package org.opengauss.ssl;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Properties;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.callback.CallbackHandler;
import org.openeuler.BGMProvider;
import org.opengauss.PGProperty;
import org.opengauss.jdbc.EscapedFunctions;
import org.opengauss.jdbc.SslMode;
import org.opengauss.log.Log;
import org.opengauss.log.Logger;
import org.opengauss.ssl.LibPQFactory;
import org.opengauss.ssl.NonValidatingFactory;
import org.opengauss.util.GT;
import org.opengauss.util.ObjectFactory;
import org.opengauss.util.PSQLException;
import org.opengauss.util.PSQLState;

/* loaded from: input_file:org/opengauss/ssl/LibPQTlcpFactory.class */
public class LibPQTlcpFactory extends WrappedFactory {
    LazyKeyManager signKm;
    LazyKeyManager encKm;
    private static Log LOGGER = Logger.getLogger(LibPQTlcpFactory.class.getName());

    /* JADX WARN: Finally extract failed */
    public LibPQTlcpFactory(Properties properties) throws PSQLException {
        TrustManager[] trustManagers;
        CallbackHandler callbackHandler;
        try {
            KeyManager[] keyManagerArr = null;
            SslMode of = SslMode.of(properties);
            Security.insertProviderAt(new BGMProvider(), 1);
            SSLContext sSLContext = SSLContext.getInstance("GMTLS");
            String property = System.getProperty("file.separator");
            boolean z = false;
            boolean z2 = false;
            String str = System.getProperty("os.name").toLowerCase().contains("windows") ? System.getenv("APPDATA") + property + "postgresql" + property : System.getProperty("user.home") + property + ".postgresql" + property;
            String str2 = PGProperty.SSL_ROOT_CERT.get(properties);
            str2 = str2 == null ? str + "root.crt" : str2;
            String str3 = PGProperty.SSL_CERT.get(properties);
            if (str3 == null) {
                z = true;
                str3 = str + "postgresql.crt";
            }
            String str4 = PGProperty.SSL_ENC_CERT.get(properties);
            if (str4 == null) {
                z2 = true;
                str4 = str + "postgresql_enc.crt";
            }
            String str5 = PGProperty.SSL_KEY.get(properties);
            if (str5 == null) {
                z = true;
                str5 = str + "postgresql.pk8";
            }
            String str6 = PGProperty.SSL_ENC_KEY.get(properties);
            if (str6 == null) {
                z2 = true;
                str6 = str + "postgresql_enc.pk8";
            }
            if (of.verifyCertificate()) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
                try {
                    KeyStore keyStore = KeyStore.getInstance("jks");
                    try {
                        FileInputStream fileInputStream = new FileInputStream(str2);
                        try {
                            try {
                                Object[] array = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream).toArray(new Certificate[0]);
                                keyStore.load(null, null);
                                for (int i = 0; i < array.length; i++) {
                                    keyStore.setCertificateEntry("cert" + i, (Certificate) array[i]);
                                }
                                trustManagerFactory.init(keyStore);
                                try {
                                    fileInputStream.close();
                                } catch (IOException e) {
                                    LOGGER.trace("Catch IOException on close:", e);
                                }
                                trustManagers = trustManagerFactory.getTrustManagers();
                            } catch (Throwable th) {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e2) {
                                    LOGGER.trace("Catch IOException on close:", e2);
                                }
                                throw th;
                            }
                        } catch (IOException e3) {
                            throw new PSQLException(GT.tr("Could not read SSL root certificate file {0}.", str2), PSQLState.CONNECTION_FAILURE, e3);
                        } catch (GeneralSecurityException e4) {
                            throw new PSQLException(GT.tr("Loading the SSL root certificate {0} into a TrustManager failed.", str2), PSQLState.CONNECTION_FAILURE, e4);
                        }
                    } catch (FileNotFoundException e5) {
                        throw new PSQLException(GT.tr("Could not open SSL root certificate file {0}.", str2), PSQLState.CONNECTION_FAILURE, e5);
                    }
                } catch (KeyStoreException e6) {
                    throw new NoSuchAlgorithmException("jks KeyStore not available");
                }
            } else {
                trustManagers = new TrustManager[]{new NonValidatingFactory.NonValidatingTM()};
            }
            String str7 = PGProperty.SSL_PASSWORD_CALLBACK.get(properties);
            if (str7 != null) {
                try {
                    callbackHandler = (CallbackHandler) ObjectFactory.instantiate(CallbackHandler.class, str7, properties, false, null);
                } catch (Exception e7) {
                    throw new PSQLException(GT.tr("The password callback class provided {0} could not be instantiated.", str7), PSQLState.CONNECTION_FAILURE, e7);
                }
            } else {
                callbackHandler = new LibPQFactory.ConsoleCallbackHandler(PGProperty.SSL_PASSWORD.get(properties));
            }
            this.signKm = new LazyKeyManager("".equals(str3) ? null : str3, "".equals(str5) ? null : str5, callbackHandler, z, PGProperty.SSL_PRIVATEKEY_FACTORY.get(properties));
            this.encKm = new LazyKeyManager("".equals(str4) ? null : str4, "".equals(str6) ? null : str6, callbackHandler, z2, PGProperty.SSL_PRIVATEKEY_FACTORY.get(properties));
            try {
                try {
                    try {
                        try {
                            PrivateKey privateKey = this.signKm.getPrivateKey("signKey");
                            PrivateKey privateKey2 = this.encKm.getPrivateKey("encKey");
                            if (privateKey == null || privateKey2 == null) {
                                throwKeyManagerException();
                            } else {
                                KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
                                keyStore2.load(null);
                                keyStore2.setKeyEntry(EscapedFunctions.SIGN, privateKey, null, this.signKm.getCertificateChain("signCert"));
                                keyStore2.setKeyEntry("enc", privateKey2, null, this.encKm.getCertificateChain("encCert"));
                                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                                keyManagerFactory.init(keyStore2, null);
                                keyManagerArr = keyManagerFactory.getKeyManagers();
                            }
                            try {
                                sSLContext.init(keyManagerArr, trustManagers, null);
                                this._factory = sSLContext.getSocketFactory();
                            } catch (KeyManagementException e8) {
                                throw new PSQLException(GT.tr("Could not initialize SSL context.", new Object[0]), PSQLState.CONNECTION_FAILURE, e8);
                            }
                        } catch (IOException e9) {
                            throw new PSQLException(GT.tr("Some io errors occur during the keystore loading phase: {0}.", e9.getMessage()), PSQLState.CONNECTION_FAILURE, e9);
                        }
                    } catch (KeyStoreException e10) {
                        throw new PSQLException(GT.tr("Could not finish keystore processing: {0}.", e10.getMessage()), PSQLState.CONNECTION_FAILURE, e10);
                    }
                } catch (UnrecoverableKeyException e11) {
                    throw new PSQLException(GT.tr("Could not recover key during the keystore initialization phase: {0}.", e11.getMessage()), PSQLState.CONNECTION_FAILURE, e11);
                }
            } catch (CertificateException e12) {
                throw new PSQLException(GT.tr("Failed to verify tlcp certificates during the keystore loading phase: {0}.", e12.getMessage()), PSQLState.CONNECTION_FAILURE, e12);
            }
        } catch (NoSuchAlgorithmException e13) {
            throw new PSQLException(GT.tr("Could not find a java cryptographic algorithm: {0}.", e13.getMessage()), PSQLState.CONNECTION_FAILURE, e13);
        }
    }

    public void throwKeyManagerException() throws PSQLException {
        if (this.signKm != null) {
            this.signKm.throwKeyManagerException();
        }
        if (this.encKm != null) {
            this.encKm.throwKeyManagerException();
        }
    }
}
