package com.mapd.common;

import java.io.FileInputStream;
import java.net.InetAddress;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.HttpClients;
import org.apache.thrift.TException;
import org.apache.thrift.transport.THttpClient;
import org.apache.thrift.transport.TSSLTransportFactory;
import org.apache.thrift.transport.TServerSocket;
import org.apache.thrift.transport.TServerTransport;
import org.apache.thrift.transport.TSocket;
import org.apache.thrift.transport.TTransport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mapd/common/SockTransportProperties.class */
public class SockTransportProperties {
    static final Logger HEAVYDBLOGGER = LoggerFactory.getLogger(SockTransportProperties.class);
    private TrustManager[] trustManagers;
    private TransportType transportType;
    private KeyManager[] keyManagers;
    private String key_store_name;
    private char[] key_store_password;
    X509HostnameVerifier x509HostnameVerifier_;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/mapd/common/SockTransportProperties$TransportType.class */
    public enum TransportType {
        encryptedServer,
        unencryptedServer,
        unencryptedClient,
        encryptedClientDefaultTrustStore,
        encryptedClientSpecifiedTrustStore
    }

    public static SockTransportProperties getUnencryptedClient() throws Exception {
        return new SockTransportProperties(TransportType.unencryptedClient, false);
    }

    public static SockTransportProperties getEncryptedClientDefaultTrustStore(boolean z) throws Exception {
        return new SockTransportProperties(TransportType.encryptedClientDefaultTrustStore, z);
    }

    public static SockTransportProperties getEncryptedClientSpecifiedTrustStore(String str, String str2) throws Exception {
        return getEncryptedClientSpecifiedTrustStore(str, str2, true);
    }

    public static SockTransportProperties getEncryptedClientSpecifiedTrustStore(String str, String str2, boolean z) throws Exception {
        return new SockTransportProperties(TransportType.encryptedClientSpecifiedTrustStore, str, str2, z);
    }

    public static SockTransportProperties getEncryptedServer(String str, String str2) throws Exception {
        if (str != null && str2 != null) {
            return new SockTransportProperties(TransportType.encryptedServer, str, str2, false);
        }
        String str3 = new String("Invalid null parameter(s) used for getEncryptedServer. Both keyStoreName and keyStorePassword must be specified");
        RuntimeException runtimeException = new RuntimeException(str3);
        HEAVYDBLOGGER.error(str3, runtimeException);
        throw runtimeException;
    }

    public static SockTransportProperties getUnecryptedServer() throws Exception {
        return new SockTransportProperties(TransportType.unencryptedServer, false);
    }

    public SockTransportProperties(String str, String str2) throws Exception {
        this(TransportType.encryptedClientSpecifiedTrustStore, str, str2, true);
    }

    private SockTransportProperties(TransportType transportType, String str, String str2, boolean z) throws Exception {
        this.transportType = null;
        this.key_store_name = null;
        this.key_store_password = null;
        this.x509HostnameVerifier_ = SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
        this.x509HostnameVerifier_ = z ? SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER : SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
        this.transportType = transportType;
        char[] charArray = "".toCharArray();
        if (str2 != null && !str2.isEmpty()) {
            charArray = str2.toCharArray();
        }
        switch (this.transportType) {
            case encryptedServer:
                this.key_store_password = charArray;
                this.key_store_name = str;
                return;
            case encryptedClientSpecifiedTrustStore:
                if (str == null) {
                    initializeAcceptedIssuers(null);
                    return;
                }
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                try {
                    keyStore.load(new FileInputStream(str), charArray);
                    initializeAcceptedIssuers(keyStore);
                    return;
                } catch (Exception e) {
                    HEAVYDBLOGGER.error(new String("Error loading key/trust store [" + str + "]"), e);
                    throw e;
                }
            default:
                String str3 = new String("Invalid transportType [" + this.transportType + "] used in constructor");
                RuntimeException runtimeException = new RuntimeException(str3);
                HEAVYDBLOGGER.error(str3, runtimeException);
                throw runtimeException;
        }
    }

    private SockTransportProperties(TransportType transportType, boolean z) throws Exception {
        this.transportType = null;
        this.key_store_name = null;
        this.key_store_password = null;
        this.x509HostnameVerifier_ = SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
        this.x509HostnameVerifier_ = z ? SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER : SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
        this.transportType = transportType;
        switch (transportType) {
            case encryptedClientDefaultTrustStore:
                initializeAcceptedIssuers((KeyStore) null);
                return;
            case unencryptedClient:
            case unencryptedServer:
                return;
            default:
                String str = new String("Invalid transportType [" + transportType + "] used in constructor");
                RuntimeException runtimeException = new RuntimeException(str);
                HEAVYDBLOGGER.error(str, runtimeException);
                throw runtimeException;
        }
    }

    private void initializeAcceptedIssuers(KeyStore keyStore) throws Exception {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
        trustManagerFactory.init(keyStore);
        this.trustManagers = trustManagerFactory.getTrustManagers();
    }

    public TTransport openClientTransport(String str, int i) throws TException {
        TTransport tSocket;
        switch (this.transportType) {
            case encryptedClientSpecifiedTrustStore:
            case encryptedClientDefaultTrustStore:
                tSocket = openBinaryEncrypted(str, i);
                break;
            case unencryptedClient:
                tSocket = new TSocket(str, i);
                break;
            default:
                String str2 = new String("Invalid transportType [" + this.transportType + "] used in openClientTransport");
                RuntimeException runtimeException = new RuntimeException(str2);
                HEAVYDBLOGGER.error(str2, runtimeException);
                throw runtimeException;
        }
        return tSocket;
    }

    private TTransport openBinaryEncrypted(String str, int i) throws TException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, this.trustManagers, new SecureRandom());
            SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(str, i);
            sSLSocket.setSoTimeout(0);
            return new TSocket(sSLSocket);
        } catch (Exception e) {
            String str2 = new String("Error openBinaryEncrypted [" + str + ":" + i + "] used in openClientTransport - ") + e.toString();
            RuntimeException runtimeException = new RuntimeException(str2);
            HEAVYDBLOGGER.error(str2, runtimeException);
            throw runtimeException;
        }
    }

    public TTransport openHttpsClientTransport(String str, int i) throws Exception {
        if (this.transportType != TransportType.encryptedClientDefaultTrustStore && this.transportType != TransportType.encryptedClientSpecifiedTrustStore) {
            String str2 = new String("Invalid transportType [" + this.transportType + "] used in openHttpsClientTransport");
            RuntimeException runtimeException = new RuntimeException(str2);
            HEAVYDBLOGGER.error(str2, runtimeException);
            throw runtimeException;
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, this.trustManagers, new SecureRandom());
            return new THttpClient("https://" + str + ":" + i, HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(sSLContext, this.x509HostnameVerifier_)).build());
        } catch (Exception e) {
            HEAVYDBLOGGER.error(new String("Exception:" + e.getClass().getCanonicalName() + " thrown. Unable to create Secure socket for the HTTPS connection"), e);
            throw e;
        }
    }

    public TTransport openHttpClientTransport(String str, int i) throws TException {
        if (this.transportType == TransportType.unencryptedClient) {
            return new THttpClient("http://" + str + ":" + i);
        }
        String str2 = new String("Invalid transportType [" + this.transportType + "] used in openHttpClientTransport");
        RuntimeException runtimeException = new RuntimeException(str2);
        HEAVYDBLOGGER.error(str2, runtimeException);
        throw runtimeException;
    }

    public TServerTransport openServerTransport(int i) throws TException {
        if (this.transportType == TransportType.encryptedServer) {
            return openServerTransportEncrypted(i);
        }
        if (this.transportType == TransportType.unencryptedServer) {
            return new TServerSocket(i);
        }
        String str = new String("Invalid transportType [" + this.transportType + "] used in openServerTransport");
        RuntimeException runtimeException = new RuntimeException(str);
        HEAVYDBLOGGER.error(str, runtimeException);
        throw runtimeException;
    }

    private TServerTransport openServerTransportEncrypted(int i) throws TException {
        TSSLTransportFactory.TSSLTransportParameters tSSLTransportParameters = new TSSLTransportFactory.TSSLTransportParameters();
        tSSLTransportParameters.setKeyStore(this.key_store_name, this.key_store_password != null ? new String(this.key_store_password) : null);
        tSSLTransportParameters.requireClientAuth(false);
        return TSSLTransportFactory.getServerSocket(i, 0, (InetAddress) null, tSSLTransportParameters);
    }
}
