package com.amazon.redshift.ssl;

import com.amazon.redshift.RedshiftProperty;
import com.amazon.redshift.jdbc.SslMode;
import com.amazon.redshift.ssl.NonValidatingFactory;
import com.amazon.redshift.util.GT;
import com.amazon.redshift.util.ObjectFactory;
import com.amazon.redshift.util.RedshiftException;
import com.amazon.redshift.util.RedshiftState;
import java.io.Console;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Properties;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.commons.net.imap.IMAPSClient;

/* loaded from: input_file:com/amazon/redshift/ssl/LibPQFactory.class */
public class LibPQFactory extends WrappedFactory {
    private static final String TRUSTSTORE_PROPERTY = "javax.net.ssl.trustStore";
    private static final String TRUSTSTORE_PWD_PROPERTY = "javax.net.ssl.trustStorePassword";
    KeyManager km;
    boolean defaultfile;

    /* loaded from: input_file:com/amazon/redshift/ssl/LibPQFactory$ConsoleCallbackHandler.class */
    public static class ConsoleCallbackHandler implements CallbackHandler {
        private char[] password;

        ConsoleCallbackHandler(String str) {
            this.password = null;
            if (str != null) {
                this.password = str.toCharArray();
            }
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            Console console = System.console();
            if (console == null && this.password == null) {
                throw new UnsupportedCallbackException(callbackArr[0], "Console is not available");
            }
            for (Callback callback : callbackArr) {
                if (!(callback instanceof PasswordCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                PasswordCallback passwordCallback = (PasswordCallback) callback;
                if (this.password != null) {
                    passwordCallback.setPassword(this.password);
                } else {
                    passwordCallback.setPassword(console.readPassword("%s", passwordCallback.getPrompt()));
                }
            }
        }
    }

    private CallbackHandler getCallbackHandler(Properties properties) throws RedshiftException {
        CallbackHandler callbackHandler;
        String str = RedshiftProperty.SSL_PASSWORD_CALLBACK.get(properties);
        if (str != null) {
            try {
                callbackHandler = (CallbackHandler) ObjectFactory.instantiate(CallbackHandler.class, str, properties, false, null);
            } catch (Exception e) {
                throw new RedshiftException(GT.tr("The password callback class provided {0} could not be instantiated.", str), RedshiftState.CONNECTION_FAILURE, e);
            }
        } else {
            callbackHandler = new ConsoleCallbackHandler(RedshiftProperty.SSL_PASSWORD.get(properties));
        }
        return callbackHandler;
    }

    private void initPk8(String str, String str2, Properties properties) throws RedshiftException {
        String str3 = RedshiftProperty.SSL_CERT.get(properties);
        if (str3 == null) {
            this.defaultfile = true;
            str3 = str2 + "redshift.crt";
        }
        this.km = new LazyKeyManager("".equals(str3) ? null : str3, "".equals(str) ? null : str, getCallbackHandler(properties), this.defaultfile);
    }

    private void initP12(String str, Properties properties) throws RedshiftException {
        this.km = new PKCS12KeyManager(str, getCallbackHandler(properties));
    }

    public LibPQFactory(Properties properties) throws RedshiftException {
        TrustManager[] trustManagerWithDefinedTrustStore;
        try {
            SSLContext sSLContext = SSLContext.getInstance(IMAPSClient.DEFAULT_PROTOCOL);
            String property = System.getProperty("file.separator");
            String str = System.getProperty("os.name").toLowerCase().contains("windows") ? System.getenv("APPDATA") + property + "redshift" + property : System.getProperty("user.home") + property + ".redshift" + property;
            String str2 = RedshiftProperty.SSL_KEY.get(properties);
            if (str2 == null) {
                this.defaultfile = true;
                str2 = str + "redshift.pk8";
            }
            if (str2.endsWith("pk8")) {
                initPk8(str2, str, properties);
            }
            if (str2.endsWith("p12")) {
                initP12(str2, properties);
            }
            if (SslMode.of(properties).verifyCertificate()) {
                String str3 = RedshiftProperty.SSL_TRUSTSTORE_PATH_KEY.get(properties);
                String str4 = RedshiftProperty.SSL_ROOT_CERT.get(properties);
                trustManagerWithDefinedTrustStore = null != str3 ? getTrustManagerWithDefinedTrustStore(str3, RedshiftProperty.SSL_TRUSTSTORE_PWD_KEY.get(properties)) : null != str4 ? getTrustManagerWithImportedCertificate(str4) : getDefaultTrustManager();
            } else {
                trustManagerWithDefinedTrustStore = new TrustManager[]{new NonValidatingFactory.NonValidatingTM()};
            }
            try {
                sSLContext.init(new KeyManager[]{this.km}, trustManagerWithDefinedTrustStore, null);
                this.factory = sSLContext.getSocketFactory();
            } catch (KeyManagementException e) {
                throw new RedshiftException(GT.tr("Could not initialize SSL context.", new Object[0]), RedshiftState.CONNECTION_FAILURE, e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new RedshiftException(GT.tr("Could not find a java cryptographic algorithm: {0}.", e2.getMessage()), RedshiftState.CONNECTION_FAILURE, e2);
        }
    }

    public void throwKeyManagerException() throws RedshiftException {
        if (this.km != null) {
            if (this.km instanceof LazyKeyManager) {
                ((LazyKeyManager) this.km).throwKeyManagerException();
            }
            if (this.km instanceof PKCS12KeyManager) {
                ((PKCS12KeyManager) this.km).throwKeyManagerException();
            }
        }
    }

    private TrustManager[] getTrustManagerWithDefinedTrustStore(String str, String str2) throws RedshiftException {
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(str);
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(fileInputStream, str2 != null ? str2.toCharArray() : null);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                    }
                }
                return trustManagers;
            } catch (Exception e2) {
                throw new RedshiftException(GT.tr("Error retrieving the available trust managers {0}.", str), RedshiftState.CONNECTION_FAILURE, e2);
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e3) {
                }
            }
            throw th;
        }
    }

    private TrustManager[] getTrustManagerWithImportedCertificate(String str) throws RedshiftException {
        KeyStore defaultKeystore = getDefaultKeystore();
        try {
            defaultKeystore.setCertificateEntry(str, getCertificateChain(str)[0]);
            return getTrustManager(defaultKeystore);
        } catch (Exception e) {
            throw new RedshiftException(GT.tr("Error loading the certificate file {0}.", str), RedshiftState.CONNECTION_FAILURE, e);
        }
    }

    private KeyStore getDefaultKeystore() throws RedshiftException {
        String property = System.getProperty(TRUSTSTORE_PROPERTY);
        String property2 = System.getProperty(TRUSTSTORE_PWD_PROPERTY);
        if (null == property) {
            property = System.getProperty("java.home") + File.separatorChar + "lib" + File.separatorChar + "security" + File.separatorChar + "cacerts";
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(new File(property));
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                char[] cArr = null;
                if (null != property2) {
                    cArr = property2.toCharArray();
                }
                keyStore.load(fileInputStream, cArr);
                fileInputStream.close();
                loadDefaultCA(keyStore, "redshift.crt");
                loadDefaultCA(keyStore, "bjs.redshift.crt");
                loadDefaultCA(keyStore, "pdt.redshift.crt");
                return keyStore;
            } catch (Exception e) {
                return fallbackKeyStores(property, property2, e);
            }
        } catch (Exception e2) {
            throw new RedshiftException(GT.tr("Error loading the keystore  {0}.", property), RedshiftState.CONNECTION_FAILURE, e2);
        }
    }

    private KeyStore fallbackKeyStores(String str, String str2, Exception exc) throws RedshiftException {
        for (String str3 : new String[]{"JKS", "PKCS12", "JCEKS"}) {
            try {
                try {
                    FileInputStream fileInputStream = new FileInputStream(new File(str));
                    KeyStore keyStore = KeyStore.getInstance(str3);
                    keyStore.load(fileInputStream, null != str2 ? str2.toCharArray() : null);
                    fileInputStream.close();
                    loadDefaultCA(keyStore, "redshift.crt");
                    loadDefaultCA(keyStore, "bjs.redshift.crt");
                    loadDefaultCA(keyStore, "pdt.redshift.crt");
                    return keyStore;
                } catch (Exception e) {
                    throw new RedshiftException(GT.tr("Error loading the keystore  {0}.", str), RedshiftState.CONNECTION_FAILURE, e);
                }
            } catch (RedshiftException e2) {
                throw e2;
            } catch (Exception e3) {
            }
        }
        throw new RedshiftException(GT.tr("Error loading the provided keystore.", new Object[0]), RedshiftState.CONNECTION_FAILURE, exc);
    }

    private void loadDefaultCA(KeyStore keyStore, String str) throws IOException, GeneralSecurityException {
        InputStream inputStream = null;
        try {
            inputStream = NonValidatingFactory.class.getResourceAsStream(str);
            if (inputStream == null) {
                if (inputStream != null) {
                    inputStream.close();
                }
            } else {
                keyStore.setCertificateEntry(str, CertificateFactory.getInstance("X.509").generateCertificate(inputStream));
                if (inputStream != null) {
                    inputStream.close();
                }
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            throw th;
        }
    }

    private Certificate[] getCertificateChain(String str) throws RedshiftException {
        Certificate[] certificateArr = new Certificate[0];
        try {
            File file = new File(str);
            if (!file.isFile() || !file.exists()) {
                throw new RedshiftException(GT.tr("Error certificate file doesn't found {0}.", str), RedshiftState.CONNECTION_FAILURE);
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            Certificate[] certificateArr2 = (Certificate[]) CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream).toArray(certificateArr);
            fileInputStream.close();
            if (0 >= certificateArr2.length || null == certificateArr2[0]) {
                throw new RedshiftException(GT.tr("Error missing certificate.", new Object[0]), RedshiftState.CONNECTION_FAILURE);
            }
            return certificateArr2;
        } catch (Exception e) {
            throw new RedshiftException(GT.tr("Error loading certificate chain.", new Object[0]), RedshiftState.CONNECTION_FAILURE, e);
        }
    }

    private TrustManager[] getTrustManager(KeyStore keyStore) throws RedshiftException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (Exception e) {
            throw new RedshiftException(GT.tr("Error retrieving the available trust managers.", new Object[0]), RedshiftState.CONNECTION_FAILURE, e);
        }
    }

    private TrustManager[] getDefaultTrustManager() throws RedshiftException {
        return getTrustManager(getDefaultKeystore());
    }
}
