package oracle.net.nt;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Security;
import java.util.Enumeration;
import java.util.logging.Level;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import oracle.jdbc.diagnostics.CommonDiagnosable;
import oracle.jdbc.diagnostics.Diagnosable;
import oracle.jdbc.diagnostics.SecurityLabel;
import oracle.jdbc.internal.OpaqueString;
import oracle.net.ns.NetException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/ojdbc8-23.7.0.25.01.jar:oracle/net/nt/ExtendedSSLContext.class */
public class ExtendedSSLContext implements Diagnosable {
    private static final String CLASS_NAME = ExtendedSSLContext.class.getName();
    private SSLContext context;
    private SSLConfig config;
    private KeyStore keyStore;
    private KeyStore trustStore;
    private KeyManager[] keyManagers;
    private TrustManager[] trustManagers;
    private PEMKeyStore pemKeyStore;
    private String keyStoreProvider;
    private String trustStoreProvider;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ExtendedSSLContext newInstance(SSLConfig sSLConfig) throws NetException {
        return new ExtendedSSLContext(sSLConfig);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ExtendedSSLContext wrap(SSLContext sSLContext) {
        return new ExtendedSSLContext(sSLContext);
    }

    private ExtendedSSLContext(SSLConfig sSLConfig) throws NetException {
        this.config = sSLConfig;
        createSSLContext();
    }

    private ExtendedSSLContext(SSLContext sSLContext) {
        this.config = null;
        this.context = sSLContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLContext context() {
        return this.context;
    }

    SSLConfig config() {
        return this.config;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getKeyStoreProvider() {
        return this.keyStoreProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getTrustStoreProvider() {
        return this.trustStoreProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PEMKeyStore getPemKeyStore() {
        return this.pemKeyStore;
    }

    private void createSSLContext() throws NetException {
        try {
            initKeyStore();
            initKeyManagers();
        } catch (Exception e) {
            handleException(e, NetException.UNABLE_TO_INIT_KEY_STORE);
        }
        try {
            initTrustStore();
            initTrustManagers();
        } catch (Exception e2) {
            handleException(e2, NetException.UNABLE_TO_INIT_TRUST_STORE);
        }
        try {
            this.context = SSLContext.getInstance(this.config.getSslContextProtocol());
            this.context.init(this.keyManagers, this.trustManagers, null);
        } catch (Exception e3) {
            handleException(e3, NetException.UNABLE_TO_INIT_SSL_CONTEXT);
        }
    }

    private void handleException(Exception exc, int i) throws NetException {
        if (!(exc instanceof NetException)) {
            throw ((NetException) new NetException(i).initCause(exc));
        }
        throw ((NetException) exc);
    }

    private void initKeyStore() throws Exception {
        if (this.config.getKeyStore() == null) {
            return;
        }
        this.keyStore = createKeyStore(this.config.getKeyStoreType(), this.config.getKeyStore(), this.config.getKeyStorePassword(), false);
        if (isProviderRegistered(this.keyStore)) {
            this.keyStoreProvider = this.keyStore.getProvider().getName();
        }
    }

    private void initKeyManagers() throws Exception {
        if (this.keyStore == null) {
            return;
        }
        char[] chars = this.config.getKeyStorePassword().getChars();
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.config.getKeyManagerFacAlgo());
            keyManagerFactory.init(this.keyStore, chars);
            this.keyManagers = AliasKeyManager.wrapIfNeeded(this.config, keyManagerFactory.getKeyManagers(), this.keyStore);
        } finally {
            CustomSSLSocketFactory.clearPwd(chars);
        }
    }

    private void initTrustStore() throws Exception {
        if (this.config.getTrustStore() == null) {
            return;
        }
        if (this.config.isCaCertsTrusted()) {
            debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "initTrustStore", "Loading Truststore and including CA certificates as well", null, null);
            this.trustStore = CustomSSLSocketFactory.mergeCaCerts(createKeyStore(this.config.getTrustStoreType(), this.config.getTrustStore(), this.config.getTrustStorePassword(), true));
        } else if (!this.config.isKeyStoreTrustStore() || this.keyStore == null) {
            this.trustStore = createKeyStore(this.config.getTrustStoreType(), this.config.getTrustStore(), this.config.getTrustStorePassword(), true);
        } else {
            debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "initTrustStore", "For SSO, PKCS12 and PEM wallets, KeyStore and TrustStore are same. Avoid loading it twice.", null, null);
            this.trustStore = this.keyStore;
        }
        if (isProviderRegistered(this.trustStore)) {
            this.trustStoreProvider = this.trustStore.getProvider().getName();
        }
    }

    private void initTrustManagers() throws Exception {
        if (this.config.isWallet() && this.trustStore != null && !containsTrustCertificate()) {
            debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "initTrustManagers", "Not initializing TrustManagers as the TrustStore does not contain trust certificates.", null, null);
            return;
        }
        if (this.config.getTrustManagerFacAlgo() == null) {
            return;
        }
        char[] chars = this.config.getTrustStorePassword() == null ? null : this.config.getTrustStorePassword().getChars();
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(this.config.getTrustManagerFacAlgo());
            trustManagerFactory.init(this.trustStore);
            this.trustManagers = trustManagerFactory.getTrustManagers();
        } finally {
            CustomSSLSocketFactory.clearPwd(chars);
        }
    }

    private KeyStore createKeyStore(String str, String str2, OpaqueString opaqueString, boolean z) throws Exception {
        KeyStore keyStoreInstance;
        debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "createKeyStore", "Creating Keystore Type = {0}, Path = {1}, isTrustStore = {2}", null, null, str, str2, Boolean.valueOf(z));
        PEMKeyStore pEMKeyStore = null;
        if (SSLConfig.DATA_URI_TYPE.equals(str)) {
            DataURIKeyStore dataURIKeyStore = new DataURIKeyStore(this.config, z);
            keyStoreInstance = dataURIKeyStore.getKeyStore();
            pEMKeyStore = dataURIKeyStore.getPemKeyStore();
        } else {
            keyStoreInstance = CustomSSLSocketFactory.getKeyStoreInstance(str, getDiagnosable());
            if (SSLConfig.PEM_WALLET_TYPE.equals(str)) {
                pEMKeyStore = new PEMKeyStore(this.config, keyStoreInstance, z);
            } else if (SSLConfig.KSS_TYPE.equals(str)) {
                CustomSSLSocketFactory.loadKSSKeyStore(keyStoreInstance, str2, opaqueString);
            } else {
                CustomSSLSocketFactory.loadFileBasedKeyStore(keyStoreInstance, str2, opaqueString);
            }
        }
        if (pEMKeyStore != null && !z) {
            this.pemKeyStore = pEMKeyStore;
        }
        return keyStoreInstance;
    }

    private boolean containsTrustCertificate() throws KeyStoreException {
        Enumeration<String> aliases = this.trustStore.aliases();
        while (aliases.hasMoreElements()) {
            if (this.trustStore.isCertificateEntry(aliases.nextElement())) {
                return true;
            }
        }
        debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "containsTrustCertificate", "TrustManager does not contain trust certificate", null, null);
        return false;
    }

    private boolean isProviderRegistered(KeyStore keyStore) {
        return (keyStore == null || keyStore.getProvider() == null || Security.getProvider(keyStore.getProvider().getName()) == null) ? false : true;
    }

    @Override // oracle.jdbc.diagnostics.Diagnosable
    public Diagnosable getDiagnosable() {
        return (this.config == null || this.config.diagnosable == null) ? CommonDiagnosable.getInstance() : this.config.diagnosable;
    }
}
