package play.api.libs.ws.ahc;

import com.typesafe.sslconfig.ssl.AlgorithmChecker;
import com.typesafe.sslconfig.ssl.AlgorithmConstraint;
import com.typesafe.sslconfig.ssl.AlgorithmConstraintsParser$;
import com.typesafe.sslconfig.ssl.Ciphers$;
import com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder;
import com.typesafe.sslconfig.ssl.DefaultKeyManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.DefaultTrustManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.KeyManagerFactoryWrapper;
import com.typesafe.sslconfig.ssl.Protocols$;
import com.typesafe.sslconfig.ssl.SSLConfigSettings;
import com.typesafe.sslconfig.ssl.TrustManagerFactoryWrapper;
import java.security.KeyStore;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import play.api.libs.ws.WSClientConfig;
import play.shaded.ahc.io.netty.handler.ssl.SslContextBuilder;
import play.shaded.ahc.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import play.shaded.ahc.org.asynchttpclient.AsyncHttpClientConfig;
import play.shaded.ahc.org.asynchttpclient.DefaultAsyncHttpClientConfig;
import play.shaded.ahc.org.asynchttpclient.netty.ssl.JsseSslEngineFactory;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.collection.TraversableOnce;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Seq;
import scala.collection.immutable.Seq$;
import scala.collection.immutable.Set;
import scala.collection.mutable.ArrayOps;
import scala.concurrent.duration.Duration;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: AhcConfig.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005-d\u0001B\r\u001b\u0001\u0015B\u0001\u0002\f\u0001\u0003\u0002\u0003\u0006I!\f\u0005\u0006c\u0001!\tA\r\u0005\bk\u0001\u0011\r\u0011\"\u00057\u0011\u0019I\u0005\u0001)A\u0005o!9!\n\u0001b\u0001\n\u0003Y\u0005B\u0002'\u0001A\u0003%!\b\u0003\u0005N\u0001\t\u0007I\u0011\u0001\u000eO\u0011\u00191\u0006\u0001)A\u0005\u001f\"Aq\u000b\u0001b\u0001\n\u0003Q\u0002\f\u0003\u0004]\u0001\u0001\u0006I!\u0017\u0005\u0006;\u0002!\tA\u0018\u0005\u0006?\u0002!\t\u0001\u0019\u0005\u0006I\u0002!\t!\u001a\u0005\u0006Q\u0002!\t!\u001b\u0005\u0006]\u0002!\ta\u001c\u0005\b\u0003;\u0001A\u0011AA\u0010\u0011\u001d\t9\u0003\u0001C\u0001\u0003SAq!!\f\u0001\t\u0003\ty\u0003C\u0004\u0002:\u0001!\t!a\u000f\t\u000f\u0005\u0015\u0003\u0001\"\u0001\u0002H\u001dI\u00111\n\u000e\u0002\u0002#\u0005\u0011Q\n\u0004\t3i\t\t\u0011#\u0001\u0002P!1\u0011G\u0006C\u0001\u0003#B\u0011\"a\u0015\u0017#\u0003%\t!!\u0016\u0003!\u0005C7mQ8oM&<')^5mI\u0016\u0014(BA\u000e\u001d\u0003\r\t\u0007n\u0019\u0006\u0003;y\t!a^:\u000b\u0005}\u0001\u0013\u0001\u00027jENT!!\t\u0012\u0002\u0007\u0005\u0004\u0018NC\u0001$\u0003\u0011\u0001H.Y=\u0004\u0001M\u0011\u0001A\n\t\u0003O)j\u0011\u0001\u000b\u0006\u0002S\u0005)1oY1mC&\u00111\u0006\u000b\u0002\u0007\u0003:L(+\u001a4\u0002\u0013\u0005D7mQ8oM&<\u0007C\u0001\u00180\u001b\u0005Q\u0012B\u0001\u0019\u001b\u0005E\t\u0005nY,T\u00072LWM\u001c;D_:4\u0017nZ\u0001\u0007y%t\u0017\u000e\u001e \u0015\u0005M\"\u0004C\u0001\u0018\u0001\u0011\u001da#\u0001%AA\u00025\n\u0011#\u00193e\u0007V\u001cHo\\7TKR$\u0018N\\4t+\u00059\u0004\u0003B\u00149uiJ!!\u000f\u0015\u0003\u0013\u0019+hn\u0019;j_:\f\u0004CA\u001eG\u001d\taD)D\u0001>\u0015\tqt(A\bbgft7\r\u001b;ua\u000ed\u0017.\u001a8u\u0015\t\u0001\u0015)A\u0002pe\u001eT!a\u0007\"\u000b\u0005\r\u0013\u0013AB:iC\u0012,G-\u0003\u0002F{\u0005aB)\u001a4bk2$\u0018i]=oG\"#H\u000f]\"mS\u0016tGoQ8oM&<\u0017BA$I\u0005\u001d\u0011U/\u001b7eKJT!!R\u001f\u0002%\u0005$GmQ;ti>l7+\u001a;uS:<7\u000fI\u0001\bEVLG\u000eZ3s+\u0005Q\u0014\u0001\u00032vS2$WM\u001d\u0011\u0002\r1|wmZ3s+\u0005y\u0005C\u0001)U\u001b\u0005\t&B\u0001*T\u0003\u0015\u0019HN\u001a\u001bk\u0015\u0005\u0001\u0015BA+R\u0005\u0019aunZ4fe\u00069An\\4hKJ\u0004\u0013!\u00047pO\u001e,'OR1di>\u0014\u00180F\u0001Z!\tq#,\u0003\u0002\\5\t\u0001\u0012\t[2M_\u001e<WM\u001d$bGR|'/_\u0001\u000fY><w-\u001a:GC\u000e$xN]=!\u0003%\u0019wN\u001c4jOV\u0014X\rF\u0001;\u0003\u0015\u0011W/\u001b7e)\u0005\t\u0007C\u0001\u001fc\u0013\t\u0019WHA\u000bBgft7\r\u0013;ua\u000ec\u0017.\u001a8u\u0007>tg-[4\u0002!5|G-\u001b4z+:$WM\u001d7zS:<GCA\u001ag\u0011\u00159W\u00021\u00018\u0003\u0019iw\u000eZ5gs\u0006Y1m\u001c8gS\u001e,(/Z,T)\tQW\u000e\u0005\u0002(W&\u0011A\u000e\u000b\u0002\u0005+:LG\u000fC\u0003-\u001d\u0001\u0007Q&\u0001\nd_:4\u0017nZ;sKB\u0013x\u000e^8d_2\u001cH\u0003\u00029\u007f\u0003\u0003\u00012aJ9t\u0013\t\u0011\bFA\u0003BeJ\f\u0017\u0010\u0005\u0002uw:\u0011Q/\u001f\t\u0003m\"j\u0011a\u001e\u0006\u0003q\u0012\na\u0001\u0010:p_Rt\u0014B\u0001>)\u0003\u0019\u0001&/\u001a3fM&\u0011A0 \u0002\u0007'R\u0014\u0018N\\4\u000b\u0005iD\u0003\"B@\u0010\u0001\u0004\u0001\u0018!E3ySN$\u0018N\\4Qe>$xnY8mg\"9\u00111A\bA\u0002\u0005\u0015\u0011!C:tY\u000e{gNZ5h!\u0011\t9!!\u0007\u000e\u0005\u0005%!\u0002BA\u0006\u0003\u001b\t1a]:m\u0015\u0011\ty!!\u0005\u0002\u0013M\u001cHnY8oM&<'\u0002BA\n\u0003+\t\u0001\u0002^=qKN\fg-\u001a\u0006\u0003\u0003/\t1aY8n\u0013\u0011\tY\"!\u0003\u0003#M\u001bFjQ8oM&<7+\u001a;uS:<7/A\u000bd_:4\u0017nZ;sK\u000eK\u0007\u000f[3s'VLG/Z:\u0015\u000bA\f\t#!\n\t\r\u0005\r\u0002\u00031\u0001q\u0003=)\u00070[:uS:<7)\u001b9iKJ\u001c\bbBA\u0002!\u0001\u0007\u0011QA\u0001\rG>tg-[4ve\u0016\u001c6\u000b\u0014\u000b\u0004U\u0006-\u0002bBA\u0002#\u0001\u0007\u0011QA\u0001\u0017EVLG\u000eZ&fs6\u000bg.Y4fe\u001a\u000b7\r^8ssR!\u0011\u0011GA\u001c!\u0011\t9!a\r\n\t\u0005U\u0012\u0011\u0002\u0002\u0019\u0017\u0016LX*\u00198bO\u0016\u0014h)Y2u_JLxK]1qa\u0016\u0014\bbBA\u0006%\u0001\u0007\u0011QA\u0001\u0019EVLG\u000e\u001a+skN$X*\u00198bO\u0016\u0014h)Y2u_JLH\u0003BA\u001f\u0003\u0007\u0002B!a\u0002\u0002@%!\u0011\u0011IA\u0005\u0005i!&/^:u\u001b\u0006t\u0017mZ3s\r\u0006\u001cGo\u001c:z/J\f\u0007\u000f]3s\u0011\u001d\tYa\u0005a\u0001\u0003\u000b\t1D^1mS\u0012\fG/\u001a#fM\u0006,H\u000e\u001e+skN$X*\u00198bO\u0016\u0014Hc\u00016\u0002J!9\u00111\u0001\u000bA\u0002\u0005\u0015\u0011\u0001E!iG\u000e{gNZ5h\u0005VLG\u000eZ3s!\tqcc\u0005\u0002\u0017MQ\u0011\u0011QJ\u0001\u001cI1,7o]5oSR$sM]3bi\u0016\u0014H\u0005Z3gCVdG\u000fJ\u0019\u0016\u0005\u0005]#fA\u0017\u0002Z-\u0012\u00111\f\t\u0005\u0003;\n9'\u0004\u0002\u0002`)!\u0011\u0011MA2\u0003%)hn\u00195fG.,GMC\u0002\u0002f!\n!\"\u00198o_R\fG/[8o\u0013\u0011\tI'a\u0018\u0003#Ut7\r[3dW\u0016$g+\u0019:jC:\u001cW\r")
/* loaded from: input_file:WEB-INF/lib/play-ahc-ws-standalone_2.12-2.0.2.jar:play/api/libs/ws/ahc/AhcConfigBuilder.class */
public class AhcConfigBuilder {
    public final AhcWSClientConfig play$api$libs$ws$ahc$AhcConfigBuilder$$ahcConfig;
    private final Function1<DefaultAsyncHttpClientConfig.Builder, DefaultAsyncHttpClientConfig.Builder> addCustomSettings = builder -> {
        return (DefaultAsyncHttpClientConfig.Builder) Predef$.MODULE$.identity(builder);
    };
    private final DefaultAsyncHttpClientConfig.Builder builder = new DefaultAsyncHttpClientConfig.Builder();
    private final Logger logger = LoggerFactory.getLogger(getClass().getName());
    private final AhcLoggerFactory loggerFactory = new AhcLoggerFactory(LoggerFactory.getILoggerFactory());

    public Function1<DefaultAsyncHttpClientConfig.Builder, DefaultAsyncHttpClientConfig.Builder> addCustomSettings() {
        return this.addCustomSettings;
    }

    public DefaultAsyncHttpClientConfig.Builder builder() {
        return this.builder;
    }

    public Logger logger() {
        return this.logger;
    }

    public AhcLoggerFactory loggerFactory() {
        return this.loggerFactory;
    }

    public DefaultAsyncHttpClientConfig.Builder configure() {
        WSClientConfig wsClientConfig = this.play$api$libs$ws$ahc$AhcConfigBuilder$$ahcConfig.wsClientConfig();
        configureWS(this.play$api$libs$ws$ahc$AhcConfigBuilder$$ahcConfig);
        configureSSL(wsClientConfig.ssl());
        return addCustomSettings().mo16apply(builder());
    }

    public AsyncHttpClientConfig build() {
        return configure().build();
    }

    public AhcConfigBuilder modifyUnderlying(final Function1<DefaultAsyncHttpClientConfig.Builder, DefaultAsyncHttpClientConfig.Builder> function1) {
        return new AhcConfigBuilder(this, function1) { // from class: play.api.libs.ws.ahc.AhcConfigBuilder$$anon$1
            private final Function1<DefaultAsyncHttpClientConfig.Builder, DefaultAsyncHttpClientConfig.Builder> addCustomSettings;
            private final DefaultAsyncHttpClientConfig.Builder builder;

            @Override // play.api.libs.ws.ahc.AhcConfigBuilder
            public Function1<DefaultAsyncHttpClientConfig.Builder, DefaultAsyncHttpClientConfig.Builder> addCustomSettings() {
                return this.addCustomSettings;
            }

            @Override // play.api.libs.ws.ahc.AhcConfigBuilder
            public DefaultAsyncHttpClientConfig.Builder builder() {
                return this.builder;
            }

            {
                super(this.play$api$libs$ws$ahc$AhcConfigBuilder$$ahcConfig);
                this.addCustomSettings = function1.compose(this.addCustomSettings());
                this.builder = this.builder();
            }
        };
    }

    public void configureWS(AhcWSClientConfig ahcWSClientConfig) {
        WSClientConfig wsClientConfig = ahcWSClientConfig.wsClientConfig();
        builder().setConnectTimeout(toMillis$1(wsClientConfig.connectionTimeout())).setReadTimeout(toMillis$1(wsClientConfig.idleTimeout())).setRequestTimeout(toMillis$1(wsClientConfig.requestTimeout())).setFollowRedirect(wsClientConfig.followRedirects()).setUseProxyProperties(wsClientConfig.useProxyProperties()).setCompressionEnforced(wsClientConfig.compressionEnabled());
        wsClientConfig.userAgent().foreach(str -> {
            return this.builder().setUserAgent(str);
        });
        builder().setMaxConnectionsPerHost(ahcWSClientConfig.maxConnectionsPerHost());
        builder().setMaxConnections(ahcWSClientConfig.maxConnectionsTotal());
        builder().setConnectionTtl(toMillis$1(ahcWSClientConfig.maxConnectionLifetime()));
        builder().setPooledConnectionIdleTimeout(toMillis$1(ahcWSClientConfig.idleConnectionInPoolTimeout()));
        builder().setMaxRedirects(ahcWSClientConfig.maxNumberOfRedirects());
        builder().setMaxRequestRetry(ahcWSClientConfig.maxRequestRetry());
        builder().setDisableUrlEncodingForBoundRequests(ahcWSClientConfig.disableUrlEncoding());
        builder().setKeepAlive(ahcWSClientConfig.keepAlive());
        builder().setShutdownQuietPeriod(0);
        builder().setShutdownTimeout(0);
        builder().setUseLaxCookieEncoder(ahcWSClientConfig.useLaxCookieEncoder());
        builder().setCookieStore(null);
    }

    public String[] configureProtocols(String[] strArr, SSLConfigSettings sSLConfigSettings) {
        String[] strArr2;
        Option<Seq<String>> enabledProtocols = sSLConfigSettings.enabledProtocols();
        if (enabledProtocols instanceof Some) {
            Seq seq = (Seq) ((Some) enabledProtocols).value();
            Object[] refArrayOps = Predef$.MODULE$.refArrayOps(strArr);
            strArr2 = (String[]) seq.filter(obj -> {
                return BoxesRunTime.boxToBoolean($anonfun$configureProtocols$1(refArrayOps, obj));
            }).toArray(ClassTag$.MODULE$.apply(String.class));
        } else {
            if (!None$.MODULE$.equals(enabledProtocols)) {
                throw new MatchError(enabledProtocols);
            }
            Predef$ predef$ = Predef$.MODULE$;
            ArrayOps.ofRef ofref = new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(Protocols$.MODULE$.recommendedProtocols()));
            Object[] refArrayOps2 = Predef$.MODULE$.refArrayOps(strArr);
            strArr2 = (String[]) new ArrayOps.ofRef(predef$.refArrayOps((Object[]) ofref.filter(obj2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$configureProtocols$2(refArrayOps2, obj2));
            }))).toArray(ClassTag$.MODULE$.apply(String.class));
        }
        String[] strArr3 = strArr2;
        if (!sSLConfigSettings.loose().allowWeakProtocols()) {
            Protocols$.MODULE$.deprecatedProtocols().foreach(str -> {
                $anonfun$configureProtocols$3(strArr3, str);
                return BoxedUnit.UNIT;
            });
        }
        return strArr3;
    }

    public String[] configureCipherSuites(String[] strArr, SSLConfigSettings sSLConfigSettings) {
        String[] strArr2;
        Option<Seq<String>> enabledCipherSuites = sSLConfigSettings.enabledCipherSuites();
        if (enabledCipherSuites instanceof Some) {
            strArr2 = (String[]) ((Seq) ((Some) enabledCipherSuites).value()).filter(str -> {
                return BoxesRunTime.boxToBoolean($anonfun$configureCipherSuites$1(strArr, str));
            }).toArray(ClassTag$.MODULE$.apply(String.class));
        } else {
            if (!None$.MODULE$.equals(enabledCipherSuites)) {
                throw new MatchError(enabledCipherSuites);
            }
            strArr2 = (String[]) Ciphers$.MODULE$.recommendedCiphers().filter(str2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$configureCipherSuites$2(strArr, str2));
            }).toArray(ClassTag$.MODULE$.apply(String.class));
        }
        String[] strArr3 = strArr2;
        if (!sSLConfigSettings.loose().allowWeakCiphers()) {
            Ciphers$.MODULE$.deprecatedCiphers().foreach(str3 -> {
                $anonfun$configureCipherSuites$3(strArr3, str3);
                return BoxedUnit.UNIT;
            });
        }
        return strArr3;
    }

    public void configureSSL(SSLConfigSettings sSLConfigSettings) {
        SSLContext build;
        if (sSLConfigSettings.m3607default()) {
            logger().info("buildSSLContext: play.ws.ssl.default is true, using default SSLContext");
            validateDefaultTrustManager(sSLConfigSettings);
            build = SSLContext.getDefault();
        } else {
            build = new ConfigSSLContextBuilder(loggerFactory(), sSLConfigSettings, buildKeyManagerFactory(sSLConfigSettings), buildTrustManagerFactory(sSLConfigSettings)).build();
        }
        SSLContext sSLContext = build;
        SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
        String[] configureProtocols = configureProtocols(defaultSSLParameters.getProtocols(), sSLConfigSettings);
        defaultSSLParameters.setProtocols(configureProtocols);
        builder().setEnabledProtocols(configureProtocols);
        String[] configureCipherSuites = configureCipherSuites(defaultSSLParameters.getCipherSuites(), sSLConfigSettings);
        defaultSSLParameters.setCipherSuites(configureCipherSuites);
        builder().setEnabledCipherSuites(configureCipherSuites);
        builder().setUseInsecureTrustManager(sSLConfigSettings.loose().acceptAnyCertificate());
        if (sSLConfigSettings.loose().acceptAnyCertificate()) {
            builder().setSslContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build());
        } else {
            builder().setSslEngineFactory(new JsseSslEngineFactory(sSLContext));
        }
    }

    public KeyManagerFactoryWrapper buildKeyManagerFactory(SSLConfigSettings sSLConfigSettings) {
        return new DefaultKeyManagerFactoryWrapper(sSLConfigSettings.keyManagerConfig().algorithm());
    }

    public TrustManagerFactoryWrapper buildTrustManagerFactory(SSLConfigSettings sSLConfigSettings) {
        return new DefaultTrustManagerFactoryWrapper(sSLConfigSettings.trustManagerConfig().algorithm());
    }

    public void validateDefaultTrustManager(SSLConfigSettings sSLConfigSettings) {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        X509TrustManager x509TrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        AlgorithmChecker algorithmChecker = new AlgorithmChecker(loggerFactory(), (Set) Predef$.MODULE$.Set().apply(Nil$.MODULE$), ((TraversableOnce) sSLConfigSettings.disabledKeyAlgorithms().map(str -> {
            return (AlgorithmConstraint) AlgorithmConstraintsParser$.MODULE$.parseAll(AlgorithmConstraintsParser$.MODULE$.expression(), str).get();
        }, Seq$.MODULE$.canBuildFrom())).toSet());
        new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(x509TrustManager.getAcceptedIssuers())).foreach(x509Certificate -> {
            $anonfun$validateDefaultTrustManager$2(this, algorithmChecker, x509Certificate);
            return BoxedUnit.UNIT;
        });
    }

    private static final int toMillis$1(Duration duration) {
        if (duration.isFinite()) {
            return (int) duration.toMillis();
        }
        return -1;
    }

    public static final /* synthetic */ boolean $anonfun$configureProtocols$1(Object[] objArr, Object obj) {
        return new ArrayOps.ofRef(objArr).contains(obj);
    }

    public static final /* synthetic */ boolean $anonfun$configureProtocols$2(Object[] objArr, Object obj) {
        return new ArrayOps.ofRef(objArr).contains(obj);
    }

    public static final /* synthetic */ void $anonfun$configureProtocols$3(String[] strArr, String str) {
        if (new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(strArr)).contains(str)) {
            throw new IllegalStateException(new StringBuilder(41).append("Weak protocol ").append(str).append(" found in ws.ssl.protocols!").toString());
        }
    }

    public static final /* synthetic */ boolean $anonfun$configureCipherSuites$1(String[] strArr, String str) {
        return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(strArr)).contains(str);
    }

    public static final /* synthetic */ boolean $anonfun$configureCipherSuites$2(String[] strArr, String str) {
        return new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(strArr)).contains(str);
    }

    public static final /* synthetic */ void $anonfun$configureCipherSuites$3(String[] strArr, String str) {
        if (new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(strArr)).contains(str)) {
            throw new IllegalStateException(new StringBuilder(37).append("Weak cipher ").append(str).append(" found in ws.ssl.ciphers!").toString());
        }
    }

    public static final /* synthetic */ void $anonfun$validateDefaultTrustManager$2(AhcConfigBuilder ahcConfigBuilder, AlgorithmChecker algorithmChecker, X509Certificate x509Certificate) {
        try {
            algorithmChecker.checkKeyAlgorithms(x509Certificate);
        } catch (CertPathValidatorException e) {
            ahcConfigBuilder.logger().warn("You are using play.ws.ssl.default=true and have a weak certificate in your default trust store!  (You can modify play.ws.ssl.disabledKeyAlgorithms to remove this message.)", (Throwable) e);
        }
    }

    public AhcConfigBuilder(AhcWSClientConfig ahcWSClientConfig) {
        this.play$api$libs$ws$ahc$AhcConfigBuilder$$ahcConfig = ahcWSClientConfig;
    }
}
