package com.kingbase8.ssl;

import com.kingbase8.KBProperty;
import com.kingbase8.core.KBStream;
import com.kingbase8.ssl.jdbc4.LibPQFactory;
import com.kingbase8.util.GT;
import com.kingbase8.util.KSQLException;
import com.kingbase8.util.KSQLState;
import com.kingbase8.util.LOGGER;
import com.kingbase8.util.ObjectFactory;
import java.io.IOException;
import java.util.Properties;
import java.util.logging.Level;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: input_file:BOOT-INF/lib/kingbase8-8.2.0.jar:com/kingbase8/ssl/MakeSSL.class */
public class MakeSSL extends ObjectFactory {
    public static void convert(KBStream kBStream, Properties properties) throws KSQLException, IOException {
        SSLSocketFactory sSLSocketFactory;
        LOGGER.log(Level.FINE, "converting regular socket connection to ssl");
        String str = KBProperty.SSL_MODE.get(properties);
        String str2 = KBProperty.SSL_FACTORY.get(properties);
        if (str2 == null) {
            sSLSocketFactory = str != null ? new LibPQFactory(properties) : (SSLSocketFactory) SSLSocketFactory.getDefault();
        } else {
            try {
                sSLSocketFactory = (SSLSocketFactory) instantiate(str2, properties, true, KBProperty.SSL_FACTORY_ARG.get(properties));
            } catch (Exception e) {
                throw new KSQLException(GT.tr("The SSLSocketFactory class provided {0} could not be instantiated.", str2), KSQLState.CONNECTION_FAILURE, e);
            }
        }
        try {
            SSLSocket sSLSocket = (SSLSocket) sSLSocketFactory.createSocket(kBStream.getSocket(), kBStream.getHostSpec().getHost(), kBStream.getHostSpec().getPort(), true);
            sSLSocket.startHandshake();
            String str3 = KBProperty.SSL_HOSTNAME_VERIFIER.get(properties);
            if (str3 != null) {
                try {
                    if (!((HostnameVerifier) instantiate(str3, properties, false, null)).verify(kBStream.getHostSpec().getHost(), sSLSocket.getSession())) {
                        throw new KSQLException(GT.tr("The hostname {0} could not be verified by hostnameverifier {1}.", kBStream.getHostSpec().getHost(), str3), KSQLState.CONNECTION_FAILURE);
                    }
                } catch (Exception e2) {
                    throw new KSQLException(GT.tr("The HostnameVerifier class provided {0} could not be instantiated.", str3), KSQLState.CONNECTION_FAILURE, e2);
                }
            } else if ("verify-full".equals(str) && (sSLSocketFactory instanceof LibPQFactory) && !((LibPQFactory) sSLSocketFactory).verify(kBStream.getHostSpec().getHost(), sSLSocket.getSession())) {
                throw new KSQLException(GT.tr("The hostname {0} could not be verified.", kBStream.getHostSpec().getHost()), KSQLState.CONNECTION_FAILURE);
            }
            kBStream.changeSocket(sSLSocket);
        } catch (IOException e3) {
            if (sSLSocketFactory instanceof LibPQFactory) {
                ((LibPQFactory) sSLSocketFactory).throwKeyManagerException();
            }
            throw new KSQLException(GT.tr("SSL error: {0}", e3.getMessage()), KSQLState.CONNECTION_FAILURE, e3);
        }
    }
}
