package com.sap.dbtech.rte.comm;

import com.sap.dbtech.jdbc.DriverSapDB;
import com.sap.dbtech.util.MessageKey;
import com.sap.dbtech.util.MessageTranslator;
import com.sap.dbtech.util.Tracer;
import java.io.IOException;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Properties;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.compress.archivers.cpio.CpioConstants;

/* loaded from: input_file:com/sap/dbtech/rte/comm/SecureCommunication.class */
public class SecureCommunication extends BasicSocketComm {
    public static final JdbcCommFactory factory = new JdbcCommFactory() { // from class: com.sap.dbtech.rte.comm.SecureCommunication.1
        @Override // com.sap.dbtech.rte.comm.JdbcCommFactory
        public JdbcCommunication open(String str, String str2, Properties properties, Tracer tracer) throws RTEException {
            SecureCommunication secureCommunication = new SecureCommunication(str, properties, 0, tracer, null);
            secureCommunication.connectDB(str2);
            return secureCommunication;
        }

        @Override // com.sap.dbtech.rte.comm.JdbcCommFactory
        public JdbcCommunication xopen(String str, String str2, String str3, String str4, Properties properties, Tracer tracer) throws RTEException {
            SecureCommunication secureCommunication = new SecureCommunication(str, properties, 4, tracer, null);
            secureCommunication.connectAdmin(str2, str3, str4);
            return secureCommunication;
        }
    };
    private boolean ignoreServerCertificate;
    private boolean ignoreHostNameInCertificate;

    private SecureCommunication(String str, Properties properties, int i, Tracer tracer) throws RTEException {
        super(str, properties, i, tracer);
        this.ignoreHostNameInCertificate = DriverSapDB.getBooleanProperty(properties, "ignoreHostNameInCert", false);
        this.ignoreServerCertificate = DriverSapDB.getBooleanProperty(properties, "acceptServerCertAlways", false);
        openSocket();
    }

    @Override // com.sap.dbtech.rte.comm.BasicSocketComm
    protected void openSocket() throws RTEException {
        SSLSocketFactory sSLSocketFactory;
        try {
            if (this.ignoreServerCertificate) {
                TrustManager[] trustManagerArr = {new X509TrustManager(this) { // from class: com.sap.dbtech.rte.comm.SecureCommunication.2
                    private final SecureCommunication this$0;

                    {
                        this.this$0 = this;
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }
                }};
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(null, trustManagerArr, new SecureRandom());
                sSLSocketFactory = sSLContext.getSocketFactory();
            } else {
                sSLSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
            }
            this.socket = sSLSocketFactory.createSocket(this.host, lookupPort());
            SSLSocket sSLSocket = (SSLSocket) this.socket;
            sSLSocket.startHandshake();
            if (!this.ignoreHostNameInCertificate) {
                Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
                if (peerCertificates.length == 0) {
                    throw new RTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, this.host, "No certificate in SSL session", new Integer(RteC.CommunicationErrorCodeMap_C[5])), RteC.CommunicationErrorCodeMap_C[5], this.m_tracer, 5);
                }
                try {
                    String name = ((X509Certificate) peerCertificates[0]).getSubjectX500Principal().getName("RFC2253");
                    if (!validate(name, this.host)) {
                        throw new RTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, this.host, new StringBuffer().append("Host name verification failed, found ").append(name).append(", expected CN=").append(this.host).toString(), new Integer(RteC.CommunicationErrorCodeMap_C[5])), RteC.CommunicationErrorCodeMap_C[5], this.m_tracer, 5);
                    }
                } catch (ClassCastException e) {
                    throw new RTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, this.host, "SSL connection works currently only with X509 certificates", new Integer(RteC.CommunicationErrorCodeMap_C[5])), RteC.CommunicationErrorCodeMap_C[5], this.m_tracer, 5);
                }
            }
            try {
                sSLSocket.setSoTimeout(this.socketTimeOut);
                sSLSocket.setTcpNoDelay(true);
                sSLSocket.setReceiveBufferSize(CpioConstants.C_ISNWK);
                sSLSocket.setSendBufferSize(CpioConstants.C_ISNWK);
            } catch (SocketException e2) {
            }
            this.instream = this.socket.getInputStream();
            this.outstream = this.socket.getOutputStream();
        } catch (UnknownHostException e3) {
            throw new RTEException(MessageTranslator.translate(MessageKey.ERROR_UNKNOWN_HOST, this.host, e3.getMessage(), new Integer(RteC.CommunicationErrorCodeMap_C[13])), RteC.CommunicationErrorCodeMap_C[13], this.m_tracer, 13);
        } catch (IOException e4) {
            throw new RTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, new StringBuffer().append(this.host).append(":").append(this.port).toString(), e4.getMessage(), new Integer(RteC.CommunicationErrorCodeMap_C[5])), RteC.CommunicationErrorCodeMap_C[5], this.m_tracer, 13);
        } catch (KeyManagementException e5) {
            throw new RTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, this.host, e5.getMessage(), new Integer(RteC.CommunicationErrorCodeMap_C[5])), RteC.CommunicationErrorCodeMap_C[5], this.m_tracer, 5);
        } catch (NoSuchAlgorithmException e6) {
            throw new RTEException(MessageTranslator.translate(MessageKey.ERROR_HOST_CONNECT, this.host, e6.getMessage(), new Integer(RteC.CommunicationErrorCodeMap_C[5])), RteC.CommunicationErrorCodeMap_C[5], this.m_tracer, 5);
        }
    }

    private boolean validate(String str, String str2) {
        return new StringBuffer().append("CN=").append(str2).toString().toUpperCase().equals(str.substring(0, str.indexOf(",")).toUpperCase());
    }

    @Override // com.sap.dbtech.rte.comm.BasicSocketComm
    protected BasicSocketComm getNewCommunication() throws RTEException {
        return new SecureCommunication(new StringBuffer().append(this.host).append(":").append(this.port).toString(), null, this.m_serviceType, this.m_tracer);
    }

    @Override // com.sap.dbtech.rte.comm.BasicSocketComm
    protected int getDefaultPort() {
        return 7270;
    }

    @Override // com.sap.dbtech.rte.comm.BasicSocketComm
    protected boolean supportsInfoRequest() {
        return true;
    }

    SecureCommunication(String str, Properties properties, int i, Tracer tracer, AnonymousClass1 anonymousClass1) throws RTEException {
        this(str, properties, i, tracer);
    }
}
