package com.exasol.jdbc;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Properties;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/exasol/jdbc/EXASocketFactory.class */
public abstract class EXASocketFactory extends SocketFactory {
    private final String disableTLSChecksKeyword = "NOCERTCHECK";
    private String serverFingerprint = null;

    public abstract Socket createCustomSocket(InetAddress inetAddress, int i, int i2) throws IOException;

    public Socket createSSLSocket(Socket socket, Properties properties, KeyStore keyStore, String str, int i, String str2, String str3, boolean z) throws IOException {
        if (str3 != null) {
            try {
                if ("NOCERTCHECK".toUpperCase().equals(str3.toUpperCase())) {
                    str3 = null;
                    z = false;
                }
            } catch (KeyManagementException | NoSuchAlgorithmException e) {
                throw new IOException(e.getMessage());
            }
        }
        SSLContext sSLContext = SSLContext.getInstance(str2);
        sSLContext.init(null, TrustManagerCallback(keyStore, str3, z), null);
        SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(socket, str, i, true);
        SSLParameters sSLParameters = new SSLParameters();
        if (z && str3 == null) {
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
        }
        sSLSocket.setSSLParameters(sSLParameters);
        return sSLSocket;
    }

    public Socket createSSLSocket(Properties properties, KeyStore keyStore, InetAddress inetAddress, int i, String str, String str2, String str3, boolean z, int i2) throws IOException {
        if (str3 != null) {
            try {
                if ("NOCERTCHECK".toUpperCase().equals(str3.toUpperCase())) {
                    str3 = null;
                    z = false;
                }
            } catch (KeyManagementException | NoSuchAlgorithmException e) {
                throw new IOException(e.getMessage());
            }
        }
        SSLContext sSLContext = SSLContext.getInstance(str);
        sSLContext.init(null, TrustManagerCallback(keyStore, str3, z), null);
        SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket();
        SSLParameters sSLParameters = new SSLParameters();
        sSLParameters.setProtocols(new String[]{str2});
        if (z && str3 == null) {
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
        }
        sSLSocket.setSSLParameters(sSLParameters);
        sSLSocket.connect(new InetSocketAddress(inetAddress, i), i2);
        if (z && str3 == null) {
            TestConnection(sSLSocket, properties, inetAddress.getHostName());
        }
        return sSLSocket;
    }

    public Socket createSocket(InetAddress inetAddress, int i, int i2) throws IOException {
        if (i2 < 0) {
            throw new IllegalArgumentException("createSocket: connect timeout cannot be negative: " + i2);
        }
        Socket socket = new Socket();
        socket.connect(new InetSocketAddress(inetAddress, i), i2);
        return socket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        return createSocket(InetAddress.getByName(str), i, 0);
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        return createSocket(inetAddress, i, 0);
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        throw new UnsupportedOperationException();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String CertificateToHash(X509Certificate x509Certificate) throws IOException {
        try {
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(x509Certificate.getEncoded());
            StringBuilder sb = new StringBuilder();
            for (byte b : digest) {
                String hexString = Integer.toHexString(255 & b);
                if (hexString.length() == 1) {
                    sb.append('0');
                }
                sb.append(hexString);
            }
            return sb.toString().toUpperCase();
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            throw new IOException("[ERROR] Fingerprint could not be obtained from the certificate.");
        }
    }

    private void TestConnection(SSLSocket sSLSocket, Properties properties, String str) throws IOException {
        try {
            sSLSocket.startHandshake();
        } catch (Exception e) {
            if (this.serverFingerprint == null) {
                throw new IOException("TLS connection to host (" + str + ") failed: " + e.getLocalizedMessage());
            }
            String str2 = e.getLocalizedMessage().endsWith(".") ? "" : ".";
            String str3 = null;
            if (properties != null) {
                String property = properties.getProperty("url");
                if (property.contains(";")) {
                    property = property.split(";")[0];
                }
                if (property.contains("jdbc:exa:")) {
                    property = property.substring("jdbc:exa:".length());
                }
                int length = property.length();
                for (int i = 0; i < property.length(); i++) {
                    if (property.charAt(i) == ',' || property.charAt(i) == ':') {
                        length = i;
                        break;
                    }
                }
                str3 = length != property.length() ? property.substring(0, length) + "/" + this.serverFingerprint + property.substring(length) : property.substring(0, length) + "/" + this.serverFingerprint;
            }
            if (str3 == null) {
                throw new IOException("TLS connection to host (" + str + ") failed: " + e.getLocalizedMessage() + str2);
            }
            throw new IOException("TLS connection to host (" + str + ") failed: " + e.getLocalizedMessage() + str2 + " If you trust the server, you can include the fingerprint in the connection string: " + str3 + ". ");
        }
    }

    private TrustManager[] TrustManagerCallback(final KeyStore keyStore, final String str, boolean z) {
        return (str != null || z) ? str != null ? new TrustManager[]{new X509TrustManager() { // from class: com.exasol.jdbc.EXASocketFactory.2
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                if (x509CertificateArr.length <= 0) {
                    throw new CertificateException("[ERROR] Certificate was not received from the server.");
                }
                try {
                    EXASocketFactory.this.serverFingerprint = EXASocketFactory.this.CertificateToHash(x509CertificateArr[0]);
                    if (str.compareToIgnoreCase(EXASocketFactory.this.serverFingerprint) != 0) {
                        throw new CertificateException("[ERROR] Fingerprint did not match. The fingerprint provided: " + str.toUpperCase() + ". Server's certificate fingerprint: " + EXASocketFactory.this.serverFingerprint.toUpperCase() + ". ");
                    }
                } catch (IOException e) {
                    throw new CertificateException(e.getMessage());
                }
            }
        }} : new TrustManager[]{new X509TrustManager() { // from class: com.exasol.jdbc.EXASocketFactory.3
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                if (x509CertificateArr.length <= 0) {
                    throw new CertificateException("[ERROR] Certificate was not received from the server.");
                }
                try {
                    EXASocketFactory.this.serverFingerprint = EXASocketFactory.this.CertificateToHash(x509CertificateArr[0]);
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    ((X509TrustManager) trustManagerFactory.getTrustManagers()[0]).checkServerTrusted(x509CertificateArr, str2);
                } catch (Exception e) {
                    throw new CertificateException(e.getMessage());
                }
            }
        }} : new TrustManager[]{new X509TrustManager() { // from class: com.exasol.jdbc.EXASocketFactory.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) {
            }
        }};
    }
}
