package io.netty.handler.ssl;

import io.netty.bootstrap.Bootstrap;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.CompositeByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.buffer.UnpooledByteBufAllocator;
import io.netty.channel.Channel;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.SimpleChannelInboundHandler;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.SocketChannel;
import io.netty.channel.socket.nio.NioServerSocketChannel;
import io.netty.channel.socket.nio.NioSocketChannel;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.handler.ssl.util.SimpleTrustManagerFactory;
import io.netty.util.CharsetUtil;
import io.netty.util.NetUtil;
import io.netty.util.ReferenceCountUtil;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.Promise;
import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.ResourcesUtil;
import io.netty.util.internal.SystemPropertyUtil;
import java.io.ByteArrayInputStream;
import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.nio.ByteBuffer;
import java.nio.channels.ClosedChannelException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import javax.crypto.SecretKey;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.KeyManagerFactorySpi;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionBindingEvent;
import javax.net.ssl.SSLSessionBindingListener;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.TrustManagerFactorySpi;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.conscrypt.OpenSSLProvider;
import org.junit.After;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;

/* loaded from: input_file:io/netty/handler/ssl/SSLEngineTest.class */
public abstract class SSLEngineTest {
    private static final String X509_CERT_PEM = "-----BEGIN CERTIFICATE-----\nMIIB9jCCAV+gAwIBAgIJAO9fzyjyV5BhMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV\nBAMMCWxvY2FsaG9zdDAeFw0xNjA5MjAxOTI0MTVaFw00NDEwMDMxOTI0MTVaMBQx\nEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n1Kp6DmwRiI+TNs3rZ3WvceDYQ4VTxZQk9jgHVKhHTeA0LptOaazbm9g+aOPiCc6V\n5ysu8T8YRLWjej3by2/1zPBO1k25dQRK8dHr0Grmo20FW7+ES+YxohOfmi7bjOVm\nNrI3NoVZjf3fQjAlrtKCmaxRPgYEwOT0ucGfJiEyV9cCAwEAAaNQME4wHQYDVR0O\nBBYEFIba521hTU1P+1QHcIqAOdAEgd1QMB8GA1UdIwQYMBaAFIba521hTU1P+1QH\ncIqAOdAEgd1QMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAHG5hBy0b\nysXKJqWQ/3bNId3VCzD9U557oxEYYAuPG0TqyvjvZ3wNQto079Na7lYkTt2kTIYN\n/HPW2eflDyXAwXmdNM1Gre213NECY9VxDBTCYJ1R4f2Ogv9iehwzZ4aJGxEDay69\nwrGrxKIrKL4OMl/E+R4mi+yZ0i6bfQuli5s=\n-----END CERTIFICATE-----\n";
    private static final String PRIVATE_KEY_PEM = "-----BEGIN PRIVATE KEY-----\nMIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANSqeg5sEYiPkzbN\n62d1r3Hg2EOFU8WUJPY4B1SoR03gNC6bTmms25vYPmjj4gnOlecrLvE/GES1o3o9\n28tv9czwTtZNuXUESvHR69Bq5qNtBVu/hEvmMaITn5ou24zlZjayNzaFWY3930Iw\nJa7SgpmsUT4GBMDk9LnBnyYhMlfXAgMBAAECgYAeyc+B5wNi0eZuOMGr6M3Nns+w\ndsz5/cicHOBy0SoBjEQBu1pO0ke4+EWQye0fnlj1brsNEiVhTSqtt+bqPPtIvKtZ\nU4Z2M5euUQL390LnVM+jlaRyKUFVYzFnWfNgciT6SLsrbGRz9EhMH2jM6gi8O/cI\nn8Do9fgHon9dILOPAQJBAO/3xc0/sWP94Cv25ogsvOLRgXY2NqY/PDfWat31MFt4\npKh9aad7SrqR7oRXIEuJ+16drM0O+KveJEjFnHgcq18CQQDi38CqycxrsL2pzq53\nXtlhbzOBpDaNjySMmdg8wIXVVGmFC7Y2zWq+cEirrI0n2BJOC4LLDNvlT6IjnYqF\nqp6JAkBQfB0Wyz8XF4aBmG0XzVGJDdXLLUHFHr52x+7OBTez5lHrxSyTpPGag+mo\n74QAcgYiZOYZXOUg1//5fHYPfyYnAkANKyenwibXaV7Y6GJAE4VSnn3C3KE9/j0E\n3Dks7Y/XHhsx2cgtziaP/zx4mn9m/KezV/+zgX+SA9lJb++GaqzhAkEAoNfjQ4jd\n3fsY99ZVoC5YFASSKf+DBqcVOkiUtF1pRwBzLDgKW14+nM/v7X+HJzkfnNTj4cW/\nnUq37uAS7oJc4g==\n-----END PRIVATE KEY-----\n";
    private static final String CLIENT_X509_CERT_PEM = "-----BEGIN CERTIFICATE-----\nMIIBmTCCAQICAQEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJbG9jYWxob3N0\nMCAXDTE3MDkyMTAzNDUwMVoYDzIxMTcwOTIyMDM0NTAxWjAUMRIwEAYDVQQDEwl0\nbHNjbGllbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMHX2Jc5i3I+npww\nmIb0L1A3D+ujpJam/0fTA9w8GFZGs8Em9emlVbEwzFi4kVIoLxwZGqkr6TSH2iaf\naX5zVF4oUQyLRyxlFkwaORRi/T+iXq2XPQIW9A5TmVHGSHUlYj8/X9vfrMkJO/I0\nRXi6mMBXV4C7bu3BLyEGs8rb6kirAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAYLYI\n5wvUaGRqJn7pA4xR9nEhsNpQbza3bJayQvyiJsB5rn9yBJsk5ch3tBBCfh/MA6PW\nxcy2hS5rhZUTve6FK3Kr2GiUYy+keYmbna1UJPKPgIR3BX66g+Ev5RUinmbieC2J\neE0EtFfLq3uzj8HjakuxOGJz9h+bnCGBhgWWOBo=\n-----END CERTIFICATE-----\n";
    private static final String CLIENT_PRIVATE_KEY_PEM = "-----BEGIN PRIVATE KEY-----\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMHX2Jc5i3I+npww\nmIb0L1A3D+ujpJam/0fTA9w8GFZGs8Em9emlVbEwzFi4kVIoLxwZGqkr6TSH2iaf\naX5zVF4oUQyLRyxlFkwaORRi/T+iXq2XPQIW9A5TmVHGSHUlYj8/X9vfrMkJO/I0\nRXi6mMBXV4C7bu3BLyEGs8rb6kirAgMBAAECgYBKPKrzh5NTJo5CDQ5tKNlx5BSR\nzzM6iyxbSoJA9zbu29b90zj8yVgfKywnkk/9Yexg23Btd6axepHeltClH/AgD1GL\nQE9bpeBMm8r+/9v/XR/mn5GjTxspj/q29mqOdg8CrKb8M6r1gtj70r8nI8aqmDwV\nb6/ZTpsei+tN635Y2QJBAP1FHtIK2Z4t2Ro7oNaiv3s3TsYDlj14ladG+DKi2tW+\n9PW7AO8rLAx2LWmrilXDFc7UG6hvhmUVkp7wXRCK0dcCQQDD7r3g8lswdEAVI0tF\nfzJO61vDR12Kxv4flar9GwWdak7EzCp//iYNPWc+S7ONlYRbbI+uKVL/KBlvkU9E\n4M1NAkEAy0ZGzl5W+1XhAeUJ2jsVZFenqdYHJ584veGAI2QCL7vr763/ufX0jKvt\nFvrPNLY3MqGa8T1RqJ//5gEVMMm6UQJAKpBJpX1gu/T1GuJw7qcEKcrNQ23Ub1pt\nSDU+UP+2x4yZkfz8WpO+dm/ZZtoRJnfNqgK6b85AXne6ltcNTlw7nQJBAKnFel18\nTg2ea308CyM+SJQxpfmU+1yeO2OYHNmimjWFhQPuxIDP9JUzpW39DdCDdTcd++HK\nxJ5gsU/5OLk6ySo=\n-----END PRIVATE KEY-----\n";
    private static final String CLIENT_X509_CERT_CHAIN_PEM = "-----BEGIN CERTIFICATE-----\nMIIBmTCCAQICAQEwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJbG9jYWxob3N0\nMCAXDTE3MDkyMTAzNDUwMVoYDzIxMTcwOTIyMDM0NTAxWjAUMRIwEAYDVQQDEwl0\nbHNjbGllbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMHX2Jc5i3I+npww\nmIb0L1A3D+ujpJam/0fTA9w8GFZGs8Em9emlVbEwzFi4kVIoLxwZGqkr6TSH2iaf\naX5zVF4oUQyLRyxlFkwaORRi/T+iXq2XPQIW9A5TmVHGSHUlYj8/X9vfrMkJO/I0\nRXi6mMBXV4C7bu3BLyEGs8rb6kirAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAYLYI\n5wvUaGRqJn7pA4xR9nEhsNpQbza3bJayQvyiJsB5rn9yBJsk5ch3tBBCfh/MA6PW\nxcy2hS5rhZUTve6FK3Kr2GiUYy+keYmbna1UJPKPgIR3BX66g+Ev5RUinmbieC2J\neE0EtFfLq3uzj8HjakuxOGJz9h+bnCGBhgWWOBo=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIB9jCCAV+gAwIBAgIJAO9fzyjyV5BhMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV\nBAMMCWxvY2FsaG9zdDAeFw0xNjA5MjAxOTI0MTVaFw00NDEwMDMxOTI0MTVaMBQx\nEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n1Kp6DmwRiI+TNs3rZ3WvceDYQ4VTxZQk9jgHVKhHTeA0LptOaazbm9g+aOPiCc6V\n5ysu8T8YRLWjej3by2/1zPBO1k25dQRK8dHr0Grmo20FW7+ES+YxohOfmi7bjOVm\nNrI3NoVZjf3fQjAlrtKCmaxRPgYEwOT0ucGfJiEyV9cCAwEAAaNQME4wHQYDVR0O\nBBYEFIba521hTU1P+1QHcIqAOdAEgd1QMB8GA1UdIwQYMBaAFIba521hTU1P+1QH\ncIqAOdAEgd1QMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAHG5hBy0b\nysXKJqWQ/3bNId3VCzD9U557oxEYYAuPG0TqyvjvZ3wNQto079Na7lYkTt2kTIYN\n/HPW2eflDyXAwXmdNM1Gre213NECY9VxDBTCYJ1R4f2Ogv9iehwzZ4aJGxEDay69\nwrGrxKIrKL4OMl/E+R4mi+yZ0i6bfQuli5s=\n-----END CERTIFICATE-----\n";
    private static final String PRINCIPAL_NAME = "CN=e8ac02fa0d65a84219016045db8b05c485b4ecdf.netty.test";

    @Mock
    protected MessageReceiver serverReceiver;

    @Mock
    protected MessageReceiver clientReceiver;
    protected Throwable serverException;
    protected Throwable clientException;
    protected SslContext serverSslCtx;
    protected SslContext clientSslCtx;
    protected ServerBootstrap sb;
    protected Bootstrap cb;
    protected Channel serverChannel;
    protected Channel serverConnectedChannel;
    protected Channel clientChannel;
    protected CountDownLatch serverLatch;
    protected CountDownLatch clientLatch;
    private final BufferType type;
    private final ProtocolCipherCombo protocolCipherCombo;
    private final boolean delegate;
    private ExecutorService delegatingExecutor;

    /* renamed from: io.netty.handler.ssl.SSLEngineTest$1SSLSessionBindingEventValue, reason: invalid class name */
    /* loaded from: input_file:io/netty/handler/ssl/SSLEngineTest$1SSLSessionBindingEventValue.class */
    class C1SSLSessionBindingEventValue implements SSLSessionBindingListener {
        SSLSessionBindingEvent boundEvent;
        SSLSessionBindingEvent unboundEvent;

        C1SSLSessionBindingEventValue() {
        }

        @Override // javax.net.ssl.SSLSessionBindingListener
        public void valueBound(SSLSessionBindingEvent sSLSessionBindingEvent) {
            Assert.assertNull(this.boundEvent);
            this.boundEvent = sSLSessionBindingEvent;
        }

        @Override // javax.net.ssl.SSLSessionBindingListener
        public void valueUnbound(SSLSessionBindingEvent sSLSessionBindingEvent) {
            Assert.assertNull(this.unboundEvent);
            this.unboundEvent = sSLSessionBindingEvent;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/netty/handler/ssl/SSLEngineTest$BufferType.class */
    public enum BufferType {
        Direct,
        Heap,
        Mixed
    }

    /* loaded from: input_file:io/netty/handler/ssl/SSLEngineTest$MessageDelegatorChannelHandler.class */
    protected static final class MessageDelegatorChannelHandler extends SimpleChannelInboundHandler<ByteBuf> {
        private final MessageReceiver receiver;
        private final CountDownLatch latch;

        public MessageDelegatorChannelHandler(MessageReceiver messageReceiver, CountDownLatch countDownLatch) {
            super(false);
            this.receiver = messageReceiver;
            this.latch = countDownLatch;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public void channelRead0(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) throws Exception {
            this.receiver.messageReceived(byteBuf);
            this.latch.countDown();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/netty/handler/ssl/SSLEngineTest$MessageReceiver.class */
    public interface MessageReceiver {
        void messageReceived(ByteBuf byteBuf);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/netty/handler/ssl/SSLEngineTest$ProtocolCipherCombo.class */
    public static final class ProtocolCipherCombo {
        private static final ProtocolCipherCombo TLSV12 = new ProtocolCipherCombo("TLSv1.2", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
        private static final ProtocolCipherCombo TLSV13 = new ProtocolCipherCombo("TLSv1.3", "TLS_AES_128_GCM_SHA256");
        final String protocol;
        final String cipher;

        private ProtocolCipherCombo(String str, String str2) {
            this.protocol = str;
            this.cipher = str2;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static ProtocolCipherCombo tlsv12() {
            return TLSV12;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static ProtocolCipherCombo tlsv13() {
            return TLSV13;
        }

        public String toString() {
            return "ProtocolCipherCombo{protocol='" + this.protocol + "', cipher='" + this.cipher + "'}";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/netty/handler/ssl/SSLEngineTest$TestByteBufAllocator.class */
    public static final class TestByteBufAllocator implements ByteBufAllocator {
        private final ByteBufAllocator allocator;
        private final BufferType type;

        TestByteBufAllocator(ByteBufAllocator byteBufAllocator, BufferType bufferType) {
            this.allocator = byteBufAllocator;
            this.type = bufferType;
        }

        public ByteBuf buffer() {
            switch (this.type) {
                case Direct:
                    return this.allocator.directBuffer();
                case Heap:
                    return this.allocator.heapBuffer();
                case Mixed:
                    return PlatformDependent.threadLocalRandom().nextBoolean() ? this.allocator.directBuffer() : this.allocator.heapBuffer();
                default:
                    throw new Error();
            }
        }

        public ByteBuf buffer(int i) {
            switch (this.type) {
                case Direct:
                    return this.allocator.directBuffer(i);
                case Heap:
                    return this.allocator.heapBuffer(i);
                case Mixed:
                    return PlatformDependent.threadLocalRandom().nextBoolean() ? this.allocator.directBuffer(i) : this.allocator.heapBuffer(i);
                default:
                    throw new Error();
            }
        }

        public ByteBuf buffer(int i, int i2) {
            switch (this.type) {
                case Direct:
                    return this.allocator.directBuffer(i, i2);
                case Heap:
                    return this.allocator.heapBuffer(i, i2);
                case Mixed:
                    return PlatformDependent.threadLocalRandom().nextBoolean() ? this.allocator.directBuffer(i, i2) : this.allocator.heapBuffer(i, i2);
                default:
                    throw new Error();
            }
        }

        public ByteBuf ioBuffer() {
            return this.allocator.ioBuffer();
        }

        public ByteBuf ioBuffer(int i) {
            return this.allocator.ioBuffer(i);
        }

        public ByteBuf ioBuffer(int i, int i2) {
            return this.allocator.ioBuffer(i, i2);
        }

        public ByteBuf heapBuffer() {
            return this.allocator.heapBuffer();
        }

        public ByteBuf heapBuffer(int i) {
            return this.allocator.heapBuffer(i);
        }

        public ByteBuf heapBuffer(int i, int i2) {
            return this.allocator.heapBuffer(i, i2);
        }

        public ByteBuf directBuffer() {
            return this.allocator.directBuffer();
        }

        public ByteBuf directBuffer(int i) {
            return this.allocator.directBuffer(i);
        }

        public ByteBuf directBuffer(int i, int i2) {
            return this.allocator.directBuffer(i, i2);
        }

        public CompositeByteBuf compositeBuffer() {
            switch (this.type) {
                case Direct:
                    return this.allocator.compositeDirectBuffer();
                case Heap:
                    return this.allocator.compositeHeapBuffer();
                case Mixed:
                    return PlatformDependent.threadLocalRandom().nextBoolean() ? this.allocator.compositeDirectBuffer() : this.allocator.compositeHeapBuffer();
                default:
                    throw new Error();
            }
        }

        public CompositeByteBuf compositeBuffer(int i) {
            switch (this.type) {
                case Direct:
                    return this.allocator.compositeDirectBuffer(i);
                case Heap:
                    return this.allocator.compositeHeapBuffer(i);
                case Mixed:
                    return PlatformDependent.threadLocalRandom().nextBoolean() ? this.allocator.compositeDirectBuffer(i) : this.allocator.compositeHeapBuffer(i);
                default:
                    throw new Error();
            }
        }

        public CompositeByteBuf compositeHeapBuffer() {
            return this.allocator.compositeHeapBuffer();
        }

        public CompositeByteBuf compositeHeapBuffer(int i) {
            return this.allocator.compositeHeapBuffer(i);
        }

        public CompositeByteBuf compositeDirectBuffer() {
            return this.allocator.compositeDirectBuffer();
        }

        public CompositeByteBuf compositeDirectBuffer(int i) {
            return this.allocator.compositeDirectBuffer(i);
        }

        public boolean isDirectBufferPooled() {
            return this.allocator.isDirectBufferPooled();
        }

        public int calculateNewCapacity(int i, int i2) {
            return this.allocator.calculateNewCapacity(i, i2);
        }
    }

    /* loaded from: input_file:io/netty/handler/ssl/SSLEngineTest$TestTrustManagerFactory.class */
    private final class TestTrustManagerFactory extends X509ExtendedTrustManager {
        private final Certificate localCert;
        private volatile boolean verified;

        TestTrustManagerFactory(Certificate certificate) {
            this.localCert = certificate;
        }

        boolean isVerified() {
            return this.verified;
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
            Assert.fail();
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
            Assert.fail();
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
            this.verified = true;
            Assert.assertFalse(sSLEngine.getUseClientMode());
            SSLSession handshakeSession = sSLEngine.getHandshakeSession();
            Assert.assertNotNull(handshakeSession);
            Certificate[] localCertificates = handshakeSession.getLocalCertificates();
            Assert.assertNotNull(localCertificates);
            Assert.assertEquals(1L, localCertificates.length);
            Assert.assertEquals(this.localCert, localCertificates[0]);
            Assert.assertNotNull(handshakeSession.getLocalPrincipal());
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
            this.verified = true;
            Assert.assertTrue(sSLEngine.getUseClientMode());
            SSLSession handshakeSession = sSLEngine.getHandshakeSession();
            Assert.assertNotNull(handshakeSession);
            Assert.assertNull(handshakeSession.getLocalCertificates());
            Assert.assertNull(handshakeSession.getLocalPrincipal());
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            Assert.fail();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            Assert.fail();
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return EmptyArrays.EMPTY_X509_CERTIFICATES;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLEngineTest(BufferType bufferType, ProtocolCipherCombo protocolCipherCombo, boolean z) {
        this.type = bufferType;
        this.protocolCipherCombo = protocolCipherCombo;
        this.delegate = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ByteBuffer allocateBuffer(int i) {
        switch (this.type) {
            case Direct:
                return ByteBuffer.allocateDirect(i);
            case Heap:
                return ByteBuffer.allocate(i);
            case Mixed:
                return PlatformDependent.threadLocalRandom().nextBoolean() ? ByteBuffer.allocateDirect(i) : ByteBuffer.allocate(i);
            default:
                throw new Error();
        }
    }

    @Before
    public void setup() {
        MockitoAnnotations.initMocks(this);
        this.serverLatch = new CountDownLatch(1);
        this.clientLatch = new CountDownLatch(1);
        if (this.delegate) {
            this.delegatingExecutor = Executors.newCachedThreadPool();
        }
    }

    @After
    public void tearDown() throws InterruptedException {
        ChannelFuture channelFuture = null;
        ChannelFuture channelFuture2 = null;
        ChannelFuture channelFuture3 = null;
        if (this.clientChannel != null) {
            channelFuture = this.clientChannel.close();
            this.clientChannel = null;
        }
        if (this.serverConnectedChannel != null) {
            channelFuture2 = this.serverConnectedChannel.close();
            this.serverConnectedChannel = null;
        }
        if (this.serverChannel != null) {
            channelFuture3 = this.serverChannel.close();
            this.serverChannel = null;
        }
        if (channelFuture != null) {
            channelFuture.sync();
        }
        if (channelFuture2 != null) {
            channelFuture2.sync();
        }
        if (channelFuture3 != null) {
            channelFuture3.sync();
        }
        if (this.serverSslCtx != null) {
            cleanupServerSslContext(this.serverSslCtx);
            this.serverSslCtx = null;
        }
        if (this.clientSslCtx != null) {
            cleanupClientSslContext(this.clientSslCtx);
            this.clientSslCtx = null;
        }
        Future future = null;
        Future future2 = null;
        Future future3 = null;
        if (this.sb != null) {
            future = this.sb.config().group().shutdownGracefully(0L, 0L, TimeUnit.MILLISECONDS);
            future2 = this.sb.config().childGroup().shutdownGracefully(0L, 0L, TimeUnit.MILLISECONDS);
        }
        if (this.cb != null) {
            future3 = this.cb.config().group().shutdownGracefully(0L, 0L, TimeUnit.MILLISECONDS);
        }
        if (future != null) {
            future.sync();
            future2.sync();
        }
        if (future3 != null) {
            future3.sync();
        }
        this.serverException = null;
        if (this.delegatingExecutor != null) {
            this.delegatingExecutor.shutdown();
        }
    }

    @Test
    public void testMutualAuthSameCerts() throws Throwable {
        mySetupMutualAuth(ResourcesUtil.getFile(getClass(), "test_unencrypted.pem"), ResourcesUtil.getFile(getClass(), "test.crt"), null);
        runTest(null);
        Assert.assertTrue(this.serverLatch.await(2L, TimeUnit.SECONDS));
        Throwable th = this.serverException;
        if (th != null) {
            throw th;
        }
    }

    @Test
    public void testMutualAuthDiffCerts() throws Exception {
        File file = ResourcesUtil.getFile(getClass(), "test_encrypted.pem");
        File file2 = ResourcesUtil.getFile(getClass(), "test.crt");
        File file3 = ResourcesUtil.getFile(getClass(), "test2_encrypted.pem");
        File file4 = ResourcesUtil.getFile(getClass(), "test2.crt");
        mySetupMutualAuth(file4, file, file2, "12345", file2, file3, file4, "12345");
        runTest(null);
        Assert.assertTrue(this.serverLatch.await(2L, TimeUnit.SECONDS));
    }

    @Test
    public void testMutualAuthDiffCertsServerFailure() throws Exception {
        File file = ResourcesUtil.getFile(getClass(), "test_encrypted.pem");
        File file2 = ResourcesUtil.getFile(getClass(), "test.crt");
        mySetupMutualAuth(file2, file, file2, "12345", file2, ResourcesUtil.getFile(getClass(), "test2_encrypted.pem"), ResourcesUtil.getFile(getClass(), "test2.crt"), "12345");
        Assert.assertTrue(this.serverLatch.await(2L, TimeUnit.SECONDS));
        Assert.assertTrue(this.serverException instanceof SSLHandshakeException);
    }

    @Test
    public void testMutualAuthDiffCertsClientFailure() throws Exception {
        File file = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem");
        File file2 = ResourcesUtil.getFile(getClass(), "test.crt");
        File file3 = ResourcesUtil.getFile(getClass(), "test2_unencrypted.pem");
        File file4 = ResourcesUtil.getFile(getClass(), "test2.crt");
        mySetupMutualAuth(file4, file, file2, null, file4, file3, file4, null);
        Assert.assertTrue(this.clientLatch.await(2L, TimeUnit.SECONDS));
        Assert.assertTrue(this.clientException instanceof SSLHandshakeException);
    }

    @Test
    public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
        testMutualAuthInvalidClientCertSucceed(ClientAuth.NONE);
    }

    @Test
    public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
        testMutualAuthClientCertFail(ClientAuth.OPTIONAL);
    }

    @Test
    public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
        testMutualAuthClientCertFail(ClientAuth.REQUIRE);
    }

    @Test
    public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
        testMutualAuthClientCertFail(ClientAuth.OPTIONAL, "mutual_auth_client.p12", true);
    }

    @Test
    public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
        testMutualAuthClientCertFail(ClientAuth.REQUIRE, "mutual_auth_client.p12", true);
    }

    private void testMutualAuthInvalidClientCertSucceed(ClientAuth clientAuth) throws Exception {
        char[] charArray = "example".toCharArray();
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(getClass().getResourceAsStream("mutual_auth_server.p12"), charArray);
        KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
        keyStore2.load(getClass().getResourceAsStream("mutual_auth_invalid_client.p12"), charArray);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, charArray);
        KeyManagerFactory keyManagerFactory2 = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory2.init(keyStore2, charArray);
        File file = ResourcesUtil.getFile(getClass(), "mutual_auth_ca.pem");
        mySetupMutualAuth(keyManagerFactory, file, keyManagerFactory2, file, clientAuth, false, false);
        Assert.assertTrue(this.clientLatch.await(5L, TimeUnit.SECONDS));
        Assert.assertNull(this.clientException);
        Assert.assertTrue(this.serverLatch.await(5L, TimeUnit.SECONDS));
        Assert.assertNull(this.serverException);
    }

    private void testMutualAuthClientCertFail(ClientAuth clientAuth) throws Exception {
        testMutualAuthClientCertFail(clientAuth, "mutual_auth_invalid_client.p12", false);
    }

    private void testMutualAuthClientCertFail(ClientAuth clientAuth, String str, boolean z) throws Exception {
        char[] charArray = "example".toCharArray();
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(getClass().getResourceAsStream("mutual_auth_server.p12"), charArray);
        KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
        keyStore2.load(getClass().getResourceAsStream(str), charArray);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, charArray);
        KeyManagerFactory keyManagerFactory2 = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory2.init(keyStore2, charArray);
        File file = ResourcesUtil.getFile(getClass(), "mutual_auth_ca.pem");
        mySetupMutualAuth(keyManagerFactory, file, keyManagerFactory2, file, clientAuth, true, z);
        Assert.assertTrue(this.clientLatch.await(5L, TimeUnit.SECONDS));
        Assert.assertTrue("unexpected exception: " + this.clientException, mySetupMutualAuthServerIsValidClientException(this.clientException));
        Assert.assertTrue(this.serverLatch.await(5L, TimeUnit.SECONDS));
        Assert.assertTrue("unexpected exception: " + this.serverException, mySetupMutualAuthServerIsValidServerException(this.serverException));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean causedBySSLException(Throwable th) {
        Throwable th2 = th;
        while (!(th2 instanceof SSLException)) {
            th2 = th2.getCause();
            if (th2 == null) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean mySetupMutualAuthServerIsValidServerException(Throwable th) {
        return mySetupMutualAuthServerIsValidException(th);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean mySetupMutualAuthServerIsValidClientException(Throwable th) {
        return mySetupMutualAuthServerIsValidException(th);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean mySetupMutualAuthServerIsValidException(Throwable th) {
        return (th instanceof SSLException) || (th instanceof ClosedChannelException);
    }

    protected void mySetupMutualAuthServerInitSslHandler(SslHandler sslHandler) {
    }

    private void mySetupMutualAuth(KeyManagerFactory keyManagerFactory, File file, KeyManagerFactory keyManagerFactory2, File file2, ClientAuth clientAuth, final boolean z, final boolean z2) throws SSLException, InterruptedException {
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(keyManagerFactory).protocols(protocols()).ciphers(ciphers()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).trustManager(file).clientAuth(clientAuth).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0L).sessionTimeout(0L).build());
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().protocols(protocols()).ciphers(ciphers()).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).trustManager(file2).keyManager(keyManagerFactory2).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0L).sessionTimeout(0L).build());
        this.serverConnectedChannel = null;
        this.sb = new ServerBootstrap();
        this.cb = new Bootstrap();
        this.sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
        this.sb.channel(NioServerSocketChannel.class);
        this.sb.childHandler(new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.SSLEngineTest.1
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), SSLEngineTest.this.type));
                ChannelPipeline pipeline = channel.pipeline();
                SslHandler newHandler = SSLEngineTest.this.delegatingExecutor == null ? SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor);
                if (z2) {
                    SSLEngineTest.this.mySetupMutualAuthServerInitSslHandler(newHandler);
                }
                pipeline.addLast(new ChannelHandler[]{newHandler});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.serverReceiver, SSLEngineTest.this.serverLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.SSLEngineTest.1.1
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj == SslHandshakeCompletionEvent.SUCCESS) {
                            if (z) {
                                SSLEngineTest.this.serverException = new IllegalStateException("handshake complete. expected failure");
                            }
                            SSLEngineTest.this.serverLatch.countDown();
                        } else if (obj instanceof SslHandshakeCompletionEvent) {
                            SSLEngineTest.this.serverException = ((SslHandshakeCompletionEvent) obj).cause();
                            SSLEngineTest.this.serverLatch.countDown();
                        }
                        channelHandlerContext.fireUserEventTriggered(obj);
                    }

                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLHandshakeException)) {
                            SSLEngineTest.this.serverException = th;
                            channelHandlerContext.fireExceptionCaught(th);
                        } else {
                            SSLEngineTest.this.serverException = th.getCause();
                            SSLEngineTest.this.serverLatch.countDown();
                        }
                    }
                }});
                SSLEngineTest.this.serverConnectedChannel = channel;
            }
        });
        this.cb.group(new NioEventLoopGroup());
        this.cb.channel(NioSocketChannel.class);
        this.cb.handler(new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.SSLEngineTest.2
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), SSLEngineTest.this.type));
                ChannelPipeline pipeline = channel.pipeline();
                pipeline.addLast(new ChannelHandler[]{SSLEngineTest.this.delegatingExecutor == null ? SSLEngineTest.this.clientSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.clientSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor)});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.clientReceiver, SSLEngineTest.this.clientLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.SSLEngineTest.2.1
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj == SslHandshakeCompletionEvent.SUCCESS) {
                            if (!z) {
                                SSLEngineTest.this.clientLatch.countDown();
                            }
                        } else if (obj instanceof SslHandshakeCompletionEvent) {
                            SSLEngineTest.this.clientException = ((SslHandshakeCompletionEvent) obj).cause();
                            SSLEngineTest.this.clientLatch.countDown();
                        }
                        channelHandlerContext.fireUserEventTriggered(obj);
                    }

                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLException)) {
                            channelHandlerContext.fireExceptionCaught(th);
                            return;
                        }
                        SSLEngineTest.this.clientException = th.getCause();
                        SSLEngineTest.this.clientLatch.countDown();
                    }
                }});
            }
        });
        this.serverChannel = this.sb.bind(new InetSocketAddress(8443)).sync().channel();
        ChannelFuture connect = this.cb.connect(new InetSocketAddress(NetUtil.LOCALHOST, ((InetSocketAddress) this.serverChannel.localAddress()).getPort()));
        Assert.assertTrue(connect.awaitUninterruptibly().isSuccess());
        this.clientChannel = connect.channel();
    }

    @Test
    public void testClientHostnameValidationSuccess() throws InterruptedException, SSLException {
        mySetupClientHostnameValidation(ResourcesUtil.getFile(getClass(), "localhost_server.pem"), ResourcesUtil.getFile(getClass(), "localhost_server.key"), ResourcesUtil.getFile(getClass(), "mutual_auth_ca.pem"), false);
        Assert.assertTrue(this.clientLatch.await(5L, TimeUnit.SECONDS));
        Assert.assertNull(this.clientException);
        Assert.assertTrue(this.serverLatch.await(5L, TimeUnit.SECONDS));
        Assert.assertNull(this.serverException);
    }

    @Test
    public void testClientHostnameValidationFail() throws InterruptedException, SSLException {
        mySetupClientHostnameValidation(ResourcesUtil.getFile(getClass(), "notlocalhost_server.pem"), ResourcesUtil.getFile(getClass(), "notlocalhost_server.key"), ResourcesUtil.getFile(getClass(), "mutual_auth_ca.pem"), true);
        Assert.assertTrue(this.clientLatch.await(5L, TimeUnit.SECONDS));
        Assert.assertTrue("unexpected exception: " + this.clientException, mySetupMutualAuthServerIsValidClientException(this.clientException));
        Assert.assertTrue(this.serverLatch.await(5L, TimeUnit.SECONDS));
        Assert.assertTrue("unexpected exception: " + this.serverException, mySetupMutualAuthServerIsValidServerException(this.serverException));
    }

    private void mySetupClientHostnameValidation(File file, File file2, File file3, final boolean z) throws SSLException, InterruptedException {
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(file, file2, (String) null).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).sslContextProvider(serverSslContextProvider()).trustManager(InsecureTrustManagerFactory.INSTANCE).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0L).sessionTimeout(0L).build());
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).sslContextProvider(clientSslContextProvider()).trustManager(file3).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0L).sessionTimeout(0L).build());
        this.serverConnectedChannel = null;
        this.sb = new ServerBootstrap();
        this.cb = new Bootstrap();
        this.sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
        this.sb.channel(NioServerSocketChannel.class);
        this.sb.childHandler(new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.SSLEngineTest.3
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), SSLEngineTest.this.type));
                ChannelPipeline pipeline = channel.pipeline();
                pipeline.addLast(new ChannelHandler[]{SSLEngineTest.this.delegatingExecutor == null ? SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor)});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.serverReceiver, SSLEngineTest.this.serverLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.SSLEngineTest.3.1
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj == SslHandshakeCompletionEvent.SUCCESS) {
                            if (z) {
                                SSLEngineTest.this.serverException = new IllegalStateException("handshake complete. expected failure");
                            }
                            SSLEngineTest.this.serverLatch.countDown();
                        } else if (obj instanceof SslHandshakeCompletionEvent) {
                            SSLEngineTest.this.serverException = ((SslHandshakeCompletionEvent) obj).cause();
                            SSLEngineTest.this.serverLatch.countDown();
                        }
                        channelHandlerContext.fireUserEventTriggered(obj);
                    }

                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLHandshakeException)) {
                            SSLEngineTest.this.serverException = th;
                            channelHandlerContext.fireExceptionCaught(th);
                        } else {
                            SSLEngineTest.this.serverException = th.getCause();
                            SSLEngineTest.this.serverLatch.countDown();
                        }
                    }
                }});
                SSLEngineTest.this.serverConnectedChannel = channel;
            }
        });
        this.cb.group(new NioEventLoopGroup());
        this.cb.channel(NioSocketChannel.class);
        this.cb.handler(new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.SSLEngineTest.4
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), SSLEngineTest.this.type));
                ChannelPipeline pipeline = channel.pipeline();
                SslHandler newHandler = SSLEngineTest.this.delegatingExecutor == null ? SSLEngineTest.this.clientSslCtx.newHandler(channel.alloc(), "localhost", 0) : SSLEngineTest.this.clientSslCtx.newHandler(channel.alloc(), "localhost", 0, SSLEngineTest.this.delegatingExecutor);
                SSLParameters sSLParameters = newHandler.engine().getSSLParameters();
                if (SslUtils.isValidHostNameForSNI("localhost")) {
                    Assert.assertEquals(1L, sSLParameters.getServerNames().size());
                    Assert.assertEquals(new SNIHostName("localhost"), sSLParameters.getServerNames().get(0));
                }
                sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
                newHandler.engine().setSSLParameters(sSLParameters);
                pipeline.addLast(new ChannelHandler[]{newHandler});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.clientReceiver, SSLEngineTest.this.clientLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.SSLEngineTest.4.1
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj == SslHandshakeCompletionEvent.SUCCESS) {
                            if (z) {
                                SSLEngineTest.this.clientException = new IllegalStateException("handshake complete. expected failure");
                            }
                            SSLEngineTest.this.clientLatch.countDown();
                        } else if (obj instanceof SslHandshakeCompletionEvent) {
                            SSLEngineTest.this.clientException = ((SslHandshakeCompletionEvent) obj).cause();
                            SSLEngineTest.this.clientLatch.countDown();
                        }
                        channelHandlerContext.fireUserEventTriggered(obj);
                    }

                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLHandshakeException)) {
                            channelHandlerContext.fireExceptionCaught(th);
                            return;
                        }
                        SSLEngineTest.this.clientException = th.getCause();
                        SSLEngineTest.this.clientLatch.countDown();
                    }
                }});
            }
        });
        this.serverChannel = this.sb.bind(new InetSocketAddress("localhost", 0)).sync().channel();
        ChannelFuture connect = this.cb.connect(new InetSocketAddress("localhost", ((InetSocketAddress) this.serverChannel.localAddress()).getPort()));
        Assert.assertTrue(connect.awaitUninterruptibly().isSuccess());
        this.clientChannel = connect.channel();
    }

    private void mySetupMutualAuth(File file, File file2, String str) throws SSLException, InterruptedException {
        mySetupMutualAuth(file2, file, file2, str, file2, file, file2, str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void verifySSLSessionForMutualAuth(SSLSession sSLSession, File file, String str) throws Exception {
        FileInputStream fileInputStream = null;
        try {
            Assert.assertEquals(str, sSLSession.getLocalPrincipal().getName());
            Assert.assertEquals(str, sSLSession.getPeerPrincipal().getName());
            Assert.assertNotNull(sSLSession.getId());
            Assert.assertEquals(this.protocolCipherCombo.cipher, sSLSession.getCipherSuite());
            Assert.assertEquals(this.protocolCipherCombo.protocol, sSLSession.getProtocol());
            Assert.assertTrue(sSLSession.getApplicationBufferSize() > 0);
            Assert.assertTrue(sSLSession.getCreationTime() > 0);
            Assert.assertTrue(sSLSession.isValid());
            Assert.assertTrue(sSLSession.getLastAccessedTime() > 0);
            fileInputStream = new FileInputStream(file);
            byte[] encoded = SslContext.X509_CERT_FACTORY.generateCertificate(fileInputStream).getEncoded();
            Assert.assertEquals(1L, sSLSession.getPeerCertificates().length);
            Assert.assertArrayEquals(encoded, sSLSession.getPeerCertificates()[0].getEncoded());
            Assert.assertEquals(1L, sSLSession.getPeerCertificateChain().length);
            Assert.assertArrayEquals(encoded, sSLSession.getPeerCertificateChain()[0].getEncoded());
            Assert.assertEquals(1L, sSLSession.getLocalCertificates().length);
            Assert.assertArrayEquals(encoded, sSLSession.getLocalCertificates()[0].getEncoded());
            if (fileInputStream != null) {
                fileInputStream.close();
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private void mySetupMutualAuth(File file, File file2, final File file3, String str, File file4, File file5, final File file6, String str2) throws InterruptedException, SSLException {
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(file3, file2, str).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(protocols()).ciphers(ciphers()).trustManager(file).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0L).sessionTimeout(0L).build());
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(protocols()).ciphers(ciphers()).trustManager(file4).keyManager(file6, file5, str2).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0L).sessionTimeout(0L).build());
        this.serverConnectedChannel = null;
        this.sb = new ServerBootstrap();
        this.cb = new Bootstrap();
        this.sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
        this.sb.channel(NioServerSocketChannel.class);
        this.sb.childHandler(new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.SSLEngineTest.5
            protected void initChannel(Channel channel) {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), SSLEngineTest.this.type));
                ChannelPipeline pipeline = channel.pipeline();
                final SSLEngine wrapEngine = SSLEngineTest.this.wrapEngine(SSLEngineTest.this.serverSslCtx.newEngine(channel.alloc()));
                wrapEngine.setUseClientMode(false);
                wrapEngine.setNeedClientAuth(true);
                pipeline.addLast(new ChannelHandler[]{new SslHandler(wrapEngine)});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.serverReceiver, SSLEngineTest.this.serverLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.SSLEngineTest.5.1
                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLHandshakeException)) {
                            SSLEngineTest.this.serverException = th;
                            channelHandlerContext.fireExceptionCaught(th);
                        } else {
                            SSLEngineTest.this.serverException = th.getCause();
                            SSLEngineTest.this.serverLatch.countDown();
                        }
                    }

                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj == SslHandshakeCompletionEvent.SUCCESS) {
                            try {
                                SSLEngineTest.this.verifySSLSessionForMutualAuth(wrapEngine.getSession(), file3, SSLEngineTest.PRINCIPAL_NAME);
                            } catch (Throwable th) {
                                SSLEngineTest.this.serverException = th;
                            }
                        }
                    }
                }});
                SSLEngineTest.this.serverConnectedChannel = channel;
            }
        });
        this.cb.group(new NioEventLoopGroup());
        this.cb.channel(NioSocketChannel.class);
        this.cb.handler(new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.SSLEngineTest.6
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), SSLEngineTest.this.type));
                final SslHandler newHandler = SSLEngineTest.this.delegatingExecutor == null ? SSLEngineTest.this.clientSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.clientSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor);
                newHandler.engine().setNeedClientAuth(true);
                ChannelPipeline pipeline = channel.pipeline();
                pipeline.addLast(new ChannelHandler[]{newHandler});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.clientReceiver, SSLEngineTest.this.clientLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.SSLEngineTest.6.1
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj == SslHandshakeCompletionEvent.SUCCESS) {
                            try {
                                SSLEngineTest.this.verifySSLSessionForMutualAuth(newHandler.engine().getSession(), file6, SSLEngineTest.PRINCIPAL_NAME);
                            } catch (Throwable th) {
                                SSLEngineTest.this.clientException = th;
                            }
                        }
                    }

                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLHandshakeException)) {
                            channelHandlerContext.fireExceptionCaught(th);
                            return;
                        }
                        SSLEngineTest.this.clientException = th.getCause();
                        SSLEngineTest.this.clientLatch.countDown();
                    }
                }});
            }
        });
        this.serverChannel = this.sb.bind(new InetSocketAddress(0)).sync().channel();
        ChannelFuture connect = this.cb.connect(new InetSocketAddress(NetUtil.LOCALHOST, ((InetSocketAddress) this.serverChannel.localAddress()).getPort()));
        Assert.assertTrue(connect.awaitUninterruptibly().isSuccess());
        this.clientChannel = connect.channel();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void runTest(String str) throws Exception {
        ByteBuf copiedBuffer = Unpooled.copiedBuffer("I am a client".getBytes());
        ByteBuf copiedBuffer2 = Unpooled.copiedBuffer("I am a server".getBytes());
        try {
            writeAndVerifyReceived(copiedBuffer.retain(), this.clientChannel, this.serverLatch, this.serverReceiver);
            writeAndVerifyReceived(copiedBuffer2.retain(), this.serverConnectedChannel, this.clientLatch, this.clientReceiver);
            verifyApplicationLevelProtocol(this.clientChannel, str);
            verifyApplicationLevelProtocol(this.serverConnectedChannel, str);
            copiedBuffer.release();
            copiedBuffer2.release();
        } catch (Throwable th) {
            copiedBuffer.release();
            copiedBuffer2.release();
            throw th;
        }
    }

    private static void verifyApplicationLevelProtocol(Channel channel, String str) {
        SslHandler sslHandler = channel.pipeline().get(SslHandler.class);
        Assert.assertNotNull(sslHandler);
        Assert.assertEquals(str, sslHandler.applicationProtocol());
        Java9SslEngine engine = sslHandler.engine();
        if (engine instanceof Java9SslEngine) {
            Assert.assertEquals(str == null ? "" : str, engine.getApplicationProtocol());
        }
    }

    private static void writeAndVerifyReceived(ByteBuf byteBuf, Channel channel, CountDownLatch countDownLatch, MessageReceiver messageReceiver) throws Exception {
        List list = null;
        try {
            Assert.assertTrue(channel.writeAndFlush(byteBuf).await(5L, TimeUnit.SECONDS));
            countDownLatch.await(5L, TimeUnit.SECONDS);
            byteBuf.resetReaderIndex();
            ArgumentCaptor forClass = ArgumentCaptor.forClass(ByteBuf.class);
            ((MessageReceiver) Mockito.verify(messageReceiver)).messageReceived((ByteBuf) forClass.capture());
            list = forClass.getAllValues();
            Assert.assertEquals(byteBuf, list.get(0));
            if (list != null) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    ((ByteBuf) it.next()).release();
                }
            }
        } catch (Throwable th) {
            if (list != null) {
                Iterator it2 = list.iterator();
                while (it2.hasNext()) {
                    ((ByteBuf) it2.next()).release();
                }
            }
            throw th;
        }
    }

    @Test
    public void testGetCreationTime() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).build());
        SSLEngine sSLEngine = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            Assert.assertTrue(sSLEngine.getSession().getCreationTime() <= System.currentTimeMillis());
            cleanupClientSslEngine(sSLEngine);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            throw th;
        }
    }

    @Test
    public void testSessionInvalidate() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngine, sSLEngine2);
            SSLSession session = sSLEngine2.getSession();
            Assert.assertTrue(session.isValid());
            session.invalidate();
            Assert.assertFalse(session.isValid());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test
    public void testSSLSessionId() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(new String[]{"TLSv1.2"}).sslContextProvider(clientSslContextProvider()).build());
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(new String[]{"TLSv1.2"}).sslContextProvider(serverSslContextProvider()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            Assert.assertEquals(0L, sSLEngine.getSession().getId().length);
            Assert.assertEquals(0L, sSLEngine2.getSession().getId().length);
            handshake(sSLEngine, sSLEngine2);
            Assert.assertNotEquals(0L, sSLEngine.getSession().getId().length);
            Assert.assertNotEquals(0L, sSLEngine2.getSession().getId().length);
            Assert.assertArrayEquals(sSLEngine.getSession().getId(), sSLEngine2.getSession().getId());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test(timeout = 30000)
    public void clientInitiatedRenegotiationWithFatalAlertDoesNotInfiniteLoopServer() throws CertificateException, SSLException, InterruptedException, ExecutionException {
        Assume.assumeTrue(PlatformDependent.javaVersion() >= 11);
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(protocols()).ciphers(ciphers()).build());
        this.sb = new ServerBootstrap().group(new NioEventLoopGroup(1)).channel(NioServerSocketChannel.class).childHandler(new ChannelInitializer<SocketChannel>() { // from class: io.netty.handler.ssl.SSLEngineTest.7
            public void initChannel(SocketChannel socketChannel) {
                socketChannel.config().setAllocator(new TestByteBufAllocator(socketChannel.config().getAllocator(), SSLEngineTest.this.type));
                ChannelPipeline pipeline = socketChannel.pipeline();
                pipeline.addLast(new ChannelHandler[]{SSLEngineTest.this.delegatingExecutor == null ? SSLEngineTest.this.serverSslCtx.newHandler(socketChannel.alloc()) : SSLEngineTest.this.serverSslCtx.newHandler(socketChannel.alloc(), SSLEngineTest.this.delegatingExecutor)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.SSLEngineTest.7.1
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) {
                        if ((obj instanceof SslHandshakeCompletionEvent) && ((SslHandshakeCompletionEvent) obj).isSuccess()) {
                            channelHandlerContext.writeAndFlush(channelHandlerContext.alloc().buffer(1).writeByte(100));
                        }
                        channelHandlerContext.fireUserEventTriggered(obj);
                    }

                    public void channelRead(final ChannelHandlerContext channelHandlerContext, Object obj) {
                        ReferenceCountUtil.release(obj);
                        channelHandlerContext.channel().eventLoop().schedule(new Runnable() { // from class: io.netty.handler.ssl.SSLEngineTest.7.1.1
                            @Override // java.lang.Runnable
                            public void run() {
                                channelHandlerContext.writeAndFlush(channelHandlerContext.alloc().buffer(1).writeByte(101));
                            }
                        }, 500L, TimeUnit.MILLISECONDS);
                    }

                    public void channelInactive(ChannelHandlerContext channelHandlerContext) {
                        SSLEngineTest.this.serverLatch.countDown();
                    }
                }});
                SSLEngineTest.this.serverConnectedChannel = socketChannel;
            }
        });
        this.serverChannel = this.sb.bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(InsecureTrustManagerFactory.INSTANCE).protocols(protocols()).ciphers(ciphers()).build());
        this.cb = new Bootstrap();
        this.cb.group(new NioEventLoopGroup(1)).channel(NioSocketChannel.class).handler(new ChannelInitializer<SocketChannel>() { // from class: io.netty.handler.ssl.SSLEngineTest.8
            public void initChannel(SocketChannel socketChannel) {
                socketChannel.config().setAllocator(new TestByteBufAllocator(socketChannel.config().getAllocator(), SSLEngineTest.this.type));
                ChannelPipeline pipeline = socketChannel.pipeline();
                SslHandler newHandler = SSLEngineTest.this.delegatingExecutor == null ? SSLEngineTest.this.clientSslCtx.newHandler(socketChannel.alloc()) : SSLEngineTest.this.clientSslCtx.newHandler(socketChannel.alloc(), SSLEngineTest.this.delegatingExecutor);
                newHandler.setHandshakeTimeout(1L, TimeUnit.SECONDS);
                pipeline.addLast(new ChannelHandler[]{newHandler});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.SSLEngineTest.8.1
                    private int handshakeCount;

                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) {
                        if (obj instanceof SslHandshakeCompletionEvent) {
                            int i = this.handshakeCount + 1;
                            this.handshakeCount = i;
                            if (i == 2) {
                                channelHandlerContext.close();
                                return;
                            }
                        }
                        channelHandlerContext.fireUserEventTriggered(obj);
                    }

                    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) {
                        ReferenceCountUtil.release(obj);
                        channelHandlerContext.writeAndFlush(channelHandlerContext.alloc().buffer(1).writeByte(102));
                        channelHandlerContext.pipeline().get(SslHandler.class).renegotiate();
                    }
                }});
            }
        });
        ChannelFuture connect = this.cb.connect(this.serverChannel.localAddress());
        Assert.assertTrue(connect.syncUninterruptibly().isSuccess());
        this.clientChannel = connect.channel();
        this.serverLatch.await();
        selfSignedCertificate.delete();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void testEnablingAnAlreadyDisabledSslProtocol(String[] strArr, String[] strArr2) throws Exception {
        SSLEngine sSLEngine = null;
        try {
            this.serverSslCtx = wrapContext(SslContextBuilder.forServer(ResourcesUtil.getFile(getClass(), "test.crt"), ResourcesUtil.getFile(getClass(), "test_unencrypted.pem")).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(protocols()).ciphers(ciphers()).build());
            sSLEngine = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine.setEnabledProtocols(EmptyArrays.EMPTY_STRINGS);
            Assert.assertArrayEquals(strArr, sSLEngine.getEnabledProtocols());
            sSLEngine.setEnabledProtocols(new String[]{"TLSv1.2"});
            String[] enabledProtocols = sSLEngine.getEnabledProtocols();
            Assert.assertEquals(strArr2.length, enabledProtocols.length);
            Assert.assertArrayEquals(strArr2, enabledProtocols);
            if (sSLEngine != null) {
                sSLEngine.closeInbound();
                sSLEngine.closeOutbound();
                cleanupServerSslEngine(sSLEngine);
            }
        } catch (Throwable th) {
            if (sSLEngine != null) {
                sSLEngine.closeInbound();
                sSLEngine.closeOutbound();
                cleanupServerSslEngine(sSLEngine);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) throws Exception {
        ByteBuffer allocateBuffer = allocateBuffer(sSLEngine.getSession().getPacketBufferSize());
        ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngine2.getSession().getPacketBufferSize());
        ByteBuffer allocateBuffer3 = allocateBuffer(sSLEngine2.getSession().getApplicationBufferSize());
        ByteBuffer allocateBuffer4 = allocateBuffer(sSLEngine.getSession().getApplicationBufferSize());
        sSLEngine.beginHandshake();
        sSLEngine2.beginHandshake();
        ByteBuffer allocateBuffer5 = allocateBuffer(0);
        boolean z = false;
        boolean z2 = false;
        while (true) {
            int position = allocateBuffer.position();
            int position2 = allocateBuffer2.position();
            if (!z) {
                SSLEngineResult wrap = sSLEngine.wrap(allocateBuffer5, allocateBuffer);
                runDelegatedTasks(wrap, sSLEngine);
                Assert.assertEquals(allocateBuffer5.remaining(), wrap.bytesConsumed());
                Assert.assertEquals(allocateBuffer.position() - position, wrap.bytesProduced());
                if (isHandshakeFinished(wrap)) {
                    z = true;
                }
            }
            if (!z2) {
                SSLEngineResult wrap2 = sSLEngine2.wrap(allocateBuffer5, allocateBuffer2);
                runDelegatedTasks(wrap2, sSLEngine2);
                Assert.assertEquals(allocateBuffer5.remaining(), wrap2.bytesConsumed());
                Assert.assertEquals(allocateBuffer2.position() - position2, wrap2.bytesProduced());
                if (isHandshakeFinished(wrap2)) {
                    z2 = true;
                }
            }
            allocateBuffer.flip();
            allocateBuffer2.flip();
            int position3 = allocateBuffer.position();
            int position4 = allocateBuffer2.position();
            if (!z || "TLSv1.3".equals(sSLEngine.getSession().getProtocol())) {
                int position5 = allocateBuffer4.position();
                SSLEngineResult unwrap = sSLEngine.unwrap(allocateBuffer2, allocateBuffer4);
                runDelegatedTasks(unwrap, sSLEngine);
                Assert.assertEquals(allocateBuffer2.position() - position4, unwrap.bytesConsumed());
                Assert.assertEquals(allocateBuffer4.position() - position5, unwrap.bytesProduced());
                if (isHandshakeFinished(unwrap)) {
                    z = true;
                }
            } else {
                Assert.assertEquals(0L, allocateBuffer2.remaining());
            }
            if (z2) {
                Assert.assertFalse(allocateBuffer.hasRemaining());
            } else {
                int position6 = allocateBuffer3.position();
                SSLEngineResult unwrap2 = sSLEngine2.unwrap(allocateBuffer, allocateBuffer3);
                runDelegatedTasks(unwrap2, sSLEngine2);
                Assert.assertEquals(allocateBuffer.position() - position3, unwrap2.bytesConsumed());
                Assert.assertEquals(allocateBuffer3.position() - position6, unwrap2.bytesProduced());
                if (isHandshakeFinished(unwrap2)) {
                    z2 = true;
                }
            }
            allocateBuffer2.compact();
            allocateBuffer.compact();
            if (z && z2) {
                return;
            }
        }
    }

    private static boolean isHandshakeFinished(SSLEngineResult sSLEngineResult) {
        return sSLEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED;
    }

    private void runDelegatedTasks(SSLEngineResult sSLEngineResult, SSLEngine sSLEngine) throws Exception {
        if (sSLEngineResult.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_TASK) {
            return;
        }
        while (true) {
            Runnable delegatedTask = sSLEngine.getDelegatedTask();
            if (delegatedTask == null) {
                return;
            }
            if (this.delegatingExecutor == null) {
                delegatedTask.run();
            } else {
                this.delegatingExecutor.submit(delegatedTask).get();
            }
        }
    }

    protected abstract SslProvider sslClientProvider();

    protected abstract SslProvider sslServerProvider();

    protected Provider clientSslContextProvider() {
        return null;
    }

    protected Provider serverSslContextProvider() {
        return null;
    }

    protected void cleanupClientSslContext(SslContext sslContext) {
    }

    protected void cleanupServerSslContext(SslContext sslContext) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void cleanupClientSslEngine(SSLEngine sSLEngine) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void cleanupServerSslEngine(SSLEngine sSLEngine) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setupHandlers(ApplicationProtocolConfig applicationProtocolConfig) throws InterruptedException, SSLException, CertificateException {
        setupHandlers(applicationProtocolConfig, applicationProtocolConfig);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setupHandlers(ApplicationProtocolConfig applicationProtocolConfig, ApplicationProtocolConfig applicationProtocolConfig2) throws InterruptedException, SSLException, CertificateException {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        try {
            SslContextBuilder sessionTimeout = SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey(), (String) null).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).applicationProtocolConfig(applicationProtocolConfig).sessionCacheSize(0L).sessionTimeout(0L);
            if (applicationProtocolConfig.protocol() == ApplicationProtocolConfig.Protocol.NPN || applicationProtocolConfig.protocol() == ApplicationProtocolConfig.Protocol.NPN_AND_ALPN) {
                sessionTimeout.protocols(new String[]{"TLSv1.2"});
            }
            SslContextBuilder sessionTimeout2 = SslContextBuilder.forClient().sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).applicationProtocolConfig(applicationProtocolConfig2).trustManager(InsecureTrustManagerFactory.INSTANCE).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0L).sessionTimeout(0L);
            if (applicationProtocolConfig2.protocol() == ApplicationProtocolConfig.Protocol.NPN || applicationProtocolConfig2.protocol() == ApplicationProtocolConfig.Protocol.NPN_AND_ALPN) {
                sessionTimeout2.protocols(new String[]{"TLSv1.2"});
            }
            setupHandlers(wrapContext(sessionTimeout.build()), wrapContext(sessionTimeout2.build()));
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            selfSignedCertificate.delete();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setupHandlers(SslContext sslContext, SslContext sslContext2) throws InterruptedException, SSLException, CertificateException {
        this.serverSslCtx = sslContext;
        this.clientSslCtx = sslContext2;
        this.serverConnectedChannel = null;
        this.sb = new ServerBootstrap();
        this.cb = new Bootstrap();
        this.sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
        this.sb.channel(NioServerSocketChannel.class);
        this.sb.childHandler(new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.SSLEngineTest.9
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), SSLEngineTest.this.type));
                ChannelPipeline pipeline = channel.pipeline();
                pipeline.addLast(new ChannelHandler[]{SSLEngineTest.this.delegatingExecutor == null ? SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor)});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.serverReceiver, SSLEngineTest.this.serverLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.SSLEngineTest.9.1
                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLHandshakeException)) {
                            channelHandlerContext.fireExceptionCaught(th);
                            return;
                        }
                        SSLEngineTest.this.serverException = th.getCause();
                        SSLEngineTest.this.serverLatch.countDown();
                    }
                }});
                SSLEngineTest.this.serverConnectedChannel = channel;
            }
        });
        this.cb.group(new NioEventLoopGroup());
        this.cb.channel(NioSocketChannel.class);
        this.cb.handler(new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.SSLEngineTest.10
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), SSLEngineTest.this.type));
                ChannelPipeline pipeline = channel.pipeline();
                pipeline.addLast(new ChannelHandler[]{SSLEngineTest.this.delegatingExecutor == null ? SSLEngineTest.this.clientSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.clientSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor)});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.clientReceiver, SSLEngineTest.this.clientLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.SSLEngineTest.10.1
                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLHandshakeException)) {
                            channelHandlerContext.fireExceptionCaught(th);
                            return;
                        }
                        SSLEngineTest.this.clientException = th.getCause();
                        SSLEngineTest.this.clientLatch.countDown();
                    }

                    public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
                        SSLEngineTest.this.clientLatch.countDown();
                    }
                }});
            }
        });
        this.serverChannel = this.sb.bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
        ChannelFuture connect = this.cb.connect(this.serverChannel.localAddress());
        Assert.assertTrue(connect.syncUninterruptibly().isSuccess());
        this.clientChannel = connect.channel();
    }

    @Test(timeout = 30000)
    public void testMutualAuthSameCertChain() throws Exception {
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8)), new ByteArrayInputStream(PRIVATE_KEY_PEM.getBytes(CharsetUtil.UTF_8))).trustManager(new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8))).clientAuth(ClientAuth.REQUIRE).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(protocols()).ciphers(ciphers()).build());
        this.sb = new ServerBootstrap();
        this.sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
        this.sb.channel(NioServerSocketChannel.class);
        final Promise newPromise = this.sb.config().group().next().newPromise();
        this.serverChannel = this.sb.childHandler(new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.SSLEngineTest.11
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), SSLEngineTest.this.type));
                channel.pipeline().addFirst(new ChannelHandler[]{SSLEngineTest.this.delegatingExecutor == null ? SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor)});
                channel.pipeline().addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.SSLEngineTest.11.1
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj instanceof SslHandshakeCompletionEvent) {
                            Throwable cause = ((SslHandshakeCompletionEvent) obj).cause();
                            if (cause != null) {
                                newPromise.setFailure(cause);
                                return;
                            }
                            SSLSession session = channelHandlerContext.pipeline().first().engine().getSession();
                            javax.security.cert.X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
                            Certificate[] peerCertificates = session.getPeerCertificates();
                            if (peerCertificateChain == null) {
                                newPromise.setFailure(new NullPointerException("peerCertificateChain"));
                                return;
                            }
                            if (peerCertificates == null) {
                                newPromise.setFailure(new NullPointerException("peerCertificates"));
                                return;
                            }
                            if (peerCertificateChain.length + peerCertificates.length != 4) {
                                newPromise.setFailure(new IllegalStateException(String.format("peerCertificateChain.length:%s, peerCertificates.length:%s", Integer.valueOf(peerCertificateChain.length), Integer.valueOf(peerCertificates.length))));
                                return;
                            }
                            for (int i = 0; i < peerCertificateChain.length; i++) {
                                if (peerCertificateChain[i] == null || peerCertificates[i] == null) {
                                    newPromise.setFailure(new IllegalStateException("Certificate in chain is null"));
                                    return;
                                }
                            }
                            newPromise.setSuccess((Object) null);
                        }
                    }
                }});
                SSLEngineTest.this.serverConnectedChannel = channel;
            }
        }).bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().keyManager(new ByteArrayInputStream(CLIENT_X509_CERT_CHAIN_PEM.getBytes(CharsetUtil.UTF_8)), new ByteArrayInputStream(CLIENT_PRIVATE_KEY_PEM.getBytes(CharsetUtil.UTF_8))).trustManager(new ByteArrayInputStream(X509_CERT_PEM.getBytes(CharsetUtil.UTF_8))).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(protocols()).ciphers(ciphers()).build());
        this.cb = new Bootstrap();
        this.cb.group(new NioEventLoopGroup());
        this.cb.channel(NioSocketChannel.class);
        this.clientChannel = this.cb.handler(new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.SSLEngineTest.12
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), SSLEngineTest.this.type));
                channel.pipeline().addLast(new ChannelHandler[]{new SslHandler(SSLEngineTest.this.wrapEngine(SSLEngineTest.this.clientSslCtx.newEngine(channel.alloc())))});
            }
        }).connect(this.serverChannel.localAddress()).syncUninterruptibly().channel();
        newPromise.syncUninterruptibly();
    }

    @Test
    public void testUnwrapBehavior() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        byte[] bytes = "Hello World".getBytes(CharsetUtil.US_ASCII);
        try {
            ByteBuffer allocateBuffer = allocateBuffer(wrapEngine.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer2 = allocateBuffer(wrapEngine2.getSession().getPacketBufferSize() * 2);
            ByteBuffer allocateBuffer3 = allocateBuffer(wrapEngine2.getSession().getApplicationBufferSize());
            handshake(wrapEngine, wrapEngine2);
            allocateBuffer.put(bytes, 0, 5);
            allocateBuffer.flip();
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer, allocateBuffer2);
            Assert.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
            Assert.assertEquals(5L, wrap.bytesConsumed());
            Assert.assertTrue(wrap.bytesProduced() > 0);
            Assert.assertFalse(allocateBuffer.hasRemaining());
            allocateBuffer.clear();
            allocateBuffer.put(bytes, 5, 6);
            allocateBuffer.flip();
            SSLEngineResult wrap2 = wrapEngine.wrap(allocateBuffer, allocateBuffer2);
            Assert.assertEquals(SSLEngineResult.Status.OK, wrap2.getStatus());
            Assert.assertEquals(6L, wrap2.bytesConsumed());
            Assert.assertTrue(wrap2.bytesProduced() > 0);
            allocateBuffer2.flip();
            int remaining = allocateBuffer2.remaining();
            Assert.assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, wrapEngine2.unwrap(allocateBuffer2, allocateBuffer(3)).getStatus());
            Assert.assertEquals(remaining, allocateBuffer2.remaining());
            Assert.assertEquals(SSLEngineResult.Status.OK, wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3).getStatus());
            Assert.assertEquals(5L, r0.bytesProduced());
            Assert.assertTrue(allocateBuffer2.hasRemaining());
            Assert.assertEquals(SSLEngineResult.Status.OK, wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3).getStatus());
            Assert.assertEquals(6L, r0.bytesProduced());
            Assert.assertFalse(allocateBuffer2.hasRemaining());
            allocateBuffer3.flip();
            Assert.assertEquals(ByteBuffer.wrap(bytes), allocateBuffer3);
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test
    public void testProtocolMatch() throws Exception {
        testProtocol(new String[]{"TLSv1.2"}, new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"});
    }

    @Test(expected = SSLHandshakeException.class)
    public void testProtocolNoMatch() throws Exception {
        testProtocol(new String[]{"TLSv1.2"}, new String[]{"TLSv1", "TLSv1.1"});
    }

    private void testProtocol(String[] strArr, String[] strArr2) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(strArr).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(strArr2).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            handshake(wrapEngine, wrapEngine2);
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test
    public void testHandshakeCompletesWithNonContiguousProtocolsTLSv1_2CipherOnly() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).ciphers(Collections.singletonList("TLS_RSA_WITH_AES_128_CBC_SHA")).protocols(new String[]{"TLSv1.2", "TLSv1"}).sslProvider(sslClientProvider()).build());
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).ciphers(Collections.singletonList("TLS_RSA_WITH_AES_128_CBC_SHA")).protocols(new String[]{"TLSv1.2", "TLSv1"}).sslProvider(sslServerProvider()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngine, sSLEngine2);
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test
    public void testHandshakeCompletesWithoutFilteringSupportedCipher() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).ciphers(Collections.singletonList("TLS_RSA_WITH_AES_128_CBC_SHA"), SupportedCipherSuiteFilter.INSTANCE).protocols(new String[]{"TLSv1.2", "TLSv1"}).sslProvider(sslClientProvider()).build());
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).ciphers(Collections.singletonList("TLS_RSA_WITH_AES_128_CBC_SHA"), SupportedCipherSuiteFilter.INSTANCE).protocols(new String[]{"TLSv1.2", "TLSv1"}).sslProvider(sslServerProvider()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngine, sSLEngine2);
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test
    public void testPacketBufferSizeLimit() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(wrapEngine2.getSession().getApplicationBufferSize() * 2);
            handshake(wrapEngine, wrapEngine2);
            allocateBuffer.position(allocateBuffer.capacity());
            allocateBuffer.flip();
            ByteBuffer allocateBuffer2 = allocateBuffer(wrapEngine2.getSession().getPacketBufferSize());
            int position = allocateBuffer2.position();
            int position2 = allocateBuffer.position();
            Assert.assertEquals(SSLEngineResult.Status.OK, wrapEngine2.wrap(allocateBuffer, allocateBuffer2).getStatus());
            Assert.assertEquals(allocateBuffer.position() - position2, r0.bytesConsumed());
            Assert.assertEquals(allocateBuffer2.position() - position, r0.bytesProduced());
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test
    public void testSSLEngineUnwrapNoSslRecord() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(wrapEngine.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer2 = allocateBuffer(wrapEngine.getSession().getPacketBufferSize());
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer(0), allocateBuffer2);
            Assert.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
            Assert.assertEquals(SSLEngineResult.HandshakeStatus.NEED_UNWRAP, wrap.getHandshakeStatus());
            try {
                wrapEngine.unwrap(allocateBuffer, allocateBuffer2);
                Assert.fail();
            } catch (SSLException e) {
            }
        } finally {
            cleanupClientSslEngine(wrapEngine);
        }
    }

    @Test
    public void testBeginHandshakeAfterEngineClosed() throws SSLException {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            wrapEngine.closeInbound();
            wrapEngine.closeOutbound();
            try {
                wrapEngine.beginHandshake();
                Assert.fail();
            } catch (SSLException e) {
            }
        } finally {
            cleanupClientSslEngine(wrapEngine);
        }
    }

    @Test
    public void testBeginHandshakeCloseOutbound() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            testBeginHandshakeCloseOutbound(wrapEngine);
            testBeginHandshakeCloseOutbound(wrapEngine2);
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    private void testBeginHandshakeCloseOutbound(SSLEngine sSLEngine) throws SSLException {
        ByteBuffer allocateBuffer = allocateBuffer(sSLEngine.getSession().getPacketBufferSize());
        ByteBuffer allocateBuffer2 = allocateBuffer(0);
        sSLEngine.beginHandshake();
        sSLEngine.closeOutbound();
        while (true) {
            SSLEngineResult wrap = sSLEngine.wrap(allocateBuffer2, allocateBuffer);
            allocateBuffer.flip();
            Assert.assertEquals(0L, wrap.bytesConsumed());
            Assert.assertEquals(allocateBuffer.remaining(), wrap.bytesProduced());
            if (wrap.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                Assert.assertEquals(SSLEngineResult.Status.CLOSED, wrap.getStatus());
                return;
            }
            allocateBuffer.clear();
        }
    }

    @Test
    public void testCloseInboundAfterBeginHandshake() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            testCloseInboundAfterBeginHandshake(wrapEngine);
            testCloseInboundAfterBeginHandshake(wrapEngine2);
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    private static void testCloseInboundAfterBeginHandshake(SSLEngine sSLEngine) throws SSLException {
        sSLEngine.beginHandshake();
        try {
            sSLEngine.closeInbound();
            Assert.fail();
        } catch (SSLException e) {
        }
    }

    @Test
    public void testCloseNotifySequence() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(new String[]{"TLSv1.2"}).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(new String[]{"TLSv1.2"}).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(wrapEngine.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer2 = allocateBuffer(wrapEngine2.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer3 = allocateBuffer(wrapEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer4 = allocateBuffer(wrapEngine2.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer5 = allocateBuffer(0);
            handshake(wrapEngine, wrapEngine2);
            wrapEngine.closeOutbound();
            Assert.assertFalse(wrapEngine.isOutboundDone());
            Assert.assertFalse(wrapEngine.isInboundDone());
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer5, allocateBuffer3);
            allocateBuffer3.flip();
            Assert.assertEquals(SSLEngineResult.Status.CLOSED, wrap.getStatus());
            if (PlatformDependent.javaVersion() < 12 || sslClientProvider() != SslProvider.JDK) {
                Assert.assertEquals(SSLEngineResult.HandshakeStatus.NEED_UNWRAP, wrap.getHandshakeStatus());
            } else {
                Assert.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, wrap.getHandshakeStatus());
            }
            int bytesProduced = wrap.bytesProduced();
            int bytesConsumed = wrap.bytesConsumed();
            Assert.assertTrue(bytesProduced > 0);
            Assert.assertEquals(0L, bytesConsumed);
            Assert.assertEquals(bytesProduced, allocateBuffer3.remaining());
            Assert.assertTrue(wrapEngine.isOutboundDone());
            Assert.assertFalse(wrapEngine.isInboundDone());
            Assert.assertFalse(wrapEngine2.isOutboundDone());
            Assert.assertFalse(wrapEngine2.isInboundDone());
            SSLEngineResult unwrap = wrapEngine2.unwrap(allocateBuffer3, allocateBuffer2);
            allocateBuffer2.flip();
            Assert.assertEquals(SSLEngineResult.Status.CLOSED, unwrap.getStatus());
            Assert.assertEquals(SSLEngineResult.HandshakeStatus.NEED_WRAP, unwrap.getHandshakeStatus());
            int bytesProduced2 = unwrap.bytesProduced();
            Assert.assertEquals(bytesProduced, unwrap.bytesConsumed());
            Assert.assertEquals(0L, bytesProduced2);
            Assert.assertEquals(0L, allocateBuffer3.remaining());
            Assert.assertEquals(0L, allocateBuffer2.remaining());
            Assert.assertFalse(wrapEngine2.isOutboundDone());
            Assert.assertTrue(wrapEngine2.isInboundDone());
            SSLEngineResult wrap2 = wrapEngine2.wrap(allocateBuffer5, allocateBuffer4);
            allocateBuffer4.flip();
            Assert.assertEquals(SSLEngineResult.Status.CLOSED, wrap2.getStatus());
            Assert.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, wrap2.getHandshakeStatus());
            int bytesProduced3 = wrap2.bytesProduced();
            int bytesConsumed2 = wrap2.bytesConsumed();
            Assert.assertEquals(bytesProduced, bytesProduced3);
            Assert.assertEquals(0L, bytesConsumed2);
            Assert.assertEquals(bytesProduced3, allocateBuffer4.remaining());
            Assert.assertTrue(wrapEngine2.isOutboundDone());
            Assert.assertTrue(wrapEngine2.isInboundDone());
            SSLEngineResult unwrap2 = wrapEngine.unwrap(allocateBuffer4, allocateBuffer);
            allocateBuffer.flip();
            Assert.assertEquals(SSLEngineResult.Status.CLOSED, unwrap2.getStatus());
            Assert.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, unwrap2.getHandshakeStatus());
            int bytesProduced4 = unwrap2.bytesProduced();
            Assert.assertEquals(bytesProduced, unwrap2.bytesConsumed());
            Assert.assertEquals(0L, bytesProduced4);
            Assert.assertEquals(0L, allocateBuffer4.remaining());
            Assert.assertTrue(wrapEngine.isOutboundDone());
            Assert.assertTrue(wrapEngine.isInboundDone());
            allocateBuffer4.clear();
            allocateBuffer2.clear();
            assertEngineRemainsClosed(wrapEngine2.wrap(allocateBuffer2, allocateBuffer4));
            allocateBuffer3.clear();
            allocateBuffer2.clear();
            assertEngineRemainsClosed(wrapEngine2.unwrap(allocateBuffer3, allocateBuffer2));
            allocateBuffer3.clear();
            allocateBuffer.clear();
            assertEngineRemainsClosed(wrapEngine.wrap(allocateBuffer, allocateBuffer3));
            allocateBuffer4.clear();
            allocateBuffer.clear();
            assertEngineRemainsClosed(wrapEngine.unwrap(allocateBuffer4, allocateBuffer));
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    private static void assertEngineRemainsClosed(SSLEngineResult sSLEngineResult) {
        Assert.assertEquals(SSLEngineResult.Status.CLOSED, sSLEngineResult.getStatus());
        Assert.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, sSLEngineResult.getHandshakeStatus());
        Assert.assertEquals(0L, sSLEngineResult.bytesConsumed());
        Assert.assertEquals(0L, sSLEngineResult.bytesProduced());
    }

    @Test
    public void testWrapAfterCloseOutbound() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(wrapEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer2 = allocateBuffer(1024);
            handshake(wrapEngine, wrapEngine2);
            wrapEngine.closeOutbound();
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer2, allocateBuffer);
            Assert.assertEquals(SSLEngineResult.Status.CLOSED, wrap.getStatus());
            Assert.assertEquals(0L, wrap.bytesConsumed());
            Assert.assertTrue(wrap.bytesProduced() > 0);
            Assert.assertTrue(wrapEngine.isOutboundDone());
            Assert.assertFalse(wrapEngine.isInboundDone());
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @Test
    public void testMultipleRecordsInOneBufferWithNonZeroPosition() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(1024);
            ByteBuffer allocateBuffer2 = allocateBuffer(wrapEngine2.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer3 = allocateBuffer(wrapEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer4 = allocateBuffer((allocateBuffer3.capacity() * 2) + 1);
            allocateBuffer4.position(1);
            handshake(wrapEngine, wrapEngine2);
            allocateBuffer.limit(allocateBuffer.capacity());
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer, allocateBuffer3);
            Assert.assertEquals(allocateBuffer.capacity(), wrap.bytesConsumed());
            Assert.assertTrue(wrap.bytesProduced() > 0);
            allocateBuffer3.flip();
            allocateBuffer4.put(allocateBuffer3);
            allocateBuffer.clear();
            allocateBuffer3.clear();
            SSLEngineResult wrap2 = wrapEngine.wrap(allocateBuffer, allocateBuffer3);
            Assert.assertEquals(allocateBuffer.capacity(), wrap2.bytesConsumed());
            Assert.assertTrue(wrap2.bytesProduced() > 0);
            allocateBuffer3.flip();
            int remaining = allocateBuffer3.remaining();
            allocateBuffer4.put(allocateBuffer3);
            allocateBuffer3.clear();
            allocateBuffer4.flip();
            allocateBuffer4.position(1);
            allocateBuffer4.limit(allocateBuffer4.limit() - (remaining - 1));
            SSLEngineResult unwrap = wrapEngine2.unwrap(allocateBuffer4, allocateBuffer2);
            Assert.assertEquals(remaining, unwrap.bytesConsumed());
            Assert.assertTrue(unwrap.bytesProduced() > 0);
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @Test
    public void testMultipleRecordsInOneBufferBiggerThenPacketBufferSize() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(4096);
            ByteBuffer allocateBuffer2 = allocateBuffer(wrapEngine2.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer3 = allocateBuffer(wrapEngine2.getSession().getPacketBufferSize() * 2);
            handshake(wrapEngine, wrapEngine2);
            int remaining = allocateBuffer.remaining();
            int i = 0;
            while (true) {
                int position = allocateBuffer.position();
                int position2 = allocateBuffer3.position();
                SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer, allocateBuffer3);
                if (wrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                    Assert.assertEquals(position, allocateBuffer.position());
                    Assert.assertEquals(position2, allocateBuffer3.position());
                    break;
                }
                Assert.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
                Assert.assertEquals(remaining, wrap.bytesConsumed());
                Assert.assertTrue(wrap.bytesProduced() > 0);
                allocateBuffer.clear();
                i++;
                if (allocateBuffer3.position() >= wrapEngine2.getSession().getPacketBufferSize()) {
                    break;
                }
            }
            Assert.assertTrue(i >= 2);
            allocateBuffer3.flip();
            SSLEngineResult unwrap = wrapEngine2.unwrap(allocateBuffer3, allocateBuffer2);
            Assert.assertEquals(SSLEngineResult.Status.OK, unwrap.getStatus());
            Assert.assertTrue(unwrap.bytesConsumed() > 0);
            Assert.assertTrue(unwrap.bytesProduced() > 0);
            Assert.assertTrue(allocateBuffer3.hasRemaining());
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @Test
    public void testBufferUnderFlow() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(1024);
            allocateBuffer.limit(allocateBuffer.capacity());
            ByteBuffer allocateBuffer2 = allocateBuffer(wrapEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer3 = allocateBuffer(wrapEngine2.getSession().getApplicationBufferSize());
            handshake(wrapEngine, wrapEngine2);
            Assert.assertEquals(SSLEngineResult.Status.OK, wrapEngine.wrap(allocateBuffer, allocateBuffer2).getStatus());
            Assert.assertEquals(r0.bytesConsumed(), allocateBuffer.capacity());
            allocateBuffer2.flip();
            int remaining = allocateBuffer2.remaining();
            allocateBuffer2.limit(4);
            assertResultIsBufferUnderflow(wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3));
            allocateBuffer2.limit(5);
            assertResultIsBufferUnderflow(wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3));
            allocateBuffer2.limit(((5 + remaining) - 1) - 5);
            assertResultIsBufferUnderflow(wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3));
            allocateBuffer2.limit(remaining);
            SSLEngineResult unwrap = wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3);
            Assert.assertEquals(SSLEngineResult.Status.OK, unwrap.getStatus());
            Assert.assertEquals(unwrap.bytesConsumed(), remaining);
            Assert.assertTrue(unwrap.bytesProduced() > 0);
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    private static void assertResultIsBufferUnderflow(SSLEngineResult sSLEngineResult) {
        Assert.assertEquals(SSLEngineResult.Status.BUFFER_UNDERFLOW, sSLEngineResult.getStatus());
        Assert.assertEquals(0L, sSLEngineResult.bytesConsumed());
        Assert.assertEquals(0L, sSLEngineResult.bytesProduced());
    }

    @Test
    public void testWrapDoesNotZeroOutSrc() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(wrapEngine2.getSession().getApplicationBufferSize() / 2);
            handshake(wrapEngine, wrapEngine2);
            for (int i = 0; i < allocateBuffer.capacity(); i++) {
                allocateBuffer.put(i, (byte) i);
            }
            allocateBuffer.position(allocateBuffer.capacity());
            allocateBuffer.flip();
            SSLEngineResult wrap = wrapEngine2.wrap(allocateBuffer, allocateBuffer(wrapEngine2.getSession().getPacketBufferSize()));
            Assert.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
            Assert.assertTrue(wrap.bytesConsumed() > 0);
            for (int i2 = 0; i2 < allocateBuffer.capacity(); i2++) {
                Assert.assertEquals((byte) i2, allocateBuffer.get(i2));
            }
        } finally {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
        }
    }

    @Test
    public void testDisableProtocols() throws Exception {
        testDisableProtocols("SSLv2", "SSLv2");
        testDisableProtocols("SSLv3", "SSLv2", "SSLv3");
        testDisableProtocols("TLSv1", "SSLv2", "SSLv3", "TLSv1");
        testDisableProtocols("TLSv1.1", "SSLv2", "SSLv3", "TLSv1", "TLSv1.1");
        testDisableProtocols("TLSv1.2", "SSLv2", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
    }

    private void testDisableProtocols(String str, String... strArr) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        SslContext wrapContext = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(wrapContext.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            HashSet hashSet = new HashSet(Arrays.asList(wrapEngine.getSupportedProtocols()));
            if (hashSet.contains(str)) {
                wrapEngine.setEnabledProtocols(wrapEngine.getSupportedProtocols());
                Assert.assertEquals(hashSet, new HashSet(Arrays.asList(wrapEngine.getSupportedProtocols())));
                for (String str2 : strArr) {
                    hashSet.remove(str2);
                }
                if (hashSet.contains("SSLv2Hello") && hashSet.size() == 1) {
                    return;
                }
                wrapEngine.setEnabledProtocols((String[]) hashSet.toArray(new String[0]));
                Assert.assertEquals(hashSet, new HashSet(Arrays.asList(wrapEngine.getEnabledProtocols())));
                wrapEngine.setEnabledProtocols(wrapEngine.getSupportedProtocols());
            }
            cleanupServerSslEngine(wrapEngine);
            cleanupClientSslContext(wrapContext);
            selfSignedCertificate.delete();
        } finally {
            cleanupServerSslEngine(wrapEngine);
            cleanupClientSslContext(wrapContext);
            selfSignedCertificate.delete();
        }
    }

    @Test
    public void testUsingX509TrustManagerVerifiesHostname() throws Exception {
        sslClientProvider();
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new TrustManagerFactory(new TrustManagerFactorySpi() { // from class: io.netty.handler.ssl.SSLEngineTest.13
            @Override // javax.net.ssl.TrustManagerFactorySpi
            protected void engineInit(KeyStore keyStore) {
            }

            @Override // javax.net.ssl.TrustManagerFactorySpi
            protected TrustManager[] engineGetTrustManagers() {
                return new TrustManager[]{new X509TrustManager() { // from class: io.netty.handler.ssl.SSLEngineTest.13.1
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return EmptyArrays.EMPTY_X509_CERTIFICATES;
                    }
                }};
            }

            @Override // javax.net.ssl.TrustManagerFactorySpi
            protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
            }
        }, null, TrustManagerFactory.getDefaultAlgorithm()) { // from class: io.netty.handler.ssl.SSLEngineTest.14
        }).sslProvider(sslClientProvider()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT, "netty.io", 1234));
        SSLParameters sSLParameters = wrapEngine.getSSLParameters();
        sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
        wrapEngine.setSSLParameters(sSLParameters);
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            handshake(wrapEngine, wrapEngine2);
            Assert.fail();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
        } catch (SSLException e) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test
    public void testInvalidCipher() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, ((SSLSocketFactory) SSLSocketFactory.getDefault()).getDefaultCipherSuites());
        arrayList.add("InvalidCipher");
        SSLEngine sSLEngine = null;
        try {
            this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.key(), new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslClientProvider()).ciphers(arrayList).build());
            sSLEngine = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            Assert.fail();
            selfSignedCertificate.delete();
            cleanupServerSslEngine(sSLEngine);
        } catch (IllegalArgumentException e) {
            selfSignedCertificate.delete();
            cleanupServerSslEngine(sSLEngine);
        } catch (SSLException e2) {
            selfSignedCertificate.delete();
            cleanupServerSslEngine(sSLEngine);
        } catch (Throwable th) {
            selfSignedCertificate.delete();
            cleanupServerSslEngine(sSLEngine);
            throw th;
        }
    }

    @Test
    public void testGetCiphersuite() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngine, sSLEngine2);
            String cipherSuite = sSLEngine.getSession().getCipherSuite();
            Assert.assertEquals(cipherSuite, sSLEngine2.getSession().getCipherSuite());
            Assert.assertEquals(this.protocolCipherCombo.cipher, cipherSuite);
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test
    public void testSessionBindingEvent() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngine, sSLEngine2);
            SSLSession session = sSLEngine.getSession();
            Assert.assertEquals(0L, session.getValueNames().length);
            C1SSLSessionBindingEventValue c1SSLSessionBindingEventValue = new C1SSLSessionBindingEventValue();
            session.putValue("name", c1SSLSessionBindingEventValue);
            assertSSLSessionBindingEventValue("name", session, c1SSLSessionBindingEventValue.boundEvent);
            Assert.assertNull(c1SSLSessionBindingEventValue.unboundEvent);
            Assert.assertEquals(1L, session.getValueNames().length);
            session.putValue("name2", "value");
            C1SSLSessionBindingEventValue c1SSLSessionBindingEventValue2 = new C1SSLSessionBindingEventValue();
            session.putValue("name", c1SSLSessionBindingEventValue2);
            Assert.assertEquals(2L, session.getValueNames().length);
            assertSSLSessionBindingEventValue("name", session, c1SSLSessionBindingEventValue.unboundEvent);
            assertSSLSessionBindingEventValue("name", session, c1SSLSessionBindingEventValue2.boundEvent);
            Assert.assertNull(c1SSLSessionBindingEventValue2.unboundEvent);
            Assert.assertEquals(2L, session.getValueNames().length);
            session.removeValue("name");
            assertSSLSessionBindingEventValue("name", session, c1SSLSessionBindingEventValue2.unboundEvent);
            Assert.assertEquals(1L, session.getValueNames().length);
            session.removeValue("name2");
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    private static void assertSSLSessionBindingEventValue(String str, SSLSession sSLSession, SSLSessionBindingEvent sSLSessionBindingEvent) {
        Assert.assertEquals(str, sSLSessionBindingEvent.getName());
        Assert.assertEquals(sSLSession, sSLSessionBindingEvent.getSession());
        Assert.assertEquals(sSLSession, sSLSessionBindingEvent.getSource());
    }

    @Test
    public void testSessionAfterHandshake() throws Exception {
        testSessionAfterHandshake0(false, false);
    }

    @Test
    public void testSessionAfterHandshakeMutualAuth() throws Exception {
        testSessionAfterHandshake0(false, true);
    }

    @Test
    public void testSessionAfterHandshakeKeyManagerFactory() throws Exception {
        testSessionAfterHandshake0(true, false);
    }

    @Test
    public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception {
        testSessionAfterHandshake0(true, true);
    }

    private void testSessionAfterHandshake0(boolean z, boolean z2) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        KeyManagerFactory buildKeyManagerFactory = z ? SslContext.buildKeyManagerFactory(new X509Certificate[]{selfSignedCertificate.cert()}, selfSignedCertificate.key(), (String) null, (KeyManagerFactory) null, (String) null) : null;
        SslContextBuilder forClient = SslContextBuilder.forClient();
        if (z2) {
            if (buildKeyManagerFactory != null) {
                forClient.keyManager(buildKeyManagerFactory);
            } else {
                forClient.keyManager(selfSignedCertificate.key(), new X509Certificate[]{selfSignedCertificate.cert()});
            }
        }
        this.clientSslCtx = wrapContext(forClient.trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SslContextBuilder forServer = buildKeyManagerFactory != null ? SslContextBuilder.forServer(buildKeyManagerFactory) : SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey());
        if (z2) {
            forServer.clientAuth(ClientAuth.REQUIRE);
        }
        this.serverSslCtx = wrapContext(forServer.trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngine, sSLEngine2);
            SSLSession session = sSLEngine.getSession();
            SSLSession session2 = sSLEngine2.getSession();
            Assert.assertNull(session.getPeerHost());
            Assert.assertNull(session2.getPeerHost());
            Assert.assertEquals(-1L, session.getPeerPort());
            Assert.assertEquals(-1L, session2.getPeerPort());
            Assert.assertTrue(session.getCreationTime() > 0);
            Assert.assertTrue(session2.getCreationTime() > 0);
            Assert.assertTrue(session.getLastAccessedTime() > 0);
            Assert.assertTrue(session2.getLastAccessedTime() > 0);
            Assert.assertEquals(this.protocolCipherCombo.protocol, session.getProtocol());
            Assert.assertEquals(this.protocolCipherCombo.protocol, session2.getProtocol());
            Assert.assertEquals(this.protocolCipherCombo.cipher, session.getCipherSuite());
            Assert.assertEquals(this.protocolCipherCombo.cipher, session2.getCipherSuite());
            Assert.assertNotNull(session.getId());
            Assert.assertNotNull(session2.getId());
            Assert.assertTrue(session.getApplicationBufferSize() > 0);
            Assert.assertTrue(session2.getApplicationBufferSize() > 0);
            Assert.assertTrue(session.getPacketBufferSize() > 0);
            Assert.assertTrue(session2.getPacketBufferSize() > 0);
            Assert.assertNotNull(session.getSessionContext());
            Assert.assertNotNull(session2.getSessionContext());
            Object obj = new Object();
            Assert.assertEquals(0L, session.getValueNames().length);
            session.putValue("test", obj);
            Assert.assertEquals("test", session.getValueNames()[0]);
            Assert.assertSame(obj, session.getValue("test"));
            session.removeValue("test");
            Assert.assertEquals(0L, session.getValueNames().length);
            Assert.assertEquals(0L, session2.getValueNames().length);
            session2.putValue("test", obj);
            Assert.assertEquals("test", session2.getValueNames()[0]);
            Assert.assertSame(obj, session2.getValue("test"));
            session2.removeValue("test");
            Assert.assertEquals(0L, session2.getValueNames().length);
            Certificate[] localCertificates = session2.getLocalCertificates();
            Assert.assertEquals(1L, localCertificates.length);
            Assert.assertArrayEquals(selfSignedCertificate.cert().getEncoded(), localCertificates[0].getEncoded());
            Principal localPrincipal = session2.getLocalPrincipal();
            Assert.assertNotNull(localPrincipal);
            if (z2) {
                Certificate[] localCertificates2 = session.getLocalCertificates();
                Assert.assertEquals(1L, localCertificates2.length);
                Certificate[] peerCertificates = session2.getPeerCertificates();
                Assert.assertEquals(1L, peerCertificates.length);
                Assert.assertArrayEquals(localCertificates2[0].getEncoded(), peerCertificates[0].getEncoded());
                javax.security.cert.X509Certificate[] peerCertificateChain = session2.getPeerCertificateChain();
                Assert.assertEquals(1L, peerCertificateChain.length);
                Assert.assertArrayEquals(localCertificates2[0].getEncoded(), peerCertificateChain[0].getEncoded());
                Principal localPrincipal2 = session.getLocalPrincipal();
                Assert.assertNotNull(localPrincipal2);
                Assert.assertEquals(localPrincipal2, session2.getPeerPrincipal());
            } else {
                Assert.assertNull(session.getLocalCertificates());
                Assert.assertNull(session.getLocalPrincipal());
                try {
                    session2.getPeerCertificates();
                    Assert.fail();
                } catch (SSLPeerUnverifiedException e) {
                }
                try {
                    session2.getPeerCertificateChain();
                    Assert.fail();
                } catch (SSLPeerUnverifiedException e2) {
                }
                try {
                    session2.getPeerPrincipal();
                    Assert.fail();
                } catch (SSLPeerUnverifiedException e3) {
                }
            }
            Certificate[] peerCertificates2 = session.getPeerCertificates();
            Assert.assertEquals(1L, peerCertificates2.length);
            Assert.assertArrayEquals(localCertificates[0].getEncoded(), peerCertificates2[0].getEncoded());
            javax.security.cert.X509Certificate[] peerCertificateChain2 = session.getPeerCertificateChain();
            Assert.assertEquals(1L, peerCertificateChain2.length);
            Assert.assertArrayEquals(localCertificates[0].getEncoded(), peerCertificateChain2[0].getEncoded());
            Assert.assertEquals(localPrincipal, session.getPeerPrincipal());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test
    public void testSupportedSignatureAlgorithms() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().keyManager(new KeyManagerFactory(newKeyManagerFactory(selfSignedCertificate)) { // from class: io.netty.handler.ssl.SSLEngineTest.1TestKeyManagerFactory
            {
                super(new KeyManagerFactorySpi() { // from class: io.netty.handler.ssl.SSLEngineTest.1TestKeyManagerFactory.1
                    private final KeyManager[] managers;

                    {
                        this.managers = r5.getKeyManagers();
                    }

                    @Override // javax.net.ssl.KeyManagerFactorySpi
                    protected void engineInit(KeyStore keyStore, char[] cArr) {
                        throw new UnsupportedOperationException();
                    }

                    @Override // javax.net.ssl.KeyManagerFactorySpi
                    protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
                        throw new UnsupportedOperationException();
                    }

                    @Override // javax.net.ssl.KeyManagerFactorySpi
                    protected KeyManager[] engineGetKeyManagers() {
                        KeyManager[] keyManagerArr = new KeyManager[this.managers.length];
                        for (int i = 0; i < keyManagerArr.length; i++) {
                            final X509ExtendedKeyManager x509ExtendedKeyManager = (X509ExtendedKeyManager) this.managers[i];
                            keyManagerArr[i] = new X509ExtendedKeyManager() { // from class: io.netty.handler.ssl.SSLEngineTest.1TestKeyManagerFactory.1.1
                                @Override // javax.net.ssl.X509KeyManager
                                public String[] getClientAliases(String str, Principal[] principalArr) {
                                    Assert.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                                    Assert.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String[] getServerAliases(String str, Principal[] principalArr) {
                                    Assert.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
                                    Assert.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509ExtendedKeyManager
                                public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
                                    Assert.assertNotEquals(0L, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getPeerSupportedSignatureAlgorithms().length);
                                    Assert.assertNotEquals(0L, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getLocalSupportedSignatureAlgorithms().length);
                                    return x509ExtendedKeyManager.chooseEngineClientAlias(strArr, principalArr, sSLEngine);
                                }

                                @Override // javax.net.ssl.X509ExtendedKeyManager
                                public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
                                    Assert.assertNotEquals(0L, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getPeerSupportedSignatureAlgorithms().length);
                                    Assert.assertNotEquals(0L, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getLocalSupportedSignatureAlgorithms().length);
                                    return x509ExtendedKeyManager.chooseEngineServerAlias(str, principalArr, sSLEngine);
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public X509Certificate[] getCertificateChain(String str) {
                                    return x509ExtendedKeyManager.getCertificateChain(str);
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public PrivateKey getPrivateKey(String str) {
                                    return x509ExtendedKeyManager.getPrivateKey(str);
                                }
                            };
                        }
                        return keyManagerArr;
                    }
                }, r8.getProvider(), r8.getAlgorithm());
            }
        }).trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(protocols()).ciphers(ciphers()).build());
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(new KeyManagerFactory(newKeyManagerFactory(selfSignedCertificate)) { // from class: io.netty.handler.ssl.SSLEngineTest.1TestKeyManagerFactory
            {
                super(new KeyManagerFactorySpi() { // from class: io.netty.handler.ssl.SSLEngineTest.1TestKeyManagerFactory.1
                    private final KeyManager[] managers;

                    {
                        this.managers = r5.getKeyManagers();
                    }

                    @Override // javax.net.ssl.KeyManagerFactorySpi
                    protected void engineInit(KeyStore keyStore, char[] cArr) {
                        throw new UnsupportedOperationException();
                    }

                    @Override // javax.net.ssl.KeyManagerFactorySpi
                    protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
                        throw new UnsupportedOperationException();
                    }

                    @Override // javax.net.ssl.KeyManagerFactorySpi
                    protected KeyManager[] engineGetKeyManagers() {
                        KeyManager[] keyManagerArr = new KeyManager[this.managers.length];
                        for (int i = 0; i < keyManagerArr.length; i++) {
                            final X509ExtendedKeyManager x509ExtendedKeyManager = (X509ExtendedKeyManager) this.managers[i];
                            keyManagerArr[i] = new X509ExtendedKeyManager() { // from class: io.netty.handler.ssl.SSLEngineTest.1TestKeyManagerFactory.1.1
                                @Override // javax.net.ssl.X509KeyManager
                                public String[] getClientAliases(String str, Principal[] principalArr) {
                                    Assert.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                                    Assert.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String[] getServerAliases(String str, Principal[] principalArr) {
                                    Assert.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
                                    Assert.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509ExtendedKeyManager
                                public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
                                    Assert.assertNotEquals(0L, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getPeerSupportedSignatureAlgorithms().length);
                                    Assert.assertNotEquals(0L, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getLocalSupportedSignatureAlgorithms().length);
                                    return x509ExtendedKeyManager.chooseEngineClientAlias(strArr, principalArr, sSLEngine);
                                }

                                @Override // javax.net.ssl.X509ExtendedKeyManager
                                public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
                                    Assert.assertNotEquals(0L, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getPeerSupportedSignatureAlgorithms().length);
                                    Assert.assertNotEquals(0L, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getLocalSupportedSignatureAlgorithms().length);
                                    return x509ExtendedKeyManager.chooseEngineServerAlias(str, principalArr, sSLEngine);
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public X509Certificate[] getCertificateChain(String str) {
                                    return x509ExtendedKeyManager.getCertificateChain(str);
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public PrivateKey getPrivateKey(String str) {
                                    return x509ExtendedKeyManager.getPrivateKey(str);
                                }
                            };
                        }
                        return keyManagerArr;
                    }
                }, r8.getProvider(), r8.getAlgorithm());
            }
        }).trustManager(InsecureTrustManagerFactory.INSTANCE).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).clientAuth(ClientAuth.REQUIRE).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngine, sSLEngine2);
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test
    public void testHandshakeSession() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        final TestTrustManagerFactory testTrustManagerFactory = new TestTrustManagerFactory(selfSignedCertificate.cert());
        final TestTrustManagerFactory testTrustManagerFactory2 = new TestTrustManagerFactory(selfSignedCertificate.cert());
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new SimpleTrustManagerFactory() { // from class: io.netty.handler.ssl.SSLEngineTest.15
            protected void engineInit(KeyStore keyStore) {
            }

            protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
            }

            protected TrustManager[] engineGetTrustManagers() {
                return new TrustManager[]{testTrustManagerFactory};
            }
        }).keyManager(newKeyManagerFactory(selfSignedCertificate)).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(protocols()).ciphers(ciphers()).build());
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(newKeyManagerFactory(selfSignedCertificate)).trustManager(new SimpleTrustManagerFactory() { // from class: io.netty.handler.ssl.SSLEngineTest.16
            protected void engineInit(KeyStore keyStore) {
            }

            protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
            }

            protected TrustManager[] engineGetTrustManagers() {
                return new TrustManager[]{testTrustManagerFactory2};
            }
        }).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(protocols()).ciphers(ciphers()).clientAuth(ClientAuth.REQUIRE).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngine, sSLEngine2);
            Assert.assertTrue(testTrustManagerFactory.isVerified());
            Assert.assertTrue(testTrustManagerFactory2.isVerified());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test
    public void testMasterKeyLogging() throws Exception {
        Assume.assumeFalse(serverSslContextProvider() instanceof OpenSSLProvider);
        Assume.assumeFalse(sslServerProvider() == SslProvider.JDK && PlatformDependent.javaVersion() > 8);
        String str = SystemPropertyUtil.get("io.netty.ssl.masterKeyHandler");
        System.setProperty("io.netty.ssl.masterKeyHandler", Boolean.TRUE.toString());
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).build());
        Socket socket = null;
        try {
            this.sb = new ServerBootstrap();
            this.sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
            this.sb.channel(NioServerSocketChannel.class);
            final Promise newPromise = this.sb.config().group().next().newPromise();
            this.serverChannel = this.sb.childHandler(new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.SSLEngineTest.17
                protected void initChannel(Channel channel) throws Exception {
                    channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), SSLEngineTest.this.type));
                    channel.pipeline().addLast(new ChannelHandler[]{SSLEngineTest.this.delegatingExecutor == null ? SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor)});
                    channel.pipeline().addLast(new ChannelHandler[]{new SslMasterKeyHandler() { // from class: io.netty.handler.ssl.SSLEngineTest.17.1
                        protected void accept(SecretKey secretKey, SSLSession sSLSession) {
                            newPromise.setSuccess(secretKey);
                        }
                    }});
                    SSLEngineTest.this.serverConnectedChannel = channel;
                }
            }).bind(new InetSocketAddress(0)).sync().channel();
            int port = ((InetSocketAddress) this.serverChannel.localAddress()).getPort();
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, InsecureTrustManagerFactory.INSTANCE.getTrustManagers(), null);
            socket = sSLContext.getSocketFactory().createSocket(NetUtil.LOCALHOST, port);
            OutputStream outputStream = socket.getOutputStream();
            outputStream.write(1);
            outputStream.flush();
            Assert.assertTrue(newPromise.await(10L, TimeUnit.SECONDS));
            Assert.assertEquals("AES secret key must be 48 bytes", 48L, ((SecretKey) newPromise.get()).getEncoded().length);
            closeQuietly(socket);
            if (str != null) {
                System.setProperty("io.netty.ssl.masterKeyHandler", str);
            } else {
                System.clearProperty("io.netty.ssl.masterKeyHandler");
            }
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            closeQuietly(socket);
            if (str != null) {
                System.setProperty("io.netty.ssl.masterKeyHandler", str);
            } else {
                System.clearProperty("io.netty.ssl.masterKeyHandler");
            }
            selfSignedCertificate.delete();
            throw th;
        }
    }

    private static void closeQuietly(Closeable closeable) {
        if (closeable != null) {
            try {
                closeable.close();
            } catch (IOException e) {
            }
        }
    }

    private KeyManagerFactory newKeyManagerFactory(SelfSignedCertificate selfSignedCertificate) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        return SslContext.buildKeyManagerFactory(new X509Certificate[]{selfSignedCertificate.cert()}, selfSignedCertificate.key(), (String) null, (KeyManagerFactory) null, (String) null);
    }

    protected SSLEngine wrapEngine(SSLEngine sSLEngine) {
        return sSLEngine;
    }

    protected SslContext wrapContext(SslContext sslContext) {
        return sslContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<String> ciphers() {
        return Collections.singletonList(this.protocolCipherCombo.cipher);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] protocols() {
        return new String[]{this.protocolCipherCombo.protocol};
    }
}
