package com.datastax.oss.driver.internal.core.config.cloud;

import com.datastax.oss.driver.api.core.metadata.EndPoint;
import com.datastax.oss.driver.internal.core.metadata.SniEndPoint;
import com.datastax.oss.driver.internal.core.ssl.SniSslEngineFactory;
import com.datastax.oss.driver.shaded.guava.common.io.ByteStreams;
import com.datastax.oss.driver.shaded.guava.common.net.HostAndPort;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import edu.umd.cs.findbugs.annotations.NonNull;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.ConnectException;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import net.jcip.annotations.ThreadSafe;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:java-driver-core-4.15.0.jar:com/datastax/oss/driver/internal/core/config/cloud/CloudConfigFactory.class
 */
@ThreadSafe
/* loaded from: input_file:com/datastax/oss/driver/internal/core/config/cloud/CloudConfigFactory.class */
public class CloudConfigFactory {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CloudConfigFactory.class);

    @NonNull
    public CloudConfig createCloudConfig(@NonNull URL url) throws IOException, GeneralSecurityException {
        Objects.requireNonNull(url, "cloudConfigUrl cannot be null");
        return createCloudConfig(url.openStream());
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:6:0x0049. Please report as an issue. */
    @NonNull
    public CloudConfig createCloudConfig(@NonNull InputStream inputStream) throws IOException, GeneralSecurityException {
        Objects.requireNonNull(inputStream, "cloudConfig cannot be null");
        JsonNode jsonNode = null;
        ByteArrayOutputStream byteArrayOutputStream = null;
        ByteArrayOutputStream byteArrayOutputStream2 = null;
        ObjectMapper configure = new ObjectMapper().configure(JsonParser.Feature.AUTO_CLOSE_SOURCE, false);
        ZipInputStream zipInputStream = new ZipInputStream(inputStream);
        Throwable th = null;
        while (true) {
            try {
                try {
                    ZipEntry nextEntry = zipInputStream.getNextEntry();
                    if (nextEntry == null) {
                        $closeResource(null, zipInputStream);
                        if (jsonNode == null) {
                            throw new IllegalStateException("Invalid bundle: missing file config.json");
                        }
                        if (byteArrayOutputStream == null) {
                            throw new IllegalStateException("Invalid bundle: missing file identity.jks");
                        }
                        if (byteArrayOutputStream2 == null) {
                            throw new IllegalStateException("Invalid bundle: missing file trustStore.jks");
                        }
                        SSLContext createSslContext = createSslContext(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), getKeyStorePassword(jsonNode), new ByteArrayInputStream(byteArrayOutputStream2.toByteArray()), getTrustStorePassword(jsonNode));
                        BufferedReader fetchProxyMetadata = fetchProxyMetadata(getMetadataServiceUrl(jsonNode), createSslContext);
                        Throwable th2 = null;
                        try {
                            try {
                                JsonNode readTree = configure.readTree(fetchProxyMetadata);
                                if (fetchProxyMetadata != null) {
                                    $closeResource(null, fetchProxyMetadata);
                                }
                                InetSocketAddress sniProxyAddress = getSniProxyAddress(readTree);
                                List<EndPoint> endPoints = getEndPoints(readTree, sniProxyAddress);
                                String localDatacenter = getLocalDatacenter(readTree);
                                SniSslEngineFactory sniSslEngineFactory = new SniSslEngineFactory(createSslContext);
                                validateIfBundleContainsUsernamePassword(jsonNode);
                                return new CloudConfig(sniProxyAddress, endPoints, localDatacenter, sniSslEngineFactory);
                            } finally {
                            }
                        } catch (Throwable th3) {
                            if (fetchProxyMetadata != null) {
                                $closeResource(th2, fetchProxyMetadata);
                            }
                            throw th3;
                        }
                    }
                    String name = nextEntry.getName();
                    boolean z = -1;
                    switch (name.hashCode()) {
                        case -2092521139:
                            if (name.equals("trustStore.jks")) {
                                z = 2;
                                break;
                            }
                            break;
                        case -121870814:
                            if (name.equals("identity.jks")) {
                                z = true;
                                break;
                            }
                            break;
                        case -28025836:
                            if (name.equals("config.json")) {
                                z = false;
                                break;
                            }
                            break;
                    }
                    switch (z) {
                        case false:
                            jsonNode = configure.readTree(zipInputStream);
                            break;
                        case true:
                            byteArrayOutputStream = new ByteArrayOutputStream();
                            ByteStreams.copy(zipInputStream, byteArrayOutputStream);
                            break;
                        case true:
                            byteArrayOutputStream2 = new ByteArrayOutputStream();
                            ByteStreams.copy(zipInputStream, byteArrayOutputStream2);
                            break;
                    }
                } finally {
                }
            } catch (Throwable th4) {
                $closeResource(th, zipInputStream);
                throw th4;
            }
        }
    }

    @NonNull
    protected char[] getKeyStorePassword(JsonNode jsonNode) {
        if (jsonNode.has("keyStorePassword")) {
            return jsonNode.get("keyStorePassword").asText().toCharArray();
        }
        throw new IllegalStateException("Invalid config.json: missing field keyStorePassword");
    }

    @NonNull
    protected char[] getTrustStorePassword(JsonNode jsonNode) {
        if (jsonNode.has("trustStorePassword")) {
            return jsonNode.get("trustStorePassword").asText().toCharArray();
        }
        throw new IllegalStateException("Invalid config.json: missing field trustStorePassword");
    }

    @NonNull
    protected URL getMetadataServiceUrl(JsonNode jsonNode) throws MalformedURLException {
        if (!jsonNode.has("host")) {
            throw new IllegalStateException("Invalid config.json: missing field host");
        }
        String asText = jsonNode.get("host").asText();
        if (jsonNode.has("port")) {
            return new URL("https", asText, jsonNode.get("port").asInt(), "/metadata");
        }
        throw new IllegalStateException("Invalid config.json: missing field port");
    }

    protected void validateIfBundleContainsUsernamePassword(JsonNode jsonNode) {
        if (jsonNode.has("username") || jsonNode.has("password")) {
            LOG.info("The bundle contains config.json with username and/or password. Providing it in the bundle is deprecated and ignored.");
        }
    }

    @NonNull
    protected SSLContext createSslContext(@NonNull ByteArrayInputStream byteArrayInputStream, @NonNull char[] cArr, @NonNull ByteArrayInputStream byteArrayInputStream2, @NonNull char[] cArr2) throws IOException, GeneralSecurityException {
        KeyManagerFactory createKeyManagerFactory = createKeyManagerFactory(byteArrayInputStream, cArr);
        TrustManagerFactory createTrustManagerFactory = createTrustManagerFactory(byteArrayInputStream2, cArr2);
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(createKeyManagerFactory.getKeyManagers(), createTrustManagerFactory.getTrustManagers(), new SecureRandom());
        return sSLContext;
    }

    @NonNull
    protected KeyManagerFactory createKeyManagerFactory(@NonNull InputStream inputStream, @NonNull char[] cArr) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(inputStream, cArr);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, cArr);
        Arrays.fill(cArr, (char) 0);
        return keyManagerFactory;
    }

    @NonNull
    protected TrustManagerFactory createTrustManagerFactory(@NonNull InputStream inputStream, @NonNull char[] cArr) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(inputStream, cArr);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        Arrays.fill(cArr, (char) 0);
        return trustManagerFactory;
    }

    @NonNull
    protected BufferedReader fetchProxyMetadata(@NonNull URL url, @NonNull SSLContext sSLContext) throws IOException {
        try {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            httpsURLConnection.setRequestMethod("GET");
            httpsURLConnection.setRequestProperty("host", "localhost");
            return new BufferedReader(new InputStreamReader(httpsURLConnection.getInputStream(), StandardCharsets.UTF_8));
        } catch (ConnectException e) {
            throw new IllegalStateException("Unable to connect to cloud metadata service. Please make sure your cluster is not parked or terminated", e);
        } catch (UnknownHostException e2) {
            throw new IllegalStateException("Unable to resolve host for cloud metadata service. Please make sure your cluster is not terminated", e2);
        }
    }

    @NonNull
    protected String getLocalDatacenter(@NonNull JsonNode jsonNode) {
        JsonNode contactInfo = getContactInfo(jsonNode);
        if (contactInfo.has("local_dc")) {
            return contactInfo.get("local_dc").asText();
        }
        throw new IllegalStateException("Invalid proxy metadata: missing field local_dc");
    }

    @NonNull
    protected InetSocketAddress getSniProxyAddress(@NonNull JsonNode jsonNode) {
        JsonNode contactInfo = getContactInfo(jsonNode);
        if (!contactInfo.has("sni_proxy_address")) {
            throw new IllegalStateException("Invalid proxy metadata: missing field sni_proxy_address");
        }
        HostAndPort fromString = HostAndPort.fromString(contactInfo.get("sni_proxy_address").asText());
        if (fromString.hasPort()) {
            return InetSocketAddress.createUnresolved(fromString.getHost(), fromString.getPort());
        }
        throw new IllegalStateException("Invalid proxy metadata: missing port from field sni_proxy_address");
    }

    @NonNull
    protected List<EndPoint> getEndPoints(@NonNull JsonNode jsonNode, @NonNull InetSocketAddress inetSocketAddress) {
        JsonNode contactInfo = getContactInfo(jsonNode);
        if (!contactInfo.has("contact_points")) {
            throw new IllegalStateException("Invalid proxy metadata: missing field contact_points");
        }
        ArrayList arrayList = new ArrayList();
        JsonNode jsonNode2 = contactInfo.get("contact_points");
        for (int i = 0; i < jsonNode2.size(); i++) {
            arrayList.add(new SniEndPoint(inetSocketAddress, jsonNode2.get(i).asText()));
        }
        return arrayList;
    }

    @NonNull
    protected JsonNode getContactInfo(@NonNull JsonNode jsonNode) {
        if (jsonNode.has("contact_info")) {
            return jsonNode.get("contact_info");
        }
        throw new IllegalStateException("Invalid proxy metadata: missing field contact_info");
    }

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }
}
