package org.jkiss.dbeaver.model.impl.net;

import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.jkiss.code.NotNull;
import org.jkiss.dbeaver.DBException;
import org.jkiss.dbeaver.model.DBPDataSource;
import org.jkiss.dbeaver.model.app.DBACertificateStorage;
import org.jkiss.dbeaver.model.impl.app.CertificateGenHelper;
import org.jkiss.dbeaver.model.impl.app.DefaultCertificateStorage;
import org.jkiss.dbeaver.model.net.DBWHandlerConfiguration;
import org.jkiss.dbeaver.model.runtime.DBRProgressMonitor;
import org.jkiss.dbeaver.runtime.DBWorkbench;
import org.jkiss.dbeaver.utils.GeneralUtils;
import org.jkiss.utils.CommonUtils;

/* loaded from: input_file:org/jkiss/dbeaver/model/impl/net/SSLHandlerTrustStoreImpl.class */
public class SSLHandlerTrustStoreImpl extends SSLHandlerImpl {
    public static final String CERT_VALUE_SUFFIX = ".value";
    public static final String PROP_SSL_CA_CERT = "ssl.ca.cert";
    public static final String PROP_SSL_CA_CERT_VALUE = "ssl.ca.cert.value";
    public static final String PROP_SSL_CLIENT_CERT = "ssl.client.cert";
    public static final String PROP_SSL_CLIENT_CERT_VALUE = "ssl.client.cert.value";
    public static final String PROP_SSL_CLIENT_KEY = "ssl.client.key";
    public static final String PROP_SSL_CLIENT_KEY_VALUE = "ssl.client.key.value";
    public static final String PROP_SSL_KEYSTORE = "ssl.keystore";
    public static final String PROP_SSL_KEYSTORE_VALUE = "ssl.keystore.value";
    public static final String PROP_SSL_KEYSTORE_PASSWORD = "ssl.keystore.password";
    public static final String PROP_SSL_SELF_SIGNED_CERT = "ssl.self-signed-cert";
    public static final String PROP_SSL_METHOD = "ssl.method";
    public static final String PROP_SSL_FORCE_TLS12 = "ssl.forceTls12";
    public static final String CERT_TYPE = "ssl";
    public static final String TLS_PROTOCOL_VAR_NAME = "jdk.tls.client.protocols";
    public static final String TLS_1_2_VERSION = "TLSv1.2";

    public static void initializeTrustStore(DBRProgressMonitor dBRProgressMonitor, DBPDataSource dBPDataSource, DBWHandlerConfiguration dBWHandlerConfiguration) throws DBException, IOException {
        DBACertificateStorage certificateStorage = DBWorkbench.getPlatform().getCertificateStorage();
        String stringProperty = dBWHandlerConfiguration.getStringProperty(PROP_SSL_SELF_SIGNED_CERT);
        String stringProperty2 = dBWHandlerConfiguration.getStringProperty(PROP_SSL_KEYSTORE);
        String secureProperty = dBWHandlerConfiguration.getSecureProperty(PROP_SSL_KEYSTORE_VALUE);
        if (((SSLConfigurationMethod) CommonUtils.valueOf(SSLConfigurationMethod.class, dBWHandlerConfiguration.getStringProperty(PROP_SSL_METHOD), SSLConfigurationMethod.CERTIFICATES)) == SSLConfigurationMethod.KEYSTORE) {
            dBRProgressMonitor.subTask("Load keystore");
            String secureProperty2 = dBWHandlerConfiguration.getPassword() == null ? dBWHandlerConfiguration.getSecureProperty(PROP_SSL_KEYSTORE_PASSWORD) : dBWHandlerConfiguration.getPassword();
            char[] charArray = CommonUtils.isEmpty(secureProperty2) ? new char[0] : secureProperty2.toCharArray();
            if (stringProperty2 != null) {
                certificateStorage.addCertificate(dBPDataSource.getContainer(), CERT_TYPE, stringProperty2, charArray);
                return;
            } else {
                if (secureProperty != null) {
                    certificateStorage.addCertificate(dBPDataSource.getContainer(), CERT_TYPE, Base64.getDecoder().decode(secureProperty), charArray);
                    return;
                }
                return;
            }
        }
        if (CommonUtils.toBoolean(stringProperty)) {
            dBRProgressMonitor.subTask("Generate self-signed certificate");
            certificateStorage.addSelfSignedCertificate(dBPDataSource.getContainer(), CERT_TYPE, "CN=" + dBPDataSource.getContainer().getActualConnectionConfiguration().getHostName());
            return;
        }
        byte[] readCertificate = readCertificate(dBWHandlerConfiguration, PROP_SSL_CA_CERT);
        byte[] readCertificate2 = readCertificate(dBWHandlerConfiguration, PROP_SSL_CLIENT_CERT);
        byte[] readCertificate3 = readCertificate(dBWHandlerConfiguration, PROP_SSL_CLIENT_KEY);
        if (readCertificate == null && readCertificate2 == null) {
            certificateStorage.deleteCertificate(dBPDataSource.getContainer(), CERT_TYPE);
        } else {
            dBRProgressMonitor.subTask("Load certificates");
            certificateStorage.addCertificate(dBPDataSource.getContainer(), CERT_TYPE, readCertificate, readCertificate2, readCertificate3);
        }
    }

    public static byte[] readCertificate(DBWHandlerConfiguration dBWHandlerConfiguration, String str) throws IOException {
        return readCertificate(dBWHandlerConfiguration, str, null);
    }

    public static byte[] readCertificate(DBWHandlerConfiguration dBWHandlerConfiguration, String str, String str2) throws IOException {
        String stringProperty = dBWHandlerConfiguration.getStringProperty(str);
        if (CommonUtils.isEmpty(stringProperty) && str2 != null) {
            stringProperty = dBWHandlerConfiguration.getStringProperty(str2);
        }
        if (!CommonUtils.isEmpty(stringProperty)) {
            return Files.readAllBytes(Path.of(stringProperty, new String[0]));
        }
        String secureProperty = dBWHandlerConfiguration.getSecureProperty(str + ".value");
        if (CommonUtils.isEmpty(secureProperty)) {
            return null;
        }
        return secureProperty.getBytes(StandardCharsets.UTF_8);
    }

    public static Map<String, String> setGlobalTrustStore(DBPDataSource dBPDataSource) {
        DBACertificateStorage certificateStorage = DBWorkbench.getPlatform().getCertificateStorage();
        String path = certificateStorage.getKeyStorePath(dBPDataSource.getContainer(), CERT_TYPE).toAbsolutePath().toString();
        String keyStoreType = certificateStorage.getKeyStoreType(dBPDataSource.getContainer());
        char[] keyStorePassword = certificateStorage.getKeyStorePassword(dBPDataSource.getContainer(), CERT_TYPE);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        setSystemProperty(GeneralUtils.PROP_TRUST_STORE, path, linkedHashMap);
        setSystemProperty(GeneralUtils.PROP_TRUST_STORE_TYPE, keyStoreType, linkedHashMap);
        setSystemProperty("javax.net.ssl.trustStorePassword", String.valueOf(keyStorePassword), linkedHashMap);
        setSystemProperty("javax.net.ssl.keyStore", path, linkedHashMap);
        setSystemProperty("javax.net.ssl.keyStoreType", keyStoreType, linkedHashMap);
        setSystemProperty("javax.net.ssl.keyStorePassword", String.valueOf(keyStorePassword), linkedHashMap);
        return linkedHashMap;
    }

    public static void resetGlobalTrustStore(Map<String, String> map) {
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (entry.getValue() == null) {
                System.clearProperty(entry.getKey());
            } else {
                System.setProperty(entry.getKey(), entry.getValue());
            }
        }
    }

    private static void setSystemProperty(String str, String str2, Map<String, String> map) {
        map.put(str, System.setProperty(str, str2));
    }

    public static SSLContext createTrustStoreSslContext(DBPDataSource dBPDataSource, DBWHandlerConfiguration dBWHandlerConfiguration) throws Exception {
        TrustManager[] trustManagers;
        DBACertificateStorage certificateStorage = DBWorkbench.getPlatform().getCertificateStorage();
        KeyStore keyStore = certificateStorage.getKeyStore(dBPDataSource.getContainer(), CERT_TYPE);
        char[] keyStorePassword = certificateStorage.getKeyStorePassword(dBPDataSource.getContainer(), CERT_TYPE);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, keyStorePassword);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (dBWHandlerConfiguration.getBooleanProperty(PROP_SSL_SELF_SIGNED_CERT)) {
            trustManagers = CertificateGenHelper.NON_VALIDATING_TRUST_MANAGERS;
        } else {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
            trustManagerFactory.init(keyStore);
            trustManagers = trustManagerFactory.getTrustManagers();
        }
        SSLContext sSLContext = dBWHandlerConfiguration.getBooleanProperty(PROP_SSL_FORCE_TLS12) ? SSLContext.getInstance(TLS_1_2_VERSION) : SSLContext.getInstance("SSL");
        sSLContext.init(keyManagers, trustManagers, new SecureRandom());
        return sSLContext;
    }

    public static SSLSocketFactory createTrustStoreSslSocketFactory(DBPDataSource dBPDataSource, DBWHandlerConfiguration dBWHandlerConfiguration) throws Exception {
        return createTrustStoreSslContext(dBPDataSource, dBWHandlerConfiguration).getSocketFactory();
    }

    public static void loadDerFromPem(@NotNull DBWHandlerConfiguration dBWHandlerConfiguration, @NotNull Path path) throws IOException {
        Files.write(path, DefaultCertificateStorage.loadDerFromPem(new StringReader(new String(readCertificate(dBWHandlerConfiguration, PROP_SSL_CLIENT_KEY), StandardCharsets.UTF_8))), new OpenOption[0]);
        String path2 = path.toAbsolutePath().toString();
        if (DBWorkbench.isDistributed() || DBWorkbench.getPlatform().getApplication().isMultiuser()) {
            dBWHandlerConfiguration.setSecureProperty(PROP_SSL_CLIENT_KEY, path2);
        } else {
            dBWHandlerConfiguration.setProperty(PROP_SSL_CLIENT_KEY, path2);
        }
    }

    @NotNull
    public static SSLSocketFactory createNonValidatingSslSocketFactory() throws Exception {
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(null, CertificateGenHelper.NON_VALIDATING_TRUST_MANAGERS, new SecureRandom());
        return sSLContext.getSocketFactory();
    }

    public static byte[] readTrustStoreData(@NotNull DBWHandlerConfiguration dBWHandlerConfiguration, @NotNull String str) throws DBException {
        String secureProperty = dBWHandlerConfiguration.getSecureProperty(str);
        if (!CommonUtils.isEmpty(secureProperty)) {
            try {
                return Files.readAllBytes(Path.of(secureProperty, new String[0]));
            } catch (IOException e) {
                throw new DBException("Error reading file '" + str + "' data", e);
            }
        }
        String secureProperty2 = dBWHandlerConfiguration.getSecureProperty(str + ".value");
        if (CommonUtils.isEmpty(secureProperty2)) {
            return null;
        }
        return Base64.getDecoder().decode(secureProperty2);
    }
}
