package com.mysql.cj.protocol;

import com.mysql.cj.ServerVersion;
import com.mysql.cj.conf.PropertyDefinitions;
import com.mysql.cj.conf.PropertySet;
import com.mysql.cj.exceptions.CJCommunicationsException;
import com.mysql.cj.exceptions.ExceptionFactory;
import com.mysql.cj.exceptions.ExceptionInterceptor;
import com.mysql.cj.exceptions.FeatureNotAvailableException;
import com.mysql.cj.exceptions.RSAException;
import com.mysql.cj.exceptions.SSLParamsException;
import com.mysql.cj.protocol.ExportControlled;
import com.mysql.cj.util.Base64Decoder;
import com.mysql.cj.util.StringUtils;
import com.mysql.cj.util.Util;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.channels.AsynchronousSocketChannel;
import java.nio.channels.CompletionHandler;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class ExportControlled {
    private static final String TLSv1_2 = "TLSv1.2";
    private static final String TLSv1_1 = "TLSv1.1";
    private static final String TLSv1 = "TLSv1";
    private static final String[] TLS_PROTOCOLS = {TLSv1_2, TLSv1_1, TLSv1};

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.mysql.cj.protocol.ExportControlled$2, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status;

        static {
            int[] iArr = new int[SSLEngineResult.HandshakeStatus.values().length];
            $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = iArr;
            try {
                iArr[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            int[] iArr2 = new int[SSLEngineResult.Status.values().length];
            $SwitchMap$javax$net$ssl$SSLEngineResult$Status = iArr2;
            try {
                iArr2[SSLEngineResult.Status.OK.ordinal()] = 1;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 3;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 4;
            } catch (NoSuchFieldError unused9) {
            }
        }
    }

    /* loaded from: classes.dex */
    public static class X509TrustManagerWrapper implements X509TrustManager {
        private CertificateFactory certFactory;
        private String hostName;
        private X509TrustManager origTm;
        private CertPathValidator validator;
        private PKIXParameters validatorParams;
        private boolean verifyServerCert;

        public X509TrustManagerWrapper(X509TrustManager x509TrustManager, boolean z, String str) throws CertificateException {
            this.origTm = null;
            this.verifyServerCert = false;
            this.hostName = null;
            this.certFactory = null;
            this.validatorParams = null;
            this.validator = null;
            this.origTm = x509TrustManager;
            this.verifyServerCert = z;
            this.hostName = str;
            if (z) {
                try {
                    PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Arrays.stream(x509TrustManager.getAcceptedIssuers()).map(new Function() { // from class: com.mysql.cj.protocol.ExportControlled$X509TrustManagerWrapper$$ExternalSyntheticLambda0
                        @Override // java.util.function.Function
                        public final Object apply(Object obj) {
                            return ExportControlled.X509TrustManagerWrapper.lambda$new$0((X509Certificate) obj);
                        }
                    }).collect(Collectors.toSet()));
                    this.validatorParams = pKIXParameters;
                    pKIXParameters.setRevocationEnabled(false);
                    this.validator = CertPathValidator.getInstance("PKIX");
                    this.certFactory = CertificateFactory.getInstance("X.509");
                } catch (Exception e) {
                    throw new CertificateException(e);
                }
            }
        }

        public X509TrustManagerWrapper(boolean z, String str) {
            this.origTm = null;
            this.verifyServerCert = false;
            this.hostName = null;
            this.certFactory = null;
            this.validatorParams = null;
            this.validator = null;
            this.verifyServerCert = z;
            this.hostName = str;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static /* synthetic */ TrustAnchor lambda$new$0(X509Certificate x509Certificate) {
            return new TrustAnchor(x509Certificate, null);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.origTm.checkClientTrusted(x509CertificateArr, str);
        }

        /* JADX WARN: Code restructure failed: missing block: B:33:0x008e, code lost:
        
            r6 = r0.getValue().toString();
         */
        @Override // javax.net.ssl.X509TrustManager
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public void checkServerTrusted(java.security.cert.X509Certificate[] r5, java.lang.String r6) throws java.security.cert.CertificateException {
            /*
                r4 = this;
                r0 = 0
                r1 = r0
            L2:
                int r2 = r5.length
                if (r1 >= r2) goto Ld
                r2 = r5[r1]
                r2.checkValidity()
                int r1 = r1 + 1
                goto L2
            Ld:
                java.security.cert.PKIXParameters r1 = r4.validatorParams
                if (r1 == 0) goto L4d
                java.security.cert.X509CertSelector r1 = new java.security.cert.X509CertSelector
                r1.<init>()
                r2 = r5[r0]
                java.math.BigInteger r2 = r2.getSerialNumber()
                r1.setSerialNumber(r2)
                java.security.cert.CertificateFactory r1 = r4.certFactory     // Catch: java.security.cert.CertPathValidatorException -> L3f java.security.InvalidAlgorithmParameterException -> L46
                java.util.List r2 = java.util.Arrays.asList(r5)     // Catch: java.security.cert.CertPathValidatorException -> L3f java.security.InvalidAlgorithmParameterException -> L46
                java.security.cert.CertPath r1 = r1.generateCertPath(r2)     // Catch: java.security.cert.CertPathValidatorException -> L3f java.security.InvalidAlgorithmParameterException -> L46
                java.security.cert.CertPathValidator r2 = r4.validator     // Catch: java.security.cert.CertPathValidatorException -> L3f java.security.InvalidAlgorithmParameterException -> L46
                java.security.cert.PKIXParameters r3 = r4.validatorParams     // Catch: java.security.cert.CertPathValidatorException -> L3f java.security.InvalidAlgorithmParameterException -> L46
                java.security.cert.CertPathValidatorResult r1 = r2.validate(r1, r3)     // Catch: java.security.cert.CertPathValidatorException -> L3f java.security.InvalidAlgorithmParameterException -> L46
                java.security.cert.PKIXCertPathValidatorResult r1 = (java.security.cert.PKIXCertPathValidatorResult) r1     // Catch: java.security.cert.CertPathValidatorException -> L3f java.security.InvalidAlgorithmParameterException -> L46
                java.security.cert.TrustAnchor r1 = r1.getTrustAnchor()     // Catch: java.security.cert.CertPathValidatorException -> L3f java.security.InvalidAlgorithmParameterException -> L46
                java.security.cert.X509Certificate r1 = r1.getTrustedCert()     // Catch: java.security.cert.CertPathValidatorException -> L3f java.security.InvalidAlgorithmParameterException -> L46
                r1.checkValidity()     // Catch: java.security.cert.CertPathValidatorException -> L3f java.security.InvalidAlgorithmParameterException -> L46
                goto L4d
            L3f:
                r5 = move-exception
                java.security.cert.CertificateException r6 = new java.security.cert.CertificateException
                r6.<init>(r5)
                throw r6
            L46:
                r5 = move-exception
                java.security.cert.CertificateException r6 = new java.security.cert.CertificateException
                r6.<init>(r5)
                throw r6
            L4d:
                boolean r1 = r4.verifyServerCert
                if (r1 == 0) goto Lda
                javax.net.ssl.X509TrustManager r1 = r4.origTm
                if (r1 == 0) goto Ld2
                r1.checkServerTrusted(r5, r6)
                java.lang.String r6 = r4.hostName
                if (r6 == 0) goto Lda
                r5 = r5[r0]
                javax.security.auth.x500.X500Principal r5 = r5.getSubjectX500Principal()
                java.lang.String r6 = "RFC2253"
                java.lang.String r5 = r5.getName(r6)
                r6 = 0
                javax.naming.ldap.LdapName r0 = new javax.naming.ldap.LdapName     // Catch: javax.naming.InvalidNameException -> Lca
                r0.<init>(r5)     // Catch: javax.naming.InvalidNameException -> Lca
                java.util.List r5 = r0.getRdns()     // Catch: javax.naming.InvalidNameException -> Lca
                java.util.Iterator r5 = r5.iterator()     // Catch: javax.naming.InvalidNameException -> Lca
            L76:
                boolean r0 = r5.hasNext()     // Catch: javax.naming.InvalidNameException -> Lca
                if (r0 == 0) goto L96
                java.lang.Object r0 = r5.next()     // Catch: javax.naming.InvalidNameException -> Lca
                javax.naming.ldap.Rdn r0 = (javax.naming.ldap.Rdn) r0     // Catch: javax.naming.InvalidNameException -> Lca
                java.lang.String r1 = r0.getType()     // Catch: javax.naming.InvalidNameException -> Lca
                java.lang.String r2 = "CN"
                boolean r1 = r1.equalsIgnoreCase(r2)     // Catch: javax.naming.InvalidNameException -> Lca
                if (r1 == 0) goto L76
                java.lang.Object r5 = r0.getValue()     // Catch: javax.naming.InvalidNameException -> Lca
                java.lang.String r6 = r5.toString()     // Catch: javax.naming.InvalidNameException -> Lca
            L96:
                java.lang.String r5 = r4.hostName
                boolean r5 = r5.equalsIgnoreCase(r6)
                if (r5 == 0) goto L9f
                goto Lda
            L9f:
                java.security.cert.CertificateException r5 = new java.security.cert.CertificateException
                java.lang.StringBuilder r0 = new java.lang.StringBuilder
                r0.<init>()
                java.lang.String r1 = "Server certificate identity check failed. The certificate Common Name '"
                java.lang.StringBuilder r0 = r0.append(r1)
                java.lang.StringBuilder r6 = r0.append(r6)
                java.lang.String r0 = "' does not match with '"
                java.lang.StringBuilder r6 = r6.append(r0)
                java.lang.String r0 = r4.hostName
                java.lang.StringBuilder r6 = r6.append(r0)
                java.lang.String r0 = "'."
                java.lang.StringBuilder r6 = r6.append(r0)
                java.lang.String r6 = r6.toString()
                r5.<init>(r6)
                throw r5
            Lca:
                java.security.cert.CertificateException r5 = new java.security.cert.CertificateException
                java.lang.String r6 = "Failed to retrieve the Common Name (CN) from the server certificate."
                r5.<init>(r6)
                throw r5
            Ld2:
                java.security.cert.CertificateException r5 = new java.security.cert.CertificateException
                java.lang.String r6 = "Can't verify server certificate because no trust manager is found."
                r5.<init>(r6)
                throw r5
            Lda:
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: com.mysql.cj.protocol.ExportControlled.X509TrustManagerWrapper.checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String):void");
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            X509TrustManager x509TrustManager = this.origTm;
            return x509TrustManager != null ? x509TrustManager.getAcceptedIssuers() : new X509Certificate[0];
        }
    }

    private ExportControlled() {
    }

    public static RSAPublicKey decodeRSAPublicKey(String str) throws RSAException {
        if (str == null) {
            throw ((RSAException) ExceptionFactory.createException(RSAException.class, "Key parameter is null"));
        }
        int indexOf = str.indexOf("\n") + 1;
        try {
            return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64Decoder.decode(str.getBytes(), indexOf, str.indexOf("-----END PUBLIC KEY-----") - indexOf)));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw ((RSAException) ExceptionFactory.createException(RSAException.class, "Unable to decode public key", e));
        }
    }

    public static boolean enabled() {
        return true;
    }

    public static byte[] encryptWithRSAPublicKey(byte[] bArr, RSAPublicKey rSAPublicKey) throws RSAException {
        return encryptWithRSAPublicKey(bArr, rSAPublicKey, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
    }

    public static byte[] encryptWithRSAPublicKey(byte[] bArr, RSAPublicKey rSAPublicKey, String str) throws RSAException {
        try {
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(1, rSAPublicKey);
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw ((RSAException) ExceptionFactory.createException(RSAException.class, e.getMessage(), e));
        }
    }

    public static SSLContext getSSLContext(String str, String str2, String str3, String str4, String str5, String str6, boolean z, String str7, ExceptionInterceptor exceptionInterceptor) throws SSLParamsException {
        return getSSLContext(str, str2, str3, str4, str5, str6, true, z, str7, exceptionInterceptor);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Not initialized variable reg: 17, insn: 0x0144: MOVE (r15 I:??[OBJECT, ARRAY]) = (r17 I:??[OBJECT, ARRAY]), block:B:172:0x0144 */
    /* JADX WARN: Removed duplicated region for block: B:13:0x01a2  */
    /* JADX WARN: Removed duplicated region for block: B:19:0x01ee  */
    /* JADX WARN: Removed duplicated region for block: B:31:0x01e5 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:37:0x01b6 A[Catch: IOException -> 0x0234, CertificateException -> 0x0236, KeyStoreException -> 0x0239, NoSuchAlgorithmException -> 0x023b, MalformedURLException -> 0x023e, all -> 0x02e7, TryCatch #2 {all -> 0x02e7, blocks: (B:70:0x017d, B:35:0x01ac, B:37:0x01b6, B:39:0x01bc, B:40:0x01d5, B:49:0x024a, B:50:0x0273, B:52:0x02a0, B:53:0x02c1, B:55:0x02c5, B:56:0x02e6), top: B:8:0x015e }] */
    /* JADX WARN: Type inference failed for: r15v0, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r15v1 */
    /* JADX WARN: Type inference failed for: r15v11 */
    /* JADX WARN: Type inference failed for: r15v14 */
    /* JADX WARN: Type inference failed for: r15v15, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r15v16 */
    /* JADX WARN: Type inference failed for: r15v2, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r15v3 */
    /* JADX WARN: Type inference failed for: r15v7 */
    /* JADX WARN: Type inference failed for: r5v0, types: [java.util.ArrayList] */
    /* JADX WARN: Type inference failed for: r5v22 */
    /* JADX WARN: Type inference failed for: r5v3 */
    /* JADX WARN: Type inference failed for: r5v4, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r5v7 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static javax.net.ssl.SSLContext getSSLContext(java.lang.String r19, java.lang.String r20, java.lang.String r21, java.lang.String r22, java.lang.String r23, java.lang.String r24, boolean r25, boolean r26, java.lang.String r27, com.mysql.cj.exceptions.ExceptionInterceptor r28) throws com.mysql.cj.exceptions.SSLParamsException {
        /*
            Method dump skipped, instructions count: 794
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.mysql.cj.protocol.ExportControlled.getSSLContext(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, boolean, boolean, java.lang.String, com.mysql.cj.exceptions.ExceptionInterceptor):javax.net.ssl.SSLContext");
    }

    private static SSLSocketFactory getSSLSocketFactoryDefaultOrConfigured(PropertySet propertySet, ExceptionInterceptor exceptionInterceptor) throws SSLParamsException {
        String value = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_clientCertificateKeyStoreUrl).getValue();
        String value2 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_clientCertificateKeyStorePassword).getValue();
        String value3 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_clientCertificateKeyStoreType).getValue();
        String value4 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_trustCertificateKeyStoreUrl).getValue();
        String value5 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_trustCertificateKeyStorePassword).getValue();
        String value6 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_trustCertificateKeyStoreType).getValue();
        if (StringUtils.isNullOrEmpty(value)) {
            value = System.getProperty("javax.net.ssl.keyStore");
            value2 = System.getProperty("javax.net.ssl.keyStorePassword");
            value3 = System.getProperty("javax.net.ssl.keyStoreType");
            if (StringUtils.isNullOrEmpty(value3)) {
                value3 = "JKS";
            }
            if (!StringUtils.isNullOrEmpty(value)) {
                try {
                    new URL(value);
                } catch (MalformedURLException unused) {
                    value = "file:" + value;
                }
            }
        }
        String str = value;
        String str2 = value2;
        String str3 = value3;
        if (StringUtils.isNullOrEmpty(value4)) {
            value4 = System.getProperty("javax.net.ssl.trustStore");
            value5 = System.getProperty("javax.net.ssl.trustStorePassword");
            String property = System.getProperty("javax.net.ssl.trustStoreType");
            value6 = StringUtils.isNullOrEmpty(property) ? "JKS" : property;
            if (!StringUtils.isNullOrEmpty(value4)) {
                try {
                    new URL(value4);
                } catch (MalformedURLException unused2) {
                    value4 = "file:" + value4;
                }
            }
        }
        return getSSLContext(str, str3, str2, value4, value6, value5, propertySet.getBooleanReadableProperty(PropertyDefinitions.PNAME_verifyServerCertificate).getValue().booleanValue(), null, exceptionInterceptor).getSocketFactory();
    }

    public static boolean isSSLEstablished(Socket socket) {
        return SSLSocket.class.isAssignableFrom(socket.getClass());
    }

    public static Socket performTlsHandshake(Socket socket, SocketConnection socketConnection, ServerVersion serverVersion) throws IOException, SSLParamsException, FeatureNotAvailableException {
        PropertySet propertySet = socketConnection.getPropertySet();
        SSLSocket sSLSocket = (SSLSocket) getSSLSocketFactoryDefaultOrConfigured(propertySet, socketConnection.getExceptionInterceptor()).createSocket(socket, socketConnection.getHost(), socketConnection.getPort(), true);
        String value = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_enabledTLSProtocols).getValue();
        ArrayList arrayList = new ArrayList(Arrays.asList((value == null || value.length() <= 0) ? (serverVersion.meetsMinimum(ServerVersion.parseVersion("8.0.4")) || (serverVersion.meetsMinimum(ServerVersion.parseVersion("5.6.0")) && Util.isEnterpriseEdition(serverVersion.toString()))) ? TLS_PROTOCOLS : new String[]{TLSv1_1, TLSv1} : value.split("\\s*,\\s*")));
        List asList = Arrays.asList(sSLSocket.getSupportedProtocols());
        ArrayList arrayList2 = new ArrayList();
        for (String str : TLS_PROTOCOLS) {
            if (asList.contains(str) && arrayList.contains(str)) {
                arrayList2.add(str);
            }
        }
        sSLSocket.setEnabledProtocols((String[]) arrayList2.toArray(new String[0]));
        String value2 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_enabledSSLCipherSuites).getValue();
        if (value2 != null && value2.length() > 0) {
            ArrayList arrayList3 = new ArrayList();
            List asList2 = Arrays.asList(sSLSocket.getEnabledCipherSuites());
            for (String str2 : value2.split("\\s*,\\s*")) {
                if (asList2.contains(str2)) {
                    arrayList3.add(str2);
                }
            }
            sSLSocket.setEnabledCipherSuites((String[]) arrayList3.toArray(new String[0]));
        } else if (!serverVersion.meetsMinimum(ServerVersion.parseVersion("5.7.6")) && ((!serverVersion.meetsMinimum(ServerVersion.parseVersion("5.6.26")) || serverVersion.meetsMinimum(ServerVersion.parseVersion("5.7.0"))) && (!serverVersion.meetsMinimum(ServerVersion.parseVersion("5.5.45")) || serverVersion.meetsMinimum(ServerVersion.parseVersion("5.6.0"))))) {
            ArrayList arrayList4 = new ArrayList();
            for (String str3 : sSLSocket.getEnabledCipherSuites()) {
                if (str3.indexOf("_DHE_") == -1 && str3.indexOf("_DH_") == -1) {
                    arrayList4.add(str3);
                }
            }
            sSLSocket.setEnabledCipherSuites((String[]) arrayList4.toArray(new String[0]));
        }
        sSLSocket.startHandshake();
        return sSLSocket;
    }

    private static void performTlsHandshake(SSLEngine sSLEngine, AsynchronousSocketChannel asynchronousSocketChannel) throws SSLException {
        SSLEngineResult.HandshakeStatus handshakeStatus;
        sSLEngine.beginHandshake();
        SSLEngineResult.HandshakeStatus handshakeStatus2 = sSLEngine.getHandshakeStatus();
        int packetBufferSize = sSLEngine.getSession().getPacketBufferSize();
        ByteBuffer allocate = ByteBuffer.allocate(packetBufferSize);
        ByteBuffer allocate2 = ByteBuffer.allocate(packetBufferSize);
        int applicationBufferSize = sSLEngine.getSession().getApplicationBufferSize();
        ByteBuffer allocate3 = ByteBuffer.allocate(applicationBufferSize);
        ByteBuffer allocate4 = ByteBuffer.allocate(applicationBufferSize);
        while (handshakeStatus2 != SSLEngineResult.HandshakeStatus.FINISHED && handshakeStatus2 != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
            int i = AnonymousClass2.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[handshakeStatus2.ordinal()];
            if (i == 1) {
                allocate.clear();
                SSLEngineResult wrap = sSLEngine.wrap(allocate3, allocate);
                handshakeStatus = wrap.getHandshakeStatus();
                int i2 = AnonymousClass2.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[wrap.getStatus().ordinal()];
                if (i2 == 1) {
                    allocate.flip();
                    write(asynchronousSocketChannel, allocate);
                } else if (i2 == 2 || i2 == 3 || i2 == 4) {
                    throw new CJCommunicationsException("Unacceptable SSLEngine result: " + wrap);
                }
            } else if (i == 2) {
                allocate2.flip();
                SSLEngineResult unwrap = sSLEngine.unwrap(allocate2, allocate4);
                handshakeStatus = unwrap.getHandshakeStatus();
                int i3 = AnonymousClass2.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getStatus().ordinal()];
                if (i3 == 1) {
                    allocate2.compact();
                } else if (i3 == 2) {
                    int applicationBufferSize2 = sSLEngine.getSession().getApplicationBufferSize();
                    if (applicationBufferSize2 > allocate4.capacity()) {
                        ByteBuffer allocate5 = ByteBuffer.allocate(applicationBufferSize2);
                        allocate5.put(allocate4);
                        allocate5.flip();
                        allocate4 = allocate5;
                    } else {
                        allocate4.compact();
                    }
                } else if (i3 == 3) {
                    int packetBufferSize2 = sSLEngine.getSession().getPacketBufferSize();
                    if (packetBufferSize2 > allocate2.capacity()) {
                        ByteBuffer allocate6 = ByteBuffer.allocate(packetBufferSize2);
                        allocate6.put(allocate2);
                        allocate6.flip();
                        allocate2 = allocate6;
                    } else {
                        allocate2.compact();
                    }
                    if (read(asynchronousSocketChannel, allocate2).intValue() < 0) {
                        throw new CJCommunicationsException("Server does not provide enough data to proceed with SSL handshake.");
                    }
                } else if (i3 == 4) {
                    throw new CJCommunicationsException("Unacceptable SSLEngine result: " + unwrap);
                }
            } else if (i == 3) {
                sSLEngine.getDelegatedTask().run();
                handshakeStatus2 = sSLEngine.getHandshakeStatus();
            }
            handshakeStatus2 = handshakeStatus;
        }
    }

    private static Integer read(AsynchronousSocketChannel asynchronousSocketChannel, ByteBuffer byteBuffer) {
        try {
            return asynchronousSocketChannel.read(byteBuffer).get();
        } catch (InterruptedException | ExecutionException e) {
            throw new CJCommunicationsException(e);
        }
    }

    public static AsynchronousSocketChannel startTlsOnAsynchronousChannel(AsynchronousSocketChannel asynchronousSocketChannel, SocketConnection socketConnection) throws SSLException {
        String str;
        String str2;
        String str3;
        String str4;
        String str5;
        String str6;
        PropertySet propertySet = socketConnection.getPropertySet();
        PropertyDefinitions.SslMode sslMode = (PropertyDefinitions.SslMode) propertySet.getEnumReadableProperty(PropertyDefinitions.PNAME_sslMode).getValue();
        boolean z = sslMode == PropertyDefinitions.SslMode.VERIFY_CA || sslMode == PropertyDefinitions.SslMode.VERIFY_IDENTITY;
        String value = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_sslTrustStoreUrl).getValue();
        if (z) {
            String value2 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_sslTrustStoreType).getValue();
            String value3 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_sslTrustStorePassword).getValue();
            if (StringUtils.isNullOrEmpty(value)) {
                value = System.getProperty("javax.net.ssl.trustStore");
                value3 = System.getProperty("javax.net.ssl.trustStorePassword");
                value2 = System.getProperty("javax.net.ssl.trustStoreType");
                if (StringUtils.isNullOrEmpty(value2)) {
                    value2 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_sslTrustStoreType).getInitialValue();
                }
                if (!StringUtils.isNullOrEmpty(value)) {
                    try {
                        new URL(value);
                    } catch (MalformedURLException unused) {
                        value = "file:" + value;
                    }
                }
            }
            if (StringUtils.isNullOrEmpty(value)) {
                throw new CJCommunicationsException("No truststore provided to verify the Server certificate.");
            }
            str3 = value3;
            str2 = value2;
            str = value;
        } else {
            str = value;
            str2 = null;
            str3 = null;
        }
        String value4 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_clientCertificateKeyStoreUrl).getValue();
        String value5 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_clientCertificateKeyStoreType).getValue();
        String value6 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_clientCertificateKeyStorePassword).getValue();
        if (StringUtils.isNullOrEmpty(value4)) {
            String property = System.getProperty("javax.net.ssl.keyStore");
            String property2 = System.getProperty("javax.net.ssl.keyStorePassword");
            str6 = System.getProperty("javax.net.ssl.keyStoreType");
            if (StringUtils.isNullOrEmpty(str6)) {
                str6 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_clientCertificateKeyStoreType).getInitialValue();
            }
            if (!StringUtils.isNullOrEmpty(property)) {
                try {
                    new URL(property);
                } catch (MalformedURLException unused2) {
                    property = "file:" + property;
                }
            }
            str4 = property;
            str5 = property2;
        } else {
            str4 = value4;
            str5 = value6;
            str6 = value5;
        }
        SSLEngine createSSLEngine = getSSLContext(str4, str6, str5, str, str2, str3, false, z, sslMode == PropertyDefinitions.SslMode.VERIFY_IDENTITY ? socketConnection.getHost() : null, null).createSSLEngine();
        createSSLEngine.setUseClientMode(true);
        String value7 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_enabledSSLCipherSuites).getValue();
        if (value7 != null && value7.length() > 0) {
            ArrayList arrayList = new ArrayList();
            List asList = Arrays.asList(createSSLEngine.getEnabledCipherSuites());
            for (String str7 : value7.split("\\s*,\\s*")) {
                if (asList.contains(str7)) {
                    arrayList.add(str7);
                }
            }
            createSSLEngine.setEnabledCipherSuites((String[]) arrayList.toArray(new String[0]));
        }
        String value8 = propertySet.getStringReadableProperty(PropertyDefinitions.PNAME_enabledTLSProtocols).getValue();
        ArrayList arrayList2 = new ArrayList(Arrays.asList((value8 == null || value8.length() <= 0) ? new String[]{TLSv1_1, TLSv1} : value8.split("\\s*,\\s*")));
        List asList2 = Arrays.asList(createSSLEngine.getSupportedProtocols());
        ArrayList arrayList3 = new ArrayList();
        for (String str8 : TLS_PROTOCOLS) {
            if (asList2.contains(str8) && arrayList2.contains(str8)) {
                arrayList3.add(str8);
            }
        }
        createSSLEngine.setEnabledProtocols((String[]) arrayList3.toArray(new String[0]));
        performTlsHandshake(createSSLEngine, asynchronousSocketChannel);
        return new TlsAsynchronousSocketChannel(asynchronousSocketChannel, createSSLEngine);
    }

    private static void write(final AsynchronousSocketChannel asynchronousSocketChannel, final ByteBuffer byteBuffer) {
        final CompletableFuture completableFuture = new CompletableFuture();
        final int limit = byteBuffer.limit();
        asynchronousSocketChannel.write(byteBuffer, null, new CompletionHandler<Integer, Void>() { // from class: com.mysql.cj.protocol.ExportControlled.1
            @Override // java.nio.channels.CompletionHandler
            public void completed(Integer num, Void r3) {
                if (num.intValue() < limit) {
                    asynchronousSocketChannel.write(byteBuffer, null, this);
                } else {
                    completableFuture.complete(null);
                }
            }

            @Override // java.nio.channels.CompletionHandler
            public void failed(Throwable th, Void r2) {
                completableFuture.completeExceptionally(th);
            }
        });
        try {
            completableFuture.get();
        } catch (InterruptedException | ExecutionException e) {
            throw new CJCommunicationsException(e);
        }
    }
}
