package org.postgresql.ssl;

import io.opentelemetry.semconv.resource.attributes.ResourceAttributes;
import io.quarkus.vertx.http.runtime.attribute.ResponseCodeAttribute;
import java.io.Console;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Properties;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.postgresql.PGProperty;
import org.postgresql.jdbc.SslMode;
import org.postgresql.ssl.NonValidatingFactory;
import org.postgresql.util.GT;
import org.postgresql.util.ObjectFactory;
import org.postgresql.util.PSQLException;
import org.postgresql.util.PSQLState;
import org.postgresql.util.internal.Nullness;

/* loaded from: input_file:org/postgresql/ssl/LibPQFactory.class */
public class LibPQFactory extends WrappedFactory {
    KeyManager km;
    boolean defaultfile;

    /* loaded from: input_file:org/postgresql/ssl/LibPQFactory$ConsoleCallbackHandler.class */
    public static class ConsoleCallbackHandler implements CallbackHandler {
        private char[] password;

        ConsoleCallbackHandler(String str) {
            this.password = null;
            if (str != null) {
                this.password = str.toCharArray();
            }
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            Console console = System.console();
            char[] cArr = this.password;
            if (console == null && cArr == null) {
                throw new UnsupportedCallbackException(callbackArr[0], "Console is not available");
            }
            for (Callback callback : callbackArr) {
                if (!(callback instanceof PasswordCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                PasswordCallback passwordCallback = (PasswordCallback) callback;
                if (cArr != null) {
                    passwordCallback.setPassword(cArr);
                } else {
                    passwordCallback.setPassword(((Console) Nullness.castNonNull(console, "System.console()")).readPassword(ResponseCodeAttribute.RESPONSE_CODE_SHORT, passwordCallback.getPrompt()));
                }
            }
        }
    }

    private CallbackHandler getCallbackHandler(Properties properties) throws PSQLException {
        CallbackHandler callbackHandler;
        String str = PGProperty.SSL_PASSWORD_CALLBACK.get(properties);
        if (str != null) {
            try {
                callbackHandler = (CallbackHandler) ObjectFactory.instantiate(str, properties, false, null);
            } catch (Exception e) {
                throw new PSQLException(GT.tr("The password callback class provided {0} could not be instantiated.", str), PSQLState.CONNECTION_FAILURE, e);
            }
        } else {
            callbackHandler = new ConsoleCallbackHandler(PGProperty.SSL_PASSWORD.get(properties));
        }
        return callbackHandler;
    }

    private void initPk8(String str, String str2, Properties properties) throws PSQLException {
        String str3 = PGProperty.SSL_CERT.get(properties);
        if (str3 == null) {
            this.defaultfile = true;
            str3 = str2 + "postgresql.crt";
        }
        this.km = new LazyKeyManager("".equals(str3) ? null : str3, "".equals(str) ? null : str, getCallbackHandler(properties), this.defaultfile);
    }

    private void initP12(String str, Properties properties) throws PSQLException {
        this.km = new PKCS12KeyManager(str, getCallbackHandler(properties));
    }

    public LibPQFactory(Properties properties) throws PSQLException {
        TrustManager[] trustManagers;
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            String property = System.getProperty("file.separator");
            String str = System.getProperty("os.name").toLowerCase().contains(ResourceAttributes.OsTypeValues.WINDOWS) ? System.getenv("APPDATA") + property + "postgresql" + property : System.getProperty("user.home") + property + ".postgresql" + property;
            String str2 = PGProperty.SSL_KEY.get(properties);
            if (str2 == null) {
                this.defaultfile = true;
                str2 = str + "postgresql.pk8";
            }
            if (str2.endsWith(".p12") || str2.endsWith(".pfx")) {
                initP12(str2, properties);
            } else {
                initPk8(str2, str, properties);
            }
            if (SslMode.of(properties).verifyCertificate()) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
                try {
                    KeyStore keyStore = KeyStore.getInstance("jks");
                    String str3 = PGProperty.SSL_ROOT_CERT.get(properties);
                    str3 = str3 == null ? str + "root.crt" : str3;
                    try {
                        FileInputStream fileInputStream = new FileInputStream(str3);
                        try {
                            try {
                                Object[] array = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream).toArray(new Certificate[0]);
                                keyStore.load(null, null);
                                for (int i = 0; i < array.length; i++) {
                                    keyStore.setCertificateEntry("cert" + i, (Certificate) array[i]);
                                }
                                trustManagerFactory.init(keyStore);
                                trustManagers = trustManagerFactory.getTrustManagers();
                            } finally {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e) {
                                }
                            }
                        } catch (IOException e2) {
                            throw new PSQLException(GT.tr("Could not read SSL root certificate file {0}.", str3), PSQLState.CONNECTION_FAILURE, e2);
                        } catch (GeneralSecurityException e3) {
                            throw new PSQLException(GT.tr("Loading the SSL root certificate {0} into a TrustManager failed.", str3), PSQLState.CONNECTION_FAILURE, e3);
                        }
                    } catch (FileNotFoundException e4) {
                        throw new PSQLException(GT.tr("Could not open SSL root certificate file {0}.", str3), PSQLState.CONNECTION_FAILURE, e4);
                    }
                } catch (KeyStoreException e5) {
                    throw new NoSuchAlgorithmException("jks KeyStore not available");
                }
            } else {
                trustManagers = new TrustManager[]{new NonValidatingFactory.NonValidatingTM()};
            }
            try {
                KeyManager keyManager = this.km;
                sSLContext.init(keyManager == null ? null : new KeyManager[]{keyManager}, trustManagers, null);
                this.factory = sSLContext.getSocketFactory();
            } catch (KeyManagementException e6) {
                throw new PSQLException(GT.tr("Could not initialize SSL context.", new Object[0]), PSQLState.CONNECTION_FAILURE, e6);
            }
        } catch (NoSuchAlgorithmException e7) {
            throw new PSQLException(GT.tr("Could not find a java cryptographic algorithm: {0}.", e7.getMessage()), PSQLState.CONNECTION_FAILURE, e7);
        }
    }

    public void throwKeyManagerException() throws PSQLException {
        if (this.km != null) {
            if (this.km instanceof LazyKeyManager) {
                ((LazyKeyManager) this.km).throwKeyManagerException();
            }
            if (this.km instanceof PKCS12KeyManager) {
                ((PKCS12KeyManager) this.km).throwKeyManagerException();
            }
        }
    }
}
