package org.postgresql.ssl;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.UUID;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.postgresql.util.GT;

/* loaded from: input_file:WEB-INF/lib/postgresql-9.4-1201-jdbc4.jar:org/postgresql/ssl/SingleCertValidatingFactory.class */
public class SingleCertValidatingFactory extends WrappedFactory {
    private static final String FILE_PREFIX = "file:";
    private static final String CLASSPATH_PREFIX = "classpath:";
    private static final String ENV_PREFIX = "env:";
    private static final String SYS_PROP_PREFIX = "sys:";

    /* loaded from: input_file:WEB-INF/lib/postgresql-9.4-1201-jdbc4.jar:org/postgresql/ssl/SingleCertValidatingFactory$SingleCertTrustManager.class */
    public class SingleCertTrustManager implements X509TrustManager {
        X509Certificate cert;
        X509TrustManager trustManager;

        public SingleCertTrustManager(InputStream inputStream) throws IOException, GeneralSecurityException {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                keyStore.load(null);
            } catch (Exception e) {
            }
            this.cert = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(inputStream);
            keyStore.setCertificateEntry(UUID.randomUUID().toString(), this.cert);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int length = trustManagers.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                TrustManager trustManager = trustManagers[i];
                if (trustManager instanceof X509TrustManager) {
                    this.trustManager = (X509TrustManager) trustManager;
                    break;
                }
                i++;
            }
            if (this.trustManager == null) {
                throw new GeneralSecurityException(GT.tr("No X509TrustManager found"));
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.trustManager.checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[]{this.cert};
        }
    }

    public SingleCertValidatingFactory(String str) throws GeneralSecurityException {
        InputStream byteArrayInputStream;
        if (str == null || str.equals("")) {
            throw new GeneralSecurityException(GT.tr("The sslfactoryarg property may not be empty."));
        }
        InputStream inputStream = null;
        try {
            try {
                if (str.startsWith("file:")) {
                    byteArrayInputStream = new BufferedInputStream(new FileInputStream(str.substring("file:".length())));
                } else if (str.startsWith("classpath:")) {
                    byteArrayInputStream = new BufferedInputStream(Thread.currentThread().getContextClassLoader().getResourceAsStream(str.substring("classpath:".length())));
                } else if (str.startsWith(ENV_PREFIX)) {
                    String str2 = System.getenv(str.substring(ENV_PREFIX.length()));
                    if (str2 == null || "".equals(str2)) {
                        throw new GeneralSecurityException(GT.tr("The environment variable containing the server's SSL certificate must not be empty."));
                    }
                    byteArrayInputStream = new ByteArrayInputStream(str2.getBytes("UTF-8"));
                } else if (str.startsWith(SYS_PROP_PREFIX)) {
                    String property = System.getProperty(str.substring(SYS_PROP_PREFIX.length()));
                    if (property == null || "".equals(property)) {
                        throw new GeneralSecurityException(GT.tr("The system property containing the server's SSL certificate must not be empty."));
                    }
                    byteArrayInputStream = new ByteArrayInputStream(property.getBytes("UTF-8"));
                } else {
                    if (!str.startsWith("-----BEGIN CERTIFICATE-----")) {
                        throw new GeneralSecurityException(GT.tr("The sslfactoryarg property must start with the prefix file:, classpath:, env:, sys:, or -----BEGIN CERTIFICATE-----."));
                    }
                    byteArrayInputStream = new ByteArrayInputStream(str.getBytes("UTF-8"));
                }
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, new TrustManager[]{new SingleCertTrustManager(byteArrayInputStream)}, null);
                this._factory = sSLContext.getSocketFactory();
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e) {
                    }
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (Exception e2) {
                    }
                }
                throw th;
            }
        } catch (RuntimeException e3) {
            throw e3;
        } catch (Exception e4) {
            if (!(e4 instanceof GeneralSecurityException)) {
                throw new GeneralSecurityException(GT.tr("An error occurred reading the certificate"), e4);
            }
            throw ((GeneralSecurityException) e4);
        }
    }
}
