package io.netty.handler.ssl;

import io.netty.buffer.UnpooledByteBufAllocator;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.SSLEngineTest;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.internal.tcnative.SSL;
import io.netty.util.CharsetUtil;
import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.PlatformDependent;
import java.net.Socket;
import java.nio.ByteBuffer;
import java.security.AlgorithmConstraints;
import java.security.AlgorithmParameters;
import java.security.CryptoPrimitive;
import java.security.Key;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.X509ExtendedKeyManager;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:io/netty/handler/ssl/OpenSslEngineTest.class */
public class OpenSslEngineTest extends SSLEngineTest {
    private static final String PREFERRED_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http2";
    private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1";
    protected final boolean useTasks;

    @Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
    public static Collection<Object[]> data() {
        ArrayList arrayList = new ArrayList();
        for (SSLEngineTest.BufferType bufferType : SSLEngineTest.BufferType.values()) {
            arrayList.add(new Object[]{bufferType, SSLEngineTest.ProtocolCipherCombo.tlsv12(), false, false});
            arrayList.add(new Object[]{bufferType, SSLEngineTest.ProtocolCipherCombo.tlsv12(), false, true});
            arrayList.add(new Object[]{bufferType, SSLEngineTest.ProtocolCipherCombo.tlsv12(), true, false});
            arrayList.add(new Object[]{bufferType, SSLEngineTest.ProtocolCipherCombo.tlsv12(), true, true});
            if (SslProvider.isTlsv13Supported(SslProvider.OPENSSL)) {
                arrayList.add(new Object[]{bufferType, SSLEngineTest.ProtocolCipherCombo.tlsv13(), false, false});
                arrayList.add(new Object[]{bufferType, SSLEngineTest.ProtocolCipherCombo.tlsv13(), false, true});
                arrayList.add(new Object[]{bufferType, SSLEngineTest.ProtocolCipherCombo.tlsv13(), true, false});
                arrayList.add(new Object[]{bufferType, SSLEngineTest.ProtocolCipherCombo.tlsv13(), true, true});
            }
        }
        return arrayList;
    }

    public OpenSslEngineTest(SSLEngineTest.BufferType bufferType, SSLEngineTest.ProtocolCipherCombo protocolCipherCombo, boolean z, boolean z2) {
        super(bufferType, protocolCipherCombo, z);
        this.useTasks = z2;
    }

    @BeforeClass
    public static void checkOpenSsl() {
        Assume.assumeTrue(OpenSsl.isAvailable());
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    public void tearDown() throws InterruptedException {
        super.tearDown();
        Assert.assertEquals("SSL error stack not correctly consumed", 0L, SSL.getLastErrorNumber());
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @Test
    public void testSessionAfterHandshakeKeyManagerFactory() throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testSessionAfterHandshakeKeyManagerFactory();
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @Test
    public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth();
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @Test
    public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @Test
    public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @Test
    public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @Test
    public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @Test
    public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    public void testHandshakeSession() throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testHandshakeSession();
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @Test
    public void testSupportedSignatureAlgorithms() throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testSupportedSignatureAlgorithms();
    }

    private static boolean isNpnSupported(String str) {
        int parseInt;
        String[] split = str.split(" ", -1);
        if (split.length != 2 || !"LibreSSL".equals(split[0])) {
            return true;
        }
        String[] split2 = split[1].split("\\.", -1);
        if (split2.length != 3 || (parseInt = Integer.parseInt(split2[0])) < 2) {
            return true;
        }
        if (parseInt > 2) {
            return false;
        }
        int parseInt2 = Integer.parseInt(split2[1]);
        if (parseInt2 < 6) {
            return true;
        }
        return parseInt2 <= 6 && Integer.parseInt(split2[2]) <= 0;
    }

    @Test
    public void testNpn() throws Exception {
        String versionString = OpenSsl.versionString();
        Assume.assumeTrue("LibreSSL 2.6.1 removed NPN support, detected " + versionString, isNpnSupported(versionString));
        setupHandlers(acceptingNegotiator(ApplicationProtocolConfig.Protocol.NPN, PREFERRED_APPLICATION_LEVEL_PROTOCOL));
        runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
    }

    @Test
    public void testAlpn() throws Exception {
        Assume.assumeTrue(OpenSsl.isAlpnSupported());
        setupHandlers(acceptingNegotiator(ApplicationProtocolConfig.Protocol.ALPN, PREFERRED_APPLICATION_LEVEL_PROTOCOL));
        runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
    }

    @Test
    public void testAlpnCompatibleProtocolsDifferentClientOrder() throws Exception {
        Assume.assumeTrue(OpenSsl.isAlpnSupported());
        setupHandlers(acceptingNegotiator(ApplicationProtocolConfig.Protocol.ALPN, PREFERRED_APPLICATION_LEVEL_PROTOCOL, FALLBACK_APPLICATION_LEVEL_PROTOCOL), acceptingNegotiator(ApplicationProtocolConfig.Protocol.ALPN, FALLBACK_APPLICATION_LEVEL_PROTOCOL, PREFERRED_APPLICATION_LEVEL_PROTOCOL));
        Assert.assertNull(this.serverException);
        runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
    }

    @Test
    public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
        testEnablingAnAlreadyDisabledSslProtocol(new String[]{"SSLv2Hello"}, new String[]{"SSLv2Hello", "TLSv1.2"});
    }

    @Test
    public void testWrapBuffersNoWritePendingError() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngine, sSLEngine2);
            ByteBuffer allocateBuffer = allocateBuffer(10240);
            byte[] bArr = new byte[allocateBuffer.capacity()];
            PlatformDependent.threadLocalRandom().nextBytes(bArr);
            allocateBuffer.put(bArr).flip();
            ByteBuffer allocateBuffer2 = allocateBuffer(1);
            for (int i = 0; i < 100; i++) {
                allocateBuffer.position(0);
                allocateBuffer2.position(0);
                Assert.assertSame(SSLEngineResult.Status.BUFFER_OVERFLOW, sSLEngine.wrap(allocateBuffer, allocateBuffer2).getStatus());
            }
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @Test
    public void testOnlySmallBufferNeededForWrap() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngine, sSLEngine2);
            ByteBuffer allocateBuffer = allocateBuffer(1024);
            ByteBuffer allocateBuffer2 = allocateBuffer((allocateBuffer.capacity() + unwrapEngine(sSLEngine).maxWrapOverhead()) - 1);
            ByteBuffer allocateBuffer3 = allocateBuffer(allocateBuffer.capacity() + unwrapEngine(sSLEngine).maxWrapOverhead());
            Assert.assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, sSLEngine.wrap(allocateBuffer, allocateBuffer2).getStatus());
            Assert.assertEquals(0L, r0.bytesConsumed());
            Assert.assertEquals(0L, r0.bytesProduced());
            Assert.assertEquals(allocateBuffer.remaining(), allocateBuffer.capacity());
            Assert.assertEquals(allocateBuffer3.remaining(), allocateBuffer3.capacity());
            SSLEngineResult wrap = sSLEngine.wrap(allocateBuffer, allocateBuffer3);
            Assert.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
            Assert.assertEquals(1024, wrap.bytesConsumed());
            Assert.assertEquals(0L, allocateBuffer.remaining());
            Assert.assertTrue(wrap.bytesProduced() > 1024);
            Assert.assertEquals(allocateBuffer.capacity() - wrap.bytesConsumed(), allocateBuffer.remaining());
            Assert.assertEquals(allocateBuffer3.capacity() - wrap.bytesProduced(), allocateBuffer3.remaining());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @Test
    public void testNeededDstCapacityIsCorrectlyCalculated() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngine, sSLEngine2);
            ByteBuffer allocateBuffer = allocateBuffer(1024);
            ByteBuffer duplicate = allocateBuffer.duplicate();
            Assert.assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, sSLEngine.wrap(new ByteBuffer[]{allocateBuffer, duplicate}, allocateBuffer(allocateBuffer.capacity() + unwrapEngine(sSLEngine).maxWrapOverhead())).getStatus());
            Assert.assertEquals(0L, allocateBuffer.position());
            Assert.assertEquals(0L, duplicate.position());
            Assert.assertEquals(0L, r0.position());
            Assert.assertEquals(0L, r0.bytesConsumed());
            Assert.assertEquals(0L, r0.bytesProduced());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @Test
    public void testSrcsLenOverFlowCorrectlyHandled() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngine, sSLEngine2);
            ByteBuffer allocateBuffer = allocateBuffer(1024);
            ArrayList arrayList = new ArrayList();
            long j = 0;
            while (j < 4294967294L) {
                arrayList.add(allocateBuffer.duplicate());
                j += r0.capacity();
            }
            ByteBuffer[] byteBufferArr = (ByteBuffer[]) arrayList.toArray(new ByteBuffer[0]);
            Assert.assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, sSLEngine.wrap(byteBufferArr, allocateBuffer(unwrapEngine(sSLEngine).maxEncryptedPacketLength() - 1)).getStatus());
            for (ByteBuffer byteBuffer : byteBufferArr) {
                Assert.assertEquals(0L, byteBuffer.position());
            }
            Assert.assertEquals(0L, r0.position());
            Assert.assertEquals(0L, r0.bytesConsumed());
            Assert.assertEquals(0L, r0.bytesProduced());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @Test
    public void testCalculateOutNetBufSizeOverflow() throws SSLException {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine = null;
        try {
            referenceCountedOpenSslEngine = this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
            int calculateMaxLengthForWrap = referenceCountedOpenSslEngine.calculateMaxLengthForWrap(Integer.MAX_VALUE, 1);
            Assert.assertTrue("unexpected value: " + calculateMaxLengthForWrap, calculateMaxLengthForWrap > 0);
            cleanupClientSslEngine(referenceCountedOpenSslEngine);
        } catch (Throwable th) {
            cleanupClientSslEngine(referenceCountedOpenSslEngine);
            throw th;
        }
    }

    @Test
    public void testCalculateOutNetBufSize0() throws SSLException {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine = null;
        try {
            referenceCountedOpenSslEngine = this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
            Assert.assertTrue(referenceCountedOpenSslEngine.calculateMaxLengthForWrap(0, 1) > 0);
            cleanupClientSslEngine(referenceCountedOpenSslEngine);
        } catch (Throwable th) {
            cleanupClientSslEngine(referenceCountedOpenSslEngine);
            throw th;
        }
    }

    @Test
    public void testCorrectlyCalculateSpaceForAlert() throws Exception {
        testCorrectlyCalculateSpaceForAlert(true);
    }

    @Test
    public void testCorrectlyCalculateSpaceForAlertJDKCompatabilityModeOff() throws Exception {
        testCorrectlyCalculateSpaceForAlert(false);
    }

    private void testCorrectlyCalculateSpaceForAlert(boolean z) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            if (z) {
                sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
                sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            } else {
                sSLEngine = wrapEngine(this.clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
                sSLEngine2 = wrapEngine(this.serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
            }
            handshake(sSLEngine, sSLEngine2);
            sSLEngine.closeOutbound();
            ByteBuffer allocateBuffer = allocateBuffer(0);
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngine.getSession().getPacketBufferSize());
            allocateBuffer2.limit(1);
            Assert.assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, sSLEngine.wrap(allocateBuffer, allocateBuffer2).getStatus());
            allocateBuffer2.limit(allocateBuffer2.capacity());
            Assert.assertEquals(SSLEngineResult.Status.CLOSED, sSLEngine.wrap(allocateBuffer, allocateBuffer2).getStatus());
            allocateBuffer2.flip();
            Assert.assertEquals(SslUtils.getEncryptedPacketLength(new ByteBuffer[]{allocateBuffer2}, 0), allocateBuffer2.remaining());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected void mySetupMutualAuthServerInitSslHandler(SslHandler sslHandler) {
        sslHandler.engine().setVerify(-1, 1);
    }

    @Test
    public void testWrapWithDifferentSizesTLSv1() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build());
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).build());
        testWrapWithDifferentSizes("TLSv1", "AES128-SHA");
        testWrapWithDifferentSizes("TLSv1", "ECDHE-RSA-AES128-SHA");
        testWrapWithDifferentSizes("TLSv1", "DES-CBC3-SHA");
        testWrapWithDifferentSizes("TLSv1", "AECDH-DES-CBC3-SHA");
        testWrapWithDifferentSizes("TLSv1", "CAMELLIA128-SHA");
        testWrapWithDifferentSizes("TLSv1", "SEED-SHA");
        testWrapWithDifferentSizes("TLSv1", "RC4-MD5");
        testWrapWithDifferentSizes("TLSv1", "AES256-SHA");
        testWrapWithDifferentSizes("TLSv1", "ADH-DES-CBC3-SHA");
        testWrapWithDifferentSizes("TLSv1", "EDH-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes("TLSv1", "ADH-RC4-MD5");
        testWrapWithDifferentSizes("TLSv1", "IDEA-CBC-SHA");
        testWrapWithDifferentSizes("TLSv1", "RC4-SHA");
        testWrapWithDifferentSizes("TLSv1", "CAMELLIA256-SHA");
        testWrapWithDifferentSizes("TLSv1", "AECDH-RC4-SHA");
        testWrapWithDifferentSizes("TLSv1", "ECDHE-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes("TLSv1", "ECDHE-RSA-AES256-SHA");
        testWrapWithDifferentSizes("TLSv1", "ECDHE-RSA-RC4-SHA");
    }

    @Test
    public void testWrapWithDifferentSizesTLSv1_1() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build());
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).build());
        testWrapWithDifferentSizes("TLSv1.1", "ECDHE-RSA-AES256-SHA");
        testWrapWithDifferentSizes("TLSv1.1", "AES256-SHA");
        testWrapWithDifferentSizes("TLSv1.1", "CAMELLIA256-SHA");
        testWrapWithDifferentSizes("TLSv1.1", "ECDHE-RSA-AES256-SHA");
        testWrapWithDifferentSizes("TLSv1.1", "SEED-SHA");
        testWrapWithDifferentSizes("TLSv1.1", "CAMELLIA128-SHA");
        testWrapWithDifferentSizes("TLSv1.1", "IDEA-CBC-SHA");
        testWrapWithDifferentSizes("TLSv1.1", "AECDH-RC4-SHA");
        testWrapWithDifferentSizes("TLSv1.1", "ADH-RC4-MD5");
        testWrapWithDifferentSizes("TLSv1.1", "RC4-SHA");
        testWrapWithDifferentSizes("TLSv1.1", "ECDHE-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes("TLSv1.1", "EDH-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes("TLSv1.1", "AECDH-DES-CBC3-SHA");
        testWrapWithDifferentSizes("TLSv1.1", "ADH-DES-CBC3-SHA");
        testWrapWithDifferentSizes("TLSv1.1", "DES-CBC3-SHA");
    }

    @Test
    public void testWrapWithDifferentSizesTLSv1_2() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build());
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).build());
        testWrapWithDifferentSizes("TLSv1.2", "AES128-SHA");
        testWrapWithDifferentSizes("TLSv1.2", "ECDHE-RSA-AES128-SHA");
        testWrapWithDifferentSizes("TLSv1.2", "DES-CBC3-SHA");
        testWrapWithDifferentSizes("TLSv1.2", "AES128-GCM-SHA256");
        testWrapWithDifferentSizes("TLSv1.2", "ECDHE-RSA-AES256-SHA384");
        testWrapWithDifferentSizes("TLSv1.2", "AECDH-DES-CBC3-SHA");
        testWrapWithDifferentSizes("TLSv1.2", "AES256-GCM-SHA384");
        testWrapWithDifferentSizes("TLSv1.2", "AES256-SHA256");
        testWrapWithDifferentSizes("TLSv1.2", "ECDHE-RSA-AES128-GCM-SHA256");
        testWrapWithDifferentSizes("TLSv1.2", "ECDHE-RSA-AES128-SHA256");
        testWrapWithDifferentSizes("TLSv1.2", "CAMELLIA128-SHA");
        testWrapWithDifferentSizes("TLSv1.2", "SEED-SHA");
        testWrapWithDifferentSizes("TLSv1.2", "RC4-MD5");
        testWrapWithDifferentSizes("TLSv1.2", "AES256-SHA");
        testWrapWithDifferentSizes("TLSv1.2", "ADH-DES-CBC3-SHA");
        testWrapWithDifferentSizes("TLSv1.2", "EDH-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes("TLSv1.2", "ADH-RC4-MD5");
        testWrapWithDifferentSizes("TLSv1.2", "RC4-SHA");
        testWrapWithDifferentSizes("TLSv1.2", "CAMELLIA256-SHA");
        testWrapWithDifferentSizes("TLSv1.2", "AES128-SHA256");
        testWrapWithDifferentSizes("TLSv1.2", "AECDH-RC4-SHA");
        testWrapWithDifferentSizes("TLSv1.2", "ECDHE-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes("TLSv1.2", "ECDHE-RSA-AES256-GCM-SHA384");
        testWrapWithDifferentSizes("TLSv1.2", "ECDHE-RSA-AES256-SHA");
        testWrapWithDifferentSizes("TLSv1.2", "ECDHE-RSA-RC4-SHA");
    }

    @Test
    public void testWrapWithDifferentSizesSSLv3() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build());
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).build());
        testWrapWithDifferentSizes("SSLv3", "ADH-AES128-SHA");
        testWrapWithDifferentSizes("SSLv3", "ADH-CAMELLIA128-SHA");
        testWrapWithDifferentSizes("SSLv3", "AECDH-AES128-SHA");
        testWrapWithDifferentSizes("SSLv3", "AECDH-DES-CBC3-SHA");
        testWrapWithDifferentSizes("SSLv3", "CAMELLIA128-SHA");
        testWrapWithDifferentSizes("SSLv3", "DHE-RSA-AES256-SHA");
        testWrapWithDifferentSizes("SSLv3", "SEED-SHA");
        testWrapWithDifferentSizes("SSLv3", "RC4-MD5");
        testWrapWithDifferentSizes("SSLv3", "ADH-AES256-SHA");
        testWrapWithDifferentSizes("SSLv3", "ADH-SEED-SHA");
        testWrapWithDifferentSizes("SSLv3", "ADH-DES-CBC3-SHA");
        testWrapWithDifferentSizes("SSLv3", "EDH-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes("SSLv3", "ADH-RC4-MD5");
        testWrapWithDifferentSizes("SSLv3", "IDEA-CBC-SHA");
        testWrapWithDifferentSizes("SSLv3", "DHE-RSA-AES128-SHA");
        testWrapWithDifferentSizes("SSLv3", "RC4-SHA");
        testWrapWithDifferentSizes("SSLv3", "CAMELLIA256-SHA");
        testWrapWithDifferentSizes("SSLv3", "AECDH-RC4-SHA");
        testWrapWithDifferentSizes("SSLv3", "DHE-RSA-SEED-SHA");
        testWrapWithDifferentSizes("SSLv3", "AECDH-AES256-SHA");
        testWrapWithDifferentSizes("SSLv3", "ECDHE-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes("SSLv3", "ADH-CAMELLIA256-SHA");
        testWrapWithDifferentSizes("SSLv3", "DHE-RSA-CAMELLIA256-SHA");
        testWrapWithDifferentSizes("SSLv3", "DHE-RSA-CAMELLIA128-SHA");
        testWrapWithDifferentSizes("SSLv3", "ECDHE-RSA-RC4-SHA");
    }

    @Test
    public void testMultipleRecordsInOneBufferWithNonZeroPositionJDKCompatabilityModeOff() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        try {
            ByteBuffer allocateBuffer = allocateBuffer(1024);
            ByteBuffer allocateBuffer2 = allocateBuffer(wrapEngine2.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer3 = allocateBuffer(wrapEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer4 = allocateBuffer((allocateBuffer3.capacity() * 2) + 1);
            allocateBuffer4.position(1);
            handshake(wrapEngine, wrapEngine2);
            allocateBuffer.limit(allocateBuffer.capacity());
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer, allocateBuffer3);
            Assert.assertEquals(allocateBuffer.capacity(), wrap.bytesConsumed());
            Assert.assertTrue(wrap.bytesProduced() > 0);
            allocateBuffer3.flip();
            allocateBuffer4.put(allocateBuffer3);
            allocateBuffer.clear();
            allocateBuffer3.clear();
            SSLEngineResult wrap2 = wrapEngine.wrap(allocateBuffer, allocateBuffer3);
            Assert.assertEquals(allocateBuffer.capacity(), wrap2.bytesConsumed());
            Assert.assertTrue(wrap2.bytesProduced() > 0);
            allocateBuffer3.flip();
            allocateBuffer4.put(allocateBuffer3);
            allocateBuffer3.clear();
            allocateBuffer4.flip();
            allocateBuffer4.position(1);
            allocateBuffer4.limit(allocateBuffer4.limit() - 1);
            int remaining = allocateBuffer4.remaining();
            SSLEngineResult unwrap = wrapEngine2.unwrap(allocateBuffer4, allocateBuffer2);
            Assert.assertEquals(0L, allocateBuffer4.remaining());
            Assert.assertEquals(remaining, unwrap.bytesConsumed());
            Assert.assertEquals(1024L, unwrap.bytesProduced());
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @Test
    public void testInputTooBigAndFillsUpBuffersJDKCompatabilityModeOff() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        try {
            ByteBuffer allocateBuffer = allocateBuffer(ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH + 100);
            ByteBuffer allocateBuffer2 = allocateBuffer(512);
            ByteBuffer allocateBuffer3 = allocateBuffer(allocateBuffer.capacity() + allocateBuffer2.capacity());
            allocateBuffer3.put(allocateBuffer);
            allocateBuffer3.put(allocateBuffer2);
            allocateBuffer.clear();
            allocateBuffer2.clear();
            allocateBuffer3.flip();
            ByteBuffer allocateBuffer4 = allocateBuffer(ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH + 28);
            ByteBuffer allocateBuffer5 = allocateBuffer(wrapEngine.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer6 = allocateBuffer(wrapEngine.getSession().getApplicationBufferSize() << 1);
            ByteBuffer allocateBuffer7 = allocateBuffer(wrapEngine2.getSession().getApplicationBufferSize() << 1);
            handshake(wrapEngine, wrapEngine2);
            int remaining = allocateBuffer.remaining();
            int remaining2 = allocateBuffer4.remaining();
            Assert.assertEquals(SSLEngineResult.Status.OK, wrapEngine.wrap(allocateBuffer, allocateBuffer4).getStatus());
            Assert.assertEquals(remaining - allocateBuffer.remaining(), r0.bytesConsumed());
            Assert.assertEquals(remaining2 - allocateBuffer4.remaining(), r0.bytesProduced());
            Assert.assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, wrapEngine.wrap(allocateBuffer, allocateBuffer4).getStatus());
            Assert.assertEquals(0L, r0.bytesConsumed());
            Assert.assertEquals(0L, r0.bytesProduced());
            int remaining3 = allocateBuffer.remaining();
            int remaining4 = allocateBuffer5.remaining();
            Assert.assertEquals(SSLEngineResult.Status.OK, wrapEngine.wrap(allocateBuffer, allocateBuffer5).getStatus());
            Assert.assertEquals(remaining3, r0.bytesConsumed());
            Assert.assertEquals(remaining4 - allocateBuffer5.remaining(), r0.bytesProduced());
            Assert.assertEquals(0L, allocateBuffer.remaining());
            int remaining5 = allocateBuffer2.remaining();
            int remaining6 = allocateBuffer5.remaining();
            Assert.assertEquals(SSLEngineResult.Status.OK, wrapEngine.wrap(allocateBuffer2, allocateBuffer5).getStatus());
            Assert.assertEquals(remaining5, r0.bytesConsumed());
            Assert.assertEquals(remaining6 - allocateBuffer5.remaining(), r0.bytesProduced());
            allocateBuffer4.flip();
            allocateBuffer5.flip();
            allocateBuffer6.put(allocateBuffer4);
            allocateBuffer6.put(allocateBuffer5);
            allocateBuffer6.flip();
            int remaining7 = allocateBuffer6.remaining();
            Assert.assertEquals(SSLEngineResult.Status.OK, wrapEngine2.unwrap(allocateBuffer6, allocateBuffer7).getStatus());
            Assert.assertEquals(remaining7, r0.bytesConsumed());
            allocateBuffer7.flip();
            Assert.assertEquals(allocateBuffer3, allocateBuffer7);
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @Test
    public void testPartialPacketUnwrapJDKCompatabilityModeOff() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        try {
            ByteBuffer allocateBuffer = allocateBuffer(1024);
            ByteBuffer allocateBuffer2 = allocateBuffer(512);
            ByteBuffer allocateBuffer3 = allocateBuffer(allocateBuffer.capacity() + allocateBuffer2.capacity());
            allocateBuffer3.put(allocateBuffer);
            allocateBuffer3.put(allocateBuffer2);
            allocateBuffer.clear();
            allocateBuffer2.clear();
            allocateBuffer3.flip();
            ByteBuffer allocateBuffer4 = allocateBuffer(wrapEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer5 = allocateBuffer(wrapEngine2.getSession().getApplicationBufferSize());
            handshake(wrapEngine, wrapEngine2);
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer, allocateBuffer4);
            Assert.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
            Assert.assertEquals(wrap.bytesConsumed(), allocateBuffer.capacity());
            int bytesProduced = wrap.bytesProduced();
            SSLEngineResult wrap2 = wrapEngine.wrap(allocateBuffer2, allocateBuffer4);
            Assert.assertEquals(SSLEngineResult.Status.OK, wrap2.getStatus());
            Assert.assertEquals(wrap2.bytesConsumed(), allocateBuffer2.capacity());
            wrap2.bytesProduced();
            allocateBuffer4.flip();
            ByteBuffer duplicate = allocateBuffer4.duplicate();
            duplicate.limit(bytesProduced / 2);
            SSLEngineResult unwrap = wrapEngine2.unwrap(duplicate, allocateBuffer5);
            Assert.assertEquals(SSLEngineResult.Status.OK, unwrap.getStatus());
            Assert.assertEquals(unwrap.bytesConsumed(), bytesProduced / 2);
            allocateBuffer4.position(unwrap.bytesConsumed());
            ByteBuffer duplicate2 = allocateBuffer4.duplicate();
            int remaining = duplicate2.remaining() - 1;
            duplicate2.limit(duplicate2.limit() - 1);
            SSLEngineResult unwrap2 = wrapEngine2.unwrap(duplicate2, allocateBuffer5);
            Assert.assertEquals(SSLEngineResult.Status.OK, unwrap2.getStatus());
            Assert.assertEquals(unwrap2.bytesConsumed(), remaining);
            allocateBuffer4.position(allocateBuffer4.position() + unwrap2.bytesConsumed());
            Assert.assertEquals(SSLEngineResult.Status.OK, wrapEngine2.unwrap(allocateBuffer4, allocateBuffer5).getStatus());
            Assert.assertEquals(r0.bytesConsumed(), 1L);
            allocateBuffer5.flip();
            Assert.assertEquals(allocateBuffer3, allocateBuffer5);
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @Test
    public void testBufferUnderFlowAvoidedIfJDKCompatabilityModeOff() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        try {
            ByteBuffer allocateBuffer = allocateBuffer(1024);
            allocateBuffer.limit(allocateBuffer.capacity());
            ByteBuffer allocateBuffer2 = allocateBuffer(wrapEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer3 = allocateBuffer(wrapEngine2.getSession().getApplicationBufferSize());
            handshake(wrapEngine, wrapEngine2);
            Assert.assertEquals(SSLEngineResult.Status.OK, wrapEngine.wrap(allocateBuffer, allocateBuffer2).getStatus());
            Assert.assertEquals(r0.bytesConsumed(), allocateBuffer.capacity());
            allocateBuffer2.flip();
            int remaining = allocateBuffer2.remaining();
            allocateBuffer2.limit(4);
            SSLEngineResult unwrap = wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3);
            Assert.assertEquals(SSLEngineResult.Status.OK, unwrap.getStatus());
            Assert.assertEquals(4L, unwrap.bytesConsumed());
            Assert.assertEquals(0L, unwrap.bytesProduced());
            int bytesConsumed = remaining - unwrap.bytesConsumed();
            allocateBuffer2.limit(5);
            SSLEngineResult unwrap2 = wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3);
            Assert.assertEquals(SSLEngineResult.Status.OK, unwrap2.getStatus());
            Assert.assertEquals(1L, unwrap2.bytesConsumed());
            Assert.assertEquals(0L, unwrap2.bytesProduced());
            int bytesConsumed2 = bytesConsumed - unwrap2.bytesConsumed();
            allocateBuffer2.limit(((5 + bytesConsumed2) - 1) - 5);
            SSLEngineResult unwrap3 = wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3);
            Assert.assertEquals(SSLEngineResult.Status.OK, unwrap3.getStatus());
            Assert.assertEquals(allocateBuffer2.limit() - 5, unwrap3.bytesConsumed());
            Assert.assertEquals(0L, unwrap3.bytesProduced());
            int bytesConsumed3 = bytesConsumed2 - unwrap3.bytesConsumed();
            allocateBuffer2.limit(bytesConsumed3);
            Assert.assertEquals(0L, allocateBuffer2.remaining());
            Assert.assertEquals(SSLEngineResult.Status.BUFFER_UNDERFLOW, wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3).getStatus());
            Assert.assertEquals(0L, r0.bytesConsumed());
            Assert.assertEquals(0L, r0.bytesProduced());
            allocateBuffer2.position(0);
            Assert.assertEquals(SSLEngineResult.Status.OK, wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3).getStatus());
            Assert.assertEquals(bytesConsumed3, r0.bytesConsumed());
            Assert.assertEquals(0L, r0.bytesProduced());
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            selfSignedCertificate.delete();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    private void testWrapWithDifferentSizes(String str, String str2) throws Exception {
        Assume.assumeTrue(OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(str));
        if (OpenSsl.isCipherSuiteAvailable(str2)) {
            SSLEngine sSLEngine = null;
            SSLEngine sSLEngine2 = null;
            try {
                sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
                sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
                sSLEngine.setEnabledCipherSuites(new String[]{str2});
                sSLEngine.setEnabledProtocols(new String[]{str});
                sSLEngine2.setEnabledCipherSuites(new String[]{str2});
                sSLEngine2.setEnabledProtocols(new String[]{str});
                try {
                    handshake(sSLEngine, sSLEngine2);
                    int i = 64;
                    do {
                        testWrapDstBigEnough(sSLEngine, i);
                        i += 64;
                    } while (i < ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH);
                    testWrapDstBigEnough(sSLEngine, ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH);
                    cleanupClientSslEngine(sSLEngine);
                    cleanupServerSslEngine(sSLEngine2);
                } catch (SSLException e) {
                    if (e.getMessage().contains("unsupported protocol") || e.getMessage().contains("no protocols available")) {
                        Assume.assumeNoException(str + " not supported with cipher " + str2, e);
                    }
                    throw e;
                }
            } catch (Throwable th) {
                cleanupClientSslEngine(sSLEngine);
                cleanupServerSslEngine(sSLEngine2);
                throw th;
            }
        }
    }

    private void testWrapDstBigEnough(SSLEngine sSLEngine, int i) throws SSLException {
        ByteBuffer allocateBuffer = allocateBuffer(i);
        ByteBuffer allocateBuffer2 = allocateBuffer(i + unwrapEngine(sSLEngine).maxWrapOverhead());
        SSLEngineResult wrap = sSLEngine.wrap(allocateBuffer, allocateBuffer2);
        Assert.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
        int bytesConsumed = wrap.bytesConsumed();
        int bytesProduced = wrap.bytesProduced();
        Assert.assertEquals(i, bytesConsumed);
        Assert.assertTrue(bytesProduced > bytesConsumed);
        allocateBuffer2.flip();
        Assert.assertEquals(bytesProduced, allocateBuffer2.remaining());
        Assert.assertFalse(allocateBuffer.hasRemaining());
    }

    @Test
    public void testSNIMatchersDoesNotThrow() throws Exception {
        Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            SSLParameters sSLParameters = new SSLParameters();
            Java8SslTestUtils.setSNIMatcher(sSLParameters, EmptyArrays.EMPTY_BYTES);
            wrapEngine.setSSLParameters(sSLParameters);
            cleanupServerSslEngine(wrapEngine);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupServerSslEngine(wrapEngine);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test
    public void testSNIMatchersWithSNINameWithUnderscore() throws Exception {
        Assume.assumeTrue(PlatformDependent.javaVersion() >= 8);
        byte[] bytes = "rb8hx3pww30y3tvw0mwy.v1_1".getBytes(CharsetUtil.UTF_8);
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            SSLParameters sSLParameters = new SSLParameters();
            Java8SslTestUtils.setSNIMatcher(sSLParameters, bytes);
            wrapEngine.setSSLParameters(sSLParameters);
            Assert.assertTrue(unwrapEngine(wrapEngine).checkSniHostnameMatch(bytes));
            Assert.assertFalse(unwrapEngine(wrapEngine).checkSniHostnameMatch("other".getBytes(CharsetUtil.UTF_8)));
            cleanupServerSslEngine(wrapEngine);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupServerSslEngine(wrapEngine);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test(expected = IllegalArgumentException.class)
    public void testAlgorithmConstraintsThrows() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            SSLParameters sSLParameters = new SSLParameters();
            sSLParameters.setAlgorithmConstraints(new AlgorithmConstraints() { // from class: io.netty.handler.ssl.OpenSslEngineTest.1
                @Override // java.security.AlgorithmConstraints
                public boolean permits(Set<CryptoPrimitive> set, String str, AlgorithmParameters algorithmParameters) {
                    return false;
                }

                @Override // java.security.AlgorithmConstraints
                public boolean permits(Set<CryptoPrimitive> set, Key key) {
                    return false;
                }

                @Override // java.security.AlgorithmConstraints
                public boolean permits(Set<CryptoPrimitive> set, String str, Key key, AlgorithmParameters algorithmParameters) {
                    return false;
                }
            });
            wrapEngine.setSSLParameters(sSLParameters);
            cleanupServerSslEngine(wrapEngine);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupServerSslEngine(wrapEngine);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    private static void runTasksIfNeeded(SSLEngine sSLEngine) {
        if (sSLEngine.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_TASK) {
            return;
        }
        while (true) {
            Runnable delegatedTask = sSLEngine.getDelegatedTask();
            if (delegatedTask == null) {
                Assert.assertNotEquals(SSLEngineResult.HandshakeStatus.NEED_TASK, sSLEngine.getHandshakeStatus());
                return;
            }
            delegatedTask.run();
        }
    }

    @Test
    public void testExtractMasterkeyWorksCorrectly() throws Exception {
        if (this.protocolCipherCombo != SSLEngineTest.ProtocolCipherCombo.tlsv12()) {
            return;
        }
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(selfSignedCertificate.key(), new X509Certificate[]{selfSignedCertificate.cert()}).protocols(protocols()).ciphers(ciphers()).sslProvider(SslProvider.OPENSSL).build());
        SSLEngine wrapEngine = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(selfSignedCertificate.certificate()).protocols(protocols()).ciphers(ciphers()).sslProvider(SslProvider.OPENSSL).build());
        SSLEngine wrapEngine2 = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            Assume.assumeTrue("The diffie hellman cipher is not supported on your runtime.", Arrays.asList(wrapEngine2.getSupportedCipherSuites()).contains("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"));
            wrapEngine2.setEnabledCipherSuites(new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"});
            wrapEngine.setEnabledCipherSuites(new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"});
            int applicationBufferSize = wrapEngine2.getSession().getApplicationBufferSize();
            int packetBufferSize = wrapEngine2.getSession().getPacketBufferSize();
            ByteBuffer allocate = ByteBuffer.allocate(applicationBufferSize + 50);
            ByteBuffer allocate2 = ByteBuffer.allocate(applicationBufferSize + 50);
            ByteBuffer allocate3 = ByteBuffer.allocate(packetBufferSize);
            ByteBuffer allocate4 = ByteBuffer.allocate(packetBufferSize);
            ByteBuffer wrap = ByteBuffer.wrap("Hi Server, I'm Client".getBytes(CharsetUtil.US_ASCII));
            ByteBuffer wrap2 = ByteBuffer.wrap("Hello Client, I'm Server".getBytes(CharsetUtil.US_ASCII));
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= 1000) {
                    break;
                }
                wrapEngine2.wrap(wrap, allocate3);
                wrapEngine.wrap(wrap2, allocate4);
                allocate3.flip();
                allocate4.flip();
                runTasksIfNeeded(wrapEngine2);
                runTasksIfNeeded(wrapEngine);
                wrapEngine2.unwrap(allocate4, allocate);
                wrapEngine.unwrap(allocate3, allocate2);
                runTasksIfNeeded(wrapEngine2);
                runTasksIfNeeded(wrapEngine);
                if (wrap.limit() == allocate2.position() && wrap2.limit() == allocate.position()) {
                    byte[] serverRandom = SSL.getServerRandom(unwrapEngine(wrapEngine).sslPointer());
                    byte[] clientRandom = SSL.getClientRandom(unwrapEngine(wrapEngine2).sslPointer());
                    byte[] masterKey = SSL.getMasterKey(unwrapEngine(wrapEngine).sslPointer());
                    z = true;
                    Assert.assertArrayEquals(masterKey, SSL.getMasterKey(unwrapEngine(wrapEngine2).sslPointer()));
                    allocate3.flip();
                    allocate4.flip();
                    byte[] bArr = new byte[serverRandom.length + clientRandom.length];
                    System.arraycopy(serverRandom, 0, bArr, 0, serverRandom.length);
                    System.arraycopy(clientRandom, 0, bArr, serverRandom.length, clientRandom.length);
                    byte[] hash = PseudoRandomFunction.hash(masterKey, "key expansion".getBytes(CharsetUtil.US_ASCII), bArr, (2 * 16) + (2 * 32), "HmacSha256");
                    Arrays.copyOfRange(hash, 0, 0 + 32);
                    int i2 = 0 + 32;
                    Arrays.copyOfRange(hash, i2, i2 + 32);
                    int i3 = i2 + 32;
                    byte[] copyOfRange = Arrays.copyOfRange(hash, i3, i3 + 16);
                    int i4 = i3 + 16;
                    Arrays.copyOfRange(hash, i4, i4 + 16);
                    int i5 = i4 + 16;
                    allocate3.position(allocate3.position() + 5);
                    byte[] bArr2 = new byte[allocate3.remaining()];
                    allocate3.get(bArr2);
                    byte[] copyOfRange2 = Arrays.copyOfRange(bArr2, 0, 16);
                    byte[] copyOfRange3 = Arrays.copyOfRange(bArr2, 16, bArr2.length);
                    SecretKeySpec secretKeySpec = new SecretKeySpec(copyOfRange, "AES");
                    IvParameterSpec ivParameterSpec = new IvParameterSpec(copyOfRange2);
                    Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
                    cipher.init(2, secretKeySpec, ivParameterSpec);
                    Assert.assertTrue(new String(cipher.doFinal(copyOfRange3)).startsWith("Hi Server, I'm Client"));
                    break;
                }
                allocate3.compact();
                allocate4.compact();
                i++;
            }
            Assert.assertTrue("The assertions were never executed.", z);
            cleanupClientSslEngine(wrapEngine2);
            cleanupServerSslEngine(wrapEngine);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine2);
            cleanupServerSslEngine(wrapEngine);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Test(expected = SSLException.class)
    public void testNoKeyFound() throws Exception {
        this.clientSslCtx = wrapContext(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(SslContextBuilder.forServer(new X509ExtendedKeyManager() { // from class: io.netty.handler.ssl.OpenSslEngineTest.2
            @Override // javax.net.ssl.X509KeyManager
            public String[] getClientAliases(String str, Principal[] principalArr) {
                return new String[0];
            }

            @Override // javax.net.ssl.X509KeyManager
            public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                return null;
            }

            @Override // javax.net.ssl.X509KeyManager
            public String[] getServerAliases(String str, Principal[] principalArr) {
                return new String[0];
            }

            @Override // javax.net.ssl.X509KeyManager
            public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
                return null;
            }

            @Override // javax.net.ssl.X509KeyManager
            public X509Certificate[] getCertificateChain(String str) {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509KeyManager
            public PrivateKey getPrivateKey(String str) {
                return null;
            }
        }).sslProvider(sslServerProvider()).protocols(protocols()).ciphers(ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            handshake(wrapEngine, wrapEngine2);
        } finally {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        }
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @Test
    public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testSessionLocalWhenNonMutualWithKeyManager();
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
        Assume.assumeTrue(OpenSsl.supportsKeyManagerFactory());
        super.testSessionLocalWhenNonMutualWithoutKeyManager();
    }

    @Test
    public void testDefaultTLS1NotAcceptedByDefaultServer() throws Exception {
        testDefaultTLS1NotAcceptedByDefault(null, "TLSv1");
    }

    @Test
    public void testDefaultTLS11NotAcceptedByDefaultServer() throws Exception {
        testDefaultTLS1NotAcceptedByDefault(null, "TLSv1.1");
    }

    @Test
    public void testDefaultTLS1NotAcceptedByDefaultClient() throws Exception {
        testDefaultTLS1NotAcceptedByDefault("TLSv1", null);
    }

    @Test
    public void testDefaultTLS11NotAcceptedByDefaultClient() throws Exception {
        testDefaultTLS1NotAcceptedByDefault("TLSv1.1", null);
    }

    private void testDefaultTLS1NotAcceptedByDefault(String str, String str2) throws Exception {
        SslContextBuilder sslContextProvider = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider());
        if (str != null) {
            sslContextProvider.protocols(new String[]{str});
        }
        this.clientSslCtx = wrapContext(sslContextProvider.build());
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        SslContextBuilder sslContextProvider2 = SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider());
        if (str2 != null) {
            sslContextProvider2.protocols(new String[]{str2});
        }
        this.serverSslCtx = wrapContext(sslContextProvider2.build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            handshake(wrapEngine, wrapEngine2);
            Assert.fail();
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
        } catch (SSLHandshakeException e) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected SslProvider sslClientProvider() {
        return SslProvider.OPENSSL;
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected SslProvider sslServerProvider() {
        return SslProvider.OPENSSL;
    }

    private static ApplicationProtocolConfig acceptingNegotiator(ApplicationProtocolConfig.Protocol protocol, String... strArr) {
        return new ApplicationProtocolConfig(protocol, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, strArr);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected SSLEngine wrapEngine(SSLEngine sSLEngine) {
        return PlatformDependent.javaVersion() >= 8 ? Java8SslTestUtils.wrapSSLEngineForTesting(sSLEngine) : sSLEngine;
    }

    ReferenceCountedOpenSslEngine unwrapEngine(SSLEngine sSLEngine) {
        return sSLEngine instanceof JdkSslEngine ? ((JdkSslEngine) sSLEngine).getWrappedEngine() : (ReferenceCountedOpenSslEngine) sSLEngine;
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected SslContext wrapContext(SslContext sslContext) {
        if (sslContext instanceof OpenSslContext) {
            ((OpenSslContext) sslContext).setUseTasks(this.useTasks);
            ((OpenSslContext) sslContext).sessionContext().setSessionCacheEnabled(true);
        }
        return sslContext;
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @Test
    public void testSessionCache() throws Exception {
        Assume.assumeTrue(OpenSsl.isSessionCacheSupported());
        super.testSessionCache();
        assertSessionContext(this.clientSslCtx);
        assertSessionContext(this.serverSslCtx);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @Test
    public void testSessionCacheTimeout() throws Exception {
        Assume.assumeTrue(OpenSsl.isSessionCacheSupported());
        super.testSessionCacheTimeout();
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @Test
    public void testSessionCacheSize() throws Exception {
        Assume.assumeTrue(OpenSsl.isSessionCacheSupported());
        super.testSessionCacheSize();
    }

    private static void assertSessionContext(SslContext sslContext) {
        if (sslContext == null) {
            return;
        }
        OpenSslSessionContext sessionContext = sslContext.sessionContext();
        Assert.assertTrue(sessionContext.isSessionCacheEnabled());
        if (sessionContext.getIds().hasMoreElements()) {
            sessionContext.setSessionCacheEnabled(false);
            Assert.assertFalse(sessionContext.getIds().hasMoreElements());
            Assert.assertFalse(sessionContext.isSessionCacheEnabled());
        }
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected void assertSessionReusedForEngine(SSLEngine sSLEngine, SSLEngine sSLEngine2, boolean z) {
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(unwrapEngine(sSLEngine).isSessionReused()));
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(unwrapEngine(sSLEngine2).isSessionReused()));
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected boolean isSessionMaybeReused(SSLEngine sSLEngine) {
        return unwrapEngine(sSLEngine).isSessionReused();
    }
}
