package org.apache.pekko.remote.artery.tcp.ssl;

import com.typesafe.config.Config;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import org.apache.pekko.actor.ActorSystem;
import org.apache.pekko.annotation.ApiMayChange;
import org.apache.pekko.annotation.InternalApi;
import org.apache.pekko.event.LogSource;
import org.apache.pekko.event.LogSource$;
import org.apache.pekko.event.Logging$;
import org.apache.pekko.event.MarkerLoggingAdapter;
import org.apache.pekko.remote.artery.tcp.SSLEngineProvider;
import org.apache.pekko.remote.artery.tcp.SecureRandomFactory$;
import org.apache.pekko.remote.artery.tcp.SslTransportException;
import org.apache.pekko.stream.Client$;
import org.apache.pekko.stream.Server$;
import org.apache.pekko.stream.TLSRole;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Product;
import scala.Serializable;
import scala.Some;
import scala.Tuple3;
import scala.collection.Iterator;
import scala.concurrent.duration.Deadline;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.ScalaRunTime$;

/* compiled from: RotatingKeysSSLEngineProvider.scala */
@ScalaSignature(bytes = "\u0006\u0001\rUe\u0001\u0002)R\u0005\u0001D\u0001b\u001b\u0001\u0003\u0006\u0004%\t\u0001\u001c\u0005\tm\u0002\u0011\t\u0011)A\u0005[\"Aq\u000f\u0001BC\u0002\u0013E\u0001\u0010\u0003\u0005��\u0001\t\u0005\t\u0015!\u0003z\u0011\u001d\t\t\u0001\u0001C\u0001\u0003\u0007Aq!!\u0001\u0001\t\u0003\ti\u0001C\u0005\u0002 \u0001\u0011\r\u0011\"\u0003\u0002\"!A\u0011\u0011\b\u0001!\u0002\u0013\t\u0019\u0003C\u0005\u0002<\u0001\u0011\r\u0011\"\u0003\u0002\"!A\u0011Q\b\u0001!\u0002\u0013\t\u0019\u0003C\u0005\u0002@\u0001\u0011\r\u0011\"\u0003\u0002\"!A\u0011\u0011\t\u0001!\u0002\u0013\t\u0019\u0003C\u0005\u0002D\u0001\u0011\r\u0011\"\u0003\u0002F!A\u0011Q\n\u0001!\u0002\u0013\t9\u0005C\u0005\u0002P\u0001\u0011\r\u0011\"\u0003\u0002R!A\u00111\r\u0001!\u0002\u0013\t\u0019\u0006C\u0005\u0002f\u0001\u0001\r\u0011\"\u0003\u0002h!I!1\u001d\u0001A\u0002\u0013%!Q\u001d\u0005\t\u0005_\u0004\u0001\u0015)\u0003\u0002j!A!\u0011 \u0001\u0005\u0002E\u0013Y\u0010C\u0004\u0003��\u0002!Ia!\u0001\t\u000f\r\u0015\u0001\u0001\"\u0003\u0004\u0002!91q\u0001\u0001\u0005\n\r%\u0001bBB\u0015\u0001\u0011\u000531\u0006\u0005\b\u0007w\u0001A\u0011IB\u001f\u0011\u001d\u0019\u0019\u0005\u0001C\u0005\u0007\u000bBqa!\u0019\u0001\t\u0003\u001a\u0019\u0007C\u0004\u0004\u0006\u0002!\tea\"\b\u000f\u0005%\u0015\u000b#\u0001\u0002\f\u001a1\u0001+\u0015E\u0001\u0003\u001bCq!!\u0001\u001f\t\u0003\tyI\u0002\u0004\u0002\u0012z!\u00151\u0013\u0005\u000b\u0003C\u0003#Q3A\u0005\u0002\u0005\r\u0006B\u0003B-A\tE\t\u0015!\u0003\u0002&\"Q!1\f\u0011\u0003\u0016\u0004%\tA!\u0018\t\u0015\t=\u0004E!E!\u0002\u0013\u0011y\u0006C\u0004\u0002\u0002\u0001\"\tA!\u001d\t\u0013\u0005]\u0007%!A\u0005\u0002\te\u0004\"CApAE\u0005I\u0011\u0001B@\u0011%\t9\u0010II\u0001\n\u0003\u0011\u0019\tC\u0005\u0002~\u0002\n\t\u0011\"\u0011\u0002��\"I!1\u0002\u0011\u0002\u0002\u0013\u0005!Q\u0002\u0005\n\u0005+\u0001\u0013\u0011!C\u0001\u0005\u000fC\u0011Ba\t!\u0003\u0003%\tE!\n\t\u0013\tM\u0002%!A\u0005\u0002\t-\u0005\"\u0003B A\u0005\u0005I\u0011\tB!\u0011%\u0011\u0019\u0005IA\u0001\n\u0003\u0012)\u0005C\u0005\u0003H\u0001\n\t\u0011\"\u0011\u0003\u0010\u001eI!Q\u0013\u0010\u0002\u0002#%!q\u0013\u0004\n\u0003#s\u0012\u0011!E\u0005\u00053Cq!!\u00013\t\u0003\u00119\u000bC\u0005\u0003DI\n\t\u0011\"\u0012\u0003F!I!\u0011\u0016\u001a\u0002\u0002\u0013\u0005%1\u0016\u0005\n\u0005c\u0013\u0014\u0011!CA\u0005gC\u0011B!13\u0003\u0003%IAa1\u0007\r\u0005%f\u0004RAV\u0011)\ti\u000b\u000fBK\u0002\u0013\u0005\u0011q\u0016\u0005\u000b\u0003\u0007D$\u0011#Q\u0001\n\u0005E\u0006BCAcq\tU\r\u0011\"\u0001\u0002H\"Q\u0011q\u001a\u001d\u0003\u0012\u0003\u0006I!!3\t\u000f\u0005\u0005\u0001\b\"\u0001\u0002R\"I\u0011q\u001b\u001d\u0002\u0002\u0013\u0005\u0011\u0011\u001c\u0005\n\u0003?D\u0014\u0013!C\u0001\u0003CD\u0011\"a>9#\u0003%\t!!?\t\u0013\u0005u\b(!A\u0005B\u0005}\b\"\u0003B\u0006q\u0005\u0005I\u0011\u0001B\u0007\u0011%\u0011)\u0002OA\u0001\n\u0003\u00119\u0002C\u0005\u0003$a\n\t\u0011\"\u0011\u0003&!I!1\u0007\u001d\u0002\u0002\u0013\u0005!Q\u0007\u0005\n\u0005\u007fA\u0014\u0011!C!\u0005\u0003B\u0011Ba\u00119\u0003\u0003%\tE!\u0012\t\u0013\t\u001d\u0003(!A\u0005B\t%s!\u0003Bf=\u0005\u0005\t\u0012\u0002Bg\r%\tIKHA\u0001\u0012\u0013\u0011y\rC\u0004\u0002\u0002)#\tAa5\t\u0013\t\r#*!A\u0005F\t\u0015\u0003\"\u0003BU\u0015\u0006\u0005I\u0011\u0011Bk\u0011%\u0011\tLSA\u0001\n\u0003\u0013Y\u000eC\u0005\u0003B*\u000b\t\u0011\"\u0003\u0003D\ni\"k\u001c;bi&twmS3zgN\u001bF*\u00128hS:,\u0007K]8wS\u0012,'O\u0003\u0002S'\u0006\u00191o\u001d7\u000b\u0005Q+\u0016a\u0001;da*\u0011akV\u0001\u0007CJ$XM]=\u000b\u0005aK\u0016A\u0002:f[>$XM\u0003\u0002[7\u0006)\u0001/Z6l_*\u0011A,X\u0001\u0007CB\f7\r[3\u000b\u0003y\u000b1a\u001c:h\u0007\u0001\u00192\u0001A1h!\t\u0011W-D\u0001d\u0015\u0005!\u0017!B:dC2\f\u0017B\u00014d\u0005\u0019\te.\u001f*fMB\u0011\u0001.[\u0007\u0002'&\u0011!n\u0015\u0002\u0012'NcUI\\4j]\u0016\u0004&o\u001c<jI\u0016\u0014\u0018AB2p]\u001aLw-F\u0001n!\tqG/D\u0001p\u0015\tY\u0007O\u0003\u0002re\u0006AA/\u001f9fg\u00064WMC\u0001t\u0003\r\u0019w.\\\u0005\u0003k>\u0014aaQ8oM&<\u0017aB2p]\u001aLw\rI\u0001\u0004Y><W#A=\u0011\u0005ilX\"A>\u000b\u0005qL\u0016!B3wK:$\u0018B\u0001@|\u0005Qi\u0015M]6fe2{wmZ5oO\u0006#\u0017\r\u001d;fe\u0006!An\\4!\u0003\u0019a\u0014N\\5u}Q1\u0011QAA\u0005\u0003\u0017\u00012!a\u0002\u0001\u001b\u0005\t\u0006\"B6\u0006\u0001\u0004i\u0007\"B<\u0006\u0001\u0004IH\u0003BA\u0003\u0003\u001fAq!!\u0005\u0007\u0001\u0004\t\u0019\"\u0001\u0004tsN$X-\u001c\t\u0005\u0003+\tY\"\u0004\u0002\u0002\u0018)\u0019\u0011\u0011D-\u0002\u000b\u0005\u001cGo\u001c:\n\t\u0005u\u0011q\u0003\u0002\f\u0003\u000e$xN]*zgR,W.\u0001\u0006T'2[U-\u001f$jY\u0016,\"!a\t\u0011\t\u0005\u0015\u00121\u0007\b\u0005\u0003O\ty\u0003E\u0002\u0002*\rl!!a\u000b\u000b\u0007\u00055r,\u0001\u0004=e>|GOP\u0005\u0004\u0003c\u0019\u0017A\u0002)sK\u0012,g-\u0003\u0003\u00026\u0005]\"AB*ue&twMC\u0002\u00022\r\f1bU*M\u0017\u0016Lh)\u001b7fA\u0005Y1k\u0015'DKJ$h)\u001b7f\u00031\u00196\u000bT\"feR4\u0015\u000e\\3!\u00035\u00196\u000bT\"B\u0007\u0016\u0014HOR5mK\u0006q1k\u0015'D\u0003\u000e+'\u000f\u001e$jY\u0016\u0004\u0013aD:tY\u0016sw-\u001b8f\u0007>tg-[4\u0016\u0005\u0005\u001d\u0003\u0003BA\u0004\u0003\u0013J1!a\u0013R\u0005=\u00196\u000bT#oO&tWmQ8oM&<\u0017\u0001E:tY\u0016sw-\u001b8f\u0007>tg-[4!\u0003\r\u0011hnZ\u000b\u0003\u0003'\u0002B!!\u0016\u0002`5\u0011\u0011q\u000b\u0006\u0005\u00033\nY&\u0001\u0005tK\u000e,(/\u001b;z\u0015\t\ti&\u0001\u0003kCZ\f\u0017\u0002BA1\u0003/\u0012AbU3dkJ,'+\u00198e_6\fAA\u001d8hA\u0005i1-Y2iK\u0012\u001cuN\u001c;fqR,\"!!\u001b\u0011\u000b\t\fY'a\u001c\n\u0007\u000554M\u0001\u0004PaRLwN\u001c\t\u0004\u0003c\u0002cbAA:;9!\u0011QOAD\u001d\u0011\t9(!\"\u000f\t\u0005e\u00141\u0011\b\u0005\u0003w\n\tI\u0004\u0003\u0002~\u0005}T\"A.\n\u0005i[\u0016B\u0001-Z\u0013\t1v+\u0003\u0002U+&\u0011!kU\u0001\u001e%>$\u0018\r^5oO.+\u0017p]*T\u0019\u0016sw-\u001b8f!J|g/\u001b3feB\u0019\u0011q\u0001\u0010\u0014\u0005y\tGCAAF\u00055\u0019\u0015m\u00195fI\u000e{g\u000e^3yiN1\u0001%YAK\u00037\u00032AYAL\u0013\r\tIj\u0019\u0002\b!J|G-^2u!\r\u0011\u0017QT\u0005\u0004\u0003?\u001b'\u0001D*fe&\fG.\u001b>bE2,\u0017AB2bG\",G-\u0006\u0002\u0002&B\u0019\u0011q\u0015\u001d\u000e\u0003y\u0011\u0011cQ8oM&<WO]3e\u0007>tG/\u001a=u'\u0019A\u0014-!&\u0002\u001c\u000691m\u001c8uKb$XCAAY!\u0011\t\u0019,a0\u000e\u0005\u0005U&b\u0001*\u00028*!\u0011\u0011XA^\u0003\rqW\r\u001e\u0006\u0003\u0003{\u000bQA[1wCbLA!!1\u00026\nQ1k\u0015'D_:$X\r\u001f;\u0002\u0011\r|g\u000e^3yi\u0002\nqb]3tg&|gNV3sS\u001aLWM]\u000b\u0003\u0003\u0013\u0004B!a\u0002\u0002L&\u0019\u0011QZ)\u0003\u001fM+7o]5p]Z+'/\u001b4jKJ\f\u0001c]3tg&|gNV3sS\u001aLWM\u001d\u0011\u0015\r\u0005\u0015\u00161[Ak\u0011\u001d\ti+\u0010a\u0001\u0003cCq!!2>\u0001\u0004\tI-\u0001\u0003d_BLHCBAS\u00037\fi\u000eC\u0005\u0002.z\u0002\n\u00111\u0001\u00022\"I\u0011Q\u0019 \u0011\u0002\u0003\u0007\u0011\u0011Z\u0001\u000fG>\u0004\u0018\u0010\n3fM\u0006,H\u000e\u001e\u00132+\t\t\u0019O\u000b\u0003\u00022\u0006\u00158FAAt!\u0011\tI/a=\u000e\u0005\u0005-(\u0002BAw\u0003_\f\u0011\"\u001e8dQ\u0016\u001c7.\u001a3\u000b\u0007\u0005E8-\u0001\u0006b]:|G/\u0019;j_:LA!!>\u0002l\n\tRO\\2iK\u000e\\W\r\u001a,be&\fgnY3\u0002\u001d\r|\u0007/\u001f\u0013eK\u001a\fW\u000f\u001c;%eU\u0011\u00111 \u0016\u0005\u0003\u0013\f)/A\u0007qe>$Wo\u0019;Qe\u00164\u0017\u000e_\u000b\u0003\u0005\u0003\u0001BAa\u0001\u0003\n5\u0011!Q\u0001\u0006\u0005\u0005\u000f\tY&\u0001\u0003mC:<\u0017\u0002BA\u001b\u0005\u000b\tA\u0002\u001d:pIV\u001cG/\u0011:jif,\"Aa\u0004\u0011\u0007\t\u0014\t\"C\u0002\u0003\u0014\r\u00141!\u00138u\u00039\u0001(o\u001c3vGR,E.Z7f]R$BA!\u0007\u0003 A\u0019!Ma\u0007\n\u0007\tu1MA\u0002B]fD\u0011B!\tD\u0003\u0003\u0005\rAa\u0004\u0002\u0007a$\u0013'A\bqe>$Wo\u0019;Ji\u0016\u0014\u0018\r^8s+\t\u00119\u0003\u0005\u0004\u0003*\t=\"\u0011D\u0007\u0003\u0005WQ1A!\fd\u0003)\u0019w\u000e\u001c7fGRLwN\\\u0005\u0005\u0005c\u0011YC\u0001\u0005Ji\u0016\u0014\u0018\r^8s\u0003!\u0019\u0017M\\#rk\u0006dG\u0003\u0002B\u001c\u0005{\u00012A\u0019B\u001d\u0013\r\u0011Yd\u0019\u0002\b\u0005>|G.Z1o\u0011%\u0011\t#RA\u0001\u0002\u0004\u0011I\"\u0001\u0005iCND7i\u001c3f)\t\u0011y!\u0001\u0005u_N#(/\u001b8h)\t\u0011\t!\u0001\u0004fcV\fGn\u001d\u000b\u0005\u0005o\u0011Y\u0005C\u0005\u0003\"!\u000b\t\u00111\u0001\u0003\u001a!\u001a\u0001Ha\u0014\u0011\t\tE#QK\u0007\u0003\u0005'R1!!=Z\u0013\u0011\u00119Fa\u0015\u0003\u0017%sG/\u001a:oC2\f\u0005/[\u0001\bG\u0006\u001c\u0007.\u001a3!\u0003\u001d)\u0007\u0010]5sKN,\"Aa\u0018\u0011\t\t\u0005$1N\u0007\u0003\u0005GRAA!\u001a\u0003h\u0005AA-\u001e:bi&|gNC\u0002\u0003j\r\f!bY8oGV\u0014(/\u001a8u\u0013\u0011\u0011iGa\u0019\u0003\u0011\u0011+\u0017\r\u001a7j]\u0016\f\u0001\"\u001a=qSJ,7\u000f\t\u000b\u0007\u0005g\u0012)Ha\u001e\u0011\u0007\u0005\u001d\u0006\u0005C\u0004\u0002\"\u0016\u0002\r!!*\t\u000f\tmS\u00051\u0001\u0003`Q1!1\u000fB>\u0005{B\u0011\"!)'!\u0003\u0005\r!!*\t\u0013\tmc\u0005%AA\u0002\t}SC\u0001BAU\u0011\t)+!:\u0016\u0005\t\u0015%\u0006\u0002B0\u0003K$BA!\u0007\u0003\n\"I!\u0011E\u0016\u0002\u0002\u0003\u0007!q\u0002\u000b\u0005\u0005o\u0011i\tC\u0005\u0003\"5\n\t\u00111\u0001\u0003\u001aQ!!q\u0007BI\u0011%\u0011\t\u0003MA\u0001\u0002\u0004\u0011I\u0002K\u0002!\u0005\u001f\nQbQ1dQ\u0016$7i\u001c8uKb$\bcAATeM)!Ga'\u0002\u001cBQ!Q\u0014BR\u0003K\u0013yFa\u001d\u000e\u0005\t}%b\u0001BQG\u00069!/\u001e8uS6,\u0017\u0002\u0002BS\u0005?\u0013\u0011#\u00112tiJ\f7\r\u001e$v]\u000e$\u0018n\u001c83)\t\u00119*A\u0003baBd\u0017\u0010\u0006\u0004\u0003t\t5&q\u0016\u0005\b\u0003C+\u0004\u0019AAS\u0011\u001d\u0011Y&\u000ea\u0001\u0005?\nq!\u001e8baBd\u0017\u0010\u0006\u0003\u00036\nu\u0006#\u00022\u0002l\t]\u0006c\u00022\u0003:\u0006\u0015&qL\u0005\u0004\u0005w\u001b'A\u0002+va2,'\u0007C\u0005\u0003@Z\n\t\u00111\u0001\u0003t\u0005\u0019\u0001\u0010\n\u0019\u0002\u0017I,\u0017\r\u001a*fg>dg/\u001a\u000b\u0003\u0005\u000b\u0004BAa\u0001\u0003H&!!\u0011\u001aB\u0003\u0005\u0019y%M[3di\u0006\t2i\u001c8gS\u001e,(/\u001a3D_:$X\r\u001f;\u0011\u0007\u0005\u001d&jE\u0003K\u0005#\fY\n\u0005\u0006\u0003\u001e\n\r\u0016\u0011WAe\u0003K#\"A!4\u0015\r\u0005\u0015&q\u001bBm\u0011\u001d\ti+\u0014a\u0001\u0003cCq!!2N\u0001\u0004\tI\r\u0006\u0003\u0003^\n\u0005\b#\u00022\u0002l\t}\u0007c\u00022\u0003:\u0006E\u0016\u0011\u001a\u0005\n\u0005\u007fs\u0015\u0011!a\u0001\u0003K\u000b\u0011cY1dQ\u0016$7i\u001c8uKb$x\fJ3r)\u0011\u00119O!<\u0011\u0007\t\u0014I/C\u0002\u0003l\u000e\u0014A!\u00168ji\"I!\u0011\u0005\n\u0002\u0002\u0003\u0007\u0011\u0011N\u0001\u000fG\u0006\u001c\u0007.\u001a3D_:$X\r\u001f;!Q\r\u0019\"1\u001f\t\u0004E\nU\u0018b\u0001B|G\nAao\u001c7bi&dW-A\u0007hKR\u001c6\u000bT\"p]R,\u0007\u0010\u001e\u000b\u0003\u0003cC3\u0001\u0006B(\u0003)9W\r^\"p]R,\u0007\u0010\u001e\u000b\u0003\u0007\u0007\u00012!!\u001d9\u0003A\u0019wN\\:ueV\u001cGoQ8oi\u0016DH/A\u0005sK\u0006$g)\u001b7fgR\u001111\u0002\t\nE\u000e51\u0011CB\f\u0007GI1aa\u0004d\u0005\u0019!V\u000f\u001d7fgA!\u0011QKB\n\u0013\u0011\u0019)\"a\u0016\u0003\u0015A\u0013\u0018N^1uK.+\u0017\u0010\u0005\u0003\u0004\u001a\r}QBAB\u000e\u0015\u0011\u0019i\"a\u0016\u0002\t\r,'\u000f^\u0005\u0005\u0007C\u0019YBA\bYkAJ4)\u001a:uS\u001aL7-\u0019;f!\u0011\u0019Ib!\n\n\t\r\u001d21\u0004\u0002\f\u0007\u0016\u0014H/\u001b4jG\u0006$X-A\u000bde\u0016\fG/Z*feZ,'oU*M\u000b:<\u0017N\\3\u0015\r\r521GB\u001c!\u0011\t\u0019la\f\n\t\rE\u0012Q\u0017\u0002\n'NcUI\\4j]\u0016Dqa!\u000e\u0019\u0001\u0004\t\u0019#\u0001\u0005i_N$h.Y7f\u0011\u001d\u0019I\u0004\u0007a\u0001\u0005\u001f\tA\u0001]8si\u0006)2M]3bi\u0016\u001cE.[3oiN\u001bF*\u00128hS:,GCBB\u0017\u0007\u007f\u0019\t\u0005C\u0004\u00046e\u0001\r!a\t\t\u000f\re\u0012\u00041\u0001\u0003\u0010\u0005y1M]3bi\u0016\u001c6\u000bT#oO&tW\r\u0006\u0005\u0004H\r53QLB0)\u0011\u0019ic!\u0013\t\u000f\r-#\u00041\u0001\u00022\u0006Q1o\u001d7D_:$X\r\u001f;\t\u000f\r=#\u00041\u0001\u0004R\u0005!!o\u001c7f!\u0011\u0019\u0019f!\u0017\u000e\u0005\rU#bAB,3\u000611\u000f\u001e:fC6LAaa\u0017\u0004V\t9A\u000bT*S_2,\u0007bBB\u001b5\u0001\u0007\u00111\u0005\u0005\b\u0007sQ\u0002\u0019\u0001B\b\u0003M1XM]5gs\u000ec\u0017.\u001a8u'\u0016\u001c8/[8o)\u0019\u0019)g!\u001f\u0004|A)!-a\u001b\u0004hA!1\u0011NB:\u001d\u0011\u0019Yga\u001c\u000f\t\u0005%2QN\u0005\u0002I&\u00191\u0011O2\u0002\u000fA\f7m[1hK&!1QOB<\u0005%!\u0006N]8xC\ndWMC\u0002\u0004r\rDqa!\u000e\u001c\u0001\u0004\t\u0019\u0003C\u0004\u0004~m\u0001\raa \u0002\u000fM,7o]5p]B!\u00111WBA\u0013\u0011\u0019\u0019)!.\u0003\u0015M\u001bFjU3tg&|g.A\nwKJLg-_*feZ,'oU3tg&|g\u000e\u0006\u0004\u0004f\r%51\u0012\u0005\b\u0007ka\u0002\u0019AA\u0012\u0011\u001d\u0019i\b\ba\u0001\u0007\u007fB3\u0001ABH!\u0011\u0011\tf!%\n\t\rM%1\u000b\u0002\r\u0003BLW*Y=DQ\u0006tw-\u001a")
@ApiMayChange
/* loaded from: input_file:flink-rpc-akka.jar:org/apache/pekko/remote/artery/tcp/ssl/RotatingKeysSSLEngineProvider.class */
public final class RotatingKeysSSLEngineProvider implements SSLEngineProvider {
    private final Config config;
    private final MarkerLoggingAdapter log;
    private final String SSLKeyFile;
    private final String SSLCertFile;
    private final String SSLCACertFile;
    private final SSLEngineConfig sslEngineConfig;
    private final SecureRandom rng;
    private volatile Option<CachedContext> cachedContext;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: RotatingKeysSSLEngineProvider.scala */
    @InternalApi
    /* loaded from: input_file:flink-rpc-akka.jar:org/apache/pekko/remote/artery/tcp/ssl/RotatingKeysSSLEngineProvider$CachedContext.class */
    public static class CachedContext implements Product, Serializable {
        private final ConfiguredContext cached;
        private final Deadline expires;

        public ConfiguredContext cached() {
            return this.cached;
        }

        public Deadline expires() {
            return this.expires;
        }

        public CachedContext copy(ConfiguredContext configuredContext, Deadline deadline) {
            return new CachedContext(configuredContext, deadline);
        }

        public ConfiguredContext copy$default$1() {
            return cached();
        }

        public Deadline copy$default$2() {
            return expires();
        }

        @Override // scala.Product
        public String productPrefix() {
            return "CachedContext";
        }

        @Override // scala.Product
        public int productArity() {
            return 2;
        }

        @Override // scala.Product
        public Object productElement(int i) {
            switch (i) {
                case 0:
                    return cached();
                case 1:
                    return expires();
                default:
                    throw new IndexOutOfBoundsException(Integer.toString(i));
            }
        }

        @Override // scala.Product
        public Iterator<Object> productIterator() {
            return ScalaRunTime$.MODULE$.typedProductIterator(this);
        }

        @Override // scala.Equals
        public boolean canEqual(Object obj) {
            return obj instanceof CachedContext;
        }

        public int hashCode() {
            return ScalaRunTime$.MODULE$._hashCode(this);
        }

        public String toString() {
            return ScalaRunTime$.MODULE$._toString(this);
        }

        @Override // scala.Equals
        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof CachedContext)) {
                return false;
            }
            CachedContext cachedContext = (CachedContext) obj;
            ConfiguredContext cached = cached();
            ConfiguredContext cached2 = cachedContext.cached();
            if (cached == null) {
                if (cached2 != null) {
                    return false;
                }
            } else if (!cached.equals(cached2)) {
                return false;
            }
            Deadline expires = expires();
            Deadline expires2 = cachedContext.expires();
            if (expires == null) {
                if (expires2 != null) {
                    return false;
                }
            } else if (!expires.equals(expires2)) {
                return false;
            }
            return cachedContext.canEqual(this);
        }

        public CachedContext(ConfiguredContext configuredContext, Deadline deadline) {
            this.cached = configuredContext;
            this.expires = deadline;
            Product.$init$(this);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: RotatingKeysSSLEngineProvider.scala */
    @InternalApi
    /* loaded from: input_file:flink-rpc-akka.jar:org/apache/pekko/remote/artery/tcp/ssl/RotatingKeysSSLEngineProvider$ConfiguredContext.class */
    public static class ConfiguredContext implements Product, Serializable {
        private final SSLContext context;
        private final SessionVerifier sessionVerifier;

        public SSLContext context() {
            return this.context;
        }

        public SessionVerifier sessionVerifier() {
            return this.sessionVerifier;
        }

        public ConfiguredContext copy(SSLContext sSLContext, SessionVerifier sessionVerifier) {
            return new ConfiguredContext(sSLContext, sessionVerifier);
        }

        public SSLContext copy$default$1() {
            return context();
        }

        public SessionVerifier copy$default$2() {
            return sessionVerifier();
        }

        @Override // scala.Product
        public String productPrefix() {
            return "ConfiguredContext";
        }

        @Override // scala.Product
        public int productArity() {
            return 2;
        }

        @Override // scala.Product
        public Object productElement(int i) {
            switch (i) {
                case 0:
                    return context();
                case 1:
                    return sessionVerifier();
                default:
                    throw new IndexOutOfBoundsException(Integer.toString(i));
            }
        }

        @Override // scala.Product
        public Iterator<Object> productIterator() {
            return ScalaRunTime$.MODULE$.typedProductIterator(this);
        }

        @Override // scala.Equals
        public boolean canEqual(Object obj) {
            return obj instanceof ConfiguredContext;
        }

        public int hashCode() {
            return ScalaRunTime$.MODULE$._hashCode(this);
        }

        public String toString() {
            return ScalaRunTime$.MODULE$._toString(this);
        }

        @Override // scala.Equals
        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof ConfiguredContext)) {
                return false;
            }
            ConfiguredContext configuredContext = (ConfiguredContext) obj;
            SSLContext context = context();
            SSLContext context2 = configuredContext.context();
            if (context == null) {
                if (context2 != null) {
                    return false;
                }
            } else if (!context.equals(context2)) {
                return false;
            }
            SessionVerifier sessionVerifier = sessionVerifier();
            SessionVerifier sessionVerifier2 = configuredContext.sessionVerifier();
            if (sessionVerifier == null) {
                if (sessionVerifier2 != null) {
                    return false;
                }
            } else if (!sessionVerifier.equals(sessionVerifier2)) {
                return false;
            }
            return configuredContext.canEqual(this);
        }

        public ConfiguredContext(SSLContext sSLContext, SessionVerifier sessionVerifier) {
            this.context = sSLContext;
            this.sessionVerifier = sessionVerifier;
            Product.$init$(this);
        }
    }

    public Config config() {
        return this.config;
    }

    public MarkerLoggingAdapter log() {
        return this.log;
    }

    private String SSLKeyFile() {
        return this.SSLKeyFile;
    }

    private String SSLCertFile() {
        return this.SSLCertFile;
    }

    private String SSLCACertFile() {
        return this.SSLCACertFile;
    }

    private SSLEngineConfig sslEngineConfig() {
        return this.sslEngineConfig;
    }

    private SecureRandom rng() {
        return this.rng;
    }

    private Option<CachedContext> cachedContext() {
        return this.cachedContext;
    }

    private void cachedContext_$eq(Option<CachedContext> option) {
        this.cachedContext = option;
    }

    @InternalApi
    public SSLContext getSSLContext() {
        return getContext().context();
    }

    private ConfiguredContext getContext() {
        CachedContext cachedContext;
        boolean z = false;
        Some some = null;
        Option<CachedContext> cachedContext2 = cachedContext();
        if (cachedContext2 instanceof Some) {
            z = true;
            some = (Some) cachedContext2;
            CachedContext cachedContext3 = (CachedContext) some.value();
            if (cachedContext3 != null && cachedContext3.expires().isOverdue()) {
                ConfiguredContext constructContext = constructContext();
                cachedContext_$eq(new Some(new CachedContext(constructContext, sslEngineConfig().SSLContextCacheTime().fromNow())));
                return constructContext;
            }
        }
        if (z && (cachedContext = (CachedContext) some.value()) != null) {
            return cachedContext.cached();
        }
        if (!None$.MODULE$.equals(cachedContext2)) {
            throw new MatchError(cachedContext2);
        }
        ConfiguredContext constructContext2 = constructContext();
        cachedContext_$eq(new Some(new CachedContext(constructContext2, sslEngineConfig().SSLContextCacheTime().fromNow())));
        return constructContext2;
    }

    private ConfiguredContext constructContext() {
        Tuple3<PrivateKey, X509Certificate, Certificate> readFiles = readFiles();
        if (readFiles == null) {
            throw new MatchError(null);
        }
        PrivateKey _1 = readFiles._1();
        X509Certificate _2 = readFiles._2();
        Certificate _3 = readFiles._3();
        try {
            KeyManager[] buildKeyManagers = PemManagersProvider$.MODULE$.buildKeyManagers(_1, _2, _3);
            TrustManager[] buildTrustManagers = PemManagersProvider$.MODULE$.buildTrustManagers(_3);
            PeerSubjectVerifier peerSubjectVerifier = new PeerSubjectVerifier(_2);
            SSLContext sSLContext = SSLContext.getInstance(sslEngineConfig().SSLProtocol());
            sSLContext.init(buildKeyManagers, buildTrustManagers, rng());
            return new ConfiguredContext(sSLContext, peerSubjectVerifier);
        } catch (IllegalArgumentException e) {
            throw new SslTransportException(new StringBuilder(56).append("Server SSL connection could not be established because: ").append(e.getMessage()).toString(), e);
        } catch (GeneralSecurityException e2) {
            throw new SslTransportException("Server SSL connection could not be established because SSL context could not be constructed", e2);
        }
    }

    private Tuple3<PrivateKey, X509Certificate, Certificate> readFiles() {
        try {
            Certificate loadCertificate = PemManagersProvider$.MODULE$.loadCertificate(SSLCACertFile());
            return new Tuple3<>(PemManagersProvider$.MODULE$.loadPrivateKey(SSLKeyFile()), (X509Certificate) PemManagersProvider$.MODULE$.loadCertificate(SSLCertFile()), loadCertificate);
        } catch (FileNotFoundException e) {
            throw new SslTransportException("Server SSL connection could not be established because a key or cert could not be loaded", e);
        } catch (IOException e2) {
            throw new SslTransportException(new StringBuilder(56).append("Server SSL connection could not be established because: ").append(e2.getMessage()).toString(), e2);
        }
    }

    @Override // org.apache.pekko.remote.artery.tcp.SSLEngineProvider
    public SSLEngine createServerSSLEngine(String str, int i) {
        return createSSLEngine(Server$.MODULE$, str, i, getContext().context());
    }

    @Override // org.apache.pekko.remote.artery.tcp.SSLEngineProvider
    public SSLEngine createClientSSLEngine(String str, int i) {
        return createSSLEngine(Client$.MODULE$, str, i, getContext().context());
    }

    private SSLEngine createSSLEngine(TLSRole tLSRole, String str, int i, SSLContext sSLContext) {
        SSLEngine createSSLEngine = sSLContext.createSSLEngine(str, i);
        Client$ client$ = Client$.MODULE$;
        createSSLEngine.setUseClientMode(tLSRole != null ? tLSRole.equals(client$) : client$ == null);
        createSSLEngine.setEnabledCipherSuites((String[]) sslEngineConfig().SSLEnabledAlgorithms().toArray(ClassTag$.MODULE$.apply(String.class)));
        createSSLEngine.setEnabledProtocols(new String[]{sslEngineConfig().SSLProtocol()});
        Client$ client$2 = Client$.MODULE$;
        if (tLSRole != null ? !tLSRole.equals(client$2) : client$2 != null) {
            createSSLEngine.setNeedClientAuth(true);
        }
        return createSSLEngine;
    }

    @Override // org.apache.pekko.remote.artery.tcp.SSLEngineProvider
    public Option<Throwable> verifyClientSession(String str, SSLSession sSLSession) {
        return getContext().sessionVerifier().verifyClientSession(str, sSLSession);
    }

    @Override // org.apache.pekko.remote.artery.tcp.SSLEngineProvider
    public Option<Throwable> verifyServerSession(String str, SSLSession sSLSession) {
        return getContext().sessionVerifier().verifyServerSession(str, sSLSession);
    }

    public RotatingKeysSSLEngineProvider(Config config, MarkerLoggingAdapter markerLoggingAdapter) {
        this.config = config;
        this.log = markerLoggingAdapter;
        this.SSLKeyFile = config.getString("key-file");
        this.SSLCertFile = config.getString("cert-file");
        this.SSLCACertFile = config.getString("ca-cert-file");
        this.sslEngineConfig = new SSLEngineConfig(config);
        this.rng = SecureRandomFactory$.MODULE$.createSecureRandom(sslEngineConfig().SSLRandomNumberGenerator(), markerLoggingAdapter);
        this.cachedContext = None$.MODULE$;
    }

    public RotatingKeysSSLEngineProvider(ActorSystem actorSystem) {
        this(actorSystem.settings().config().getConfig("pekko.remote.artery.ssl.rotating-keys-engine"), Logging$.MODULE$.withMarker(actorSystem, (ActorSystem) RotatingKeysSSLEngineProvider.class.getName(), (LogSource<ActorSystem>) LogSource$.MODULE$.fromString()));
    }
}
