package org.apache.ignite.jdbc.thin;

import java.security.NoSuchAlgorithmException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.concurrent.Callable;
import javax.cache.configuration.Factory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import org.apache.ignite.IgniteException;
import org.apache.ignite.configuration.ClientConnectorConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.binary.BinaryMarshaller;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi;
import org.apache.ignite.spi.discovery.tcp.ipfinder.TcpDiscoveryIpFinder;
import org.apache.ignite.spi.discovery.tcp.ipfinder.vm.TcpDiscoveryVmIpFinder;
import org.apache.ignite.ssl.SslContextFactory;
import org.apache.ignite.testframework.GridTestUtils;

/* loaded from: input_file:org/apache/ignite/jdbc/thin/JdbcThinConnectionSSLTest.class */
public class JdbcThinConnectionSSLTest extends JdbcThinAbstractSelfTest {
    private static final TcpDiscoveryIpFinder IP_FINDER = new TcpDiscoveryVmIpFinder(true);
    private static final String CLI_KEY_STORE_PATH = U.getIgniteHome() + "/modules/clients/src/test/keystore/client.jks";
    private static final String SRV_KEY_STORE_PATH = U.getIgniteHome() + "/modules/clients/src/test/keystore/server.jks";
    private static final String TRUST_KEY_STORE_PATH = U.getIgniteHome() + "/modules/clients/src/test/keystore/trust-one.jks";
    private static Factory<SSLContext> sslCtxFactory;
    private static boolean setSslCtxFactoryToCli;
    private static boolean setSslCtxFactoryToIgnite;

    /* loaded from: input_file:org/apache/ignite/jdbc/thin/JdbcThinConnectionSSLTest$TestSSLFactory.class */
    public static class TestSSLFactory implements Factory<SSLSocketFactory> {
        /* renamed from: create, reason: merged with bridge method [inline-methods] */
        public SSLSocketFactory m129create() {
            return ((SSLContext) JdbcThinConnectionSSLTest.access$200().create()).getSocketFactory();
        }
    }

    protected IgniteConfiguration getConfiguration(String str) throws Exception {
        IgniteConfiguration configuration = super.getConfiguration(str);
        TcpDiscoverySpi tcpDiscoverySpi = new TcpDiscoverySpi();
        tcpDiscoverySpi.setIpFinder(IP_FINDER);
        configuration.setDiscoverySpi(tcpDiscoverySpi);
        configuration.setMarshaller(new BinaryMarshaller());
        configuration.setClientConnectorConfiguration(new ClientConnectorConfiguration().setSslEnabled(true).setUseIgniteSslContextFactory(setSslCtxFactoryToIgnite).setSslClientAuth(true).setSslContextFactory(setSslCtxFactoryToCli ? sslCtxFactory : null));
        configuration.setSslContextFactory(setSslCtxFactoryToIgnite ? sslCtxFactory : null);
        return configuration;
    }

    public void testConnection() throws Exception {
        setSslCtxFactoryToCli = true;
        sslCtxFactory = getTestSslContextFactory();
        startGrids(1);
        try {
            Connection connection = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStorePassword=123456");
            Throwable th = null;
            try {
                checkConnection(connection);
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
            } finally {
            }
        } finally {
            stopAllGrids();
        }
    }

    public void testConnectionTrustAll() throws Exception {
        setSslCtxFactoryToCli = true;
        sslCtxFactory = getTestSslContextFactory();
        startGrids(1);
        try {
            Connection connection = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslTrustAll=true");
            Throwable th = null;
            try {
                checkConnection(connection);
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
            } finally {
            }
        } finally {
            stopAllGrids();
        }
    }

    public void testConnectionUseIgniteFactory() throws Exception {
        setSslCtxFactoryToIgnite = true;
        sslCtxFactory = getTestSslContextFactory();
        startGrids(1);
        try {
            Connection connection = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStorePassword=123456");
            Throwable th = null;
            try {
                checkConnection(connection);
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
            } finally {
            }
        } finally {
            stopAllGrids();
        }
    }

    public void testDefaultContext() throws Exception {
        SSLContext sSLContext = SSLContext.getDefault();
        SSLContext.setDefault((SSLContext) getTestSslContextFactory().create());
        setSslCtxFactoryToCli = true;
        sslCtxFactory = new Factory<SSLContext>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionSSLTest.1
            /* renamed from: create, reason: merged with bridge method [inline-methods] */
            public SSLContext m128create() {
                try {
                    return SSLContext.getDefault();
                } catch (NoSuchAlgorithmException e) {
                    throw new IgniteException(e);
                }
            }
        };
        startGrids(1);
        try {
            Connection connection = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require");
            Throwable th = null;
            try {
                checkConnection(connection);
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
            } finally {
            }
        } finally {
            stopAllGrids();
            SSLContext.setDefault(sSLContext);
        }
    }

    public void testContextFactory() throws Exception {
        setSslCtxFactoryToCli = true;
        sslCtxFactory = getTestSslContextFactory();
        startGrids(1);
        try {
            Connection connection = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslFactory=" + TestSSLFactory.class.getName());
            Throwable th = null;
            try {
                checkConnection(connection);
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
            } finally {
            }
        } finally {
            stopAllGrids();
        }
    }

    public void testSslServerAndPlainClient() throws Exception {
        setSslCtxFactoryToCli = true;
        sslCtxFactory = getTestSslContextFactory();
        startGrids(1);
        try {
            GridTestUtils.assertThrows(this.log, new Callable<Object>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionSSLTest.2
                @Override // java.util.concurrent.Callable
                public Object call() throws Exception {
                    DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1");
                    return null;
                }
            }, SQLException.class, "Failed to connect to Ignite cluster");
        } finally {
            stopAllGrids();
        }
    }

    public void testInvalidKeystoreConfig() throws Exception {
        setSslCtxFactoryToCli = true;
        startGrids(1);
        try {
            GridTestUtils.assertThrows(this.log, new Callable<Object>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionSSLTest.3
                @Override // java.util.concurrent.Callable
                public Object call() throws Exception {
                    DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslClientCertificateKeyStoreUrl=invalid_client_keystore_path&sslClientCertificateKeyStorePassword=123456&sslTrustCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStorePassword=123456");
                    return null;
                }
            }, SQLException.class, "Could not open client key store");
            GridTestUtils.assertThrows(this.log, new Callable<Object>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionSSLTest.4
                @Override // java.util.concurrent.Callable
                public Object call() throws Exception {
                    DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslClientCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=invalid_cli_passwd&sslTrustCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStorePassword=123456");
                    return null;
                }
            }, SQLException.class, "Could not open client key store");
            GridTestUtils.assertThrows(this.log, new Callable<Object>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionSSLTest.5
                @Override // java.util.concurrent.Callable
                public Object call() throws Exception {
                    DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslClientCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslTrustCertificateKeyStoreUrl=invalid_trust_keystore_path&sslTrustCertificateKeyStorePassword=123456");
                    return null;
                }
            }, SQLException.class, "Could not open trusted key store");
            GridTestUtils.assertThrows(this.log, new Callable<Object>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionSSLTest.6
                @Override // java.util.concurrent.Callable
                public Object call() throws Exception {
                    DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslClientCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslTrustCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStorePassword=invalid_trust_passwd");
                    return null;
                }
            }, SQLException.class, "Could not open trusted key store");
            GridTestUtils.assertThrows(this.log, new Callable<Object>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionSSLTest.7
                @Override // java.util.concurrent.Callable
                public Object call() throws Exception {
                    DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslClientCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslClientCertificateKeyStoreType=INVALID&sslTrustCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStorePassword=123456");
                    return null;
                }
            }, SQLException.class, "Could not create client KeyStore instance");
            GridTestUtils.assertThrows(this.log, new Callable<Object>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionSSLTest.8
                @Override // java.util.concurrent.Callable
                public Object call() throws Exception {
                    DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslClientCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslTrustCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStoreType=INVALID&sslTrustCertificateKeyStorePassword=123456");
                    return null;
                }
            }, SQLException.class, "Could not create trust KeyStore instance");
        } finally {
            stopAllGrids();
        }
    }

    public void testUnknownClientCertificate() throws Exception {
        setSslCtxFactoryToCli = true;
        sslCtxFactory = getTestSslContextFactory();
        startGrids(1);
        try {
            GridTestUtils.assertThrows(this.log, new Callable<Object>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionSSLTest.9
                @Override // java.util.concurrent.Callable
                public Object call() throws Exception {
                    DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslClientCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.TRUST_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslTrustCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStorePassword=123456");
                    return null;
                }
            }, SQLException.class, "Failed to SSL connect to server");
        } finally {
            stopAllGrids();
        }
    }

    public void testUnsupportedSslProtocol() throws Exception {
        setSslCtxFactoryToCli = true;
        sslCtxFactory = getTestSslContextFactory();
        startGrids(1);
        try {
            GridTestUtils.assertThrows(this.log, new Callable<Object>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionSSLTest.10
                @Override // java.util.concurrent.Callable
                public Object call() throws Exception {
                    DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslProtocol=TLSv1.3&sslClientCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslTrustCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStorePassword=123456");
                    return null;
                }
            }, SQLException.class, "TLSv1.3 is not a valid SSL protocol");
        } finally {
            stopAllGrids();
        }
    }

    public void testInvalidKeyAlgorithm() throws Exception {
        setSslCtxFactoryToCli = true;
        sslCtxFactory = getTestSslContextFactory();
        startGrids(1);
        try {
            GridTestUtils.assertThrows(this.log, new Callable<Object>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionSSLTest.11
                @Override // java.util.concurrent.Callable
                public Object call() throws Exception {
                    DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslKeyAlgorithm=INVALID&sslClientCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslTrustCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStorePassword=123456");
                    return null;
                }
            }, SQLException.class, "Default algorithm definitions for TrustManager and/or KeyManager are invalid");
        } finally {
            stopAllGrids();
        }
    }

    public void testInvalidKeyStoreType() throws Exception {
        setSslCtxFactoryToCli = true;
        sslCtxFactory = getTestSslContextFactory();
        startGrids(1);
        try {
            GridTestUtils.assertThrows(this.log, new Callable<Object>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionSSLTest.12
                @Override // java.util.concurrent.Callable
                public Object call() throws Exception {
                    DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslClientCertificateKeyStoreType=PKCS12&sslClientCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslTrustCertificateKeyStoreUrl=" + JdbcThinConnectionSSLTest.TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStorePassword=123456");
                    return null;
                }
            }, SQLException.class, "Could not open client key store");
        } finally {
            stopAllGrids();
        }
    }

    public void checkConnection(Connection connection) throws SQLException {
        assertEquals("PUBLIC", connection.getSchema());
        Statement createStatement = connection.createStatement();
        Throwable th = null;
        try {
            ResultSet executeQuery = createStatement.executeQuery("SELECT 1");
            assertTrue(executeQuery.next());
            assertEquals(1, executeQuery.getInt(1));
            if (createStatement != null) {
                if (0 == 0) {
                    createStatement.close();
                    return;
                }
                try {
                    createStatement.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (createStatement != null) {
                if (0 != 0) {
                    try {
                        createStatement.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    createStatement.close();
                }
            }
            throw th3;
        }
    }

    private static Factory<SSLContext> getTestSslContextFactory() {
        SslContextFactory sslContextFactory = new SslContextFactory();
        sslContextFactory.setKeyStoreFilePath(SRV_KEY_STORE_PATH);
        sslContextFactory.setKeyStorePassword("123456".toCharArray());
        sslContextFactory.setTrustStoreFilePath(TRUST_KEY_STORE_PATH);
        sslContextFactory.setTrustStorePassword("123456".toCharArray());
        return sslContextFactory;
    }

    static /* synthetic */ Factory access$200() {
        return getTestSslContextFactory();
    }
}
