package com.kingbase8.ukpwd;

import com.kingbase8.KBProperty;
import com.kingbase8.core.KBStream;
import com.kingbase8.ssl.LazyKeyManager;
import com.kingbase8.ssl.LibKCIFactory;
import com.kingbase8.ssl.PKCS12KeyManager;
import com.kingbase8.util.GT;
import com.kingbase8.util.KBLOGGER;
import com.kingbase8.util.KSQLException;
import com.kingbase8.util.KSQLState;
import com.kingbase8.util.ObjectFactory;
import com.kingbase8.util.TraceLogger;
import com.mysql.cj.conf.PropertyDefinitions;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.sql.SQLException;
import java.util.Properties;
import java.util.Random;
import java.util.logging.Level;
import javax.net.ssl.KeyManager;
import javax.security.auth.callback.CallbackHandler;

/* loaded from: input_file:WEB-INF/lib/kingbase8-8.6.0.jar:com/kingbase8/ukpwd/CertAuthenticator.class */
public class CertAuthenticator {
    private Properties infoProps;
    private KBStream kbStream;
    private byte[] clientRandom;
    private KeyManager km;
    private boolean defaultfileT;
    private String sslrootcertfile;
    private String sslcertfile;
    private String sslkeyfileT;

    public CertAuthenticator(KBStream kBStream, Properties properties) throws KSQLException {
        String str;
        this.kbStream = kBStream;
        this.infoProps = properties;
        String property = System.getProperty("file.separator");
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        if (System.getProperty(PropertyDefinitions.SYSP_os_name).toLowerCase().contains("windows")) {
            str = System.getenv("APPDATA") + property + "kingbase8" + property;
        } else {
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            str = System.getProperty("user.home") + property + ".kingbase8" + property;
        }
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        this.sslkeyfileT = KBProperty.UKPWD_KEY.get(properties);
        if (this.sslkeyfileT == null) {
            this.defaultfileT = true;
            this.sslkeyfileT = str + "uclient.pk8";
        }
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        if (this.sslkeyfileT.endsWith("pk8") || this.sslkeyfileT.endsWith("key")) {
            initPk8(this.sslkeyfileT, str, properties);
        } else {
            if (!this.sslkeyfileT.endsWith("p12")) {
                throw new KSQLException("The key file must end with pk8 or p12 or key.", KSQLState.INVALID_PARAMETER_VALUE);
            }
            initP12(this.sslkeyfileT, properties);
        }
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        this.sslrootcertfile = KBProperty.UKPWD_ROOT_CERT.get(properties);
        if (this.sslrootcertfile == null) {
            this.sslrootcertfile = str + "ca.crt";
        }
    }

    private void initPk8(String str, String str2, Properties properties) throws KSQLException {
        this.sslcertfile = KBProperty.UKPWD_CERT.get(properties);
        if (this.sslcertfile == null) {
            this.defaultfileT = true;
            this.sslcertfile = str2 + "uclient.crt";
        }
        this.km = new LazyKeyManager("".equals(this.sslcertfile) ? null : this.sslcertfile, "".equals(str) ? null : str, getCallbackHandler(properties), this.defaultfileT);
    }

    private void initP12(String str, Properties properties) throws KSQLException {
        this.km = new PKCS12KeyManager(str, getCallbackHandler(properties));
    }

    private CallbackHandler getCallbackHandler(Properties properties) throws KSQLException {
        CallbackHandler callbackHandler;
        String str = KBProperty.UKPWD_PASSWORD_CALLBACK.get(properties);
        if (str != null) {
            try {
                callbackHandler = (CallbackHandler) ObjectFactory.instantiate(CallbackHandler.class, str, properties, false, null);
            } catch (Exception e) {
                throw new KSQLException(GT.tr("The password callback class provided {0} could not be instantiated.", str), KSQLState.CONNECTION_FAILURE, e);
            }
        } else {
            callbackHandler = new LibKCIFactory.ConsoleCallbackHandler(KBProperty.UKPWD_PASSWORD.get(properties));
        }
        return callbackHandler;
    }

    public void sendCertAndSign(int i) throws IOException, SQLException {
        byte[] sign;
        String receiveString = this.kbStream.receiveString(i - 1);
        int receiveChar = this.kbStream.receiveChar();
        if (receiveChar == 50) {
            try {
                KBLOGGER.log(Level.FINEST, "class load.... " + CertAuthenticator.class.getClassLoader().toString(), new Object[0]);
                Security.insertProviderAt((Provider) Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance(), 1);
            } catch (Exception e) {
                e.printStackTrace();
                throw new KSQLException(GT.tr(e.getMessage(), new Object[0]), KSQLState.CONNECTION_REJECTED);
            }
        }
        Random random = new Random();
        this.clientRandom = new String(new char[]{(char) (random.nextInt(100) + 1), (char) (random.nextInt(100) + 1), (char) (random.nextInt(100) + 1), (char) (random.nextInt(100) + 1)}).getBytes();
        X509Certificate[] x509CertificateArr = null;
        PrivateKey privateKey = null;
        if (this.km instanceof LazyKeyManager) {
            if (receiveChar == 50) {
                x509CertificateArr = ((LazyKeyManager) this.km).getCertificateChain("BC");
            } else {
                if (this.sslkeyfileT.endsWith("key")) {
                    throw new KSQLException("The key file must end with pk8 or p12.", KSQLState.INVALID_PARAMETER_VALUE);
                }
                x509CertificateArr = ((LazyKeyManager) this.km).getCertificateChain(null);
                privateKey = ((LazyKeyManager) this.km).getPrivateKey(null);
            }
            ((LazyKeyManager) this.km).throwKeyManagerException();
        } else if (this.km instanceof PKCS12KeyManager) {
            x509CertificateArr = ((PKCS12KeyManager) this.km).getCertificateChain(null);
            privateKey = ((PKCS12KeyManager) this.km).getPrivateKey(null);
            ((PKCS12KeyManager) this.km).throwKeyManagerException();
        }
        try {
            if (receiveChar != 50) {
                Signature signature = Signature.getInstance("SHA1WithRSA");
                signature.initSign(privateKey);
                signature.update(receiveString.getBytes());
                sign = signature.sign();
            } else {
                if (this.sslcertfile == null) {
                    throw new KSQLException("ukpwdcert is not allowed to be null.", KSQLState.INVALID_PARAMETER_VALUE);
                }
                sign = SM2Sign.getSigndigest(this.sslcertfile, this.sslkeyfileT, receiveString, KBProperty.USER.get(this.infoProps));
            }
            try {
                byte[] encoded = x509CertificateArr[0].getEncoded();
                this.kbStream.sendChar(99);
                this.kbStream.sendInteger4(16 + sign.length + encoded.length);
                this.kbStream.send(this.clientRandom);
                this.kbStream.sendInteger42(sign.length);
                this.kbStream.sendInteger42(encoded.length);
                this.kbStream.send(sign);
                this.kbStream.send(encoded);
                this.kbStream.flush();
            } catch (CertificateEncodingException e2) {
                throw new KSQLException("Could not transform uclient certificate file", KSQLState.CONNECTION_FAILURE, e2);
            }
        } catch (Exception e3) {
            throw new KSQLException("Could not sign server number.", KSQLState.CONNECTION_FAILURE, e3);
        }
    }

    public void verifyServerSign() throws SQLException, IOException {
        int receiveInteger42 = this.kbStream.receiveInteger42();
        int receiveInteger422 = this.kbStream.receiveInteger42();
        byte[] receive = this.kbStream.receive(receiveInteger42);
        byte[] receive2 = this.kbStream.receive(receiveInteger422);
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            X509Certificate[] x509CertificateArr = (X509Certificate[]) certificateFactory.generateCertificates(new FileInputStream(this.sslrootcertfile)).toArray(new X509Certificate[0]);
            X509Certificate[] x509CertificateArr2 = (X509Certificate[]) certificateFactory.generateCertificates(new ByteArrayInputStream(receive2)).toArray(new X509Certificate[0]);
            try {
                x509CertificateArr2[0].verify(x509CertificateArr[0].getPublicKey());
                try {
                    Signature signature = Signature.getInstance("SHA1WithRSA");
                    signature.initVerify(x509CertificateArr2[0]);
                    signature.update(this.clientRandom);
                    if (signature.verify(receive)) {
                    } else {
                        throw new KSQLException("Verify the signature of the server failed.", KSQLState.CONNECTION_FAILURE);
                    }
                } catch (Exception e) {
                    throw new KSQLException("Verify the signature of the server failed.", KSQLState.CONNECTION_FAILURE);
                }
            } catch (Exception e2) {
                throw new KSQLException("Verify the certificate of server failed.", KSQLState.CONNECTION_FAILURE, e2);
            }
        } catch (IOException e3) {
            throw new KSQLException(GT.tr("Could not read root certificate file {0}.", this.sslrootcertfile), KSQLState.CONNECTION_FAILURE, e3);
        } catch (CertificateException e4) {
            throw new KSQLException("Loading the certificate failed.", KSQLState.CONNECTION_FAILURE, e4);
        }
    }
}
