package org.apache.tomcat.util.net.jsse;

import ch.qos.logback.core.net.ssl.SSL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.compat.JreVendor;
import org.apache.tomcat.util.net.Constants;
import org.apache.tomcat.util.net.SSLContext;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLUtilBase;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: input_file:WEB-INF/lib/tomcat-embed-core-8.5.100.jar:org/apache/tomcat/util/net/jsse/JSSEUtil.class */
public class JSSEUtil extends SSLUtilBase {
    private static final Log log = LogFactory.getLog((Class<?>) JSSEUtil.class);
    private static final StringManager sm = StringManager.getManager((Class<?>) JSSEUtil.class);
    private static final Set<String> implementedProtocols;
    private static final Set<String> implementedCiphers;

    public JSSEUtil(SSLHostConfigCertificate sSLHostConfigCertificate) {
        this(sSLHostConfigCertificate, true);
    }

    public JSSEUtil(SSLHostConfigCertificate sSLHostConfigCertificate, boolean z) {
        super(sSLHostConfigCertificate, z);
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    protected Log getLog() {
        return log;
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    protected Set<String> getImplementedProtocols() {
        return implementedProtocols;
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    protected Set<String> getImplementedCiphers() {
        return implementedCiphers;
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    protected boolean isTls13RenegAuthAvailable() {
        return false;
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    public SSLContext createSSLContextInternal(List<String> list) throws NoSuchAlgorithmException {
        return new JSSESSLContext(this.sslHostConfig.getSslProtocol());
    }

    static {
        try {
            JSSESSLContext jSSESSLContext = new JSSESSLContext(Constants.SSL_PROTO_TLS);
            jSSESSLContext.init(null, null, null);
            String[] protocols = jSSESSLContext.getSupportedSSLParameters().getProtocols();
            implementedProtocols = new HashSet(protocols.length);
            for (String str : protocols) {
                String upperCase = str.toUpperCase(Locale.ENGLISH);
                if ("SSLV2HELLO".equals(upperCase) || "SSLV3".equals(upperCase) || !upperCase.contains(SSL.DEFAULT_PROTOCOL)) {
                    implementedProtocols.add(str);
                } else {
                    log.debug(sm.getString("jsseUtil.excludeProtocol", str));
                }
            }
            if (implementedProtocols.size() == 0) {
                log.warn(sm.getString("jsseUtil.noDefaultProtocols"));
            }
            String[] cipherSuites = jSSESSLContext.getSupportedSSLParameters().getCipherSuites();
            if (!JreVendor.IS_IBM_JVM) {
                implementedCiphers = new HashSet(cipherSuites.length);
                implementedCiphers.addAll(Arrays.asList(cipherSuites));
                return;
            }
            implementedCiphers = new HashSet(cipherSuites.length * 2);
            for (String str2 : cipherSuites) {
                implementedCiphers.add(str2);
                if (str2.startsWith(SSL.DEFAULT_PROTOCOL)) {
                    implementedCiphers.add(Constants.SSL_PROTO_TLS + str2.substring(3));
                }
            }
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new IllegalArgumentException(e);
        }
    }
}
