package org.apache.pekko.remote.artery.tcp.ssl;

import com.typesafe.config.Config;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import org.apache.pekko.actor.ActorSystem;
import org.apache.pekko.annotation.ApiMayChange;
import org.apache.pekko.annotation.InternalApi;
import org.apache.pekko.event.LogSource$;
import org.apache.pekko.event.Logging$;
import org.apache.pekko.event.MarkerLoggingAdapter;
import org.apache.pekko.remote.artery.tcp.SSLEngineProvider;
import org.apache.pekko.remote.artery.tcp.SecureRandomFactory$;
import org.apache.pekko.remote.artery.tcp.SslTransportException;
import org.apache.pekko.stream.Client$;
import org.apache.pekko.stream.Server$;
import org.apache.pekko.stream.TLSRole;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Product;
import scala.Some;
import scala.Tuple3;
import scala.collection.Iterator;
import scala.concurrent.duration.Deadline;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.ScalaRunTime$;
import scala.runtime.Statics;

/* compiled from: RotatingKeysSSLEngineProvider.scala */
@ScalaSignature(bytes = "\u0006\u0005\r5f\u0001\u0002*T\u0005\tD\u0001\"\u001c\u0001\u0003\u0006\u0004%\tA\u001c\u0005\tq\u0002\u0011\t\u0011)A\u0005_\"A\u0011\u0010\u0001BC\u0002\u0013E!\u0010C\u0005\u0002\u0004\u0001\u0011\t\u0011)A\u0005w\"9\u0011Q\u0001\u0001\u0005\u0002\u0005\u001d\u0001bBA\u0003\u0001\u0011\u0005\u0011\u0011\u0003\u0005\n\u0003G\u0001!\u0019!C\u0005\u0003KA\u0001\"!\u0010\u0001A\u0003%\u0011q\u0005\u0005\n\u0003\u007f\u0001!\u0019!C\u0005\u0003KA\u0001\"!\u0011\u0001A\u0003%\u0011q\u0005\u0005\n\u0003\u0007\u0002!\u0019!C\u0005\u0003KA\u0001\"!\u0012\u0001A\u0003%\u0011q\u0005\u0005\n\u0003\u000f\u0002!\u0019!C\u0005\u0003\u0013B\u0001\"!\u0015\u0001A\u0003%\u00111\n\u0005\n\u0003'\u0002!\u0019!C\u0005\u0003+B\u0001\"a\u001a\u0001A\u0003%\u0011q\u000b\u0005\n\u0003S\u0002\u0001\u0019!C\u0005\u0003WB\u0011ba\u0002\u0001\u0001\u0004%Ia!\u0003\t\u0011\rM\u0001\u0001)Q\u0005\u0003[B\u0001b!\b\u0001\t\u0003\u00196q\u0004\u0005\b\u0007G\u0001A\u0011BB\u0013\u0011\u001d\u0019I\u0003\u0001C\u0005\u0007KAqaa\u000b\u0001\t\u0013\u0019i\u0003C\u0004\u0004N\u0001!\tea\u0014\t\u000f\r}\u0003\u0001\"\u0011\u0004b!91q\r\u0001\u0005\n\r%\u0004bBBC\u0001\u0011\u00053q\u0011\u0005\b\u0007;\u0003A\u0011IBP\u000f\u001d\tii\u0015E\u0001\u0003\u001f3aAU*\t\u0002\u0005E\u0005bBA\u0003=\u0011\u0005\u00111\u0013\u0004\u0007\u0003+sB)a&\t\u0015\u0005E\u0006E!f\u0001\n\u0003\t\u0019\f\u0003\u0006\u0003p\u0001\u0012\t\u0012)A\u0005\u0003kC!B!\u001d!\u0005+\u0007I\u0011\u0001B:\u0011)\u0011)\t\tB\tB\u0003%!Q\u000f\u0005\b\u0003\u000b\u0001C\u0011\u0001BD\u0011%\t9\u000fIA\u0001\n\u0003\u0011y\tC\u0005\u0002p\u0002\n\n\u0011\"\u0001\u0003\u0016\"I!q\u0001\u0011\u0012\u0002\u0013\u0005!\u0011\u0014\u0005\n\u0005\u001b\u0001\u0013\u0011!C!\u0005\u001fA\u0011Ba\u0007!\u0003\u0003%\tA!\b\t\u0013\t\u0015\u0002%!A\u0005\u0002\tu\u0005\"\u0003B\u001aA\u0005\u0005I\u0011\tB\u001b\u0011%\u0011\u0019\u0005IA\u0001\n\u0003\u0011\t\u000bC\u0005\u0003P\u0001\n\t\u0011\"\u0011\u0003&\"I!Q\u000b\u0011\u0002\u0002\u0013\u0005#q\u000b\u0005\n\u00053\u0002\u0013\u0011!C!\u00057B\u0011B!\u0018!\u0003\u0003%\tE!+\b\u0013\t=f$!A\t\n\tEf!CAK=\u0005\u0005\t\u0012\u0002BZ\u0011\u001d\t)a\rC\u0001\u0005\u0017D\u0011B!\u00174\u0003\u0003%)Ea\u0017\t\u0013\t57'!A\u0005\u0002\n=\u0007\"\u0003Bkg\u0005\u0005I\u0011\u0011Bl\u0011%\u0011)oMA\u0001\n\u0013\u00119O\u0002\u0004\u0002:z!\u00151\u0018\u0005\u000b\u0003{K$Q3A\u0005\u0002\u0005}\u0006BCAjs\tE\t\u0015!\u0003\u0002B\"Q\u0011Q[\u001d\u0003\u0016\u0004%\t!a6\t\u0015\u0005}\u0017H!E!\u0002\u0013\tI\u000eC\u0004\u0002\u0006e\"\t!!9\t\u0013\u0005\u001d\u0018(!A\u0005\u0002\u0005%\b\"CAxsE\u0005I\u0011AAy\u0011%\u00119!OI\u0001\n\u0003\u0011I\u0001C\u0005\u0003\u000ee\n\t\u0011\"\u0011\u0003\u0010!I!1D\u001d\u0002\u0002\u0013\u0005!Q\u0004\u0005\n\u0005KI\u0014\u0011!C\u0001\u0005OA\u0011Ba\r:\u0003\u0003%\tE!\u000e\t\u0013\t\r\u0013(!A\u0005\u0002\t\u0015\u0003\"\u0003B(s\u0005\u0005I\u0011\tB)\u0011%\u0011)&OA\u0001\n\u0003\u00129\u0006C\u0005\u0003Ze\n\t\u0011\"\u0011\u0003\\!I!QL\u001d\u0002\u0002\u0013\u0005#qL\u0004\n\u0005_t\u0012\u0011!E\u0005\u0005c4\u0011\"!/\u001f\u0003\u0003EIAa=\t\u000f\u0005\u0015A\n\"\u0001\u0003x\"I!\u0011\f'\u0002\u0002\u0013\u0015#1\f\u0005\n\u0005\u001bd\u0015\u0011!CA\u0005sD\u0011B!6M\u0003\u0003%\tIa@\t\u0013\t\u0015H*!A\u0005\n\t\u001d(!\b*pi\u0006$\u0018N\\4LKf\u001c8k\u0015'F]\u001eLg.\u001a)s_ZLG-\u001a:\u000b\u0005Q+\u0016aA:tY*\u0011akV\u0001\u0004i\u000e\u0004(B\u0001-Z\u0003\u0019\t'\u000f^3ss*\u0011!lW\u0001\u0007e\u0016lw\u000e^3\u000b\u0005qk\u0016!\u00029fW.|'B\u00010`\u0003\u0019\t\u0007/Y2iK*\t\u0001-A\u0002pe\u001e\u001c\u0001aE\u0002\u0001G&\u0004\"\u0001Z4\u000e\u0003\u0015T\u0011AZ\u0001\u0006g\u000e\fG.Y\u0005\u0003Q\u0016\u0014a!\u00118z%\u00164\u0007C\u00016l\u001b\u0005)\u0016B\u00017V\u0005E\u00196\u000bT#oO&tW\r\u0015:pm&$WM]\u0001\u0007G>tg-[4\u0016\u0003=\u0004\"\u0001\u001d<\u000e\u0003ET!!\u001c:\u000b\u0005M$\u0018\u0001\u0003;za\u0016\u001c\u0018MZ3\u000b\u0003U\f1aY8n\u0013\t9\u0018O\u0001\u0004D_:4\u0017nZ\u0001\bG>tg-[4!\u0003\rawnZ\u000b\u0002wB\u0011Ap`\u0007\u0002{*\u0011apW\u0001\u0006KZ,g\u000e^\u0005\u0004\u0003\u0003i(\u0001F'be.,'\u000fT8hO&tw-\u00113baR,'/\u0001\u0003m_\u001e\u0004\u0013A\u0002\u001fj]&$h\b\u0006\u0004\u0002\n\u00055\u0011q\u0002\t\u0004\u0003\u0017\u0001Q\"A*\t\u000b5,\u0001\u0019A8\t\u000be,\u0001\u0019A>\u0015\t\u0005%\u00111\u0003\u0005\b\u0003+1\u0001\u0019AA\f\u0003\u0019\u0019\u0018p\u001d;f[B!\u0011\u0011DA\u0010\u001b\t\tYBC\u0002\u0002\u001em\u000bQ!Y2u_JLA!!\t\u0002\u001c\tY\u0011i\u0019;peNK8\u000f^3n\u0003)\u00196\u000bT&fs\u001aKG.Z\u000b\u0003\u0003O\u0001B!!\u000b\u000289!\u00111FA\u001a!\r\ti#Z\u0007\u0003\u0003_Q1!!\rb\u0003\u0019a$o\\8u}%\u0019\u0011QG3\u0002\rA\u0013X\rZ3g\u0013\u0011\tI$a\u000f\u0003\rM#(/\u001b8h\u0015\r\t)$Z\u0001\f'Nc5*Z=GS2,\u0007%A\u0006T'2\u001bUM\u001d;GS2,\u0017\u0001D*T\u0019\u000e+'\u000f\u001e$jY\u0016\u0004\u0013!D*T\u0019\u000e\u000b5)\u001a:u\r&dW-\u0001\bT'2\u001b\u0015iQ3si\u001aKG.\u001a\u0011\u0002\u001fM\u001cH.\u00128hS:,7i\u001c8gS\u001e,\"!a\u0013\u0011\t\u0005-\u0011QJ\u0005\u0004\u0003\u001f\u001a&aD*T\u0019\u0016sw-\u001b8f\u0007>tg-[4\u0002!M\u001cH.\u00128hS:,7i\u001c8gS\u001e\u0004\u0013a\u0001:oOV\u0011\u0011q\u000b\t\u0005\u00033\n\u0019'\u0004\u0002\u0002\\)!\u0011QLA0\u0003!\u0019XmY;sSRL(BAA1\u0003\u0011Q\u0017M^1\n\t\u0005\u0015\u00141\f\u0002\r'\u0016\u001cWO]3SC:$w.\\\u0001\u0005e:<\u0007%A\u0007dC\u000eDW\rZ\"p]R,\u0007\u0010^\u000b\u0003\u0003[\u0002R\u0001ZA8\u0003gJ1!!\u001df\u0005\u0019y\u0005\u000f^5p]B\u0019\u0011Q\u000f\u0011\u000f\u0007\u0005]TD\u0004\u0003\u0002z\u0005-e\u0002BA>\u0003\u0013sA!! \u0002\b:!\u0011qPAC\u001d\u0011\t\t)a!\u000e\u0003uK!\u0001X/\n\u0005i[\u0016B\u0001-Z\u0013\t1v+\u0003\u0002U+\u0006i\"k\u001c;bi&twmS3zgN\u001bF*\u00128hS:,\u0007K]8wS\u0012,'\u000fE\u0002\u0002\fy\u0019\"AH2\u0015\u0005\u0005=%!D\"bG\",GmQ8oi\u0016DHo\u0005\u0004!G\u0006e\u0015q\u0014\t\u0004I\u0006m\u0015bAAOK\n9\u0001K]8ek\u000e$\b\u0003BAQ\u0003WsA!a)\u0002(:!\u0011QFAS\u0013\u00051\u0017bAAUK\u00069\u0001/Y2lC\u001e,\u0017\u0002BAW\u0003_\u0013AbU3sS\u0006d\u0017N_1cY\u0016T1!!+f\u0003\u0019\u0019\u0017m\u00195fIV\u0011\u0011Q\u0017\t\u0004\u0003oKT\"\u0001\u0010\u0003#\r{gNZ5hkJ,GmQ8oi\u0016DHo\u0005\u0004:G\u0006e\u0015qT\u0001\bG>tG/\u001a=u+\t\t\t\r\u0005\u0003\u0002D\u0006=WBAAc\u0015\r!\u0016q\u0019\u0006\u0005\u0003\u0013\fY-A\u0002oKRT!!!4\u0002\u000b)\fg/\u0019=\n\t\u0005E\u0017Q\u0019\u0002\u000b'Nc5i\u001c8uKb$\u0018\u0001C2p]R,\u0007\u0010\u001e\u0011\u0002\u001fM,7o]5p]Z+'/\u001b4jKJ,\"!!7\u0011\t\u0005-\u00111\\\u0005\u0004\u0003;\u001c&aD*fgNLwN\u001c,fe&4\u0017.\u001a:\u0002!M,7o]5p]Z+'/\u001b4jKJ\u0004CCBA[\u0003G\f)\u000fC\u0004\u0002>z\u0002\r!!1\t\u000f\u0005Ug\b1\u0001\u0002Z\u0006!1m\u001c9z)\u0019\t),a;\u0002n\"I\u0011QX \u0011\u0002\u0003\u0007\u0011\u0011\u0019\u0005\n\u0003+|\u0004\u0013!a\u0001\u00033\fabY8qs\u0012\"WMZ1vYR$\u0013'\u0006\u0002\u0002t*\"\u0011\u0011YA{W\t\t9\u0010\u0005\u0003\u0002z\n\rQBAA~\u0015\u0011\ti0a@\u0002\u0013Ut7\r[3dW\u0016$'b\u0001B\u0001K\u0006Q\u0011M\u001c8pi\u0006$\u0018n\u001c8\n\t\t\u0015\u00111 \u0002\u0012k:\u001c\u0007.Z2lK\u00124\u0016M]5b]\u000e,\u0017AD2paf$C-\u001a4bk2$HEM\u000b\u0003\u0005\u0017QC!!7\u0002v\u0006i\u0001O]8ek\u000e$\bK]3gSb,\"A!\u0005\u0011\t\tM!\u0011D\u0007\u0003\u0005+QAAa\u0006\u0002`\u0005!A.\u00198h\u0013\u0011\tID!\u0006\u0002\u0019A\u0014x\u000eZ;di\u0006\u0013\u0018\u000e^=\u0016\u0005\t}\u0001c\u00013\u0003\"%\u0019!1E3\u0003\u0007%sG/\u0001\bqe>$Wo\u0019;FY\u0016lWM\u001c;\u0015\t\t%\"q\u0006\t\u0004I\n-\u0012b\u0001B\u0017K\n\u0019\u0011I\\=\t\u0013\tEB)!AA\u0002\t}\u0011a\u0001=%c\u0005y\u0001O]8ek\u000e$\u0018\n^3sCR|'/\u0006\u0002\u00038A1!\u0011\bB \u0005Si!Aa\u000f\u000b\u0007\tuR-\u0001\u0006d_2dWm\u0019;j_:LAA!\u0011\u0003<\tA\u0011\n^3sCR|'/\u0001\u0005dC:,\u0015/^1m)\u0011\u00119E!\u0014\u0011\u0007\u0011\u0014I%C\u0002\u0003L\u0015\u0014qAQ8pY\u0016\fg\u000eC\u0005\u00032\u0019\u000b\t\u00111\u0001\u0003*\u0005\u0011\u0002O]8ek\u000e$X\t\\3nK:$h*Y7f)\u0011\u0011\tBa\u0015\t\u0013\tEr)!AA\u0002\t}\u0011\u0001\u00035bg\"\u001cu\u000eZ3\u0015\u0005\t}\u0011\u0001\u0003;p'R\u0014\u0018N\\4\u0015\u0005\tE\u0011AB3rk\u0006d7\u000f\u0006\u0003\u0003H\t\u0005\u0004\"\u0003B\u0019\u0015\u0006\u0005\t\u0019\u0001B\u0015Q\rI$Q\r\t\u0005\u0005O\u0012Y'\u0004\u0002\u0003j)\u0019!\u0011A.\n\t\t5$\u0011\u000e\u0002\f\u0013:$XM\u001d8bY\u0006\u0003\u0018.A\u0004dC\u000eDW\r\u001a\u0011\u0002\u000f\u0015D\b/\u001b:fgV\u0011!Q\u000f\t\u0005\u0005o\u0012\t)\u0004\u0002\u0003z)!!1\u0010B?\u0003!!WO]1uS>t'b\u0001B@K\u0006Q1m\u001c8dkJ\u0014XM\u001c;\n\t\t\r%\u0011\u0010\u0002\t\t\u0016\fG\r\\5oK\u0006AQ\r\u001f9je\u0016\u001c\b\u0005\u0006\u0004\u0003\n\n-%Q\u0012\t\u0004\u0003o\u0003\u0003bBAYK\u0001\u0007\u0011Q\u0017\u0005\b\u0005c*\u0003\u0019\u0001B;)\u0019\u0011II!%\u0003\u0014\"I\u0011\u0011\u0017\u0014\u0011\u0002\u0003\u0007\u0011Q\u0017\u0005\n\u0005c2\u0003\u0013!a\u0001\u0005k*\"Aa&+\t\u0005U\u0016Q_\u000b\u0003\u00057SCA!\u001e\u0002vR!!\u0011\u0006BP\u0011%\u0011\tdKA\u0001\u0002\u0004\u0011y\u0002\u0006\u0003\u0003H\t\r\u0006\"\u0003B\u0019[\u0005\u0005\t\u0019\u0001B\u0015)\u0011\u0011\tBa*\t\u0013\tEb&!AA\u0002\t}A\u0003\u0002B$\u0005WC\u0011B!\r2\u0003\u0003\u0005\rA!\u000b)\u0007\u0001\u0012)'A\u0007DC\u000eDW\rZ\"p]R,\u0007\u0010\u001e\t\u0004\u0003o\u001b4#B\u001a\u00036\n\u0005\u0007C\u0003B\\\u0005{\u000b)L!\u001e\u0003\n6\u0011!\u0011\u0018\u0006\u0004\u0005w+\u0017a\u0002:v]RLW.Z\u0005\u0005\u0005\u007f\u0013ILA\tBEN$(/Y2u\rVt7\r^5p]J\u0002BAa1\u0003J6\u0011!Q\u0019\u0006\u0005\u0005\u000f\fy&\u0001\u0002j_&!\u0011Q\u0016Bc)\t\u0011\t,A\u0003baBd\u0017\u0010\u0006\u0004\u0003\n\nE'1\u001b\u0005\b\u0003c3\u0004\u0019AA[\u0011\u001d\u0011\tH\u000ea\u0001\u0005k\nq!\u001e8baBd\u0017\u0010\u0006\u0003\u0003Z\n\u0005\b#\u00023\u0002p\tm\u0007c\u00023\u0003^\u0006U&QO\u0005\u0004\u0005?,'A\u0002+va2,'\u0007C\u0005\u0003d^\n\t\u00111\u0001\u0003\n\u0006\u0019\u0001\u0010\n\u0019\u0002\u0019]\u0014\u0018\u000e^3SKBd\u0017mY3\u0015\u0005\t%\b\u0003\u0002B\n\u0005WLAA!<\u0003\u0016\t1qJ\u00196fGR\f\u0011cQ8oM&<WO]3e\u0007>tG/\u001a=u!\r\t9\fT\n\u0006\u0019\nU(\u0011\u0019\t\u000b\u0005o\u0013i,!1\u0002Z\u0006UFC\u0001By)\u0019\t)La?\u0003~\"9\u0011QX(A\u0002\u0005\u0005\u0007bBAk\u001f\u0002\u0007\u0011\u0011\u001c\u000b\u0005\u0007\u0003\u0019)\u0001E\u0003e\u0003_\u001a\u0019\u0001E\u0004e\u0005;\f\t-!7\t\u0013\t\r\b+!AA\u0002\u0005U\u0016!E2bG\",GmQ8oi\u0016DHo\u0018\u0013fcR!11BB\t!\r!7QB\u0005\u0004\u0007\u001f)'\u0001B+oSRD\u0011B!\r\u0013\u0003\u0003\u0005\r!!\u001c\u0002\u001d\r\f7\r[3e\u0007>tG/\u001a=uA!\u001a1ca\u0006\u0011\u0007\u0011\u001cI\"C\u0002\u0004\u001c\u0015\u0014\u0001B^8mCRLG.Z\u0001\u000eO\u0016$8k\u0015'D_:$X\r\u001f;\u0015\u0005\u0005\u0005\u0007f\u0001\u000b\u0003f\u0005Qq-\u001a;D_:$X\r\u001f;\u0015\u0005\r\u001d\u0002cAA;s\u0005\u00012m\u001c8tiJ,8\r^\"p]R,\u0007\u0010^\u0001\ne\u0016\fGMR5mKN$\"aa\f\u0011\u0013\u0011\u001c\td!\u000e\u0004<\r\u001d\u0013bAB\u001aK\n1A+\u001e9mKN\u0002B!!\u0017\u00048%!1\u0011HA.\u0005)\u0001&/\u001b<bi\u0016\\U-\u001f\t\u0005\u0007{\u0019\u0019%\u0004\u0002\u0004@)!1\u0011IA.\u0003\u0011\u0019WM\u001d;\n\t\r\u00153q\b\u0002\u00101V\u0002\u0014hQ3si&4\u0017nY1uKB!1QHB%\u0013\u0011\u0019Yea\u0010\u0003\u0017\r+'\u000f^5gS\u000e\fG/Z\u0001\u0016GJ,\u0017\r^3TKJ4XM]*T\u0019\u0016sw-\u001b8f)\u0019\u0019\tfa\u0016\u0004\\A!\u00111YB*\u0013\u0011\u0019)&!2\u0003\u0013M\u001bF*\u00128hS:,\u0007bBB-1\u0001\u0007\u0011qE\u0001\tQ>\u001cHO\\1nK\"91Q\f\rA\u0002\t}\u0011\u0001\u00029peR\fQc\u0019:fCR,7\t\\5f]R\u001c6\u000bT#oO&tW\r\u0006\u0004\u0004R\r\r4Q\r\u0005\b\u00073J\u0002\u0019AA\u0014\u0011\u001d\u0019i&\u0007a\u0001\u0005?\tqb\u0019:fCR,7k\u0015'F]\u001eLg.\u001a\u000b\t\u0007W\u001a\th!!\u0004\u0004R!1\u0011KB7\u0011\u001d\u0019yG\u0007a\u0001\u0003\u0003\f!b]:m\u0007>tG/\u001a=u\u0011\u001d\u0019\u0019H\u0007a\u0001\u0007k\nAA]8mKB!1qOB?\u001b\t\u0019IHC\u0002\u0004|m\u000baa\u001d;sK\u0006l\u0017\u0002BB@\u0007s\u0012q\u0001\u0016'T%>dW\rC\u0004\u0004Zi\u0001\r!a\n\t\u000f\ru#\u00041\u0001\u0003 \u0005\u0019b/\u001a:jMf\u001cE.[3oiN+7o]5p]R11\u0011RBI\u0007'\u0003R\u0001ZA8\u0007\u0017\u0003B!!)\u0004\u000e&!1qRAX\u0005%!\u0006N]8xC\ndW\rC\u0004\u0004Zm\u0001\r!a\n\t\u000f\rU5\u00041\u0001\u0004\u0018\u000691/Z:tS>t\u0007\u0003BAb\u00073KAaa'\u0002F\nQ1k\u0015'TKN\u001c\u0018n\u001c8\u0002'Y,'/\u001b4z'\u0016\u0014h/\u001a:TKN\u001c\u0018n\u001c8\u0015\r\r%5\u0011UBR\u0011\u001d\u0019I\u0006\ba\u0001\u0003OAqa!&\u001d\u0001\u0004\u00199\nK\u0002\u0001\u0007O\u0003BAa\u001a\u0004*&!11\u0016B5\u00051\t\u0005/['bs\u000eC\u0017M\\4f\u0001")
@ApiMayChange
/* loaded from: input_file:org/apache/pekko/remote/artery/tcp/ssl/RotatingKeysSSLEngineProvider.class */
public final class RotatingKeysSSLEngineProvider implements SSLEngineProvider {
    private final Config config;
    private final MarkerLoggingAdapter log;
    private final String SSLKeyFile;
    private final String SSLCertFile;
    private final String SSLCACertFile;
    private final SSLEngineConfig sslEngineConfig;
    private final SecureRandom rng;
    private volatile Option<CachedContext> cachedContext;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: RotatingKeysSSLEngineProvider.scala */
    @InternalApi
    /* loaded from: input_file:org/apache/pekko/remote/artery/tcp/ssl/RotatingKeysSSLEngineProvider$CachedContext.class */
    public static class CachedContext implements Product, Serializable {
        private final ConfiguredContext cached;
        private final Deadline expires;

        public Iterator<String> productElementNames() {
            return Product.productElementNames$(this);
        }

        public ConfiguredContext cached() {
            return this.cached;
        }

        public Deadline expires() {
            return this.expires;
        }

        public CachedContext copy(ConfiguredContext configuredContext, Deadline deadline) {
            return new CachedContext(configuredContext, deadline);
        }

        public ConfiguredContext copy$default$1() {
            return cached();
        }

        public Deadline copy$default$2() {
            return expires();
        }

        public String productPrefix() {
            return "CachedContext";
        }

        public int productArity() {
            return 2;
        }

        public Object productElement(int i) {
            switch (i) {
                case 0:
                    return cached();
                case 1:
                    return expires();
                default:
                    return Statics.ioobe(i);
            }
        }

        public Iterator<Object> productIterator() {
            return ScalaRunTime$.MODULE$.typedProductIterator(this);
        }

        public boolean canEqual(Object obj) {
            return obj instanceof CachedContext;
        }

        public String productElementName(int i) {
            switch (i) {
                case 0:
                    return "cached";
                case 1:
                    return "expires";
                default:
                    return (String) Statics.ioobe(i);
            }
        }

        public int hashCode() {
            return ScalaRunTime$.MODULE$._hashCode(this);
        }

        public String toString() {
            return ScalaRunTime$.MODULE$._toString(this);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof CachedContext)) {
                return false;
            }
            CachedContext cachedContext = (CachedContext) obj;
            ConfiguredContext cached = cached();
            ConfiguredContext cached2 = cachedContext.cached();
            if (cached == null) {
                if (cached2 != null) {
                    return false;
                }
            } else if (!cached.equals(cached2)) {
                return false;
            }
            Deadline expires = expires();
            Deadline expires2 = cachedContext.expires();
            if (expires == null) {
                if (expires2 != null) {
                    return false;
                }
            } else if (!expires.equals(expires2)) {
                return false;
            }
            return cachedContext.canEqual(this);
        }

        public CachedContext(ConfiguredContext configuredContext, Deadline deadline) {
            this.cached = configuredContext;
            this.expires = deadline;
            Product.$init$(this);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: RotatingKeysSSLEngineProvider.scala */
    @InternalApi
    /* loaded from: input_file:org/apache/pekko/remote/artery/tcp/ssl/RotatingKeysSSLEngineProvider$ConfiguredContext.class */
    public static class ConfiguredContext implements Product, Serializable {
        private final SSLContext context;
        private final SessionVerifier sessionVerifier;

        public Iterator<String> productElementNames() {
            return Product.productElementNames$(this);
        }

        public SSLContext context() {
            return this.context;
        }

        public SessionVerifier sessionVerifier() {
            return this.sessionVerifier;
        }

        public ConfiguredContext copy(SSLContext sSLContext, SessionVerifier sessionVerifier) {
            return new ConfiguredContext(sSLContext, sessionVerifier);
        }

        public SSLContext copy$default$1() {
            return context();
        }

        public SessionVerifier copy$default$2() {
            return sessionVerifier();
        }

        public String productPrefix() {
            return "ConfiguredContext";
        }

        public int productArity() {
            return 2;
        }

        public Object productElement(int i) {
            switch (i) {
                case 0:
                    return context();
                case 1:
                    return sessionVerifier();
                default:
                    return Statics.ioobe(i);
            }
        }

        public Iterator<Object> productIterator() {
            return ScalaRunTime$.MODULE$.typedProductIterator(this);
        }

        public boolean canEqual(Object obj) {
            return obj instanceof ConfiguredContext;
        }

        public String productElementName(int i) {
            switch (i) {
                case 0:
                    return "context";
                case 1:
                    return "sessionVerifier";
                default:
                    return (String) Statics.ioobe(i);
            }
        }

        public int hashCode() {
            return ScalaRunTime$.MODULE$._hashCode(this);
        }

        public String toString() {
            return ScalaRunTime$.MODULE$._toString(this);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof ConfiguredContext)) {
                return false;
            }
            ConfiguredContext configuredContext = (ConfiguredContext) obj;
            SSLContext context = context();
            SSLContext context2 = configuredContext.context();
            if (context == null) {
                if (context2 != null) {
                    return false;
                }
            } else if (!context.equals(context2)) {
                return false;
            }
            SessionVerifier sessionVerifier = sessionVerifier();
            SessionVerifier sessionVerifier2 = configuredContext.sessionVerifier();
            if (sessionVerifier == null) {
                if (sessionVerifier2 != null) {
                    return false;
                }
            } else if (!sessionVerifier.equals(sessionVerifier2)) {
                return false;
            }
            return configuredContext.canEqual(this);
        }

        public ConfiguredContext(SSLContext sSLContext, SessionVerifier sessionVerifier) {
            this.context = sSLContext;
            this.sessionVerifier = sessionVerifier;
            Product.$init$(this);
        }
    }

    public Config config() {
        return this.config;
    }

    public MarkerLoggingAdapter log() {
        return this.log;
    }

    private String SSLKeyFile() {
        return this.SSLKeyFile;
    }

    private String SSLCertFile() {
        return this.SSLCertFile;
    }

    private String SSLCACertFile() {
        return this.SSLCACertFile;
    }

    private SSLEngineConfig sslEngineConfig() {
        return this.sslEngineConfig;
    }

    private SecureRandom rng() {
        return this.rng;
    }

    private Option<CachedContext> cachedContext() {
        return this.cachedContext;
    }

    private void cachedContext_$eq(Option<CachedContext> option) {
        this.cachedContext = option;
    }

    @InternalApi
    public SSLContext getSSLContext() {
        return getContext().context();
    }

    private ConfiguredContext getContext() {
        CachedContext cachedContext;
        boolean z = false;
        Some some = null;
        Option<CachedContext> cachedContext2 = cachedContext();
        if (cachedContext2 instanceof Some) {
            z = true;
            some = (Some) cachedContext2;
            CachedContext cachedContext3 = (CachedContext) some.value();
            if (cachedContext3 != null && cachedContext3.expires().isOverdue()) {
                ConfiguredContext constructContext = constructContext();
                cachedContext_$eq(new Some(new CachedContext(constructContext, sslEngineConfig().SSLContextCacheTime().fromNow())));
                return constructContext;
            }
        }
        if (z && (cachedContext = (CachedContext) some.value()) != null) {
            return cachedContext.cached();
        }
        if (!None$.MODULE$.equals(cachedContext2)) {
            throw new MatchError(cachedContext2);
        }
        ConfiguredContext constructContext2 = constructContext();
        cachedContext_$eq(new Some(new CachedContext(constructContext2, sslEngineConfig().SSLContextCacheTime().fromNow())));
        return constructContext2;
    }

    private ConfiguredContext constructContext() {
        Tuple3<PrivateKey, X509Certificate, Certificate> readFiles = readFiles();
        if (readFiles == null) {
            throw new MatchError((Object) null);
        }
        PrivateKey privateKey = (PrivateKey) readFiles._1();
        X509Certificate x509Certificate = (X509Certificate) readFiles._2();
        Certificate certificate = (Certificate) readFiles._3();
        try {
            KeyManager[] buildKeyManagers = PemManagersProvider$.MODULE$.buildKeyManagers(privateKey, x509Certificate, certificate);
            TrustManager[] buildTrustManagers = PemManagersProvider$.MODULE$.buildTrustManagers(certificate);
            PeerSubjectVerifier peerSubjectVerifier = new PeerSubjectVerifier(x509Certificate);
            SSLContext sSLContext = SSLContext.getInstance(sslEngineConfig().SSLProtocol());
            sSLContext.init(buildKeyManagers, buildTrustManagers, rng());
            return new ConfiguredContext(sSLContext, peerSubjectVerifier);
        } catch (IllegalArgumentException e) {
            throw new SslTransportException(new StringBuilder(56).append("Server SSL connection could not be established because: ").append(e.getMessage()).toString(), e);
        } catch (GeneralSecurityException e2) {
            throw new SslTransportException("Server SSL connection could not be established because SSL context could not be constructed", e2);
        }
    }

    private Tuple3<PrivateKey, X509Certificate, Certificate> readFiles() {
        try {
            Certificate loadCertificate = PemManagersProvider$.MODULE$.loadCertificate(SSLCACertFile());
            return new Tuple3<>(PemManagersProvider$.MODULE$.loadPrivateKey(SSLKeyFile()), (X509Certificate) PemManagersProvider$.MODULE$.loadCertificate(SSLCertFile()), loadCertificate);
        } catch (FileNotFoundException e) {
            throw new SslTransportException("Server SSL connection could not be established because a key or cert could not be loaded", e);
        } catch (IOException e2) {
            throw new SslTransportException(new StringBuilder(56).append("Server SSL connection could not be established because: ").append(e2.getMessage()).toString(), e2);
        }
    }

    @Override // org.apache.pekko.remote.artery.tcp.SSLEngineProvider
    public SSLEngine createServerSSLEngine(String str, int i) {
        return createSSLEngine(Server$.MODULE$, str, i, getContext().context());
    }

    @Override // org.apache.pekko.remote.artery.tcp.SSLEngineProvider
    public SSLEngine createClientSSLEngine(String str, int i) {
        return createSSLEngine(Client$.MODULE$, str, i, getContext().context());
    }

    private SSLEngine createSSLEngine(TLSRole tLSRole, String str, int i, SSLContext sSLContext) {
        SSLEngine createSSLEngine = sSLContext.createSSLEngine(str, i);
        createSSLEngine.setUseClientMode(tLSRole != null && tLSRole.equals(Client$.MODULE$));
        createSSLEngine.setEnabledCipherSuites((String[]) sslEngineConfig().SSLEnabledAlgorithms().toArray(ClassTag$.MODULE$.apply(String.class)));
        createSSLEngine.setEnabledProtocols(new String[]{sslEngineConfig().SSLProtocol()});
        Client$ client$ = Client$.MODULE$;
        if (tLSRole == null || !tLSRole.equals(client$)) {
            createSSLEngine.setNeedClientAuth(true);
        }
        return createSSLEngine;
    }

    @Override // org.apache.pekko.remote.artery.tcp.SSLEngineProvider
    public Option<Throwable> verifyClientSession(String str, SSLSession sSLSession) {
        return getContext().sessionVerifier().verifyClientSession(str, sSLSession);
    }

    @Override // org.apache.pekko.remote.artery.tcp.SSLEngineProvider
    public Option<Throwable> verifyServerSession(String str, SSLSession sSLSession) {
        return getContext().sessionVerifier().verifyServerSession(str, sSLSession);
    }

    public RotatingKeysSSLEngineProvider(Config config, MarkerLoggingAdapter markerLoggingAdapter) {
        this.config = config;
        this.log = markerLoggingAdapter;
        this.SSLKeyFile = config.getString("key-file");
        this.SSLCertFile = config.getString("cert-file");
        this.SSLCACertFile = config.getString("ca-cert-file");
        this.sslEngineConfig = new SSLEngineConfig(config);
        this.rng = SecureRandomFactory$.MODULE$.createSecureRandom(sslEngineConfig().SSLRandomNumberGenerator(), markerLoggingAdapter);
        this.cachedContext = None$.MODULE$;
    }

    public RotatingKeysSSLEngineProvider(ActorSystem actorSystem) {
        this(actorSystem.settings().config().getConfig("pekko.remote.artery.ssl.rotating-keys-engine"), Logging$.MODULE$.withMarker(actorSystem, RotatingKeysSSLEngineProvider.class.getName(), LogSource$.MODULE$.fromString()));
    }
}
