package com.simba.spark.jdbc.utils;

import com.simba.spark.hivecommon.api.TETSSLTransportFactory;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/simba/spark/jdbc/utils/DSTrustManager.class */
public class DSTrustManager implements X509TrustManager {
    X509TrustManager m_defaultTrustManager;
    X509TrustManager m_userSetTrustManager;
    boolean m_allowSelfSigned;
    boolean m_certNamesMismatch;
    String m_host;

    public DSTrustManager(TETSSLTransportFactory.TETSSLTransportParameters tETSSLTransportParameters, String str) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, FileNotFoundException, IOException {
        this.m_allowSelfSigned = tETSSLTransportParameters.isAllowSelfSigned();
        this.m_certNamesMismatch = tETSSLTransportParameters.isCertNamesMismatch();
        this.m_host = str;
        this.m_userSetTrustManager = null;
        this.m_defaultTrustManager = null;
        if (tETSSLTransportParameters.isTrustStoreSet()) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(tETSSLTransportParameters.getTrustManagerType());
            KeyStore keyStore = KeyStore.getInstance(tETSSLTransportParameters.getTrustStoreType());
            keyStore.load(new FileInputStream(tETSSLTransportParameters.getTrustStore()), null != tETSSLTransportParameters.getTrustPass() ? tETSSLTransportParameters.getTrustPass().toCharArray() : null);
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (null != trustManagers) {
                int i = 0;
                while (true) {
                    if (i >= trustManagers.length) {
                        break;
                    }
                    if (trustManagers[i] instanceof X509TrustManager) {
                        this.m_userSetTrustManager = (X509TrustManager) trustManagers[0];
                        break;
                    }
                    i++;
                }
            }
        }
        if (null == this.m_userSetTrustManager) {
            TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory2.init((KeyStore) null);
            TrustManager[] trustManagers2 = trustManagerFactory2.getTrustManagers();
            if (trustManagers2 != null) {
                int i2 = 0;
                while (true) {
                    if (i2 >= trustManagers2.length) {
                        break;
                    }
                    if (trustManagers2[i2] instanceof X509TrustManager) {
                        this.m_defaultTrustManager = (X509TrustManager) trustManagers2[0];
                        break;
                    }
                    i2++;
                }
            }
            if (null == this.m_defaultTrustManager) {
                throw new CertificateException("Can not load TrustManager.");
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        String name = x509CertificateArr[0].getSubjectX500Principal().getName();
        if (null != this.m_userSetTrustManager) {
            this.m_userSetTrustManager.checkServerTrusted(x509CertificateArr, str);
        } else {
            this.m_defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
        }
        if (!this.m_allowSelfSigned && x509CertificateArr[0].getIssuerDN().equals(x509CertificateArr[0].getSubjectDN())) {
            throw new CertificateException("Self-signed certificate not allowed.");
        }
        if (!verifyHost(name)) {
            throw new CertificateException("Hostname and certificate CN are mismatched.");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    private boolean matchName(String str) {
        boolean z = false;
        int i = 0;
        int i2 = 0;
        while (i < str.length() && i2 < this.m_host.length()) {
            if (Character.toUpperCase(str.charAt(i)) != Character.toUpperCase(this.m_host.charAt(i2))) {
                if ('*' != str.charAt(i)) {
                    break;
                }
                while ('.' != this.m_host.charAt(i2) && i2 < this.m_host.length()) {
                    i2++;
                }
                i++;
            } else {
                i++;
                i2++;
            }
        }
        if (i == str.length() && i2 == this.m_host.length()) {
            z = true;
        }
        return z;
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x0043, code lost:
    
        r6 = r0.getValue().toString();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean verifyHost(java.lang.String r5) {
        /*
            r4 = this;
            r0 = r4
            boolean r0 = r0.m_certNamesMismatch
            if (r0 == 0) goto L9
            r0 = 1
            return r0
        L9:
            java.lang.String r0 = ""
            r6 = r0
            javax.naming.ldap.LdapName r0 = new javax.naming.ldap.LdapName     // Catch: javax.naming.InvalidNameException -> L55
            r1 = r0
            r2 = r5
            r1.<init>(r2)     // Catch: javax.naming.InvalidNameException -> L55
            r7 = r0
            r0 = r7
            java.util.List r0 = r0.getRdns()     // Catch: javax.naming.InvalidNameException -> L55
            java.util.Iterator r0 = r0.iterator()     // Catch: javax.naming.InvalidNameException -> L55
            r8 = r0
        L20:
            r0 = r8
            boolean r0 = r0.hasNext()     // Catch: javax.naming.InvalidNameException -> L55
            if (r0 == 0) goto L52
            r0 = r8
            java.lang.Object r0 = r0.next()     // Catch: javax.naming.InvalidNameException -> L55
            javax.naming.ldap.Rdn r0 = (javax.naming.ldap.Rdn) r0     // Catch: javax.naming.InvalidNameException -> L55
            r9 = r0
            r0 = r9
            java.lang.String r0 = r0.getType()     // Catch: javax.naming.InvalidNameException -> L55
            java.lang.String r1 = "CN"
            boolean r0 = r0.equalsIgnoreCase(r1)     // Catch: javax.naming.InvalidNameException -> L55
            if (r0 == 0) goto L4f
            r0 = r9
            java.lang.Object r0 = r0.getValue()     // Catch: javax.naming.InvalidNameException -> L55
            java.lang.String r0 = r0.toString()     // Catch: javax.naming.InvalidNameException -> L55
            r6 = r0
            goto L52
        L4f:
            goto L20
        L52:
            goto L59
        L55:
            r8 = move-exception
            r0 = 0
            return r0
        L59:
            r0 = r4
            r1 = r6
            boolean r0 = r0.matchName(r1)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.simba.spark.jdbc.utils.DSTrustManager.verifyHost(java.lang.String):boolean");
    }
}
