package org.apache.ignite.internal.jdbc.thin;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.sql.SQLException;
import javax.cache.configuration.Factory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.ignite.IgniteException;
import org.apache.ignite.internal.IgniteKernal;
import org.apache.ignite.internal.processors.odbc.SqlStateCode;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.ssl.SslContextFactory;

/* loaded from: input_file:org/apache/ignite/internal/jdbc/thin/JdbcThinSSLUtil.class */
public class JdbcThinSSLUtil {
    private static final X509TrustManager TRUST_ALL_MANAGER = new X509TrustManager() { // from class: org.apache.ignite.internal.jdbc.thin.JdbcThinSSLUtil.1
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    };
    public static final char[] EMPTY_CHARS = new char[0];

    private JdbcThinSSLUtil() {
    }

    public static SSLSocket createSSLSocket(InetSocketAddress inetSocketAddress, ConnectionProperties connectionProperties) throws SQLException {
        try {
            SSLSocket sSLSocket = (SSLSocket) getSSLSocketFactory(connectionProperties).createSocket(inetSocketAddress.getAddress(), inetSocketAddress.getPort());
            sSLSocket.setUseClientMode(true);
            sSLSocket.startHandshake();
            return sSLSocket;
        } catch (IOException e) {
            throw new SQLException("Failed to SSL connect to server [url=" + connectionProperties.getUrl() + " address=" + inetSocketAddress + ']', SqlStateCode.CLIENT_CONNECTION_FAILED, e);
        }
    }

    private static SSLSocketFactory getSSLSocketFactory(ConnectionProperties connectionProperties) throws SQLException {
        String sslFactory = connectionProperties.getSslFactory();
        String sslCipherSuites = connectionProperties.getSslCipherSuites();
        String sslClientCertificateKeyStoreUrl = connectionProperties.getSslClientCertificateKeyStoreUrl();
        String sslClientCertificateKeyStorePassword = connectionProperties.getSslClientCertificateKeyStorePassword();
        String sslClientCertificateKeyStoreType = connectionProperties.getSslClientCertificateKeyStoreType();
        String sslTrustCertificateKeyStoreUrl = connectionProperties.getSslTrustCertificateKeyStoreUrl();
        String sslTrustCertificateKeyStorePassword = connectionProperties.getSslTrustCertificateKeyStorePassword();
        String sslTrustCertificateKeyStoreType = connectionProperties.getSslTrustCertificateKeyStoreType();
        String sslProtocol = connectionProperties.getSslProtocol();
        String sslKeyAlgorithm = connectionProperties.getSslKeyAlgorithm();
        if (!F.isEmpty(sslFactory)) {
            try {
                return (SSLSocketFactory) ((Factory) JdbcThinSSLUtil.class.getClassLoader().loadClass(sslFactory).newInstance()).create();
            } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                throw new SQLException("Could not fount SSL factory class: " + sslFactory, SqlStateCode.CLIENT_CONNECTION_FAILED, e);
            }
        }
        if (sslClientCertificateKeyStoreUrl == null && sslClientCertificateKeyStorePassword == null && sslClientCertificateKeyStoreType == null && sslTrustCertificateKeyStoreUrl == null && sslTrustCertificateKeyStorePassword == null && sslTrustCertificateKeyStoreType == null && sslProtocol == null && sslCipherSuites == null) {
            try {
                return SSLContext.getDefault().getSocketFactory();
            } catch (NoSuchAlgorithmException e2) {
                throw new SQLException("Could not create default SSL context", SqlStateCode.CLIENT_CONNECTION_FAILED, e2);
            }
        }
        if (sslClientCertificateKeyStoreUrl == null) {
            sslClientCertificateKeyStoreUrl = System.getProperty("javax.net.ssl.keyStore");
        }
        if (sslClientCertificateKeyStorePassword == null) {
            sslClientCertificateKeyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
        }
        if (sslClientCertificateKeyStoreType == null) {
            sslClientCertificateKeyStoreType = System.getProperty("javax.net.ssl.keyStoreType", SslContextFactory.DFLT_STORE_TYPE);
        }
        if (sslTrustCertificateKeyStoreUrl == null) {
            sslTrustCertificateKeyStoreUrl = System.getProperty("javax.net.ssl.trustStore");
        }
        if (sslTrustCertificateKeyStorePassword == null) {
            sslTrustCertificateKeyStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
        }
        if (sslTrustCertificateKeyStoreType == null) {
            sslTrustCertificateKeyStoreType = System.getProperty("javax.net.ssl.trustStoreType", SslContextFactory.DFLT_STORE_TYPE);
        }
        if (sslProtocol == null) {
            sslProtocol = SslContextFactory.DFLT_SSL_PROTOCOL;
        }
        if (sslKeyAlgorithm == null) {
            sslKeyAlgorithm = SslContextFactory.DFLT_KEY_ALGORITHM;
        }
        SslContextFactory sslContextFactory = new SslContextFactory();
        sslContextFactory.setProtocol(sslProtocol);
        sslContextFactory.setKeyAlgorithm(sslKeyAlgorithm);
        sslContextFactory.setKeyStoreFilePath(sslClientCertificateKeyStoreUrl);
        sslContextFactory.setKeyStoreType(sslClientCertificateKeyStoreType);
        sslContextFactory.setKeyStorePassword(sslClientCertificateKeyStorePassword == null ? EMPTY_CHARS : sslClientCertificateKeyStorePassword.toCharArray());
        if (connectionProperties.isSslTrustAll()) {
            sslContextFactory.setTrustManagers(TRUST_ALL_MANAGER);
        } else {
            sslContextFactory.setTrustStoreFilePath(sslTrustCertificateKeyStoreUrl);
            sslContextFactory.setTrustStoreType(sslTrustCertificateKeyStoreType);
            sslContextFactory.setTrustStorePassword(sslTrustCertificateKeyStorePassword == null ? EMPTY_CHARS : sslTrustCertificateKeyStorePassword.toCharArray());
        }
        if (!F.isEmpty(sslCipherSuites)) {
            sslContextFactory.setCipherSuites(sslCipherSuites.split(IgniteKernal.COORDINATOR_PROPERTIES_SEPARATOR));
        }
        try {
            return sslContextFactory.m2008create().getSocketFactory();
        } catch (IgniteException e3) {
            Throwable cause = e3.getCause();
            if (cause instanceof SSLException) {
                throw new SQLException(cause.getMessage(), SqlStateCode.CLIENT_CONNECTION_FAILED, e3);
            }
            throw new SQLException("Unknown error.", SqlStateCode.CLIENT_CONNECTION_FAILED, e3);
        }
    }
}
