package com.ibm.rational.test.lt.models.wscore.datamodel.security.util.ssl;

import com.ibm.rational.test.lt.models.ws.LoggingUtil;
import com.ibm.rational.test.lt.models.ws.ModelConfiguration;
import com.ibm.rational.test.lt.models.wscore.datamodel.security.util.AppScanSSLCipher;
import com.ibm.rational.test.lt.models.wscore.datamodel.security.util.KeyStoreUtil;
import com.ibm.rational.test.lt.models.wscore.datamodel.security.xmlsec.util.SecurityKeyUtil;
import com.ibm.rational.test.lt.models.wscore.datamodel.util.JreVendorUtil;
import java.security.Signature;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import org.apache.ws.commons.schema.constants.Constants;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;

/* loaded from: input_file:coremdl.jar:com/ibm/rational/test/lt/models/wscore/datamodel/security/util/ssl/FIPSContextUtil.class */
public class FIPSContextUtil {
    private static final String SSL_FOR_NON_FIPS_APPSCAN = "SSL_TLSv2";
    private static final String SSL_FOR_NON_FIPS = "SSL_TLSv2";
    private static final String SSL_FOR_FIPS = "SSL_TLS";
    private static final String SSL_FOR_NIPS = "TLSv1.2";
    private static final String ORACLE_SSL_FOR_NON_FIPS_APPSCAN = "TLSv1.2";
    private static final String ORACLE_SSL_FOR_NON_FIPS = "TLSv1.2";
    private static final String ORACLE_SSL_FOR_FIPS = "TLSv1.2";
    private static final String ORACLE_SSL_FOR_NIPS = "TLSv1.2";
    public static final String IBMJSSE2 = "IBMJSSE2";
    public static final String IBMJCEFIPS = "IBMJCEFIPS";
    public static final String FIPS = "FIPS";
    public static final String allTheValuesNonExtended = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_ECDHE_ECDSA_WITH_RC4_128_SHA,SSL_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,SSL_ECDH_ECDSA_WITH_RC4_128_SHA,SSL_ECDH_RSA_WITH_RC4_128_SHA,SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_AES_128_GCM_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256,SSL_DHE_RSA_WITH_AES_128_GCM_SHA256,SSL_DHE_DSS_WITH_AES_128_GCM_SHA256,SSL_DH_anon_WITH_AES_128_CBC_SHA256,SSL_ECDH_anon_WITH_AES_128_CBC_SHA,SSL_DH_anon_WITH_AES_128_CBC_SHA,SSL_ECDH_anon_WITH_RC4_128_SHA,SSL_DH_anon_WITH_RC4_128_MD5,SSL_ECDH_anon_WITH_3DES_EDE_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_NULL_SHA256,SSL_ECDHE_ECDSA_WITH_NULL_SHA,SSL_ECDHE_RSA_WITH_NULL_SHA,SSL_RSA_WITH_NULL_SHA,SSL_ECDH_ECDSA_WITH_NULL_SHA,SSL_ECDH_RSA_WITH_NULL_SHA,SSL_ECDH_anon_WITH_NULL_SHA,SSL_RSA_WITH_NULL_MD5,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DH_anon_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_RC4_128_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,SSL_KRB5_WITH_RC4_128_SHA,SSL_KRB5_WITH_RC4_128_MD5,SSL_KRB5_WITH_3DES_EDE_CBC_SHA,SSL_KRB5_WITH_3DES_EDE_CBC_MD5,SSL_KRB5_WITH_DES_CBC_SHA,SSL_KRB5_WITH_DES_CBC_MD5,SSL_KRB5_EXPORT_WITH_RC4_40_SHA,SSL_KRB5_EXPORT_WITH_RC4_40_MD5,SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA,SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5";
    public static final String allTheValues = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV,SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384,SSL_RSA_WITH_AES_256_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384,SSL_DHE_RSA_WITH_AES_256_CBC_SHA256,SSL_DHE_DSS_WITH_AES_256_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA,SSL_ECDH_RSA_WITH_AES_256_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_DHE_DSS_WITH_AES_256_CBC_SHA,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_ECDHE_ECDSA_WITH_RC4_128_SHA,SSL_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,SSL_ECDH_ECDSA_WITH_RC4_128_SHA,SSL_ECDH_RSA_WITH_RC4_128_SHA,SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,SSL_RSA_WITH_AES_256_GCM_SHA384,SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384,SSL_DHE_DSS_WITH_AES_256_GCM_SHA384,SSL_DHE_RSA_WITH_AES_256_GCM_SHA384,SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_AES_128_GCM_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256,SSL_DHE_RSA_WITH_AES_128_GCM_SHA256,SSL_DHE_DSS_WITH_AES_128_GCM_SHA256,SSL_DH_anon_WITH_AES_256_CBC_SHA256,SSL_ECDH_anon_WITH_AES_256_CBC_SHA,SSL_DH_anon_WITH_AES_256_CBC_SHA,SSL_DH_anon_WITH_AES_256_GCM_SHA384,SSL_DH_anon_WITH_AES_128_GCM_SHA256,SSL_DH_anon_WITH_AES_128_CBC_SHA256,SSL_ECDH_anon_WITH_AES_128_CBC_SHA,SSL_DH_anon_WITH_AES_128_CBC_SHA,SSL_ECDH_anon_WITH_RC4_128_SHA,SSL_DH_anon_WITH_RC4_128_MD5,SSL_ECDH_anon_WITH_3DES_EDE_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_NULL_SHA256,SSL_ECDHE_ECDSA_WITH_NULL_SHA,SSL_ECDHE_RSA_WITH_NULL_SHA,SSL_RSA_WITH_NULL_SHA,SSL_ECDH_ECDSA_WITH_NULL_SHA,SSL_ECDH_RSA_WITH_NULL_SHA,SSL_ECDH_anon_WITH_NULL_SHA,SSL_RSA_WITH_NULL_MD5,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DH_anon_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_RC4_128_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,SSL_KRB5_WITH_RC4_128_SHA,SSL_KRB5_WITH_RC4_128_MD5,SSL_KRB5_WITH_3DES_EDE_CBC_SHA,SSL_KRB5_WITH_3DES_EDE_CBC_MD5,SSL_KRB5_WITH_DES_CBC_SHA,SSL_KRB5_WITH_DES_CBC_MD5,SSL_KRB5_EXPORT_WITH_RC4_40_SHA,SSL_KRB5_EXPORT_WITH_RC4_40_MD5,SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA,SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5";
    public static String algorithm_ALL_fips_extended = "SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
    public static String algorithm_ALL_fips = "SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
    public static String algorithm_ALL_nips_extended = "TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
    public static String algorithm_ALL_nips = "TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
    public static String algorithm_ALL_SuiteB_extended = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
    public static String algorithm_ALL_SuiteB_192 = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
    public static String algorithm_ALL_SuiteB = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";

    public static final String getSSLAlgoritmForNonFipsMode() {
        if (ModelConfiguration.getInstance().isAppScanMode()) {
            return ModelConfiguration.getInstance().getSSLProtocolForAppScan();
        }
        return System.getProperty("com.ibm.rational.test.lt.soa.ssl.protocols", JreVendorUtil.isIBMJre() ? "SSL_TLSv2" : "TLSv1.2");
    }

    public static final String getSSLAlgorithmForFIPSMode() {
        if (ModelConfiguration.getInstance().isAppScanMode()) {
            return ModelConfiguration.getInstance().getSSLProtocolForAppScan();
        }
        return System.getProperty("com.ibm.rational.test.lt.soa.ssl.fips.protocols", JreVendorUtil.isIBMJre() ? SSL_FOR_FIPS : "TLSv1.2");
    }

    public static final String getSSLAlgorithmForNIPSMode() {
        return System.getProperty("com.ibm.rational.test.lt.soa.ssl.nips.protocols", JreVendorUtil.isIBMJre() ? "TLSv1.2" : "TLSv1.2");
    }

    public static void logFipsIssue() {
        LoggingUtil.INSTANCE.error(KeyStoreUtil.class, new UnsupportedOperationException(FIPS));
    }

    public static void testCipher(String str) {
        try {
            if (IBMJCEFIPS.equals(Cipher.getInstance(str).getProvider().getName())) {
                return;
            }
            logFipsIssue();
        } catch (Throwable th) {
            LoggingUtil.INSTANCE.error(KeyStoreUtil.class, th);
        }
    }

    public static void testSignature(String str) {
        try {
            if (IBMJCEFIPS.equals(Signature.getInstance(str).getProvider().getName())) {
                return;
            }
            logFipsIssue();
        } catch (Throwable th) {
            LoggingUtil.INSTANCE.error(KeyStoreUtil.class, th);
        }
    }

    public static void testMac(String str) {
        try {
            if (IBMJCEFIPS.equals(Mac.getInstance(str).getProvider().getName())) {
                return;
            }
            logFipsIssue();
        } catch (Throwable th) {
            LoggingUtil.INSTANCE.error(KeyStoreUtil.class, th);
        }
    }

    public static void logFips() {
        if (isFips()) {
            testCipher("RSA/ /PKCS1Padding");
            testCipher("DESede/CBC/ISO10126Padding");
            testCipher("AES/CBC/ISO10126Padding");
            testSignature("SHA1withRSA");
            testSignature("SHA1withDSA");
            testMac("HmacSHA1");
        }
    }

    public static boolean isFips() {
        return System.getProperty("com.ibm.jsse2.usefipsprovider", "false").equals("true") || isSp800_131() || isSuiteB();
    }

    public static boolean isSuiteB(int i) {
        return System.getProperty("com.ibm.jsse2.suiteB", "false").equals(String.valueOf(i));
    }

    public static boolean isSuiteB() {
        return System.getProperty("com.ibm.jsse2.suiteB", "false").equals("128") || System.getProperty("com.ibm.jsse2.suiteB", "false").equals("192");
    }

    public static boolean isSp800_131() {
        return System.getProperty("com.ibm.jsse2.sp800-131", CustomBooleanEditor.VALUE_OFF).equals(Constants.BlockConstants.STRICT);
    }

    public static void setupJavaSSLPropertiesIfFips() {
        if (ModelConfiguration.getInstance().isAppScanMode() && AppScanSSLCipher.isCipherConfigured()) {
            String extractProperty = AppScanSSLCipher.extractProperty();
            System.setProperty(KeyStoreUtil.ssl_property_1, extractProperty);
            System.setProperty(KeyStoreUtil.ssl_property_2, extractProperty);
            return;
        }
        if (isSuiteB()) {
            if (!SecurityKeyUtil.areExtendedLibrariesInstalled()) {
                System.setProperty(KeyStoreUtil.ssl_property_1, algorithm_ALL_SuiteB);
                System.setProperty(KeyStoreUtil.ssl_property_2, algorithm_ALL_SuiteB);
                return;
            } else if (isSuiteB(192)) {
                System.setProperty(KeyStoreUtil.ssl_property_1, algorithm_ALL_SuiteB_192);
                System.setProperty(KeyStoreUtil.ssl_property_2, algorithm_ALL_SuiteB_192);
                return;
            } else {
                System.setProperty(KeyStoreUtil.ssl_property_1, algorithm_ALL_SuiteB_extended);
                System.setProperty(KeyStoreUtil.ssl_property_2, algorithm_ALL_SuiteB_extended);
                return;
            }
        }
        if (isSp800_131()) {
            if (SecurityKeyUtil.areExtendedLibrariesInstalled()) {
                System.setProperty(KeyStoreUtil.ssl_property_1, algorithm_ALL_nips_extended);
                System.setProperty(KeyStoreUtil.ssl_property_2, algorithm_ALL_nips_extended);
                return;
            } else {
                System.setProperty(KeyStoreUtil.ssl_property_1, algorithm_ALL_nips);
                System.setProperty(KeyStoreUtil.ssl_property_2, algorithm_ALL_nips);
                return;
            }
        }
        if (isFips()) {
            if (SecurityKeyUtil.areExtendedLibrariesInstalled()) {
                System.setProperty(KeyStoreUtil.ssl_property_1, algorithm_ALL_fips_extended);
                System.setProperty(KeyStoreUtil.ssl_property_2, algorithm_ALL_fips_extended);
                return;
            } else {
                System.setProperty(KeyStoreUtil.ssl_property_1, algorithm_ALL_fips);
                System.setProperty(KeyStoreUtil.ssl_property_2, algorithm_ALL_fips);
                return;
            }
        }
        if (ModelConfiguration.getInstance().isAppScanMode()) {
            if (SecurityKeyUtil.areExtendedLibrariesInstalled()) {
                System.setProperty(KeyStoreUtil.ssl_property_1, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV,SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384,SSL_RSA_WITH_AES_256_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384,SSL_DHE_RSA_WITH_AES_256_CBC_SHA256,SSL_DHE_DSS_WITH_AES_256_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA,SSL_ECDH_RSA_WITH_AES_256_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_DHE_DSS_WITH_AES_256_CBC_SHA,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_ECDHE_ECDSA_WITH_RC4_128_SHA,SSL_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,SSL_ECDH_ECDSA_WITH_RC4_128_SHA,SSL_ECDH_RSA_WITH_RC4_128_SHA,SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,SSL_RSA_WITH_AES_256_GCM_SHA384,SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384,SSL_DHE_DSS_WITH_AES_256_GCM_SHA384,SSL_DHE_RSA_WITH_AES_256_GCM_SHA384,SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_AES_128_GCM_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256,SSL_DHE_RSA_WITH_AES_128_GCM_SHA256,SSL_DHE_DSS_WITH_AES_128_GCM_SHA256,SSL_DH_anon_WITH_AES_256_CBC_SHA256,SSL_ECDH_anon_WITH_AES_256_CBC_SHA,SSL_DH_anon_WITH_AES_256_CBC_SHA,SSL_DH_anon_WITH_AES_256_GCM_SHA384,SSL_DH_anon_WITH_AES_128_GCM_SHA256,SSL_DH_anon_WITH_AES_128_CBC_SHA256,SSL_ECDH_anon_WITH_AES_128_CBC_SHA,SSL_DH_anon_WITH_AES_128_CBC_SHA,SSL_ECDH_anon_WITH_RC4_128_SHA,SSL_DH_anon_WITH_RC4_128_MD5,SSL_ECDH_anon_WITH_3DES_EDE_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_NULL_SHA256,SSL_ECDHE_ECDSA_WITH_NULL_SHA,SSL_ECDHE_RSA_WITH_NULL_SHA,SSL_RSA_WITH_NULL_SHA,SSL_ECDH_ECDSA_WITH_NULL_SHA,SSL_ECDH_RSA_WITH_NULL_SHA,SSL_ECDH_anon_WITH_NULL_SHA,SSL_RSA_WITH_NULL_MD5,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DH_anon_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_RC4_128_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,SSL_KRB5_WITH_RC4_128_SHA,SSL_KRB5_WITH_RC4_128_MD5,SSL_KRB5_WITH_3DES_EDE_CBC_SHA,SSL_KRB5_WITH_3DES_EDE_CBC_MD5,SSL_KRB5_WITH_DES_CBC_SHA,SSL_KRB5_WITH_DES_CBC_MD5,SSL_KRB5_EXPORT_WITH_RC4_40_SHA,SSL_KRB5_EXPORT_WITH_RC4_40_MD5,SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA,SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5," + algorithm_ALL_nips_extended + "," + algorithm_ALL_SuiteB_extended);
                System.setProperty(KeyStoreUtil.ssl_property_2, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV,SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384,SSL_RSA_WITH_AES_256_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384,SSL_DHE_RSA_WITH_AES_256_CBC_SHA256,SSL_DHE_DSS_WITH_AES_256_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA,SSL_ECDH_RSA_WITH_AES_256_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_DHE_DSS_WITH_AES_256_CBC_SHA,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_ECDHE_ECDSA_WITH_RC4_128_SHA,SSL_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,SSL_ECDH_ECDSA_WITH_RC4_128_SHA,SSL_ECDH_RSA_WITH_RC4_128_SHA,SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,SSL_RSA_WITH_AES_256_GCM_SHA384,SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384,SSL_DHE_DSS_WITH_AES_256_GCM_SHA384,SSL_DHE_RSA_WITH_AES_256_GCM_SHA384,SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_AES_128_GCM_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256,SSL_DHE_RSA_WITH_AES_128_GCM_SHA256,SSL_DHE_DSS_WITH_AES_128_GCM_SHA256,SSL_DH_anon_WITH_AES_256_CBC_SHA256,SSL_ECDH_anon_WITH_AES_256_CBC_SHA,SSL_DH_anon_WITH_AES_256_CBC_SHA,SSL_DH_anon_WITH_AES_256_GCM_SHA384,SSL_DH_anon_WITH_AES_128_GCM_SHA256,SSL_DH_anon_WITH_AES_128_CBC_SHA256,SSL_ECDH_anon_WITH_AES_128_CBC_SHA,SSL_DH_anon_WITH_AES_128_CBC_SHA,SSL_ECDH_anon_WITH_RC4_128_SHA,SSL_DH_anon_WITH_RC4_128_MD5,SSL_ECDH_anon_WITH_3DES_EDE_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_NULL_SHA256,SSL_ECDHE_ECDSA_WITH_NULL_SHA,SSL_ECDHE_RSA_WITH_NULL_SHA,SSL_RSA_WITH_NULL_SHA,SSL_ECDH_ECDSA_WITH_NULL_SHA,SSL_ECDH_RSA_WITH_NULL_SHA,SSL_ECDH_anon_WITH_NULL_SHA,SSL_RSA_WITH_NULL_MD5,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DH_anon_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_RC4_128_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,SSL_KRB5_WITH_RC4_128_SHA,SSL_KRB5_WITH_RC4_128_MD5,SSL_KRB5_WITH_3DES_EDE_CBC_SHA,SSL_KRB5_WITH_3DES_EDE_CBC_MD5,SSL_KRB5_WITH_DES_CBC_SHA,SSL_KRB5_WITH_DES_CBC_MD5,SSL_KRB5_EXPORT_WITH_RC4_40_SHA,SSL_KRB5_EXPORT_WITH_RC4_40_MD5,SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA,SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5," + algorithm_ALL_nips_extended + "," + algorithm_ALL_SuiteB_extended);
            } else {
                System.setProperty(KeyStoreUtil.ssl_property_1, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_ECDHE_ECDSA_WITH_RC4_128_SHA,SSL_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,SSL_ECDH_ECDSA_WITH_RC4_128_SHA,SSL_ECDH_RSA_WITH_RC4_128_SHA,SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_AES_128_GCM_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256,SSL_DHE_RSA_WITH_AES_128_GCM_SHA256,SSL_DHE_DSS_WITH_AES_128_GCM_SHA256,SSL_DH_anon_WITH_AES_128_CBC_SHA256,SSL_ECDH_anon_WITH_AES_128_CBC_SHA,SSL_DH_anon_WITH_AES_128_CBC_SHA,SSL_ECDH_anon_WITH_RC4_128_SHA,SSL_DH_anon_WITH_RC4_128_MD5,SSL_ECDH_anon_WITH_3DES_EDE_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_NULL_SHA256,SSL_ECDHE_ECDSA_WITH_NULL_SHA,SSL_ECDHE_RSA_WITH_NULL_SHA,SSL_RSA_WITH_NULL_SHA,SSL_ECDH_ECDSA_WITH_NULL_SHA,SSL_ECDH_RSA_WITH_NULL_SHA,SSL_ECDH_anon_WITH_NULL_SHA,SSL_RSA_WITH_NULL_MD5,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DH_anon_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_RC4_128_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,SSL_KRB5_WITH_RC4_128_SHA,SSL_KRB5_WITH_RC4_128_MD5,SSL_KRB5_WITH_3DES_EDE_CBC_SHA,SSL_KRB5_WITH_3DES_EDE_CBC_MD5,SSL_KRB5_WITH_DES_CBC_SHA,SSL_KRB5_WITH_DES_CBC_MD5,SSL_KRB5_EXPORT_WITH_RC4_40_SHA,SSL_KRB5_EXPORT_WITH_RC4_40_MD5,SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA,SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5," + algorithm_ALL_nips + "," + algorithm_ALL_SuiteB);
                System.setProperty(KeyStoreUtil.ssl_property_2, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_ECDHE_ECDSA_WITH_RC4_128_SHA,SSL_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,SSL_ECDH_ECDSA_WITH_RC4_128_SHA,SSL_ECDH_RSA_WITH_RC4_128_SHA,SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_AES_128_GCM_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256,SSL_DHE_RSA_WITH_AES_128_GCM_SHA256,SSL_DHE_DSS_WITH_AES_128_GCM_SHA256,SSL_DH_anon_WITH_AES_128_CBC_SHA256,SSL_ECDH_anon_WITH_AES_128_CBC_SHA,SSL_DH_anon_WITH_AES_128_CBC_SHA,SSL_ECDH_anon_WITH_RC4_128_SHA,SSL_DH_anon_WITH_RC4_128_MD5,SSL_ECDH_anon_WITH_3DES_EDE_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_NULL_SHA256,SSL_ECDHE_ECDSA_WITH_NULL_SHA,SSL_ECDHE_RSA_WITH_NULL_SHA,SSL_RSA_WITH_NULL_SHA,SSL_ECDH_ECDSA_WITH_NULL_SHA,SSL_ECDH_RSA_WITH_NULL_SHA,SSL_ECDH_anon_WITH_NULL_SHA,SSL_RSA_WITH_NULL_MD5,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DH_anon_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_RC4_128_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,SSL_KRB5_WITH_RC4_128_SHA,SSL_KRB5_WITH_RC4_128_MD5,SSL_KRB5_WITH_3DES_EDE_CBC_SHA,SSL_KRB5_WITH_3DES_EDE_CBC_MD5,SSL_KRB5_WITH_DES_CBC_SHA,SSL_KRB5_WITH_DES_CBC_MD5,SSL_KRB5_EXPORT_WITH_RC4_40_SHA,SSL_KRB5_EXPORT_WITH_RC4_40_MD5,SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA,SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5," + algorithm_ALL_nips + "," + algorithm_ALL_SuiteB);
            }
        }
    }

    public static void setUpBlockingPropertiesforNips() {
        if (isSuiteB(192)) {
            System.setProperty("jdk.tls.disabledAlgorithms", "RSA, DSA, EC keySize !=  384, MD5, SHA1, SHA224, SHA512");
            System.setProperty("jdk.certpath.disabledAlgorithms", "RSA, DSA, EC keySize != 384, MD5, SHA1, SHA224, SHA512");
        } else if (isSuiteB(128)) {
            System.setProperty("jdk.tls.disabledAlgorithms", "RSA, DSA, EC keySize < 256, EC keySize > 384, MD5, SHA1, SHA224, SHA512");
            System.setProperty("jdk.certpath.disabledAlgorithms", "RSA, DSA, EC keySize < 256, EC keySize > 384, MD5, SHA1, SHA224, SHA512");
        } else if (isSp800_131()) {
            System.setProperty("jdk.tls.disabledAlgorithms", "RSA keySize < 2048, DSA keySize < 2048, EC keySize < 224, MD5");
            System.setProperty("jdk.certpath.disabledAlgorithms", "RSA keySize < 2048, DSA keySize < 2048, EC keySize < 224, SHA1, MD5");
        }
    }
}
