package com.urbancode.commons.util.ssl;

import com.urbancode.commons.util.StringUtil;
import com.urbancode.commons.util.crypto.FIPSHelper;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Locale;
import javax.net.ssl.SSLContext;
import org.apache.log4j.Logger;

/* loaded from: input_file:lib/udclient.jar:com/urbancode/commons/util/ssl/SSLContextProtocolDetector.class */
public class SSLContextProtocolDetector {
    public static final String SSL_CONTEXT_PROTOCOL = "com.urbancode.commons.util.ssl.sslContextProtocol";
    public static final String SSL_CONTEXT_PROTOCOL_ENVVAR = "UC_SSL_CONTEXT_PROTOCOL";
    public static final String SSL_CONTEXT_ENABLED_PROTOCOLS = "com.urbancode.commons.util.ssl.sslContextEnabledProtocols";
    public static final String SSL_CONTEXT_ENABLED_CIPHERS = "com.urbancode.commons.util.ssl.sslContextEnabledCiphers";
    public static final String SSL_CONTEXT_ENABLED_PROTOCOLS_ENVVAR = "UC_SSL_CONTEXT_ENABLED_PROTOCOLS";
    private static final String[] suggestedCipherSuites;
    private static final Logger log = Logger.getLogger((Class<?>) SSLContextProtocolDetector.class);
    private static final String[] sslContextProtocols = {"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"};

    private static final String[] parseProtocolsProperty() {
        String[] strArr = null;
        String configuredSSLContextEnabledProtocols = getConfiguredSSLContextEnabledProtocols();
        if (!StringUtil.isEmpty(configuredSSLContextEnabledProtocols)) {
            strArr = configuredSSLContextEnabledProtocols.split(",+");
        }
        return strArr;
    }

    public static String detectSslContextProtocol() {
        String configuredSSLContextProtocol = getConfiguredSSLContextProtocol();
        if (configuredSSLContextProtocol == null) {
            for (String str : sslContextProtocols) {
                try {
                    SSLContext.getInstance(str);
                    configuredSSLContextProtocol = str;
                    break;
                } catch (NoSuchAlgorithmException e) {
                }
            }
        }
        return configuredSSLContextProtocol;
    }

    public static String[] getSuggestedCipherSuites() {
        return (String[]) suggestedCipherSuites.clone();
    }

    public static String[] getSupportedCipherSuites() {
        LinkedHashSet<String> linkedHashSet = new LinkedHashSet();
        try {
            SSLContext sSLContext = SSLContext.getInstance(detectSslContextProtocol());
            sSLContext.init(null, null, null);
            for (String str : sSLContext.getSocketFactory().getSupportedCipherSuites()) {
                linkedHashSet.add(str.toUpperCase(Locale.US));
            }
            if (FIPSHelper.isIBMJava()) {
                ArrayList arrayList = new ArrayList();
                for (String str2 : linkedHashSet) {
                    if (str2.startsWith("SSL")) {
                        arrayList.add("TLS" + str2.substring(3));
                    }
                }
                linkedHashSet.addAll(arrayList);
            }
            linkedHashSet.retainAll(Arrays.asList(suggestedCipherSuites));
            return (String[]) linkedHashSet.toArray(new String[0]);
        } catch (KeyManagementException e) {
            return (String[]) suggestedCipherSuites.clone();
        } catch (NoSuchAlgorithmException e2) {
            return (String[]) suggestedCipherSuites.clone();
        }
    }

    public static String[] getPossibleSslContextProtocols() {
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, sslContextProtocols);
        String detectSslContextProtocol = detectSslContextProtocol();
        try {
            SSLContext sSLContext = SSLContext.getInstance(detectSslContextProtocol);
            sSLContext.init(null, null, null);
            arrayList.retainAll(Arrays.asList(sSLContext.createSSLEngine().getSupportedProtocols()));
        } catch (KeyManagementException e) {
            log.error("Unable to initialize SSLContext for protocol " + detectSslContextProtocol + ".", e);
        } catch (NoSuchAlgorithmException e2) {
            log.debug(e2, e2);
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    @Deprecated
    public static String[] getSupportedSslContextProtocols() {
        return getSupportedSslContextProtocols(false);
    }

    public static String[] getSupportedSslContextProtocols(boolean z) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        String[] strArr = sslContextProtocols;
        String[] parseProtocolsProperty = parseProtocolsProperty();
        if (parseProtocolsProperty != null) {
            strArr = parseProtocolsProperty;
        }
        boolean z2 = false;
        for (String str : strArr) {
            try {
                SSLContext sSLContext = SSLContext.getInstance(str);
                linkedHashSet.add(str);
                if (!z2 && !z) {
                    sSLContext.init(null, null, null);
                    if (Arrays.asList(sSLContext.createSSLEngine().getSupportedProtocols()).contains("SSLv2Hello")) {
                        linkedHashSet.add("SSLv2Hello");
                        z2 = true;
                    }
                }
            } catch (KeyManagementException e) {
                if (log.isDebugEnabled()) {
                    log.debug("Unable to initialize SSLContext for protocol " + str + ".", e);
                }
            } catch (NoSuchAlgorithmException e2) {
                if (log.isDebugEnabled()) {
                    log.debug("No such algorithm: " + str);
                }
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("getSupportedSslContextProtocols result: " + linkedHashSet);
        }
        return (String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]);
    }

    private static String getConfiguredSSLContextProtocol() {
        String trimToNull = StringUtil.trimToNull(System.getProperty(SSL_CONTEXT_PROTOCOL));
        if (trimToNull == null) {
            trimToNull = StringUtil.trimToNull(System.getenv(SSL_CONTEXT_PROTOCOL_ENVVAR));
        }
        return trimToNull;
    }

    private static String getConfiguredSSLContextEnabledProtocols() {
        String trimToNull = StringUtil.trimToNull(System.getProperty(SSL_CONTEXT_ENABLED_PROTOCOLS));
        if (trimToNull == null) {
            trimToNull = StringUtil.trimToNull(System.getenv(SSL_CONTEXT_ENABLED_PROTOCOLS_ENVVAR));
        }
        return trimToNull;
    }

    private static String substringBefore(String str, String str2) {
        if (StringUtil.isEmpty(str) || str2 == null) {
            return str;
        }
        if (str2.length() == 0) {
            return "";
        }
        int indexOf = str.indexOf(str2);
        return indexOf == -1 ? str : str.substring(0, indexOf);
    }

    private SSLContextProtocolDetector() {
    }

    static {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        InputStream resourceAsStream = SSLContextProtocolDetector.class.getResourceAsStream("suggestedciphersuites.txt");
        if (resourceAsStream == null) {
            throw new RuntimeException("Could not find resource suggestedciphersuites.txt");
        }
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(resourceAsStream, "UTF-8"));
            for (String str = ""; str != null; str = bufferedReader.readLine()) {
                String trim = substringBefore(str, "#").trim();
                if (!StringUtil.isEmpty(trim)) {
                    linkedHashSet.add("TLS_" + trim.toUpperCase(Locale.US));
                    linkedHashSet.add("SSL_" + trim.toUpperCase(Locale.US));
                }
            }
            bufferedReader.close();
            resourceAsStream.close();
            String property = System.getProperty(SSL_CONTEXT_ENABLED_CIPHERS);
            if (property != null) {
                for (String str2 : property.split("\\W")) {
                    String trim2 = str2.trim();
                    if (trim2.length() > 0) {
                        linkedHashSet.add("TLS_" + trim2.toUpperCase(Locale.US));
                        linkedHashSet.add("SSL_" + trim2.toUpperCase(Locale.US));
                    }
                }
            }
            suggestedCipherSuites = (String[]) linkedHashSet.toArray(new String[0]);
        } catch (UnsupportedEncodingException e) {
            throw new AssertionError(e);
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }
}
