package de.saly.es.example.tssl.util;

import java.io.File;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLDecoder;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.crypto.Cipher;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.logging.Loggers;

/* loaded from: input_file:de/saly/es/example/tssl/util/SecurityUtil.class */
public class SecurityUtil {
    private static final ESLogger log = Loggers.getLogger(SecurityUtil.class);
    private static final String[] PREFERRED_SSL_CIPHERS = {"TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"};
    private static final String[] PREFERRED_SSL_PROTOCOLS = {"TLSv1", "TLSv1.1", "TLSv1.2"};
    public static String[] ENABLED_SSL_PROTOCOLS;
    public static String[] ENABLED_SSL_CIPHERS;
    public static boolean UNLIMITED_STRENGTH_SUPPORTED;

    private SecurityUtil() {
    }

    public static File getAbsoluteFilePathFromClassPath(String str) {
        URL resource = SecurityUtil.class.getClassLoader().getResource(str);
        if (resource == null) {
            log.error("Failed to load " + str, new Object[0]);
            return null;
        }
        try {
            File file = new File(URLDecoder.decode(resource.getFile(), "UTF-8"));
            if (file.exists() && file.canRead()) {
                return file;
            }
            log.error("Cannot read from {}, maybe the file does not exists? ", new Object[]{file.getAbsolutePath()});
            return null;
        } catch (UnsupportedEncodingException e) {
            return null;
        }
    }

    public static boolean setSystemPropertyToAbsoluteFilePathFromClassPath(String str, String str2) {
        if (System.getProperty(str) != null) {
            log.warn("Property " + str + " already set to " + System.getProperty(str), new Object[0]);
            return false;
        }
        URL resource = SecurityUtil.class.getClassLoader().getResource(str2);
        if (resource == null) {
            log.error("Failed to load " + str2, new Object[0]);
            return false;
        }
        try {
            File file = new File(URLDecoder.decode(resource.getFile(), "UTF-8"));
            if (!file.exists() || !file.canRead()) {
                log.error("Cannot read from {}, maybe the file does not exists? ", new Object[]{file.getAbsolutePath()});
                return false;
            }
            System.setProperty(str, file.getAbsolutePath());
            log.debug("Load " + str2 + " from {} ", new Object[]{file.getAbsolutePath()});
            return true;
        } catch (UnsupportedEncodingException e) {
            return false;
        }
    }

    public static boolean setSystemPropertyToAbsoluteFile(String str, String str2) {
        if (System.getProperty(str) != null) {
            log.warn("Property " + str + " already set to " + System.getProperty(str), new Object[0]);
            return false;
        }
        if (str2 == null) {
            log.error("Cannot set property " + str + " because filename is null", new Object[0]);
            return false;
        }
        File absoluteFile = new File(str2).getAbsoluteFile();
        if (!absoluteFile.exists() || !absoluteFile.canRead()) {
            log.error("Cannot read from {}, maybe the file does not exists? ", new Object[]{absoluteFile.getAbsolutePath()});
            return false;
        }
        System.setProperty(str, absoluteFile.getAbsolutePath());
        log.debug("Load " + str2 + " from {} ", new Object[]{absoluteFile.getAbsolutePath()});
        return true;
    }

    static {
        ENABLED_SSL_PROTOCOLS = null;
        ENABLED_SSL_CIPHERS = null;
        try {
            int maxAllowedKeyLength = Cipher.getMaxAllowedKeyLength("AES");
            if (maxAllowedKeyLength < 256) {
                log.warn("AES 256 not supported, max key length for AES is " + maxAllowedKeyLength + ". To enable AES 256 install 'Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files'", new Object[0]);
            } else {
                UNLIMITED_STRENGTH_SUPPORTED = true;
            }
        } catch (NoSuchAlgorithmException e) {
            log.error("AES encryption not supported. " + e, new Object[0]);
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, null, null);
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            ArrayList arrayList = new ArrayList(Arrays.asList(createSSLEngine.getSupportedCipherSuites()));
            ArrayList arrayList2 = new ArrayList(Arrays.asList(createSSLEngine.getSupportedProtocols()));
            List asList = Arrays.asList(PREFERRED_SSL_CIPHERS);
            List asList2 = Arrays.asList(PREFERRED_SSL_PROTOCOLS);
            arrayList.retainAll(asList);
            arrayList2.retainAll(asList2);
            if (arrayList.isEmpty()) {
                log.error("No usable SSL/TLS cipher suites found", new Object[0]);
            } else {
                ENABLED_SSL_CIPHERS = (String[]) arrayList.toArray(new String[arrayList.size()]);
            }
            if (arrayList2.isEmpty()) {
                log.error("No usable SSL/TLS protocols found", new Object[0]);
            } else {
                ENABLED_SSL_PROTOCOLS = (String[]) arrayList2.toArray(new String[arrayList2.size()]);
            }
            log.debug("Usable SSL/TLS protocols: {}", new Object[]{arrayList2});
            log.debug("Usable SSL/TLS cipher suites: {}", new Object[]{arrayList});
        } catch (Exception e2) {
            log.error("Error while evaluating supported crypto", e2, new Object[0]);
        }
    }
}
