package oracle.net.nt;

import com.ibm.db2.cmx.runtime.internal.xml.XmlTags;
import java.io.File;
import java.io.IOException;
import java.security.Security;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import java.util.logging.Level;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import oracle.jdbc.OracleConnection;
import oracle.jdbc.diagnostics.CommonDiagnosable;
import oracle.jdbc.diagnostics.Diagnosable;
import oracle.jdbc.diagnostics.SecurityLabel;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/ojdbc8-23.7.0.25.01.jar:oracle/net/nt/SSLContextCache.class */
public class SSLContextCache {
    private static final String CLASS_NAME = SSLContextCache.class.getName();
    private static final SSLContextCache SINGLETON_INSTANCE = new SSLContextCache();
    private static final ConcurrentHashMap<SSLConfig, CacheEntry> CACHE_MAP = new ConcurrentHashMap<>();
    private static final Lock CACHE_LOCK = new ReentrantLock();
    private static final Set<String> CACHEABLE_KEYSTORE_TYPES = (Set) Stream.of((Object[]) new String[]{SSLConfig.SSO_WALLET_TYPE, SSLConfig.PEM_WALLET_TYPE, SSLConfig.PKCS12_WALLET_TYPE, SSLConfig.JKS_TYPE, SSLConfig.DATA_URI_TYPE}).collect(Collectors.toSet());
    private static int MAX_CACHE_SIZE;
    static final boolean DISABLE_CACHE;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/ojdbc8-23.7.0.25.01.jar:oracle/net/nt/SSLContextCache$CacheEntry.class */
    public static class CacheEntry {
        private final ExtendedSSLContext extendedSSLContext;
        private final SSLConfig config;
        private long lastUsed;
        private final String[] cachedFiles = cachedFiles();
        private final Long[] cachedFileModifiedTimes = new Long[this.cachedFiles.length];

        CacheEntry(ExtendedSSLContext extendedSSLContext, SSLConfig sSLConfig) {
            this.extendedSSLContext = extendedSSLContext;
            this.config = sSLConfig;
            for (int i = 0; i < this.cachedFiles.length; i++) {
                this.cachedFileModifiedTimes[i] = Long.valueOf(new File(this.cachedFiles[i]).lastModified());
            }
            this.lastUsed = System.currentTimeMillis();
        }

        boolean isValid() {
            for (int i = 0; i < this.cachedFiles.length; i++) {
                if (isKeyStoreModified(this.cachedFiles[i], this.cachedFileModifiedTimes[i].longValue())) {
                    CommonDiagnosable.getInstance().debug(Level.FINE, SecurityLabel.UNKNOWN, SSLContextCache.CLASS_NAME, XmlTags.IS_VALID, "Invalid entry, Keystore file {0} updated or removed.", (String) null, (String) null, this.cachedFiles[i]);
                    return false;
                }
            }
            return (isProviderRemoved(this.extendedSSLContext.getKeyStoreProvider()) || isProviderRemoved(this.extendedSSLContext.getTrustStoreProvider())) ? false : true;
        }

        ExtendedSSLContext context() {
            this.lastUsed = System.currentTimeMillis();
            return this.extendedSSLContext;
        }

        long lastUsed() {
            return this.lastUsed;
        }

        private String[] cachedFiles() {
            if (this.config.isWallet()) {
                return (this.config.getKeyStore() == null || SSLConfig.isDataUri(this.config.getKeyStore())) ? new String[0] : new String[]{this.config.getKeyStore()};
            }
            LinkedList linkedList = new LinkedList();
            if (this.config.getKeyStore() != null) {
                linkedList.add(this.config.getKeyStore());
            }
            if (this.config.getTrustStore() != null) {
                linkedList.add(this.config.getTrustStore());
            }
            return (String[]) linkedList.toArray(new String[linkedList.size()]);
        }

        private boolean isKeyStoreModified(String str, long j) {
            File file = new File(str);
            return !file.exists() || file.lastModified() > j;
        }

        private boolean isProviderRemoved(String str) {
            if (str == null || Security.getProvider(str) != null) {
                return false;
            }
            CommonDiagnosable.getInstance().debug(Level.FINE, SecurityLabel.UNKNOWN, SSLContextCache.CLASS_NAME, "isProviderRemoved", "Provider {0} removed at runtime.", (String) null, (String) null, str);
            return true;
        }
    }

    private SSLContextCache() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SSLContextCache instance() {
        return SINGLETON_INSTANCE;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int cacheSize() {
        return CACHE_MAP.size();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void reset() {
        CACHE_LOCK.lock();
        CACHE_MAP.clear();
        CACHE_LOCK.unlock();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ExtendedSSLContext get(SSLConfig sSLConfig, Diagnosable diagnosable) throws IOException {
        Diagnosable commonDiagnosable;
        if (diagnosable == null) {
            try {
                commonDiagnosable = CommonDiagnosable.getInstance();
            } catch (Throwable th) {
                sSLConfig.diagnosable = null;
                throw th;
            }
        } else {
            commonDiagnosable = diagnosable;
        }
        sSLConfig.diagnosable = commonDiagnosable;
        if (DISABLE_CACHE || !cacheable(sSLConfig)) {
            diagnosable.debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "get", "Not Using Cache. Creating SSLContext for config = {0}", (String) null, (String) null, sSLConfig);
            ExtendedSSLContext createSSLContext = createSSLContext(sSLConfig);
            sSLConfig.diagnosable = null;
            return createSSLContext;
        }
        CacheEntry cacheEntry = CACHE_MAP.get(sSLConfig);
        if (cacheEntry == null || !cacheEntry.isValid()) {
            ExtendedSSLContext context = createCacheEntry(sSLConfig).context();
            sSLConfig.diagnosable = null;
            return context;
        }
        diagnosable.debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "get", "Got a valid entry in cache and returning it.", null, null);
        SSLContextCacheInfo.incrementCacheHit();
        ExtendedSSLContext context2 = cacheEntry.context();
        sSLConfig.diagnosable = null;
        return context2;
    }

    private CacheEntry createCacheEntry(SSLConfig sSLConfig) throws IOException {
        CACHE_LOCK.lock();
        try {
            CacheEntry cacheEntry = CACHE_MAP.get(sSLConfig);
            if (cacheEntry != null) {
                if (cacheEntry.isValid()) {
                    sSLConfig.diagnosable.debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "createCacheEntry", "Found a valid entry in cache and returning it.", null, null);
                    SSLContextCacheInfo.incrementCacheHit();
                    CACHE_LOCK.unlock();
                    return cacheEntry;
                }
                sSLConfig.diagnosable.debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "createCacheEntry", "Removing invalid entry for config = {0}", (String) null, (String) null, sSLConfig);
                removeEntry(sSLConfig);
            }
            sSLConfig.diagnosable.debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "createCacheEntry", "No entry in cache, creating new one.", null, null);
            ExtendedSSLContext createSSLContext = createSSLContext(sSLConfig);
            SSLContextCacheInfo.incrementCacheMiss();
            if (CACHE_MAP.size() >= MAX_CACHE_SIZE) {
                removeLRUEntry(sSLConfig.diagnosable);
            }
            CacheEntry cacheEntry2 = new CacheEntry(createSSLContext, sSLConfig);
            CACHE_MAP.put(sSLConfig, cacheEntry2);
            CACHE_LOCK.unlock();
            return cacheEntry2;
        } catch (Throwable th) {
            CACHE_LOCK.unlock();
            throw th;
        }
    }

    private void removeLRUEntry(Diagnosable diagnosable) {
        Enumeration<SSLConfig> keys = CACHE_MAP.keys();
        long j = Long.MAX_VALUE;
        SSLConfig sSLConfig = null;
        while (keys.hasMoreElements()) {
            SSLConfig nextElement = keys.nextElement();
            CacheEntry cacheEntry = CACHE_MAP.get(nextElement);
            if (cacheEntry.lastUsed() < j) {
                sSLConfig = nextElement;
                j = cacheEntry.lastUsed();
            }
        }
        if (sSLConfig != null) {
            diagnosable.debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "removeLRUEntry", "Reached cache max size. Removing the least recently used entry = {0}", (String) null, (String) null, sSLConfig);
            removeEntry(sSLConfig);
        }
    }

    private ExtendedSSLContext createSSLContext(SSLConfig sSLConfig) throws IOException {
        return CustomSSLSocketFactory.getSSLContext(sSLConfig, sSLConfig.diagnosable);
    }

    private boolean cacheable(SSLConfig sSLConfig) {
        return isCachebleKeyStoreType(sSLConfig.getKeyStoreType()) || isCachebleKeyStoreType(sSLConfig.getTrustStoreType());
    }

    private boolean isCachebleKeyStoreType(String str) {
        if (str == null || str.isEmpty()) {
            return false;
        }
        return CACHEABLE_KEYSTORE_TYPES.contains(str);
    }

    private void removeEntry(SSLConfig sSLConfig) {
        if (CACHE_MAP.remove(sSLConfig) != null) {
            SSLContextCacheInfo.incrementCacheRemove();
        }
    }

    static {
        MAX_CACHE_SIZE = 15;
        try {
            MAX_CACHE_SIZE = Integer.parseInt(System.getProperty(OracleConnection.CONNECTION_PROPERTY_THIN_SSL_CONTEXT_CACHE_SIZE, OracleConnection.CONNECTION_PROPERTY_THIN_SSL_CONTEXT_CACHE_SIZE_DEFAULT));
        } catch (NumberFormatException e) {
        }
        DISABLE_CACHE = MAX_CACHE_SIZE <= 0;
    }
}
