package com.kingbase8.ssl;

import com.kingbase8.KBProperty;
import com.kingbase8.core.KBStream;
import com.kingbase8.core.SocketFactoryFactory;
import com.kingbase8.jdbc.SslMode;
import com.kingbase8.util.GT;
import com.kingbase8.util.KSQLException;
import com.kingbase8.util.KSQLState;
import com.kingbase8.util.LOGGER;
import com.kingbase8.util.ObjectFactory;
import java.io.IOException;
import java.util.Properties;
import java.util.logging.Level;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: input_file:BOOT-INF/lib/jdbc-8.6.0.jar:com/kingbase8/ssl/MakeSSL.class */
public class MakeSSL extends ObjectFactory {
    public static void convert(KBStream kBStream, Properties properties) throws KSQLException, IOException {
        LOGGER.log(Level.FINE, "converting regular socket connection to ssl", new Object[0]);
        SSLSocketFactory sslSocketFactory = SocketFactoryFactory.getSslSocketFactory(properties);
        try {
            SSLSocket sSLSocket = (SSLSocket) sslSocketFactory.createSocket(kBStream.getSocket(), kBStream.getHostSpec().getHost(), kBStream.getHostSpec().getPort(), true);
            sSLSocket.setUseClientMode(true);
            sSLSocket.startHandshake();
            if (sslSocketFactory instanceof LibPQFactory) {
                ((LibPQFactory) sslSocketFactory).throwKeyManagerException();
            }
            if (SslMode.of(properties).verifyPeerName()) {
                verifyPeerName(kBStream, properties, sSLSocket);
            }
            kBStream.changeSocket(sSLSocket);
        } catch (IOException e) {
            throw new KSQLException(GT.tr("SSL error: {0}", e.getMessage()), KSQLState.CONNECTION_FAILURE, e);
        }
    }

    private static void verifyPeerName(KBStream kBStream, Properties properties, SSLSocket sSLSocket) throws KSQLException {
        HostnameVerifier hostnameVerifier;
        String str = KBProperty.SSL_HOSTNAME_VERIFIER.get(properties);
        if (str == null) {
            hostnameVerifier = KBjdbcHostnameVerifier.INSTANCE;
            str = "PgjdbcHostnameVerifier";
        } else {
            try {
                hostnameVerifier = (HostnameVerifier) instantiate(str, properties, false, null);
            } catch (Exception e) {
                throw new KSQLException(GT.tr("The HostnameVerifier class provided {0} could not be instantiated.", str), KSQLState.CONNECTION_FAILURE, e);
            }
        }
        if (!hostnameVerifier.verify(kBStream.getHostSpec().getHost(), sSLSocket.getSession())) {
            throw new KSQLException(GT.tr("The hostname {0} could not be verified by hostnameverifier {1}.", kBStream.getHostSpec().getHost(), str), KSQLState.CONNECTION_FAILURE);
        }
    }
}
