package com.databricks.jdbc.dbclient.impl.common;

import com.databricks.internal.apache.http.config.Registry;
import com.databricks.internal.apache.http.config.RegistryBuilder;
import com.databricks.internal.apache.http.conn.socket.ConnectionSocketFactory;
import com.databricks.internal.apache.http.conn.socket.PlainConnectionSocketFactory;
import com.databricks.internal.apache.http.conn.ssl.SSLConnectionSocketFactory;
import com.databricks.internal.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import com.databricks.internal.sdk.core.DatabricksException;
import com.databricks.jdbc.api.internal.IDatabricksConnectionContext;
import com.databricks.jdbc.common.DatabricksJdbcConstants;
import com.databricks.jdbc.common.util.SocketFactoryUtil;
import com.databricks.jdbc.log.JdbcLogger;
import com.databricks.jdbc.log.JdbcLoggerFactory;
import java.io.FileInputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.util.Arrays;
import java.util.Set;
import java.util.stream.Collectors;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/databricks/jdbc/dbclient/impl/common/ConfiguratorUtils.class */
public class ConfiguratorUtils {
    private static final JdbcLogger LOGGER = JdbcLoggerFactory.getLogger((Class<?>) ConfiguratorUtils.class);

    private static boolean isJDBCTestEnv() {
        return Boolean.parseBoolean(System.getenv(DatabricksJdbcConstants.IS_JDBC_TEST_ENV));
    }

    public static PoolingHttpClientConnectionManager getBaseConnectionManager(IDatabricksConnectionContext iDatabricksConnectionContext) {
        return isJDBCTestEnv() ? new PoolingHttpClientConnectionManager(SocketFactoryUtil.getTrustAllSocketFactoryRegistry()) : (iDatabricksConnectionContext.getSSLTrustStore() == null && iDatabricksConnectionContext.checkCertificateRevocation() && !iDatabricksConnectionContext.acceptUndeterminedCertificateRevocation()) ? new PoolingHttpClientConnectionManager() : new PoolingHttpClientConnectionManager(getConnectionSocketFactoryRegistry(iDatabricksConnectionContext));
    }

    public static Registry<ConnectionSocketFactory> getConnectionSocketFactoryRegistry(IDatabricksConnectionContext iDatabricksConnectionContext) {
        Set<TrustAnchor> trustAnchorsFromTrustStore = getTrustAnchorsFromTrustStore(loadTruststoreOrNull(iDatabricksConnectionContext));
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(buildTrustManagerParameters(trustAnchorsFromTrustStore, iDatabricksConnectionContext.checkCertificateRevocation(), iDatabricksConnectionContext.acceptUndeterminedCertificateRevocation()));
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            return RegistryBuilder.create().register(DatabricksJdbcConstants.HTTPS, new SSLConnectionSocketFactory(sSLContext)).register("http", new PlainConnectionSocketFactory()).build();
        } catch (Exception e) {
            LOGGER.error(e, "Error while building trust manager parameters");
            throw new DatabricksException("Error while building trust manager parameters", e);
        }
    }

    public static KeyStore loadTruststoreOrNull(IDatabricksConnectionContext iDatabricksConnectionContext) {
        if (iDatabricksConnectionContext.getSSLTrustStore() == null) {
            return null;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(iDatabricksConnectionContext.getSSLTrustStore());
            try {
                char[] cArr = null;
                if (iDatabricksConnectionContext.getSSLTrustStorePassword() != null) {
                    cArr = iDatabricksConnectionContext.getSSLTrustStorePassword().toCharArray();
                }
                KeyStore keyStore = KeyStore.getInstance(iDatabricksConnectionContext.getSSLTrustStoreType());
                keyStore.load(fileInputStream, cArr);
                fileInputStream.close();
                return keyStore;
            } finally {
            }
        } catch (Exception e) {
            LOGGER.error(e, "Error while loading truststore");
            throw new DatabricksException("Error while loading truststore", e);
        }
    }

    public static CertPathTrustManagerParameters buildTrustManagerParameters(Set<TrustAnchor> set, boolean z, boolean z2) {
        try {
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(set, new X509CertSelector());
            pKIXBuilderParameters.setRevocationEnabled(z);
            PKIXRevocationChecker pKIXRevocationChecker = (PKIXRevocationChecker) CertPathValidator.getInstance(DatabricksJdbcConstants.PKIX).getRevocationChecker();
            if (z2) {
                pKIXRevocationChecker.setOptions(Set.of(PKIXRevocationChecker.Option.SOFT_FAIL, PKIXRevocationChecker.Option.NO_FALLBACK, PKIXRevocationChecker.Option.PREFER_CRLS));
            }
            if (z) {
                pKIXBuilderParameters.addCertPathChecker(pKIXRevocationChecker);
            }
            return new CertPathTrustManagerParameters(pKIXBuilderParameters);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            LOGGER.error(e, "Error while building trust manager parameters");
            throw new DatabricksException("Error while building trust manager parameters", e);
        }
    }

    public static Set<TrustAnchor> getTrustAnchorsFromTrustStore(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return (Set) Arrays.stream(((X509TrustManager) trustManagerFactory.getTrustManagers()[0]).getAcceptedIssuers()).map(x509Certificate -> {
                return new TrustAnchor(x509Certificate, null);
            }).collect(Collectors.toSet());
        } catch (Exception e) {
            LOGGER.error(e, "Error while getting trust anchors from trust store");
            throw new DatabricksException("Error while getting trust anchors from trust store", e);
        }
    }
}
