package com.google.cloud.alloydb;

import com.google.cloud.alloydb.connectors.v1.MetadataExchangeRequest;
import com.google.cloud.alloydb.connectors.v1.MetadataExchangeResponse;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/google/cloud/alloydb/ConnectionSocket.class */
class ConnectionSocket {
    private static final Logger logger = LoggerFactory.getLogger(ConnectionSocket.class);
    private static final String TLS_1_3 = "TLSv1.3";
    private static final String X_509 = "X.509";
    private static final String ROOT_CA_CERT = "rootCaCert";
    private static final String CLIENT_CERT = "clientCert";
    private static final String USER_AGENT = "alloydb-java-connector/0.4.0";
    private static final int IO_TIMEOUT_MS = 30000;
    private static final int SERVER_SIDE_PROXY_PORT = 5433;
    private final ConnectionInfo connectionInfo;
    private final ConnectionConfig connectionConfig;
    private final KeyPair clientConnectorKeyPair;
    private final AccessTokenSupplier accessTokenSupplier;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConnectionSocket(ConnectionInfo connectionInfo, ConnectionConfig connectionConfig, KeyPair keyPair, AccessTokenSupplier accessTokenSupplier) {
        this.connectionInfo = connectionInfo;
        this.connectionConfig = connectionConfig;
        this.clientConnectorKeyPair = keyPair;
        this.accessTokenSupplier = accessTokenSupplier;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Socket connect() throws IOException {
        SSLSocket buildSocket = buildSocket(this.connectionInfo.getCaCertificate(), this.connectionInfo.getCertificateChain(), this.clientConnectorKeyPair.getPrivate());
        buildSocket.getSSLParameters().setServerNames(Collections.singletonList(new SNIHostName(this.connectionInfo.getIpAddress())));
        buildSocket.setKeepAlive(true);
        buildSocket.setTcpNoDelay(true);
        buildSocket.connect(new InetSocketAddress(this.connectionInfo.getIpAddress(), SERVER_SIDE_PROXY_PORT));
        buildSocket.startHandshake();
        metadataExchange(buildSocket);
        return buildSocket;
    }

    private SSLSocket buildSocket(X509Certificate x509Certificate, List<X509Certificate> list, PrivateKey privateKey) {
        try {
            KeyManager[] initializeKeyManager = initializeKeyManager(list, privateKey);
            TrustManager[] initializeTrustManager = initializeTrustManager(x509Certificate);
            SSLContext sSLContext = SSLContext.getInstance(TLS_1_3);
            sSLContext.init(initializeKeyManager, initializeTrustManager, new SecureRandom());
            return (SSLSocket) sSLContext.getSocketFactory().createSocket();
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Unable to create an SSL Context for the instance.", e);
        }
    }

    private TrustManager[] initializeTrustManager(X509Certificate x509Certificate) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry(ROOT_CA_CERT, x509Certificate);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(X_509);
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    private KeyManager[] initializeKeyManager(List<X509Certificate> list, PrivateKey privateKey) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(list);
        keyStore.setEntry(CLIENT_CERT, new KeyStore.PrivateKeyEntry(privateKey, (Certificate[]) arrayList.toArray(new Certificate[0])), new KeyStore.PasswordProtection(new char[0]));
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, new char[0]);
        return keyManagerFactory.getKeyManagers();
    }

    private void metadataExchange(SSLSocket sSLSocket) throws IOException {
        logger.debug("Metadata exchange initiated.");
        MetadataExchangeRequest.AuthType authType = MetadataExchangeRequest.AuthType.DB_NATIVE;
        if (this.connectionConfig.getAuthType().equals(AuthType.IAM)) {
            authType = MetadataExchangeRequest.AuthType.AUTO_IAM;
        }
        MetadataExchangeRequest build = MetadataExchangeRequest.newBuilder().setAuthType(authType).setOauth2Token(this.accessTokenSupplier.getTokenValue()).setUserAgent(USER_AGENT).build();
        DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(sSLSocket.getOutputStream()));
        dataOutputStream.writeInt(build.getSerializedSize());
        dataOutputStream.write(build.toByteArray());
        dataOutputStream.flush();
        sSLSocket.setSoTimeout(IO_TIMEOUT_MS);
        DataInputStream dataInputStream = new DataInputStream(new BufferedInputStream(sSLSocket.getInputStream()));
        byte[] bArr = new byte[dataInputStream.readInt()];
        dataInputStream.readFully(bArr);
        sSLSocket.setSoTimeout(0);
        MetadataExchangeResponse parseFrom = MetadataExchangeResponse.parseFrom(bArr);
        if (parseFrom == null || !parseFrom.getResponseCode().equals(MetadataExchangeResponse.ResponseCode.OK)) {
            throw new RuntimeException(parseFrom != null ? parseFrom.getError() : "Metadata exchange response is null.");
        }
        logger.debug("Metadata exchange completed successfully.");
    }
}
