package com.amazon.hiveserver2.hivecommon.api;

import com.amazon.hiveserver2.hivecommon.core.HiveJDBCCommonDriver;
import com.amazon.hiveserver2.hivecommon.exceptions.HiveJDBCMessageKey;
import com.amazon.hiveserver2.jdbc.utils.DSTrustManager;
import com.amazon.hiveserver2.support.exceptions.ErrorException;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Iterator;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.HttpVersion;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpProtocolParams;
import org.apache.thrift.transport.TSocket;

/* loaded from: input_file:target/com/amazon/hiveserver2/hivecommon/api/TETSSLTransportFactory.class */
public class TETSSLTransportFactory {
    private static final String PROTOCOL_SSL = "SSL";

    /* loaded from: input_file:target/com/amazon/hiveserver2/hivecommon/api/TETSSLTransportFactory$TETSSLTransportParameters.class */
    public static class TETSSLTransportParameters {
        protected String protocol;
        protected String keyStore;
        protected String keyPass;
        protected String keyManagerType;
        protected String keyStoreType;
        private String trustStore;
        private String trustPass;
        private String trustManagerType;
        private String trustStoreType;
        protected String[] cipherSuites;
        protected boolean clientAuth;
        protected boolean isKeyStoreSet;
        private boolean isTrustStoreSet;
        private boolean allowSelfSigned;
        private boolean certNamesMismatch;
        protected boolean hostNameInSAN;

        public TETSSLTransportParameters() {
            this.protocol = SSLSocketFactory.TLS;
            this.keyManagerType = KeyManagerFactory.getDefaultAlgorithm();
            this.keyStoreType = "JKS";
            this.trustManagerType = TrustManagerFactory.getDefaultAlgorithm();
            this.trustStoreType = "JKS";
            this.clientAuth = false;
            this.isKeyStoreSet = false;
            this.isTrustStoreSet = false;
            this.allowSelfSigned = false;
            this.certNamesMismatch = false;
            this.hostNameInSAN = true;
        }

        public TETSSLTransportParameters(String str, String[] strArr) {
            this(str, strArr, false);
        }

        public TETSSLTransportParameters(String str, String[] strArr, boolean z) {
            this.protocol = SSLSocketFactory.TLS;
            this.keyManagerType = KeyManagerFactory.getDefaultAlgorithm();
            this.keyStoreType = "JKS";
            this.trustManagerType = TrustManagerFactory.getDefaultAlgorithm();
            this.trustStoreType = "JKS";
            this.clientAuth = false;
            this.isKeyStoreSet = false;
            this.isTrustStoreSet = false;
            this.allowSelfSigned = false;
            this.certNamesMismatch = false;
            this.hostNameInSAN = true;
            if (str != null) {
                this.protocol = str;
            }
            this.cipherSuites = strArr;
            this.clientAuth = z;
        }

        public void setKeyStore(String str, String str2, String str3, String str4) {
            this.keyStore = str;
            this.keyPass = str2;
            if (str3 != null) {
                this.keyManagerType = str3;
            }
            if (str4 != null) {
                this.keyStoreType = str4;
            }
            this.isKeyStoreSet = true;
        }

        public void setKeyStore(String str, String str2) {
            setKeyStore(str, str2, null, null);
        }

        public void setTrustStore(String str, String str2, String str3, String str4) {
            this.trustStore = str;
            this.trustPass = str2;
            if (str3 != null) {
                this.trustManagerType = str3;
            }
            if (str4 != null) {
                this.trustStoreType = str4;
            }
            this.isTrustStoreSet = true;
        }

        public void setTrustStore(String str, String str2) {
            setTrustStore(str, str2, null, null);
        }

        public void requireClientAuth(boolean z) {
            this.clientAuth = z;
        }

        public void allowSelfSigned(boolean z) {
            this.allowSelfSigned = z;
        }

        public void certNamesMismatch(boolean z) {
            this.certNamesMismatch = z;
        }

        public void hostNameInSAN(boolean z) {
            this.hostNameInSAN = z;
        }

        public boolean isAllowSelfSigned() {
            return this.allowSelfSigned;
        }

        public boolean isCertNamesMismatch() {
            return this.certNamesMismatch;
        }

        public boolean isHostNameInSAN() {
            return this.hostNameInSAN;
        }

        public String getTrustManagerType() {
            return this.trustManagerType;
        }

        public String getTrustPass() {
            return this.trustPass;
        }

        public String getTrustStore() {
            return this.trustStore;
        }

        public boolean isTrustStoreSet() {
            return this.isTrustStoreSet;
        }

        public String getTrustStoreType() {
            return this.trustStoreType;
        }
    }

    public static TSocket getClientSocket(String str, int i, int i2, TETSSLTransportParameters tETSSLTransportParameters) throws ErrorException {
        if (null == tETSSLTransportParameters) {
            throw HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.CONN_SSL_PARAMS_NOT_SET.name());
        }
        return createClient(createSSLContext(tETSSLTransportParameters, str).getSocketFactory(), str, i, i2);
    }

    public static HttpClient getHttpClient(String str, int i, int i2, TETSSLTransportParameters tETSSLTransportParameters) throws ErrorException {
        if (null == tETSSLTransportParameters) {
            throw HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.CONN_SSL_PARAMS_NOT_SET.name());
        }
        SSLContext createSSLContext = createSSLContext(tETSSLTransportParameters, str);
        return createHttpClient((tETSSLTransportParameters.certNamesMismatch || tETSSLTransportParameters.allowSelfSigned) ? new SSLSocketFactory(createSSLContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) : new SSLSocketFactory(createSSLContext), str, i, i2);
    }

    private static String[] removeSSLProtocols(String[] strArr) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("Input protocols = '");
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            stringBuffer.append(str);
            stringBuffer.append(",");
            if (null != str && !str.toUpperCase().contains("SSL")) {
                arrayList.add(str);
            }
        }
        stringBuffer.append("', enabled protocols = '");
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            stringBuffer.append((String) it.next());
            stringBuffer.append(",");
        }
        stringBuffer.append("'");
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private static SSLContext createSSLContext(TETSSLTransportParameters tETSSLTransportParameters, String str) throws ErrorException {
        try {
            SSLContext sSLContext = SSLContext.getInstance(tETSSLTransportParameters.protocol);
            KeyManager[] keyManagerArr = null;
            if (tETSSLTransportParameters.isKeyStoreSet) {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(tETSSLTransportParameters.keyManagerType);
                KeyStore keyStore = KeyStore.getInstance(tETSSLTransportParameters.keyStoreType);
                char[] cArr = null;
                if (null != tETSSLTransportParameters.keyPass) {
                    cArr = tETSSLTransportParameters.keyPass.toCharArray();
                }
                keyStore.load(new FileInputStream(tETSSLTransportParameters.keyStore), cArr);
                keyManagerFactory.init(keyStore, cArr);
                keyManagerArr = keyManagerFactory.getKeyManagers();
            }
            sSLContext.init(keyManagerArr, new TrustManager[]{new DSTrustManager(tETSSLTransportParameters, str)}, null);
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            createSSLEngine.setEnabledProtocols(removeSSLProtocols(createSSLEngine.getEnabledProtocols()));
            return sSLContext;
        } catch (Exception e) {
            ErrorException createGeneralException = HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.CONN_CREATE_AUTHENTICATION_TRANSPORT_ERR.name(), e.getMessage());
            createGeneralException.initCause(e);
            throw createGeneralException;
        }
    }

    private static TSocket createClient(javax.net.ssl.SSLSocketFactory sSLSocketFactory, String str, int i, int i2) throws ErrorException {
        try {
            SSLSocket sSLSocket = (SSLSocket) sSLSocketFactory.createSocket(str, i);
            sSLSocket.setSoTimeout(i2);
            sSLSocket.setEnabledProtocols(removeSSLProtocols(sSLSocket.getEnabledProtocols()));
            TSocket tSocket = new TSocket(sSLSocket);
            tSocket.setTimeout(i2);
            return tSocket;
        } catch (Exception e) {
            ErrorException createGeneralException = HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.CONN_THRIFT_COULD_NOT_CONNECT.name(), new String[]{str, String.valueOf(i)});
            createGeneralException.initCause(e);
            throw createGeneralException;
        }
    }

    private static HttpClient createHttpClient(SSLSocketFactory sSLSocketFactory, String str, int i, int i2) throws ErrorException {
        try {
            BasicHttpParams basicHttpParams = new BasicHttpParams();
            HttpProtocolParams.setVersion(basicHttpParams, HttpVersion.HTTP_1_1);
            HttpProtocolParams.setContentCharset(basicHttpParams, "UTF-8");
            DefaultHttpClient defaultHttpClient = new DefaultHttpClient(basicHttpParams);
            defaultHttpClient.getConnectionManager().getSchemeRegistry().register(new Scheme("https", 443, sSLSocketFactory));
            return defaultHttpClient;
        } catch (Exception e) {
            throw HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.CONN_THRIFT_COULD_NOT_CONNECT.name(), new String[]{str, String.valueOf(i)}, e);
        }
    }
}
