package com.coralogix.zio.k8s.client.config;

import com.coralogix.zio.k8s.client.config.Cpackage;
import java.io.Serializable;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import scala.$less$colon$less$;
import scala.MatchError;
import scala.Option;
import scala.Some$;
import scala.runtime.ModuleSerializationProxy;
import zio.ZIO;
import zio.ZIO$;
import zio.ZIO$ScopedPartiallyApplied$;

/* compiled from: SSL.scala */
/* loaded from: input_file:com/coralogix/zio/k8s/client/config/SSL$.class */
public final class SSL$ implements Serializable {
    public static final SSL$ MODULE$ = new SSL$();

    private SSL$() {
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(SSL$.class);
    }

    public ZIO<Object, Throwable, SSLContext> apply(Cpackage.K8sServerCertificate k8sServerCertificate, Cpackage.K8sAuthentication k8sAuthentication) {
        if (package$K8sServerCertificate$Insecure$.MODULE$.equals(k8sServerCertificate)) {
            return insecureSSLContext();
        }
        if (!(k8sServerCertificate instanceof Cpackage.K8sServerCertificate.Secure)) {
            throw new MatchError(k8sServerCertificate);
        }
        Cpackage.K8sServerCertificate.Secure unapply = package$K8sServerCertificate$Secure$.MODULE$.unapply((Cpackage.K8sServerCertificate.Secure) k8sServerCertificate);
        Cpackage.KeySource _1 = unapply._1();
        unapply._2();
        return secureSSLContext(_1, k8sAuthentication);
    }

    private ZIO<Object, Throwable, SSLContext> insecureSSLContext() {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.coralogix.zio.k8s.client.config.SSL$$anon$1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return (X509Certificate[]) null;
            }
        }};
        return ZIO$.MODULE$.attempt(unsafe -> {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init((KeyManager[]) null, trustManagerArr, new SecureRandom());
            return sSLContext;
        }, "com.coralogix.zio.k8s.client.config.SSL$.insecureSSLContext.macro(SSL.scala:31)");
    }

    private ZIO<Object, Throwable, SSLContext> secureSSLContext(Cpackage.KeySource keySource, Cpackage.K8sAuthentication k8sAuthentication) {
        return ZIO$ScopedPartiallyApplied$.MODULE$.apply$extension(ZIO$.MODULE$.scoped(), () -> {
            return r2.secureSSLContext$$anonfun$1(r3, r4);
        }, "com.coralogix.zio.k8s.client.config.SSL$.secureSSLContext.macro(SSL.scala:50)");
    }

    private ZIO<Object, Throwable, SSLContext> createSslContext(Option<KeyManager[]> option, TrustManager[] trustManagerArr) {
        return ZIO$.MODULE$.attempt(unsafe -> {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init((KeyManager[]) option.orNull($less$colon$less$.MODULE$.refl()), trustManagerArr, new SecureRandom());
            return sSLContext;
        }, "com.coralogix.zio.k8s.client.config.SSL$.createSslContext.macro(SSL.scala:60)");
    }

    private final ZIO secureSSLContext$$anonfun$1(Cpackage.KeySource keySource, Cpackage.K8sAuthentication k8sAuthentication) {
        return package$.MODULE$.loadKeyStream(keySource).flatMap(inputStream -> {
            ZIO map;
            if (k8sAuthentication instanceof Cpackage.K8sAuthentication.ServiceAccountToken) {
                package$K8sAuthentication$ServiceAccountToken$.MODULE$.unapply((Cpackage.K8sAuthentication.ServiceAccountToken) k8sAuthentication)._1();
                map = ZIO$.MODULE$.none();
            } else if (k8sAuthentication instanceof Cpackage.K8sAuthentication.BasicAuth) {
                Cpackage.K8sAuthentication.BasicAuth unapply = package$K8sAuthentication$BasicAuth$.MODULE$.unapply((Cpackage.K8sAuthentication.BasicAuth) k8sAuthentication);
                unapply._1();
                unapply._2();
                map = ZIO$.MODULE$.none();
            } else {
                if (!(k8sAuthentication instanceof Cpackage.K8sAuthentication.ClientCertificates)) {
                    throw new MatchError(k8sAuthentication);
                }
                Cpackage.K8sAuthentication.ClientCertificates unapply2 = package$K8sAuthentication$ClientCertificates$.MODULE$.unapply((Cpackage.K8sAuthentication.ClientCertificates) k8sAuthentication);
                map = KeyManagers$.MODULE$.apply(unapply2._1(), unapply2._2(), unapply2._3()).map(keyManagerArr -> {
                    return Some$.MODULE$.apply(keyManagerArr);
                }, "com.coralogix.zio.k8s.client.config.SSL$.secureSSLContext.macro(SSL.scala:45)");
            }
            return map.flatMap(option -> {
                return TrustManagers$.MODULE$.apply(inputStream).flatMap(trustManagerArr -> {
                    return createSslContext(option, trustManagerArr).map(sSLContext -> {
                        return sSLContext;
                    }, "com.coralogix.zio.k8s.client.config.SSL$.secureSSLContext.macro(SSL.scala:49)");
                }, "com.coralogix.zio.k8s.client.config.SSL$.secureSSLContext.macro(SSL.scala:49)");
            }, "com.coralogix.zio.k8s.client.config.SSL$.secureSSLContext.macro(SSL.scala:49)");
        }, "com.coralogix.zio.k8s.client.config.SSL$.secureSSLContext.macro(SSL.scala:50)");
    }
}
