package com.predic8.membrane.core.transport.ssl;

import com.predic8.membrane.core.config.security.SSLParser;
import com.predic8.membrane.core.config.security.Store;
import com.predic8.membrane.core.resolver.ResolverMap;
import com.predic8.membrane.core.security.KeyStoreUtil;
import com.predic8.membrane.core.transport.TrustManagerWrapper;
import com.predic8.membrane.core.transport.http2.Http2TlsSupport;
import groovy.lang.ExpandoMetaClass;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathBuilder;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.jose4j.keys.AesKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-6.0.0.jar:com/predic8/membrane/core/transport/ssl/StaticSSLContext.class */
public class StaticSSLContext extends SSLContext {
    private static final String DEFAULT_CERTIFICATE_SHA256 = "c7:e3:fd:97:2f:d3:b9:4f:38:87:9c:45:32:70:b3:d8:c1:9f:d1:64:39:fc:48:5f:f4:a1:6a:95:b5:ca:08:f7";
    public static final String PKCS_12 = "PKCS12";
    private final SSLParser sslParser;
    private List<String> dnsNames;
    private javax.net.ssl.SSLContext sslc;
    private Validity validity;
    private static final Logger log = LoggerFactory.getLogger(StaticSSLContext.class.getName());
    private static boolean defaultCertificateWarned = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-6.0.0.jar:com/predic8/membrane/core/transport/ssl/StaticSSLContext$Validity.class */
    public static final class Validity extends Record {
        private final long from;
        private final long until;

        Validity(long j, long j2) {
            this.from = j;
            this.until = j2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, Validity.class), Validity.class, "from;until", "FIELD:Lcom/predic8/membrane/core/transport/ssl/StaticSSLContext$Validity;->from:J", "FIELD:Lcom/predic8/membrane/core/transport/ssl/StaticSSLContext$Validity;->until:J").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, Validity.class), Validity.class, "from;until", "FIELD:Lcom/predic8/membrane/core/transport/ssl/StaticSSLContext$Validity;->from:J", "FIELD:Lcom/predic8/membrane/core/transport/ssl/StaticSSLContext$Validity;->until:J").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, Validity.class, Object.class), Validity.class, "from;until", "FIELD:Lcom/predic8/membrane/core/transport/ssl/StaticSSLContext$Validity;->from:J", "FIELD:Lcom/predic8/membrane/core/transport/ssl/StaticSSLContext$Validity;->until:J").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public long from() {
            return this.from;
        }

        public long until() {
            return this.until;
        }
    }

    public StaticSSLContext(SSLParser sSLParser, ResolverMap resolverMap, String str) {
        if (sSLParser.getTrustStore() != null && sSLParser.getTrust() != null) {
            throw new InvalidParameterException("<trust> may not be used together with <truststore>.");
        }
        if (sSLParser.getKeyStore() != null && sSLParser.getKey() != null) {
            throw new InvalidParameterException("<key> may not be used together with <keystore>.");
        }
        this.sslParser = sSLParser;
        try {
            initializeJavaSSLContext(createTrustManagerFactory(resolverMap, str), createKeyManagerFactoryWithSideEffects(resolverMap, str));
            init(sSLParser, this.sslc);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Nullable
    private KeyManagerFactory createKeyManagerFactoryWithSideEffects(ResolverMap resolverMap, String str) throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, NoSuchProviderException, UnrecoverableKeyException {
        if (this.sslParser.getKeyStore() == null) {
            if (this.sslParser.getKey() != null) {
                return getKeyManagerFactoryWithSideEffects(this.sslParser, resolverMap, str);
            }
            return null;
        }
        char[] keyPass = getKeyPass(this.sslParser);
        KeyStore openKeyStore = openKeyStore(this.sslParser.getKeyStore(), keyPass, resolverMap, str);
        String keyAlias = getKeyAlias(this.sslParser, openKeyStore);
        this.dnsNames = extractDnsNames(openKeyStore.getCertificate(keyAlias));
        this.validity = getValidityPeriod(openKeyStore, keyAlias);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(getAlgorithm(this.sslParser));
        keyManagerFactory.init(KeyStoreUtil.filterKeyStoreByAlias(openKeyStore, keyPass, keyAlias), keyPass);
        return keyManagerFactory;
    }

    @Nullable
    private TrustManagerFactory createTrustManagerFactory(ResolverMap resolverMap, String str) throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, NoSuchProviderException, InvalidAlgorithmParameterException {
        if (this.sslParser.getTrustStore() == null && this.sslParser.getTrust() == null) {
            return null;
        }
        KeyStore keyStore = null;
        String str2 = null;
        if (this.sslParser.getTrustStore() != null) {
            keyStore = openKeyStore(this.sslParser.getTrustStore(), null, resolverMap, str);
            str2 = this.sslParser.getTrustStore().getCheckRevocation();
        } else if (this.sslParser.getTrust() != null) {
            keyStore = getStore(resolverMap, str);
            str2 = this.sslParser.getTrust().getCheckRevocation();
        }
        return createTrustManagerFactory2(keyStore, str2);
    }

    @NotNull
    private KeyStore getStore(ResolverMap resolverMap, String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(PKCS_12);
        keyStore.load(null, "".toCharArray());
        for (int i = 0; i < this.sslParser.getTrust().getCertificateList().size(); i++) {
            keyStore.setCertificateEntry("inlinePemCertificate" + i, PEMSupport.getInstance().parseCertificate(this.sslParser.getTrust().getCertificateList().get(i).get(resolverMap, str)));
        }
        return keyStore;
    }

    private String getTrustAlgorithm() {
        return (this.sslParser.getTrust() == null || this.sslParser.getTrust().getAlgorithm() == null) ? (this.sslParser.getTrustStore() == null || this.sslParser.getTrustStore().getAlgorithm() == null) ? TrustManagerFactory.getDefaultAlgorithm() : this.sslParser.getTrustStore().getAlgorithm() : this.sslParser.getTrust().getAlgorithm();
    }

    @Nullable
    private TrustManagerFactory createTrustManagerFactory2(KeyStore keyStore, String str) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = null;
        if (keyStore != null) {
            trustManagerFactory = TrustManagerFactory.getInstance(getTrustAlgorithm());
            if (str != null) {
                trustManagerFactory.init(new CertPathTrustManagerParameters(getPkixBuilderParameters(keyStore, getTrustAlgorithm(), str)));
            } else {
                trustManagerFactory.init(keyStore);
            }
        }
        return trustManagerFactory;
    }

    @NotNull
    private static PKIXBuilderParameters getPkixBuilderParameters(KeyStore keyStore, String str, String str2) throws KeyStoreException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.addCertPathChecker(getRevocationChecker(str, str2));
        return pKIXBuilderParameters;
    }

    @NotNull
    private static PKIXRevocationChecker getRevocationChecker(String str, String str2) throws NoSuchAlgorithmException {
        PKIXRevocationChecker pKIXRevocationChecker = (PKIXRevocationChecker) CertPathBuilder.getInstance(str).getRevocationChecker();
        pKIXRevocationChecker.setOptions(createOptions(str2));
        return pKIXRevocationChecker;
    }

    @NotNull
    private static EnumSet<PKIXRevocationChecker.Option> createOptions(String str) {
        EnumSet<PKIXRevocationChecker.Option> noneOf = EnumSet.noneOf(PKIXRevocationChecker.Option.class);
        for (String str2 : str.split(",")) {
            noneOf.add(PKIXRevocationChecker.Option.valueOf(str2));
        }
        return noneOf;
    }

    private void initializeJavaSSLContext(TrustManagerFactory trustManagerFactory, KeyManagerFactory keyManagerFactory) throws KeyManagementException, NoSuchAlgorithmException {
        TrustManager[] trustManagers = trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null;
        if (this.sslParser.isIgnoreTimestampCheckFailure()) {
            trustManagers = new TrustManager[]{new TrustManagerWrapper(trustManagers, true)};
        }
        if (this.sslParser.getProtocol() != null) {
            this.sslc = javax.net.ssl.SSLContext.getInstance(this.sslParser.getProtocol());
        } else {
            this.sslc = javax.net.ssl.SSLContext.getInstance("TLS");
        }
        this.sslc.init(keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null, trustManagers, null);
    }

    private static String getKeyAlias(SSLParser sSLParser, KeyStore keyStore) throws KeyStoreException {
        String keyAlias = sSLParser.getKeyStore().getKeyAlias();
        return keyAlias != null ? KeyStoreUtil.aliasOrThrow(keyStore, keyAlias) : KeyStoreUtil.firstAliasOrThrow(keyStore);
    }

    private Validity getValidityPeriod(KeyStore keyStore, String str) throws KeyStoreException {
        List asList = Arrays.asList(keyStore.getCertificateChain(str));
        return new Validity(getValidFrom(asList), getMinimumValidity(asList));
    }

    @NotNull
    private KeyManagerFactory getKeyManagerFactoryWithSideEffects(SSLParser sSLParser, ResolverMap resolverMap, String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        List<Certificate> certificates = getCertificates(sSLParser, resolverMap, str);
        this.dnsNames = extractDnsNames(certificates.get(0));
        checkChainValidity(certificates);
        this.validity = new Validity(getValidFrom(certificates), getMinimumValidity(certificates));
        return getKeyManagerFactory(sSLParser, getKey(sSLParser, resolverMap, str, certificates), certificates);
    }

    private Key getKey(SSLParser sSLParser, ResolverMap resolverMap, String str, List<Certificate> list) throws IOException {
        Key key = getKey(sSLParser, resolverMap, str);
        checkKeyMatchesCert(key, list);
        return key;
    }

    @NotNull
    private KeyManagerFactory getKeyManagerFactory(SSLParser sSLParser, Key key, List<Certificate> list) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, IOException, CertificateException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(getKeyStore(key, list), getKeyPassword(sSLParser));
        return keyManagerFactory;
    }

    @NotNull
    private static List<Certificate> getCertificates(SSLParser sSLParser, ResolverMap resolverMap, String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        Iterator<com.predic8.membrane.core.config.security.Certificate> it = sSLParser.getKey().getCertificates().iterator();
        while (it.hasNext()) {
            arrayList.add(PEMSupport.getInstance().parseCertificate(it.next().get(resolverMap, str)));
        }
        if (arrayList.isEmpty()) {
            throw new RuntimeException("At least one //ssl/key/certificate is required.");
        }
        return arrayList;
    }

    @NotNull
    private static KeyStore getKeyStore(Key key, List<Certificate> list) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(PKCS_12);
        keyStore.load(null, "".toCharArray());
        keyStore.setKeyEntry("inlinePemKeyAndCertificate", key, "".toCharArray(), (Certificate[]) list.toArray(new Certificate[0]));
        return keyStore;
    }

    private static Key getKey(SSLParser sSLParser, ResolverMap resolverMap, String str) throws IOException {
        Object parseKey = PEMSupport.getInstance().parseKey(sSLParser.getKey().getPrivate().get(resolverMap, str));
        return parseKey instanceof Key ? (Key) parseKey : ((KeyPair) parseKey).getPrivate();
    }

    private static char[] getKeyPassword(SSLParser sSLParser) {
        return sSLParser.getKey().getPassword() != null ? sSLParser.getKey().getPassword().toCharArray() : "".toCharArray();
    }

    private static char[] getKeyPass(SSLParser sSLParser) {
        char[] charArray = "changeit".toCharArray();
        if (sSLParser.getKeyStore().getKeyPassword() != null) {
            charArray = sSLParser.getKeyStore().getKeyPassword().toCharArray();
        }
        return charArray;
    }

    private static String getAlgorithm(SSLParser sSLParser) {
        return sSLParser.getAlgorithm() != null ? sSLParser.getAlgorithm() : KeyManagerFactory.getDefaultAlgorithm();
    }

    public StaticSSLContext(SSLParser sSLParser, javax.net.ssl.SSLContext sSLContext) {
        this.sslParser = sSLParser;
        this.sslc = sSLContext;
        init(sSLParser, sSLContext);
    }

    private List<String> extractDnsNames(Certificate certificate) throws CertificateParsingException {
        Collection<List<?>> subjectAlternativeNames;
        ArrayList arrayList = new ArrayList();
        if ((certificate instanceof X509Certificate) && (subjectAlternativeNames = ((X509Certificate) certificate).getSubjectAlternativeNames()) != null) {
            for (List<?> list : subjectAlternativeNames) {
                if ((list.get(0) instanceof Integer) && ((Integer) list.get(0)).intValue() == 2) {
                    arrayList.add(list.get(1).toString());
                }
            }
        }
        return arrayList;
    }

    public boolean equals(Object obj) {
        if (obj instanceof StaticSSLContext) {
            return this.sslParser.hashCode() == ((StaticSSLContext) obj).sslParser.hashCode();
        }
        return false;
    }

    public int hashCode() {
        return Objects.hash(this.sslParser, this.dnsNames, this.sslc, this.validity);
    }

    public static KeyStore openKeyStore(Store store, char[] cArr, ResolverMap resolverMap, String str) throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, NoSuchProviderException {
        KeyStore andLoadKeyStore = KeyStoreUtil.getAndLoadKeyStore(store, resolverMap, str, getStoreTypeOrDefault(store), getPassword(store, cArr));
        if (!defaultCertificateWarned && andLoadKeyStore.getCertificate("membrane") != null && KeyStoreUtil.getDigest(andLoadKeyStore, "membrane").equals(DEFAULT_CERTIFICATE_SHA256)) {
            log.warn("Using Membrane with the default certificate. This is highly discouraged! Please run the generate-ssl-keys script in the conf directory.");
            defaultCertificateWarned = true;
        }
        return andLoadKeyStore;
    }

    private static char[] getPassword(Store store, char[] cArr) {
        char[] cArr2 = cArr;
        if (store.getPassword() != null) {
            cArr2 = store.getPassword().toCharArray();
        }
        if (cArr2 == null) {
            throw new InvalidParameterException("Password for key store is not set.");
        }
        return cArr2;
    }

    @NotNull
    private static String getStoreTypeOrDefault(Store store) {
        String type = store.getType();
        return type == null ? PKCS_12 : type;
    }

    public void applyCiphers(SSLServerSocket sSLServerSocket) {
        if (this.ciphers != null) {
            SSLParameters sSLParameters = sSLServerSocket.getSSLParameters();
            applyCipherOrdering(sSLParameters);
            sSLParameters.setCipherSuites(this.ciphers);
            sSLServerSocket.setSSLParameters(sSLParameters);
        }
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) this.sslc.getServerSocketFactory().createServerSocket(i, i2, inetAddress);
        applyCiphers(sSLServerSocket);
        if (this.protocols != null) {
            sSLServerSocket.setEnabledProtocols(this.protocols);
        } else {
            String[] enabledProtocols = sSLServerSocket.getEnabledProtocols();
            HashSet hashSet = new HashSet();
            for (String str : enabledProtocols) {
                if (!str.equals("SSLv3") && !str.equals("SSLv2Hello")) {
                    hashSet.add(str);
                }
            }
            sSLServerSocket.setEnabledProtocols((String[]) hashSet.toArray(new String[0]));
        }
        sSLServerSocket.setWantClientAuth(this.wantClientAuth);
        sSLServerSocket.setNeedClientAuth(this.needClientAuth);
        if (this.sslParser.isUseExperimentalHttp2()) {
            Http2TlsSupport.offerHttp2(sSLServerSocket);
        }
        return sSLServerSocket;
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket wrapAcceptedSocket(Socket socket) {
        return socket;
    }

    private void prepare(SSLSocket sSLSocket) {
        if (this.protocols != null) {
            sSLSocket.setEnabledProtocols(this.protocols);
        } else {
            String[] enabledProtocols = sSLSocket.getEnabledProtocols();
            HashSet hashSet = new HashSet();
            for (String str : enabledProtocols) {
                if (!str.equals("SSLv3") && !str.equals("SSLv2Hello")) {
                    hashSet.add(str);
                }
            }
            sSLSocket.setEnabledProtocols((String[]) hashSet.toArray(new String[0]));
        }
        applyCiphers(sSLSocket);
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket createSocket() throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this.sslc.getSocketFactory().createSocket();
        prepare(sSLSocket);
        return sSLSocket;
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket createSocket(Socket socket, String str, int i, int i2, @javax.annotation.Nullable String str2, @javax.annotation.Nullable String[] strArr) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) this.sslc.getSocketFactory().createSocket(socket, str, i, true);
        applySNI(sSLSocket, str2, str);
        if (strArr != null) {
            setApplicationProtocols(sSLSocket, strArr);
        }
        prepare(sSLSocket);
        if (strArr != null) {
            sSLSocket.startHandshake();
        }
        return sSLSocket;
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket createSocket(String str, int i, int i2, @javax.annotation.Nullable String str2, @javax.annotation.Nullable String[] strArr) throws IOException {
        Socket socket = new Socket();
        socket.connect(new InetSocketAddress(str, i), i2);
        return createSocket(socket, str, i, i2, str2, strArr);
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, int i3, @javax.annotation.Nullable String str2, @javax.annotation.Nullable String[] strArr) throws IOException {
        Socket socket = new Socket();
        socket.bind(new InetSocketAddress(inetAddress, i2));
        socket.connect(new InetSocketAddress(str, i), i3);
        return createSocket(socket, str, i, i3, str2, strArr);
    }

    private void applySNI(@javax.validation.constraints.NotNull SSLSocket sSLSocket, @javax.annotation.Nullable String str, @javax.validation.constraints.NotNull String str2) {
        if (str == null || !str.isEmpty()) {
            if (str == null) {
                str = str2;
            }
            SNIHostName sNIHostName = new SNIHostName(str.getBytes());
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(sNIHostName);
            SSLParameters sSLParameters = sSLSocket.getSSLParameters();
            sSLParameters.setServerNames(arrayList);
            sSLSocket.setSSLParameters(sSLParameters);
        }
    }

    private void setApplicationProtocols(@javax.validation.constraints.NotNull SSLSocket sSLSocket, @javax.validation.constraints.NotNull String[] strArr) {
        SSLParameters sSLParameters = sSLSocket.getSSLParameters();
        sSLParameters.setApplicationProtocols(strArr);
        sSLSocket.setSSLParameters(sSLParameters);
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLContext
    SSLSocketFactory getSocketFactory() {
        return this.sslc.getSocketFactory();
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLContext
    List<String> getDnsNames() {
        return this.dnsNames;
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLContext
    String getLocation() {
        return this.sslParser.getKeyStore() != null ? this.sslParser.getKeyStore().getLocation() : BeanDefinitionParserDelegate.NULL_ELEMENT;
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLContext
    public String getPrometheusContextTypeName() {
        return ExpandoMetaClass.STATIC_QUALIFIER;
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLContext
    public boolean hasKeyAndCertificate() {
        return (this.validity.until == 0 || this.validity.from == 0) ? false : true;
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLContext
    public long getValidFrom() {
        return this.validity.from;
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLContext
    public long getValidUntil() {
        return this.validity.until;
    }

    static {
        String property = System.getProperty("jdk.tls.ephemeralDHKeySize");
        if (property == null || "legacy".equals(property)) {
            System.setProperty("jdk.tls.ephemeralDHKeySize", "matched");
        }
        try {
            if (Cipher.getMaxAllowedKeyLength(AesKey.ALGORITHM) <= 128) {
                log.warn("Your Java Virtual Machine does not have unlimited strength cryptography. If it is legal in your country, we strongly advise installing the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.");
            }
        } catch (NoSuchAlgorithmException e) {
        }
        if (System.getProperty("jdk.tls.server.enableStatusRequestExtension") == null) {
            System.setProperty("jdk.tls.server.enableStatusRequestExtension", "true");
        }
    }
}
