package com.urbancode.commons.util.ssl;

import com.urbancode.commons.util.logging.LogUtil;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import org.apache.log4j.Logger;
import org.apache.logging.log4j.util.ProcessIdUtil;
import org.slf4j.Marker;

/* loaded from: input_file:lib/udclient.jar:com/urbancode/commons/util/ssl/SSLConfiguratorDefaultPolicy.class */
public class SSLConfiguratorDefaultPolicy implements SSLConfiguratorPolicy {
    private static final String SSLv2Hello = "SSLv2Hello";
    public static final String POLICY_PROTO_CONFIG_PROPERTY = "SSLConfiguratorDefaultPolicy.protoconfig";
    public static final String POLICY_CIPHER_CONFIG_PROPERTY = "SSLConfiguratorDefaultPolicy.cipherconfig";
    private String[] allowProtos;
    private String[] denyProtos;
    private String[] allowCiphers;
    private String[] denyCiphers;
    private static final String[] DEFAULT_ALLOW_PROTOS = {"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"};
    private static final String[] DEFAULT_DENY_PROTOS = {"SSLv2", "SSLv3"};
    private static final String[] DEFAULT_ALLOW_CIPHERS = new String[0];
    private static final String[] DEFAULT_DENY_CIPHERS = new String[0];
    private static final Logger log = Logger.getLogger((Class<?>) SSLConfiguratorDefaultPolicy.class);

    public SSLConfiguratorDefaultPolicy() {
        HashSet hashSet = new HashSet();
        Collections.addAll(hashSet, DEFAULT_ALLOW_PROTOS);
        HashSet hashSet2 = new HashSet();
        Collections.addAll(hashSet2, DEFAULT_DENY_PROTOS);
        HashSet hashSet3 = new HashSet();
        Collections.addAll(hashSet3, DEFAULT_ALLOW_CIPHERS);
        HashSet hashSet4 = new HashSet();
        Collections.addAll(hashSet4, DEFAULT_DENY_CIPHERS);
        for (String str : split(System.getProperty(POLICY_PROTO_CONFIG_PROPERTY))) {
            if (str.startsWith(Marker.ANY_NON_NULL_MARKER)) {
                hashSet.add(str.substring(1));
                hashSet2.remove(str.substring(1));
            } else if (str.startsWith(ProcessIdUtil.DEFAULT_PROCESSID)) {
                hashSet2.add(str.substring(1));
                hashSet.remove(str.substring(1));
            } else {
                hashSet.add(str);
            }
        }
        this.allowProtos = (String[]) hashSet.toArray(new String[0]);
        this.denyProtos = (String[]) hashSet2.toArray(new String[0]);
        for (String str2 : split(System.getProperty(POLICY_CIPHER_CONFIG_PROPERTY))) {
            if (str2.startsWith(Marker.ANY_NON_NULL_MARKER)) {
                hashSet3.add(str2.substring(1));
                hashSet4.remove(str2.substring(1));
            } else if (str2.startsWith(ProcessIdUtil.DEFAULT_PROCESSID)) {
                hashSet4.add(str2.substring(1));
                hashSet3.remove(str2.substring(1));
            } else {
                hashSet3.add(str2);
            }
        }
        this.allowCiphers = (String[]) hashSet3.toArray(new String[0]);
        this.denyCiphers = (String[]) hashSet4.toArray(new String[0]);
    }

    @Override // com.urbancode.commons.util.ssl.SSLConfiguratorPolicy
    public String[] enabledProtocols(String[] strArr, boolean z) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.addAll(Arrays.asList(strArr));
        if (this.allowProtos.length > 0) {
            linkedHashSet.retainAll(Arrays.asList(this.allowProtos));
        }
        if (this.denyProtos.length > 0) {
            linkedHashSet.removeAll(Arrays.asList(this.denyProtos));
        }
        if (!z) {
            linkedHashSet.remove(SSLv2Hello);
        }
        return (String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]);
    }

    @Override // com.urbancode.commons.util.ssl.SSLConfiguratorPolicy
    public String[] enabledCipherSuites(String[] strArr) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Collections.addAll(linkedHashSet, strArr);
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        Collections.addAll(linkedHashSet2, strArr);
        linkedHashSet2.retainAll(Arrays.asList(this.allowCiphers));
        Iterator it = linkedHashSet.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (str.contains("_anon_")) {
                it.remove();
                LogUtil.logTrace(log, "default policy would disable anon ciphersuite " + str);
            } else if (str.contains("_EXPORT_") || str.contains("_EXPORT1024_")) {
                it.remove();
                LogUtil.logTrace(log, "default policy would disable EXPORT ciphersuite " + str);
            } else if (str.contains("_NULL_")) {
                it.remove();
                LogUtil.logTrace(log, "default policy would disable NULL ciphersuite " + str);
            } else if (str.contains("_DES_")) {
                it.remove();
                LogUtil.logTrace(log, "default policy would disable DES ciphersuite " + str);
            } else if (str.contains("_3DES_")) {
                it.remove();
                LogUtil.logTrace(log, "default policy would disable 3DES ciphersuite " + str);
            } else if (str.contains("_DH_")) {
                it.remove();
                LogUtil.logTrace(log, "default policy would disable DH (or DHE) ciphersuite " + str);
            } else if (str.contains("_RC4_")) {
                it.remove();
                LogUtil.logTrace(log, "default policy would disable RD4 ciphersuite " + str);
            } else if (str.contains("_MD5")) {
                it.remove();
                LogUtil.logTrace(log, "default policy would disable MD5 ciphersuite " + str);
            }
        }
        linkedHashSet.addAll(linkedHashSet2);
        if (this.denyCiphers.length > 0) {
            linkedHashSet.removeAll(Arrays.asList(this.denyCiphers));
        }
        return (String[]) linkedHashSet.toArray(new String[0]);
    }

    private List<String> split(String str) {
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            for (String str2 : str.split(",")) {
                String trim = str2.trim();
                if (trim.length() > 0) {
                    arrayList.add(trim);
                }
            }
        }
        return arrayList;
    }
}
