package eu.cec.digit.ecas.util.httpclient.protocol;

import eu.cec.digit.ecas.util.JavaVersion;
import java.lang.reflect.Field;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.crypto.Cipher;

/* loaded from: input_file:eu/cec/digit/ecas/util/httpclient/protocol/TlsStrengthener.class */
public final class TlsStrengthener {
    private static final Set<String> ALLOWED_CIPHER_SUITES;
    private static final Set<String> ALLOWED_SECURE_PROTOCOLS;

    public static Set<String> getAllowedCipherSuites() {
        return ALLOWED_CIPHER_SUITES;
    }

    public static Set<String> getAllowedProtocols() {
        return ALLOWED_SECURE_PROTOCOLS;
    }

    public static Set<String> getCommonEnabledCipherSuites(String[] strArr) {
        return retainCommonValues(strArr, ALLOWED_CIPHER_SUITES);
    }

    public static Set<String> getCommonEnabledProtocols(String[] strArr) {
        return retainCommonValues(strArr, ALLOWED_SECURE_PROTOCOLS);
    }

    public static Set<String> getPreferredEnabledCipherSuites(String[] strArr) {
        return orderByPreference(strArr, ALLOWED_CIPHER_SUITES);
    }

    private static Set<String> orderByPreference(String[] strArr, Set<String> set) {
        LinkedHashSet linkedHashSet = new LinkedHashSet(set);
        LinkedHashSet linkedHashSet2 = new LinkedHashSet(strArr.length);
        for (String str : strArr) {
            linkedHashSet2.add(str);
        }
        Iterator it = linkedHashSet.iterator();
        while (it.hasNext()) {
            if (!linkedHashSet2.contains((String) it.next())) {
                it.remove();
            }
        }
        linkedHashSet.addAll(linkedHashSet2);
        return linkedHashSet;
    }

    private static Set<String> retainCommonValues(String[] strArr, Set<String> set) {
        LinkedHashSet linkedHashSet = new LinkedHashSet(set);
        linkedHashSet.retainAll(Arrays.asList(strArr));
        return Collections.unmodifiableSet(linkedHashSet);
    }

    private TlsStrengthener() {
    }

    static {
        final boolean isJava7OrBetter = JavaVersion.isJava7OrBetter();
        boolean isJava8OrBetter = JavaVersion.isJava8OrBetter();
        try {
            AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: eu.cec.digit.ecas.util.httpclient.protocol.TlsStrengthener.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Void run() {
                    if (isJava7OrBetter) {
                        try {
                            Class<?> cls = Class.forName("javax.crypto.JceSecurity", true, Cipher.class.getClassLoader());
                            Field declaredField = cls.getDeclaredField("isRestricted");
                            declaredField.setAccessible(true);
                            declaredField.set(cls, Boolean.FALSE);
                        } catch (ClassNotFoundException e) {
                        } catch (Exception e2) {
                            System.out.println("TlsStrengthener: Unable to activate the Java Cryptography Extension (JCE) Unlimited Strength 7 - You must install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files into your JRE!");
                            e2.printStackTrace();
                        }
                    } else {
                        try {
                            Class<?> cls2 = Class.forName("javax.crypto.SunJCE_b", true, Cipher.class.getClassLoader());
                            Field declaredField2 = cls2.getDeclaredField("g");
                            declaredField2.setAccessible(true);
                            declaredField2.set(cls2, Boolean.FALSE);
                        } catch (ClassNotFoundException e3) {
                        } catch (Exception e4) {
                            System.out.println("TlsStrengthener: Unable to activate the Java Cryptography Extension (JCE) Unlimited Strength 6 - You must install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files into your JRE!");
                            e4.printStackTrace();
                        }
                    }
                    System.setProperty("com.sun.net.ssl.rsaPreMasterSecretFix", "true");
                    System.setProperty("sun.security.ssl.allowLegacyHelloMessages", "true");
                    System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "false");
                    boolean isJava8OrBetter2 = JavaVersion.isJava8OrBetter();
                    if (isJava8OrBetter2) {
                        System.setProperty("jdk.tls.ephemeralDHKeySize", "2048");
                    }
                    if (isJava8OrBetter2) {
                        System.setProperty("https.protocols", "TLSv1.2,TLSv1.1,TLSv1");
                        System.setProperty("jdk.tls.client.protocols", "TLSv1.2,TLSv1.1,TLSv1");
                    } else {
                        System.setProperty("https.protocols", "TLSv1");
                    }
                    if (!isJava8OrBetter2) {
                        return null;
                    }
                    System.setProperty("jdk.tls.rejectClientInitiatedRenegotiation", "true");
                    return null;
                }
            });
        } catch (SecurityException e) {
        }
        String str = null;
        if (isJava8OrBetter) {
            try {
                str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: eu.cec.digit.ecas.util.httpclient.protocol.TlsStrengthener.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public String run() {
                        return System.getProperty("jdk.tls.ephemeralDHKeySize");
                    }
                });
            } catch (SecurityException e2) {
            }
        }
        boolean equals = "2048".equals(str);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (isJava8OrBetter) {
            linkedHashSet.add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384");
            linkedHashSet.add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
        }
        if (equals) {
            linkedHashSet.add("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384");
        }
        if (isJava8OrBetter) {
            linkedHashSet.add("TLS_RSA_WITH_AES_256_GCM_SHA384");
        }
        if (isJava8OrBetter) {
            linkedHashSet.add("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
            linkedHashSet.add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
        }
        if (equals) {
            linkedHashSet.add("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256");
        }
        if (isJava8OrBetter) {
            linkedHashSet.add("TLS_RSA_WITH_AES_128_GCM_SHA256");
        }
        if (isJava7OrBetter) {
            linkedHashSet.add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384");
            linkedHashSet.add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384");
        }
        if (equals) {
            linkedHashSet.add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256");
        }
        if (isJava7OrBetter) {
            linkedHashSet.add("TLS_RSA_WITH_AES_256_CBC_SHA256");
        }
        linkedHashSet.add("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
        linkedHashSet.add("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
        if (equals) {
            linkedHashSet.add("TLS_DHE_RSA_WITH_AES_256_CBC_SHA");
        }
        linkedHashSet.add("TLS_RSA_WITH_AES_256_CBC_SHA");
        if (isJava7OrBetter) {
            linkedHashSet.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256");
            linkedHashSet.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256");
        }
        if (equals) {
            linkedHashSet.add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256");
        }
        if (isJava7OrBetter) {
            linkedHashSet.add("TLS_RSA_WITH_AES_128_CBC_SHA256");
        }
        linkedHashSet.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
        linkedHashSet.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
        if (equals) {
            linkedHashSet.add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
        }
        linkedHashSet.add("TLS_RSA_WITH_AES_128_CBC_SHA");
        if (JavaVersion.isJava7OrBetter() || (JavaVersion.isJava6() && JavaVersion.isGreaterThanOrEqualTo("1.6.0_22")) || ((JavaVersion.isJava5() && JavaVersion.isGreaterThanOrEqualTo("1.5.0_26")) || (JavaVersion.isJava4() && JavaVersion.isGreaterThanOrEqualTo("1.4.2_28")))) {
            linkedHashSet.add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV");
        }
        linkedHashSet.add("TLS_FALLBACK_SCSV");
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        linkedHashSet2.add("TLSv1.2");
        linkedHashSet2.add("TLSv1.1");
        linkedHashSet2.add("TLSv1");
        ALLOWED_CIPHER_SUITES = Collections.unmodifiableSet(linkedHashSet);
        ALLOWED_SECURE_PROTOCOLS = Collections.unmodifiableSet(linkedHashSet2);
    }
}
