package com.sap.db.jdbc;

import com.sap.db.annotations.GuardedBy;
import com.sap.db.annotations.NotThreadSafe;
import com.sap.db.jdbc.exceptions.RTEException;
import com.sap.db.jdbc.exceptions.SQLExceptionSapDB;
import com.sap.db.util.Base64Utils;
import com.sap.db.util.CharsetUtils;
import com.sap.db.util.MessageKey;
import com.sap.db.util.MessageTranslator;
import com.sap.db.util.RsaOaep;
import com.sap.db.util.SSLUtils;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Authenticator;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.PasswordAuthentication;
import java.net.Proxy;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyFactory;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

@NotThreadSafe
/* loaded from: input_file:com/sap/db/jdbc/SecureSession.class */
public class SecureSession extends Session {
    static final SessionFactory SECURE_SESSION_FACTORY = new SessionFactory() { // from class: com.sap.db.jdbc.SecureSession.1
        @Override // com.sap.db.jdbc.SessionFactory
        public Session newInstance(ConnectionSapDB connectionSapDB, Address address, boolean z) throws RTEException {
            ConnectionProperties connectionProperties = connectionSapDB.getConnectionProperties();
            try {
                Session secureSession = new SecureSession(connectionSapDB, address);
                secureSession._doInfoExchange();
                Session _doConnectExchange = z ? secureSession._doConnectExchange(SecureSession.SECURE_SESSION_FACTORY, connectionProperties.getProperty(ConnectionProperty.DATABASE_NAME)) : secureSession;
                Topologies.setUnreachable(address, false);
                return _doConnectExchange;
            } catch (RTEException e) {
                Topologies.setUnreachable(address, true);
                throw e;
            }
        }
    };
    private final boolean _validateCertificate;
    private final String _hostNameInCertificate;
    private final String _keyStore;
    private final String _keyStoreType;
    private final String _keyStorePasswd;
    private final String _sslKeyStore;
    private final String _trustStore;
    private final String _trustStoreType;
    private final String _trustStorePasswd;
    private final String _sslTrustStore;
    private final String _sniHostname;

    @GuardedBy("_connection (implicit)")
    private final Socket _socket;

    @GuardedBy("_connection (implicit)")
    private final HanaWebSocket _webSocket;

    @GuardedBy("_connection (implicit)")
    private final InputStream _inputStream;

    @GuardedBy("_connection (implicit)")
    private final OutputStream _outputStream;

    SecureSession(ConnectionSapDB connectionSapDB, Address address) throws RTEException {
        super(connectionSapDB, address);
        this._validateCertificate = this._connectionProperties.getBooleanProperty(ConnectionProperty.VALIDATE_CERTIFICATE);
        this._hostNameInCertificate = this._connectionProperties.getProperty(ConnectionProperty.HOST_NAME_IN_CERTIFICATE);
        this._keyStore = this._connectionProperties.getProperty(ConnectionProperty.KEY_STORE);
        this._keyStoreType = this._connectionProperties.getProperty(ConnectionProperty.KEY_STORE_TYPE);
        this._keyStorePasswd = this._connectionProperties.getProperty(ConnectionProperty.KEY_STORE_PASSWD);
        this._sslKeyStore = this._connectionProperties.getProperty(ConnectionProperty.SSL_KEY_STORE);
        this._trustStore = this._connectionProperties.getProperty(ConnectionProperty.TRUST_STORE);
        this._trustStoreType = this._connectionProperties.getProperty(ConnectionProperty.TRUST_STORE_TYPE);
        this._trustStorePasswd = this._connectionProperties.getProperty(ConnectionProperty.TRUST_STORE_PASSWD);
        this._sslTrustStore = this._connectionProperties.getProperty(ConnectionProperty.SSL_TRUST_STORE);
        this._sniHostname = this._connectionProperties.getProperty(ConnectionProperty.SNI_HOSTNAME);
        HanaWebSocket[] hanaWebSocketArr = new HanaWebSocket[1];
        try {
            this._socket = _openSocket(hanaWebSocketArr);
            this._webSocket = hanaWebSocketArr[0];
            this._inputStream = this._socket.getInputStream();
            this._outputStream = this._socket.getOutputStream();
        } catch (IOException e) {
            destroy();
            throw new RTEException(this._tracer, MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, address.toString(), e.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED);
        }
    }

    @Override // com.sap.db.jdbc.Session
    protected Socket _getSocket() {
        return this._socket;
    }

    @Override // com.sap.db.jdbc.Session
    protected HanaWebSocket _getWebSocket() {
        return this._webSocket;
    }

    @Override // com.sap.db.jdbc.Session
    protected InputStream _getInputStream() {
        return this._inputStream;
    }

    @Override // com.sap.db.jdbc.Session
    protected OutputStream _getOutputStream() {
        return this._outputStream;
    }

    private Socket _openSocket(HanaWebSocket[] hanaWebSocketArr) throws RTEException {
        SSLSocketFactory socketFactory;
        Certificate[] certificateArr;
        String property;
        Socket socket = null;
        HanaWebSocket hanaWebSocket = null;
        Address address = this._address.get();
        String host = address.getHost();
        int port = address.getPort();
        String property2 = this._connectionProperties.getProperty(ConnectionProperty.WEB_SOCKET_URL);
        boolean z = !property2.isEmpty();
        String property3 = this._connectionProperties.getProperty(ConnectionProperty.PROXY_HOST_NAME);
        SSLContext sSLContext = null;
        SSLEngine sSLEngine = null;
        SSLSocket sSLSocket = null;
        try {
            if (!this._validateCertificate) {
                TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.sap.db.jdbc.SecureSession.2
                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }
                }};
                sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, trustManagerArr, new SecureRandom());
                socketFactory = sSLContext.getSocketFactory();
            } else if (_isSystemDefaultUsed()) {
                socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
            } else {
                KeyManagerFactory _getKeyManagerFactory = _getKeyManagerFactory(host);
                TrustManagerFactory _getTrustManagerFactory = _getTrustManagerFactory(host);
                KeyManager[] keyManagers = _getKeyManagerFactory != null ? _getKeyManagerFactory.getKeyManagers() : null;
                TrustManager[] trustManagers = _getTrustManagerFactory != null ? _getTrustManagerFactory.getTrustManagers() : null;
                sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(keyManagers, trustManagers, new SecureRandom());
                socketFactory = sSLContext.getSocketFactory();
            }
            if (z) {
                if (sSLContext == null) {
                    sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(null, null, new SecureRandom());
                }
                Proxy proxy = null;
                Authenticator authenticator = null;
                if (!property3.isEmpty()) {
                    int intProperty = this._connectionProperties.getIntProperty(ConnectionProperty.PROXY_PORT);
                    final char[] charArray = this._connectionProperties.getProperty(ConnectionProperty.PROXY_PASSWD).toCharArray();
                    String property4 = this._connectionProperties.getProperty(ConnectionProperty.PROXY_SCP_ACCOUNT);
                    if (property4.isEmpty()) {
                        property = this._connectionProperties.getProperty(ConnectionProperty.PROXY_USER_NAME);
                    } else {
                        int indexOf = property4.indexOf(46);
                        property = indexOf != -1 ? "1." + Base64Utils.encodeToString(property4.substring(0, indexOf - 1).getBytes(CharsetUtils.US_ASCII)) + '.' + Base64Utils.encodeToString(property4.substring(indexOf + 1).getBytes(CharsetUtils.US_ASCII)) : "1." + Base64Utils.encodeToString(property4.getBytes(CharsetUtils.UTF_8));
                    }
                    final String str = property;
                    authenticator = new Authenticator() { // from class: com.sap.db.jdbc.SecureSession.3
                        @Override // java.net.Authenticator
                        protected PasswordAuthentication getPasswordAuthentication() {
                            return new PasswordAuthentication(str, charArray);
                        }
                    };
                    proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(property3, intProperty));
                }
                hanaWebSocket = new HanaWebSocket(this._tracer, _getWebSocketUri(address, property2), proxy, authenticator, _getConnectTimeout(), true, sSLContext.createSSLEngine(), this._connectionProperties.getIntProperty(ConnectionProperty.WEB_SOCKET_PING_TIMEOUT));
                sSLEngine = hanaWebSocket.getSSLEngine();
                sSLEngine.setUseClientMode(true);
                socket = hanaWebSocket.getSocket();
            } else {
                socket = socketFactory.createSocket();
                socket.connect(new InetSocketAddress(host, port), _getConnectTimeout());
                sSLSocket = (SSLSocket) socket;
                sSLSocket.setUseClientMode(true);
            }
            _setSocketOptions(socket);
            if (z) {
                _setWebSocketDefaults(this._connectionProperties);
            }
            ArrayList arrayList = new ArrayList();
            for (String str2 : z ? sSLEngine.getSupportedProtocols() : sSLSocket.getSupportedProtocols()) {
                if (str2.startsWith("TLS")) {
                    arrayList.add(str2);
                }
            }
            if (z) {
                sSLEngine.setEnabledProtocols((String[]) arrayList.toArray(new String[0]));
            } else {
                sSLSocket.setEnabledProtocols((String[]) arrayList.toArray(new String[0]));
            }
            InetAddress byName = InetAddress.getByName(host);
            if (Driver.getJavaVersion() >= 8 && !(byName instanceof Inet6Address)) {
                SNIHostName sNIHostName = new SNIHostName(this._sniHostname == null ? host : this._sniHostname);
                ArrayList arrayList2 = new ArrayList(1);
                arrayList2.add(sNIHostName);
                SSLParameters sSLParameters = z ? sSLEngine.getSSLParameters() : sSLSocket.getSSLParameters();
                sSLParameters.setServerNames(arrayList2);
                if (z) {
                    sSLEngine.setSSLParameters(sSLParameters);
                } else {
                    sSLSocket.setSSLParameters(sSLParameters);
                }
            }
            if (z) {
                hanaWebSocket.doHandshake();
            } else {
                sSLSocket.startHandshake();
            }
            SSLSession session = z ? sSLEngine.getSession() : sSLSocket.getSession();
            try {
                certificateArr = session.getPeerCertificates();
            } catch (SSLPeerUnverifiedException e) {
                certificateArr = new Certificate[0];
            }
            _validateHostName(certificateArr, host, session);
        } catch (RTEException e2) {
            _throwRTEException(e2);
        } catch (UnknownHostException e3) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_UNKNOWN_HOST, host, e3.getMessage(), Integer.valueOf(RteReturnCode.SQLSERVER_OR_DB_UNKNOWN.getCommunicationErrorCode())), RteReturnCode.SQLSERVER_OR_DB_UNKNOWN);
        } catch (IOException e4) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, address.toString(), e4.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSERVER_OR_DB_UNKNOWN, RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode());
        } catch (KeyManagementException e5) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, host, e5.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e5, MessageKey.ERROR_SSL_KEYMANAGEMENTEXCEPTION, e5.getMessage()));
        } catch (NoSuchAlgorithmException e6) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, host, e6.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e6, MessageKey.ERROR_SSL_NOSUCHALGORITHM, e6.getMessage()));
        } catch (SSLHandshakeException e7) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, address.toString(), e7.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSERVER_OR_DB_UNKNOWN, RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode(), e7.getMessage().contains("PKIX path building failed") ? SQLExceptionSapDB.newInstance(e7, MessageKey.ERROR_SSL_CERTIFICATEPATH, e7.getMessage()) : SQLExceptionSapDB.newInstance(e7, MessageKey.ERROR_SSL_HANDSHAKE, e7.getMessage()));
        } catch (SSLException e8) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, address.toString(), e8.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSERVER_OR_DB_UNKNOWN, RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode(), e8.getMessage().contains("Received fatal alert: internal_error") ? SQLExceptionSapDB.newInstance(e8, MessageKey.ERROR_SSL_NOSSLSUPPORT, e8.getMessage()) : SQLExceptionSapDB.newInstance(e8, MessageKey.ERROR_SSL_HANDSHAKE, e8.getMessage()));
        }
        hanaWebSocketArr[0] = hanaWebSocket;
        return socket;
    }

    private boolean _isSystemDefaultUsed() {
        return this._keyStore == null && this._keyStoreType == null && this._keyStorePasswd == null && this._sslKeyStore == null && this._trustStore == null && this._trustStorePasswd == null && this._trustStoreType == null && this._sslTrustStore == null;
    }

    /* JADX WARN: Finally extract failed */
    private KeyManagerFactory _getKeyManagerFactory(String str) throws RTEException {
        String defaultAlgorithm;
        String _getKeyStoreType;
        char[] charArray;
        String _getKeyStoreFileName = _getKeyStoreFileName();
        if (this._sslKeyStore == null && _getKeyStoreFileName == null) {
            return null;
        }
        KeyManagerFactory keyManagerFactory = null;
        java.security.KeyStore keyStore = null;
        if (this._sslKeyStore != null) {
            defaultAlgorithm = "SunX509";
            _getKeyStoreType = "JKS";
            charArray = "".toCharArray();
        } else {
            defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
            _getKeyStoreType = _getKeyStoreType();
            charArray = _getKeyStorePasswd().toCharArray();
        }
        try {
            keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm);
        } catch (NoSuchAlgorithmException e) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e, MessageKey.ERROR_SSL_KEYMANAGERFACTORYNODEFAULT, e.getMessage()));
        }
        try {
            keyStore = java.security.KeyStore.getInstance(_getKeyStoreType);
        } catch (KeyStoreException e2) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e2.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e2, MessageKey.ERROR_SSL_KEYSTORE_CREATE, _getKeyStoreType(), e2.getMessage()));
        }
        try {
            if (this._sslKeyStore != null) {
                keyStore.load(null);
                List<Certificate> _createCertificatesFromPEM = _createCertificatesFromPEM(this._sslKeyStore);
                List<PrivateKey> _createPrivateKeysFromPEM = _createPrivateKeysFromPEM(this._sslKeyStore);
                if (!_createPrivateKeysFromPEM.isEmpty()) {
                    keyStore.setKeyEntry("key-alias", _createPrivateKeysFromPEM.get(0), charArray, (Certificate[]) _createCertificatesFromPEM.toArray(new Certificate[0]));
                }
            } else {
                FileInputStream fileInputStream = null;
                try {
                    try {
                        fileInputStream = new FileInputStream(_getKeyStoreFileName);
                        keyStore.load(fileInputStream, charArray);
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e3) {
                            }
                        }
                    } catch (Throwable th) {
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e4) {
                            }
                        }
                        throw th;
                    }
                } catch (FileNotFoundException e5) {
                    _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e5.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e5, MessageKey.ERROR_SSL_KEYSTORE_FILENOTFOUND, e5.getMessage()));
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e6) {
                        }
                    }
                }
            }
        } catch (IOException e7) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e7.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e7, MessageKey.ERROR_SSL_KEYSTORELOADFAILED_IOEXCEPTION, e7.getMessage()));
        } catch (KeyStoreException e8) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, "Key manager initialization failed: " + e8.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED);
        } catch (NoSuchAlgorithmException e9) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e9.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e9, MessageKey.ERROR_SSL_KEYSTORELOADFAILED_NOSUCHALGORITHM, e9.getMessage()));
        } catch (CertificateException e10) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e10.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e10, MessageKey.ERROR_SSL_KEYSTORELOADFAILED_CERTIFICATE, e10.getMessage()));
        } catch (InvalidKeySpecException e11) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e11.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e11, MessageKey.ERROR_SSL_TRUSTSTORELOADFAILED_INVALIDKEYSPEC, e11.getMessage()));
        }
        try {
            keyManagerFactory.init(keyStore, charArray);
        } catch (KeyStoreException e12) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, "Key manager initialization failed: " + e12.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED);
        } catch (NoSuchAlgorithmException e13) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e13.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e13, MessageKey.ERROR_SSL_KEYMANAGERFACTORY_NOSUCHALGORITHM, e13.getMessage()));
        } catch (UnrecoverableKeyException e14) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e14.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e14, MessageKey.ERROR_SSL_KEYMANAGERFACTORY_UNRECOVERABLEKEY, e14.getMessage()));
        }
        return keyManagerFactory;
    }

    /* JADX WARN: Finally extract failed */
    private TrustManagerFactory _getTrustManagerFactory(String str) throws RTEException {
        String defaultAlgorithm;
        String _getTrustStoreType;
        char[] charArray;
        String _getTrustStoreFileName = _getTrustStoreFileName();
        if (this._sslTrustStore == null && _getTrustStoreFileName == null) {
            return null;
        }
        TrustManagerFactory trustManagerFactory = null;
        java.security.KeyStore keyStore = null;
        if (this._sslTrustStore != null) {
            defaultAlgorithm = "SunX509";
            _getTrustStoreType = "JKS";
            charArray = null;
        } else {
            defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
            _getTrustStoreType = _getTrustStoreType();
            String _getTrustStorePasswd = _getTrustStorePasswd();
            charArray = _getTrustStorePasswd != null ? _getTrustStorePasswd.toCharArray() : null;
        }
        try {
            trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
        } catch (NoSuchAlgorithmException e) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e, MessageKey.ERROR_SSL_TRUSTMANAGERFACTORYNODEFAULT, e.getMessage()));
        }
        try {
            keyStore = java.security.KeyStore.getInstance(_getTrustStoreType);
        } catch (KeyStoreException e2) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e2.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e2, MessageKey.ERROR_SSL_TRUSTSTORE_CREATE, e2.getMessage()));
        }
        try {
            if (this._sslTrustStore != null) {
                keyStore.load(null);
                List<Certificate> _createCertificatesFromPEM = _createCertificatesFromPEM(this._sslTrustStore);
                int size = _createCertificatesFromPEM.size();
                for (int i = 0; i < size; i++) {
                    keyStore.setCertificateEntry("cert-alias-" + String.valueOf(i), _createCertificatesFromPEM.get(i));
                }
            } else {
                FileInputStream fileInputStream = null;
                try {
                    try {
                        fileInputStream = new FileInputStream(_getTrustStoreFileName);
                        keyStore.load(fileInputStream, charArray);
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e3) {
                            }
                        }
                    } catch (FileNotFoundException e4) {
                        _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e4.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e4, MessageKey.ERROR_SSL_TRUSTSTORE_FILENOTFOUND, e4.getMessage()));
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e5) {
                            }
                        }
                    }
                } catch (Throwable th) {
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e6) {
                        }
                    }
                    throw th;
                }
            }
        } catch (IOException e7) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e7.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e7, MessageKey.ERROR_SSL_TRUSTSTORELOADFAILED_IOEXCEPTION, e7.getMessage()));
        } catch (KeyStoreException e8) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e8.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e8, MessageKey.ERROR_SSL_TRUSTMANAGERFACTORY_KEYSTORE, e8.getMessage()));
        } catch (NoSuchAlgorithmException e9) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e9.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e9, MessageKey.ERROR_SSL_TRUSTSTORELOADFAILED_NOSUCHALGORITHM, e9.getMessage()));
        } catch (CertificateException e10) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e10.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e10, MessageKey.ERROR_SSL_TRUSTSTORELOADFAILED_CERTIFICATE, e10.getMessage()));
        }
        try {
            trustManagerFactory.init(keyStore);
        } catch (KeyStoreException e11) {
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, e11.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, SQLExceptionSapDB.newInstance(e11, MessageKey.ERROR_SSL_TRUSTMANAGERFACTORY_KEYSTORE, e11.getMessage()));
        }
        return trustManagerFactory;
    }

    private String _getKeyStoreFileName() {
        return this._keyStore != null ? this._keyStore : System.getProperty("javax.net.ssl.keyStore");
    }

    private String _getKeyStoreType() {
        return this._keyStoreType != null ? this._keyStoreType : "JKS";
    }

    private String _getKeyStorePasswd() {
        if (this._keyStorePasswd != null) {
            return this._keyStorePasswd;
        }
        String property = System.getProperty("javax.net.ssl.keyStorePassword");
        return property != null ? property : "";
    }

    private String _getTrustStoreFileName() {
        return this._trustStore != null ? this._trustStore : System.getProperty("javax.net.ssl.trustStore");
    }

    private String _getTrustStoreType() {
        return this._trustStoreType != null ? this._trustStoreType : "JKS";
    }

    private String _getTrustStorePasswd() {
        return this._trustStorePasswd != null ? this._trustStorePasswd : System.getProperty("javax.net.ssl.trustStorePassword");
    }

    private void _validateHostName(Certificate[] certificateArr, String str, SSLSession sSLSession) throws RTEException {
        HostnameVerifier hostnameVerifier;
        if ("*".equals(this._hostNameInCertificate) || !this._validateCertificate) {
            return;
        }
        if (certificateArr.length == 0) {
            SQLException newInstance = SQLExceptionSapDB.newInstance(MessageKey.ERROR_SSL_NO_CERTIFICATE_FOUND, new String[0]);
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, newInstance.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, newInstance);
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) certificateArr[0];
            String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
            if (!SSLUtils.validateHostName(name, x509Certificate.getSubjectAlternativeNames(), this._hostNameInCertificate == null ? str : this._hostNameInCertificate) && ((hostnameVerifier = Driver.getHostnameVerifier()) == null || !hostnameVerifier.verify(str, sSLSession))) {
                String[] strArr = new String[2];
                strArr[0] = name;
                strArr[1] = this._hostNameInCertificate == null ? str : this._hostNameInCertificate;
                SQLException newInstance2 = SQLExceptionSapDB.newInstance(MessageKey.ERROR_SSL_HOSTNAMEVERIFICATION_FAILED, strArr);
                _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, newInstance2.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, newInstance2);
            }
        } catch (ClassCastException e) {
            SQLException newInstance3 = SQLExceptionSapDB.newInstance(e, MessageKey.ERROR_SSL_NOX509CERTIFICATE, new String[0]);
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, newInstance3.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, newInstance3);
        } catch (CertificateParsingException e2) {
            SQLException newInstance4 = SQLExceptionSapDB.newInstance(e2, MessageKey.ERROR_SSL_NOX509CERTIFICATE, new String[0]);
            _throwRTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, str, newInstance4.getMessage(), Integer.valueOf(RteReturnCode.SQLSTART_REQUIRED.getCommunicationErrorCode())), RteReturnCode.SQLSTART_REQUIRED, newInstance4);
        }
    }

    private static List<Certificate> _createCertificatesFromPEM(String str) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        List<byte[]> decodeCertificates = Base64Utils.decodeCertificates(str);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Iterator<byte[]> it = decodeCertificates.iterator();
        while (it.hasNext()) {
            arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(it.next())));
        }
        return arrayList;
    }

    private static List<PrivateKey> _createPrivateKeysFromPEM(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        ArrayList arrayList = new ArrayList();
        List<byte[]> decodePrivateKeys = Base64Utils.decodePrivateKeys(str);
        KeyFactory keyFactory = KeyFactory.getInstance(RsaOaep.JAVA_ALGORITHM_NAME);
        Iterator<byte[]> it = decodePrivateKeys.iterator();
        while (it.hasNext()) {
            arrayList.add(keyFactory.generatePrivate(new PKCS8EncodedKeySpec(it.next())));
        }
        return arrayList;
    }
}
