package com.impossibl.postgres.protocol.v30;

import com.impossibl.postgres.protocol.Notice;
import com.impossibl.postgres.protocol.Protocol;
import com.impossibl.postgres.protocol.ProtocolFactory;
import com.impossibl.postgres.protocol.SSLRequestCommand;
import com.impossibl.postgres.protocol.StartupCommand;
import com.impossibl.postgres.protocol.ssl.SSLEngineFactory;
import com.impossibl.postgres.protocol.ssl.SSLMode;
import com.impossibl.postgres.protocol.v30.ProtocolShared;
import com.impossibl.postgres.system.BasicContext;
import com.impossibl.postgres.system.NoticeException;
import com.impossibl.postgres.system.Settings;
import com.impossibl.postgres.utils.Converter;
import com.impossibl.postgres.utils.StringTransforms;
import io.netty.channel.Channel;
import io.netty.handler.ssl.SslHandler;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:com/impossibl/postgres/protocol/v30/ProtocolFactoryImpl.class */
public class ProtocolFactoryImpl implements ProtocolFactory {
    @Override // com.impossibl.postgres.protocol.ProtocolFactory
    public Protocol connect(SocketAddress socketAddress, BasicContext basicContext) throws IOException, NoticeException {
        return connect((SSLMode) basicContext.getSetting(Settings.SSL_MODE, (Converter) new Converter<SSLMode>() { // from class: com.impossibl.postgres.protocol.v30.ProtocolFactoryImpl.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.impossibl.postgres.utils.Converter
            public SSLMode apply(Object obj) {
                return obj == null ? Settings.SSL_MODE_DEFAULT : SSLMode.valueOf(StringTransforms.capitalizeOption(obj.toString()));
            }
        }), socketAddress, basicContext);
    }

    /* JADX WARN: Type inference failed for: r0v9, types: [io.netty.channel.ChannelFuture] */
    Protocol connect(SSLMode sSLMode, SocketAddress socketAddress, BasicContext basicContext) throws IOException, NoticeException {
        SslHandler sslHandler;
        try {
            ProtocolShared.Ref acquire = ProtocolShared.acquire();
            Channel channel = acquire.get().getBootstrap().connect(socketAddress).syncUninterruptibly2().channel();
            ProtocolImpl newInstance = ProtocolImpl.newInstance(acquire, channel, basicContext);
            if (sSLMode != SSLMode.Disable && sSLMode != SSLMode.Allow) {
                SSLRequestCommand createSSLRequest = newInstance.createSSLRequest();
                if (createSSLRequest == null && sSLMode.isRequired()) {
                    throw new IOException("SSL not available");
                }
                newInstance.execute(createSSLRequest);
                if (createSSLRequest.isAllowed()) {
                    SslHandler sslHandler2 = new SslHandler(SSLEngineFactory.create(sSLMode, basicContext));
                    channel.pipeline().addFirst("ssl", sslHandler2);
                    try {
                        sslHandler2.handshakeFuture().syncUninterruptibly2();
                    } catch (Exception e) {
                        if (sSLMode == SSLMode.Prefer) {
                            return connect(SSLMode.Disable, socketAddress, basicContext);
                        }
                        throw e;
                    }
                } else if (sSLMode.isRequired()) {
                    throw new IOException("SSL not allowed by server");
                }
            }
            try {
                startup(newInstance, basicContext);
                if (sSLMode == SSLMode.VerifyFull && (sslHandler = (SslHandler) channel.pipeline().get(SslHandler.class)) != null) {
                    verifyHostname(socketAddress instanceof InetSocketAddress ? ((InetSocketAddress) socketAddress).getHostString() : "", sslHandler.engine().getSession());
                }
                return newInstance;
            } catch (Exception e2) {
                switch (sSLMode) {
                    case Allow:
                        return connect(SSLMode.Require, socketAddress, basicContext);
                    case Prefer:
                        return connect(SSLMode.Disable, socketAddress, basicContext);
                    default:
                        throw e2;
                }
            }
        } catch (NoticeException e3) {
            throw e3;
        } catch (Exception e4) {
            throw translateConnectionException(e4);
        }
    }

    private void startup(ProtocolImpl protocolImpl, BasicContext basicContext) throws IOException, NoticeException {
        HashMap hashMap = new HashMap();
        hashMap.put(Settings.APPLICATION_NAME, basicContext.getSetting(Settings.APPLICATION_NAME, "pgjdbc app"));
        hashMap.put(Settings.CLIENT_ENCODING, basicContext.getSetting(Settings.CLIENT_ENCODING, "UTF8"));
        hashMap.put("database", basicContext.getSetting("database", ""));
        hashMap.put("user", basicContext.getSetting("user", ""));
        StartupCommand createStartup = protocolImpl.createStartup(hashMap);
        protocolImpl.execute(createStartup);
        Notice error = createStartup.getError();
        if (error != null) {
            throw new NoticeException("Startup Failed", error);
        }
    }

    public void verifyHostname(String str, SSLSession sSLSession) throws SSLPeerUnverifiedException {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) sSLSession.getPeerCertificates();
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new SSLPeerUnverifiedException("No peer certificates");
        }
        try {
            String str2 = null;
            Iterator it = new LdapName(x509CertificateArr[0].getSubjectX500Principal().getName("RFC2253")).getRdns().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Rdn rdn = (Rdn) it.next();
                if ("CN".equals(rdn.getType())) {
                    str2 = (String) rdn.getValue();
                    break;
                }
            }
            if (str2 == null) {
                throw new SSLPeerUnverifiedException("Common name not found");
            }
            if (!str2.startsWith("*")) {
                if (!str2.equals(str)) {
                    throw new SSLPeerUnverifiedException("The hostname " + str + " could not be verified");
                }
            } else {
                if (!str.endsWith(str2.substring(1))) {
                    throw new SSLPeerUnverifiedException("The hostname " + str + " could not be verified");
                }
                if (!str.substring(0, (str.length() - str2.length()) + 1).contains(".")) {
                    throw new SSLPeerUnverifiedException("The hostname " + str + " could not be verified");
                }
            }
        } catch (InvalidNameException e) {
            throw new SSLPeerUnverifiedException("Invalid name in certificate");
        }
    }

    private IOException translateConnectionException(Exception exc) {
        IOException iOException;
        IOException iOException2 = exc instanceof IOException ? (IOException) exc : exc.getCause() == null ? new IOException(exc) : exc.getCause() instanceof IOException ? (IOException) exc.getCause() : new IOException(exc.getCause());
        while (true) {
            iOException = iOException2;
            if (!(iOException instanceof SSLHandshakeException)) {
                break;
            }
            iOException2 = iOException.getCause() instanceof IOException ? (IOException) iOException.getCause() : new SSLException(iOException.getCause().getMessage(), iOException.getCause());
        }
        if ((iOException instanceof SSLException) && !iOException.getMessage().startsWith("SSL Error")) {
            iOException = new SSLException("SSL Error: " + iOException.getMessage(), iOException.getCause());
        }
        return iOException;
    }
}
