package org.apache.tomcat.util.net.jsse;

import ch.qos.logback.core.net.ssl.SSL;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPathParameters;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.net.ServerSocketFactory;
import org.apache.tomcat.util.net.jsse.openssl.OpenSSLCipherConfigurationParser;
import org.apache.tomcat.util.res.StringManager;
import org.apache.tools.ant.launch.Launcher;

/* loaded from: input_file:lib/tomcat-embed-core-8.0.26.jar:org/apache/tomcat/util/net/jsse/JSSESocketFactory.class */
public class JSSESocketFactory implements ServerSocketFactory, SSLUtil {
    private static final String defaultProtocol = "TLS";
    private static final String defaultKeystoreType = "JKS";
    private static final int defaultSessionCacheSize = 0;
    private static final int defaultSessionTimeout = 86400;
    private static final String ALLOW_ALL_SUPPORTED_CIPHERS = "ALL";
    public static final String DEFAULT_KEY_PASS = "changeit";
    private AbstractEndpoint<?> endpoint;
    private final boolean rfc5746Supported;
    private final String[] defaultServerProtocols;
    private final String[] defaultServerCipherSuites;
    protected String[] enabledCiphers;
    protected String[] enabledProtocols;
    private static final Log log = LogFactory.getLog((Class<?>) JSSESocketFactory.class);
    private static final StringManager sm = StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
    private static final String defaultKeystoreFile = System.getProperty(Launcher.USER_HOMEDIR) + "/.keystore";
    protected SSLServerSocketFactory sslProxy = null;
    protected boolean allowUnsafeLegacyRenegotiation = false;
    protected boolean requireClientAuth = false;
    protected boolean wantClientAuth = false;

    public JSSESocketFactory(AbstractEndpoint<?> abstractEndpoint) {
        this.endpoint = abstractEndpoint;
        String sslProtocol = abstractEndpoint.getSslProtocol();
        try {
            SSLContext sSLContext = SSLContext.getInstance(sslProtocol == null ? "TLS" : sslProtocol);
            sSLContext.init(null, null, null);
            SSLServerSocketFactory serverSocketFactory = sSLContext.getServerSocketFactory();
            String[] supportedCipherSuites = serverSocketFactory.getSupportedCipherSuites();
            boolean z = false;
            int length = supportedCipherSuites.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if ("TLS_EMPTY_RENEGOTIATION_INFO_SCSV".equals(supportedCipherSuites[i])) {
                    z = true;
                    break;
                }
                i++;
            }
            this.rfc5746Supported = z;
            try {
                SSLServerSocket sSLServerSocket = (SSLServerSocket) serverSocketFactory.createServerSocket();
                try {
                    this.defaultServerCipherSuites = sSLServerSocket.getEnabledCipherSuites();
                    if (this.defaultServerCipherSuites.length == 0) {
                        log.warn(sm.getString("jsse.noDefaultCiphers", abstractEndpoint.getName()));
                    }
                    ArrayList arrayList = new ArrayList();
                    for (String str : sSLServerSocket.getEnabledProtocols()) {
                        if (str.toUpperCase(Locale.ENGLISH).contains(SSL.DEFAULT_PROTOCOL)) {
                            log.debug(sm.getString("jsse.excludeDefaultProtocol", str));
                        } else {
                            arrayList.add(str);
                        }
                    }
                    this.defaultServerProtocols = (String[]) arrayList.toArray(new String[arrayList.size()]);
                    if (this.defaultServerProtocols.length == 0) {
                        log.warn(sm.getString("jsse.noDefaultProtocols", abstractEndpoint.getName()));
                    }
                } finally {
                    try {
                        sSLServerSocket.close();
                    } catch (IOException e) {
                        log.warn(sm.getString("jsse.exceptionOnClose"), e);
                    }
                }
            } catch (IOException e2) {
                this.defaultServerCipherSuites = new String[0];
                this.defaultServerProtocols = new String[0];
                log.warn(sm.getString("jsse.noDefaultCiphers", abstractEndpoint.getName()));
                log.warn(sm.getString("jsse.noDefaultProtocols", abstractEndpoint.getName()));
            }
        } catch (KeyManagementException | NoSuchAlgorithmException e3) {
            throw new IllegalArgumentException(e3);
        }
    }

    @Override // org.apache.tomcat.util.net.ServerSocketFactory
    public ServerSocket createSocket(int i) throws IOException {
        init();
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    @Override // org.apache.tomcat.util.net.ServerSocketFactory
    public ServerSocket createSocket(int i, int i2) throws IOException {
        init();
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i, i2);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    @Override // org.apache.tomcat.util.net.ServerSocketFactory
    public ServerSocket createSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        init();
        ServerSocket createServerSocket = this.sslProxy.createServerSocket(i, i2, inetAddress);
        initServerSocket(createServerSocket);
        return createServerSocket;
    }

    @Override // org.apache.tomcat.util.net.ServerSocketFactory
    public Socket acceptSocket(ServerSocket serverSocket) throws IOException {
        try {
            return (SSLSocket) serverSocket.accept();
        } catch (SSLException e) {
            throw new SocketException("SSL handshake error" + e.toString());
        }
    }

    @Override // org.apache.tomcat.util.net.ServerSocketFactory
    public void handshake(Socket socket) throws IOException {
        if (((SSLSocket) socket).getSession().getCipherSuite().equals("SSL_NULL_WITH_NULL_NULL")) {
            throw new IOException("SSL handshake failed. Ciper suite in SSL Session is SSL_NULL_WITH_NULL_NULL");
        }
        if (this.allowUnsafeLegacyRenegotiation || this.rfc5746Supported) {
            return;
        }
        ((SSLSocket) socket).setEnabledCipherSuites(new String[0]);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.tomcat.util.net.SSLUtil
    public String[] getEnableableCiphers(SSLContext sSLContext) {
        String ciphers = this.endpoint.getCiphers();
        if ("ALL".equals(ciphers)) {
            return sSLContext.getSupportedSSLParameters().getCipherSuites();
        }
        if (ciphers == null || ciphers.trim().length() == 0) {
            return this.defaultServerCipherSuites;
        }
        List arrayList = new ArrayList();
        if (ciphers.indexOf(58) != -1) {
            arrayList = OpenSSLCipherConfigurationParser.parseExpression(ciphers);
        } else {
            for (String str : ciphers.split(",")) {
                String trim = str.trim();
                if (trim.length() > 0) {
                    arrayList.add(trim);
                }
            }
        }
        if (arrayList.isEmpty()) {
            return this.defaultServerCipherSuites;
        }
        ArrayList arrayList2 = new ArrayList(arrayList);
        arrayList2.retainAll(Arrays.asList(sSLContext.getSupportedSSLParameters().getCipherSuites()));
        if (arrayList2.isEmpty()) {
            log.warn(sm.getString("jsse.requested_ciphers_not_supported", ciphers));
        }
        if (log.isDebugEnabled()) {
            log.debug(sm.getString("jsse.enableable_ciphers", arrayList2));
            if (arrayList2.size() != arrayList.size()) {
                ArrayList arrayList3 = new ArrayList(arrayList);
                arrayList3.removeAll(arrayList2);
                log.debug(sm.getString("jsse.unsupported_ciphers", arrayList3));
            }
        }
        return (String[]) arrayList2.toArray(new String[arrayList2.size()]);
    }

    public String[] getEnabledCiphers() {
        return this.enabledCiphers;
    }

    protected String getKeystorePassword() {
        String keystorePass = this.endpoint.getKeystorePass();
        if (keystorePass == null) {
            keystorePass = this.endpoint.getKeyPass();
        }
        if (keystorePass == null) {
            keystorePass = "changeit";
        }
        return keystorePass;
    }

    protected KeyStore getKeystore(String str, String str2, String str3) throws IOException {
        String keystoreFile = this.endpoint.getKeystoreFile();
        if (keystoreFile == null) {
            keystoreFile = defaultKeystoreFile;
        }
        return getStore(str, str2, keystoreFile, str3);
    }

    protected KeyStore getTrustStore(String str, String str2) throws IOException {
        KeyStore keyStore = null;
        String truststoreFile = this.endpoint.getTruststoreFile();
        if (truststoreFile == null) {
            truststoreFile = System.getProperty("javax.net.ssl.trustStore");
        }
        if (log.isDebugEnabled()) {
            log.debug("Truststore = " + truststoreFile);
        }
        String truststorePass = this.endpoint.getTruststorePass();
        if (truststorePass == null) {
            truststorePass = System.getProperty("javax.net.ssl.trustStorePassword");
        }
        if (log.isDebugEnabled()) {
            log.debug("TrustPass = " + truststorePass);
        }
        String truststoreType = this.endpoint.getTruststoreType();
        if (truststoreType == null) {
            truststoreType = System.getProperty("javax.net.ssl.trustStoreType");
        }
        if (truststoreType == null) {
            truststoreType = str;
        }
        if (log.isDebugEnabled()) {
            log.debug("trustType = " + truststoreType);
        }
        String truststoreProvider = this.endpoint.getTruststoreProvider();
        if (truststoreProvider == null) {
            truststoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider");
        }
        if (truststoreProvider == null) {
            truststoreProvider = str2;
        }
        if (log.isDebugEnabled()) {
            log.debug("trustProvider = " + truststoreProvider);
        }
        if (truststoreFile != null) {
            try {
                keyStore = getStore(truststoreType, truststoreProvider, truststoreFile, truststorePass);
            } catch (IOException e) {
                Throwable cause = e.getCause();
                if (!(cause instanceof UnrecoverableKeyException)) {
                    throw e;
                }
                log.warn(sm.getString("jsse.invalid_truststore_password"), cause);
                keyStore = getStore(truststoreType, truststoreProvider, truststoreFile, null);
            }
        }
        return keyStore;
    }

    private KeyStore getStore(String str, String str2, String str3, String str4) throws IOException {
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    try {
                        KeyStore keyStore = str2 == null ? KeyStore.getInstance(str) : KeyStore.getInstance(str, str2);
                        if (!"PKCS11".equalsIgnoreCase(str) && !"".equalsIgnoreCase(str3)) {
                            File file = new File(str3);
                            if (!file.isAbsolute()) {
                                file = new File(System.getProperty("catalina.base"), str3);
                            }
                            fileInputStream = new FileInputStream(file);
                        }
                        char[] cArr = null;
                        if (str4 != null && !"".equals(str4)) {
                            cArr = str4.toCharArray();
                        }
                        keyStore.load(fileInputStream, cArr);
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e) {
                            }
                        }
                        return keyStore;
                    } catch (IOException e2) {
                        throw e2;
                    }
                } catch (Exception e3) {
                    String string = sm.getString("jsse.keystore_load_failed", str, str3, e3.getMessage());
                    log.error(string, e3);
                    throw new IOException(string);
                }
            } catch (FileNotFoundException e4) {
                log.error(sm.getString("jsse.keystore_load_failed", str, str3, e4.getMessage()), e4);
                throw e4;
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e5) {
                }
            }
            throw th;
        }
    }

    void init() throws IOException {
        try {
            String clientAuth = this.endpoint.getClientAuth();
            if ("true".equalsIgnoreCase(clientAuth) || "yes".equalsIgnoreCase(clientAuth)) {
                this.requireClientAuth = true;
            } else if ("want".equalsIgnoreCase(clientAuth)) {
                this.wantClientAuth = true;
            }
            SSLContext createSSLContext = createSSLContext();
            createSSLContext.init(getKeyManagers(), getTrustManagers(), null);
            SSLSessionContext serverSessionContext = createSSLContext.getServerSessionContext();
            if (serverSessionContext != null) {
                configureSessionContext(serverSessionContext);
            }
            this.sslProxy = createSSLContext.getServerSocketFactory();
            this.enabledCiphers = getEnableableCiphers(createSSLContext);
            this.enabledProtocols = getEnableableProtocols(createSSLContext);
            this.allowUnsafeLegacyRenegotiation = "true".equals(this.endpoint.getAllowUnsafeLegacyRenegotiation());
            checkConfig();
        } catch (Exception e) {
            if (!(e instanceof IOException)) {
                throw new IOException(e.getMessage(), e);
            }
            throw ((IOException) e);
        }
    }

    @Override // org.apache.tomcat.util.net.SSLUtil
    public SSLContext createSSLContext() throws Exception {
        String sslProtocol = this.endpoint.getSslProtocol();
        if (sslProtocol == null) {
            sslProtocol = "TLS";
        }
        return SSLContext.getInstance(sslProtocol);
    }

    @Override // org.apache.tomcat.util.net.SSLUtil
    public KeyManager[] getKeyManagers() throws Exception {
        String keystoreType = this.endpoint.getKeystoreType();
        if (keystoreType == null) {
            keystoreType = "JKS";
        }
        String algorithm = this.endpoint.getAlgorithm();
        if (algorithm == null) {
            algorithm = KeyManagerFactory.getDefaultAlgorithm();
        }
        return getKeyManagers(keystoreType, this.endpoint.getKeystoreProvider(), algorithm, this.endpoint.getKeyAlias());
    }

    @Override // org.apache.tomcat.util.net.SSLUtil
    public TrustManager[] getTrustManagers() throws Exception {
        String truststoreType = this.endpoint.getTruststoreType();
        if (truststoreType == null) {
            truststoreType = System.getProperty("javax.net.ssl.trustStoreType");
        }
        if (truststoreType == null) {
            truststoreType = this.endpoint.getKeystoreType();
        }
        if (truststoreType == null) {
            truststoreType = "JKS";
        }
        String truststoreAlgorithm = this.endpoint.getTruststoreAlgorithm();
        if (truststoreAlgorithm == null) {
            truststoreAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        }
        return getTrustManagers(truststoreType, this.endpoint.getKeystoreProvider(), truststoreAlgorithm);
    }

    @Override // org.apache.tomcat.util.net.SSLUtil
    public void configureSessionContext(SSLSessionContext sSLSessionContext) {
        int parseInt = this.endpoint.getSessionCacheSize() != null ? Integer.parseInt(this.endpoint.getSessionCacheSize()) : 0;
        int parseInt2 = this.endpoint.getSessionTimeout() != null ? Integer.parseInt(this.endpoint.getSessionTimeout()) : defaultSessionTimeout;
        sSLSessionContext.setSessionCacheSize(parseInt);
        sSLSessionContext.setSessionTimeout(parseInt2);
    }

    protected KeyManager[] getKeyManagers(String str, String str2, String str3, String str4) throws Exception {
        String keystorePassword = getKeystorePassword();
        KeyStore keystore = getKeystore(str, str2, keystorePassword);
        if (str4 != null && !keystore.isKeyEntry(str4)) {
            throw new IOException(sm.getString("jsse.alias_no_key_entry", str4));
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str3);
        String keyPass = this.endpoint.getKeyPass();
        if (keyPass == null) {
            keyPass = keystorePassword;
        }
        keyManagerFactory.init(keystore, keyPass.toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (str4 != null) {
            String str5 = str4;
            if ("JKS".equals(str)) {
                str5 = str5.toLowerCase(Locale.ENGLISH);
            }
            for (int i = 0; i < keyManagers.length; i++) {
                keyManagers[i] = new JSSEKeyManager((X509KeyManager) keyManagers[i], str5);
            }
        }
        return keyManagers;
    }

    protected TrustManager[] getTrustManagers(String str, String str2, String str3) throws Exception {
        String crlFile = this.endpoint.getCrlFile();
        String trustManagerClassName = this.endpoint.getTrustManagerClassName();
        if (trustManagerClassName != null && trustManagerClassName.length() > 0) {
            Class<?> loadClass = getClass().getClassLoader().loadClass(trustManagerClassName);
            if (TrustManager.class.isAssignableFrom(loadClass)) {
                return new TrustManager[]{(TrustManager) loadClass.newInstance()};
            }
            throw new InstantiationException(sm.getString("jsse.invalidTrustManagerClassName", trustManagerClassName));
        }
        TrustManager[] trustManagerArr = null;
        KeyStore trustStore = getTrustStore(str, str2);
        if (trustStore != null || this.endpoint.getTrustManagerClassName() != null) {
            if (crlFile == null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str3);
                trustManagerFactory.init(trustStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else {
                TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(str3);
                trustManagerFactory2.init(new CertPathTrustManagerParameters(getParameters(str3, crlFile, trustStore)));
                trustManagerArr = trustManagerFactory2.getTrustManagers();
            }
        }
        return trustManagerArr;
    }

    protected CertPathParameters getParameters(String str, String str2, KeyStore keyStore) throws Exception {
        if (!"PKIX".equalsIgnoreCase(str)) {
            throw new CRLException("CRLs not supported for type: " + str);
        }
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(getCRLs(str2))));
        pKIXBuilderParameters.setRevocationEnabled(true);
        String trustMaxCertLength = this.endpoint.getTrustMaxCertLength();
        if (trustMaxCertLength != null) {
            try {
                pKIXBuilderParameters.setMaxPathLength(Integer.parseInt(trustMaxCertLength));
            } catch (Exception e) {
                log.warn("Bad maxCertLength: " + trustMaxCertLength);
            }
        }
        return pKIXBuilderParameters;
    }

    protected Collection<? extends CRL> getCRLs(String str) throws IOException, CRLException, CertificateException {
        File file = new File(str);
        if (!file.isAbsolute()) {
            file = new File(System.getProperty("catalina.base"), str);
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            try {
                try {
                    Collection<? extends CRL> generateCRLs = certificateFactory.generateCRLs(fileInputStream);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    return generateCRLs;
                } finally {
                }
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } catch (IOException e) {
            throw e;
        } catch (CRLException e2) {
            throw e2;
        } catch (CertificateException e3) {
            throw e3;
        }
    }

    @Override // org.apache.tomcat.util.net.SSLUtil
    public String[] getEnableableProtocols(SSLContext sSLContext) {
        String[] sslEnabledProtocolsArray = this.endpoint.getSslEnabledProtocolsArray();
        if (sslEnabledProtocolsArray == null || sslEnabledProtocolsArray.length == 0) {
            return this.defaultServerProtocols;
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(sslEnabledProtocolsArray));
        arrayList.retainAll(Arrays.asList(sSLContext.getSupportedSSLParameters().getProtocols()));
        if (arrayList.isEmpty()) {
            log.warn(sm.getString("jsse.requested_protocols_not_supported", Arrays.asList(sslEnabledProtocolsArray)));
        }
        if (log.isDebugEnabled()) {
            log.debug(sm.getString("jsse.enableable_protocols", arrayList));
            if (arrayList.size() != sslEnabledProtocolsArray.length) {
                ArrayList arrayList2 = new ArrayList(Arrays.asList(sslEnabledProtocolsArray));
                arrayList2.removeAll(arrayList);
                log.debug(sm.getString("jsse.unsupported_protocols", arrayList2));
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    protected void configureClientAuth(SSLServerSocket sSLServerSocket) {
        if (this.wantClientAuth) {
            sSLServerSocket.setWantClientAuth(this.wantClientAuth);
        } else {
            sSLServerSocket.setNeedClientAuth(this.requireClientAuth);
        }
    }

    protected void configureUseServerCipherSuitesOrder(SSLServerSocket sSLServerSocket) {
        String trim = this.endpoint.getUseServerCipherSuitesOrder().trim();
        if ("".equals(trim)) {
            return;
        }
        SSLParameters sSLParameters = sSLServerSocket.getSSLParameters();
        try {
            SSLParameters.class.getMethod("setUseCipherSuitesOrder", Boolean.TYPE).invoke(sSLParameters, Boolean.valueOf("true".equalsIgnoreCase(trim) || "yes".equalsIgnoreCase(trim)));
            sSLServerSocket.setSSLParameters(sSLParameters);
        } catch (IllegalAccessException e) {
            throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"), e);
        } catch (IllegalArgumentException e2) {
            throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"), e2);
        } catch (NoSuchMethodException e3) {
            throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"), e3);
        } catch (InvocationTargetException e4) {
            throw new UnsupportedOperationException(sm.getString("endpoint.jsse.cannotHonorServerCipherOrder"), e4);
        }
    }

    private void initServerSocket(ServerSocket serverSocket) {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) serverSocket;
        sSLServerSocket.setEnabledCipherSuites(this.enabledCiphers);
        sSLServerSocket.setEnabledProtocols(this.enabledProtocols);
        configureClientAuth(sSLServerSocket);
        configureUseServerCipherSuitesOrder(sSLServerSocket);
    }

    private void checkConfig() throws IOException {
        ServerSocket createServerSocket = this.sslProxy.createServerSocket();
        initServerSocket(createServerSocket);
        try {
            try {
                createServerSocket.setSoTimeout(1);
                createServerSocket.accept();
                if (createServerSocket.isClosed()) {
                    return;
                }
                createServerSocket.close();
            } catch (SSLException e) {
                IOException iOException = new IOException(sm.getString("jsse.invalid_ssl_conf", e.getMessage()));
                iOException.initCause(e);
                throw iOException;
            } catch (Exception e2) {
                if (createServerSocket.isClosed()) {
                    return;
                }
                createServerSocket.close();
            }
        } catch (Throwable th) {
            if (!createServerSocket.isClosed()) {
                createServerSocket.close();
            }
            throw th;
        }
    }
}
