package oracle.net.nt;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Level;
import javax.net.ssl.SSLEngine;
import oracle.jdbc.OracleConnection;
import oracle.jdbc.diagnostics.Diagnosable;
import oracle.jdbc.diagnostics.SecurityLabel;
import oracle.net.ns.NetException;

/* loaded from: input_file:oracle/net/nt/TcpsConfigure.class */
public class TcpsConfigure {
    private static final String CLASS_NAME = TcpsConfigure.class.getName();
    private static final HashSet<String> UNSUPPORTED_PROTOCOLS_SET = new HashSet<>();
    private static final Map<String, String[]> CONFIG_VALUE_MAP;

    private TcpsConfigure() {
    }

    public static void configure(SSLEngine sSLEngine, Properties properties, Diagnosable diagnosable) throws NetException {
        String[] tLSVersions = getTLSVersions(properties, sSLEngine, diagnosable);
        String[] cipherSuites = getCipherSuites(properties, diagnosable);
        if (tLSVersions != null) {
            diagnosable.debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "configure", "Configuring SSL Versions = {0}", (String) null, (String) null, Arrays.toString(tLSVersions));
            try {
                sSLEngine.setEnabledProtocols(tLSVersions);
            } catch (IllegalArgumentException e) {
                throw ((NetException) new NetException(NetException.UNSUPPORTED_SSL_PROTOCOL).initCause(e));
            }
        }
        if (cipherSuites != null) {
            diagnosable.debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "configure", "Configuring SSL CipherSuites = {0}", (String) null, (String) null, Arrays.toString(cipherSuites));
            try {
                sSLEngine.setEnabledCipherSuites(cipherSuites);
            } catch (IllegalArgumentException e2) {
                throw ((NetException) new NetException(NetException.UNSUPPORTED_SSL_CIPHER_SUITE).initCause(e2));
            }
        }
    }

    private static String[] getCipherSuites(Properties properties, Diagnosable diagnosable) throws NetException {
        String str = (String) properties.getOrDefault(7, OracleConnection.CONNECTION_PROPERTY_THIN_SSL_CIPHER_SUITES_DEFAULT);
        if (str == null) {
            diagnosable.debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "getCipherSuites", "No SSL CipherSuites configured", null, null);
            return null;
        }
        String trim = str.trim();
        if (trim.startsWith("(") && trim.endsWith(")")) {
            trim = trim.substring(1, trim.length() - 1);
        }
        return trim.split("\\s*,\\s*");
    }

    private static String[] getTLSVersions(Properties properties, SSLEngine sSLEngine, Diagnosable diagnosable) throws NetException {
        String str = (String) properties.getOrDefault(6, OracleConnection.CONNECTION_PROPERTY_THIN_SSL_VERSION_DEFAULT);
        if (str == null) {
            diagnosable.debug(Level.FINEST, SecurityLabel.UNKNOWN, CLASS_NAME, "getTLSVersions", "No TLS versions configured. Using the default supported versions.", null, null);
            ArrayList arrayList = new ArrayList();
            String[] supportedProtocols = sSLEngine.getSupportedProtocols();
            if (supportedProtocols == null) {
                return null;
            }
            for (String str2 : supportedProtocols) {
                if (!UNSUPPORTED_PROTOCOLS_SET.contains(str2)) {
                    arrayList.add(str2);
                }
            }
            return (String[]) arrayList.toArray(new String[0]);
        }
        String trim = str.trim();
        diagnosable.debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "getTLSVersions", "TLS Version = {0}", (String) null, (String) null, trim);
        if (trim.startsWith("{") && trim.endsWith("}")) {
            diagnosable.debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "getTLSVersions", "TLS Version config value in new format.", null, null);
            return trim.substring(1, trim.length() - 1).split("\\s*,\\s*");
        }
        if (trim.startsWith("(") && trim.endsWith(")")) {
            diagnosable.debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "getTLSVersions", "TLS Version config value in primitive format.", null, null);
            trim = trim.substring(1, trim.length() - 1);
        }
        if (!CONFIG_VALUE_MAP.containsKey(trim)) {
            throw new NetException(NetException.INVALID_SSL_VERSION);
        }
        String[] strArr = CONFIG_VALUE_MAP.get(trim);
        if (strArr.length == 0) {
            return null;
        }
        return strArr;
    }

    static {
        UNSUPPORTED_PROTOCOLS_SET.add("SSLv3");
        UNSUPPORTED_PROTOCOLS_SET.add("SSLv2Hello");
        CONFIG_VALUE_MAP = new HashMap();
        CONFIG_VALUE_MAP.put("1.2", new String[]{"TLSv1.2"});
        CONFIG_VALUE_MAP.put("1.3", new String[]{"TLSv1.3"});
        CONFIG_VALUE_MAP.put("1.2 or 1.3", new String[]{"TLSv1.2", "TLSv1.3"});
        CONFIG_VALUE_MAP.put("1.3 or 1.2", new String[]{"TLSv1.3", "TLSv1.2"});
        CONFIG_VALUE_MAP.put("0", new String[0]);
        CONFIG_VALUE_MAP.put("undetermined", new String[0]);
    }
}
