package com.impossibl.postgres.protocol.ssl;

import com.impossibl.postgres.jdbc.PGSQLSimpleException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.sql.SQLException;
import java.util.Collection;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com/impossibl/postgres/protocol/ssl/OnDemadKeyManager.class */
public class OnDemadKeyManager extends X509ExtendedKeyManager {
    private String certfile;
    private String keyfileName;
    private CallbackHandler cbh;
    private boolean defaultfile;
    private X509Certificate[] certificates = null;
    private PrivateKey key = null;
    private PGSQLSimpleException error = null;

    public OnDemadKeyManager(String str, String str2, CallbackHandler callbackHandler, boolean z) {
        this.certfile = str;
        this.keyfileName = str2;
        this.cbh = callbackHandler;
        this.defaultfile = z;
    }

    public void throwKeyManagerException() throws SQLException {
        if (this.error != null) {
            throw this.error;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (this.certfile == null) {
            return null;
        }
        if (principalArr == null || principalArr.length == 0) {
            return "user";
        }
        X509Certificate[] certificateChain = getCertificateChain("user");
        if (certificateChain == null) {
            return null;
        }
        X500Principal issuerX500Principal = certificateChain[certificateChain.length - 1].getIssuerX500Principal();
        boolean z = false;
        for (Principal principal : principalArr) {
            if (issuerX500Principal.equals(principal)) {
                z = true;
            }
        }
        if (z) {
            return "user";
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (this.certificates == null && this.certfile != null) {
            try {
                try {
                    Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(new FileInputStream(this.certfile));
                    this.certificates = (X509Certificate[]) generateCertificates.toArray(new X509Certificate[generateCertificates.size()]);
                } catch (FileNotFoundException e) {
                    if (this.defaultfile) {
                        return null;
                    }
                    this.error = new PGSQLSimpleException("Could not open SSL certificate file " + this.certfile, e);
                    return null;
                } catch (CertificateException e2) {
                    this.error = new PGSQLSimpleException("Loading the SSL certificate " + this.certfile + " into a KeyManager failed", e2);
                    return null;
                }
            } catch (CertificateException e3) {
                this.error = new PGSQLSimpleException("Could not find a java cryptographic algorithm: X.509 CertificateFactory not available");
                return null;
            }
        }
        return this.certificates;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        String chooseClientAlias = chooseClientAlias(new String[]{str}, principalArr, (Socket) null);
        return chooseClientAlias == null ? new String[0] : new String[]{chooseClientAlias};
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        try {
            if (this.key == null && this.keyfileName != null) {
                if (this.certificates == null && getCertificateChain("user") == null) {
                    return null;
                }
                File file = new File(this.keyfileName);
                try {
                    FileInputStream fileInputStream = new FileInputStream(this.keyfileName);
                    Throwable th = null;
                    try {
                        byte[] bArr = new byte[(int) file.length()];
                        fileInputStream.read(bArr, 0, (int) file.length());
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        KeyFactory keyFactory = KeyFactory.getInstance(this.certificates[0].getPublicKey().getAlgorithm());
                        try {
                            this.key = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr));
                        } catch (InvalidKeySpecException e) {
                            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
                            try {
                                Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
                                PasswordCallback passwordCallback = new PasswordCallback("Enter SSL password:", false);
                                try {
                                    this.cbh.handle(new Callback[]{passwordCallback});
                                    try {
                                        cipher.init(2, SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(passwordCallback.getPassword())), encryptedPrivateKeyInfo.getAlgParameters());
                                        this.key = keyFactory.generatePrivate(encryptedPrivateKeyInfo.getKeySpec(cipher));
                                    } catch (GeneralSecurityException e2) {
                                        this.error = new PGSQLSimpleException("Could not decrypt SSL key file " + this.keyfileName, e2);
                                        return null;
                                    }
                                } catch (UnsupportedCallbackException e3) {
                                    this.error = new PGSQLSimpleException("Could not read password for SSL key file, console is not available", e3);
                                    return null;
                                }
                            } catch (NoSuchPaddingException e4) {
                                throw new NoSuchAlgorithmException(e4.getMessage(), e4);
                            }
                        }
                    } catch (Throwable th3) {
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        throw th3;
                    }
                } catch (FileNotFoundException e5) {
                    if (this.defaultfile) {
                        return null;
                    }
                    throw e5;
                }
            }
        } catch (IOException e6) {
            this.error = new PGSQLSimpleException("Could not read SSL key file " + this.keyfileName, e6);
        } catch (NoSuchAlgorithmException e7) {
            this.error = new PGSQLSimpleException("Could not find a java cryptographic algorithm: " + e7.getMessage(), e7);
            return null;
        }
        return this.key;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return new String[0];
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return chooseClientAlias(strArr, principalArr, null);
    }
}
