package com.datastax.driver.core;

import ch.qos.logback.core.net.ssl.SSL;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Charsets;
import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import com.google.common.io.ByteStreams;
import com.google.common.net.HostAndPort;
import com.rabbitmq.client.ConnectionFactoryConfigurator;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:cassandra-driver-core-3.11.0.jar:com/datastax/driver/core/CloudConfigFactory.class */
public class CloudConfigFactory {
    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Finally extract failed */
    public CloudConfig createCloudConfig(InputStream inputStream) throws IOException, GeneralSecurityException {
        Preconditions.checkNotNull(inputStream, "cloudConfig cannot be null");
        JsonNode jsonNode = null;
        ByteArrayOutputStream byteArrayOutputStream = null;
        ByteArrayOutputStream byteArrayOutputStream2 = null;
        ObjectMapper configure = new ObjectMapper().configure(JsonParser.Feature.AUTO_CLOSE_SOURCE, false);
        ZipInputStream zipInputStream = null;
        try {
            zipInputStream = new ZipInputStream(inputStream);
            while (true) {
                ZipEntry nextEntry = zipInputStream.getNextEntry();
                if (nextEntry == null) {
                    break;
                }
                String name = nextEntry.getName();
                if (name.equals("config.json")) {
                    jsonNode = configure.readTree(zipInputStream);
                } else if (name.equals("identity.jks")) {
                    byteArrayOutputStream = new ByteArrayOutputStream();
                    ByteStreams.copy(zipInputStream, byteArrayOutputStream);
                } else if (name.equals("trustStore.jks")) {
                    byteArrayOutputStream2 = new ByteArrayOutputStream();
                    ByteStreams.copy(zipInputStream, byteArrayOutputStream2);
                }
            }
            if (zipInputStream != null) {
                zipInputStream.close();
            }
            if (jsonNode == null) {
                throw new IllegalStateException("Invalid bundle: missing file config.json");
            }
            if (byteArrayOutputStream == null) {
                throw new IllegalStateException("Invalid bundle: missing file identity.jks");
            }
            if (byteArrayOutputStream2 == null) {
                throw new IllegalStateException("Invalid bundle: missing file trustStore.jks");
            }
            SSLContext createSslContext = createSslContext(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), getKeyStorePassword(jsonNode), new ByteArrayInputStream(byteArrayOutputStream2.toByteArray()), getTrustStorePassword(jsonNode));
            BufferedReader bufferedReader = null;
            try {
                bufferedReader = fetchProxyMetadata(getMetadataServiceUrl(jsonNode), createSslContext);
                JsonNode readTree = configure.readTree(bufferedReader);
                if (bufferedReader != null) {
                    bufferedReader.close();
                }
                InetSocketAddress sniProxyAddress = getSniProxyAddress(readTree);
                return new CloudConfig(sniProxyAddress, getEndPoints(readTree, sniProxyAddress), getLocalDatacenter(readTree), getSSLOptions(createSslContext), getAuthProvider(jsonNode));
            } catch (Throwable th) {
                if (bufferedReader != null) {
                    bufferedReader.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            if (zipInputStream != null) {
                zipInputStream.close();
            }
            throw th2;
        }
    }

    protected char[] getKeyStorePassword(JsonNode jsonNode) {
        if (jsonNode.has("keyStorePassword")) {
            return jsonNode.get("keyStorePassword").asText().toCharArray();
        }
        throw new IllegalStateException("Invalid config.json: missing field keyStorePassword");
    }

    protected char[] getTrustStorePassword(JsonNode jsonNode) {
        if (jsonNode.has("trustStorePassword")) {
            return jsonNode.get("trustStorePassword").asText().toCharArray();
        }
        throw new IllegalStateException("Invalid config.json: missing field trustStorePassword");
    }

    protected URL getMetadataServiceUrl(JsonNode jsonNode) throws MalformedURLException {
        if (!jsonNode.has(ConnectionFactoryConfigurator.HOST)) {
            throw new IllegalStateException("Invalid config.json: missing field host");
        }
        String asText = jsonNode.get(ConnectionFactoryConfigurator.HOST).asText();
        if (jsonNode.has("port")) {
            return new URL("https", asText, jsonNode.get("port").asInt(), "/metadata");
        }
        throw new IllegalStateException("Invalid config.json: missing field port");
    }

    protected AuthProvider getAuthProvider(JsonNode jsonNode) {
        if (!jsonNode.has("username")) {
            return null;
        }
        String asText = jsonNode.get("username").asText();
        if (jsonNode.has("password")) {
            return new PlainTextAuthProvider(asText, jsonNode.get("password").asText());
        }
        return null;
    }

    protected SSLContext createSslContext(ByteArrayInputStream byteArrayInputStream, char[] cArr, ByteArrayInputStream byteArrayInputStream2, char[] cArr2) throws IOException, GeneralSecurityException {
        KeyManagerFactory createKeyManagerFactory = createKeyManagerFactory(byteArrayInputStream, cArr);
        TrustManagerFactory createTrustManagerFactory = createTrustManagerFactory(byteArrayInputStream2, cArr2);
        SSLContext sSLContext = SSLContext.getInstance(SSL.DEFAULT_PROTOCOL);
        sSLContext.init(createKeyManagerFactory.getKeyManagers(), createTrustManagerFactory.getTrustManagers(), new SecureRandom());
        return sSLContext;
    }

    protected KeyManagerFactory createKeyManagerFactory(InputStream inputStream, char[] cArr) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
        keyStore.load(inputStream, cArr);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, cArr);
        Arrays.fill(cArr, (char) 0);
        return keyManagerFactory;
    }

    protected TrustManagerFactory createTrustManagerFactory(InputStream inputStream, char[] cArr) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
        keyStore.load(inputStream, cArr);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        Arrays.fill(cArr, (char) 0);
        return trustManagerFactory;
    }

    protected BufferedReader fetchProxyMetadata(URL url, SSLContext sSLContext) throws IOException {
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
        httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
        httpsURLConnection.setRequestMethod("GET");
        httpsURLConnection.setRequestProperty(ConnectionFactoryConfigurator.HOST, "localhost");
        return new BufferedReader(new InputStreamReader(httpsURLConnection.getInputStream(), Charsets.UTF_8));
    }

    protected String getLocalDatacenter(JsonNode jsonNode) {
        JsonNode contactInfo = getContactInfo(jsonNode);
        if (contactInfo.has("local_dc")) {
            return contactInfo.get("local_dc").asText();
        }
        throw new IllegalStateException("Invalid proxy metadata: missing field local_dc");
    }

    protected InetSocketAddress getSniProxyAddress(JsonNode jsonNode) {
        JsonNode contactInfo = getContactInfo(jsonNode);
        if (!contactInfo.has("sni_proxy_address")) {
            throw new IllegalStateException("Invalid proxy metadata: missing field sni_proxy_address");
        }
        HostAndPort fromString = HostAndPort.fromString(contactInfo.get("sni_proxy_address").asText());
        if (fromString.hasPort()) {
            return InetSocketAddress.createUnresolved(GuavaCompatibility.INSTANCE.getHost(fromString), fromString.getPort());
        }
        throw new IllegalStateException("Invalid proxy metadata: missing port from field sni_proxy_address");
    }

    protected List<EndPoint> getEndPoints(JsonNode jsonNode, InetSocketAddress inetSocketAddress) {
        JsonNode contactInfo = getContactInfo(jsonNode);
        if (!contactInfo.has("contact_points")) {
            throw new IllegalStateException("Invalid proxy metadata: missing field contact_points");
        }
        ArrayList arrayList = new ArrayList();
        JsonNode jsonNode2 = contactInfo.get("contact_points");
        for (int i = 0; i < jsonNode2.size(); i++) {
            arrayList.add(new SniEndPoint(inetSocketAddress, jsonNode2.get(i).asText()));
        }
        return arrayList;
    }

    protected JsonNode getContactInfo(JsonNode jsonNode) {
        if (jsonNode.has("contact_info")) {
            return jsonNode.get("contact_info");
        }
        throw new IllegalStateException("Invalid proxy metadata: missing field contact_info");
    }

    protected SSLOptions getSSLOptions(SSLContext sSLContext) {
        try {
            return SniSSLOptions.builder().withSSLContext(sSLContext).build();
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }
}
