package com.pivotal.greenplumutil;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Properties;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/pivotal/greenplumutil/ddau.class */
public class ddau {
    private static String footprint = "$Revision: #35 $";
    static TrustManager[] a = {new X509TrustManager() { // from class: com.pivotal.greenplumutil.ddau.1
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    }};

    public static final Socket a(final String str, final int i, final Socket socket, final boolean z, String[] strArr, final Properties properties) throws ddan {
        try {
            boolean z2 = true;
            String property = properties.getProperty("VALIDATESERVERCERTIFICATE");
            if (property != null && property.equalsIgnoreCase("false")) {
                z2 = false;
            }
            final boolean z3 = z2;
            String property2 = properties.getProperty("CRYPTOPROTOCOLVERSION");
            ddan ddanVar = null;
            while (true) {
                Socket socket2 = (Socket) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.pivotal.greenplumutil.ddau.3
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws ddan {
                        return ddau.a(str, i, socket, z, z3, properties);
                    }
                });
                try {
                    SSLSocket sSLSocket = (SSLSocket) socket2;
                    sSLSocket.setUseClientMode(true);
                    if (null != ddanVar) {
                        String[] supportedProtocols = sSLSocket.getSupportedProtocols();
                        StringBuffer stringBuffer = new StringBuffer(128);
                        for (String str2 : supportedProtocols) {
                            if (!str2.toUpperCase().startsWith("SSLV2")) {
                                if (stringBuffer.length() > 0) {
                                    stringBuffer.append(',');
                                }
                                stringBuffer.append(str2);
                            }
                        }
                        property2 = stringBuffer.toString();
                    }
                    boolean z4 = false;
                    if (property2 != null && property2.length() > 0) {
                        String[] split = property2.split(",");
                        if (split.length > 0) {
                            String[] supportedProtocols2 = sSLSocket.getSupportedProtocols();
                            ArrayList arrayList = new ArrayList();
                            for (String str3 : split) {
                                String trim = str3.trim();
                                int i2 = 0;
                                while (true) {
                                    if (i2 < supportedProtocols2.length) {
                                        String str4 = supportedProtocols2[i2];
                                        if (trim.equalsIgnoreCase(str4)) {
                                            arrayList.add(str4);
                                            break;
                                        }
                                        i2++;
                                    }
                                }
                            }
                            if (arrayList.size() <= 0) {
                                throw new ddan(1071, property2);
                            }
                            sSLSocket.setEnabledProtocols((String[]) arrayList.toArray(new String[arrayList.size()]));
                            z4 = true;
                        }
                    }
                    if (!z4 && strArr != null) {
                        sSLSocket.setEnabledProtocols(strArr);
                    }
                    String[] strArr2 = null;
                    String property3 = properties.getProperty("ENABLECIPHERSUITES");
                    if (property3 != null && property3.length() > 0) {
                        strArr2 = property3.equalsIgnoreCase("all") ? sSLSocket.getSupportedCipherSuites() : property3.split(",");
                    }
                    if (strArr2 != null && strArr2.length > 0) {
                        try {
                            sSLSocket.setEnabledCipherSuites(strArr2);
                        } catch (Exception e) {
                        }
                    }
                    sSLSocket.startHandshake();
                    if (z3) {
                        String property4 = properties.getProperty("HOSTNAMEINCERTIFICATE");
                        if (property4 == null || property4.length() == 0 || property4.equalsIgnoreCase("#SERVERNAME#")) {
                            property4 = str;
                        }
                        if (property4 != null) {
                            X509Certificate x509Certificate = (X509Certificate) sSLSocket.getSession().getPeerCertificates()[0];
                            String str5 = null;
                            try {
                                Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                                if (subjectAlternativeNames != null) {
                                    for (List<?> list : subjectAlternativeNames) {
                                        if (((Integer) list.get(0)).intValue() == 2) {
                                            str5 = (String) list.get(1);
                                            if (property4.equalsIgnoreCase(str5)) {
                                                break;
                                            }
                                        }
                                    }
                                }
                            } catch (Exception e2) {
                            }
                            if (str5 == null) {
                                String name = x509Certificate.getSubjectX500Principal().getName();
                                int indexOf = name.indexOf("CN=");
                                if (indexOf == -1) {
                                    indexOf = name.indexOf("cn=");
                                }
                                if (indexOf == -1) {
                                    throw new ddan(1044);
                                }
                                int indexOf2 = name.indexOf(44, indexOf);
                                if (indexOf2 == -1) {
                                    indexOf2 = name.length();
                                }
                                str5 = name.substring(indexOf + 3, indexOf2);
                                if (str5 == null) {
                                    throw new ddan(1044);
                                }
                            }
                            if (!str5.equalsIgnoreCase(property4)) {
                                throw new ddan(1045, new String[]{str5, property4});
                            }
                        }
                    }
                    String str6 = (String) properties.get("DDTDBG.PROTOCOLTRACEENABLE");
                    if (str6 != null && str6.equalsIgnoreCase("true")) {
                        socket2 = ddc.a(socket2, properties);
                    }
                    try {
                        socket2.setTcpNoDelay(true);
                    } catch (Exception e3) {
                    }
                    return socket2;
                } catch (IOException e4) {
                    if (null == ddanVar) {
                        ddanVar = new ddan(1039, e4.getMessage());
                    }
                    if (0 != 0 || (null != property2 && property2.length() > 0)) {
                        throw ddanVar;
                    }
                    if (socket != null && socket.isClosed()) {
                        throw ddanVar;
                    }
                }
            }
        } catch (PrivilegedActionException e5) {
            throw ((ddan) e5.getException());
        }
    }

    protected static final Socket a(String str, int i, Socket socket, boolean z, boolean z2, Properties properties) throws ddan {
        SSLSocket sSLSocket;
        try {
            String property = properties.getProperty("KEYSTORE");
            if (property == null || property.length() == 0) {
                property = properties.getProperty("TRUSTSTORE");
                if (property == null || property.length() == 0) {
                    property = System.getProperty("javax.net.ssl.keyStore");
                }
            }
            KeyManager[] keyManagerArr = null;
            if (property != null) {
                String property2 = properties.getProperty("KEYSTOREPASSWORD");
                if (property2 == null || property2.length() == 0) {
                    property2 = properties.getProperty("TRUSTSTOREPASSWORD");
                    if (property2 == null || property2.length() == 0) {
                        property2 = System.getProperty("javax.net.ssl.keyStorePassword");
                    }
                }
                char[] charArray = property2 == null ? null : property2.toCharArray();
                String property3 = System.getProperty("javax.net.ssl.keyStoreType");
                if (property3 == null) {
                    property3 = KeyStore.getDefaultType();
                    String lowerCase = property.toLowerCase();
                    if (lowerCase.endsWith(".pfx") || lowerCase.endsWith(".p12")) {
                        property3 = "PKCS12";
                    } else if (lowerCase.endsWith(".sso")) {
                        property3 = "SSO";
                    }
                }
                KeyStore keyStore = KeyStore.getInstance(property3);
                keyStore.load(new FileInputStream(new File(property)), charArray);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                String property4 = properties.getProperty("KEYPASSWORD");
                keyManagerFactory.init(keyStore, (property4 == null || property4.length() == 0) ? charArray : property4.toCharArray());
                keyManagerArr = keyManagerFactory.getKeyManagers();
            }
            String property5 = properties.getProperty("TRUSTSTORE");
            if (property5 == null || property5.length() == 0) {
                property5 = System.getProperty("javax.net.ssl.trustStore");
            }
            TrustManager[] trustManagerArr = null;
            if (!z2) {
                trustManagerArr = a;
            } else if (property5 != null) {
                String property6 = properties.getProperty("TRUSTSTOREPASSWORD");
                if (property6 == null || property6.length() == 0) {
                    property6 = System.getProperty("javax.net.ssl.trustStorePassword");
                }
                char[] charArray2 = property6 == null ? null : property6.toCharArray();
                String property7 = System.getProperty("javax.net.ssl.trustStoreType");
                if (property7 == null) {
                    property7 = KeyStore.getDefaultType();
                    int lastIndexOf = property5.lastIndexOf(46);
                    if (lastIndexOf != -1) {
                        String lowerCase2 = property5.substring(lastIndexOf).toLowerCase();
                        if (lowerCase2.equals(".pfx") || lowerCase2.equals(".p12")) {
                            property7 = "PKCS12";
                        } else if (lowerCase2.equals(".sso")) {
                            property7 = "SSO";
                        }
                    }
                }
                KeyStore keyStore2 = KeyStore.getInstance(property7);
                keyStore2.load(new FileInputStream(new File(property5)), charArray2);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            String str2 = (String) properties.get("SECURERANDOMALGORITHM");
            if (str2 != null) {
                sSLContext.init(keyManagerArr, trustManagerArr, (SecureRandom) ddar.a("SECURERANDOM", str2));
            } else {
                sSLContext.init(keyManagerArr, trustManagerArr, null);
            }
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            String str3 = (String) properties.get("CREATESOCKETTIMEOUT");
            int i2 = 0;
            if (str3 != null) {
                try {
                    i2 = Integer.parseInt(str3);
                } catch (NumberFormatException e) {
                }
            }
            if (socket == null) {
                sSLSocket = (SSLSocket) socketFactory.createSocket();
                sSLSocket.connect(new InetSocketAddress(str, i), i2);
            } else {
                sSLSocket = (SSLSocket) socketFactory.createSocket(socket, str, i, z);
            }
            SSLSocket sSLSocket2 = sSLSocket;
            boolean z3 = false;
            String[] supportedProtocols = sSLSocket2.getSupportedProtocols();
            int i3 = 0;
            while (true) {
                if (i3 >= supportedProtocols.length) {
                    break;
                }
                if (supportedProtocols[i3].equalsIgnoreCase("SSLv2Hello")) {
                    z3 = true;
                    break;
                }
                i3++;
            }
            if (z3) {
                boolean z4 = false;
                String[] enabledProtocols = sSLSocket2.getEnabledProtocols();
                int i4 = 0;
                while (true) {
                    if (i4 >= enabledProtocols.length) {
                        break;
                    }
                    if (enabledProtocols[i4].equalsIgnoreCase("SSLv2Hello")) {
                        z4 = true;
                        break;
                    }
                    i4++;
                }
                if (!z4) {
                    String[] strArr = new String[enabledProtocols.length + 1];
                    for (int i5 = 0; i5 < enabledProtocols.length; i5++) {
                        strArr[i5] = enabledProtocols[i5];
                    }
                    strArr[enabledProtocols.length] = "SSLv2Hello";
                    sSLSocket2.setEnabledProtocols(strArr);
                }
            }
            return sSLSocket;
        } catch (SocketTimeoutException e2) {
            throw new ddan(1020, new String[]{str, String.valueOf(i), "the time designated by the CreateSocketTimeout connect option has elapsed"});
        } catch (UnknownHostException e3) {
            throw new ddan(1021, new String[]{str});
        } catch (Exception e4) {
            throw new ddan(1020, new String[]{str, String.valueOf(i), e4.getMessage()});
        }
    }

    static {
        String property = System.getProperty("skipDDPKIProvider");
        if (property != null && property.equalsIgnoreCase("true")) {
            return;
        }
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.pivotal.greenplumutil.ddau.2
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Security.insertProviderAt(new ddb(), 1);
                    return null;
                }
            });
        } catch (Exception e) {
        }
    }
}
