package com.impossibl.postgres.protocol.ssl;

import com.impossibl.postgres.system.Configuration;
import com.impossibl.postgres.system.SystemSettings;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Collection;
import java.util.Iterator;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.callback.CallbackHandler;

/* loaded from: input_file:com/impossibl/postgres/protocol/ssl/SSLEngineFactory.class */
public class SSLEngineFactory {
    private static final String TRUST_MANAGER_FACTORY_TYPE = "PKIX";
    private static final String SSL_PROTOCOL = "TLS";
    private static final String KEY_STORE_TYPE = "JKS";
    private static final String CERTIFICATE_FACTORY_TYPE = "X.509";

    public static SSLEngine create(SSLMode sSLMode, Configuration configuration) throws IOException {
        TrustManager[] trustManagers;
        String str = (String) configuration.getSetting(SystemSettings.SSL_CRT_FILE);
        boolean z = 0 != 0 || SystemSettings.SSL_CRT_FILE.getDefault().equals(str);
        String str2 = (String) configuration.getSetting(SystemSettings.SSL_KEY_FILE);
        boolean z2 = z || SystemSettings.SSL_KEY_FILE.getDefault().equals(str2);
        Class cls = (Class) configuration.getSetting(SystemSettings.SSL_KEY_PASSWORD_CALLBACK);
        try {
            CallbackHandler callbackHandler = (CallbackHandler) cls.getConstructor(new Class[0]).newInstance(new Object[0]);
            if (callbackHandler instanceof ConfiguredCallbackHandler) {
                ((ConfiguredCallbackHandler) callbackHandler).init(configuration);
            }
            OnDemandKeyManager onDemandKeyManager = new OnDemandKeyManager(str, str2, callbackHandler, z2);
            if (sSLMode == SSLMode.VerifyCa || sSLMode == SSLMode.VerifyFull) {
                try {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TRUST_MANAGER_FACTORY_TYPE);
                    try {
                        KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE);
                        String str3 = (String) configuration.getSetting(SystemSettings.SSL_CA_CRT_FILE);
                        if (SystemSettings.SSL_CA_CRT_FILE.getDefault().equals(str3)) {
                            str3 = ((String) configuration.getSetting(SystemSettings.SSL_HOME_DIR)) + File.separator + str3;
                        }
                        try {
                            FileInputStream fileInputStream = new FileInputStream(str3);
                            try {
                                try {
                                    Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance(CERTIFICATE_FACTORY_TYPE).generateCertificates(fileInputStream);
                                    keyStore.load(null, null);
                                    Iterator<? extends Certificate> it2 = generateCertificates.iterator();
                                    int i = 0;
                                    while (it2.hasNext()) {
                                        keyStore.setCertificateEntry("cert" + i, it2.next());
                                        i++;
                                    }
                                    trustManagerFactory.init(keyStore);
                                    fileInputStream.close();
                                } catch (Throwable th) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                    throw th;
                                }
                            } catch (GeneralSecurityException e) {
                                throw new IOException("loading SSL root certificate failed", e);
                            }
                        } catch (FileNotFoundException e2) {
                            throw new IOException("cannot not open SSL root certificate file " + str3, e2);
                        } catch (IOException e3) {
                        }
                        trustManagers = trustManagerFactory.getTrustManagers();
                    } catch (KeyStoreException e4) {
                        throw new RuntimeException("keystore not available", e4);
                    }
                } catch (NoSuchAlgorithmException e5) {
                    throw new RuntimeException("trust manager not available", e5);
                }
            } else {
                trustManagers = new TrustManager[]{new NonValidatingTrustManager()};
            }
            try {
                SSLContext sSLContext = SSLContext.getInstance(SSL_PROTOCOL);
                try {
                    sSLContext.init(new KeyManager[]{onDemandKeyManager}, trustManagers, null);
                    SSLEngine createSSLEngine = sSLContext.createSSLEngine();
                    createSSLEngine.setUseClientMode(true);
                    return createSSLEngine;
                } catch (KeyManagementException e6) {
                    throw new IOException("ssl context initialization error", e6);
                }
            } catch (NoSuchAlgorithmException e7) {
                throw new IOException("ssl context not available", e7);
            }
        } catch (IllegalAccessException | InstantiationException | NoSuchMethodException | InvocationTargetException e8) {
            throw new IOException("Cannot instantiate provided password callback: " + cls.getName());
        }
    }
}
