package org.postgresql.ssl;

import java.io.IOException;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.postgresql.PGProperty;
import org.postgresql.core.PGStream;
import org.postgresql.core.SocketFactoryFactory;
import org.postgresql.jdbc.SslMode;
import org.postgresql.util.GT;
import org.postgresql.util.ObjectFactory;
import org.postgresql.util.PSQLException;
import org.postgresql.util.PSQLState;

/* loaded from: input_file:WEB-INF/lib/postgresql-42.3.8.jar:org/postgresql/ssl/MakeSSL.class */
public class MakeSSL extends ObjectFactory {
    private static final Logger LOGGER = Logger.getLogger(MakeSSL.class.getName());

    public static void convert(PGStream pGStream, Properties properties) throws PSQLException, IOException {
        LOGGER.log(Level.FINE, "converting regular socket connection to ssl");
        SSLSocketFactory sslSocketFactory = SocketFactoryFactory.getSslSocketFactory(properties);
        try {
            SSLSocket sSLSocket = (SSLSocket) sslSocketFactory.createSocket(pGStream.getSocket(), pGStream.getHostSpec().getHost(), pGStream.getHostSpec().getPort(), true);
            sSLSocket.setUseClientMode(true);
            sSLSocket.startHandshake();
            if (sslSocketFactory instanceof LibPQFactory) {
                ((LibPQFactory) sslSocketFactory).throwKeyManagerException();
            }
            if (SslMode.of(properties).verifyPeerName()) {
                verifyPeerName(pGStream, properties, sSLSocket);
            }
            pGStream.changeSocket(sSLSocket);
        } catch (IOException e) {
            throw new PSQLException(GT.tr("SSL error: {0}", e.getMessage()), PSQLState.CONNECTION_FAILURE, e);
        }
    }

    private static void verifyPeerName(PGStream pGStream, Properties properties, SSLSocket sSLSocket) throws PSQLException {
        HostnameVerifier hostnameVerifier;
        String str = PGProperty.SSL_HOSTNAME_VERIFIER.get(properties);
        if (str == null) {
            hostnameVerifier = PGjdbcHostnameVerifier.INSTANCE;
            str = "PgjdbcHostnameVerifier";
        } else {
            try {
                hostnameVerifier = (HostnameVerifier) instantiate(HostnameVerifier.class, str, properties, false, null);
            } catch (Exception e) {
                throw new PSQLException(GT.tr("The HostnameVerifier class provided {0} could not be instantiated.", str), PSQLState.CONNECTION_FAILURE, e);
            }
        }
        if (!hostnameVerifier.verify(pGStream.getHostSpec().getHost(), sSLSocket.getSession())) {
            throw new PSQLException(GT.tr("The hostname {0} could not be verified by hostnameverifier {1}.", pGStream.getHostSpec().getHost(), str), PSQLState.CONNECTION_FAILURE);
        }
    }
}
