package org.jkiss.dbeaver.model.impl.net;

import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.jkiss.dbeaver.DBException;
import org.jkiss.dbeaver.model.DBPDataSource;
import org.jkiss.dbeaver.model.app.DBACertificateStorage;
import org.jkiss.dbeaver.model.impl.app.CertificateGenHelper;
import org.jkiss.dbeaver.model.impl.app.DefaultCertificateStorage;
import org.jkiss.dbeaver.model.net.DBWHandlerConfiguration;
import org.jkiss.dbeaver.model.runtime.DBRProgressMonitor;
import org.jkiss.utils.CommonUtils;
import org.jkiss.utils.IOUtils;

/* loaded from: input_file:org/jkiss/dbeaver/model/impl/net/SSLHandlerTrustStoreImpl.class */
public class SSLHandlerTrustStoreImpl extends SSLHandlerImpl {
    public static final String PROP_SSL_CA_CERT = "ssl.ca.cert";
    public static final String PROP_SSL_CLIENT_CERT = "ssl.client.cert";
    public static final String PROP_SSL_CLIENT_KEY = "ssl.client.key";
    public static final String PROP_SSL_SELF_SIGNED_CERT = "ssl.self-signed-cert";
    public static final String CERT_TYPE = "ssl";

    public static void initializeTrustStore(DBRProgressMonitor dBRProgressMonitor, DBPDataSource dBPDataSource, DBWHandlerConfiguration dBWHandlerConfiguration) throws DBException, IOException {
        DBACertificateStorage certificateStorage = dBPDataSource.getContainer().getPlatform().getCertificateStorage();
        String stringProperty = dBWHandlerConfiguration.getStringProperty(PROP_SSL_CA_CERT);
        String stringProperty2 = dBWHandlerConfiguration.getStringProperty(PROP_SSL_CLIENT_CERT);
        String stringProperty3 = dBWHandlerConfiguration.getStringProperty(PROP_SSL_CLIENT_KEY);
        String stringProperty4 = dBWHandlerConfiguration.getStringProperty(PROP_SSL_SELF_SIGNED_CERT);
        if (CommonUtils.isEmpty(stringProperty) && CommonUtils.isEmpty(stringProperty2)) {
            if (!CommonUtils.toBoolean(stringProperty4)) {
                certificateStorage.deleteCertificate(dBPDataSource.getContainer(), CERT_TYPE);
                return;
            } else {
                dBRProgressMonitor.subTask("Generate self-signed certificate");
                certificateStorage.addSelfSignedCertificate(dBPDataSource.getContainer(), CERT_TYPE, "CN=" + dBPDataSource.getContainer().getActualConnectionConfiguration().getHostName());
                return;
            }
        }
        dBRProgressMonitor.subTask("Load certificates");
        certificateStorage.addCertificate(dBPDataSource.getContainer(), CERT_TYPE, CommonUtils.isEmpty(stringProperty) ? null : IOUtils.readFileToBuffer(new File(stringProperty)), CommonUtils.isEmpty(stringProperty2) ? null : IOUtils.readFileToBuffer(new File(stringProperty2)), CommonUtils.isEmpty(stringProperty3) ? null : IOUtils.readFileToBuffer(new File(stringProperty3)));
    }

    public static void setGlobalTrustStore(DBPDataSource dBPDataSource) {
        DBACertificateStorage certificateStorage = dBPDataSource.getContainer().getPlatform().getCertificateStorage();
        String absolutePath = certificateStorage.getKeyStorePath(dBPDataSource.getContainer(), CERT_TYPE).getAbsolutePath();
        String keyStoreType = certificateStorage.getKeyStoreType(dBPDataSource.getContainer());
        System.setProperty("javax.net.ssl.trustStore", absolutePath);
        System.setProperty("javax.net.ssl.trustStoreType", keyStoreType);
        System.setProperty("javax.net.ssl.trustStorePassword", String.valueOf(DefaultCertificateStorage.DEFAULT_PASSWORD));
        System.setProperty("javax.net.ssl.keyStore", absolutePath);
        System.setProperty("javax.net.ssl.keyStoreType", keyStoreType);
        System.setProperty("javax.net.ssl.keyStorePassword", String.valueOf(DefaultCertificateStorage.DEFAULT_PASSWORD));
    }

    public static SSLContext createTrustStoreSslContext(DBPDataSource dBPDataSource, DBWHandlerConfiguration dBWHandlerConfiguration) throws Exception {
        TrustManager[] trustManagers;
        KeyStore keyStore = dBPDataSource.getContainer().getPlatform().getCertificateStorage().getKeyStore(dBPDataSource.getContainer(), CERT_TYPE);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, DefaultCertificateStorage.DEFAULT_PASSWORD);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (dBWHandlerConfiguration.getBooleanProperty(PROP_SSL_SELF_SIGNED_CERT)) {
            trustManagers = CertificateGenHelper.NON_VALIDATING_TRUST_MANAGERS;
        } else {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
            trustManagerFactory.init(keyStore);
            trustManagers = trustManagerFactory.getTrustManagers();
        }
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(keyManagers, trustManagers, new SecureRandom());
        return sSLContext;
    }

    public static SSLSocketFactory createTrustStoreSslSocketFactory(DBPDataSource dBPDataSource, DBWHandlerConfiguration dBWHandlerConfiguration) throws Exception {
        return createTrustStoreSslContext(dBPDataSource, dBWHandlerConfiguration).getSocketFactory();
    }
}
