package org.mariadb.jdbc.internal.protocol.tls;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.sql.SQLException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import org.mariadb.jdbc.internal.logging.Logger;
import org.mariadb.jdbc.internal.logging.LoggerFactory;
import org.mariadb.jdbc.internal.util.exceptions.ExceptionMapper;
import org.mariadb.jdbc.tls.TlsSocketPlugin;
import org.mariadb.jdbc.util.Options;
import org.pegdown.VerbatimSerializer;

/* loaded from: input_file:org/mariadb/jdbc/internal/protocol/tls/DefaultTlsSocketPlugin.class */
public class DefaultTlsSocketPlugin implements TlsSocketPlugin {
    private static final Logger logger = LoggerFactory.getLogger(DefaultTlsSocketPlugin.class);

    private static KeyManager loadClientCerts(String str, String str2, String str3, String str4) throws SQLException {
        char[] charArray;
        InputStream inputStream = null;
        try {
            if (str2 == null) {
                charArray = null;
            } else {
                try {
                    charArray = str2.toCharArray();
                } catch (FileNotFoundException e) {
                    throw ExceptionMapper.connException("Failed to find keyStore file. Option keyStore=" + str, e);
                } catch (IOException e2) {
                    throw ExceptionMapper.connException("Failed to read keyStore file. Option keyStore=" + str, e2);
                } catch (GeneralSecurityException e3) {
                    throw ExceptionMapper.connException("Failed to create keyStore instance", e3);
                }
            }
            char[] cArr = charArray;
            try {
                inputStream = new URL(str).openStream();
            } catch (IOException e4) {
                inputStream = new FileInputStream(str);
            }
            KeyStore keyStore = KeyStore.getInstance(str4 != null ? str4 : KeyStore.getDefaultType());
            keyStore.load(inputStream, cArr);
            return new MariaDbX509KeyManager(keyStore, str3 == null ? cArr : str3.toCharArray());
        } finally {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e5) {
                }
            }
        }
    }

    @Override // org.mariadb.jdbc.tls.TlsSocketPlugin
    public String name() {
        return "Default TLS socket factory";
    }

    @Override // org.mariadb.jdbc.tls.TlsSocketPlugin
    public String type() {
        return VerbatimSerializer.DEFAULT;
    }

    @Override // org.mariadb.jdbc.tls.TlsSocketPlugin
    public SSLSocketFactory getSocketFactory(Options options) throws SQLException {
        X509TrustManager[] x509TrustManagerArr = null;
        KeyManager[] keyManagerArr = null;
        if (options.trustServerCertificate || options.serverSslCert != null || options.trustStore != null) {
            x509TrustManagerArr = new X509TrustManager[]{new MariaDbX509TrustManager(options)};
        }
        if (options.keyStore != null) {
            keyManagerArr = new KeyManager[]{loadClientCerts(options.keyStore, options.keyStorePassword, options.keyPassword, options.keyStoreType)};
        } else {
            String property = System.getProperty("javax.net.ssl.keyStore");
            String property2 = System.getProperty("javax.net.ssl.keyStorePassword");
            if (property != null) {
                try {
                    keyManagerArr = new KeyManager[]{loadClientCerts(property, property2, property2, options.keyStoreType)};
                } catch (SQLException e) {
                    keyManagerArr = null;
                    logger.error("Error loading keymanager from system properties", (Throwable) e);
                }
            }
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, x509TrustManagerArr, null);
            return sSLContext.getSocketFactory();
        } catch (KeyManagementException e2) {
            throw ExceptionMapper.connException("Could not initialize SSL context", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw ExceptionMapper.connException("SSLContext TLS Algorithm not unknown", e3);
        }
    }

    @Override // org.mariadb.jdbc.tls.TlsSocketPlugin
    public void verify(String str, SSLSession sSLSession, Options options, long j) throws SSLException {
        HostnameVerifierImpl hostnameVerifierImpl = new HostnameVerifierImpl();
        if (hostnameVerifierImpl.verify(str, sSLSession, j)) {
            return;
        }
        hostnameVerifierImpl.verify(str, (X509Certificate) sSLSession.getPeerCertificates()[0], j);
    }
}
