package com.amazon.redshift.ssl;

import com.amazon.redshift.RedshiftProperty;
import com.amazon.redshift.core.RedshiftStream;
import com.amazon.redshift.core.SocketFactoryFactory;
import com.amazon.redshift.jdbc.SslMode;
import com.amazon.redshift.util.GT;
import com.amazon.redshift.util.ObjectFactory;
import com.amazon.redshift.util.RedshiftException;
import com.amazon.redshift.util.RedshiftState;
import java.io.IOException;
import java.util.Properties;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: input_file:com/amazon/redshift/ssl/MakeSSL.class */
public class MakeSSL extends ObjectFactory {
    public static void convert(RedshiftStream redshiftStream, Properties properties) throws RedshiftException, IOException {
        SSLSocketFactory sslSocketFactory = SocketFactoryFactory.getSslSocketFactory(properties);
        try {
            SSLSocket sSLSocket = (SSLSocket) sslSocketFactory.createSocket(redshiftStream.getSocket(), redshiftStream.getHostSpec().getHost(), redshiftStream.getHostSpec().getPort(), true);
            sSLSocket.setUseClientMode(true);
            sSLSocket.startHandshake();
            if (sslSocketFactory instanceof LibPQFactory) {
                ((LibPQFactory) sslSocketFactory).throwKeyManagerException();
            }
            if (SslMode.of(properties).verifyPeerName()) {
                verifyPeerName(redshiftStream, properties, sSLSocket);
            }
            redshiftStream.changeSocket(sSLSocket);
        } catch (IOException e) {
            throw new RedshiftException(GT.tr("SSL error: {0}", e.getMessage()), RedshiftState.CONNECTION_FAILURE, e);
        }
    }

    private static void verifyPeerName(RedshiftStream redshiftStream, Properties properties, SSLSocket sSLSocket) throws RedshiftException {
        HostnameVerifier hostnameVerifier;
        String str = RedshiftProperty.SSL_HOSTNAME_VERIFIER.get(properties);
        if (str == null) {
            hostnameVerifier = RedshiftjdbcHostnameVerifier.INSTANCE;
            str = "RedshiftjdbcHostnameVerifier";
        } else {
            try {
                hostnameVerifier = (HostnameVerifier) instantiate(str, properties, false, null);
            } catch (Exception e) {
                throw new RedshiftException(GT.tr("The HostnameVerifier class provided {0} could not be instantiated.", str), RedshiftState.CONNECTION_FAILURE, e);
            }
        }
        if (!hostnameVerifier.verify(redshiftStream.getHostSpec().getHost(), sSLSocket.getSession())) {
            throw new RedshiftException(GT.tr("The hostname {0} could not be verified by hostnameverifier {1}.", redshiftStream.getHostSpec().getHost(), str), RedshiftState.CONNECTION_FAILURE);
        }
    }
}
