package io.iohk.scalanet.peergroup.dynamictls;

import io.iohk.scalanet.peergroup.dynamictls.DynamicTLSPeerGroup;
import io.iohk.scalanet.peergroup.dynamictls.DynamicTLSPeerGroupUtils;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.security.cert.X509Certificate;
import scala.MatchError;
import scala.None$;
import scala.Predef$;
import scala.Some;
import scala.collection.JavaConverters$;
import scala.collection.Seq;
import scala.collection.Seq$;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.reflect.ClassTag$;

/* compiled from: DynamicTLSPeerGroupUtils.scala */
/* loaded from: input_file:io/iohk/scalanet/peergroup/dynamictls/DynamicTLSPeerGroupUtils$.class */
public final class DynamicTLSPeerGroupUtils$ {
    public static DynamicTLSPeerGroupUtils$ MODULE$;
    private final Seq<String> supportedCipherSuites;
    private final String peerIdKey;

    static {
        new DynamicTLSPeerGroupUtils$();
    }

    public Seq<String> supportedCipherSuites() {
        return this.supportedCipherSuites;
    }

    public String peerIdKey() {
        return this.peerIdKey;
    }

    public SslContext buildCustomSSlContext(DynamicTLSPeerGroupUtils.SSLContextFor sSLContextFor, DynamicTLSPeerGroup.Config config) {
        SslContext build;
        if (DynamicTLSPeerGroupUtils$SSLContextForServer$.MODULE$.equals(sSLContextFor)) {
            build = SslContextBuilder.forServer(config.connectionKeyPair().getPrivate(), (X509Certificate[]) new $colon.colon(config.connectionCertificate(), Nil$.MODULE$).toArray(ClassTag$.MODULE$.apply(X509Certificate.class))).trustManager(new DynamicTLSPeerGroupUtils.CustomTrustManagerFactory(None$.MODULE$)).clientAuth(ClientAuth.REQUIRE).ciphers((Iterable) JavaConverters$.MODULE$.seqAsJavaListConverter(supportedCipherSuites()).asJava()).protocols(new String[]{"TLSv1.2"}).build();
        } else {
            if (!(sSLContextFor instanceof DynamicTLSPeerGroupUtils.SSLContextForClient)) {
                throw new MatchError(sSLContextFor);
            }
            build = SslContextBuilder.forClient().keyManager(config.connectionKeyPair().getPrivate(), (X509Certificate[]) new $colon.colon(config.connectionCertificate(), Nil$.MODULE$).toArray(ClassTag$.MODULE$.apply(X509Certificate.class))).trustManager(new DynamicTLSPeerGroupUtils.CustomTrustManagerFactory(new Some(((DynamicTLSPeerGroupUtils.SSLContextForClient) sSLContextFor).to().id()))).ciphers((Iterable) JavaConverters$.MODULE$.seqAsJavaListConverter(supportedCipherSuites()).asJava()).protocols(new String[]{"TLSv1.2"}).build();
        }
        return build;
    }

    private DynamicTLSPeerGroupUtils$() {
        MODULE$ = this;
        this.supportedCipherSuites = Seq$.MODULE$.apply(Predef$.MODULE$.wrapRefArray(new String[]{"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}));
        this.peerIdKey = "peerId";
    }
}
