package io.netty.handler.ssl;

import io.netty.buffer.UnpooledByteBufAllocator;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.util.CharsetUtil;
import java.io.ByteArrayInputStream;
import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.function.Executable;

/* loaded from: input_file:io/netty/handler/ssl/SslContextBuilderTest.class */
public class SslContextBuilderTest {
    @Test
    public void testClientContextFromFileJdk() throws Exception {
        testClientContextFromFile(SslProvider.JDK);
    }

    @Test
    public void testClientContextFromFileOpenssl() throws Exception {
        OpenSsl.ensureAvailability();
        testClientContextFromFile(SslProvider.OPENSSL);
    }

    @Test
    public void testClientContextJdk() throws Exception {
        testClientContext(SslProvider.JDK);
    }

    @Test
    public void testClientContextOpenssl() throws Exception {
        OpenSsl.ensureAvailability();
        testClientContext(SslProvider.OPENSSL);
    }

    @Test
    public void testKeyStoreTypeJdk() throws Exception {
        testKeyStoreType(SslProvider.JDK);
    }

    @Test
    public void testKeyStoreTypeOpenssl() throws Exception {
        OpenSsl.ensureAvailability();
        testKeyStoreType(SslProvider.OPENSSL);
    }

    @Test
    public void testServerContextFromFileJdk() throws Exception {
        testServerContextFromFile(SslProvider.JDK);
    }

    @Test
    public void testServerContextFromFileOpenssl() throws Exception {
        OpenSsl.ensureAvailability();
        testServerContextFromFile(SslProvider.OPENSSL);
    }

    @Test
    public void testServerContextJdk() throws Exception {
        testServerContext(SslProvider.JDK);
    }

    @Test
    public void testServerContextOpenssl() throws Exception {
        OpenSsl.ensureAvailability();
        testServerContext(SslProvider.OPENSSL);
    }

    @Test
    public void testContextFromManagersJdk() throws Exception {
        testContextFromManagers(SslProvider.JDK);
    }

    @Test
    public void testContextFromManagersOpenssl() throws Exception {
        OpenSsl.ensureAvailability();
        Assumptions.assumeTrue(OpenSsl.useKeyManagerFactory());
        testContextFromManagers(SslProvider.OPENSSL);
    }

    @Test
    public void testUnsupportedPrivateKeyFailsFastForServer() throws Exception {
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        Assertions.assertThrows(SSLException.class, new Executable() { // from class: io.netty.handler.ssl.SslContextBuilderTest.1
            public void execute() throws Throwable {
                SslContextBuilderTest.testUnsupportedPrivateKeyFailsFast(true);
            }
        });
    }

    @Test
    public void testUnsupportedPrivateKeyFailsFastForClient() throws Exception {
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        Assertions.assertThrows(SSLException.class, new Executable() { // from class: io.netty.handler.ssl.SslContextBuilderTest.2
            public void execute() throws Throwable {
                SslContextBuilderTest.testUnsupportedPrivateKeyFailsFast(false);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void testUnsupportedPrivateKeyFailsFast(boolean z) throws Exception {
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        if (z) {
            SslContextBuilder.forServer(new ByteArrayInputStream("-----BEGIN CERTIFICATE-----\nMIICODCCAY2gAwIBAgIEXKTrajAKBggqhkjOPQQDBDBUMQswCQYDVQQGEwJVUzEM\nMAoGA1UECAwDTi9hMQwwCgYDVQQHDANOL2ExDDAKBgNVBAoMA04vYTEMMAoGA1UE\nCwwDTi9hMQ0wCwYDVQQDDARUZXN0MB4XDTE5MDQwMzE3MjA0MloXDTIwMDQwMjE3\nMjA0MlowVDELMAkGA1UEBhMCVVMxDDAKBgNVBAgMA04vYTEMMAoGA1UEBwwDTi9h\nMQwwCgYDVQQKDANOL2ExDDAKBgNVBAsMA04vYTENMAsGA1UEAwwEVGVzdDCBpzAQ\nBgcqhkjOPQIBBgUrgQQAJwOBkgAEBPYWoTjlS2pCMGEM2P8qZnmURWA5e7XxPfIh\nHA876sjmgjJluPgT0OkweuxI4Y/XjzcPnnEBONgzAV1X93UmXdtRiIau/zvsAeFb\nj/q+6sfj1jdnUk6QsMx22kAwplXHmdz1z5ShXQ7mDZPxDbhCPEAUXzIzOqvWIZyA\nHgFxZXmQKEhExA8nxgSIvzQ3ucMwMAoGCCqGSM49BAMEA4GYADCBlAJIAdPD6jaN\nvGxkxcsIbcHn2gSfP1F1G8iNJYrXIN91KbQm8OEp4wxqnBwX8gb/3rmSoEhIU/te\nCcHuFs0guBjfgRWtJ/eDnKB/AkgDbkqrB5wqJFBmVd/rJ5QdwUVNuGP/vDjFVlb6\nEsny6//gTL7jYubLUKHOPIMftCZ2Jn4b+5l0kAs62HD5XkZLPDTwRbf7VCE=\n-----END CERTIFICATE-----".getBytes(CharsetUtil.US_ASCII)), new ByteArrayInputStream("-----BEGIN PRIVATE KEY-----\nMIIBCQIBADAQBgcqhkjOPQIBBgUrgQQAJwSB8TCB7gIBAQRIALNClTXqQWWlYDHw\nLjNxXpLk17iPepkmablhbxmYX/8CNzoz1o2gcUidoIO2DM9hm7adI/W31EOmSiUJ\n+UsC/ZH3i2qr0wn+oAcGBSuBBAAnoYGVA4GSAAQE9hahOOVLakIwYQzY/ypmeZRF\nYDl7tfE98iEcDzvqyOaCMmW4+BPQ6TB67Ejhj9ePNw+ecQE42DMBXVf3dSZd21GI\nhq7/O+wB4VuP+r7qx+PWN2dSTpCwzHbaQDCmVceZ3PXPlKFdDuYNk/ENuEI8QBRf\nMjM6q9YhnIAeAXFleZAoSETEDyfGBIi/NDe5wzA=\n-----END PRIVATE KEY-----".getBytes(CharsetUtil.US_ASCII)), (String) null).sslProvider(SslProvider.OPENSSL).build();
        } else {
            SslContextBuilder.forClient().keyManager(new ByteArrayInputStream("-----BEGIN CERTIFICATE-----\nMIICODCCAY2gAwIBAgIEXKTrajAKBggqhkjOPQQDBDBUMQswCQYDVQQGEwJVUzEM\nMAoGA1UECAwDTi9hMQwwCgYDVQQHDANOL2ExDDAKBgNVBAoMA04vYTEMMAoGA1UE\nCwwDTi9hMQ0wCwYDVQQDDARUZXN0MB4XDTE5MDQwMzE3MjA0MloXDTIwMDQwMjE3\nMjA0MlowVDELMAkGA1UEBhMCVVMxDDAKBgNVBAgMA04vYTEMMAoGA1UEBwwDTi9h\nMQwwCgYDVQQKDANOL2ExDDAKBgNVBAsMA04vYTENMAsGA1UEAwwEVGVzdDCBpzAQ\nBgcqhkjOPQIBBgUrgQQAJwOBkgAEBPYWoTjlS2pCMGEM2P8qZnmURWA5e7XxPfIh\nHA876sjmgjJluPgT0OkweuxI4Y/XjzcPnnEBONgzAV1X93UmXdtRiIau/zvsAeFb\nj/q+6sfj1jdnUk6QsMx22kAwplXHmdz1z5ShXQ7mDZPxDbhCPEAUXzIzOqvWIZyA\nHgFxZXmQKEhExA8nxgSIvzQ3ucMwMAoGCCqGSM49BAMEA4GYADCBlAJIAdPD6jaN\nvGxkxcsIbcHn2gSfP1F1G8iNJYrXIN91KbQm8OEp4wxqnBwX8gb/3rmSoEhIU/te\nCcHuFs0guBjfgRWtJ/eDnKB/AkgDbkqrB5wqJFBmVd/rJ5QdwUVNuGP/vDjFVlb6\nEsny6//gTL7jYubLUKHOPIMftCZ2Jn4b+5l0kAs62HD5XkZLPDTwRbf7VCE=\n-----END CERTIFICATE-----".getBytes(CharsetUtil.US_ASCII)), new ByteArrayInputStream("-----BEGIN PRIVATE KEY-----\nMIIBCQIBADAQBgcqhkjOPQIBBgUrgQQAJwSB8TCB7gIBAQRIALNClTXqQWWlYDHw\nLjNxXpLk17iPepkmablhbxmYX/8CNzoz1o2gcUidoIO2DM9hm7adI/W31EOmSiUJ\n+UsC/ZH3i2qr0wn+oAcGBSuBBAAnoYGVA4GSAAQE9hahOOVLakIwYQzY/ypmeZRF\nYDl7tfE98iEcDzvqyOaCMmW4+BPQ6TB67Ejhj9ePNw+ecQE42DMBXVf3dSZd21GI\nhq7/O+wB4VuP+r7qx+PWN2dSTpCwzHbaQDCmVceZ3PXPlKFdDuYNk/ENuEI8QBRf\nMjM6q9YhnIAeAXFleZAoSETEDyfGBIi/NDe5wzA=\n-----END PRIVATE KEY-----".getBytes(CharsetUtil.US_ASCII)), (String) null).sslProvider(SslProvider.OPENSSL).build();
        }
    }

    @Test
    public void testInvalidCipherJdk() throws Exception {
        OpenSsl.ensureAvailability();
        Assertions.assertThrows(IllegalArgumentException.class, new Executable() { // from class: io.netty.handler.ssl.SslContextBuilderTest.3
            public void execute() throws Throwable {
                SslContextBuilderTest.testInvalidCipher(SslProvider.JDK);
            }
        });
    }

    @Test
    public void testInvalidCipherOpenSSL() throws Exception {
        OpenSsl.ensureAvailability();
        try {
            testInvalidCipher(SslProvider.OPENSSL);
            if (!OpenSsl.versionString().contains("1.1.1")) {
                Assertions.fail();
            }
        } catch (SSLException e) {
        }
    }

    private static void testKeyStoreType(SslProvider sslProvider) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        SSLEngine newEngine = SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslProvider).keyStoreType("PKCS12").build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        newEngine.closeInbound();
        newEngine.closeOutbound();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void testInvalidCipher(SslProvider sslProvider) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        SslContextBuilder.forClient().sslProvider(sslProvider).ciphers(Collections.singleton("SOME_INVALID_CIPHER")).keyManager(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).trustManager(selfSignedCertificate.certificate()).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
    }

    private static void testClientContextFromFile(SslProvider sslProvider) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        SSLEngine newEngine = SslContextBuilder.forClient().sslProvider(sslProvider).keyManager(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).trustManager(selfSignedCertificate.certificate()).clientAuth(ClientAuth.OPTIONAL).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertFalse(newEngine.getWantClientAuth());
        Assertions.assertFalse(newEngine.getNeedClientAuth());
        newEngine.closeInbound();
        newEngine.closeOutbound();
    }

    private static void testClientContext(SslProvider sslProvider) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        SSLEngine newEngine = SslContextBuilder.forClient().sslProvider(sslProvider).keyManager(selfSignedCertificate.key(), new X509Certificate[]{selfSignedCertificate.cert()}).trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).clientAuth(ClientAuth.OPTIONAL).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertFalse(newEngine.getWantClientAuth());
        Assertions.assertFalse(newEngine.getNeedClientAuth());
        newEngine.closeInbound();
        newEngine.closeOutbound();
    }

    private static void testServerContextFromFile(SslProvider sslProvider) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        SSLEngine newEngine = SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslProvider).trustManager(selfSignedCertificate.certificate()).clientAuth(ClientAuth.OPTIONAL).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertTrue(newEngine.getWantClientAuth());
        Assertions.assertFalse(newEngine.getNeedClientAuth());
        newEngine.closeInbound();
        newEngine.closeOutbound();
    }

    private static void testServerContext(SslProvider sslProvider) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        SSLEngine newEngine = SslContextBuilder.forServer(selfSignedCertificate.key(), new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslProvider).trustManager(new X509Certificate[]{selfSignedCertificate.cert()}).clientAuth(ClientAuth.REQUIRE).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertFalse(newEngine.getWantClientAuth());
        Assertions.assertTrue(newEngine.getNeedClientAuth());
        newEngine.closeInbound();
        newEngine.closeOutbound();
    }

    private static void testContextFromManagers(SslProvider sslProvider) throws Exception {
        final SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        X509ExtendedKeyManager x509ExtendedKeyManager = new X509ExtendedKeyManager() { // from class: io.netty.handler.ssl.SslContextBuilderTest.4
            @Override // javax.net.ssl.X509KeyManager
            public String[] getClientAliases(String str, Principal[] principalArr) {
                return new String[0];
            }

            @Override // javax.net.ssl.X509KeyManager
            public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                return "cert_sent_to_server";
            }

            @Override // javax.net.ssl.X509KeyManager
            public String[] getServerAliases(String str, Principal[] principalArr) {
                return new String[0];
            }

            @Override // javax.net.ssl.X509KeyManager
            public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
                return null;
            }

            @Override // javax.net.ssl.X509KeyManager
            public X509Certificate[] getCertificateChain(String str) {
                new X509Certificate[1][0] = selfSignedCertificate.cert();
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509KeyManager
            public PrivateKey getPrivateKey(String str) {
                return selfSignedCertificate.key();
            }
        };
        X509ExtendedTrustManager x509ExtendedTrustManager = new X509ExtendedTrustManager() { // from class: io.netty.handler.ssl.SslContextBuilderTest.5
            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
        SSLEngine newEngine = SslContextBuilder.forClient().sslProvider(sslProvider).keyManager(x509ExtendedKeyManager).trustManager(x509ExtendedTrustManager).clientAuth(ClientAuth.OPTIONAL).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertFalse(newEngine.getWantClientAuth());
        Assertions.assertFalse(newEngine.getNeedClientAuth());
        newEngine.closeInbound();
        newEngine.closeOutbound();
        SSLEngine newEngine2 = SslContextBuilder.forServer(x509ExtendedKeyManager).sslProvider(sslProvider).trustManager(x509ExtendedTrustManager).clientAuth(ClientAuth.REQUIRE).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertFalse(newEngine2.getWantClientAuth());
        Assertions.assertTrue(newEngine2.getNeedClientAuth());
        newEngine2.closeInbound();
        newEngine2.closeOutbound();
    }
}
