package com.atlassian.tunnel.utils;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/tunnel/utils/SecureSocketUtils.class */
public final class SecureSocketUtils {
    private static final boolean IS_JAVA_6_SUPPORTED = true;
    private static final boolean isRc4Forced;
    private static final AtomicReference<SecureCipherSuitesAndProtocols> serverSocketConfiguration;
    private static final AtomicReference<SecureCipherSuitesAndProtocols> clientSocketConfiguration;
    private static final Logger log = Logger.getLogger(SecureSocketUtils.class);
    private static boolean disableClientAuth = false;
    private static boolean allowAnonKex = false;

    /* loaded from: input_file:com/atlassian/tunnel/utils/SecureSocketUtils$SecureCipherSuitesAndProtocols.class */
    private static class SecureCipherSuitesAndProtocols {
        private final String[] safeCipherSuites;
        private final String[] safeProtocols;

        private SecureCipherSuitesAndProtocols(String[] strArr, String[] strArr2) {
            ArrayList arrayList = new ArrayList(Arrays.asList(strArr));
            ArrayList arrayList2 = new ArrayList(Arrays.asList(strArr2));
            SecureSocketUtils.removeDangerousCipherSuites(arrayList);
            SecureSocketUtils.matchOldLevel(arrayList);
            SecureSocketUtils.matchIntermediateLevel(arrayList, arrayList2);
            SecureSocketUtils.matchModernLevel(arrayList, arrayList2);
            this.safeCipherSuites = (String[]) arrayList.toArray(new String[arrayList.size()]);
            this.safeProtocols = (String[]) arrayList2.toArray(new String[arrayList2.size()]);
        }

        public String[] getSecureCipherSuites() {
            return this.safeCipherSuites;
        }

        public String[] getSecureProtocols() {
            return this.safeProtocols;
        }
    }

    private SecureSocketUtils() {
    }

    public static void configureSocket(SSLServerSocket sSLServerSocket) {
        if (!disableClientAuth) {
            sSLServerSocket.setNeedClientAuth(true);
        }
        AtomicReference<SecureCipherSuitesAndProtocols> atomicReference = serverSocketConfiguration;
        synchronized (atomicReference) {
            if (atomicReference.get() == null) {
                atomicReference.set(new SecureCipherSuitesAndProtocols(sSLServerSocket.getSupportedCipherSuites(), sSLServerSocket.getSupportedProtocols()));
                log.debug("Server: " + Arrays.toString(atomicReference.get().getSecureCipherSuites()));
            }
        }
        sSLServerSocket.setEnabledCipherSuites(atomicReference.get().getSecureCipherSuites());
        sSLServerSocket.setEnabledProtocols(atomicReference.get().getSecureProtocols());
    }

    public static void configureSocket(SSLSocket sSLSocket) {
        AtomicReference<SecureCipherSuitesAndProtocols> atomicReference = clientSocketConfiguration;
        synchronized (atomicReference) {
            if (atomicReference.get() == null) {
                atomicReference.set(new SecureCipherSuitesAndProtocols(sSLSocket.getSupportedCipherSuites(), sSLSocket.getSupportedProtocols()));
                log.debug("Client: " + Arrays.toString(atomicReference.get().getSecureCipherSuites()));
            }
        }
        sSLSocket.setEnabledCipherSuites(atomicReference.get().getSecureCipherSuites());
        sSLSocket.setEnabledProtocols(atomicReference.get().getSecureProtocols());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void removeDangerousCipherSuites(Collection<String> collection) {
        remove(collection, "_NULL_");
        if (!isRc4Forced) {
            remove(collection, "_RC4_");
        }
        remove(collection, "_EXPORT_");
        remove(collection, "_MD5");
        remove(collection, "_DES_");
        if (!allowAnonKex) {
            remove(collection, "_anon_");
        }
        remove(collection, "_3DES_");
        remove(collection, "_GCM_");
    }

    private static void remove(Collection<String> collection, String str) {
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            if (it.next().contains(str)) {
                removeUnlessLast(collection, it);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void matchOldLevel(ArrayList<String> arrayList) {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void matchIntermediateLevel(Iterable<String> iterable, Collection<String> collection) {
        if (removeUnlessLast(collection, "SSLv3")) {
            Iterator<String> it = iterable.iterator();
            while (it.hasNext()) {
                if (it.next().startsWith("SSL")) {
                    it.remove();
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void matchModernLevel(Collection<String> collection, Collection<String> collection2) {
        collection2.remove("SSLv2Hello");
    }

    private static boolean removeUnlessLast(Collection<String> collection, Iterator<String> it) {
        if (collection.size() <= IS_JAVA_6_SUPPORTED) {
            return false;
        }
        it.remove();
        return true;
    }

    private static boolean removeUnlessLast(Collection<String> collection, String str) {
        if (collection.size() > IS_JAVA_6_SUPPORTED) {
            return collection.remove(str);
        }
        return false;
    }

    public static void disableClientAuth() {
        disableClientAuth = true;
    }

    public static void allowAnonKex() {
        allowAnonKex = true;
    }

    static {
        if (System.getProperty("jdk.tls.ephemeralDHKeySize") == null) {
            System.setProperty("jdk.tls.ephemeralDHKeySize", "matched");
        }
        isRc4Forced = Boolean.getBoolean("tunnel.enable.rc4");
        serverSocketConfiguration = new AtomicReference<>();
        clientSocketConfiguration = new AtomicReference<>();
    }
}
