package com.mysql.jdbc;

import com.mysql.jdbc.SocketMetadata;
import com.mysql.jdbc.util.Base64Decoder;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.SocketException;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Properties;
import javax.crypto.Cipher;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class ExportControlled {
    private static final String SQL_STATE_BAD_SSL_PARAMS = "08000";

    /* loaded from: classes.dex */
    public static class StandardSSLSocketFactory implements SocketFactory, SocketMetadata {
        private final Socket existingSocket;
        private final SocketFactory existingSocketFactory;
        private SSLSocket rawSocket = null;
        private final SSLSocketFactory sslFact;

        public StandardSSLSocketFactory(SSLSocketFactory sSLSocketFactory, SocketFactory socketFactory, Socket socket) {
            this.sslFact = sSLSocketFactory;
            this.existingSocketFactory = socketFactory;
            this.existingSocket = socket;
        }

        @Override // com.mysql.jdbc.SocketFactory
        public Socket afterHandshake() throws SocketException, IOException {
            this.existingSocketFactory.afterHandshake();
            return this.rawSocket;
        }

        @Override // com.mysql.jdbc.SocketFactory
        public Socket beforeHandshake() throws SocketException, IOException {
            return this.rawSocket;
        }

        @Override // com.mysql.jdbc.SocketFactory
        public Socket connect(String str, int i, Properties properties) throws SocketException, IOException {
            this.rawSocket = (SSLSocket) this.sslFact.createSocket(this.existingSocket, str, i, true);
            return this.rawSocket;
        }

        @Override // com.mysql.jdbc.SocketMetadata
        public boolean isLocallyConnected(ConnectionImpl connectionImpl) throws SQLException {
            return SocketMetadata.Helper.isLocallyConnected(connectionImpl);
        }
    }

    /* loaded from: classes.dex */
    public static class X509TrustManagerWrapper implements X509TrustManager {
        private CertificateFactory certFactory;
        private X509TrustManager origTm;
        private CertPathValidator validator;
        private PKIXParameters validatorParams;
        private boolean verifyServerCert;

        public X509TrustManagerWrapper() {
            this.origTm = null;
            this.verifyServerCert = false;
            this.certFactory = null;
            this.validatorParams = null;
            this.validator = null;
        }

        public X509TrustManagerWrapper(X509TrustManager x509TrustManager, boolean z) throws CertificateException {
            this.origTm = null;
            this.verifyServerCert = false;
            this.certFactory = null;
            this.validatorParams = null;
            this.validator = null;
            this.origTm = x509TrustManager;
            this.verifyServerCert = z;
            if (z) {
                try {
                    HashSet hashSet = new HashSet();
                    for (X509Certificate x509Certificate : x509TrustManager.getAcceptedIssuers()) {
                        hashSet.add(new TrustAnchor(x509Certificate, null));
                    }
                    this.validatorParams = new PKIXParameters(hashSet);
                    this.validatorParams.setRevocationEnabled(false);
                    this.validator = CertPathValidator.getInstance("PKIX");
                    this.certFactory = CertificateFactory.getInstance("X.509");
                } catch (Exception e) {
                    throw new CertificateException(e);
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.origTm.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                x509Certificate.checkValidity();
            }
            if (this.validatorParams != null) {
                new X509CertSelector().setSerialNumber(x509CertificateArr[0].getSerialNumber());
                try {
                    ((PKIXCertPathValidatorResult) this.validator.validate(this.certFactory.generateCertPath(Arrays.asList(x509CertificateArr)), this.validatorParams)).getTrustAnchor().getTrustedCert().checkValidity();
                } catch (InvalidAlgorithmParameterException e) {
                    throw new CertificateException(e);
                } catch (CertPathValidatorException e2) {
                    throw new CertificateException(e2);
                }
            }
            if (this.verifyServerCert) {
                this.origTm.checkServerTrusted(x509CertificateArr, str);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.origTm != null ? this.origTm.getAcceptedIssuers() : new X509Certificate[0];
        }
    }

    private ExportControlled() {
    }

    public static RSAPublicKey decodeRSAPublicKey(String str, ExceptionInterceptor exceptionInterceptor) throws SQLException {
        try {
            if (str == null) {
                throw new SQLException("key parameter is null");
            }
            int indexOf = str.indexOf("\n") + 1;
            return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64Decoder.decode(str.getBytes(), indexOf, str.indexOf("-----END PUBLIC KEY-----") - indexOf)));
        } catch (Exception e) {
            throw SQLError.createSQLException("Unable to decode public key", SQLError.SQL_STATE_ILLEGAL_ARGUMENT, e, exceptionInterceptor);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean enabled() {
        return true;
    }

    public static byte[] encryptWithRSAPublicKey(byte[] bArr, RSAPublicKey rSAPublicKey, ExceptionInterceptor exceptionInterceptor) throws SQLException {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
            cipher.init(1, rSAPublicKey);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw SQLError.createSQLException(e.getMessage(), SQLError.SQL_STATE_ILLEGAL_ARGUMENT, e, exceptionInterceptor);
        }
    }

    private static SSLSocketFactory getSSLSocketFactoryDefaultOrConfigured(MysqlIO mysqlIO) throws SQLException {
        String clientCertificateKeyStoreUrl = mysqlIO.connection.getClientCertificateKeyStoreUrl();
        String clientCertificateKeyStorePassword = mysqlIO.connection.getClientCertificateKeyStorePassword();
        String clientCertificateKeyStoreType = mysqlIO.connection.getClientCertificateKeyStoreType();
        String trustCertificateKeyStoreUrl = mysqlIO.connection.getTrustCertificateKeyStoreUrl();
        String trustCertificateKeyStorePassword = mysqlIO.connection.getTrustCertificateKeyStorePassword();
        String trustCertificateKeyStoreType = mysqlIO.connection.getTrustCertificateKeyStoreType();
        if (StringUtils.isNullOrEmpty(clientCertificateKeyStoreUrl)) {
            clientCertificateKeyStoreUrl = System.getProperty("javax.net.ssl.keyStore");
            clientCertificateKeyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
            clientCertificateKeyStoreType = System.getProperty("javax.net.ssl.keyStoreType");
            if (StringUtils.isNullOrEmpty(clientCertificateKeyStoreType)) {
                clientCertificateKeyStoreType = "JKS";
            }
            if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreUrl)) {
                try {
                    new URL(clientCertificateKeyStoreUrl);
                } catch (MalformedURLException e) {
                    clientCertificateKeyStoreUrl = "file:" + clientCertificateKeyStoreUrl;
                }
            }
        }
        if (StringUtils.isNullOrEmpty(trustCertificateKeyStoreUrl)) {
            trustCertificateKeyStoreUrl = System.getProperty("javax.net.ssl.trustStore");
            trustCertificateKeyStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
            trustCertificateKeyStoreType = System.getProperty("javax.net.ssl.trustStoreType");
            if (StringUtils.isNullOrEmpty(trustCertificateKeyStoreType)) {
                trustCertificateKeyStoreType = "JKS";
            }
            if (!StringUtils.isNullOrEmpty(trustCertificateKeyStoreUrl)) {
                try {
                    new URL(trustCertificateKeyStoreUrl);
                } catch (MalformedURLException e2) {
                    trustCertificateKeyStoreUrl = "file:" + trustCertificateKeyStoreUrl;
                }
            }
        }
        KeyManager[] keyManagerArr = null;
        ArrayList arrayList = new ArrayList();
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreUrl)) {
                InputStream inputStream = null;
                try {
                    try {
                        try {
                            try {
                                try {
                                    if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreType)) {
                                        KeyStore keyStore = KeyStore.getInstance(clientCertificateKeyStoreType);
                                        URL url = new URL(clientCertificateKeyStoreUrl);
                                        char[] charArray = clientCertificateKeyStorePassword == null ? new char[0] : clientCertificateKeyStorePassword.toCharArray();
                                        inputStream = url.openStream();
                                        keyStore.load(inputStream, charArray);
                                        keyManagerFactory.init(keyStore, charArray);
                                        keyManagerArr = keyManagerFactory.getKeyManagers();
                                    }
                                } finally {
                                }
                            } catch (UnrecoverableKeyException e3) {
                                throw SQLError.createSQLException("Could not recover keys from client keystore.  Check password?", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                            }
                        } catch (CertificateException e4) {
                            throw SQLError.createSQLException("Could not load client" + clientCertificateKeyStoreType + " keystore from " + clientCertificateKeyStoreUrl, mysqlIO.getExceptionInterceptor());
                        }
                    } catch (MalformedURLException e5) {
                        throw SQLError.createSQLException(clientCertificateKeyStoreUrl + " does not appear to be a valid URL.", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                    } catch (KeyStoreException e6) {
                        throw SQLError.createSQLException("Could not create KeyStore instance [" + e6.getMessage() + "]", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                    }
                } catch (IOException e7) {
                    SQLException createSQLException = SQLError.createSQLException("Cannot open " + clientCertificateKeyStoreUrl + " [" + e7.getMessage() + "]", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                    createSQLException.initCause(e7);
                    throw createSQLException;
                } catch (NoSuchAlgorithmException e8) {
                    throw SQLError.createSQLException("Unsupported keystore algorithm [" + e8.getMessage() + "]", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                }
            }
            InputStream inputStream2 = null;
            KeyStore keyStore2 = null;
            try {
                try {
                    try {
                        try {
                            try {
                                if (!StringUtils.isNullOrEmpty(trustCertificateKeyStoreUrl) && !StringUtils.isNullOrEmpty(trustCertificateKeyStoreType)) {
                                    inputStream2 = new URL(trustCertificateKeyStoreUrl).openStream();
                                    char[] charArray2 = trustCertificateKeyStorePassword == null ? new char[0] : trustCertificateKeyStorePassword.toCharArray();
                                    keyStore2 = KeyStore.getInstance(trustCertificateKeyStoreType);
                                    keyStore2.load(inputStream2, charArray2);
                                }
                                trustManagerFactory.init(keyStore2);
                                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                                boolean verifyServerCertificate = mysqlIO.connection.getVerifyServerCertificate();
                                for (TrustManager trustManager : trustManagers) {
                                    if (trustManager instanceof X509TrustManager) {
                                        trustManager = new X509TrustManagerWrapper((X509TrustManager) trustManager, verifyServerCertificate);
                                    }
                                    arrayList.add(trustManager);
                                }
                                if (inputStream2 != null) {
                                    try {
                                        inputStream2.close();
                                    } catch (IOException e9) {
                                    }
                                }
                                if (arrayList.size() == 0) {
                                    arrayList.add(new X509TrustManagerWrapper());
                                }
                                try {
                                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                                    sSLContext.init(keyManagerArr, (TrustManager[]) arrayList.toArray(new TrustManager[arrayList.size()]), null);
                                    return sSLContext.getSocketFactory();
                                } catch (KeyManagementException e10) {
                                    throw SQLError.createSQLException("KeyManagementException: " + e10.getMessage(), SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                                } catch (NoSuchAlgorithmException e11) {
                                    throw SQLError.createSQLException("TLS is not a valid SSL protocol.", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                                }
                            } finally {
                                if (inputStream2 != null) {
                                    try {
                                        inputStream2.close();
                                    } catch (IOException e12) {
                                    }
                                }
                            }
                        } catch (KeyStoreException e13) {
                            throw SQLError.createSQLException("Could not create KeyStore instance [" + e13.getMessage() + "]", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                        }
                    } catch (IOException e14) {
                        SQLException createSQLException2 = SQLError.createSQLException("Cannot open " + trustCertificateKeyStoreType + " [" + e14.getMessage() + "]", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                        createSQLException2.initCause(e14);
                        throw createSQLException2;
                    }
                } catch (CertificateException e15) {
                    throw SQLError.createSQLException("Could not load trust" + trustCertificateKeyStoreType + " keystore from " + trustCertificateKeyStoreUrl, SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                }
            } catch (MalformedURLException e16) {
                throw SQLError.createSQLException(trustCertificateKeyStoreUrl + " does not appear to be a valid URL.", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
            } catch (NoSuchAlgorithmException e17) {
                throw SQLError.createSQLException("Unsupported keystore algorithm [" + e17.getMessage() + "]", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
            }
        } catch (NoSuchAlgorithmException e18) {
            throw SQLError.createSQLException("Default algorithm definitions for TrustManager and/or KeyManager are invalid.  Check java security properties file.", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
        }
    }

    public static boolean isSSLEstablished(MysqlIO mysqlIO) {
        return SSLSocket.class.isAssignableFrom(mysqlIO.mysqlConnection.getClass());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void transformSocketToSSLSocket(MysqlIO mysqlIO) throws SQLException {
        StandardSSLSocketFactory standardSSLSocketFactory = new StandardSSLSocketFactory(getSSLSocketFactoryDefaultOrConfigured(mysqlIO), mysqlIO.socketFactory, mysqlIO.mysqlConnection);
        try {
            mysqlIO.mysqlConnection = standardSSLSocketFactory.connect(mysqlIO.host, mysqlIO.port, null);
            ArrayList arrayList = new ArrayList();
            List asList = Arrays.asList(((SSLSocket) mysqlIO.mysqlConnection).getSupportedProtocols());
            for (String str : (mysqlIO.versionMeetsMinimum(5, 6, 0) && Util.isEnterpriseEdition(mysqlIO.getServerVersion())) ? new String[]{"TLSv1.2", "TLSv1.1", "TLSv1"} : new String[]{"TLSv1.1", "TLSv1"}) {
                if (asList.contains(str)) {
                    arrayList.add(str);
                }
            }
            ((SSLSocket) mysqlIO.mysqlConnection).setEnabledProtocols((String[]) arrayList.toArray(new String[0]));
            String enabledSSLCipherSuites = mysqlIO.connection.getEnabledSSLCipherSuites();
            ArrayList arrayList2 = null;
            if (enabledSSLCipherSuites != null && enabledSSLCipherSuites.length() > 0) {
                arrayList2 = new ArrayList();
                List asList2 = Arrays.asList(((SSLSocket) mysqlIO.mysqlConnection).getEnabledCipherSuites());
                for (String str2 : enabledSSLCipherSuites.split("\\s*,\\s*")) {
                    if (asList2.contains(str2)) {
                        arrayList2.add(str2);
                    }
                }
            } else {
                boolean z = false;
                if ((!mysqlIO.versionMeetsMinimum(5, 5, 45) || mysqlIO.versionMeetsMinimum(5, 6, 0)) && ((!mysqlIO.versionMeetsMinimum(5, 6, 26) || mysqlIO.versionMeetsMinimum(5, 7, 0)) && !mysqlIO.versionMeetsMinimum(5, 7, 6))) {
                    if (Util.getJVMVersion() >= 8) {
                        z = true;
                    }
                } else if (Util.getJVMVersion() < 8) {
                    z = true;
                }
                if (z) {
                    arrayList2 = new ArrayList();
                    for (String str3 : ((SSLSocket) mysqlIO.mysqlConnection).getEnabledCipherSuites()) {
                        if (!z || (str3.indexOf("_DHE_") <= -1 && str3.indexOf("_DH_") <= -1)) {
                            arrayList2.add(str3);
                        }
                    }
                }
            }
            if (arrayList2 != null) {
                ((SSLSocket) mysqlIO.mysqlConnection).setEnabledCipherSuites((String[]) arrayList2.toArray(new String[0]));
            }
            ((SSLSocket) mysqlIO.mysqlConnection).startHandshake();
            if (mysqlIO.connection.getUseUnbufferedInput()) {
                mysqlIO.mysqlInput = mysqlIO.mysqlConnection.getInputStream();
            } else {
                mysqlIO.mysqlInput = new BufferedInputStream(mysqlIO.mysqlConnection.getInputStream(), 16384);
            }
            mysqlIO.mysqlOutput = new BufferedOutputStream(mysqlIO.mysqlConnection.getOutputStream(), 16384);
            mysqlIO.mysqlOutput.flush();
            mysqlIO.socketFactory = standardSSLSocketFactory;
        } catch (IOException e) {
            throw SQLError.createCommunicationsException(mysqlIO.connection, mysqlIO.getLastPacketSentTimeMs(), mysqlIO.getLastPacketReceivedTimeMs(), e, mysqlIO.getExceptionInterceptor());
        }
    }
}
