package com.atlassian.httpclient.apache.httpcomponents;

import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import javax.annotation.Nullable;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import org.apache.http.HttpHost;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
import org.apache.http.nio.reactor.IOSession;
import org.apache.http.nio.reactor.ssl.SSLIOSession;
import org.apache.http.nio.reactor.ssl.SSLMode;
import org.apache.http.nio.reactor.ssl.SSLSetupHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:atlassian-httpclient-plugin-0.21.4.jar:com/atlassian/httpclient/apache/httpcomponents/DHEDisabledSSLSessionStrategy.class */
public class DHEDisabledSSLSessionStrategy extends SSLIOSessionStrategy {
    private static final String DHE_CIPHER_PREFIX = "TLS_DHE";
    private final Iterable<String> hostBlacklist;
    private final SSLContext sslContext;
    private final Logger log;
    private final String[] httpsCipherSuites;
    private final String[] httpsProtocols;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:atlassian-httpclient-plugin-0.21.4.jar:com/atlassian/httpclient/apache/httpcomponents/DHEDisabledSSLSessionStrategy$NonDHESSLSetupHandler.class */
    public final class NonDHESSLSetupHandler implements SSLSetupHandler {
        private final HttpHost host;

        private NonDHESSLSetupHandler(HttpHost httpHost) {
            this.host = httpHost;
        }

        @Override // org.apache.http.nio.reactor.ssl.SSLSetupHandler
        public void initalize(SSLEngine sSLEngine) throws SSLException {
            if (Iterables.contains(DHEDisabledSSLSessionStrategy.this.hostBlacklist, this.host.getHostName())) {
                if (DHEDisabledSSLSessionStrategy.this.log.isDebugEnabled()) {
                    DHEDisabledSSLSessionStrategy.this.log.debug("Disabling dhe for host: " + this.host.getHostName());
                }
                sSLEngine.setEnabledCipherSuites(DHEDisabledSSLSessionStrategy.this.getNonDHECiphers());
            } else {
                if (DHEDisabledSSLSessionStrategy.this.log.isDebugEnabled()) {
                    DHEDisabledSSLSessionStrategy.this.log.debug("Enabling DHE for host: " + this.host.getHostName());
                }
                sSLEngine.setEnabledCipherSuites(DHEDisabledSSLSessionStrategy.this.httpsCipherSuites);
            }
            sSLEngine.setEnabledProtocols(DHEDisabledSSLSessionStrategy.this.httpsProtocols);
            DHEDisabledSSLSessionStrategy.this.initializeEngine(sSLEngine);
        }

        @Override // org.apache.http.nio.reactor.ssl.SSLSetupHandler
        public void verify(IOSession iOSession, SSLSession sSLSession) throws SSLException {
            DHEDisabledSSLSessionStrategy.this.verifySession(this.host, iOSession, sSLSession);
        }
    }

    public DHEDisabledSSLSessionStrategy(SSLContext sSLContext, List<String> list, @Nullable String[] strArr, @Nullable String[] strArr2, X509HostnameVerifier x509HostnameVerifier) {
        super(sSLContext, strArr, strArr2, x509HostnameVerifier);
        this.log = LoggerFactory.getLogger(getClass());
        this.sslContext = (SSLContext) Preconditions.checkNotNull(sSLContext, "SSL context");
        SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
        Preconditions.checkNotNull(x509HostnameVerifier);
        this.hostBlacklist = (Iterable) Preconditions.checkNotNull(list);
        if (strArr != null) {
            this.httpsProtocols = strArr;
        } else {
            this.httpsProtocols = defaultSSLParameters.getProtocols();
        }
        if (strArr2 != null) {
            this.httpsCipherSuites = strArr2;
        } else {
            this.httpsCipherSuites = defaultSSLParameters.getCipherSuites();
        }
    }

    public DHEDisabledSSLSessionStrategy(SSLContext sSLContext) {
        super(sSLContext);
        this.log = LoggerFactory.getLogger(getClass());
        this.sslContext = sSLContext;
        SSLParameters defaultSSLParameters = sSLContext.getDefaultSSLParameters();
        this.hostBlacklist = Lists.newArrayList();
        this.httpsCipherSuites = defaultSSLParameters.getCipherSuites();
        this.httpsProtocols = defaultSSLParameters.getProtocols();
    }

    @Override // org.apache.http.nio.conn.ssl.SSLIOSessionStrategy, org.apache.http.nio.conn.SchemeIOSessionStrategy
    public SSLIOSession upgrade(HttpHost httpHost, IOSession iOSession) throws IOException {
        SSLIOSession sSLIOSession = new SSLIOSession(iOSession, SSLMode.CLIENT, this.sslContext, new NonDHESSLSetupHandler(httpHost));
        iOSession.setAttribute(SSLIOSession.SESSION_KEY, sSLIOSession);
        sSLIOSession.initialize();
        return sSLIOSession;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String[] getNonDHECiphers() {
        return (String[]) Iterables.toArray(Iterables.filter(Arrays.asList(this.httpsCipherSuites), new Predicate<String>() { // from class: com.atlassian.httpclient.apache.httpcomponents.DHEDisabledSSLSessionStrategy.1
            @Override // com.google.common.base.Predicate
            public boolean apply(String str) {
                return !str.startsWith(DHEDisabledSSLSessionStrategy.DHE_CIPHER_PREFIX);
            }
        }), String.class);
    }
}
