package com.maconomy.coupling.protocol.security;

import com.google.common.base.Joiner;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.maconomy.api.security.McTrustedCertificateImport;
import com.maconomy.util.MiOpt;
import com.maconomy.util.errorhandling.McAssert;
import com.maconomy.util.typesafe.McTypeSafe;
import com.maconomy.util.typesafe.MiList;
import com.maconomy.util.typesafe.MiSet;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.SSLSocket;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/maconomy/coupling/protocol/security/McSecureSocketUtil.class */
public final class McSecureSocketUtil {
    private static final char PROTOCOL_SEPARATOR = ',';
    private static final Logger logger = LoggerFactory.getLogger(McSecureSocketUtil.class);
    private static final String[] DEFAULT_SECURE_SOCKET_CIPHERS = {"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"};
    private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1.2";
    private static final ImmutableList<String> DEFAULT_CLIENT_ENABLED_PROTOCOLS = ImmutableList.of("TLSv1", "TLSv1.1", DEFAULT_SECURE_SOCKET_PROTOCOL);
    private static final Splitter PROTOCOL_SPLITTER = Splitter.on(',').trimResults().omitEmptyStrings();

    /* loaded from: input_file:com/maconomy/coupling/protocol/security/McSecureSocketUtil$ClientSecureSocketConfigurator.class */
    private enum ClientSecureSocketConfigurator implements McTrustedCertificateImport.SecureSocketConfigurator {
        INSTANCE;

        public void configure(SSLSocket sSLSocket) {
            McSecureSocketUtil.configureClientSecureSocket(sSLSocket);
        }

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static ClientSecureSocketConfigurator[] valuesCustom() {
            ClientSecureSocketConfigurator[] valuesCustom = values();
            int length = valuesCustom.length;
            ClientSecureSocketConfigurator[] clientSecureSocketConfiguratorArr = new ClientSecureSocketConfigurator[length];
            System.arraycopy(valuesCustom, 0, clientSecureSocketConfiguratorArr, 0, length);
            return clientSecureSocketConfiguratorArr;
        }
    }

    private McSecureSocketUtil() {
    }

    public static String getDefaultSecureSocketProtocol() {
        return DEFAULT_SECURE_SOCKET_PROTOCOL;
    }

    public static String[] getSecureSocketProtocol(MiOpt<String> miOpt) {
        return miOpt.isDefined() ? new String[]{(String) miOpt.get()} : new String[]{DEFAULT_SECURE_SOCKET_PROTOCOL};
    }

    public static String[] getSecureSocketCiphers(MiList<String> miList) {
        return miList.isEmpty() ? (String[]) Arrays.copyOf(DEFAULT_SECURE_SOCKET_CIPHERS, DEFAULT_SECURE_SOCKET_CIPHERS.length) : (String[]) miList.toArray(new String[0]);
    }

    public static void configureClientSecureSocket(SSLSocket sSLSocket) {
        if (logger.isDebugEnabled()) {
            logger.debug("Default enabled secure socket protocols: {}", Arrays.asList(sSLSocket.getEnabledProtocols()));
        }
        String[] selectProtocols = selectProtocols(sSLSocket.getSupportedProtocols());
        if (selectProtocols.length == 0) {
            McAssert.assertTrue(false, "None of the enabled SSL/TLS protocol versions are supported by this platform. Enabled: {}. Supported: {}", new Object[]{Arrays.asList(getClientEnabledSecureSocketProtocols()), Arrays.asList(sSLSocket.getSupportedProtocols())});
        }
        sSLSocket.setEnabledProtocols(selectProtocols);
    }

    private static String[] selectProtocols(String[] strArr) {
        if (logger.isDebugEnabled()) {
            logger.debug("Supported secure socket protocols: {}", Arrays.asList(strArr));
        }
        String[] clientEnabledSecureSocketProtocols = getClientEnabledSecureSocketProtocols();
        if (logger.isDebugEnabled()) {
            logger.debug("Client-enabled secure socket protocols: {}", Arrays.asList(clientEnabledSecureSocketProtocols));
        }
        MiSet createHashSet = McTypeSafe.createHashSet(clientEnabledSecureSocketProtocols);
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (createHashSet.containsTS(str)) {
                arrayList.add(str);
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Selected secure socket protocols: {}", arrayList);
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public static String[] getClientEnabledSecureSocketProtocols() {
        String property = System.getProperty("https.protocols");
        return Strings.isNullOrEmpty(property) ? (String[]) Iterables.toArray(DEFAULT_CLIENT_ENABLED_PROTOCOLS, String.class) : (String[]) Iterables.toArray(PROTOCOL_SPLITTER.split(property), String.class);
    }

    public static String getClientEnabledSecureSocketProtocolsAsString() {
        return Joiner.on(',').join(getClientEnabledSecureSocketProtocols());
    }

    public static McTrustedCertificateImport.SecureSocketConfigurator getClientSecureSocketConfigurator() {
        return ClientSecureSocketConfigurator.INSTANCE;
    }
}
