package oracle.net.nt;

import java.io.File;
import java.security.KeyStore;
import java.security.Security;
import java.util.Objects;
import java.util.Properties;
import java.util.logging.Level;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import oracle.jdbc.diagnostics.CommonDiagnosable;
import oracle.jdbc.diagnostics.Diagnosable;
import oracle.jdbc.diagnostics.SecurityLabel;
import oracle.jdbc.internal.OpaqueString;
import oracle.jdbc.logging.annotations.Blind;
import oracle.jdbc.logging.annotations.PropertiesBlinder;
import oracle.net.jdbc.nl.NVFactory;
import oracle.net.jdbc.nl.NVNavigator;
import oracle.net.jdbc.nl.NVPair;
import oracle.net.ns.NetException;
import org.apache.derby.iapi.reference.Property;
import org.apache.derby.iapi.services.classfile.VMDescriptor;

/* loaded from: input_file:oracle/net/nt/SSLConfig.class */
public class SSLConfig implements Diagnosable {
    public static final String DEFAULT_SSO_WALLET_FILE_NAME = "cwallet.sso";
    public static final String DEFAULT_PKCS12_WALLET_FILE_NAME = "ewallet.p12";
    public static final String DEFAULT_PEM_WALLET_FILE_NAME = "ewallet.pem";
    public static final String DEFAULT_CLEAR_PEM_WALLET_FILE_NAME = "cwallet.pem";
    public static final String SSO_WALLET_TYPE = "SSO";
    public static final String PKCS12_WALLET_TYPE = "PKCS12";
    public static final String PKCS11_WALLET_TYPE = "PKCS11";
    public static final String WINDOWS_MY_WALLET_TYPE = "Windows-MY";
    public static final String JKS_TYPE = "JKS";
    public static final String KSS_TYPE = "KSS";
    public static final String PEM_WALLET_TYPE = "PEM";
    public static final String DATA_URI_TYPE = "DATA_URI";
    public static final String SUPPORTED_METHOD_TYPE = "FILE";
    public static final String SSO_FILE_EXTENSION = ".sso";
    public static final String P12_FILE_EXTENSION = ".p12";
    public static final String PEM_FILE_EXTENSION = ".pem";
    public static final String PFX_FILE_EXTENSION = ".pfx";
    public static final String JKS_FILE_EXTENSION = ".jks";
    public static final String KSS_URI_SCHEME = "kss://";
    public static final String DATA_URI_SCHEME = "data:";
    public static final String BASE64_EXTENSION = ";base64,";
    public static final String ORACLE_PKI_PROVIDER_CLASS = "oracle.security.pki.OraclePKIProvider";
    public static final String KSS_PROVIDER_CLASS = "oracle.security.jps.internal.keystore.provider.FarmKeyStoreProvider";
    private String keyStore;
    private String keyStoreType;
    private OpaqueString keyStorePassword;
    private String certificateAlias;
    private String certificateThumbprint;
    private String keyManagerFacAlgo;
    private String trustStore;
    private String trustStoreType;
    private OpaqueString trustStorePassword;
    private String trustManagerFacAlgo;
    private String sslContextProtocol;
    private boolean isCaCertsTrusted;
    private boolean isWallet;
    private int pemPrivateKeyIndex = 1;
    private String sni;
    Diagnosable diagnosable;
    private static final String CLASS_NAME = SSLConfig.class.getName();
    public static final SSLConfig DEFAULT_SSL_CONFIG = new SSLConfig();

    private SSLConfig() {
    }

    public static SSLConfig newInstance(Properties properties) throws NetException {
        SSLConfig sSLConfig = new SSLConfig();
        sSLConfig.readSSLConfig(properties);
        return sSLConfig;
    }

    public String getKeyStore() {
        return this.keyStore;
    }

    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    public OpaqueString getKeyStorePassword() {
        return this.keyStorePassword;
    }

    public String getCertificateAlias() {
        return this.certificateAlias;
    }

    public String getCertificateThumbprint() {
        return this.certificateThumbprint;
    }

    public String getKeyManagerFacAlgo() {
        return this.keyManagerFacAlgo;
    }

    public String getTrustStore() {
        return this.trustStore;
    }

    public String getTrustStoreType() {
        return this.trustStoreType;
    }

    public OpaqueString getTrustStorePassword() {
        return this.trustStorePassword;
    }

    public String getTrustManagerFacAlgo() {
        return this.trustManagerFacAlgo;
    }

    public String getSslContextProtocol() {
        return this.sslContextProtocol;
    }

    public boolean isCaCertsTrusted() {
        return this.isCaCertsTrusted;
    }

    public boolean isWallet() {
        return this.isWallet;
    }

    public int getPemPrivateKeyIndex() {
        return this.pemPrivateKeyIndex;
    }

    public boolean useSystemKeystore() {
        return Property.COLLATION_NONE.equalsIgnoreCase(this.keyStore) || Property.COLLATION_NONE.equalsIgnoreCase(this.trustStore);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        SSLConfig sSLConfig = (SSLConfig) obj;
        return this.isCaCertsTrusted == sSLConfig.isCaCertsTrusted && this.isWallet == sSLConfig.isWallet && Objects.equals(this.keyStore, sSLConfig.keyStore) && Objects.equals(this.keyStoreType, sSLConfig.keyStoreType) && Objects.equals(this.keyStorePassword, sSLConfig.keyStorePassword) && Objects.equals(this.certificateAlias, sSLConfig.certificateAlias) && Objects.equals(this.certificateThumbprint, sSLConfig.certificateThumbprint) && Objects.equals(this.keyManagerFacAlgo, sSLConfig.keyManagerFacAlgo) && Objects.equals(this.trustStore, sSLConfig.trustStore) && Objects.equals(this.trustStoreType, sSLConfig.trustStoreType) && Objects.equals(this.trustStorePassword, sSLConfig.trustStorePassword) && Objects.equals(this.trustManagerFacAlgo, sSLConfig.trustManagerFacAlgo) && Objects.equals(this.sslContextProtocol, sSLConfig.sslContextProtocol) && Objects.equals(Integer.valueOf(this.pemPrivateKeyIndex), Integer.valueOf(sSLConfig.pemPrivateKeyIndex)) && Objects.equals(this.sni, sSLConfig.sni);
    }

    public int hashCode() {
        return Objects.hash(this.keyStore, this.keyStoreType, this.keyStorePassword, this.certificateAlias, this.certificateThumbprint, this.keyManagerFacAlgo, this.trustStore, this.trustStoreType, this.trustStorePassword, this.trustManagerFacAlgo, this.sslContextProtocol, Boolean.valueOf(this.isCaCertsTrusted), Boolean.valueOf(this.isWallet), Integer.valueOf(this.pemPrivateKeyIndex), this.sni);
    }

    private void readSSLConfig(@Blind(PropertiesBlinder.class) Properties properties) throws NetException {
        if (((String) properties.get(5)) == null) {
            readJavaxNetSSLConfig(properties);
        } else {
            readWalletSSLConfig(properties);
        }
        this.certificateAlias = (String) properties.getOrDefault(29, "");
        this.certificateThumbprint = (String) properties.getOrDefault(44, "");
        this.sslContextProtocol = (String) properties.getOrDefault(38, "TLS");
        this.isCaCertsTrusted = Boolean.valueOf((String) properties.get(41)).booleanValue();
        this.sni = (String) properties.get(49);
    }

    private void readJavaxNetSSLConfig(@Blind(PropertiesBlinder.class) Properties properties) {
        this.keyStore = (String) properties.get(8);
        if (this.keyStore != null) {
            this.keyStoreType = (String) properties.get(9);
            if (this.keyStoreType == null) {
                this.keyStoreType = resolveKeyStoreType(this.keyStore);
                debug(Level.FINEST, SecurityLabel.UNKNOWN, CLASS_NAME, "readJavaxNetSSLConfig", "Resolved KeyStoreType = {0}", (String) null, (String) null, this.keyStoreType);
            }
            this.keyStorePassword = (OpaqueString) properties.getOrDefault(10, OpaqueString.NULL);
            this.keyManagerFacAlgo = (String) properties.get(14);
            if (this.keyManagerFacAlgo == null) {
                this.keyManagerFacAlgo = Security.getProperty("ssl.keyManagerFactory.algorithm");
            }
            if (this.keyManagerFacAlgo == null) {
                this.keyManagerFacAlgo = KeyManagerFactory.getDefaultAlgorithm();
            }
        }
        this.trustStore = (String) properties.get(11);
        if (this.trustStore != null) {
            this.trustStoreType = (String) properties.get(12);
            if (this.trustStoreType == null) {
                this.trustStoreType = resolveKeyStoreType(this.trustStore);
                debug(Level.FINEST, SecurityLabel.UNKNOWN, CLASS_NAME, "readJavaxNetSSLConfig", "Resolved TrustStoreType = {0}", (String) null, (String) null, this.trustStoreType);
            }
            this.trustStorePassword = (OpaqueString) properties.getOrDefault(13, OpaqueString.NULL);
            this.trustManagerFacAlgo = (String) properties.get(15);
            if (this.trustManagerFacAlgo == null) {
                this.trustManagerFacAlgo = Security.getProperty("ssl.trustManagerFactory.algorithm");
            }
            if (this.trustManagerFacAlgo == null) {
                this.trustManagerFacAlgo = TrustManagerFactory.getDefaultAlgorithm();
            }
        }
    }

    private void readWalletSSLConfig(@Blind(PropertiesBlinder.class) Properties properties) throws NetException {
        this.isWallet = true;
        String str = (String) properties.get(5);
        if (str.equalsIgnoreCase("SYSTEM")) {
            debug(Level.FINEST, SecurityLabel.UNKNOWN, CLASS_NAME, "readWalletSSLConfig", "Wallet location is configured as SYSTEM. Using default SSLContext.", null, null);
            this.keyStore = Property.COLLATION_NONE;
            this.trustStore = Property.COLLATION_NONE;
            return;
        }
        OpaqueString opaqueString = (OpaqueString) properties.getOrDefault(16, OpaqueString.NULL);
        this.pemPrivateKeyIndex = Integer.valueOf((String) properties.getOrDefault(46, "1")).intValue();
        boolean z = !OpaqueString.isNull(opaqueString);
        if (str.startsWith(VMDescriptor.METHOD)) {
            str = processWalletLocation(str, getDiagnosable());
        } else if (str.startsWith("file:")) {
            str = str.substring("file:".length());
        }
        if (!isDataUri(str)) {
            File file = new File(str);
            if (!file.exists()) {
                throw new NetException(NetException.UNABLE_TO_PARSE_WALLET_LOCATION, "Couldn't find file at " + str);
            }
            if (file.isDirectory()) {
                str = resolveWalletLocation(str, z);
                debug(Level.FINEST, SecurityLabel.UNKNOWN, CLASS_NAME, "readWalletSSLConfig", "Wallet location does not contain filename. Resolved location is {0}", (String) null, (String) null, str);
            }
        }
        this.keyStore = str;
        this.keyStoreType = resolveKeyStoreType(str);
        this.keyStorePassword = opaqueString;
        this.keyManagerFacAlgo = KeyManagerFactory.getDefaultAlgorithm();
        this.trustStore = this.keyStore;
        this.trustStoreType = this.keyStoreType;
        this.trustStorePassword = this.keyStorePassword;
        this.trustManagerFacAlgo = TrustManagerFactory.getDefaultAlgorithm();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isKeyStoreTrustStore() {
        return Objects.equals(this.keyStore, this.trustStore) && Objects.equals(this.keyStoreType, this.trustStoreType) && Objects.equals(this.keyStorePassword, this.trustStorePassword);
    }

    private static String resolveKeyStoreType(String str) {
        if (str == null || str.length() == 0) {
            return KeyStore.getDefaultType();
        }
        String lowerCase = str.toLowerCase();
        return lowerCase.endsWith(SSO_FILE_EXTENSION) ? SSO_WALLET_TYPE : (lowerCase.endsWith(P12_FILE_EXTENSION) || lowerCase.endsWith(PFX_FILE_EXTENSION)) ? PKCS12_WALLET_TYPE : lowerCase.endsWith(PEM_FILE_EXTENSION) ? PEM_WALLET_TYPE : lowerCase.endsWith(JKS_FILE_EXTENSION) ? JKS_TYPE : lowerCase.startsWith(KSS_URI_SCHEME) ? KSS_TYPE : isDataUri(lowerCase) ? DATA_URI_TYPE : KeyStore.getDefaultType();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isDataUri(String str) {
        return str != null && str.startsWith(DATA_URI_SCHEME);
    }

    static String extractBase64FromDataURI(String str) throws NetException {
        int indexOf = str.indexOf(BASE64_EXTENSION);
        if (indexOf == -1) {
            throw new NetException(NetException.NT_INVALID_DATA_URI_FORMAT, null, false, new Object[0]);
        }
        return str.substring(indexOf + BASE64_EXTENSION.length());
    }

    private String resolveWalletLocation(String str, boolean z) {
        return z ? getWallet(str, DEFAULT_PKCS12_WALLET_FILE_NAME, DEFAULT_PEM_WALLET_FILE_NAME) : getWallet(str, DEFAULT_SSO_WALLET_FILE_NAME, DEFAULT_CLEAR_PEM_WALLET_FILE_NAME);
    }

    private String getWallet(String str, String str2, String str3) {
        return (new File(str, str2).exists() || !new File(str, str3).exists()) ? str + File.separator + str2 : str + File.separator + str3;
    }

    private static String resolveKeyStoreLocation(String str, String str2) throws NetException {
        if (str == null || str2 == null || str.length() == 0 || str2.length() == 0) {
            return null;
        }
        File file = new File(str);
        if (!isDataUri(str) && !file.exists()) {
            return null;
        }
        if (!file.isDirectory()) {
            return str;
        }
        boolean z = -1;
        switch (str2.hashCode()) {
            case -1933293812:
                if (str2.equals(PKCS12_WALLET_TYPE)) {
                    z = true;
                    break;
                }
                break;
            case 79096:
                if (str2.equals(PEM_WALLET_TYPE)) {
                    z = 2;
                    break;
                }
                break;
            case 82415:
                if (str2.equals(SSO_WALLET_TYPE)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return str + File.separator + DEFAULT_SSO_WALLET_FILE_NAME;
            case true:
                return str + File.separator + DEFAULT_PKCS12_WALLET_FILE_NAME;
            case true:
                return str + File.separator + DEFAULT_PEM_WALLET_FILE_NAME;
            default:
                return null;
        }
    }

    public static String processWalletLocation(String str, Diagnosable diagnosable) throws NetException {
        try {
            NVNavigator nVNavigator = new NVNavigator();
            NVPair createNVPair = new NVFactory().createNVPair(str);
            NVPair findNVPair = nVNavigator.findNVPair(createNVPair, "METHOD");
            NVPair findNVPair2 = nVNavigator.findNVPair(nVNavigator.findNVPair(createNVPair, "METHOD_DATA"), "DIRECTORY");
            String atom = findNVPair.getAtom();
            diagnosable.debug(Level.FINEST, SecurityLabel.UNKNOWN, CLASS_NAME, "processWalletLocation", "Wallet Parameter Configuration : Method {0}, Directory {1}", null, null, atom, findNVPair2.getAtom());
            if (atom.equalsIgnoreCase(SUPPORTED_METHOD_TYPE)) {
                return findNVPair2.getAtom();
            }
            throw new NetException(NetException.UNSUPPORTED_METHOD_IN_WALLET_LOCATION, atom);
        } catch (Exception e) {
            diagnosable.debug(Level.INFO, SecurityLabel.UNKNOWN, CLASS_NAME, "processWalletLocation", "Error in parsing wallet location {0}", (String) null, (String) null, e);
            throw ((NetException) new NetException(NetException.UNABLE_TO_PARSE_WALLET_LOCATION).initCause(e));
        }
    }

    public String toString() {
        return "SSLConfig {keyStore='" + this.keyStore + "', keyStoreType='" + this.keyStoreType + "', certificateAlias='" + this.certificateAlias + "', certificateThumbprint='" + this.certificateThumbprint + "', keyManagerFacAlgo='" + this.keyManagerFacAlgo + "', trustStore='" + this.trustStore + "', trustStoreType='" + this.trustStoreType + "', trustManagerFacAlgo='" + this.trustManagerFacAlgo + "', sslContextProtocol='" + this.sslContextProtocol + "', isCaCertsTrusted=" + this.isCaCertsTrusted + ", isWallet=" + this.isWallet + ", pemPrivateKeyIndex=" + this.pemPrivateKeyIndex + ", sni='" + this.sni + "'}";
    }

    @Override // oracle.jdbc.diagnostics.Diagnosable
    public Diagnosable getDiagnosable() {
        return this.diagnosable == null ? CommonDiagnosable.getInstance() : this.diagnosable;
    }
}
