfigBuilder$$ahcConfig = ahcWSClientConfig;
    }
}
