package org.apache.tomcat.util.net.jsse;

import ch.qos.logback.core.net.ssl.SSL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.compat.JreVendor;
import org.apache.tomcat.util.net.SSLContext;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLUtilBase;
import org.apache.tomcat.util.res.StringManager;

/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-10.1.33.jar:org/apache/tomcat/util/net/jsse/JSSEUtil.class */
public class JSSEUtil extends SSLUtilBase {
    private static final Log log = LogFactory.getLog((Class<?>) JSSEUtil.class);
    private static final StringManager sm = StringManager.getManager((Class<?>) JSSEUtil.class);
    private volatile boolean initialized;
    private volatile Set<String> implementedProtocols;
    private volatile Set<String> implementedCiphers;

    public JSSEUtil(SSLHostConfigCertificate sSLHostConfigCertificate) {
        this(sSLHostConfigCertificate, true);
    }

    public JSSEUtil(SSLHostConfigCertificate sSLHostConfigCertificate, boolean z) {
        super(sSLHostConfigCertificate, z);
        this.initialized = false;
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    protected Log getLog() {
        return log;
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    protected Set<String> getImplementedProtocols() {
        initialise();
        return this.implementedProtocols;
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    protected Set<String> getImplementedCiphers() {
        initialise();
        return this.implementedCiphers;
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    protected boolean isTls13RenegAuthAvailable() {
        return false;
    }

    @Override // org.apache.tomcat.util.net.SSLUtilBase
    public SSLContext createSSLContextInternal(List<String> list) throws NoSuchAlgorithmException {
        return new JSSESSLContext(this.sslHostConfig.getSslProtocol());
    }

    private void initialise() {
        if (this.initialized) {
            return;
        }
        synchronized (this) {
            if (!this.initialized) {
                try {
                    JSSESSLContext jSSESSLContext = new JSSESSLContext(this.sslHostConfig.getSslProtocol());
                    jSSESSLContext.init(null, null, null);
                    String[] protocols = jSSESSLContext.getSupportedSSLParameters().getProtocols();
                    this.implementedProtocols = new HashSet(protocols.length);
                    for (String str : protocols) {
                        String upperCase = str.toUpperCase(Locale.ENGLISH);
                        if ("SSLV2HELLO".equals(upperCase) || "SSLV3".equals(upperCase) || !upperCase.contains(SSL.DEFAULT_PROTOCOL)) {
                            this.implementedProtocols.add(str);
                        } else {
                            log.debug(sm.getString("jsseUtil.excludeProtocol", str));
                        }
                    }
                    if (this.implementedProtocols.size() == 0) {
                        log.warn(sm.getString("jsseUtil.noDefaultProtocols"));
                    }
                    String[] cipherSuites = jSSESSLContext.getSupportedSSLParameters().getCipherSuites();
                    if (JreVendor.IS_IBM_JVM) {
                        this.implementedCiphers = new HashSet(cipherSuites.length * 2);
                        for (String str2 : cipherSuites) {
                            this.implementedCiphers.add(str2);
                            if (str2.startsWith(SSL.DEFAULT_PROTOCOL)) {
                                this.implementedCiphers.add("TLS" + str2.substring(3));
                            }
                        }
                    } else {
                        this.implementedCiphers = new HashSet(Arrays.asList(cipherSuites));
                    }
                    this.initialized = true;
                } catch (KeyManagementException | NoSuchAlgorithmException e) {
                    throw new IllegalArgumentException(e);
                }
            }
        }
    }
}
