package oracle.net.nt;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Level;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import oracle.jdbc.diagnostics.Diagnosable;
import oracle.jdbc.diagnostics.SecurityLabel;
import oracle.jdbc.logging.annotations.Blind;
import oracle.jdbc.logging.annotations.PropertiesBlinder;
import oracle.net.jdbc.nl.NLException;
import oracle.net.jdbc.nl.NVFactory;
import oracle.net.jdbc.nl.NVNavigator;
import oracle.net.jdbc.nl.NVPair;
import oracle.net.ns.SQLnetDef;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:oracle/net/nt/SNIHelper.class */
public class SNIHelper implements Diagnosable {
    private static final String CLASS_NAME = SNIHelper.class.getName();
    private static final Set<String> SNI_PARAMS = new HashSet(Arrays.asList("SERVICE_NAME", "SERVER", "INSTANCE_NAME", "COLOCATION_TAG"));
    private static final Set<String> SNI_DEFAULT_IGNORE_LIST = new HashSet(Arrays.asList("CID", "CONNECTION_ID_PREFIX", "CONNECTION_ID", "POOL_PURITY", "POOL_CONNECTION_CLASS", SQLnetDef.TCP_FAST_OPEN_PARAM_NAME));
    private static final Set<String> SNI_DEFAULT_REDIRECT_IGNORE_LIST = new HashSet();
    private static final Pattern SNI_PATTERN = Pattern.compile("[\\w._-]{11,256}");
    private final Properties socketOptions;
    private final ConnOption connOption;
    private final Diagnosable diagnosable;
    private final String sni;
    private String serviceName;
    private String serverMode;
    private String instance;
    private String colocationTag;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SNIHelper(ConnOption connOption, Diagnosable diagnosable, @Blind(PropertiesBlinder.class) Properties properties) {
        this.connOption = connOption;
        this.diagnosable = diagnosable;
        this.socketOptions = properties;
        this.sni = getSNI(connOption);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getSNI() {
        return this.sni;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void configure(SSLEngine sSLEngine) {
        if (this.sni == null || this.sni.isEmpty()) {
            return;
        }
        try {
            debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "newSSLEngine", "Adding SNI={0}", (String) null, (String) null, this.sni);
            SSLParameters sSLParameters = sSLEngine.getSSLParameters();
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(new SNIHostName(this.sni.getBytes("ASCII")));
            sSLParameters.setServerNames(arrayList);
            sSLEngine.setSSLParameters(sSLParameters);
        } catch (Exception e) {
            debug(Level.INFO, SecurityLabel.UNKNOWN, CLASS_NAME, "configureSNI", "SNI not enabled because of failure {0}", (String) null, (String) null, e.getMessage());
        }
    }

    private String getSNI(ConnOption connOption) {
        if (!isSNIEnabled()) {
            return null;
        }
        if (this.serviceName == null) {
            debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "getSNI", "Disabling SNI as service name not available.", null, null);
            return null;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(format("S", this.serviceName));
        sb.append(format("T", this.serverMode));
        sb.append(format("I", this.instance));
        sb.append(format("C", this.colocationTag));
        if (sb.length() > 0) {
            sb.append("V" + SQLnetDef.MAX_NS_VERSION.length() + ".319");
        }
        String sb2 = sb.toString();
        if (isValidSNI(sb2)) {
            return sb2;
        }
        return null;
    }

    private String format(String str, String str2) {
        if (str2 == null) {
            return "";
        }
        String trim = str2.trim();
        return trim.isEmpty() ? "" : str + trim.length() + "." + trim + ".";
    }

    private boolean isValidSNI(String str) {
        boolean matches = SNI_PATTERN.matcher(str).matches();
        if (!matches) {
            debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "isValidSNI", "Disabling SNI as the generated value {0} is invalid.", (String) null, (String) null, str);
        }
        return matches;
    }

    private boolean isSNIEnabled() {
        String str = (String) this.socketOptions.get(47);
        if (str == null) {
            return false;
        }
        debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "isSNIEnabled", "SNI Config = {0}", (String) null, (String) null, str);
        if (!str.trim().toLowerCase().matches("true|on|yes")) {
            return false;
        }
        if (this.connOption.conn_data == null || this.connOption.conn_data.length() == 0) {
            debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "isSNIEnabled", "Unable to get CONNECT_DATA, disabling SNI", null, null);
            return false;
        }
        String str2 = (String) this.socketOptions.getOrDefault(48, "");
        return parseAndValidateConnectData(this.connOption.conn_data.toString(), this.connOption.redirectedConnection() ? SNI_DEFAULT_REDIRECT_IGNORE_LIST : SNI_DEFAULT_IGNORE_LIST, str2.isEmpty() ? Collections.emptySet() : (Set) Arrays.stream(str2.toUpperCase().split(",")).collect(Collectors.toSet()));
    }

    private boolean parseAndValidateConnectData(String str, Set<String> set, Set<String> set2) {
        NVPair connectDataNVPair = getConnectDataNVPair(str);
        if (connectDataNVPair == null) {
            return false;
        }
        int listSize = connectDataNVPair.getListSize();
        for (int i = 0; i < listSize; i++) {
            NVPair listElement = connectDataNVPair.getListElement(i);
            String upperCase = listElement.getName().toUpperCase();
            if (SNI_PARAMS.contains(upperCase)) {
                initSNIParam(upperCase, listElement.getAtom());
            } else if (!set.contains(upperCase) && !set2.contains(upperCase)) {
                debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "isSNIEnabled", "Disabling SNI as param {0} present under CONNECT_DATA. Skip processing for other params", (String) null, (String) null, upperCase);
                return false;
            }
        }
        return listSize > 0;
    }

    private void initSNIParam(String str, String str2) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1852497085:
                if (str.equals("SERVER")) {
                    z = true;
                    break;
                }
                break;
            case -1588253195:
                if (str.equals("SERVICE_NAME")) {
                    z = false;
                    break;
                }
                break;
            case 1043588700:
                if (str.equals("COLOCATION_TAG")) {
                    z = 3;
                    break;
                }
                break;
            case 1763130357:
                if (str.equals("INSTANCE_NAME")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                this.serviceName = str2;
                return;
            case true:
                this.serverMode = str2.substring(0, 1).toUpperCase();
                return;
            case true:
                this.instance = str2;
                return;
            case true:
                this.colocationTag = str2;
                return;
            default:
                return;
        }
    }

    private NVPair getConnectDataNVPair(String str) {
        try {
            NVPair createNVPair = new NVFactory().createNVPair(str);
            if (createNVPair != null) {
                return createNVPair.getName().equalsIgnoreCase("CONNECT_DATA") ? createNVPair : new NVNavigator().findNVPair(createNVPair, "CONNECT_DATA");
            }
            debug(Level.INFO, SecurityLabel.UNKNOWN, CLASS_NAME, "getConnectDataNVPair", "Invalid Connect Data = {0}", (String) null, (String) null, str);
            return null;
        } catch (NLException e) {
            debug(Level.INFO, SecurityLabel.UNKNOWN, CLASS_NAME, "getConnectDataNVPair", "SNI not enabled because of failure {0}", (String) null, (String) null, e.getMessage());
            return null;
        }
    }

    @Override // oracle.jdbc.diagnostics.Diagnosable
    public Diagnosable getDiagnosable() {
        return this.diagnosable;
    }

    static {
        SNI_DEFAULT_REDIRECT_IGNORE_LIST.addAll(SNI_DEFAULT_IGNORE_LIST);
        SNI_DEFAULT_REDIRECT_IGNORE_LIST.add("USE_DBROUTER");
    }
}
