package io.kestra.plugin.jdbc.postgresql;

import io.kestra.core.exceptions.IllegalVariableEvaluationException;
import io.kestra.core.runners.RunContext;
import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.security.Security;
import java.util.Locale;
import java.util.Properties;
import name.neuhalfen.projects.crypto.bouncycastle.openpgp.BouncyGPG;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;

/* loaded from: input_file:io/kestra/plugin/jdbc/postgresql/PostgresService.class */
public abstract class PostgresService {
    public static void handleSsl(Properties properties, RunContext runContext, PostgresConnectionInterface postgresConnectionInterface) throws IllegalVariableEvaluationException, IOException {
        if (postgresConnectionInterface.getSsl() != null && postgresConnectionInterface.getSsl().booleanValue()) {
            properties.put("ssl", "true");
        }
        if (postgresConnectionInterface.getSslMode() != null) {
            properties.put("sslmode", postgresConnectionInterface.getSslMode().name().toUpperCase(Locale.ROOT).replace("_", "-"));
        }
        if (postgresConnectionInterface.getSslRootCert() != null) {
            properties.put("sslrootcert", runContext.tempFile(runContext.render(postgresConnectionInterface.getSslRootCert()).getBytes(StandardCharsets.UTF_8), ".pem").toAbsolutePath().toString());
        }
        if (postgresConnectionInterface.getSslCert() != null) {
            properties.put("sslcert", runContext.tempFile(runContext.render(postgresConnectionInterface.getSslCert()).getBytes(StandardCharsets.UTF_8), ".pem").toAbsolutePath().toString());
        }
        if (postgresConnectionInterface.getSslKey() != null) {
            properties.put("sslkey", convertPrivateKey(runContext, postgresConnectionInterface.getSslKey(), postgresConnectionInterface.getSslKeyPassword()));
        }
        if (postgresConnectionInterface.getSslKeyPassword() != null) {
            properties.put("sslpassword", runContext.render(postgresConnectionInterface.getSslKeyPassword()));
        }
    }

    private static Object readPem(RunContext runContext, String str) throws IllegalVariableEvaluationException, IOException {
        StringReader stringReader = new StringReader(runContext.render(str));
        try {
            PEMParser pEMParser = new PEMParser(stringReader);
            try {
                Object readObject = pEMParser.readObject();
                pEMParser.close();
                stringReader.close();
                return readObject;
            } finally {
            }
        } catch (Throwable th) {
            try {
                stringReader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static synchronized void addProvider() {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            BouncyGPG.registerProvider();
        }
    }

    private static String convertPrivateKey(RunContext runContext, String str, String str2) throws IOException, IllegalVariableEvaluationException {
        PrivateKeyInfo privateKeyInfo;
        addProvider();
        Object readPem = readPem(runContext, str);
        if (!(readPem instanceof PEMEncryptedKeyPair)) {
            privateKeyInfo = ((PEMKeyPair) readPem).getPrivateKeyInfo();
        } else {
            if (str2 == null) {
                throw new IOException("Unable to import private key. Key is encrypted, but no password was provided.");
            }
            privateKeyInfo = ((PEMEncryptedKeyPair) readPem).decryptKeyPair(new JcePEMDecryptorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(str2.toCharArray())).getPrivateKeyInfo();
        }
        return runContext.tempFile(new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo).getEncoded(), ".der").toAbsolutePath().toString();
    }
}
