package play.core.server.ssl;

import com.typesafe.config.Config;
import com.typesafe.sslconfig.ssl.FakeKeyStore;
import com.typesafe.sslconfig.util.NoopLogger$;
import java.io.File;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import play.api.MarkerContext$;
import play.core.ApplicationProvider;
import play.core.server.ServerConfig;
import play.server.api.SSLEngineProvider;
import play.utils.PlayIO$;
import scala.Option;
import scala.util.control.NonFatal$;

/* compiled from: DefaultSSLEngineProvider.scala */
/* loaded from: input_file:play/core/server/ssl/DefaultSSLEngineProvider.class */
public class DefaultSSLEngineProvider implements SSLEngineProvider {
    private final ServerConfig serverConfig;
    private final SSLContext sslContext;

    public DefaultSSLEngineProvider(ServerConfig serverConfig, ApplicationProvider applicationProvider) {
        this.serverConfig = serverConfig;
        this.sslContext = createSSLContext(applicationProvider);
    }

    public SSLContext sslContext() {
        return this.sslContext;
    }

    public SSLEngine createSSLEngine() {
        return sslContext().createSSLEngine();
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private SSLContext createSSLContext(ApplicationProvider applicationProvider) {
        KeyManagerFactory keyManagerFactory;
        TrustManager[] trustManagerArr;
        Config config = this.serverConfig.configuration().underlying().getConfig("play.server.https");
        Config config2 = config.getConfig("keyStore");
        if (config2.hasPath("path")) {
            String string = config2.getString("path");
            KeyStore keyStore = KeyStore.getInstance(config2.getString("type"));
            char[] charArray = config2.getString("password").toCharArray();
            String string2 = config2.hasPath("algorithm") ? config2.getString("algorithm") : KeyManagerFactory.getDefaultAlgorithm();
            File file = new File(string);
            if (!file.isFile()) {
                throw new Exception("Unable to find HTTPS keystore at \"" + file.getAbsolutePath() + "\"");
            }
            InputStream newInputStream = Files.newInputStream(file.toPath(), new OpenOption[0]);
            try {
                try {
                    keyStore.load(newInputStream, charArray);
                    DefaultSSLEngineProvider$.play$core$server$ssl$DefaultSSLEngineProvider$$$logger.debug(() -> {
                        return $anonfun$1(r1);
                    }, MarkerContext$.MODULE$.NoMarker());
                    KeyManagerFactory keyManagerFactory2 = KeyManagerFactory.getInstance(string2);
                    keyManagerFactory2.init(keyStore, charArray);
                    keyManagerFactory = keyManagerFactory2;
                } catch (Throwable th) {
                    if (th != null) {
                        Option unapply = NonFatal$.MODULE$.unapply(th);
                        if (!unapply.isEmpty()) {
                            throw new Exception("Error loading HTTPS keystore from " + file.getAbsolutePath(), (Throwable) unapply.get());
                        }
                    }
                    throw th;
                }
            } finally {
                PlayIO$.MODULE$.closeQuietly(newInputStream);
            }
        } else {
            DefaultSSLEngineProvider$.play$core$server$ssl$DefaultSSLEngineProvider$$$logger.warn(DefaultSSLEngineProvider::$anonfun$2, MarkerContext$.MODULE$.NoMarker());
            keyManagerFactory = new FakeKeyStore(NoopLogger$.MODULE$.factory()).keyManagerFactory(this.serverConfig.rootDir());
        }
        KeyManagerFactory keyManagerFactory3 = keyManagerFactory;
        if (config.getConfig("trustStore").getBoolean("noCaVerification")) {
            DefaultSSLEngineProvider$.play$core$server$ssl$DefaultSSLEngineProvider$$$logger.warn(DefaultSSLEngineProvider::$anonfun$3, MarkerContext$.MODULE$.NoMarker());
            trustManagerArr = new TrustManager[]{noCATrustManager$.MODULE$};
        } else {
            DefaultSSLEngineProvider$.play$core$server$ssl$DefaultSSLEngineProvider$$$logger.debug(DefaultSSLEngineProvider::$anonfun$4, MarkerContext$.MODULE$.NoMarker());
            trustManagerArr = (TrustManager[]) null;
        }
        TrustManager[] trustManagerArr2 = trustManagerArr;
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory3.getKeyManagers(), trustManagerArr2, null);
        return sSLContext;
    }

    private static final String $anonfun$1(File file) {
        return "Using HTTPS keystore at " + file.getAbsolutePath();
    }

    private static final String $anonfun$2() {
        return "Using generated key with self signed certificate for HTTPS. This should NOT be used in production.";
    }

    private static final String $anonfun$3() {
        return "HTTPS configured with no client side CA verification. Requires http://webid.info/ for client certificate verification.";
    }

    private static final String $anonfun$4() {
        return "Using default trust store for client side CA verification";
    }
}
