package io.iohk.scalanet.peergroup.dynamictls;

import io.iohk.scalanet.peergroup.dynamictls.DynamicTLSPeerGroup;
import io.iohk.scalanet.peergroup.dynamictls.DynamicTLSPeerGroupUtils;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import java.security.cert.X509Certificate;
import scala.MatchError;
import scala.None$;
import scala.Some;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.reflect.ClassTag$;

/* compiled from: DynamicTLSPeerGroupUtils.scala */
/* loaded from: input_file:io/iohk/scalanet/peergroup/dynamictls/DynamicTLSPeerGroupUtils$.class */
public final class DynamicTLSPeerGroupUtils$ {
    public static DynamicTLSPeerGroupUtils$ MODULE$;
    private final String peerIdKey;

    static {
        new DynamicTLSPeerGroupUtils$();
    }

    public String peerIdKey() {
        return this.peerIdKey;
    }

    public SslContext buildCustomSSlContext(DynamicTLSPeerGroupUtils.SSLContextFor sSLContextFor, DynamicTLSPeerGroup.Config config) {
        SslContext build;
        SslProvider sslProvider = config.useNativeTlsImplementation() ? SslProvider.OPENSSL : SslProvider.JDK;
        if (DynamicTLSPeerGroupUtils$SSLContextForServer$.MODULE$.equals(sSLContextFor)) {
            build = SslContextBuilder.forServer(config.connectionKeyPair().getPrivate(), (X509Certificate[]) new $colon.colon(config.connectionCertificate(), Nil$.MODULE$).toArray(ClassTag$.MODULE$.apply(X509Certificate.class))).trustManager(new DynamicTLSPeerGroupUtils.CustomTrustManagerFactory(None$.MODULE$)).sslProvider(sslProvider).clientAuth(ClientAuth.REQUIRE).protocols(new String[]{"TLSv1.3"}).build();
        } else {
            if (!(sSLContextFor instanceof DynamicTLSPeerGroupUtils.SSLContextForClient)) {
                throw new MatchError(sSLContextFor);
            }
            build = SslContextBuilder.forClient().keyManager(config.connectionKeyPair().getPrivate(), (X509Certificate[]) new $colon.colon(config.connectionCertificate(), Nil$.MODULE$).toArray(ClassTag$.MODULE$.apply(X509Certificate.class))).trustManager(new DynamicTLSPeerGroupUtils.CustomTrustManagerFactory(new Some(((DynamicTLSPeerGroupUtils.SSLContextForClient) sSLContextFor).to().id()))).sslProvider(sslProvider).protocols(new String[]{"TLSv1.3"}).build();
        }
        return build;
    }

    private DynamicTLSPeerGroupUtils$() {
        MODULE$ = this;
        this.peerIdKey = "peerId";
    }
}
