package cn.com.vastbase.ssl;

import cn.com.vastbase.jdbc.EscapedFunctions;
import cn.com.vastbase.log.Log;
import cn.com.vastbase.log.Logger;
import cn.com.vastbase.ssl.LibPQFactory;
import cn.com.vastbase.util.GT;
import cn.com.vastbase.util.PSQLException;
import cn.com.vastbase.util.PSQLState;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:cn/com/vastbase/ssl/LazyKeyManager.class */
public class LazyKeyManager implements X509KeyManager {
    private String certfile;
    private String keyfile;
    private CallbackHandler cbh;
    private boolean defaultfile;
    private String privateKeyFactory;
    private Class<?> privateKeyFactoryCls;
    private static Log LOGGER = Logger.getLogger(LazyKeyManager.class.getName());
    private X509Certificate[] cert = null;
    private PrivateKey key = null;
    private PSQLException error = null;
    private boolean pkFactoryClsNotFound = false;

    public LazyKeyManager(String str, String str2, CallbackHandler callbackHandler, boolean z, String str3) {
        this.certfile = str;
        this.keyfile = str2;
        this.cbh = callbackHandler;
        this.defaultfile = z;
        this.privateKeyFactory = str3;
    }

    public void throwKeyManagerException() throws PSQLException {
        if (this.error != null) {
            throw this.error;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (this.certfile == null) {
            return null;
        }
        if (principalArr == null || principalArr.length == 0) {
            return EscapedFunctions.USER;
        }
        X509Certificate[] certificateChain = getCertificateChain(EscapedFunctions.USER);
        if (certificateChain == null) {
            return null;
        }
        X500Principal issuerX500Principal = certificateChain[certificateChain.length - 1].getIssuerX500Principal();
        boolean z = false;
        for (Principal principal : principalArr) {
            if (issuerX500Principal.equals(principal)) {
                z = true;
            }
        }
        if (z) {
            return EscapedFunctions.USER;
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (this.cert == null && this.certfile != null) {
            try {
                try {
                    Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(new FileInputStream(this.certfile));
                    this.cert = (X509Certificate[]) generateCertificates.toArray(new X509Certificate[generateCertificates.size()]);
                } catch (FileNotFoundException e) {
                    if (this.defaultfile) {
                        return null;
                    }
                    this.error = new PSQLException(GT.tr("Could not open SSL certificate file {0}.", this.certfile), PSQLState.CONNECTION_FAILURE, e);
                    return null;
                } catch (CertificateException e2) {
                    this.error = new PSQLException(GT.tr("Loading the SSL certificate {0} into a KeyManager failed.", this.certfile), PSQLState.CONNECTION_FAILURE, e2);
                    return null;
                }
            } catch (CertificateException e3) {
                this.error = new PSQLException(GT.tr("Could not find a java cryptographic algorithm: X.509 CertificateFactory not available.", new Object[0]), PSQLState.CONNECTION_FAILURE, e3);
                return null;
            }
        }
        return this.cert;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        String chooseClientAlias = chooseClientAlias(new String[]{str}, principalArr, (Socket) null);
        return chooseClientAlias == null ? new String[0] : new String[]{chooseClientAlias};
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        try {
            if (this.key == null && this.keyfile != null) {
                if (this.cert == null && getCertificateChain(EscapedFunctions.USER) == null) {
                    return null;
                }
                try {
                    RandomAccessFile randomAccessFile = new RandomAccessFile(new File(this.keyfile), "r");
                    byte[] bArr = new byte[(int) randomAccessFile.length()];
                    randomAccessFile.readFully(bArr);
                    randomAccessFile.close();
                    KeyFactory keyFactory = KeyFactory.getInstance(this.cert[0].getPublicKey().getAlgorithm());
                    try {
                        this.key = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr));
                    } catch (InvalidKeySpecException e) {
                        if (this.privateKeyFactory != null) {
                            resolvePrivateKey(bArr);
                            return this.key;
                        }
                        try {
                            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
                            try {
                                Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
                                PasswordCallback passwordCallback = new PasswordCallback(GT.tr("Enter SSL password: ", new Object[0]), false);
                                try {
                                    this.cbh.handle(new Callback[]{passwordCallback});
                                    try {
                                        PBEKeySpec pBEKeySpec = new PBEKeySpec(passwordCallback.getPassword());
                                        passwordCallback.clearPassword();
                                        cipher.init(2, SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(pBEKeySpec), encryptedPrivateKeyInfo.getAlgParameters());
                                        this.key = keyFactory.generatePrivate(encryptedPrivateKeyInfo.getKeySpec(cipher));
                                    } catch (GeneralSecurityException e2) {
                                        this.error = new PSQLException(GT.tr("Could not decrypt SSL key file {0}.", this.keyfile), PSQLState.CONNECTION_FAILURE, e2);
                                        return null;
                                    }
                                } catch (UnsupportedCallbackException e3) {
                                    throwUnsupportedException(e3);
                                    return null;
                                }
                            } catch (NoSuchPaddingException e4) {
                                throw new NoSuchAlgorithmException(e4.getMessage(), e4);
                            }
                        } catch (Exception e5) {
                            this.key = new BouncyCastlePrivateKeyFactory().getPrivateKeyFromEncryptedKey(bArr, getPassword());
                            return this.key;
                        }
                    }
                } catch (FileNotFoundException e6) {
                    throwNotDefaultFileException(e6);
                    return null;
                }
            }
        } catch (IOException e7) {
            throwIOException(null, e7);
        } catch (NoSuchAlgorithmException e8) {
            this.error = new PSQLException(GT.tr("Could not find a java cryptographic algorithm: {0}.", e8.getMessage()), PSQLState.CONNECTION_FAILURE, e8);
            return null;
        } catch (Exception e9) {
            this.error = new PSQLException(GT.tr("Could not get primary key: {0}.", e9.getMessage()), PSQLState.CONNECTION_FAILURE, e9);
            return null;
        }
        return this.key;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return new String[0];
    }

    private void throwNotDefaultFileException(FileNotFoundException fileNotFoundException) throws FileNotFoundException {
        if (!this.defaultfile) {
            throw fileNotFoundException;
        }
    }

    private void throwIOException(RandomAccessFile randomAccessFile, IOException iOException) {
        if (randomAccessFile != null) {
            try {
                randomAccessFile.close();
            } catch (IOException e) {
                LOGGER.trace("Catch IOException on close:", e);
            }
        }
        this.error = new PSQLException(GT.tr("Could not read SSL key file {0}.", this.keyfile), PSQLState.CONNECTION_FAILURE, iOException);
    }

    private void throwUnsupportedException(UnsupportedCallbackException unsupportedCallbackException) {
        if ((this.cbh instanceof LibPQFactory.ConsoleCallbackHandler) && "Console is not available".equals(unsupportedCallbackException.getMessage())) {
            this.error = new PSQLException(GT.tr("Could not read password for SSL key file, console is not available.", new Object[0]), PSQLState.CONNECTION_FAILURE, unsupportedCallbackException);
        } else {
            this.error = new PSQLException(GT.tr("Could not read password for SSL key file by callbackhandler {0}.", this.cbh.getClass().getName()), PSQLState.CONNECTION_FAILURE, unsupportedCallbackException);
        }
    }

    private void resolvePrivateKey(byte[] bArr) throws Exception {
        if (this.pkFactoryClsNotFound) {
            return;
        }
        try {
            loadPrivateKeyFacotryClass();
            try {
                this.key = ((PrivateKeyFactory) this.privateKeyFactoryCls.newInstance()).getPrivateKeyFromEncryptedKey(bArr, getPassword());
            } catch (Exception e) {
                throw e;
            }
        } catch (ClassNotFoundException e2) {
            this.pkFactoryClsNotFound = true;
            throw e2;
        }
    }

    private void loadPrivateKeyFacotryClass() throws ClassNotFoundException {
        if (this.privateKeyFactoryCls == null) {
            synchronized (LazyKeyManager.class) {
                if (this.privateKeyFactoryCls == null) {
                    this.privateKeyFactoryCls = Class.forName(this.privateKeyFactory);
                }
            }
        }
    }

    private PasswordCallback getPassword() throws IOException {
        PasswordCallback passwordCallback = new PasswordCallback(GT.tr("Enter SSL password: ", new Object[0]), false);
        try {
            this.cbh.handle(new Callback[]{passwordCallback});
            return passwordCallback;
        } catch (UnsupportedCallbackException e) {
            if ((this.cbh instanceof LibPQFactory.ConsoleCallbackHandler) && "Console is not available".equals(e.getMessage())) {
                this.error = new PSQLException(GT.tr("Could not read password for SSL key file, console is not available.", new Object[0]), PSQLState.CONNECTION_FAILURE, e);
                return null;
            }
            this.error = new PSQLException(GT.tr("Could not read password for SSL key file by callbackhandler {0}.", this.cbh.getClass().getName()), PSQLState.CONNECTION_FAILURE, e);
            return null;
        }
    }
}
