package org.postgresql.ssl.jdbc4;

import java.io.Console;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Properties;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.postgresql.PGProperty;
import org.postgresql.ssl.MakeSSL;
import org.postgresql.ssl.NonValidatingFactory;
import org.postgresql.ssl.WrappedFactory;
import org.postgresql.util.GT;
import org.postgresql.util.PSQLException;
import org.postgresql.util.PSQLState;

/* loaded from: input_file:WEB-INF/lib/postgresql-9.4.1208.jre7.jar:org/postgresql/ssl/jdbc4/LibPQFactory.class */
public class LibPQFactory extends WrappedFactory implements HostnameVerifier {
    LazyKeyManager km;
    String sslmode;

    /* loaded from: input_file:WEB-INF/lib/postgresql-9.4.1208.jre7.jar:org/postgresql/ssl/jdbc4/LibPQFactory$ConsoleCallbackHandler.class */
    static class ConsoleCallbackHandler implements CallbackHandler {
        private char[] password;

        public ConsoleCallbackHandler(String str) {
            this.password = null;
            if (str != null) {
                this.password = str.toCharArray();
            }
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            Console console = System.console();
            if (console == null && this.password == null) {
                throw new UnsupportedCallbackException(callbackArr[0], "Console is not available");
            }
            for (Callback callback : callbackArr) {
                if (!(callback instanceof PasswordCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                if (this.password == null) {
                    ((PasswordCallback) callback).setPassword(console.readPassword("%s", ((PasswordCallback) callback).getPrompt()));
                } else {
                    ((PasswordCallback) callback).setPassword(this.password);
                }
            }
        }
    }

    public LibPQFactory(Properties properties) throws PSQLException {
        CallbackHandler callbackHandler;
        TrustManager[] trustManagers;
        this.km = null;
        try {
            this.sslmode = PGProperty.SSL_MODE.get(properties);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            String property = System.getProperty("file.separator");
            boolean z = false;
            String str = System.getProperty("os.name").toLowerCase().contains("windows") ? System.getenv("APPDATA") + property + "postgresql" + property : System.getProperty("user.home") + property + ".postgresql" + property;
            String str2 = PGProperty.SSL_CERT.get(properties);
            if (str2 == null) {
                z = true;
                str2 = str + "postgresql.crt";
            }
            String str3 = PGProperty.SSL_KEY.get(properties);
            if (str3 == null) {
                z = true;
                str3 = str + "postgresql.pk8";
            }
            String str4 = PGProperty.SSL_PASSWORD_CALLBACK.get(properties);
            if (str4 != null) {
                try {
                    callbackHandler = (CallbackHandler) MakeSSL.instantiate(str4, properties, false, null);
                } catch (Exception e) {
                    throw new PSQLException(GT.tr("The password callback class provided {0} could not be instantiated.", str4), PSQLState.CONNECTION_FAILURE, e);
                }
            } else {
                callbackHandler = new ConsoleCallbackHandler(PGProperty.SSL_PASSWORD.get(properties));
            }
            this.km = new LazyKeyManager("".equals(str2) ? null : str2, "".equals(str3) ? null : str3, callbackHandler, z);
            if ("verify-ca".equals(this.sslmode) || "verify-full".equals(this.sslmode)) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
                try {
                    KeyStore keyStore = KeyStore.getInstance("jks");
                    String str5 = PGProperty.SSL_ROOT_CERT.get(properties);
                    str5 = str5 == null ? str + "root.crt" : str5;
                    try {
                        FileInputStream fileInputStream = new FileInputStream(str5);
                        try {
                            try {
                                Object[] array = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream).toArray(new Certificate[0]);
                                fileInputStream.close();
                                keyStore.load(null, null);
                                for (int i = 0; i < array.length; i++) {
                                    keyStore.setCertificateEntry("cert" + i, (Certificate) array[i]);
                                }
                                trustManagerFactory.init(keyStore);
                                trustManagers = trustManagerFactory.getTrustManagers();
                            } catch (GeneralSecurityException e2) {
                                throw new PSQLException(GT.tr("Loading the SSL root certificate {0} into a TrustManager failed.", new Object[]{str5}), PSQLState.CONNECTION_FAILURE, e2);
                            }
                        } catch (IOException e3) {
                            throw new PSQLException(GT.tr("Could not read SSL root certificate file {0}.", new Object[]{str5}), PSQLState.CONNECTION_FAILURE, e3);
                        }
                    } catch (FileNotFoundException e4) {
                        throw new PSQLException(GT.tr("Could not open SSL root certificate file {0}.", new Object[]{str5}), PSQLState.CONNECTION_FAILURE, e4);
                    }
                } catch (KeyStoreException e5) {
                    throw new NoSuchAlgorithmException("jks KeyStore not available");
                }
            } else {
                trustManagers = new TrustManager[]{new NonValidatingFactory.NonValidatingTM()};
            }
            try {
                sSLContext.init(new KeyManager[]{this.km}, trustManagers, null);
                this._factory = sSLContext.getSocketFactory();
            } catch (KeyManagementException e6) {
                throw new PSQLException(GT.tr("Could not initialize SSL context.", (Object[]) null), PSQLState.CONNECTION_FAILURE, e6);
            }
        } catch (NoSuchAlgorithmException e7) {
            throw new PSQLException(GT.tr("Could not find a java cryptographic algorithm: {0}.", new Object[]{e7.getMessage()}), PSQLState.CONNECTION_FAILURE, e7);
        }
    }

    public void throwKeyManagerException() throws PSQLException {
        if (this.km != null) {
            this.km.throwKeyManagerException();
        }
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        try {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) sSLSession.getPeerCertificates();
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                return false;
            }
            try {
                String str2 = null;
                Iterator it2 = new LdapName(x509CertificateArr[0].getSubjectX500Principal().getName("RFC2253")).getRdns().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    Rdn rdn = (Rdn) it2.next();
                    if ("CN".equals(rdn.getType())) {
                        str2 = (String) rdn.getValue();
                        break;
                    }
                }
                if (str2 == null) {
                    return false;
                }
                return str2.startsWith("*") ? str.endsWith(str2.substring(1)) && !str.substring(0, (str.length() - str2.length()) + 1).contains(".") : str2.equals(str);
            } catch (InvalidNameException e) {
                return false;
            }
        } catch (SSLPeerUnverifiedException e2) {
            return false;
        }
    }
}
