package com.firebolt.jdbc.client.config;

import com.firebolt.jdbc.client.config.socket.FireboltSSLSocketFactory;
import com.firebolt.jdbc.client.config.socket.FireboltSocketFactory;
import com.firebolt.jdbc.connection.settings.FireboltProperties;
import com.firebolt.jdbc.log.FireboltLogger;
import com.firebolt.jdbc.util.LoggerUtil;
import com.firebolt.shadow.okhttp3.ConnectionPool;
import com.firebolt.shadow.okhttp3.OkHttpClient;
import com.firebolt.shadow.org.apache.commons.lang3.StringUtils;
import java.beans.ConstructorProperties;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import lombok.Generated;

/* loaded from: input_file:com/firebolt/jdbc/client/config/OkHttpClientCreator.class */
public final class OkHttpClientCreator {
    private static final String SSL_STRICT_MODE = "strict";
    private static final String SSL_NONE_MODE = "none";
    private static final String TLS_PROTOCOL = "TLS";
    private static final String JKS_KEYSTORE_TYPE = "JKS";
    private static final String CERTIFICATE_TYPE_X_509 = "X.509";

    @Generated
    private static final FireboltLogger log = LoggerUtil.getLogger(OkHttpClientCreator.class.getName());
    static TrustManager[] trustAllCerts = {new X509TrustManager() { // from class: com.firebolt.jdbc.client.config.OkHttpClientCreator.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/firebolt/jdbc/client/config/OkHttpClientCreator$SSLConfig.class */
    public static final class SSLConfig {
        private final TrustManager[] trustManagers;
        private final KeyManager[] keyManagers;
        private final SecureRandom secureRandom;

        @Generated
        /* loaded from: input_file:com/firebolt/jdbc/client/config/OkHttpClientCreator$SSLConfig$SSLConfigBuilder.class */
        public static class SSLConfigBuilder {

            @Generated
            private TrustManager[] trustManagers;

            @Generated
            private KeyManager[] keyManagers;

            @Generated
            private SecureRandom secureRandom;

            @Generated
            SSLConfigBuilder() {
            }

            @Generated
            public SSLConfigBuilder trustManagers(TrustManager[] trustManagerArr) {
                this.trustManagers = trustManagerArr;
                return this;
            }

            @Generated
            public SSLConfigBuilder keyManagers(KeyManager[] keyManagerArr) {
                this.keyManagers = keyManagerArr;
                return this;
            }

            @Generated
            public SSLConfigBuilder secureRandom(SecureRandom secureRandom) {
                this.secureRandom = secureRandom;
                return this;
            }

            @Generated
            public SSLConfig build() {
                return new SSLConfig(this.trustManagers, this.keyManagers, this.secureRandom);
            }

            @Generated
            public String toString() {
                return "OkHttpClientCreator.SSLConfig.SSLConfigBuilder(trustManagers=" + Arrays.deepToString(this.trustManagers) + ", keyManagers=" + Arrays.deepToString(this.keyManagers) + ", secureRandom=" + this.secureRandom + ")";
            }
        }

        @Generated
        @ConstructorProperties({"trustManagers", "keyManagers", "secureRandom"})
        SSLConfig(TrustManager[] trustManagerArr, KeyManager[] keyManagerArr, SecureRandom secureRandom) {
            this.trustManagers = trustManagerArr;
            this.keyManagers = keyManagerArr;
            this.secureRandom = secureRandom;
        }

        @Generated
        public static SSLConfigBuilder builder() {
            return new SSLConfigBuilder();
        }

        @Generated
        public TrustManager[] getTrustManagers() {
            return this.trustManagers;
        }

        @Generated
        public KeyManager[] getKeyManagers() {
            return this.keyManagers;
        }

        @Generated
        public SecureRandom getSecureRandom() {
            return this.secureRandom;
        }

        @Generated
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof SSLConfig)) {
                return false;
            }
            SSLConfig sSLConfig = (SSLConfig) obj;
            if (!Arrays.deepEquals(getTrustManagers(), sSLConfig.getTrustManagers()) || !Arrays.deepEquals(getKeyManagers(), sSLConfig.getKeyManagers())) {
                return false;
            }
            SecureRandom secureRandom = getSecureRandom();
            SecureRandom secureRandom2 = sSLConfig.getSecureRandom();
            return secureRandom == null ? secureRandom2 == null : secureRandom.equals(secureRandom2);
        }

        @Generated
        public int hashCode() {
            int deepHashCode = (((1 * 59) + Arrays.deepHashCode(getTrustManagers())) * 59) + Arrays.deepHashCode(getKeyManagers());
            SecureRandom secureRandom = getSecureRandom();
            return (deepHashCode * 59) + (secureRandom == null ? 43 : secureRandom.hashCode());
        }

        @Generated
        public String toString() {
            return "OkHttpClientCreator.SSLConfig(trustManagers=" + Arrays.deepToString(getTrustManagers()) + ", keyManagers=" + Arrays.deepToString(getKeyManagers()) + ", secureRandom=" + getSecureRandom() + ")";
        }
    }

    public static OkHttpClient createClient(FireboltProperties fireboltProperties) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
        OkHttpClient.Builder connectionPool = new OkHttpClient.Builder().connectTimeout(fireboltProperties.getConnectionTimeoutMillis(), TimeUnit.MILLISECONDS).addInterceptor(new RetryInterceptor(fireboltProperties.getMaxRetries())).socketFactory(new FireboltSocketFactory(fireboltProperties)).readTimeout(fireboltProperties.getSocketTimeoutMillis(), TimeUnit.MILLISECONDS).connectionPool(new ConnectionPool(fireboltProperties.getMaxConnectionsTotal(), fireboltProperties.getKeepAliveTimeoutMillis(), TimeUnit.MILLISECONDS));
        Optional<SSLConfig> sSLConfig = getSSLConfig(fireboltProperties);
        if (sSLConfig.isPresent()) {
            SSLContext sSLContext = SSLContext.getInstance(TLS_PROTOCOL);
            SSLConfig sSLConfig2 = sSLConfig.get();
            sSLContext.init(sSLConfig2.getKeyManagers(), sSLConfig2.getTrustManagers(), sSLConfig2.secureRandom);
            connectionPool.sslSocketFactory(new FireboltSSLSocketFactory(fireboltProperties, sSLContext.getSocketFactory()), (X509TrustManager) sSLConfig2.trustManagers[0]);
        }
        Optional<HostnameVerifier> hostnameVerifier = getHostnameVerifier(fireboltProperties);
        Objects.requireNonNull(connectionPool);
        hostnameVerifier.ifPresent(connectionPool::hostnameVerifier);
        return connectionPool.build();
    }

    private static Optional<HostnameVerifier> getHostnameVerifier(FireboltProperties fireboltProperties) {
        return (fireboltProperties.isSsl() && SSL_NONE_MODE.equals(fireboltProperties.getSslMode())) ? Optional.of((str, sSLSession) -> {
            return true;
        }) : Optional.empty();
    }

    private static Optional<SSLConfig> getSSLConfig(FireboltProperties fireboltProperties) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
        TrustManager[] trustManagers;
        KeyManager[] keyManagerArr;
        SecureRandom secureRandom;
        if (!fireboltProperties.isSsl()) {
            return Optional.empty();
        }
        if (SSL_NONE_MODE.equals(fireboltProperties.getSslMode())) {
            trustManagers = trustAllCerts;
            keyManagerArr = new KeyManager[0];
            secureRandom = new SecureRandom();
        } else {
            if (!SSL_STRICT_MODE.equals(fireboltProperties.getSslMode())) {
                throw new IllegalArgumentException(String.format("The ssl mode %s does not exist", fireboltProperties.getSslMode()));
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(getKeyStore(fireboltProperties).orElse(null));
            trustManagers = trustManagerFactory.getTrustManagers();
            keyManagerArr = new KeyManager[0];
            secureRandom = new SecureRandom();
        }
        if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
            return Optional.of(SSLConfig.builder().keyManagers(keyManagerArr).trustManagers(trustManagers).secureRandom(secureRandom).build());
        }
        throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
    }

    private static Optional<KeyStore> getKeyStore(FireboltProperties fireboltProperties) throws NoSuchAlgorithmException, IOException, CertificateException, KeyStoreException {
        if (!StringUtils.isNotEmpty(fireboltProperties.getSslCertificatePath())) {
            return Optional.empty();
        }
        KeyStore keyStore = KeyStore.getInstance(JKS_KEYSTORE_TYPE);
        InputStream openSslFile = openSslFile(fireboltProperties);
        try {
            keyStore.load(null, null);
            int i = 0;
            Iterator<? extends Certificate> it = CertificateFactory.getInstance(CERTIFICATE_TYPE_X_509).generateCertificates(openSslFile).iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                keyStore.setCertificateEntry(String.format("Certificate_ %d)", Integer.valueOf(i2)), it.next());
            }
            Optional<KeyStore> of = Optional.of(keyStore);
            if (openSslFile != null) {
                openSslFile.close();
            }
            return of;
        } catch (Throwable th) {
            if (openSslFile != null) {
                try {
                    openSslFile.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static InputStream openSslFile(FireboltProperties fireboltProperties) throws IOException {
        InputStream resourceAsStream;
        try {
            resourceAsStream = new FileInputStream(fireboltProperties.getSslCertificatePath());
        } catch (FileNotFoundException e) {
            resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(fireboltProperties.getSslCertificatePath());
            if (resourceAsStream == null) {
                throw new IOException(String.format("Could not open SSL/TLS certificate file %s", fireboltProperties.getSslCertificatePath()), e);
            }
        }
        return resourceAsStream;
    }

    @Generated
    private OkHttpClientCreator() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
