package org.apache.pekko.http.scaladsl;

import ch.qos.logback.core.joran.spi.ConfigurationWatchList;
import com.typesafe.sslconfig.pekko.PekkoSSLConfig;
import com.typesafe.sslconfig.pekko.PekkoSSLConfig$;
import com.typesafe.sslconfig.pekko.util.PekkoLoggerFactory;
import com.typesafe.sslconfig.ssl.ClientAuth;
import com.typesafe.sslconfig.ssl.ClientAuth$Default$;
import com.typesafe.sslconfig.ssl.ClientAuth$Need$;
import com.typesafe.sslconfig.ssl.ClientAuth$None$;
import com.typesafe.sslconfig.ssl.ClientAuth$Want$;
import com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder;
import com.typesafe.sslconfig.ssl.SSLConfigSettings;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import org.apache.pekko.actor.ActorSystem;
import org.apache.pekko.actor.ClassicActorSystemProvider;
import org.apache.pekko.event.LogSource;
import org.apache.pekko.event.LogSource$;
import org.apache.pekko.event.Logging$;
import org.apache.pekko.event.LoggingAdapter;
import org.apache.pekko.stream.TLSClientAuth$Need$;
import org.apache.pekko.stream.TLSClientAuth$None$;
import org.apache.pekko.stream.TLSClientAuth$Want$;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some$;

/* compiled from: Http.scala */
/* loaded from: input_file:org/apache/pekko/http/scaladsl/DefaultSSLContextCreation.class */
public interface DefaultSSLContextCreation {
    ActorSystem system();

    default PekkoSSLConfig sslConfig() {
        return (PekkoSSLConfig) PekkoSSLConfig$.MODULE$.apply((ClassicActorSystemProvider) system());
    }

    private default LoggingAdapter log() {
        return system().log();
    }

    default void validateAndWarnAboutLooseSettings() {
    }

    default HttpsConnectionContext createDefaultClientHttpsContext() {
        return createClientHttpsContext((PekkoSSLConfig) PekkoSSLConfig$.MODULE$.apply((ClassicActorSystemProvider) system()));
    }

    default HttpsConnectionContext createServerHttpsContext(PekkoSSLConfig pekkoSSLConfig) {
        log().warning("Automatic server-side configuration is not supported yet, will attempt to use client-side settings. Instead it is recommended to construct the Servers HttpsConnectionContext manually (via SSLContext).");
        return createClientHttpsContext(pekkoSSLConfig);
    }

    default HttpsConnectionContext createClientHttpsContext(PekkoSSLConfig pekkoSSLConfig) {
        SSLContext build;
        Option apply;
        SSLConfigSettings config = pekkoSSLConfig.config();
        LoggingAdapter apply2 = Logging$.MODULE$.apply(system(), (ActorSystem) getClass(), (LogSource<ActorSystem>) LogSource$.MODULE$.fromClass());
        PekkoLoggerFactory pekkoLoggerFactory = new PekkoLoggerFactory(system());
        if (pekkoSSLConfig.config().m340default()) {
            apply2.debug("buildSSLContext: ssl-config.default is true, using default SSLContext");
            pekkoSSLConfig.validateDefaultTrustManager(config);
            build = SSLContext.getDefault();
        } else {
            build = new ConfigSSLContextBuilder(pekkoLoggerFactory, config, pekkoSSLConfig.buildKeyManagerFactory(config), pekkoSSLConfig.buildTrustManagerFactory(config)).build();
        }
        SSLContext sSLContext = build;
        SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
        String[] protocols = defaultSSLParameters.getProtocols();
        defaultSSLParameters.setProtocols(pekkoSSLConfig.configureProtocols(protocols, config));
        String[] configureCipherSuites = pekkoSSLConfig.configureCipherSuites(defaultSSLParameters.getCipherSuites(), config);
        defaultSSLParameters.setCipherSuites(configureCipherSuites);
        ClientAuth clientAuth = config.sslParametersConfig().clientAuth();
        if (ClientAuth$Default$.MODULE$.equals(clientAuth)) {
            apply = None$.MODULE$;
        } else if (ClientAuth$Want$.MODULE$.equals(clientAuth)) {
            apply = Some$.MODULE$.apply(TLSClientAuth$Want$.MODULE$);
        } else if (ClientAuth$Need$.MODULE$.equals(clientAuth)) {
            apply = Some$.MODULE$.apply(TLSClientAuth$Need$.MODULE$);
        } else {
            if (!ClientAuth$None$.MODULE$.equals(clientAuth)) {
                throw new MatchError(clientAuth);
            }
            apply = Some$.MODULE$.apply(TLSClientAuth$None$.MODULE$);
        }
        Option option = apply;
        if (!pekkoSSLConfig.config().loose().disableHostnameVerification()) {
            defaultSSLParameters.setEndpointIdentificationAlgorithm(ConfigurationWatchList.HTTPS_PROTOCOL_STR);
        }
        return new HttpsConnectionContext(sSLContext, Some$.MODULE$.apply(pekkoSSLConfig), Some$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(configureCipherSuites).toList()), Some$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(protocols).toList()), option, Some$.MODULE$.apply(defaultSSLParameters));
    }
}
