package fr.xephi.authme.libs.org.mariadb.jdbc.plugin.tls.main;

import fr.xephi.authme.libs.com.mysql.cj.exceptions.MysqlErrorNumbers;
import fr.xephi.authme.libs.org.mariadb.jdbc.Configuration;
import fr.xephi.authme.libs.org.mariadb.jdbc.client.tls.HostnameVerifier;
import fr.xephi.authme.libs.org.mariadb.jdbc.client.tls.MariaDbX509KeyManager;
import fr.xephi.authme.libs.org.mariadb.jdbc.client.tls.MariaDbX509TrustingManager;
import fr.xephi.authme.libs.org.mariadb.jdbc.export.ExceptionFactory;
import fr.xephi.authme.libs.org.mariadb.jdbc.export.SslMode;
import fr.xephi.authme.libs.org.mariadb.jdbc.plugin.TlsSocketPlugin;
import fr.xephi.authme.libs.org.mariadb.jdbc.util.log.Logger;
import fr.xephi.authme.libs.org.mariadb.jdbc.util.log.Loggers;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.sql.SQLException;
import java.util.Iterator;
import java.util.UUID;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:fr/xephi/authme/libs/org/mariadb/jdbc/plugin/tls/main/DefaultTlsSocketPlugin.class */
public class DefaultTlsSocketPlugin implements TlsSocketPlugin {
    private static final Logger logger = Loggers.getLogger((Class<?>) DefaultTlsSocketPlugin.class);

    private static KeyManager loadClientCerts(String str, String str2, String str3, String str4, ExceptionFactory exceptionFactory) throws SQLException {
        char[] charArray;
        try {
            InputStream loadFromUrl = loadFromUrl(str);
            if (str2 == null) {
                charArray = null;
            } else {
                try {
                    charArray = str2.equals("") ? null : str2.toCharArray();
                } catch (Throwable th) {
                    if (loadFromUrl != null) {
                        try {
                            loadFromUrl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
            char[] cArr = charArray;
            char[] charArray2 = str3 == null ? cArr : str3.equals("") ? null : str3.toCharArray();
            KeyStore keyStore = KeyStore.getInstance(str4 != null ? str4 : KeyStore.getDefaultType());
            keyStore.load(loadFromUrl, cArr);
            MariaDbX509KeyManager mariaDbX509KeyManager = new MariaDbX509KeyManager(keyStore, charArray2);
            if (loadFromUrl != null) {
                loadFromUrl.close();
            }
            return mariaDbX509KeyManager;
        } catch (IOException | GeneralSecurityException e) {
            throw exceptionFactory.create("Failed to read keyStore file. Option keyStore=" + str, MysqlErrorNumbers.SQL_STATE_BAD_SSL_PARAMS, e);
        }
    }

    private static InputStream loadFromUrl(String str) throws FileNotFoundException {
        try {
            return new URI(str).toURL().openStream();
        } catch (Exception e) {
            return new FileInputStream(str);
        }
    }

    private static InputStream getInputStreamFromPath(String str) throws IOException {
        try {
            return new URI(str).toURL().openStream();
        } catch (Exception e) {
            if (str.startsWith("-----")) {
                return new ByteArrayInputStream(str.getBytes());
            }
            File file = new File(str);
            if (!file.exists() || file.isDirectory()) {
                throw new IOException(String.format("File not found for option `serverSslCert` (value: '%s')", str), e);
            }
            return file.toURI().toURL().openStream();
        }
    }

    @Override // fr.xephi.authme.libs.org.mariadb.jdbc.plugin.TlsSocketPlugin
    public String type() {
        return "DEFAULT";
    }

    @Override // fr.xephi.authme.libs.org.mariadb.jdbc.plugin.TlsSocketPlugin
    public SSLSocketFactory getSocketFactory(Configuration configuration, ExceptionFactory exceptionFactory) throws SQLException {
        X509TrustManager[] x509TrustManagerArr = null;
        KeyManager[] keyManagerArr = null;
        if (configuration.sslMode() == SslMode.TRUST) {
            x509TrustManagerArr = new X509TrustManager[]{new MariaDbX509TrustingManager()};
        } else if (configuration.serverSslCert() != null) {
            try {
                KeyStore keyStore = KeyStore.getInstance(configuration.trustStoreType() != null ? configuration.trustStoreType() : KeyStore.getDefaultType());
                try {
                    InputStream inputStreamFromPath = getInputStreamFromPath(configuration.serverSslCert());
                    try {
                        keyStore.load(null);
                        Iterator<? extends Certificate> it = CertificateFactory.getInstance("X.509").generateCertificates(inputStreamFromPath).iterator();
                        while (it.hasNext()) {
                            keyStore.setCertificateEntry(UUID.randomUUID().toString(), it.next());
                        }
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init(keyStore);
                        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                        int length = trustManagers.length;
                        int i = 0;
                        while (true) {
                            if (i >= length) {
                                break;
                            }
                            TrustManager trustManager = trustManagers[i];
                            if (trustManager instanceof X509TrustManager) {
                                x509TrustManagerArr = new X509TrustManager[]{(X509TrustManager) trustManager};
                                break;
                            }
                            i++;
                        }
                        if (x509TrustManagerArr == null) {
                            throw new SQLException("No X509TrustManager found");
                        }
                        if (inputStreamFromPath != null) {
                            inputStreamFromPath.close();
                        }
                    } catch (Throwable th) {
                        if (inputStreamFromPath != null) {
                            try {
                                inputStreamFromPath.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (IOException e) {
                    throw exceptionFactory.create("Failed load keyStore", MysqlErrorNumbers.SQL_STATE_BAD_SSL_PARAMS, e);
                } catch (GeneralSecurityException e2) {
                    throw exceptionFactory.create("Failed to store certificate from serverSslCert into a keyStore", MysqlErrorNumbers.SQL_STATE_BAD_SSL_PARAMS, e2);
                }
            } catch (GeneralSecurityException e3) {
                throw exceptionFactory.create("Failed to create keystore instance", MysqlErrorNumbers.SQL_STATE_BAD_SSL_PARAMS, e3);
            }
        }
        if (configuration.keyStore() != null) {
            keyManagerArr = new KeyManager[]{loadClientCerts(configuration.keyStore(), configuration.keyStorePassword(), configuration.keyPassword(), configuration.keyStoreType(), exceptionFactory)};
        } else {
            String property = System.getProperty("javax.net.ssl.keyStore");
            String property2 = System.getProperty("javax.net.ssl.keyStorePassword", configuration.keyStorePassword());
            String property3 = System.getProperty("javax.net.ssl.keyStoreType", configuration.keyStoreType());
            if (property != null) {
                try {
                    keyManagerArr = new KeyManager[]{loadClientCerts(property, property2, property2, property3, exceptionFactory)};
                } catch (SQLException e4) {
                    keyManagerArr = null;
                    logger.error("Error loading key manager from system properties", e4);
                }
            }
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, x509TrustManagerArr, null);
            return sSLContext.getSocketFactory();
        } catch (KeyManagementException e5) {
            throw exceptionFactory.create("Could not initialize SSL context", MysqlErrorNumbers.SQL_STATE_BAD_SSL_PARAMS, e5);
        } catch (NoSuchAlgorithmException e6) {
            throw exceptionFactory.create("SSLContext TLS Algorithm not unknown", MysqlErrorNumbers.SQL_STATE_BAD_SSL_PARAMS, e6);
        }
    }

    @Override // fr.xephi.authme.libs.org.mariadb.jdbc.plugin.TlsSocketPlugin
    public void verify(String str, SSLSession sSLSession, long j) throws SSLException {
        try {
            HostnameVerifier.verify(str, (X509Certificate) sSLSession.getPeerCertificates()[0], j);
        } catch (SSLException e) {
            logger.info(e.getMessage(), e);
            throw e;
        }
    }
}
