package org.mariadb.r2dbc.util;

import io.netty.channel.Channel;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import io.r2dbc.spi.R2dbcNonTransientResourceException;
import io.r2dbc.spi.R2dbcTransientResourceException;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import org.mariadb.r2dbc.SslMode;

/* loaded from: input_file:org/mariadb/r2dbc/util/SslConfig.class */
public class SslConfig {
    public static final SslConfig DISABLE_INSTANCE = new SslConfig(SslMode.DISABLED);
    private SslMode sslMode;
    private String serverSslCert;
    private String clientSslCert;
    private String clientSslKey;
    private CharSequence clientSslPassword;
    private List<String> tlsProtocol;

    public SslConfig(SslMode sslMode, String str, String str2, String str3, CharSequence charSequence, List<String> list) {
        this.sslMode = sslMode;
        this.serverSslCert = str;
        this.clientSslCert = str2;
        this.tlsProtocol = list;
        this.clientSslCert = str2;
        this.clientSslKey = str3;
        this.clientSslPassword = charSequence;
    }

    public SslConfig(SslMode sslMode) {
        this.sslMode = sslMode;
    }

    public SslMode getSslMode() {
        return this.sslMode;
    }

    public String getServerSslCert() {
        return this.serverSslCert;
    }

    public String getClientSslCert() {
        return this.clientSslCert;
    }

    public List<String> getTlsProtocol() {
        return this.tlsProtocol;
    }

    public SslContext getSslContext() throws R2dbcTransientResourceException, SSLException {
        SslContextBuilder forClient = SslContextBuilder.forClient();
        if (this.sslMode == SslMode.ENABLE_TRUST) {
            forClient.trustManager(InsecureTrustManagerFactory.INSTANCE);
        } else {
            if (this.serverSslCert != null) {
                try {
                    forClient.trustManager(loadCert(this.serverSslCert));
                } catch (FileNotFoundException e) {
                    throw new R2dbcTransientResourceException("Failed to find serverSslCert file. serverSslCert=" + this.serverSslCert, "08000", e);
                }
            }
            if (this.clientSslCert != null && this.clientSslKey != null) {
                try {
                    try {
                        forClient.keyManager(loadCert(this.clientSslCert), new FileInputStream(this.clientSslKey), this.clientSslPassword == null ? null : this.clientSslPassword.toString());
                    } catch (FileNotFoundException e2) {
                        throw new R2dbcTransientResourceException("Failed to find clientSslKey file. clientSslKey=" + this.clientSslKey, "08000", e2);
                    }
                } catch (FileNotFoundException e3) {
                    throw new R2dbcTransientResourceException("Failed to find clientSslCert file. clientSslCert=" + this.clientSslCert, "08000", e3);
                }
            }
        }
        if (this.tlsProtocol != null) {
            forClient.protocols((String[]) this.tlsProtocol.toArray(new String[this.tlsProtocol.size()]));
        }
        return forClient.build();
    }

    private InputStream loadCert(String str) throws FileNotFoundException {
        InputStream fileInputStream;
        if (str.startsWith("-----BEGIN CERTIFICATE-----")) {
            fileInputStream = new ByteArrayInputStream(str.getBytes());
        } else if (str.startsWith("classpath:")) {
            fileInputStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str.substring("classpath:".length()));
        } else {
            fileInputStream = new FileInputStream(str);
        }
        return fileInputStream;
    }

    public GenericFutureListener<Future<? super Channel>> getHostNameVerifier(CompletableFuture<Void> completableFuture, String str, long j, SSLEngine sSLEngine) {
        return future -> {
            if (!future.isSuccess()) {
                completableFuture.completeExceptionally(future.cause());
                return;
            }
            if (this.sslMode == SslMode.ENABLE) {
                try {
                    DefaultHostnameVerifier defaultHostnameVerifier = new DefaultHostnameVerifier();
                    SSLSession session = sSLEngine.getSession();
                    if (!defaultHostnameVerifier.verify(str, session, j)) {
                        defaultHostnameVerifier.verify(str, (X509Certificate) session.getPeerCertificates()[0], j);
                    }
                } catch (SSLException e) {
                    completableFuture.completeExceptionally(new R2dbcNonTransientResourceException("SSL hostname verification failed : " + e.getMessage(), "08006"));
                    return;
                }
            }
            completableFuture.complete(null);
        };
    }

    public String toString() {
        return "SslConfig{sslMode=" + this.sslMode + ", serverSslCert='" + this.serverSslCert + "', clientSslCert='" + this.clientSslCert + "', tlsProtocol=" + this.tlsProtocol + '}';
    }
}
