package com.twitter.finagle.buoyant;

import com.twitter.finagle.ServiceFactory;
import com.twitter.finagle.Stack;
import com.twitter.finagle.Stack$Leaf$;
import com.twitter.finagle.Stackable;
import com.twitter.finagle.buoyant.TlsClientPrep;
import com.twitter.finagle.netty4.ssl.client.Netty4ClientEngineFactory$;
import com.twitter.finagle.ssl.TrustCredentials$Insecure$;
import com.twitter.finagle.ssl.client.SslClientConfiguration;
import com.twitter.finagle.ssl.client.SslClientConfiguration$;
import com.twitter.finagle.ssl.client.SslClientEngineFactory;
import com.twitter.finagle.ssl.client.SslClientEngineFactory$Param$;
import com.twitter.finagle.ssl.client.SslContextClientEngineFactory;
import com.twitter.finagle.transport.Transport;
import com.twitter.finagle.transport.Transport$ClientSsl$;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Product;
import scala.Some;
import scala.StringContext;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.immutable.Nil$;
import scala.runtime.BoxedUnit;

/* compiled from: TlsClientPrep.scala */
/* loaded from: input_file:com/twitter/finagle/buoyant/TlsClientPrep$.class */
public final class TlsClientPrep$ {
    public static final TlsClientPrep$ MODULE$ = null;
    private final String description;
    private CertificateFactory X509;
    private volatile boolean bitmap$0;

    static {
        new TlsClientPrep$();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v5 */
    private CertificateFactory X509$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.X509 = CertificateFactory.getInstance("X.509");
                this.bitmap$0 = true;
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.X509;
        }
    }

    public String description() {
        return this.description;
    }

    public <Req, Rsp> Stackable<ServiceFactory<Req, Rsp>> insecure() {
        return new TlsClientPrep$$anon$1();
    }

    /* renamed from: static, reason: not valid java name */
    public <Req, Rsp> Stackable<ServiceFactory<Req, Rsp>> m4static(String str, Seq<String> seq) {
        return new TlsClientPrep$$anon$2(str, seq);
    }

    /* renamed from: static, reason: not valid java name */
    public <Req, Rsp> Stackable<ServiceFactory<Req, Rsp>> m5static(String str, Option<String> option) {
        return m4static(str, Option$.MODULE$.option2Iterable(option).toSeq());
    }

    public <Req, Rsp> Stackable<ServiceFactory<Req, Rsp>> withoutCertificateValidation() {
        return new TlsClientPrep$$anon$3();
    }

    public <Req, Rsp> Stackable<ServiceFactory<Req, Rsp>> configureFinagleTls() {
        return new Stack.Module<ServiceFactory<Req, Rsp>>() { // from class: com.twitter.finagle.buoyant.TlsClientPrep$$anon$4
            private final Stack.Role role = TlsClientPrep$role$.MODULE$.finagle();
            private final String description = TlsClientPrep$.MODULE$.description();
            private final Seq<Stack.Param<? extends Product>> parameters = Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new Stack.Param[]{(Stack.Param) Predef$.MODULE$.implicitly(TlsClientPrep$TransportSecurity$.MODULE$), (Stack.Param) Predef$.MODULE$.implicitly(TlsClientPrep$Trust$.MODULE$)}));

            public Stack.Role role() {
                return this.role;
            }

            public String description() {
                return this.description;
            }

            public Seq<Stack.Param<? extends Product>> parameters() {
                return this.parameters;
            }

            /* renamed from: make, reason: merged with bridge method [inline-methods] */
            public Stack.Leaf<ServiceFactory<Req, Rsp>> m12make(Stack.Params params, Stack<ServiceFactory<Req, Rsp>> stack) {
                Stack.Params $plus;
                Stack.Params params2;
                TlsClientPrep.TransportSecurity.Config config = ((TlsClientPrep.TransportSecurity) params.apply(TlsClientPrep$TransportSecurity$.MODULE$)).config();
                if (TlsClientPrep$TransportSecurity$Insecure$.MODULE$.equals(config)) {
                    params2 = params.$plus(new Transport.ClientSsl(None$.MODULE$), Transport$ClientSsl$.MODULE$.param());
                } else {
                    if (!(config instanceof TlsClientPrep.TransportSecurity.Secure)) {
                        throw new MatchError(config);
                    }
                    TlsClientPrep.Trust.Config config2 = ((TlsClientPrep.Trust) params.apply(TlsClientPrep$Trust$.MODULE$)).config();
                    if (TlsClientPrep$Trust$NotConfigured$.MODULE$.equals(config2)) {
                        throw new IllegalArgumentException("no trust management policy configured for client TLS");
                    }
                    if (TlsClientPrep$Trust$UnsafeNotVerified$.MODULE$.equals(config2)) {
                        $plus = params.$plus(new Transport.ClientSsl(new Some(new SslClientConfiguration(SslClientConfiguration$.MODULE$.apply$default$1(), SslClientConfiguration$.MODULE$.apply$default$2(), TrustCredentials$Insecure$.MODULE$, SslClientConfiguration$.MODULE$.apply$default$4(), SslClientConfiguration$.MODULE$.apply$default$5(), SslClientConfiguration$.MODULE$.apply$default$6()))), Transport$ClientSsl$.MODULE$.param()).$plus(new SslClientEngineFactory.Param(Netty4ClientEngineFactory$.MODULE$.apply()), SslClientEngineFactory$Param$.MODULE$.param());
                    } else {
                        if (!(config2 instanceof TlsClientPrep.Trust.Verified)) {
                            throw new MatchError(config2);
                        }
                        TlsClientPrep.Trust.Verified verified = (TlsClientPrep.Trust.Verified) config2;
                        String name = verified.name();
                        Seq<X509Certificate> certs = verified.certs();
                        $plus = params.$plus(new Transport.ClientSsl(new Some(new SslClientConfiguration(new Some(name), SslClientConfiguration$.MODULE$.apply$default$2(), SslClientConfiguration$.MODULE$.apply$default$3(), SslClientConfiguration$.MODULE$.apply$default$4(), SslClientConfiguration$.MODULE$.apply$default$5(), SslClientConfiguration$.MODULE$.apply$default$6()))), Transport$ClientSsl$.MODULE$.param()).$plus(new SslClientEngineFactory.Param(Nil$.MODULE$.equals(certs) ? Netty4ClientEngineFactory$.MODULE$.apply() : new SslContextClientEngineFactory(TlsClientPrep$.MODULE$.com$twitter$finagle$buoyant$TlsClientPrep$$sslContext(certs))), SslClientEngineFactory$Param$.MODULE$.param());
                    }
                    params2 = $plus;
                }
                return Stack$Leaf$.MODULE$.apply(role(), stack.make(params2));
            }
        };
    }

    public <Req, Rsp> Stackable<ServiceFactory<Req, Rsp>> disableFinagleTls() {
        return new Stack.Module<ServiceFactory<Req, Rsp>>() { // from class: com.twitter.finagle.buoyant.TlsClientPrep$$anon$5
            private final Stack.Role role = TlsClientPrep$role$.MODULE$.finagle();
            private final String description = TlsClientPrep$.MODULE$.description();
            private final Nil$ parameters = Nil$.MODULE$;

            public Stack.Role role() {
                return this.role;
            }

            public String description() {
                return this.description;
            }

            /* renamed from: parameters, reason: merged with bridge method [inline-methods] */
            public Nil$ m14parameters() {
                return this.parameters;
            }

            /* renamed from: make, reason: merged with bridge method [inline-methods] */
            public Stack.Leaf<ServiceFactory<Req, Rsp>> m13make(Stack.Params params, Stack<ServiceFactory<Req, Rsp>> stack) {
                return Stack$Leaf$.MODULE$.apply(role(), stack.make(params.$plus(new Transport.ClientSsl(None$.MODULE$), Transport$ClientSsl$.MODULE$.param())));
            }
        };
    }

    private CertificateFactory X509() {
        return this.bitmap$0 ? this.X509 : X509$lzycompute();
    }

    public X509Certificate loadCert(String str) {
        Certificate generateCertificate = X509().generateCertificate(new FileInputStream(str));
        if (generateCertificate instanceof X509Certificate) {
            return (X509Certificate) generateCertificate;
        }
        throw new IllegalArgumentException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"invalid cert type: ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{generateCertificate})));
    }

    public SSLContext com$twitter$finagle$buoyant$TlsClientPrep$$sslContext(Seq<X509Certificate> seq) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        seq.map(new TlsClientPrep$$anonfun$com$twitter$finagle$buoyant$TlsClientPrep$$sslContext$1(keyStore), Seq$.MODULE$.canBuildFrom());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
        return sSLContext;
    }

    private TlsClientPrep$() {
        MODULE$ = this;
        this.description = "Configures per-endpoint TLS settings";
    }
}
