package org.apache.knox.gateway.util;

import com.mysql.cj.conf.PropertyDefinitions;
import com.mysql.cj.jdbc.MysqlDataSource;
import java.sql.SQLException;
import javax.sql.DataSource;
import org.apache.derby.jdbc.ClientDataSource;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.services.security.AliasService;
import org.apache.knox.gateway.services.security.AliasServiceException;
import org.postgresql.ds.PGSimpleDataSource;
import org.postgresql.jdbc.SslMode;
import org.postgresql.ssl.NonValidatingFactory;

/* loaded from: input_file:org/apache/knox/gateway/util/JDBCUtils.class */
public class JDBCUtils {
    public static final String POSTGRESQL_DB_TYPE = "postgresql";
    public static final String MYSQL_DB_TYPE = "mysql";
    public static final String DERBY_DB_TYPE = "derbydb";
    public static final String DATABASE_USER_ALIAS_NAME = "gateway_database_user";
    public static final String DATABASE_PASSWORD_ALIAS_NAME = "gateway_database_password";
    public static final String DATABASE_TRUSTSTORE_PASSWORD_ALIAS_NAME = "gateway_database_ssl_truststore_password";

    public static DataSource getDataSource(GatewayConfig gatewayConfig, AliasService aliasService) throws AliasServiceException, SQLException {
        if (POSTGRESQL_DB_TYPE.equalsIgnoreCase(gatewayConfig.getDatabaseType())) {
            return createPostgresDataSource(gatewayConfig, aliasService);
        }
        if (DERBY_DB_TYPE.equalsIgnoreCase(gatewayConfig.getDatabaseType())) {
            return createDerbyDatasource(gatewayConfig, aliasService);
        }
        if (MYSQL_DB_TYPE.equalsIgnoreCase(gatewayConfig.getDatabaseType())) {
            return createMySqlDataSource(gatewayConfig, aliasService);
        }
        throw new IllegalArgumentException("Invalid database type: " + gatewayConfig.getDatabaseType());
    }

    private static DataSource createPostgresDataSource(GatewayConfig gatewayConfig, AliasService aliasService) throws AliasServiceException {
        PGSimpleDataSource pGSimpleDataSource = new PGSimpleDataSource();
        if (gatewayConfig.getDatabaseConnectionUrl() != null) {
            pGSimpleDataSource.setUrl(gatewayConfig.getDatabaseConnectionUrl());
        } else {
            pGSimpleDataSource.setDatabaseName(gatewayConfig.getDatabaseName());
            pGSimpleDataSource.setServerNames(new String[]{gatewayConfig.getDatabaseHost()});
            pGSimpleDataSource.setPortNumbers(new int[]{gatewayConfig.getDatabasePort()});
            pGSimpleDataSource.setUser(getDatabaseUser(aliasService));
            pGSimpleDataSource.setPassword(getDatabasePassword(aliasService));
            configurePostgreSQLSsl(gatewayConfig, aliasService, pGSimpleDataSource);
        }
        return pGSimpleDataSource;
    }

    private static void configurePostgreSQLSsl(GatewayConfig gatewayConfig, AliasService aliasService, PGSimpleDataSource pGSimpleDataSource) throws AliasServiceException {
        if (gatewayConfig.isDatabaseSslEnabled()) {
            pGSimpleDataSource.setSsl(true);
            pGSimpleDataSource.setSslMode(SslMode.VERIFY_FULL.value);
            if (!gatewayConfig.verifyDatabaseSslServerCertificate()) {
                pGSimpleDataSource.setSslfactory(NonValidatingFactory.class.getCanonicalName());
            } else {
                pGSimpleDataSource.setSslRootCert(gatewayConfig.getDatabaseSslTruststoreFileName());
                pGSimpleDataSource.setSslPassword(getDatabaseAlias(aliasService, DATABASE_TRUSTSTORE_PASSWORD_ALIAS_NAME));
            }
        }
    }

    private static DataSource createDerbyDatasource(GatewayConfig gatewayConfig, AliasService aliasService) throws AliasServiceException {
        ClientDataSource clientDataSource = new ClientDataSource();
        clientDataSource.setDatabaseName(gatewayConfig.getDatabaseName());
        clientDataSource.setServerName(gatewayConfig.getDatabaseHost());
        clientDataSource.setPortNumber(gatewayConfig.getDatabasePort());
        clientDataSource.setUser(getDatabaseUser(aliasService));
        clientDataSource.setPassword(getDatabasePassword(aliasService));
        return clientDataSource;
    }

    private static DataSource createMySqlDataSource(GatewayConfig gatewayConfig, AliasService aliasService) throws AliasServiceException, SQLException {
        MysqlDataSource mysqlDataSource = new MysqlDataSource();
        if (gatewayConfig.getDatabaseConnectionUrl() != null) {
            mysqlDataSource.setUrl(gatewayConfig.getDatabaseConnectionUrl());
        } else {
            mysqlDataSource.setDatabaseName(gatewayConfig.getDatabaseName());
            mysqlDataSource.setServerName(gatewayConfig.getDatabaseHost());
            mysqlDataSource.setPortNumber(gatewayConfig.getDatabasePort());
            mysqlDataSource.setUser(getDatabaseUser(aliasService));
            mysqlDataSource.setPassword(getDatabasePassword(aliasService));
            configureMysqlSsl(gatewayConfig, aliasService, mysqlDataSource);
        }
        return mysqlDataSource;
    }

    private static void configureMysqlSsl(GatewayConfig gatewayConfig, AliasService aliasService, MysqlDataSource mysqlDataSource) throws AliasServiceException, SQLException {
        if (gatewayConfig.isDatabaseSslEnabled()) {
            mysqlDataSource.setUseSSL(true);
            if (!gatewayConfig.verifyDatabaseSslServerCertificate()) {
                mysqlDataSource.setVerifyServerCertificate(false);
                return;
            }
            mysqlDataSource.setSslMode(PropertyDefinitions.SslMode.VERIFY_CA.name());
            mysqlDataSource.setVerifyServerCertificate(true);
            mysqlDataSource.setTrustCertificateKeyStoreType("JKS");
            mysqlDataSource.setTrustCertificateKeyStoreUrl("file:" + gatewayConfig.getDatabaseSslTruststoreFileName());
            mysqlDataSource.setTrustCertificateKeyStorePassword(getDatabaseAlias(aliasService, DATABASE_TRUSTSTORE_PASSWORD_ALIAS_NAME));
        }
    }

    private static String getDatabaseUser(AliasService aliasService) throws AliasServiceException {
        return getDatabaseAlias(aliasService, DATABASE_USER_ALIAS_NAME);
    }

    private static String getDatabasePassword(AliasService aliasService) throws AliasServiceException {
        return getDatabaseAlias(aliasService, DATABASE_PASSWORD_ALIAS_NAME);
    }

    private static String getDatabaseAlias(AliasService aliasService, String str) throws AliasServiceException {
        char[] passwordFromAliasForGateway = aliasService.getPasswordFromAliasForGateway(str);
        if (passwordFromAliasForGateway == null) {
            return null;
        }
        return new String(passwordFromAliasForGateway);
    }
}
