package com.typesafe.sslconfig.ssl;

import com.typesafe.sslconfig.ssl.tracing.TracingSSLContext;
import com.typesafe.sslconfig.ssl.tracing.TracingX509ExtendedKeyManager;
import com.typesafe.sslconfig.ssl.tracing.TracingX509ExtendedTrustManager;
import com.typesafe.sslconfig.util.LoggerFactory;
import com.typesafe.sslconfig.util.NoDepsLogger;
import java.io.BufferedInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRL;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import scala.C$less$colon$less$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.collection.ArrayOps$;
import scala.collection.IterableOnceOps;
import scala.collection.JavaConverters$;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Seq;
import scala.collection.immutable.Seq$;
import scala.reflect.ScalaSignature;
import scala.runtime.BooleanRef;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;

/* compiled from: SSLContextBuilder.scala */
@ScalaSignature(bytes = "\u0006\u0005\t-f\u0001B\u0010!\u0001%B\u0001\u0002\u000e\u0001\u0003\u0002\u0003\u0006I!\u000e\u0005\tw\u0001\u0011\t\u0011)A\u0005y!Aq\b\u0001B\u0001B\u0003%\u0001\t\u0003\u0005D\u0001\t\u0005\t\u0015!\u0003E\u0011\u00159\u0005\u0001\"\u0001I\u0011\u001dq\u0005A1A\u0005\u0012=Caa\u0015\u0001!\u0002\u0013\u0001\u0006\"\u0002+\u0001\t\u0003)\u0006\"B0\u0001\t\u0003\u0001\u0007bBA\u0010\u0001\u0011\u0005\u0011\u0011\u0005\u0005\b\u0003?\u0001A\u0011AA'\u0011\u001d\ti\u0006\u0001C\u0001\u0003?Bq!!\u0018\u0001\t\u0003\t9\nC\u0004\u0002$\u0002!\t!!*\t\u000f\u0005]\u0006\u0001\"\u0001\u0002:\"9\u0011Q\u0019\u0001\u0005\u0002\u0005\u001d\u0007bBAr\u0001\u0011\u0005\u0011Q\u001d\u0005\b\u0003[\u0004A\u0011AAx\u0011\u001d\t)\u0010\u0001C\u0001\u0003oDq!a?\u0001\t\u0003\ti\u0010C\u0004\u0002|\u0002!\tAa\u0004\t\u000f\t]\u0001\u0001\"\u0001\u0003\u001a!9!q\u0004\u0001\u0005\u0002\t\u0005\u0002b\u0002B\u001a\u0001\u0011\u0005!Q\u0007\u0005\b\u0005\u000b\u0002A\u0011\u0001B$\u0011\u001d\u0011\u0019\u0006\u0001C\u0001\u0005+BqA!\u001c\u0001\t\u0003\u0011y\u0007C\u0004\u0003n\u0001!\tA!\"\t\u000f\tE\u0005\u0001\"\u0001\u0003\u0014\"9!1\u0014\u0001\u0005\u0002\tu%aF\"p]\u001aLwmU*M\u0007>tG/\u001a=u\u0005VLG\u000eZ3s\u0015\t\t#%A\u0002tg2T!a\t\u0013\u0002\u0013M\u001cHnY8oM&<'BA\u0013'\u0003!!\u0018\u0010]3tC\u001a,'\"A\u0014\u0002\u0007\r|Wn\u0001\u0001\u0014\u0007\u0001Q\u0003\u0007\u0005\u0002,]5\tAFC\u0001.\u0003\u0015\u00198-\u00197b\u0013\tyCF\u0001\u0004B]f\u0014VM\u001a\t\u0003cIj\u0011\u0001I\u0005\u0003g\u0001\u0012\u0011cU*M\u0007>tG/\u001a=u\u0005VLG\u000eZ3s\u0003!i7\u000eT8hO\u0016\u0014\bC\u0001\u001c:\u001b\u00059$B\u0001\u001d#\u0003\u0011)H/\u001b7\n\u0005i:$!\u0004'pO\u001e,'OR1di>\u0014\u00180\u0001\u0003j]\u001a|\u0007CA\u0019>\u0013\tq\u0004EA\tT'2\u001buN\u001c4jON+G\u000f^5oON\f\u0011c[3z\u001b\u0006t\u0017mZ3s\r\u0006\u001cGo\u001c:z!\t\t\u0014)\u0003\u0002CA\tA2*Z=NC:\fw-\u001a:GC\u000e$xN]=Xe\u0006\u0004\b/\u001a:\u0002'Q\u0014Xo\u001d;NC:\fw-\u001a:GC\u000e$xN]=\u0011\u0005E*\u0015B\u0001$!\u0005i!&/^:u\u001b\u0006t\u0017mZ3s\r\u0006\u001cGo\u001c:z/J\f\u0007\u000f]3s\u0003\u0019a\u0014N\\5u}Q)\u0011JS&M\u001bB\u0011\u0011\u0007\u0001\u0005\u0006i\u0015\u0001\r!\u000e\u0005\u0006w\u0015\u0001\r\u0001\u0010\u0005\u0006\u007f\u0015\u0001\r\u0001\u0011\u0005\u0006\u0007\u0016\u0001\r\u0001R\u0001\u0007Y><w-\u001a:\u0016\u0003A\u0003\"AN)\n\u0005I;$\u0001\u0004(p\t\u0016\u00048\u000fT8hO\u0016\u0014\u0018a\u00027pO\u001e,'\u000fI\u0001\u0006EVLG\u000e\u001a\u000b\u0002-B\u0011q+X\u0007\u00021*\u0011\u0011%\u0017\u0006\u00035n\u000b1A\\3u\u0015\u0005a\u0016!\u00026bm\u0006D\u0018B\u00010Y\u0005)\u00196\u000bT\"p]R,\u0007\u0010^\u0001\u0010EVLG\u000eZ*T\u0019\u000e{g\u000e^3yiR1a+\u00198}\u0003\u000bAQAY\u0005A\u0002\r\f\u0001\u0002\u001d:pi>\u001cw\u000e\u001c\t\u0003I.t!!Z5\u0011\u0005\u0019dS\"A4\u000b\u0005!D\u0013A\u0002\u001fs_>$h(\u0003\u0002kY\u00051\u0001K]3eK\u001aL!\u0001\\7\u0003\rM#(/\u001b8h\u0015\tQG\u0006C\u0003p\u0013\u0001\u0007\u0001/A\u0006lKfl\u0015M\\1hKJ\u001c\bcA9ws:\u0011!\u000f\u001e\b\u0003MNL\u0011!L\u0005\u0003k2\nq\u0001]1dW\u0006<W-\u0003\u0002xq\n\u00191+Z9\u000b\u0005Ud\u0003CA,{\u0013\tY\bL\u0001\u0006LKfl\u0015M\\1hKJDQ!`\u0005A\u0002y\fQ\u0002\u001e:vgRl\u0015M\\1hKJ\u001c\bcA9w\u007fB\u0019q+!\u0001\n\u0007\u0005\r\u0001L\u0001\u0007UeV\u001cH/T1oC\u001e,'\u000fC\u0004\u0002\b%\u0001\r!!\u0003\u0002\u0019M,7-\u001e:f%\u0006tGm\\7\u0011\u000b-\nY!a\u0004\n\u0007\u00055AF\u0001\u0004PaRLwN\u001c\t\u0005\u0003#\tY\"\u0004\u0002\u0002\u0014)!\u0011QCA\f\u0003!\u0019XmY;sSRL(BAA\r\u0003\u0011Q\u0017M^1\n\t\u0005u\u00111\u0003\u0002\r'\u0016\u001cWO]3SC:$w.\\\u0001\u0019EVLG\u000eZ\"p[B|7/\u001b;f\u0017\u0016LX*\u00198bO\u0016\u0014HCBA\u0012\u0003S\t\u0019\u0004E\u00022\u0003KI1!a\n!\u0005]\u0019u.\u001c9pg&$X\rW\u001b1s-+\u00170T1oC\u001e,'\u000fC\u0004\u0002,)\u0001\r!!\f\u0002!-,\u00170T1oC\u001e,'oQ8oM&<\u0007cA\u0019\u00020%\u0019\u0011\u0011\u0007\u0011\u0003!-+\u00170T1oC\u001e,'oQ8oM&<\u0007bBA\u001b\u0015\u0001\u0007\u0011qG\u0001\u0011C2<wN]5uQ6\u001c\u0005.Z2lKJ\u00042!MA\u001d\u0013\r\tY\u0004\t\u0002\u0011\u00032<wN]5uQ6\u001c\u0005.Z2lKJDsACA \u0003\u000b\nI\u0005E\u0002,\u0003\u0003J1!a\u0011-\u0005)!W\r\u001d:fG\u0006$X\rZ\u0011\u0003\u0003\u000f\nq'V:fA9,w/\u001a:!EVLG\u000eZ\"p[B|7/\u001b;f\u0017\u0016LX*\u00198bO\u0016\u0014\be^5uQ\u0002\"WMY;hAA\f'/Y7fi\u0016\u0014\u0018EAA&\u0003\u0015\u0001d\u0006\u000e\u00181)!\t\u0019#a\u0014\u0002R\u0005M\u0003bBA\u0016\u0017\u0001\u0007\u0011Q\u0006\u0005\b\u0003kY\u0001\u0019AA\u001c\u0011\u001d\t)f\u0003a\u0001\u0003/\nQ\u0001Z3ck\u001e\u00042!MA-\u0013\r\tY\u0006\t\u0002\u000f'NcE)\u001a2vO\u000e{gNZ5h\u0003i\u0011W/\u001b7e\u0007>l\u0007o\\:ji\u0016$&/^:u\u001b\u0006t\u0017mZ3s))\t\t'a\u001a\u0002r\u0005m\u0014q\u0012\t\u0004c\u0005\r\u0014bAA3A\tI2i\\7q_NLG/\u001a-6ae\"&/^:u\u001b\u0006t\u0017mZ3s\u0011\u001d\tI\u0007\u0004a\u0001\u0003W\n\u0001\u0003\u001e:vgRl\u0015M\\1hKJLeNZ8\u0011\u0007E\ni'C\u0002\u0002p\u0001\u0012!\u0003\u0016:vgRl\u0015M\\1hKJ\u001cuN\u001c4jO\"9\u00111\u000f\u0007A\u0002\u0005U\u0014!\u0005:fm>\u001c\u0017\r^5p]\u0016s\u0017M\u00197fIB\u00191&a\u001e\n\u0007\u0005eDFA\u0004C_>dW-\u00198\t\u000f\u0005uD\u00021\u0001\u0002��\u0005y!/\u001a<pG\u0006$\u0018n\u001c8MSN$8\u000fE\u0003,\u0003\u0017\t\t\t\u0005\u0003rm\u0006\r\u0005\u0003BAC\u0003\u0017k!!a\"\u000b\t\u0005%\u00151C\u0001\u0005G\u0016\u0014H/\u0003\u0003\u0002\u000e\u0006\u001d%aA\"S\u0019\"9\u0011Q\u0007\u0007A\u0002\u0005]\u0002f\u0002\u0007\u0002@\u0005M\u0015\u0011J\u0011\u0003\u0003+\u000bA)V:fA9,w/\u001a:!m\u0016\u00148/[8oA=4\u0007EY;jY\u0012\u001cu.\u001c9pg&$X\r\u0016:vgRl\u0015M\\1hKJ\u0004s/\u001b;iA\u0011,'-^4!a\u0006\u0014\u0018-\\3uKJ$B\"!\u0019\u0002\u001a\u0006m\u0015QTAP\u0003CCq!!\u001b\u000e\u0001\u0004\tY\u0007C\u0004\u0002t5\u0001\r!!\u001e\t\u000f\u0005uT\u00021\u0001\u0002��!9\u0011QG\u0007A\u0002\u0005]\u0002bBA+\u001b\u0001\u0007\u0011qK\u0001\u0010W\u0016L8\u000b^8sK\n+\u0018\u000e\u001c3feR!\u0011qUAW!\r\t\u0014\u0011V\u0005\u0004\u0003W\u0003#aD&fsN#xN]3Ck&dG-\u001a:\t\u000f\u0005=f\u00021\u0001\u00022\u0006\u00191n]2\u0011\u0007E\n\u0019,C\u0002\u00026\u0002\u0012abS3z'R|'/Z\"p]\u001aLw-A\tueV\u001cHo\u0015;pe\u0016\u0014U/\u001b7eKJ$B!a*\u0002<\"9\u0011QX\bA\u0002\u0005}\u0016a\u0001;tGB\u0019\u0011'!1\n\u0007\u0005\r\u0007E\u0001\tUeV\u001cHo\u0015;pe\u0016\u001cuN\u001c4jO\u0006Ya-\u001b7f\u0005VLG\u000eZ3s)!\t9+!3\u0002N\u0006E\u0007BBAf!\u0001\u00071-A\u0005ti>\u0014X\rV=qK\"1\u0011q\u001a\tA\u0002\r\f\u0001BZ5mKB\u000bG\u000f\u001b\u0005\b\u0003'\u0004\u0002\u0019AAk\u0003!\u0001\u0018m]:x_J$\u0007#B\u0016\u0002\f\u0005]\u0007#B\u0016\u0002Z\u0006u\u0017bAAnY\t)\u0011I\u001d:bsB\u00191&a8\n\u0007\u0005\u0005HF\u0001\u0003DQ\u0006\u0014\u0018A\u00064jY\u0016|en\u00117bgN\u0004\u0018\r\u001e5Ck&dG-\u001a:\u0015\u0011\u0005\u001d\u0016q]Au\u0003WDa!a3\u0012\u0001\u0004\u0019\u0007BBAh#\u0001\u00071\rC\u0004\u0002TF\u0001\r!!6\u0002\u001bM$(/\u001b8h\u0005VLG\u000eZ3s)\u0011\t9+!=\t\r\u0005M(\u00031\u0001d\u0003\u0011!\u0017\r^1\u00029]\f'O\\(o!.\u001b5+\r\u001aF[B$\u0018\u0010U1tg^|'\u000f\u001a\"vOR!\u0011QOA}\u0011\u001d\tyk\u0005a\u0001\u0003c\u000bqBY;jY\u0012\\U-_'b]\u0006<WM\u001d\u000b\u0007\u0003\u007f\u0014)Aa\u0002\u0011\u0007]\u0013\t!C\u0002\u0003\u0004a\u0013a\u0002W\u001b1s-+\u00170T1oC\u001e,'\u000fC\u0004\u00020R\u0001\r!!-\t\u000f\u0005UB\u00031\u0001\u00028!:A#a\u0010\u0003\f\u0005%\u0013E\u0001B\u0007\u0003e*6/\u001a\u0011oK^,'\u000f\t<feNLwN\u001c\u0011pM\u0002\u0012W/\u001b7e\u0017\u0016LX*\u00198bO\u0016\u0014\be^5uQ\u0002\"WMY;hAA\f'/Y7fi\u0016\u0014H\u0003CA��\u0005#\u0011\u0019B!\u0006\t\u000f\u0005=V\u00031\u0001\u00022\"9\u0011QG\u000bA\u0002\u0005]\u0002bBA++\u0001\u0007\u0011qK\u0001\u001aG\u0016\u0014H/\u001b4jG\u0006$XMU3w_\u000e\fG/[8o\u0019&\u001cH\u000f\u0006\u0003\u0002��\tm\u0001B\u0002B\u000f-\u0001\u0007A(A\u0005tg2\u001cuN\u001c4jO\u0006Yq-\u001a8fe\u0006$Xm\u0011*M)\u0011\t\u0019Ia\t\t\u000f\t\u0015r\u00031\u0001\u0003(\u0005Y\u0011N\u001c9viN#(/Z1n!\u0011\u0011ICa\f\u000e\u0005\t-\"\u0002\u0002B\u0017\u0003/\t!![8\n\t\tE\"1\u0006\u0002\f\u0013:\u0004X\u000f^*ue\u0016\fW.\u0001\nhK:,'/\u0019;f\u0007JceI]8n+JcE\u0003BAB\u0005oAqA!\u000f\u0019\u0001\u0004\u0011Y$A\u0002ve2\u0004BA!\u0010\u0003B5\u0011!q\b\u0006\u00045\u0006]\u0011\u0002\u0002B\"\u0005\u007f\u00111!\u0016*M\u0003M9WM\\3sCR,7I\u0015'Ge>lg)\u001b7f)\u0011\t\u0019I!\u0013\t\u000f\t-\u0013\u00041\u0001\u0003N\u0005!a-\u001b7f!\u0011\u0011ICa\u0014\n\t\tE#1\u0006\u0002\u0005\r&dW-A\u000eck&dG\r\u0016:vgRl\u0015M\\1hKJ\u0004\u0016M]1nKR,'o\u001d\u000b\u000b\u0005/\u0012iFa\u001a\u0003j\t-\u0004cA,\u0003Z%\u0019!1\f-\u0003=\r+'\u000f\u001e)bi\"$&/^:u\u001b\u0006t\u0017mZ3s!\u0006\u0014\u0018-\\3uKJ\u001c\bb\u0002B05\u0001\u0007!\u0011M\u0001\u000biJ,8\u000f^*u_J,\u0007\u0003BA\t\u0005GJAA!\u001a\u0002\u0014\tA1*Z=Ti>\u0014X\rC\u0004\u0002ti\u0001\r!!\u001e\t\u000f\u0005u$\u00041\u0001\u0002��!9\u0011Q\u0007\u000eA\u0002\u0005]\u0012!\u00052vS2$GK];ti6\u000bg.Y4feRQ!\u0011\u000fB<\u0005s\u0012YH! \u0011\u0007]\u0013\u0019(C\u0002\u0003va\u0013\u0001\u0003W\u001b1sQ\u0013Xo\u001d;NC:\fw-\u001a:\t\u000f\u0005u6\u00041\u0001\u0002@\"9\u00111O\u000eA\u0002\u0005U\u0004bBA?7\u0001\u0007\u0011q\u0010\u0005\b\u0003kY\u0002\u0019AA\u001cQ\u001dY\u0012q\bBA\u0003\u0013\n#Aa!\u0002aU\u001bX\r\t8fo\u0016\u0014\bE^3sg&|g\u000eI8gA5,G\u000f[8eA]LG\u000f\u001b\u0011eK\n,x\r\t9be\u0006lW\r^3s)1\u0011\tHa\"\u0003\n\n-%Q\u0012BH\u0011\u001d\ti\f\ba\u0001\u0003\u007fCq!a\u001d\u001d\u0001\u0004\t)\bC\u0004\u0002~q\u0001\r!a \t\u000f\u0005UB\u00041\u0001\u00028!9\u0011Q\u000b\u000fA\u0002\u0005]\u0013\u0001\t<bY&$\u0017\r^3Ti>\u0014XmQ8oi\u0006Lgn\u001d)sSZ\fG/Z&fsN$b!!\u001e\u0003\u0016\n]\u0005bBAX;\u0001\u0007\u0011\u0011\u0017\u0005\b\u00053k\u0002\u0019\u0001B1\u0003!YW-_*u_J,\u0017!\u0004<bY&$\u0017\r^3Ti>\u0014X\r\u0006\u0004\u0003 \n\u0015&\u0011\u0016\t\u0004W\t\u0005\u0016b\u0001BRY\t!QK\\5u\u0011\u001d\u00119K\ba\u0001\u0005C\nQa\u001d;pe\u0016Dq!!\u000e\u001f\u0001\u0004\t9\u0004")
/* loaded from: input_file:com/typesafe/sslconfig/ssl/ConfigSSLContextBuilder.class */
public class ConfigSSLContextBuilder implements SSLContextBuilder {
    private final LoggerFactory mkLogger;
    private final SSLConfigSettings info;
    private final KeyManagerFactoryWrapper keyManagerFactory;
    private final TrustManagerFactoryWrapper trustManagerFactory;
    private final NoDepsLogger logger;

    public NoDepsLogger logger() {
        return this.logger;
    }

    @Override // com.typesafe.sslconfig.ssl.SSLContextBuilder
    public SSLContext build() {
        Option<Seq<CRL>> certificateRevocationList = certificateRevocationList(this.info);
        AlgorithmChecker algorithmChecker = new AlgorithmChecker(this.mkLogger, this.info.disabledSignatureAlgorithms().map(str -> {
            return AlgorithmConstraintsParser$.MODULE$.apply(str);
        }).toSet(), this.info.disabledKeyAlgorithms().map(str2 -> {
            return AlgorithmConstraintsParser$.MODULE$.apply(str2);
        }).toSet());
        return new TracingSSLContext(buildSSLContext(this.info.protocol(), this.info.keyManagerConfig().keyStoreConfigs().nonEmpty() ? Seq$.MODULE$.apply2((Seq) ScalaRunTime$.MODULE$.wrapRefArray(new CompositeX509KeyManager[]{buildCompositeKeyManager(this.info.keyManagerConfig(), algorithmChecker, this.info.debug())})) : Nil$.MODULE$, this.info.trustManagerConfig().trustStoreConfigs().nonEmpty() ? Seq$.MODULE$.apply2((Seq) ScalaRunTime$.MODULE$.wrapRefArray(new CompositeX509TrustManager[]{buildCompositeTrustManager(this.info.trustManagerConfig(), BoxesRunTime.unboxToBoolean(this.info.checkRevocation().getOrElse(() -> {
            return false;
        })), certificateRevocationList, algorithmChecker, this.info.debug())})) : Nil$.MODULE$, this.info.secureRandom()), this.info.debug(), this.mkLogger);
    }

    public SSLContext buildSSLContext(String str, Seq<KeyManager> seq, Seq<TrustManager> seq2, Option<SecureRandom> option) {
        return new SimpleSSLContextBuilder(str, seq, seq2, option).build();
    }

    public CompositeX509KeyManager buildCompositeKeyManager(KeyManagerConfig keyManagerConfig, AlgorithmChecker algorithmChecker) {
        logger().warn("Use newer buildCompositeKeyManager with debug parameter");
        return buildCompositeKeyManager(keyManagerConfig, algorithmChecker, SSLDebugConfig$.MODULE$.apply());
    }

    public CompositeX509KeyManager buildCompositeKeyManager(KeyManagerConfig keyManagerConfig, AlgorithmChecker algorithmChecker, SSLDebugConfig sSLDebugConfig) {
        return new CompositeX509KeyManager(this.mkLogger, keyManagerConfig.keyStoreConfigs().map(keyStoreConfig -> {
            return this.buildKeyManager(keyStoreConfig, algorithmChecker, sSLDebugConfig);
        }));
    }

    public CompositeX509TrustManager buildCompositeTrustManager(TrustManagerConfig trustManagerConfig, boolean z, Option<Seq<CRL>> option, AlgorithmChecker algorithmChecker) {
        logger().warn("Use newer version of buildCompositeTrustManager with debug parameter");
        return buildCompositeTrustManager(trustManagerConfig, z, option, algorithmChecker, SSLDebugConfig$.MODULE$.apply());
    }

    public CompositeX509TrustManager buildCompositeTrustManager(TrustManagerConfig trustManagerConfig, boolean z, Option<Seq<CRL>> option, AlgorithmChecker algorithmChecker, SSLDebugConfig sSLDebugConfig) {
        return new CompositeX509TrustManager(this.mkLogger, trustManagerConfig.trustStoreConfigs().map(trustStoreConfig -> {
            return this.buildTrustManager(trustStoreConfig, z, option, algorithmChecker, sSLDebugConfig);
        }), algorithmChecker);
    }

    public KeyStoreBuilder keyStoreBuilder(KeyStoreConfig keyStoreConfig) {
        Option<B> map = keyStoreConfig.password().map(str -> {
            return str.toCharArray();
        });
        return (KeyStoreBuilder) keyStoreConfig.filePath().map(str2 -> {
            return keyStoreConfig.isFileOnClasspath() ? this.fileOnClasspathBuilder(keyStoreConfig.storeType(), str2, map) : this.fileBuilder(keyStoreConfig.storeType(), str2, map);
        }).getOrElse(() -> {
            return this.stringBuilder((String) keyStoreConfig.data().getOrElse(() -> {
                throw new IllegalStateException("No keystore builder found!");
            }));
        });
    }

    public KeyStoreBuilder trustStoreBuilder(TrustStoreConfig trustStoreConfig) {
        return (KeyStoreBuilder) trustStoreConfig.filePath().map(str -> {
            Option<char[]> map = trustStoreConfig.password().map(str -> {
                return str.toCharArray();
            });
            return trustStoreConfig.isFileOnClasspath() ? this.fileOnClasspathBuilder(trustStoreConfig.storeType(), str, map) : this.fileBuilder(trustStoreConfig.storeType(), str, map);
        }).getOrElse(() -> {
            return this.stringBuilder((String) trustStoreConfig.data().getOrElse(() -> {
                throw new IllegalStateException("No truststore builder found!");
            }));
        });
    }

    public KeyStoreBuilder fileBuilder(String str, String str2, Option<char[]> option) {
        return new FileBasedKeyStoreBuilder(str, str2, option);
    }

    public KeyStoreBuilder fileOnClasspathBuilder(String str, String str2, Option<char[]> option) {
        return new FileOnClasspathBasedKeyStoreBuilder(str, str2, option);
    }

    public KeyStoreBuilder stringBuilder(String str) {
        return new StringBasedKeyStoreBuilder(str);
    }

    public boolean warnOnPKCS12EmptyPasswordBug(KeyStoreConfig keyStoreConfig) {
        return keyStoreConfig.storeType().equalsIgnoreCase("pkcs12") && !keyStoreConfig.password().exists(str -> {
            return BoxesRunTime.boxToBoolean($anonfun$warnOnPKCS12EmptyPasswordBug$1(str));
        });
    }

    public X509KeyManager buildKeyManager(KeyStoreConfig keyStoreConfig, AlgorithmChecker algorithmChecker) {
        logger().warn("Use newer version of buildKeyManager with debug parameter");
        return buildKeyManager(keyStoreConfig, algorithmChecker, SSLDebugConfig$.MODULE$.apply());
    }

    public X509KeyManager buildKeyManager(KeyStoreConfig keyStoreConfig, AlgorithmChecker algorithmChecker, SSLDebugConfig sSLDebugConfig) {
        try {
            KeyStore build = keyStoreBuilder(keyStoreConfig).build();
            if (!validateStoreContainsPrivateKeys(keyStoreConfig, build)) {
                logger().warn(new StringBuilder(76).append("Client authentication is not possible as there are no private keys found in ").append(keyStoreConfig.filePath()).toString());
            }
            validateStore(build, algorithmChecker);
            Option<B> map = keyStoreConfig.password().map(str -> {
                return str.toCharArray();
            });
            KeyManagerFactoryWrapper keyManagerFactoryWrapper = this.keyManagerFactory;
            try {
                keyManagerFactoryWrapper.init(build, (char[]) map.orNull(C$less$colon$less$.MODULE$.refl()));
                KeyManager[] keyManagers = keyManagerFactoryWrapper.getKeyManagers();
                if (keyManagers == null) {
                    throw new IllegalStateException(new StringBuilder(45).append("Cannot create key manager with configuration ").append(keyStoreConfig).toString());
                }
                X509ExtendedKeyManager x509ExtendedKeyManager = (X509ExtendedKeyManager) ArrayOps$.MODULE$.head$extension(Predef$.MODULE$.refArrayOps(keyManagers));
                return new TracingX509ExtendedKeyManager(() -> {
                    return x509ExtendedKeyManager;
                }, sSLDebugConfig, this.mkLogger);
            } catch (UnrecoverableKeyException e) {
                logger().error(new StringBuilder(30).append("Unrecoverable key in keystore ").append(keyStoreConfig).toString());
                throw new IllegalStateException(e);
            }
        } catch (BadPaddingException e2) {
            throw new SecurityException("Mac verify error: invalid password?", e2);
        }
    }

    public Option<Seq<CRL>> certificateRevocationList(SSLConfigSettings sSLConfigSettings) {
        return sSLConfigSettings.revocationLists().map(seq -> {
            return seq.map(url -> {
                return this.generateCRLFromURL(url);
            });
        });
    }

    public CRL generateCRL(InputStream inputStream) {
        return (X509CRL) CertificateFactory.getInstance("X509").generateCRL(inputStream);
    }

    public CRL generateCRLFromURL(URL url) {
        URLConnection openConnection = url.openConnection();
        openConnection.setDoInput(true);
        openConnection.setUseCaches(false);
        DataInputStream dataInputStream = new DataInputStream(openConnection.getInputStream());
        try {
            return generateCRL(dataInputStream);
        } finally {
            dataInputStream.close();
        }
    }

    public CRL generateCRLFromFile(File file) {
        DataInputStream dataInputStream = new DataInputStream(new BufferedInputStream(Files.newInputStream(file.toPath(), new OpenOption[0])));
        try {
            return generateCRL(dataInputStream);
        } finally {
            dataInputStream.close();
        }
    }

    public CertPathTrustManagerParameters buildTrustManagerParameters(KeyStore keyStore, boolean z, Option<Seq<CRL>> option, AlgorithmChecker algorithmChecker) {
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.setRevocationEnabled(z);
        option.map(seq -> {
            $anonfun$buildTrustManagerParameters$1(pKIXBuilderParameters, seq);
            return BoxedUnit.UNIT;
        });
        pKIXBuilderParameters.setCertPathCheckers((List) JavaConverters$.MODULE$.seqAsJavaListConverter(Seq$.MODULE$.apply2((Seq) ScalaRunTime$.MODULE$.wrapRefArray(new AlgorithmChecker[]{algorithmChecker}))).asJava());
        return new CertPathTrustManagerParameters(pKIXBuilderParameters);
    }

    public X509TrustManager buildTrustManager(TrustStoreConfig trustStoreConfig, boolean z, Option<Seq<CRL>> option, AlgorithmChecker algorithmChecker) {
        logger().warn("Use newer version of buildTrustManager with debug parameter");
        return buildTrustManager(trustStoreConfig, z, option, algorithmChecker, SSLDebugConfig$.MODULE$.apply());
    }

    public X509TrustManager buildTrustManager(TrustStoreConfig trustStoreConfig, boolean z, Option<Seq<CRL>> option, AlgorithmChecker algorithmChecker, SSLDebugConfig sSLDebugConfig) {
        TrustManagerFactoryWrapper trustManagerFactoryWrapper = this.trustManagerFactory;
        KeyStore build = trustStoreBuilder(trustStoreConfig).build();
        validateStore(build, algorithmChecker);
        trustManagerFactoryWrapper.init(buildTrustManagerParameters(build, z, option, algorithmChecker));
        TrustManager[] trustManagers = trustManagerFactoryWrapper.getTrustManagers();
        if (trustManagers == null) {
            throw new IllegalStateException(new StringBuilder(47).append("Cannot create trust manager with configuration ").append(trustStoreConfig).toString());
        }
        X509ExtendedTrustManager x509ExtendedTrustManager = (X509ExtendedTrustManager) ArrayOps$.MODULE$.head$extension(Predef$.MODULE$.refArrayOps(trustManagers));
        return new TracingX509ExtendedTrustManager(() -> {
            return x509ExtendedTrustManager;
        }, sSLDebugConfig, this.mkLogger);
    }

    public boolean validateStoreContainsPrivateKeys(KeyStoreConfig keyStoreConfig, KeyStore keyStore) {
        char[] cArr = (char[]) keyStoreConfig.password().map(str -> {
            return str.toCharArray();
        }).orNull(C$less$colon$less$.MODULE$.refl());
        BooleanRef create = BooleanRef.create(false);
        ((IterableOnceOps) JavaConverters$.MODULE$.enumerationAsScalaIteratorConverter(keyStore.aliases()).asScala()).foreach(str2 -> {
            $anonfun$validateStoreContainsPrivateKeys$2(this, keyStore, cArr, create, str2);
            return BoxedUnit.UNIT;
        });
        return create.elem;
    }

    public void validateStore(KeyStore keyStore, AlgorithmChecker algorithmChecker) {
        logger().debug(new StringBuilder(31).append("validateStore: type = ").append(keyStore.getType()).append(", size = ").append(keyStore.size()).toString());
        ((IterableOnceOps) JavaConverters$.MODULE$.enumerationAsScalaIteratorConverter(keyStore.aliases()).asScala()).foreach(str -> {
            return Option$.MODULE$.apply(keyStore.getCertificate(str)).map(certificate -> {
                $anonfun$validateStore$2(this, algorithmChecker, str, keyStore, certificate);
                return BoxedUnit.UNIT;
            });
        });
    }

    public static final /* synthetic */ boolean $anonfun$warnOnPKCS12EmptyPasswordBug$1(String str) {
        return !str.isEmpty();
    }

    public static final /* synthetic */ void $anonfun$buildTrustManagerParameters$1(PKIXBuilderParameters pKIXBuilderParameters, Seq seq) {
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(JavaConverters$.MODULE$.asJavaCollectionConverter(seq).asJavaCollection())));
    }

    public static final /* synthetic */ void $anonfun$validateStoreContainsPrivateKeys$2(ConfigSSLContextBuilder configSSLContextBuilder, KeyStore keyStore, char[] cArr, BooleanRef booleanRef, String str) {
        if (keyStore.getKey(str, cArr) instanceof PrivateKey) {
            configSSLContextBuilder.logger().debug(new StringBuilder(62).append("validateStoreContainsPrivateKeys: private key found for alias ").append(str).toString());
            booleanRef.elem = true;
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            configSSLContextBuilder.logger().warn(new StringBuilder(110).append("validateStoreContainsPrivateKeys: No private key found for alias ").append(str).append(", it cannot be used for client authentication").toString());
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
    }

    public static final /* synthetic */ void $anonfun$validateStore$2(ConfigSSLContextBuilder configSSLContextBuilder, AlgorithmChecker algorithmChecker, String str, KeyStore keyStore, Certificate certificate) {
        try {
            algorithmChecker.checkKeyAlgorithms(package$.MODULE$.certificate2X509Certificate(certificate));
        } catch (CertPathValidatorException e) {
            configSSLContextBuilder.logger().warn(new StringBuilder(0).append(new StringBuilder(60).append("validateStore: Skipping certificate with weak key size in ").append(str).append(": ").toString()).append(e.getMessage()).toString());
            keyStore.deleteEntry(str);
        } catch (Exception e2) {
            configSSLContextBuilder.logger().warn(new StringBuilder(0).append(new StringBuilder(44).append("validateStore: Skipping unknown exception ").append(str).append(": ").toString()).append(e2.getMessage()).toString());
            keyStore.deleteEntry(str);
        }
    }

    public ConfigSSLContextBuilder(LoggerFactory loggerFactory, SSLConfigSettings sSLConfigSettings, KeyManagerFactoryWrapper keyManagerFactoryWrapper, TrustManagerFactoryWrapper trustManagerFactoryWrapper) {
        this.mkLogger = loggerFactory;
        this.info = sSLConfigSettings;
        this.keyManagerFactory = keyManagerFactoryWrapper;
        this.trustManagerFactory = trustManagerFactoryWrapper;
        this.logger = loggerFactory.apply(getClass());
    }
}
