package com.mysql.cj.core.io;

import com.mysql.cj.api.MysqlConnection;
import com.mysql.cj.api.conf.PropertySet;
import com.mysql.cj.api.exceptions.ExceptionInterceptor;
import com.mysql.cj.api.io.SocketConnection;
import com.mysql.cj.api.io.SocketFactory;
import com.mysql.cj.core.ServerVersion;
import com.mysql.cj.core.conf.PropertyDefinitions;
import com.mysql.cj.core.exceptions.ExceptionFactory;
import com.mysql.cj.core.exceptions.FeatureNotAvailableException;
import com.mysql.cj.core.exceptions.RSAException;
import com.mysql.cj.core.exceptions.SSLParamsException;
import com.mysql.cj.core.util.Base64Decoder;
import com.mysql.cj.core.util.StringUtils;
import com.mysql.cj.core.util.Util;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.SocketException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Properties;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:WEB-INF/lib/mysql-connector-java-6.0.6.jar:com/mysql/cj/core/io/ExportControlled.class */
public class ExportControlled {

    /* loaded from: input_file:WEB-INF/lib/mysql-connector-java-6.0.6.jar:com/mysql/cj/core/io/ExportControlled$StandardSSLSocketFactory.class */
    public static class StandardSSLSocketFactory implements SocketFactory {
        private SSLSocket rawSocket = null;
        private final SSLSocketFactory sslFact;
        private final SocketFactory existingSocketFactory;
        private final Socket existingSocket;

        public StandardSSLSocketFactory(SSLSocketFactory sSLSocketFactory, SocketFactory socketFactory, Socket socket) {
            this.sslFact = sSLSocketFactory;
            this.existingSocketFactory = socketFactory;
            this.existingSocket = socket;
        }

        @Override // com.mysql.cj.api.io.SocketFactory
        public Socket afterHandshake() throws SocketException, IOException {
            this.existingSocketFactory.afterHandshake();
            return this.rawSocket;
        }

        @Override // com.mysql.cj.api.io.SocketFactory
        public Socket beforeHandshake() throws SocketException, IOException {
            return this.rawSocket;
        }

        @Override // com.mysql.cj.api.io.SocketFactory
        public Socket connect(String str, int i, Properties properties, int i2) throws SocketException, IOException {
            this.rawSocket = (SSLSocket) this.sslFact.createSocket(this.existingSocket, str, i, true);
            return this.rawSocket;
        }

        @Override // com.mysql.cj.api.io.SocketMetadata
        public boolean isLocallyConnected(MysqlConnection mysqlConnection) {
            return this.existingSocketFactory.isLocallyConnected(mysqlConnection);
        }
    }

    public static boolean enabled() {
        return true;
    }

    public static void transformSocketToSSLSocket(SocketConnection socketConnection, ServerVersion serverVersion) throws IOException, SSLParamsException, FeatureNotAvailableException {
        StandardSSLSocketFactory standardSSLSocketFactory = new StandardSSLSocketFactory(getSSLSocketFactoryDefaultOrConfigured(socketConnection.getPropertySet(), socketConnection.getExceptionInterceptor()), socketConnection.getSocketFactory(), socketConnection.getMysqlSocket());
        socketConnection.setMysqlSocket(standardSSLSocketFactory.connect(socketConnection.getHost(), socketConnection.getPort(), null, 0));
        ArrayList arrayList = new ArrayList();
        List asList = Arrays.asList(((SSLSocket) socketConnection.getMysqlSocket()).getSupportedProtocols());
        for (String str : (serverVersion.meetsMinimum(ServerVersion.parseVersion("5.6.0")) && Util.isEnterpriseEdition(serverVersion.toString())) ? new String[]{"TLSv1.2", "TLSv1.1", "TLSv1"} : new String[]{"TLSv1.1", "TLSv1"}) {
            if (asList.contains(str)) {
                arrayList.add(str);
            }
        }
        ((SSLSocket) socketConnection.getMysqlSocket()).setEnabledProtocols((String[]) arrayList.toArray(new String[0]));
        String value = socketConnection.getPropertySet().getStringReadableProperty(PropertyDefinitions.PNAME_enabledSSLCipherSuites).getValue();
        if (value != null && value.length() > 0) {
            ArrayList arrayList2 = new ArrayList();
            List asList2 = Arrays.asList(((SSLSocket) socketConnection.getMysqlSocket()).getEnabledCipherSuites());
            for (String str2 : value.split("\\s*,\\s*")) {
                if (asList2.contains(str2)) {
                    arrayList2.add(str2);
                }
            }
            ((SSLSocket) socketConnection.getMysqlSocket()).setEnabledCipherSuites((String[]) arrayList2.toArray(new String[0]));
        } else if (!serverVersion.meetsMinimum(ServerVersion.parseVersion("5.7.6")) && ((!serverVersion.meetsMinimum(ServerVersion.parseVersion("5.6.26")) || serverVersion.meetsMinimum(ServerVersion.parseVersion("5.7.0"))) && (!serverVersion.meetsMinimum(ServerVersion.parseVersion("5.5.45")) || serverVersion.meetsMinimum(ServerVersion.parseVersion("5.6.0"))))) {
            ArrayList arrayList3 = new ArrayList();
            for (String str3 : ((SSLSocket) socketConnection.getMysqlSocket()).getEnabledCipherSuites()) {
                if (str3.indexOf("_DHE_") == -1 && str3.indexOf("_DH_") == -1) {
                    arrayList3.add(str3);
                }
            }
            ((SSLSocket) socketConnection.getMysqlSocket()).setEnabledCipherSuites((String[]) arrayList3.toArray(new String[0]));
        }
        ((SSLSocket) socketConnection.getMysqlSocket()).startHandshake();
        if (socketConnection.getPropertySet().getBooleanReadableProperty(PropertyDefinitions.PNAME_useUnbufferedInput).getValue().booleanValue()) {
            socketConnection.setMysqlInput(socketConnection.getMysqlSocket().getInputStream());
        } else {
            socketConnection.setMysqlInput(new BufferedInputStream(socketConnection.getMysqlSocket().getInputStream(), 16384));
        }
        socketConnection.setMysqlOutput(new BufferedOutputStream(socketConnection.getMysqlSocket().getOutputStream(), 16384));
        socketConnection.getMysqlOutput().flush();
        socketConnection.setSocketFactory(standardSSLSocketFactory);
    }

    private ExportControlled() {
    }

    private static SSLSocketFactory getSSLSocketFactoryDefaultOrConfigured(PropertySet propertySet, ExceptionInterceptor exceptionInterceptor) throws SSLParamsException {
        String value = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_clientCertificateKeyStoreUrl).getValue();
        String value2 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_trustCertificateKeyStoreUrl).getValue();
        return (StringUtils.isNullOrEmpty(value) && StringUtils.isNullOrEmpty(value2) && propertySet.getBooleanReadableProperty(PropertyDefinitions.PNAME_verifyServerCertificate).getValue().booleanValue()) ? (SSLSocketFactory) SSLSocketFactory.getDefault() : getSSLContext(value, propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_clientCertificateKeyStoreType).getValue(), propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_clientCertificateKeyStorePassword).getValue(), value2, propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_trustCertificateKeyStoreType).getValue(), propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_trustCertificateKeyStorePassword).getValue(), propertySet.getBooleanReadableProperty(PropertyDefinitions.PNAME_verifyServerCertificate).getValue().booleanValue(), exceptionInterceptor).getSocketFactory();
    }

    public static SSLContext getSSLContext(String str, String str2, String str3, String str4, String str5, String str6, boolean z, ExceptionInterceptor exceptionInterceptor) throws SSLParamsException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            if (!StringUtils.isNullOrEmpty(str)) {
                InputStream inputStream = null;
                try {
                    try {
                        try {
                            try {
                                try {
                                    if (!StringUtils.isNullOrEmpty(str2)) {
                                        KeyStore keyStore = KeyStore.getInstance(str2);
                                        URL url = new URL(str);
                                        char[] charArray = str3 == null ? new char[0] : str3.toCharArray();
                                        inputStream = url.openStream();
                                        keyStore.load(inputStream, charArray);
                                        keyManagerFactory.init(keyStore, charArray);
                                    }
                                } finally {
                                }
                            } catch (NoSuchAlgorithmException e) {
                                throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, "Unsupported keystore algorithm [" + e.getMessage() + "]", e, exceptionInterceptor));
                            }
                        } catch (UnrecoverableKeyException e2) {
                            throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, "Could not recover keys from client keystore.  Check password?", e2, exceptionInterceptor));
                        }
                    } catch (IOException e3) {
                        throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, "Cannot open " + str + " [" + e3.getMessage() + "]", e3, exceptionInterceptor));
                    } catch (KeyStoreException e4) {
                        throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + e4.getMessage() + "]", e4, exceptionInterceptor));
                    }
                } catch (MalformedURLException e5) {
                    throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, str + " does not appear to be a valid URL.", e5, exceptionInterceptor));
                } catch (CertificateException e6) {
                    throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, "Could not load client" + str2 + " keystore from " + str, e6, exceptionInterceptor));
                }
            }
            if (StringUtils.isNullOrEmpty(str4)) {
                try {
                    trustManagerFactory.init((KeyStore) null);
                } catch (KeyStoreException e7) {
                    throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + e7.getMessage() + "]", e7, exceptionInterceptor));
                }
            } else {
                InputStream inputStream2 = null;
                try {
                    try {
                        try {
                            try {
                                if (!StringUtils.isNullOrEmpty(str5)) {
                                    KeyStore keyStore2 = KeyStore.getInstance(str5);
                                    URL url2 = new URL(str4);
                                    char[] charArray2 = str6 == null ? new char[0] : str6.toCharArray();
                                    inputStream2 = url2.openStream();
                                    keyStore2.load(inputStream2, charArray2);
                                    trustManagerFactory.init(keyStore2);
                                }
                                if (inputStream2 != null) {
                                    try {
                                        inputStream2.close();
                                    } catch (IOException e8) {
                                    }
                                }
                            } catch (KeyStoreException e9) {
                                throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, "Could not create KeyStore instance [" + e9.getMessage() + "]", e9, exceptionInterceptor));
                            }
                        } catch (IOException e10) {
                            throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, "Cannot open " + str4 + " [" + e10.getMessage() + "]", e10, exceptionInterceptor));
                        } catch (CertificateException e11) {
                            throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, "Could not load trust" + str5 + " keystore from " + str4, e11, exceptionInterceptor));
                        }
                    } finally {
                        if (inputStream2 != null) {
                            try {
                                inputStream2.close();
                            } catch (IOException e12) {
                            }
                        }
                    }
                } catch (MalformedURLException e13) {
                    throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, str4 + " does not appear to be a valid URL.", e13, exceptionInterceptor));
                } catch (NoSuchAlgorithmException e14) {
                    throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, "Unsupported keystore algorithm [" + e14.getMessage() + "]", e14, exceptionInterceptor));
                }
            }
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(StringUtils.isNullOrEmpty(str) ? null : keyManagerFactory.getKeyManagers(), z ? trustManagerFactory.getTrustManagers() : new X509TrustManager[]{new X509TrustManager() { // from class: com.mysql.cj.core.io.ExportControlled.1
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str7) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str7) throws CertificateException {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                }}, null);
                return sSLContext;
            } catch (KeyManagementException e15) {
                throw new SSLParamsException("KeyManagementException: " + e15.getMessage(), e15);
            } catch (NoSuchAlgorithmException e16) {
                throw new SSLParamsException("TLS is not a valid SSL protocol.", e16);
            } catch (Exception e17) {
                throw new SSLParamsException("now what?", e17);
            }
        } catch (NoSuchAlgorithmException e18) {
            throw ((SSLParamsException) ExceptionFactory.createException(SSLParamsException.class, "Default algorithm definitions for TrustManager and/or KeyManager are invalid.  Check java security properties file.", e18, exceptionInterceptor));
        }
    }

    public static boolean isSSLEstablished(Socket socket) {
        return SSLSocket.class.isAssignableFrom(socket.getClass());
    }

    public static RSAPublicKey decodeRSAPublicKey(String str) throws RSAException {
        if (str == null) {
            throw ((RSAException) ExceptionFactory.createException(RSAException.class, "Key parameter is null"));
        }
        int indexOf = str.indexOf(IOUtils.LINE_SEPARATOR_UNIX) + 1;
        try {
            return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64Decoder.decode(str.getBytes(), indexOf, str.indexOf("-----END PUBLIC KEY-----") - indexOf)));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw ((RSAException) ExceptionFactory.createException(RSAException.class, "Unable to decode public key", e));
        }
    }

    public static byte[] encryptWithRSAPublicKey(byte[] bArr, RSAPublicKey rSAPublicKey) throws RSAException {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
            cipher.init(1, rSAPublicKey);
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw ((RSAException) ExceptionFactory.createException(RSAException.class, e.getMessage(), e));
        }
    }
}
