package zio.http.netty.client;

import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Predef$;
import scala.Tuple3;
import scala.reflect.ClassTag$;
import scala.runtime.BoxedUnit;
import scala.runtime.ObjectRef;
import scala.util.Using$Manager$;
import scala.util.Using$Releasable$AutoCloseableIsReleasable$;
import zio.Config;
import zio.http.ClientSSLCertConfig;
import zio.http.ClientSSLConfig;
import zio.http.ClientSSLConfig$Default$;
import zio.http.ClientSSLConfig$FromJavaxNetSsl$Empty$;

/* compiled from: ClientSSLConverter.scala */
/* loaded from: input_file:zio/http/netty/client/ClientSSLConverter$.class */
public final class ClientSSLConverter$ {
    public static ClientSSLConverter$ MODULE$;

    static {
        new ClientSSLConverter$();
    }

    private SslContextBuilder keyManagerTrustManagerToSslContext(Option<Tuple3<String, InputStream, Option<Config.Secret>>> option, Option<Tuple3<String, InputStream, Option<Config.Secret>>> option2, SslContextBuilder sslContextBuilder) {
        Option map = option.map(tuple3 -> {
            if (tuple3 == null) {
                throw new MatchError((Object) null);
            }
            String str = (String) tuple3._1();
            InputStream inputStream = (InputStream) tuple3._2();
            Option option3 = (Option) tuple3._3();
            KeyStore keyStore = KeyStore.getInstance(str);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            char[] cArr = (char[]) option3.map(secret -> {
                return (char[]) secret.value().toArray(ClassTag$.MODULE$.Char());
            }).orNull(Predef$.MODULE$.$conforms());
            keyStore.load(inputStream, cArr);
            keyManagerFactory.init(keyStore, cArr);
            return keyManagerFactory;
        });
        Option map2 = option2.map(tuple32 -> {
            if (tuple32 == null) {
                throw new MatchError((Object) null);
            }
            String str = (String) tuple32._1();
            InputStream inputStream = (InputStream) tuple32._2();
            Option option3 = (Option) tuple32._3();
            KeyStore keyStore = KeyStore.getInstance(str);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            keyStore.load(inputStream, (char[]) option3.map(secret -> {
                return (char[]) secret.value().toArray(ClassTag$.MODULE$.Char());
            }).orNull(Predef$.MODULE$.$conforms()));
            trustManagerFactory.init(keyStore);
            return trustManagerFactory;
        });
        ObjectRef create = ObjectRef.create(SslContextBuilder.forClient());
        map.foreach(keyManagerFactory -> {
            $anonfun$keyManagerTrustManagerToSslContext$5(create, keyManagerFactory);
            return BoxedUnit.UNIT;
        });
        map2.foreach(trustManagerFactory -> {
            $anonfun$keyManagerTrustManagerToSslContext$6(create, trustManagerFactory);
            return BoxedUnit.UNIT;
        });
        return (SslContextBuilder) create.elem;
    }

    private SslContextBuilder trustStoreToSslContext(InputStream inputStream, Config.Secret secret, SslContextBuilder sslContextBuilder) {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        keyStore.load(inputStream, (char[]) secret.value().toArray(ClassTag$.MODULE$.Char()));
        trustManagerFactory.init(keyStore);
        return sslContextBuilder.trustManager(trustManagerFactory);
    }

    private SslContextBuilder buildNettySslContextBuilder(ClientSSLConfig clientSSLConfig, SslContextBuilder sslContextBuilder) {
        Option option;
        Option option2;
        boolean z = false;
        ClientSSLConfig.FromClientAndServerCert fromClientAndServerCert = null;
        if (ClientSSLConfig$Default$.MODULE$.equals(clientSSLConfig)) {
            return sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
        }
        if (clientSSLConfig instanceof ClientSSLConfig.FromCertFile) {
            return sslContextBuilder.trustManager(new FileInputStream(((ClientSSLConfig.FromCertFile) clientSSLConfig).certPath()));
        }
        if (clientSSLConfig instanceof ClientSSLConfig.FromCertResource) {
            return sslContextBuilder.trustManager(getClass().getClassLoader().getResourceAsStream(((ClientSSLConfig.FromCertResource) clientSSLConfig).certPath()));
        }
        if (clientSSLConfig instanceof ClientSSLConfig.FromTrustStoreResource) {
            ClientSSLConfig.FromTrustStoreResource fromTrustStoreResource = (ClientSSLConfig.FromTrustStoreResource) clientSSLConfig;
            return trustStoreToSslContext(getClass().getClassLoader().getResourceAsStream(fromTrustStoreResource.trustStorePath()), fromTrustStoreResource.trustStorePassword(), sslContextBuilder);
        }
        if (clientSSLConfig instanceof ClientSSLConfig.FromClientAndServerCert) {
            z = true;
            fromClientAndServerCert = (ClientSSLConfig.FromClientAndServerCert) clientSSLConfig;
            ClientSSLConfig serverCertConfig = fromClientAndServerCert.serverCertConfig();
            ClientSSLCertConfig clientCertConfig = fromClientAndServerCert.clientCertConfig();
            if (clientCertConfig instanceof ClientSSLCertConfig.FromClientCertFile) {
                ClientSSLCertConfig.FromClientCertFile fromClientCertFile = (ClientSSLCertConfig.FromClientCertFile) clientCertConfig;
                String certPath = fromClientCertFile.certPath();
                String keyPath = fromClientCertFile.keyPath();
                SslContextBuilder buildNettySslContextBuilder = buildNettySslContextBuilder(serverCertConfig, sslContextBuilder);
                return (SslContextBuilder) Using$Manager$.MODULE$.apply(manager -> {
                    return buildNettySslContextBuilder.keyManager((FileInputStream) manager.apply(new FileInputStream(new File(certPath)), Using$Releasable$AutoCloseableIsReleasable$.MODULE$), (FileInputStream) manager.apply(new FileInputStream(new File(keyPath)), Using$Releasable$AutoCloseableIsReleasable$.MODULE$));
                }).get();
            }
        }
        if (z) {
            ClientSSLConfig serverCertConfig2 = fromClientAndServerCert.serverCertConfig();
            ClientSSLCertConfig clientCertConfig2 = fromClientAndServerCert.clientCertConfig();
            if (clientCertConfig2 instanceof ClientSSLCertConfig.FromClientCertResource) {
                ClientSSLCertConfig.FromClientCertResource fromClientCertResource = (ClientSSLCertConfig.FromClientCertResource) clientCertConfig2;
                String certPath2 = fromClientCertResource.certPath();
                String keyPath2 = fromClientCertResource.keyPath();
                SslContextBuilder buildNettySslContextBuilder2 = buildNettySslContextBuilder(serverCertConfig2, sslContextBuilder);
                return (SslContextBuilder) Using$Manager$.MODULE$.apply(manager2 -> {
                    ClassLoader classLoader = MODULE$.getClass().getClassLoader();
                    return buildNettySslContextBuilder2.keyManager((InputStream) manager2.apply(classLoader.getResourceAsStream(certPath2), Using$Releasable$AutoCloseableIsReleasable$.MODULE$), (InputStream) manager2.apply(classLoader.getResourceAsStream(keyPath2), Using$Releasable$AutoCloseableIsReleasable$.MODULE$));
                }).get();
            }
        }
        if (clientSSLConfig instanceof ClientSSLConfig.FromTrustStoreFile) {
            ClientSSLConfig.FromTrustStoreFile fromTrustStoreFile = (ClientSSLConfig.FromTrustStoreFile) clientSSLConfig;
            return trustStoreToSslContext(new FileInputStream(fromTrustStoreFile.trustStorePath()), fromTrustStoreFile.trustStorePassword(), sslContextBuilder);
        }
        if (!(clientSSLConfig instanceof ClientSSLConfig.FromJavaxNetSsl)) {
            throw new MatchError(clientSSLConfig);
        }
        ClientSSLConfig.FromJavaxNetSsl fromJavaxNetSsl = (ClientSSLConfig.FromJavaxNetSsl) clientSSLConfig;
        String keyManagerKeyStoreType = fromJavaxNetSsl.keyManagerKeyStoreType();
        ClientSSLConfig.FromJavaxNetSsl.Source keyManagerSource = fromJavaxNetSsl.keyManagerSource();
        Option<Config.Secret> keyManagerPassword = fromJavaxNetSsl.keyManagerPassword();
        String trustManagerKeyStoreType = fromJavaxNetSsl.trustManagerKeyStoreType();
        ClientSSLConfig.FromJavaxNetSsl.Source trustManagerSource = fromJavaxNetSsl.trustManagerSource();
        Option<Config.Secret> trustManagerPassword = fromJavaxNetSsl.trustManagerPassword();
        if (keyManagerSource instanceof ClientSSLConfig.FromJavaxNetSsl.File) {
            option = Option$.MODULE$.apply(new FileInputStream(((ClientSSLConfig.FromJavaxNetSsl.File) keyManagerSource).file())).map(fileInputStream -> {
                return new Tuple3(keyManagerKeyStoreType, fileInputStream, keyManagerPassword);
            });
        } else if (keyManagerSource instanceof ClientSSLConfig.FromJavaxNetSsl.Resource) {
            option = Option$.MODULE$.apply(getClass().getClassLoader().getResourceAsStream(((ClientSSLConfig.FromJavaxNetSsl.Resource) keyManagerSource).resource())).map(inputStream -> {
                return new Tuple3(keyManagerKeyStoreType, inputStream, keyManagerPassword);
            });
        } else {
            if (!ClientSSLConfig$FromJavaxNetSsl$Empty$.MODULE$.equals(keyManagerSource)) {
                throw new MatchError(keyManagerSource);
            }
            option = None$.MODULE$;
        }
        Option option3 = option;
        if (trustManagerSource instanceof ClientSSLConfig.FromJavaxNetSsl.File) {
            option2 = Option$.MODULE$.apply(new FileInputStream(((ClientSSLConfig.FromJavaxNetSsl.File) trustManagerSource).file())).map(fileInputStream2 -> {
                return new Tuple3(trustManagerKeyStoreType, fileInputStream2, trustManagerPassword);
            });
        } else if (trustManagerSource instanceof ClientSSLConfig.FromJavaxNetSsl.Resource) {
            option2 = Option$.MODULE$.apply(getClass().getClassLoader().getResourceAsStream(((ClientSSLConfig.FromJavaxNetSsl.Resource) trustManagerSource).resource())).map(inputStream2 -> {
                return new Tuple3(trustManagerKeyStoreType, inputStream2, trustManagerPassword);
            });
        } else {
            if (!ClientSSLConfig$FromJavaxNetSsl$Empty$.MODULE$.equals(trustManagerSource)) {
                throw new MatchError(trustManagerSource);
            }
            option2 = None$.MODULE$;
        }
        return keyManagerTrustManagerToSslContext(option3, option2, sslContextBuilder);
    }

    public SslContext toNettySSLContext(ClientSSLConfig clientSSLConfig) {
        return buildNettySslContextBuilder(clientSSLConfig, SslContextBuilder.forClient()).build();
    }

    public static final /* synthetic */ void $anonfun$keyManagerTrustManagerToSslContext$5(ObjectRef objectRef, KeyManagerFactory keyManagerFactory) {
        objectRef.elem = ((SslContextBuilder) objectRef.elem).keyManager(keyManagerFactory);
    }

    public static final /* synthetic */ void $anonfun$keyManagerTrustManagerToSslContext$6(ObjectRef objectRef, TrustManagerFactory trustManagerFactory) {
        objectRef.elem = ((SslContextBuilder) objectRef.elem).trustManager(trustManagerFactory);
    }

    private ClientSSLConverter$() {
        MODULE$ = this;
    }
}
