package com.javanut.pronghorn.network;

import java.io.InputStream;
import java.security.SecureRandom;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/javanut/pronghorn/network/TLSService.class */
public class TLSService {
    private static final Logger logger = LoggerFactory.getLogger(TLSService.class);
    private final SSLContext context;
    private String[] cipherSuits;
    private final String[] protocols;
    public static final boolean LOG_CYPHERS = false;

    public static TLSService make(InputStream inputStream, String str, InputStream inputStream2, String str2, boolean z) {
        KeyManagerFactory createKeyManagers;
        TrustManagerFactory createTrustManagers;
        if (inputStream != null) {
            try {
                createKeyManagers = TLSCertificateTrust.createKeyManagers(inputStream, str, str2);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } else {
            createKeyManagers = null;
        }
        KeyManagerFactory keyManagerFactory = createKeyManagers;
        if (inputStream2 != null) {
            try {
                createTrustManagers = TLSCertificateTrust.createTrustManagers(inputStream2, str);
            } catch (Exception e2) {
                throw new RuntimeException(e2);
            }
        } else {
            createTrustManagers = null;
        }
        return new TLSService(keyManagerFactory, createTrustManagers, z, null);
    }

    private TLSService(KeyManagerFactory keyManagerFactory, TrustManagerFactory trustManagerFactory, boolean z, SecureRandom secureRandom) {
        try {
            this.protocols = selectSupportedProtocols();
            KeyManager[] keyManagers = keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null;
            TrustManager[] trustManagerArr = null;
            if (z) {
                trustManagerArr = TLSCertificateTrust.trustManagerFactoryTrustAllCerts();
            } else if (trustManagerFactory != null) {
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            this.context = SSLContext.getInstance(this.protocols[0]);
            this.context.init(keyManagers, trustManagerArr, secureRandom);
            createSSLEngineServer();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private String[] selectSupportedProtocols() {
        String[] strArr;
        try {
            strArr = Float.parseFloat(System.getProperty("java.version")) >= 11.0f ? new String[]{"TLSv1.3", "TLSv1.2"} : new String[]{"TLSv1.2"};
        } catch (NumberFormatException e) {
            strArr = new String[]{"TLSv1.2"};
        }
        return strArr;
    }

    public int maxEncryptedContentLength() {
        return 33305;
    }

    public SSLEngine createSSLEngineClient(String str, int i) {
        SSLEngine createSSLEngine = this.context.createSSLEngine(str, i);
        createSSLEngine.setEnabledCipherSuites(filterCipherSuits(createSSLEngine));
        createSSLEngine.setEnabledProtocols(this.protocols);
        return createSSLEngine;
    }

    public SSLEngine createSSLEngineServer() {
        SSLEngine createSSLEngine = this.context.createSSLEngine();
        createSSLEngine.setEnabledCipherSuites(filterCipherSuits(createSSLEngine));
        createSSLEngine.setEnabledProtocols(this.protocols);
        return createSSLEngine;
    }

    private String[] filterCipherSuits(SSLEngine sSLEngine) {
        if (null == this.cipherSuits) {
            String[] supportedCipherSuites = sSLEngine.getSupportedCipherSuites();
            int i = 0;
            int length = supportedCipherSuites.length;
            while (true) {
                length--;
                if (length < 0) {
                    break;
                }
                if (containsPerfectForward(supportedCipherSuites, length) && doesNotContainWeakCipher(supportedCipherSuites, length)) {
                    i++;
                }
            }
            String[] strArr = new String[i];
            int length2 = supportedCipherSuites.length;
            int i2 = 0;
            while (true) {
                length2--;
                if (length2 < 0) {
                    break;
                }
                if (containsPerfectForward(supportedCipherSuites, length2) && doesNotContainWeakCipher(supportedCipherSuites, length2)) {
                    int i3 = i2;
                    i2++;
                    strArr[i3] = supportedCipherSuites[length2];
                }
            }
            this.cipherSuits = strArr;
        }
        return this.cipherSuits;
    }

    private static boolean doesNotContainWeakCipher(String[] strArr, int i) {
        return (strArr[i].contains("DES_") || strArr[i].contains("EXPORT") || strArr[i].contains("NULL")) ? false : true;
    }

    private static boolean containsPerfectForward(String[] strArr, int i) {
        return strArr[i].contains("DHE") || strArr[i].contains("EDH");
    }
}
