package com.yugabyte.ysql;

import com.yugabyte.core.PGStream;
import com.yugabyte.jdbc.PgConnection;
import com.yugabyte.util.GT;
import com.yugabyte.util.HostSpec;
import com.yugabyte.util.PSQLException;
import com.yugabyte.util.PSQLState;
import com.yugabyte.util.internal.Nullness;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:com/yugabyte/ysql/YBManagedHostnameVerifier.class */
public class YBManagedHostnameVerifier implements HostnameVerifier {
    protected static final String GET_SERVERS_QUERY = "select * from yb_servers()";
    private static final int TYPE_DNS_NAME = 2;
    private static final int TYPE_IP_ADDRESS = 7;
    private final Properties originalProperties;
    private final PGStream stream;
    private static final Logger LOGGER = Logger.getLogger("com.yugabyte." + YBManagedHostnameVerifier.class.getName());
    private static Connection controlConnection = null;
    protected Boolean useHostColumn = null;
    protected ArrayList<String> currentPublicIps = new ArrayList<>();
    protected Map<String, String> hostPortMap = new HashMap();
    protected Map<String, String> hostPortMapPublic = new HashMap();

    public YBManagedHostnameVerifier(Properties properties, PGStream pGStream) {
        this.originalProperties = properties;
        this.stream = pGStream;
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        Integer num;
        try {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) sSLSession.getPeerCertificates();
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                LOGGER.log(Level.SEVERE, GT.tr("No certificates found for hostname {0}", str));
                return false;
            }
            try {
                Collection<List<?>> subjectAlternativeNames = x509CertificateArr[0].getSubjectAlternativeNames();
                if (subjectAlternativeNames == null) {
                    subjectAlternativeNames = Collections.emptyList();
                }
                boolean z = false;
                String str2 = null;
                for (List<?> list : subjectAlternativeNames) {
                    if (list.size() == 2 && (num = (Integer) list.get(0)) != null && (num.intValue() == 7 || num.intValue() == 2)) {
                        str2 = (String) list.get(1);
                        if (num.intValue() != 7 || str2 == null || !str2.startsWith("*")) {
                            z |= num.intValue() == 2;
                        }
                    }
                }
                this.originalProperties.setProperty("PGHOST", str2);
                HostSpec[] hostSpecs = hostSpecs(this.originalProperties);
                try {
                    if (controlConnection == null) {
                        controlConnection = new PgConnection(hostSpecs, this.originalProperties, null);
                    }
                    new ArrayList();
                    try {
                        return getCurrentServers(controlConnection).contains(str);
                    } catch (SQLException e) {
                        throw new RuntimeException(e);
                    }
                } catch (SQLException e2) {
                    throw new RuntimeException(e2);
                }
            } catch (CertificateParsingException e3) {
                LOGGER.log(Level.SEVERE, GT.tr("Unable to parse certificates for hostname {0}", str), (Throwable) e3);
                return false;
            }
        } catch (SSLPeerUnverifiedException e4) {
            LOGGER.log(Level.SEVERE, GT.tr("Unable to parse X509Certificate for hostname {0}", str), (Throwable) e4);
            return false;
        }
    }

    private ArrayList<String> getCurrentServers(Connection connection) throws SQLException {
        InetAddress inetAddress;
        InetAddress inetAddress2;
        ResultSet executeQuery = connection.createStatement().executeQuery(GET_SERVERS_QUERY);
        ArrayList<String> arrayList = new ArrayList<>();
        String host = ((PgConnection) connection).getQueryExecutor().getHostSpec().getHost();
        if (host.contains(LoadBalanceProperties.PREFERENCE_DELIMITER)) {
            host = host.replace("[", "").replace("]", "");
        }
        try {
            InetAddress byName = InetAddress.getByName(host);
            this.currentPublicIps.clear();
            while (executeQuery.next()) {
                String string = executeQuery.getString("host");
                String string2 = executeQuery.getString("public_ip");
                String string3 = executeQuery.getString("port");
                executeQuery.getString("cloud");
                executeQuery.getString("region");
                executeQuery.getString("zone");
                this.hostPortMap.put(string, string3);
                this.hostPortMapPublic.put(string2, string3);
                arrayList.add(string);
                if (!string2.trim().isEmpty()) {
                    this.currentPublicIps.add(string2);
                }
                try {
                    inetAddress = InetAddress.getByName(string);
                } catch (UnknownHostException e) {
                    inetAddress = null;
                }
                try {
                    inetAddress2 = !string2.isEmpty() ? InetAddress.getByName(string2) : null;
                } catch (UnknownHostException e2) {
                    inetAddress2 = null;
                }
                if (this.useHostColumn == null) {
                    if (byName.equals(inetAddress)) {
                        this.useHostColumn = Boolean.TRUE;
                    } else if (byName.equals(inetAddress2)) {
                        this.useHostColumn = Boolean.FALSE;
                    }
                }
            }
            if (this.useHostColumn != null) {
                return this.useHostColumn.booleanValue() ? arrayList : this.currentPublicIps;
            }
            if (this.currentPublicIps.isEmpty()) {
                this.useHostColumn = Boolean.TRUE;
            }
            return arrayList;
        } catch (UnknownHostException e3) {
            throw new PSQLException(GT.tr("Unexpected UnknownHostException for ${0} ", host), PSQLState.UNKNOWN_STATE, e3);
        }
    }

    private static HostSpec[] hostSpecs(Properties properties) {
        String[] split = ((String) Nullness.castNonNull(properties.getProperty("PGHOST"))).split(LoadBalanceProperties.LOCATIONS_DELIMITER);
        String[] split2 = ((String) Nullness.castNonNull(properties.getProperty("PGPORT"))).split(LoadBalanceProperties.LOCATIONS_DELIMITER);
        String property = properties.getProperty("localSocketAddress");
        HostSpec[] hostSpecArr = new HostSpec[split.length];
        for (int i = 0; i < hostSpecArr.length; i++) {
            hostSpecArr[i] = new HostSpec(split[i], Integer.parseInt(split2[i]), property);
        }
        return hostSpecArr;
    }
}
