package org.apache.ignite.internal.jdbc.thin;

import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.file.FileSystems;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collections;
import javax.cache.configuration.Factory;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.ignite.internal.processors.odbc.SqlStateCode;
import org.apache.ignite.internal.util.typedef.F;

/* loaded from: input_file:org/apache/ignite/internal/jdbc/thin/JdbcThinSSLUtil.class */
public class JdbcThinSSLUtil {
    private static final X509TrustManager TRUST_ALL_MANAGER;
    static final /* synthetic */ boolean $assertionsDisabled;

    private JdbcThinSSLUtil() {
    }

    public static SSLSocket createSSLSocket(InetSocketAddress inetSocketAddress, ConnectionProperties connectionProperties) throws SQLException, IOException {
        try {
            SSLSocket sSLSocket = (SSLSocket) getSSLSocketFactory(connectionProperties).createSocket(inetSocketAddress.getAddress(), inetSocketAddress.getPort());
            sSLSocket.setUseClientMode(true);
            sSLSocket.startHandshake();
            return sSLSocket;
        } catch (IOException e) {
            throw new SQLException("Failed to SSL connect to server [url=" + connectionProperties.getUrl() + ']', SqlStateCode.CLIENT_CONNECTION_FAILED, e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v109, types: [java.util.List] */
    private static SSLSocketFactory getSSLSocketFactory(ConnectionProperties connectionProperties) throws SQLException {
        ArrayList arrayList;
        String sslFactory = connectionProperties.getSslFactory();
        String sslClientCertificateKeyStoreUrl = connectionProperties.getSslClientCertificateKeyStoreUrl();
        String sslClientCertificateKeyStorePassword = connectionProperties.getSslClientCertificateKeyStorePassword();
        String sslClientCertificateKeyStoreType = connectionProperties.getSslClientCertificateKeyStoreType();
        String sslTrustCertificateKeyStoreUrl = connectionProperties.getSslTrustCertificateKeyStoreUrl();
        String sslTrustCertificateKeyStorePassword = connectionProperties.getSslTrustCertificateKeyStorePassword();
        String sslTrustCertificateKeyStoreType = connectionProperties.getSslTrustCertificateKeyStoreType();
        String sslProtocol = connectionProperties.getSslProtocol();
        String sslKeyAlgorithm = connectionProperties.getSslKeyAlgorithm();
        if (!F.isEmpty(sslFactory)) {
            try {
                return (SSLSocketFactory) ((Factory) JdbcThinSSLUtil.class.getClassLoader().loadClass(sslFactory).newInstance()).create();
            } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                throw new SQLException("Could not fount SSL factory class: " + sslFactory, SqlStateCode.CLIENT_CONNECTION_FAILED, e);
            }
        }
        if (sslClientCertificateKeyStoreUrl == null && sslClientCertificateKeyStorePassword == null && sslClientCertificateKeyStoreType == null && sslTrustCertificateKeyStoreUrl == null && sslTrustCertificateKeyStorePassword == null && sslTrustCertificateKeyStoreType == null && sslProtocol == null) {
            try {
                return SSLContext.getDefault().getSocketFactory();
            } catch (NoSuchAlgorithmException e2) {
                throw new SQLException("Could not create default SSL context", SqlStateCode.CLIENT_CONNECTION_FAILED, e2);
            }
        }
        if (sslClientCertificateKeyStoreUrl == null) {
            sslClientCertificateKeyStoreUrl = System.getProperty("javax.net.ssl.keyStore");
        }
        if (sslClientCertificateKeyStorePassword == null) {
            sslClientCertificateKeyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
        }
        if (sslClientCertificateKeyStoreType == null) {
            sslClientCertificateKeyStoreType = System.getProperty("javax.net.ssl.keyStoreType", "JKS");
        }
        if (sslTrustCertificateKeyStoreUrl == null) {
            sslTrustCertificateKeyStoreUrl = System.getProperty("javax.net.ssl.trustStore");
        }
        if (sslTrustCertificateKeyStorePassword == null) {
            sslTrustCertificateKeyStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
        }
        if (sslTrustCertificateKeyStoreType == null) {
            sslTrustCertificateKeyStoreType = System.getProperty("javax.net.ssl.trustStoreType", "JKS");
        }
        if (sslProtocol == null) {
            sslProtocol = "TLS";
        }
        if (!F.isEmpty(sslClientCertificateKeyStoreUrl)) {
            sslClientCertificateKeyStoreUrl = checkAndConvertUrl(sslClientCertificateKeyStoreUrl);
        }
        if (!F.isEmpty(sslTrustCertificateKeyStoreUrl)) {
            sslTrustCertificateKeyStoreUrl = checkAndConvertUrl(sslTrustCertificateKeyStoreUrl);
        }
        KeyManager[] keyManagerArr = null;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(sslKeyAlgorithm);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(sslKeyAlgorithm);
            InputStream inputStream = null;
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    if (!F.isEmpty(sslClientCertificateKeyStoreUrl) && !F.isEmpty(sslClientCertificateKeyStoreType)) {
                                        KeyStore keyStore = KeyStore.getInstance(sslClientCertificateKeyStoreType);
                                        URL url = new URL(sslClientCertificateKeyStoreUrl);
                                        char[] charArray = sslClientCertificateKeyStorePassword == null ? new char[0] : sslClientCertificateKeyStorePassword.toCharArray();
                                        inputStream = url.openStream();
                                        keyStore.load(inputStream, charArray);
                                        keyManagerFactory.init(keyStore, charArray);
                                        keyManagerArr = keyManagerFactory.getKeyManagers();
                                    }
                                    if (inputStream != null) {
                                        try {
                                            inputStream.close();
                                        } catch (IOException e3) {
                                        }
                                    }
                                    InputStream inputStream2 = null;
                                    if (connectionProperties.isSslTrustAll()) {
                                        arrayList = Collections.singletonList(TRUST_ALL_MANAGER);
                                    } else {
                                        arrayList = new ArrayList();
                                        try {
                                            try {
                                                try {
                                                    try {
                                                        try {
                                                            try {
                                                                KeyStore keyStore2 = null;
                                                                if (!F.isEmpty(sslTrustCertificateKeyStoreUrl) && !F.isEmpty(sslTrustCertificateKeyStoreType)) {
                                                                    char[] charArray2 = sslTrustCertificateKeyStorePassword == null ? new char[0] : sslTrustCertificateKeyStorePassword.toCharArray();
                                                                    inputStream2 = new URL(sslTrustCertificateKeyStoreUrl).openStream();
                                                                    keyStore2 = KeyStore.getInstance(sslTrustCertificateKeyStoreType);
                                                                    keyStore2.load(inputStream2, charArray2);
                                                                }
                                                                trustManagerFactory.init(keyStore2);
                                                                Collections.addAll(arrayList, trustManagerFactory.getTrustManagers());
                                                                if (inputStream2 != null) {
                                                                    try {
                                                                        inputStream2.close();
                                                                    } catch (IOException e4) {
                                                                    }
                                                                }
                                                            } catch (Throwable th) {
                                                                if (inputStream2 != null) {
                                                                    try {
                                                                        inputStream2.close();
                                                                    } catch (IOException e5) {
                                                                    }
                                                                }
                                                                throw th;
                                                            }
                                                        } catch (NoSuchAlgorithmException e6) {
                                                            throw new SQLException("Unsupported keystore algorithm.", SqlStateCode.CLIENT_CONNECTION_FAILED, e6);
                                                        }
                                                    } catch (CertificateException e7) {
                                                        throw new SQLException("Could not load trusted key store. [storeType=" + sslTrustCertificateKeyStoreType + ", cliStoreUrl=" + sslTrustCertificateKeyStoreUrl + ']', SqlStateCode.CLIENT_CONNECTION_FAILED, e7);
                                                    }
                                                } catch (MalformedURLException e8) {
                                                    throw new SQLException("Invalid trusted key store URL. [url=" + sslTrustCertificateKeyStoreUrl + ']', SqlStateCode.CLIENT_CONNECTION_FAILED, e8);
                                                }
                                            } catch (KeyStoreException e9) {
                                                throw new SQLException("Could not create trust KeyStore instance.", SqlStateCode.CLIENT_CONNECTION_FAILED, e9);
                                            }
                                        } catch (IOException e10) {
                                            throw new SQLException("Could not open trusted key store. [url=" + sslClientCertificateKeyStoreUrl + ']', SqlStateCode.CLIENT_CONNECTION_FAILED, e10);
                                        }
                                    }
                                    if (!$assertionsDisabled && arrayList.size() == 0) {
                                        throw new AssertionError();
                                    }
                                    try {
                                        SSLContext sSLContext = SSLContext.getInstance(sslProtocol);
                                        sSLContext.init(keyManagerArr, (TrustManager[]) arrayList.toArray(new TrustManager[arrayList.size()]), null);
                                        return sSLContext.getSocketFactory();
                                    } catch (KeyManagementException e11) {
                                        throw new SQLException("Cannot init SSL context.", SqlStateCode.CLIENT_CONNECTION_FAILED, e11);
                                    } catch (NoSuchAlgorithmException e12) {
                                        throw new SQLException(sslProtocol + " is not a valid SSL protocol.", SqlStateCode.CLIENT_CONNECTION_FAILED, e12);
                                    }
                                } catch (Throwable th2) {
                                    if (inputStream != null) {
                                        try {
                                            inputStream.close();
                                        } catch (IOException e13) {
                                        }
                                    }
                                    throw th2;
                                }
                            } catch (KeyStoreException e14) {
                                throw new SQLException("Could not create client KeyStore instance.", SqlStateCode.CLIENT_CONNECTION_FAILED, e14);
                            }
                        } catch (MalformedURLException e15) {
                            throw new SQLException("Invalid client key store URL. [url=" + sslClientCertificateKeyStoreUrl + ']', SqlStateCode.CLIENT_CONNECTION_FAILED, e15);
                        }
                    } catch (IOException e16) {
                        throw new SQLException("Could not open client key store.[url=" + sslClientCertificateKeyStoreUrl + ']', SqlStateCode.CLIENT_CONNECTION_FAILED, e16);
                    }
                } catch (NoSuchAlgorithmException e17) {
                    throw new SQLException("Unsupported keystore algorithm.", SqlStateCode.CLIENT_CONNECTION_FAILED, e17);
                }
            } catch (UnrecoverableKeyException e18) {
                throw new SQLException("Could not recover keys from client keystore.", SqlStateCode.CLIENT_CONNECTION_FAILED, e18);
            } catch (CertificateException e19) {
                throw new SQLException("Could not load client key store. [storeType=" + sslClientCertificateKeyStoreType + ", cliStoreUrl=" + sslClientCertificateKeyStoreUrl + ']', SqlStateCode.CLIENT_CONNECTION_FAILED, e19);
            }
        } catch (NoSuchAlgorithmException e20) {
            throw new SQLException("Default algorithm definitions for TrustManager and/or KeyManager are invalid. Check java security properties file.", SqlStateCode.CLIENT_CONNECTION_FAILED, e20);
        }
    }

    private static String checkAndConvertUrl(String str) throws SQLException {
        try {
            return new URL(str).toString();
        } catch (MalformedURLException e) {
            try {
                return FileSystems.getDefault().getPath(str, new String[0]).toUri().toURL().toString();
            } catch (MalformedURLException e2) {
                throw new SQLException("Invalid keystore UR: " + str, SqlStateCode.CLIENT_CONNECTION_FAILED, e);
            }
        }
    }

    static {
        $assertionsDisabled = !JdbcThinSSLUtil.class.desiredAssertionStatus();
        TRUST_ALL_MANAGER = new X509TrustManager() { // from class: org.apache.ignite.internal.jdbc.thin.JdbcThinSSLUtil.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        };
    }
}
