package play.api.libs.ws.ssl;

import java.io.BufferedInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRL;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.Option;
import scala.Predef$;
import scala.StringContext;
import scala.collection.Iterator;
import scala.collection.JavaConverters$;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.TraversableOnce;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.StringOps;
import scala.reflect.ScalaSignature;
import scala.runtime.BooleanRef;
import scala.runtime.BoxesRunTime;

/* compiled from: SSLContextBuilder.scala */
@ScalaSignature(bytes = "\u0006\u0001\t}b\u0001B\u0001\u0003\u00015\u0011qcQ8oM&<7k\u0015'D_:$X\r\u001f;Ck&dG-\u001a:\u000b\u0005\r!\u0011aA:tY*\u0011QAB\u0001\u0003oNT!a\u0002\u0005\u0002\t1L'm\u001d\u0006\u0003\u0013)\t1!\u00199j\u0015\u0005Y\u0011\u0001\u00029mCf\u001c\u0001aE\u0002\u0001\u001dQ\u0001\"a\u0004\n\u000e\u0003AQ\u0011!E\u0001\u0006g\u000e\fG.Y\u0005\u0003'A\u0011a!\u00118z%\u00164\u0007CA\u000b\u0017\u001b\u0005\u0011\u0011BA\f\u0003\u0005E\u00196\u000bT\"p]R,\u0007\u0010\u001e\"vS2$WM\u001d\u0005\t3\u0001\u0011\t\u0011)A\u00055\u0005!\u0011N\u001c4p!\t)2$\u0003\u0002\u001d\u0005\tI1k\u0015'D_:4\u0017n\u001a\u0005\t=\u0001\u0011\t\u0011)A\u0005?\u0005\t2.Z=NC:\fw-\u001a:GC\u000e$xN]=\u0011\u0005U\u0001\u0013BA\u0011\u0003\u0005aYU-_'b]\u0006<WM\u001d$bGR|'/_,sCB\u0004XM\u001d\u0005\tG\u0001\u0011\t\u0011)A\u0005I\u0005\u0019BO];ti6\u000bg.Y4fe\u001a\u000b7\r^8ssB\u0011Q#J\u0005\u0003M\t\u0011!\u0004\u0016:vgRl\u0015M\\1hKJ4\u0015m\u0019;pef<&/\u00199qKJDQ\u0001\u000b\u0001\u0005\u0002%\na\u0001P5oSRtD\u0003\u0002\u0016,Y5\u0002\"!\u0006\u0001\t\u000be9\u0003\u0019\u0001\u000e\t\u000by9\u0003\u0019A\u0010\t\u000b\r:\u0003\u0019\u0001\u0013\t\u000f=\u0002!\u0019!C\ta\u00051An\\4hKJ,\u0012!\r\t\u0003e]j\u0011a\r\u0006\u0003iU\nQa\u001d7gi)T\u0011AN\u0001\u0004_J<\u0017B\u0001\u001d4\u0005\u0019aunZ4fe\"1!\b\u0001Q\u0001\nE\nq\u0001\\8hO\u0016\u0014\b\u0005C\u0003=\u0001\u0011\u0005Q(A\u0003ck&dG\rF\u0001?!\tyT)D\u0001A\u0015\t\u0019\u0011I\u0003\u0002C\u0007\u0006\u0019a.\u001a;\u000b\u0003\u0011\u000bQA[1wCbL!A\u0012!\u0003\u0015M\u001bFjQ8oi\u0016DH\u000fC\u0003I\u0001\u0011\u0005\u0011*A\bck&dGmU*M\u0007>tG/\u001a=u)\u0015q$j\u00153k\u0011\u0015Yu\t1\u0001M\u0003!\u0001(o\u001c;pG>d\u0007CA'Q\u001d\tya*\u0003\u0002P!\u00051\u0001K]3eK\u001aL!!\u0015*\u0003\rM#(/\u001b8h\u0015\ty\u0005\u0003C\u0003U\u000f\u0002\u0007Q+A\u0006lKfl\u0015M\\1hKJ\u001c\bc\u0001,_C:\u0011q\u000b\u0018\b\u00031nk\u0011!\u0017\u0006\u000352\ta\u0001\u0010:p_Rt\u0014\"A\t\n\u0005u\u0003\u0012a\u00029bG.\fw-Z\u0005\u0003?\u0002\u00141aU3r\u0015\ti\u0006\u0003\u0005\u0002@E&\u00111\r\u0011\u0002\u000b\u0017\u0016LX*\u00198bO\u0016\u0014\b\"B3H\u0001\u00041\u0017!\u0004;skN$X*\u00198bO\u0016\u00148\u000fE\u0002W=\u001e\u0004\"a\u00105\n\u0005%\u0004%\u0001\u0004+skN$X*\u00198bO\u0016\u0014\b\"B6H\u0001\u0004a\u0017\u0001D:fGV\u0014XMU1oI>l\u0007cA\bn_&\u0011a\u000e\u0005\u0002\u0007\u001fB$\u0018n\u001c8\u0011\u0005A,X\"A9\u000b\u0005I\u001c\u0018\u0001C:fGV\u0014\u0018\u000e^=\u000b\u0003Q\fAA[1wC&\u0011a/\u001d\u0002\r'\u0016\u001cWO]3SC:$w.\u001c\u0005\u0006q\u0002!\t!_\u0001\u0019EVLG\u000eZ\"p[B|7/\u001b;f\u0017\u0016LX*\u00198bO\u0016\u0014H\u0003\u0002>~\u0003\u000b\u0001\"!F>\n\u0005q\u0014!aF\"p[B|7/\u001b;f1V\u0002\u0014hS3z\u001b\u0006t\u0017mZ3s\u0011\u0015qx\u000f1\u0001��\u0003AYW-_'b]\u0006<WM]\"p]\u001aLw\rE\u0002\u0016\u0003\u0003I1!a\u0001\u0003\u0005AYU-_'b]\u0006<WM]\"p]\u001aLw\rC\u0004\u0002\b]\u0004\r!!\u0003\u0002!\u0005dwm\u001c:ji\"l7\t[3dW\u0016\u0014\bcA\u000b\u0002\f%\u0019\u0011Q\u0002\u0002\u0003!\u0005cwm\u001c:ji\"l7\t[3dW\u0016\u0014\bbBA\t\u0001\u0011\u0005\u00111C\u0001\u001bEVLG\u000eZ\"p[B|7/\u001b;f)J,8\u000f^'b]\u0006<WM\u001d\u000b\u000b\u0003+\tY\"!\n\u00020\u0005\r\u0003cA\u000b\u0002\u0018%\u0019\u0011\u0011\u0004\u0002\u00033\r{W\u000e]8tSR,\u0007,\u000e\u0019:)J,8\u000f^'b]\u0006<WM\u001d\u0005\t\u0003;\ty\u00011\u0001\u0002 \u0005\u0001BO];ti6\u000bg.Y4fe&sgm\u001c\t\u0004+\u0005\u0005\u0012bAA\u0012\u0005\t\u0011BK];ti6\u000bg.Y4fe\u000e{gNZ5h\u0011!\t9#a\u0004A\u0002\u0005%\u0012!\u0005:fm>\u001c\u0017\r^5p]\u0016s\u0017M\u00197fIB\u0019q\"a\u000b\n\u0007\u00055\u0002CA\u0004C_>dW-\u00198\t\u0011\u0005E\u0012q\u0002a\u0001\u0003g\tqB]3w_\u000e\fG/[8o\u0019&\u001cHo\u001d\t\u0005\u001f5\f)\u0004\u0005\u0003W=\u0006]\u0002\u0003BA\u001d\u0003\u007fi!!a\u000f\u000b\u0007\u0005u\u0012/\u0001\u0003dKJ$\u0018\u0002BA!\u0003w\u00111a\u0011*M\u0011!\t9!a\u0004A\u0002\u0005%\u0001bBA$\u0001\u0011\u0005\u0011\u0011J\u0001\u0010W\u0016L8\u000b^8sK\n+\u0018\u000e\u001c3feR!\u00111JA)!\r)\u0012QJ\u0005\u0004\u0003\u001f\u0012!aD&fsN#xN]3Ck&dG-\u001a:\t\u0011\u0005M\u0013Q\ta\u0001\u0003+\n1a[:d!\r)\u0012qK\u0005\u0004\u00033\u0012!AD&fsN#xN]3D_:4\u0017n\u001a\u0005\b\u0003;\u0002A\u0011AA0\u0003E!(/^:u'R|'/\u001a\"vS2$WM\u001d\u000b\u0005\u0003\u0017\n\t\u0007\u0003\u0005\u0002d\u0005m\u0003\u0019AA3\u0003\r!8o\u0019\t\u0004+\u0005\u001d\u0014bAA5\u0005\t\u0001BK];tiN#xN]3D_:4\u0017n\u001a\u0005\b\u0003[\u0002A\u0011AA8\u0003-1\u0017\u000e\\3Ck&dG-\u001a:\u0015\u0011\u0005-\u0013\u0011OA;\u0003sBq!a\u001d\u0002l\u0001\u0007A*A\u0005ti>\u0014X\rV=qK\"9\u0011qOA6\u0001\u0004a\u0015\u0001\u00034jY\u0016\u0004\u0016\r\u001e5\t\u0011\u0005m\u00141\u000ea\u0001\u0003{\n\u0001\u0002]1tg^|'\u000f\u001a\t\u0005\u001f5\fy\bE\u0003\u0010\u0003\u0003\u000b))C\u0002\u0002\u0004B\u0011Q!\u0011:sCf\u00042aDAD\u0013\r\tI\t\u0005\u0002\u0005\u0007\"\f'\u000fC\u0004\u0002\u000e\u0002!\t!a$\u0002\u001bM$(/\u001b8h\u0005VLG\u000eZ3s)\u0011\tY%!%\t\u000f\u0005M\u00151\u0012a\u0001\u0019\u0006!A-\u0019;b\u0011\u001d\t9\n\u0001C\u0001\u00033\u000bAd^1s]>s\u0007kS\"TcI*U\u000e\u001d;z!\u0006\u001c8o^8sI\n+x\r\u0006\u0003\u0002*\u0005m\u0005\u0002CA*\u0003+\u0003\r!!\u0016\t\u000f\u0005}\u0005\u0001\"\u0001\u0002\"\u0006y!-^5mI.+\u00170T1oC\u001e,'\u000f\u0006\u0004\u0002$\u0006%\u00161\u0016\t\u0004\u007f\u0005\u0015\u0016bAAT\u0001\nq\u0001,\u000e\u0019:\u0017\u0016LX*\u00198bO\u0016\u0014\b\u0002CA*\u0003;\u0003\r!!\u0016\t\u0011\u0005\u001d\u0011Q\u0014a\u0001\u0003\u0013Aq!a,\u0001\t\u0003\t\t,A\rdKJ$\u0018NZ5dCR,'+\u001a<pG\u0006$\u0018n\u001c8MSN$H\u0003BA\u001a\u0003gCq!!.\u0002.\u0002\u0007!$A\u0005tg2\u001cuN\u001c4jO\"9\u0011\u0011\u0018\u0001\u0005\u0002\u0005m\u0016aC4f]\u0016\u0014\u0018\r^3D%2#B!a\u000e\u0002>\"A\u0011qXA\\\u0001\u0004\t\t-A\u0006j]B,Ho\u0015;sK\u0006l\u0007\u0003BAb\u0003\u0013l!!!2\u000b\u0007\u0005\u001d7/\u0001\u0002j_&!\u00111ZAc\u0005-Ie\u000e];u'R\u0014X-Y7\t\u000f\u0005=\u0007\u0001\"\u0001\u0002R\u0006\u0011r-\u001a8fe\u0006$Xm\u0011*M\rJ|W.\u0016*M)\u0011\t9$a5\t\u0011\u0005U\u0017Q\u001aa\u0001\u0003/\f1!\u001e:m!\u0011\tI.!8\u000e\u0005\u0005m'B\u0001\"t\u0013\u0011\ty.a7\u0003\u0007U\u0013F\nC\u0004\u0002d\u0002!\t!!:\u0002'\u001d,g.\u001a:bi\u0016\u001c%\u000b\u0014$s_64\u0015\u000e\\3\u0015\t\u0005]\u0012q\u001d\u0005\t\u0003S\f\t\u000f1\u0001\u0002l\u0006!a-\u001b7f!\u0011\t\u0019-!<\n\t\u0005=\u0018Q\u0019\u0002\u0005\r&dW\rC\u0004\u0002t\u0002!\t!!>\u00027\t,\u0018\u000e\u001c3UeV\u001cH/T1oC\u001e,'\u000fU1sC6,G/\u001a:t))\t90!@\u0003\b\t%!1\u0002\t\u0004\u007f\u0005e\u0018bAA~\u0001\nq2)\u001a:u!\u0006$\b\u000e\u0016:vgRl\u0015M\\1hKJ\u0004\u0016M]1nKR,'o\u001d\u0005\t\u0003\u007f\f\t\u00101\u0001\u0003\u0002\u0005QAO];tiN#xN]3\u0011\u0007A\u0014\u0019!C\u0002\u0003\u0006E\u0014\u0001bS3z'R|'/\u001a\u0005\t\u0003O\t\t\u00101\u0001\u0002*!A\u0011\u0011GAy\u0001\u0004\t\u0019\u0004\u0003\u0005\u0002\b\u0005E\b\u0019AA\u0005\u0011\u001d\u0011y\u0001\u0001C\u0001\u0005#\t\u0011CY;jY\u0012$&/^:u\u001b\u0006t\u0017mZ3s))\u0011\u0019B!\u0007\u0003\u001c\tu!q\u0004\t\u0004\u007f\tU\u0011b\u0001B\f\u0001\n\u0001\u0002,\u000e\u0019:)J,8\u000f^'b]\u0006<WM\u001d\u0005\t\u0003G\u0012i\u00011\u0001\u0002f!A\u0011q\u0005B\u0007\u0001\u0004\tI\u0003\u0003\u0005\u00022\t5\u0001\u0019AA\u001a\u0011!\t9A!\u0004A\u0002\u0005%\u0001b\u0002B\u0012\u0001\u0011\u0005!QE\u0001!m\u0006d\u0017\u000eZ1uKN#xN]3D_:$\u0018-\u001b8t!JLg/\u0019;f\u0017\u0016L8\u000f\u0006\u0004\u0002*\t\u001d\"\u0011\u0006\u0005\t\u0003'\u0012\t\u00031\u0001\u0002V!A!1\u0006B\u0011\u0001\u0004\u0011\t!\u0001\u0005lKf\u001cFo\u001c:f\u0011\u001d\u0011y\u0003\u0001C\u0001\u0005c\tQB^1mS\u0012\fG/Z*u_J,GC\u0002B\u001a\u0005s\u0011i\u0004E\u0002\u0010\u0005kI1Aa\u000e\u0011\u0005\u0011)f.\u001b;\t\u0011\tm\"Q\u0006a\u0001\u0005\u0003\tQa\u001d;pe\u0016D\u0001\"a\u0002\u0003.\u0001\u0007\u0011\u0011\u0002")
/* loaded from: input_file:play/api/libs/ws/ssl/ConfigSSLContextBuilder.class */
public class ConfigSSLContextBuilder implements SSLContextBuilder {
    private final SSLConfig info;
    private final KeyManagerFactoryWrapper keyManagerFactory;
    private final TrustManagerFactoryWrapper trustManagerFactory;
    private final Logger logger = LoggerFactory.getLogger(getClass());

    public Logger logger() {
        return this.logger;
    }

    @Override // play.api.libs.ws.ssl.SSLContextBuilder
    public SSLContext build() {
        Option<Seq<CRL>> certificateRevocationList = certificateRevocationList(this.info);
        AlgorithmChecker algorithmChecker = new AlgorithmChecker(((TraversableOnce) this.info.disabledSignatureAlgorithms().map(new ConfigSSLContextBuilder$$anonfun$4(this), Seq$.MODULE$.canBuildFrom())).toSet(), ((TraversableOnce) this.info.disabledKeyAlgorithms().map(new ConfigSSLContextBuilder$$anonfun$5(this), Seq$.MODULE$.canBuildFrom())).toSet());
        return buildSSLContext(this.info.protocol(), this.info.keyManagerConfig().keyStoreConfigs().nonEmpty() ? (Seq) Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new CompositeX509KeyManager[]{buildCompositeKeyManager(this.info.keyManagerConfig(), algorithmChecker)})) : Nil$.MODULE$, this.info.trustManagerConfig().trustStoreConfigs().nonEmpty() ? (Seq) Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new CompositeX509TrustManager[]{buildCompositeTrustManager(this.info.trustManagerConfig(), BoxesRunTime.unboxToBoolean(this.info.checkRevocation().getOrElse(new ConfigSSLContextBuilder$$anonfun$1(this))), certificateRevocationList, algorithmChecker)})) : Nil$.MODULE$, this.info.secureRandom());
    }

    public SSLContext buildSSLContext(String str, Seq<KeyManager> seq, Seq<TrustManager> seq2, Option<SecureRandom> option) {
        return new SimpleSSLContextBuilder(str, seq, seq2, option).build();
    }

    public CompositeX509KeyManager buildCompositeKeyManager(KeyManagerConfig keyManagerConfig, AlgorithmChecker algorithmChecker) {
        return new CompositeX509KeyManager((Seq) keyManagerConfig.keyStoreConfigs().map(new ConfigSSLContextBuilder$$anonfun$6(this, algorithmChecker), Seq$.MODULE$.canBuildFrom()));
    }

    public CompositeX509TrustManager buildCompositeTrustManager(TrustManagerConfig trustManagerConfig, boolean z, Option<Seq<CRL>> option, AlgorithmChecker algorithmChecker) {
        return new CompositeX509TrustManager((Seq) trustManagerConfig.trustStoreConfigs().map(new ConfigSSLContextBuilder$$anonfun$7(this, z, option, algorithmChecker), Seq$.MODULE$.canBuildFrom()), algorithmChecker);
    }

    public KeyStoreBuilder keyStoreBuilder(KeyStoreConfig keyStoreConfig) {
        return (KeyStoreBuilder) keyStoreConfig.filePath().map(new ConfigSSLContextBuilder$$anonfun$keyStoreBuilder$1(this, keyStoreConfig, keyStoreConfig.password().map(new ConfigSSLContextBuilder$$anonfun$8(this)))).getOrElse(new ConfigSSLContextBuilder$$anonfun$keyStoreBuilder$2(this, keyStoreConfig));
    }

    public KeyStoreBuilder trustStoreBuilder(TrustStoreConfig trustStoreConfig) {
        return (KeyStoreBuilder) trustStoreConfig.filePath().map(new ConfigSSLContextBuilder$$anonfun$trustStoreBuilder$1(this, trustStoreConfig)).getOrElse(new ConfigSSLContextBuilder$$anonfun$trustStoreBuilder$2(this, trustStoreConfig));
    }

    public KeyStoreBuilder fileBuilder(String str, String str2, Option<char[]> option) {
        return new FileBasedKeyStoreBuilder(str, str2, option);
    }

    public KeyStoreBuilder stringBuilder(String str) {
        return new StringBasedKeyStoreBuilder(str);
    }

    public boolean warnOnPKCS12EmptyPasswordBug(KeyStoreConfig keyStoreConfig) {
        return keyStoreConfig.storeType().equalsIgnoreCase("pkcs12") && !keyStoreConfig.password().exists(new ConfigSSLContextBuilder$$anonfun$warnOnPKCS12EmptyPasswordBug$1(this));
    }

    public X509KeyManager buildKeyManager(KeyStoreConfig keyStoreConfig, AlgorithmChecker algorithmChecker) {
        try {
            KeyStore build = keyStoreBuilder(keyStoreConfig).build();
            if (!validateStoreContainsPrivateKeys(keyStoreConfig, build)) {
                logger().warn(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Client authentication is not possible as there are no private keys found in ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{keyStoreConfig.filePath()})));
            }
            validateStore(build, algorithmChecker);
            Option map = keyStoreConfig.password().map(new ConfigSSLContextBuilder$$anonfun$11(this));
            KeyManagerFactoryWrapper keyManagerFactoryWrapper = this.keyManagerFactory;
            try {
                keyManagerFactoryWrapper.init(build, (char[]) map.orNull(Predef$.MODULE$.$conforms()));
                KeyManager[] keyManagers = keyManagerFactoryWrapper.getKeyManagers();
                if (keyManagers == null) {
                    throw new IllegalStateException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Cannot create key manager with configuration ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{keyStoreConfig})));
                }
                return (X509KeyManager) Predef$.MODULE$.refArrayOps(keyManagers).head();
            } catch (UnrecoverableKeyException e) {
                logger().error(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Unrecoverable key in keystore ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{keyStoreConfig})));
                throw new IllegalStateException(e);
            }
        } catch (ArithmeticException e2) {
            if (BoxesRunTime.unboxToBoolean(package$.MODULE$.foldVersion(new ConfigSSLContextBuilder$$anonfun$2(this, keyStoreConfig), new ConfigSSLContextBuilder$$anonfun$3(this)))) {
                throw new IllegalStateException(new StringOps(Predef$.MODULE$.augmentString("You are running JDK 1.6, have a PKCS12 keystore with a null or empty password, and have run into a JSSE bug.\n              |The bug is closed in JDK 1.8, and backported to 1.7u4 / b13, so upgrading will fix this.\n              |Please see: http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6879539\n            ")).stripMargin(), e2);
            }
            throw e2;
        } catch (BadPaddingException e3) {
            throw new SecurityException("Mac verify error: invalid password?", e3);
        }
    }

    public Option<Seq<CRL>> certificateRevocationList(SSLConfig sSLConfig) {
        return sSLConfig.revocationLists().map(new ConfigSSLContextBuilder$$anonfun$certificateRevocationList$1(this));
    }

    public CRL generateCRL(InputStream inputStream) {
        return (X509CRL) CertificateFactory.getInstance("X509").generateCRL(inputStream);
    }

    public CRL generateCRLFromURL(URL url) {
        URLConnection openConnection = url.openConnection();
        openConnection.setDoInput(true);
        openConnection.setUseCaches(false);
        DataInputStream dataInputStream = new DataInputStream(openConnection.getInputStream());
        try {
            return generateCRL(dataInputStream);
        } finally {
            dataInputStream.close();
        }
    }

    public CRL generateCRLFromFile(File file) {
        DataInputStream dataInputStream = new DataInputStream(new BufferedInputStream(new FileInputStream(file)));
        try {
            return generateCRL(dataInputStream);
        } finally {
            dataInputStream.close();
        }
    }

    public CertPathTrustManagerParameters buildTrustManagerParameters(KeyStore keyStore, boolean z, Option<Seq<CRL>> option, AlgorithmChecker algorithmChecker) {
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.setRevocationEnabled(z);
        option.map(new ConfigSSLContextBuilder$$anonfun$buildTrustManagerParameters$1(this, pKIXBuilderParameters));
        pKIXBuilderParameters.setCertPathCheckers((List) JavaConverters$.MODULE$.seqAsJavaListConverter(Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new AlgorithmChecker[]{algorithmChecker}))).asJava());
        return new CertPathTrustManagerParameters(pKIXBuilderParameters);
    }

    public X509TrustManager buildTrustManager(TrustStoreConfig trustStoreConfig, boolean z, Option<Seq<CRL>> option, AlgorithmChecker algorithmChecker) {
        TrustManagerFactoryWrapper trustManagerFactoryWrapper = this.trustManagerFactory;
        KeyStore build = trustStoreBuilder(trustStoreConfig).build();
        validateStore(build, algorithmChecker);
        trustManagerFactoryWrapper.init(buildTrustManagerParameters(build, z, option, algorithmChecker));
        TrustManager[] trustManagers = trustManagerFactoryWrapper.getTrustManagers();
        if (trustManagers == null) {
            throw new IllegalStateException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Cannot create trust manager with configuration ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{trustStoreConfig})));
        }
        return (X509TrustManager) Predef$.MODULE$.refArrayOps(trustManagers).head();
    }

    public boolean validateStoreContainsPrivateKeys(KeyStoreConfig keyStoreConfig, KeyStore keyStore) {
        char[] cArr = (char[]) keyStoreConfig.password().map(new ConfigSSLContextBuilder$$anonfun$12(this)).orNull(Predef$.MODULE$.$conforms());
        BooleanRef create = BooleanRef.create(false);
        ((Iterator) JavaConverters$.MODULE$.enumerationAsScalaIteratorConverter(keyStore.aliases()).asScala()).foreach(new ConfigSSLContextBuilder$$anonfun$validateStoreContainsPrivateKeys$1(this, keyStore, cArr, create));
        return create.elem;
    }

    public void validateStore(KeyStore keyStore, AlgorithmChecker algorithmChecker) {
        logger().debug(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"validateStore: type = ", ", size = ", ""})).s(Predef$.MODULE$.genericWrapArray(new Object[]{keyStore.getType(), BoxesRunTime.boxToInteger(keyStore.size())})));
        ((Iterator) JavaConverters$.MODULE$.enumerationAsScalaIteratorConverter(keyStore.aliases()).asScala()).foreach(new ConfigSSLContextBuilder$$anonfun$validateStore$1(this, keyStore, algorithmChecker));
    }

    public ConfigSSLContextBuilder(SSLConfig sSLConfig, KeyManagerFactoryWrapper keyManagerFactoryWrapper, TrustManagerFactoryWrapper trustManagerFactoryWrapper) {
        this.info = sSLConfig;
        this.keyManagerFactory = keyManagerFactoryWrapper;
        this.trustManagerFactory = trustManagerFactoryWrapper;
    }
}
