package com.mysql.jdbc;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.sql.SQLException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:lib/mysql-connector-java-5.1.19-bin.jar:com/mysql/jdbc/ExportControlled.class */
public class ExportControlled {
    private static final String SQL_STATE_BAD_SSL_PARAMS = "08000";

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean enabled() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void transformSocketToSSLSocket(MysqlIO mysqlIO) throws SQLException {
        try {
            mysqlIO.mysqlConnection = getSSLSocketFactoryDefaultOrConfigured(mysqlIO).createSocket(mysqlIO.mysqlConnection, mysqlIO.host, mysqlIO.port, true);
            ((SSLSocket) mysqlIO.mysqlConnection).setEnabledProtocols(new String[]{"TLSv1"});
            ((SSLSocket) mysqlIO.mysqlConnection).startHandshake();
            if (mysqlIO.connection.getUseUnbufferedInput()) {
                mysqlIO.mysqlInput = mysqlIO.mysqlConnection.getInputStream();
            } else {
                mysqlIO.mysqlInput = new BufferedInputStream(mysqlIO.mysqlConnection.getInputStream(), 16384);
            }
            mysqlIO.mysqlOutput = new BufferedOutputStream(mysqlIO.mysqlConnection.getOutputStream(), 16384);
            mysqlIO.mysqlOutput.flush();
        } catch (IOException e) {
            throw SQLError.createCommunicationsException(mysqlIO.connection, mysqlIO.getLastPacketSentTimeMs(), mysqlIO.getLastPacketReceivedTimeMs(), e, mysqlIO.getExceptionInterceptor());
        }
    }

    private ExportControlled() {
    }

    private static SSLSocketFactory getSSLSocketFactoryDefaultOrConfigured(MysqlIO mysqlIO) throws SQLException {
        String clientCertificateKeyStoreUrl = mysqlIO.connection.getClientCertificateKeyStoreUrl();
        String trustCertificateKeyStoreUrl = mysqlIO.connection.getTrustCertificateKeyStoreUrl();
        String clientCertificateKeyStoreType = mysqlIO.connection.getClientCertificateKeyStoreType();
        String clientCertificateKeyStorePassword = mysqlIO.connection.getClientCertificateKeyStorePassword();
        String trustCertificateKeyStoreType = mysqlIO.connection.getTrustCertificateKeyStoreType();
        String trustCertificateKeyStorePassword = mysqlIO.connection.getTrustCertificateKeyStorePassword();
        if (StringUtils.isNullOrEmpty(clientCertificateKeyStoreUrl) && StringUtils.isNullOrEmpty(trustCertificateKeyStoreUrl) && mysqlIO.connection.getVerifyServerCertificate()) {
            return (SSLSocketFactory) SSLSocketFactory.getDefault();
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreUrl)) {
                try {
                    if (!StringUtils.isNullOrEmpty(clientCertificateKeyStoreType)) {
                        KeyStore keyStore = KeyStore.getInstance(clientCertificateKeyStoreType);
                        URL url = new URL(clientCertificateKeyStoreUrl);
                        char[] charArray = clientCertificateKeyStorePassword == null ? new char[0] : clientCertificateKeyStorePassword.toCharArray();
                        keyStore.load(url.openStream(), charArray);
                        keyManagerFactory.init(keyStore, charArray);
                    }
                } catch (MalformedURLException e) {
                    throw SQLError.createSQLException(clientCertificateKeyStoreUrl + " does not appear to be a valid URL.", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                } catch (IOException e2) {
                    SQLException createSQLException = SQLError.createSQLException("Cannot open " + clientCertificateKeyStoreUrl + " [" + e2.getMessage() + "]", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                    createSQLException.initCause(e2);
                    throw createSQLException;
                } catch (KeyStoreException e3) {
                    throw SQLError.createSQLException("Could not create KeyStore instance [" + e3.getMessage() + "]", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                } catch (NoSuchAlgorithmException e4) {
                    throw SQLError.createSQLException("Unsupported keystore algorithm [" + e4.getMessage() + "]", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                } catch (UnrecoverableKeyException e5) {
                    throw SQLError.createSQLException("Could not recover keys from client keystore.  Check password?", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                } catch (CertificateException e6) {
                    throw SQLError.createSQLException("Could not load client" + clientCertificateKeyStoreType + " keystore from " + clientCertificateKeyStoreUrl, mysqlIO.getExceptionInterceptor());
                }
            }
            if (!StringUtils.isNullOrEmpty(trustCertificateKeyStoreUrl)) {
                try {
                    if (!StringUtils.isNullOrEmpty(trustCertificateKeyStoreType)) {
                        KeyStore keyStore2 = KeyStore.getInstance(trustCertificateKeyStoreType);
                        keyStore2.load(new URL(trustCertificateKeyStoreUrl).openStream(), trustCertificateKeyStorePassword == null ? new char[0] : trustCertificateKeyStorePassword.toCharArray());
                        trustManagerFactory.init(keyStore2);
                    }
                } catch (MalformedURLException e7) {
                    throw SQLError.createSQLException(trustCertificateKeyStoreUrl + " does not appear to be a valid URL.", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                } catch (IOException e8) {
                    SQLException createSQLException2 = SQLError.createSQLException("Cannot open " + trustCertificateKeyStoreUrl + " [" + e8.getMessage() + "]", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                    createSQLException2.initCause(e8);
                    throw createSQLException2;
                } catch (KeyStoreException e9) {
                    throw SQLError.createSQLException("Could not create KeyStore instance [" + e9.getMessage() + "]", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                } catch (NoSuchAlgorithmException e10) {
                    throw SQLError.createSQLException("Unsupported keystore algorithm [" + e10.getMessage() + "]", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                } catch (CertificateException e11) {
                    throw SQLError.createSQLException("Could not load trust" + trustCertificateKeyStoreType + " keystore from " + trustCertificateKeyStoreUrl, SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
                }
            }
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(StringUtils.isNullOrEmpty(clientCertificateKeyStoreUrl) ? null : keyManagerFactory.getKeyManagers(), mysqlIO.connection.getVerifyServerCertificate() ? trustManagerFactory.getTrustManagers() : new X509TrustManager[]{new X509TrustManager() { // from class: com.mysql.jdbc.ExportControlled.1
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                }}, null);
                return sSLContext.getSocketFactory();
            } catch (KeyManagementException e12) {
                throw SQLError.createSQLException("KeyManagementException: " + e12.getMessage(), SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
            } catch (NoSuchAlgorithmException e13) {
                throw SQLError.createSQLException("TLS is not a valid SSL protocol.", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
            }
        } catch (NoSuchAlgorithmException e14) {
            throw SQLError.createSQLException("Default algorithm definitions for TrustManager and/or KeyManager are invalid.  Check java security properties file.", SQL_STATE_BAD_SSL_PARAMS, 0, false, mysqlIO.getExceptionInterceptor());
        }
    }
}
