package com.coralogix.zio.k8s.client.config;

import com.coralogix.zio.k8s.client.config.Cpackage;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import scala.MatchError;
import scala.Option;
import scala.Predef$;
import scala.Some;
import zio.ZIO;
import zio.ZIO$;
import zio.ZIO$ScopedPartiallyApplied$;

/* compiled from: SSL.scala */
/* loaded from: input_file:com/coralogix/zio/k8s/client/config/SSL$.class */
public final class SSL$ {
    public static SSL$ MODULE$;

    static {
        new SSL$();
    }

    public ZIO<Object, Throwable, SSLContext> apply(Cpackage.K8sServerCertificate k8sServerCertificate, Cpackage.K8sAuthentication k8sAuthentication) {
        if (package$K8sServerCertificate$Insecure$.MODULE$.equals(k8sServerCertificate)) {
            return insecureSSLContext();
        }
        if (k8sServerCertificate instanceof Cpackage.K8sServerCertificate.Secure) {
            return secureSSLContext(((Cpackage.K8sServerCertificate.Secure) k8sServerCertificate).certificate(), k8sAuthentication);
        }
        throw new MatchError(k8sServerCertificate);
    }

    private ZIO<Object, Throwable, SSLContext> insecureSSLContext() {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.coralogix.zio.k8s.client.config.SSL$$anon$1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }};
        return ZIO$.MODULE$.attempt(() -> {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            return sSLContext;
        }, "com.coralogix.zio.k8s.client.config.SSL.insecureSSLContext(SSL.scala:27)");
    }

    private ZIO<Object, Throwable, SSLContext> secureSSLContext(Cpackage.KeySource keySource, Cpackage.K8sAuthentication k8sAuthentication) {
        return ZIO$ScopedPartiallyApplied$.MODULE$.apply$extension(ZIO$.MODULE$.scoped(), () -> {
            return package$.MODULE$.loadKeyStream(keySource).flatMap(inputStream -> {
                ZIO map;
                if (k8sAuthentication instanceof Cpackage.K8sAuthentication.ServiceAccountToken) {
                    map = ZIO$.MODULE$.none();
                } else if (k8sAuthentication instanceof Cpackage.K8sAuthentication.BasicAuth) {
                    map = ZIO$.MODULE$.none();
                } else {
                    if (!(k8sAuthentication instanceof Cpackage.K8sAuthentication.ClientCertificates)) {
                        throw new MatchError(k8sAuthentication);
                    }
                    Cpackage.K8sAuthentication.ClientCertificates clientCertificates = (Cpackage.K8sAuthentication.ClientCertificates) k8sAuthentication;
                    map = KeyManagers$.MODULE$.apply(clientCertificates.certificate(), clientCertificates.key(), clientCertificates.password()).map(keyManagerArr -> {
                        return new Some(keyManagerArr);
                    }, "com.coralogix.zio.k8s.client.config.SSL.secureSSLContext(SSL.scala:45)");
                }
                return map.flatMap(option -> {
                    return TrustManagers$.MODULE$.apply(inputStream).flatMap(trustManagerArr -> {
                        return MODULE$.createSslContext(option, trustManagerArr).map(sSLContext -> {
                            return sSLContext;
                        }, "com.coralogix.zio.k8s.client.config.SSL.secureSSLContext(SSL.scala:48)");
                    }, "com.coralogix.zio.k8s.client.config.SSL.secureSSLContext(SSL.scala:47)");
                }, "com.coralogix.zio.k8s.client.config.SSL.secureSSLContext(SSL.scala:40)");
            }, "com.coralogix.zio.k8s.client.config.SSL.secureSSLContext(SSL.scala:38)");
        }, "com.coralogix.zio.k8s.client.config.SSL.secureSSLContext(SSL.scala:38)");
    }

    private ZIO<Object, Throwable, SSLContext> createSslContext(Option<KeyManager[]> option, TrustManager[] trustManagerArr) {
        return ZIO$.MODULE$.attempt(() -> {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init((KeyManager[]) option.orNull(Predef$.MODULE$.$conforms()), trustManagerArr, new SecureRandom());
            return sSLContext;
        }, "com.coralogix.zio.k8s.client.config.SSL.createSslContext(SSL.scala:56)");
    }

    private SSL$() {
        MODULE$ = this;
    }
}
