package io.netty.handler.ssl;

import io.netty.buffer.UnpooledByteBufAllocator;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.SSLEngineTest;
import io.netty.handler.ssl.util.CachedSelfSignedCertificate;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.internal.tcnative.SSL;
import io.netty.util.CharsetUtil;
import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.PlatformDependent;
import java.net.Socket;
import java.nio.ByteBuffer;
import java.security.AlgorithmConstraints;
import java.security.AlgorithmParameters;
import java.security.CryptoPrimitive;
import java.security.Key;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.X509ExtendedKeyManager;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.function.Executable;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import org.opentest4j.TestAbortedException;

/* loaded from: input_file:io/netty/handler/ssl/OpenSslEngineTest.class */
public class OpenSslEngineTest extends SSLEngineTest {
    private static final String PREFERRED_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http2";
    private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1";

    public OpenSslEngineTest() {
        super(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.netty.handler.ssl.SSLEngineTest
    public List<SSLEngineTest.SSLEngineTestParam> newTestParams() {
        List<SSLEngineTest.SSLEngineTestParam> newTestParams = super.newTestParams();
        ArrayList arrayList = new ArrayList();
        for (SSLEngineTest.SSLEngineTestParam sSLEngineTestParam : newTestParams) {
            arrayList.add(new OpenSslEngineTestParam(true, sSLEngineTestParam));
            arrayList.add(new OpenSslEngineTestParam(false, sSLEngineTestParam));
        }
        return arrayList;
    }

    @BeforeAll
    public static void checkOpenSsl() {
        OpenSsl.ensureAvailability();
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @AfterEach
    public void tearDown() throws InterruptedException {
        super.tearDown();
        Assertions.assertEquals(0, SSL.getLastErrorNumber(), "SSL error stack not correctly consumed");
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    public void testSessionAfterHandshakeKeyManagerFactory(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testSessionAfterHandshakeKeyManagerFactory(sSLEngineTestParam);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(sSLEngineTestParam);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(sSLEngineTestParam);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(sSLEngineTestParam);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(sSLEngineTestParam);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(sSLEngineTestParam);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(sSLEngineTestParam);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    public void testHandshakeSession(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testHandshakeSession(sSLEngineTestParam);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    public void testSupportedSignatureAlgorithms(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testSupportedSignatureAlgorithms(sSLEngineTestParam);
    }

    private static boolean isNpnSupported(String str) {
        int parseInt;
        String[] split = str.split(" ", -1);
        if (split.length != 2 || !"LibreSSL".equals(split[0])) {
            return true;
        }
        String[] split2 = split[1].split("\\.", -1);
        if (split2.length != 3 || (parseInt = Integer.parseInt(split2[0])) < 2) {
            return true;
        }
        if (parseInt > 2) {
            return false;
        }
        int parseInt2 = Integer.parseInt(split2[1]);
        if (parseInt2 < 6) {
            return true;
        }
        return parseInt2 <= 6 && Integer.parseInt(split2[2]) <= 0;
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testNpn(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        String versionString = OpenSsl.versionString();
        Assumptions.assumeTrue(isNpnSupported(versionString), "LibreSSL 2.6.1 removed NPN support, detected " + versionString);
        setupHandlers(sSLEngineTestParam, acceptingNegotiator(ApplicationProtocolConfig.Protocol.NPN, PREFERRED_APPLICATION_LEVEL_PROTOCOL));
        runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testAlpn(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        Assumptions.assumeTrue(OpenSsl.isAlpnSupported());
        setupHandlers(sSLEngineTestParam, acceptingNegotiator(ApplicationProtocolConfig.Protocol.ALPN, PREFERRED_APPLICATION_LEVEL_PROTOCOL));
        runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testAlpnCompatibleProtocolsDifferentClientOrder(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        Assumptions.assumeTrue(OpenSsl.isAlpnSupported());
        setupHandlers(sSLEngineTestParam, acceptingNegotiator(ApplicationProtocolConfig.Protocol.ALPN, PREFERRED_APPLICATION_LEVEL_PROTOCOL, FALLBACK_APPLICATION_LEVEL_PROTOCOL), acceptingNegotiator(ApplicationProtocolConfig.Protocol.ALPN, FALLBACK_APPLICATION_LEVEL_PROTOCOL, PREFERRED_APPLICATION_LEVEL_PROTOCOL));
        Assertions.assertNull(this.serverException);
        runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testEnablingAnAlreadyDisabledSslProtocol(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testEnablingAnAlreadyDisabledSslProtocol(sSLEngineTestParam, new String[]{"SSLv2Hello"}, new String[]{"SSLv2Hello", "TLSv1.2"});
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testWrapBuffersNoWritePendingError(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), 10240);
            byte[] bArr = new byte[allocateBuffer.capacity()];
            PlatformDependent.threadLocalRandom().nextBytes(bArr);
            allocateBuffer.put(bArr).flip();
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), 1);
            for (int i = 0; i < 100; i++) {
                allocateBuffer.position(0);
                allocateBuffer2.position(0);
                Assertions.assertSame(SSLEngineResult.Status.BUFFER_OVERFLOW, sSLEngine.wrap(allocateBuffer, allocateBuffer2).getStatus());
            }
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testOnlySmallBufferNeededForWrap(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), 1024);
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), (allocateBuffer.capacity() + unwrapEngine(sSLEngine).maxWrapOverhead()) - 1);
            ByteBuffer allocateBuffer3 = allocateBuffer(sSLEngineTestParam.type(), allocateBuffer.capacity() + unwrapEngine(sSLEngine).maxWrapOverhead());
            SSLEngineResult wrap = sSLEngine.wrap(allocateBuffer, allocateBuffer2);
            Assertions.assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, wrap.getStatus());
            Assertions.assertEquals(0, wrap.bytesConsumed());
            Assertions.assertEquals(0, wrap.bytesProduced());
            Assertions.assertEquals(allocateBuffer.remaining(), allocateBuffer.capacity());
            Assertions.assertEquals(allocateBuffer3.remaining(), allocateBuffer3.capacity());
            SSLEngineResult wrap2 = sSLEngine.wrap(allocateBuffer, allocateBuffer3);
            Assertions.assertEquals(SSLEngineResult.Status.OK, wrap2.getStatus());
            Assertions.assertEquals(1024, wrap2.bytesConsumed());
            Assertions.assertEquals(0, allocateBuffer.remaining());
            Assertions.assertTrue(wrap2.bytesProduced() > 1024);
            Assertions.assertEquals(allocateBuffer.capacity() - wrap2.bytesConsumed(), allocateBuffer.remaining());
            Assertions.assertEquals(allocateBuffer3.capacity() - wrap2.bytesProduced(), allocateBuffer3.remaining());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testNeededDstCapacityIsCorrectlyCalculated(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), 1024);
            ByteBuffer duplicate = allocateBuffer.duplicate();
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), allocateBuffer.capacity() + unwrapEngine(sSLEngine).maxWrapOverhead());
            SSLEngineResult wrap = sSLEngine.wrap(new ByteBuffer[]{allocateBuffer, duplicate}, allocateBuffer2);
            Assertions.assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, wrap.getStatus());
            Assertions.assertEquals(0, allocateBuffer.position());
            Assertions.assertEquals(0, duplicate.position());
            Assertions.assertEquals(0, allocateBuffer2.position());
            Assertions.assertEquals(0, wrap.bytesConsumed());
            Assertions.assertEquals(0, wrap.bytesProduced());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSrcsLenOverFlowCorrectlyHandled(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), 1024);
            ArrayList arrayList = new ArrayList();
            long j = 0;
            while (j < 4294967294L) {
                arrayList.add(allocateBuffer.duplicate());
                j += r0.capacity();
            }
            ByteBuffer[] byteBufferArr = (ByteBuffer[]) arrayList.toArray(new ByteBuffer[0]);
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), unwrapEngine(sSLEngine).maxEncryptedPacketLength() - 1);
            SSLEngineResult wrap = sSLEngine.wrap(byteBufferArr, allocateBuffer2);
            Assertions.assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, wrap.getStatus());
            for (ByteBuffer byteBuffer : byteBufferArr) {
                Assertions.assertEquals(0, byteBuffer.position());
            }
            Assertions.assertEquals(0, allocateBuffer2.position());
            Assertions.assertEquals(0, wrap.bytesConsumed());
            Assertions.assertEquals(0, wrap.bytesProduced());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testCalculateOutNetBufSizeOverflow(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws SSLException {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine = null;
        try {
            referenceCountedOpenSslEngine = this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
            Assertions.assertTrue(referenceCountedOpenSslEngine.calculateOutNetBufSize(Integer.MAX_VALUE, 1) > 0);
            cleanupClientSslEngine(referenceCountedOpenSslEngine);
        } catch (Throwable th) {
            cleanupClientSslEngine(referenceCountedOpenSslEngine);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testCalculateOutNetBufSize0(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws SSLException {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine = null;
        try {
            referenceCountedOpenSslEngine = this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
            Assertions.assertTrue(referenceCountedOpenSslEngine.calculateOutNetBufSize(0, 1) > 0);
            cleanupClientSslEngine(referenceCountedOpenSslEngine);
        } catch (Throwable th) {
            cleanupClientSslEngine(referenceCountedOpenSslEngine);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testCorrectlyCalculateSpaceForAlert(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testCorrectlyCalculateSpaceForAlert(sSLEngineTestParam, true);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testCorrectlyCalculateSpaceForAlertJDKCompatabilityModeOff(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testCorrectlyCalculateSpaceForAlert(sSLEngineTestParam, false);
    }

    private void testCorrectlyCalculateSpaceForAlert(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam, boolean z) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            if (z) {
                sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
                sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            } else {
                sSLEngine = wrapEngine(this.clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
                sSLEngine2 = wrapEngine(this.serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
            }
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            sSLEngine.closeOutbound();
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), 0);
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), sSLEngine.getSession().getPacketBufferSize());
            allocateBuffer2.limit(1);
            Assertions.assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, sSLEngine.wrap(allocateBuffer, allocateBuffer2).getStatus());
            allocateBuffer2.limit(allocateBuffer2.capacity());
            Assertions.assertEquals(SSLEngineResult.Status.CLOSED, sSLEngine.wrap(allocateBuffer, allocateBuffer2).getStatus());
            allocateBuffer2.flip();
            Assertions.assertEquals(SslUtils.getEncryptedPacketLength(new ByteBuffer[]{allocateBuffer2}, 0), allocateBuffer2.remaining());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected void mySetupMutualAuthServerInitSslHandler(SslHandler sslHandler) {
        sslHandler.engine().setVerify(-1, 1);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testWrapWithDifferentSizesTLSv1(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).build());
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "AES128-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "ECDHE-RSA-AES128-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "AECDH-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "CAMELLIA128-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "SEED-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "RC4-MD5");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "AES256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "ADH-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "EDH-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "ADH-RC4-MD5");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "IDEA-CBC-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "RC4-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "CAMELLIA256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "AECDH-RC4-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "ECDHE-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "ECDHE-RSA-AES256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1", "ECDHE-RSA-RC4-SHA");
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testWrapWithDifferentSizesTLSv1_1(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).build());
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "ECDHE-RSA-AES256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "AES256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "CAMELLIA256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "ECDHE-RSA-AES256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "SEED-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "CAMELLIA128-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "IDEA-CBC-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "AECDH-RC4-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "ADH-RC4-MD5");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "RC4-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "ECDHE-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "EDH-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "AECDH-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "ADH-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.1", "DES-CBC3-SHA");
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testWrapWithDifferentSizesTLSv1_2(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).build());
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "AES128-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "ECDHE-RSA-AES128-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "AES128-GCM-SHA256");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "ECDHE-RSA-AES256-SHA384");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "AECDH-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "AES256-GCM-SHA384");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "AES256-SHA256");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "ECDHE-RSA-AES128-GCM-SHA256");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "ECDHE-RSA-AES128-SHA256");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "CAMELLIA128-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "SEED-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "RC4-MD5");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "AES256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "ADH-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "EDH-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "ADH-RC4-MD5");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "RC4-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "CAMELLIA256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "AES128-SHA256");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "AECDH-RC4-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "ECDHE-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "ECDHE-RSA-AES256-GCM-SHA384");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "ECDHE-RSA-AES256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "TLSv1.2", "ECDHE-RSA-RC4-SHA");
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testWrapWithDifferentSizesSSLv3(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).build());
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "ADH-AES128-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "ADH-CAMELLIA128-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "AECDH-AES128-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "AECDH-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "CAMELLIA128-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "DHE-RSA-AES256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "SEED-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "RC4-MD5");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "ADH-AES256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "ADH-SEED-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "ADH-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "EDH-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "ADH-RC4-MD5");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "IDEA-CBC-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "DHE-RSA-AES128-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "RC4-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "CAMELLIA256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "AECDH-RC4-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "DHE-RSA-SEED-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "AECDH-AES256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "ECDHE-RSA-DES-CBC3-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "ADH-CAMELLIA256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "DHE-RSA-CAMELLIA256-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "DHE-RSA-CAMELLIA128-SHA");
        testWrapWithDifferentSizes(sSLEngineTestParam, "SSLv3", "ECDHE-RSA-RC4-SHA");
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testMultipleRecordsInOneBufferWithNonZeroPositionJDKCompatabilityModeOff(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new X509Certificate[]{cachedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).endpointIdentificationAlgorithm((String) null).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        try {
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), 1024);
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine2.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer3 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer4 = allocateBuffer(sSLEngineTestParam.type(), (allocateBuffer3.capacity() * 2) + 1);
            allocateBuffer4.position(1);
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
            allocateBuffer.limit(allocateBuffer.capacity());
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer, allocateBuffer3);
            Assertions.assertEquals(allocateBuffer.capacity(), wrap.bytesConsumed());
            Assertions.assertTrue(wrap.bytesProduced() > 0);
            allocateBuffer3.flip();
            allocateBuffer4.put(allocateBuffer3);
            allocateBuffer.clear();
            allocateBuffer3.clear();
            SSLEngineResult wrap2 = wrapEngine.wrap(allocateBuffer, allocateBuffer3);
            Assertions.assertEquals(allocateBuffer.capacity(), wrap2.bytesConsumed());
            Assertions.assertTrue(wrap2.bytesProduced() > 0);
            allocateBuffer3.flip();
            allocateBuffer4.put(allocateBuffer3);
            allocateBuffer3.clear();
            allocateBuffer4.flip();
            allocateBuffer4.position(1);
            allocateBuffer4.limit(allocateBuffer4.limit() - 1);
            int remaining = allocateBuffer4.remaining();
            SSLEngineResult unwrap = wrapEngine2.unwrap(allocateBuffer4, allocateBuffer2);
            Assertions.assertEquals(0, allocateBuffer4.remaining());
            Assertions.assertEquals(remaining, unwrap.bytesConsumed());
            Assertions.assertEquals(1024, unwrap.bytesProduced());
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testInputTooBigAndFillsUpBuffersJDKCompatabilityModeOff(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new X509Certificate[]{cachedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).endpointIdentificationAlgorithm((String) null).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        try {
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH + 100);
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), 512);
            ByteBuffer allocateBuffer3 = allocateBuffer(sSLEngineTestParam.type(), allocateBuffer.capacity() + allocateBuffer2.capacity());
            allocateBuffer3.put(allocateBuffer);
            allocateBuffer3.put(allocateBuffer2);
            allocateBuffer.clear();
            allocateBuffer2.clear();
            allocateBuffer3.flip();
            ByteBuffer allocateBuffer4 = allocateBuffer(sSLEngineTestParam.type(), ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH + 28);
            ByteBuffer allocateBuffer5 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer6 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine.getSession().getApplicationBufferSize() << 1);
            ByteBuffer allocateBuffer7 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine2.getSession().getApplicationBufferSize() << 1);
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
            int remaining = allocateBuffer.remaining();
            int remaining2 = allocateBuffer4.remaining();
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer, allocateBuffer4);
            Assertions.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
            Assertions.assertEquals(remaining - allocateBuffer.remaining(), wrap.bytesConsumed());
            Assertions.assertEquals(remaining2 - allocateBuffer4.remaining(), wrap.bytesProduced());
            SSLEngineResult wrap2 = wrapEngine.wrap(allocateBuffer, allocateBuffer4);
            Assertions.assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, wrap2.getStatus());
            Assertions.assertEquals(0, wrap2.bytesConsumed());
            Assertions.assertEquals(0, wrap2.bytesProduced());
            int remaining3 = allocateBuffer.remaining();
            int remaining4 = allocateBuffer5.remaining();
            SSLEngineResult wrap3 = wrapEngine.wrap(allocateBuffer, allocateBuffer5);
            Assertions.assertEquals(SSLEngineResult.Status.OK, wrap3.getStatus());
            Assertions.assertEquals(remaining3, wrap3.bytesConsumed());
            Assertions.assertEquals(remaining4 - allocateBuffer5.remaining(), wrap3.bytesProduced());
            Assertions.assertEquals(0, allocateBuffer.remaining());
            int remaining5 = allocateBuffer2.remaining();
            int remaining6 = allocateBuffer5.remaining();
            SSLEngineResult wrap4 = wrapEngine.wrap(allocateBuffer2, allocateBuffer5);
            Assertions.assertEquals(SSLEngineResult.Status.OK, wrap4.getStatus());
            Assertions.assertEquals(remaining5, wrap4.bytesConsumed());
            Assertions.assertEquals(remaining6 - allocateBuffer5.remaining(), wrap4.bytesProduced());
            allocateBuffer4.flip();
            allocateBuffer5.flip();
            allocateBuffer6.put(allocateBuffer4);
            allocateBuffer6.put(allocateBuffer5);
            allocateBuffer6.flip();
            int remaining7 = allocateBuffer6.remaining();
            SSLEngineResult unwrap = wrapEngine2.unwrap(allocateBuffer6, allocateBuffer7);
            Assertions.assertEquals(SSLEngineResult.Status.OK, unwrap.getStatus());
            Assertions.assertEquals(remaining7, unwrap.bytesConsumed());
            allocateBuffer7.flip();
            Assertions.assertEquals(allocateBuffer3, allocateBuffer7);
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testPartialPacketUnwrapJDKCompatabilityModeOff(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new X509Certificate[]{cachedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).endpointIdentificationAlgorithm((String) null).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        try {
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), 1024);
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), 512);
            ByteBuffer allocateBuffer3 = allocateBuffer(sSLEngineTestParam.type(), allocateBuffer.capacity() + allocateBuffer2.capacity());
            allocateBuffer3.put(allocateBuffer);
            allocateBuffer3.put(allocateBuffer2);
            allocateBuffer.clear();
            allocateBuffer2.clear();
            allocateBuffer3.flip();
            ByteBuffer allocateBuffer4 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer5 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine2.getSession().getApplicationBufferSize());
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer, allocateBuffer4);
            Assertions.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
            Assertions.assertEquals(wrap.bytesConsumed(), allocateBuffer.capacity());
            int bytesProduced = wrap.bytesProduced();
            SSLEngineResult wrap2 = wrapEngine.wrap(allocateBuffer2, allocateBuffer4);
            Assertions.assertEquals(SSLEngineResult.Status.OK, wrap2.getStatus());
            Assertions.assertEquals(wrap2.bytesConsumed(), allocateBuffer2.capacity());
            wrap2.bytesProduced();
            allocateBuffer4.flip();
            ByteBuffer duplicate = allocateBuffer4.duplicate();
            duplicate.limit(bytesProduced / 2);
            SSLEngineResult unwrap = wrapEngine2.unwrap(duplicate, allocateBuffer5);
            Assertions.assertEquals(SSLEngineResult.Status.OK, unwrap.getStatus());
            Assertions.assertEquals(unwrap.bytesConsumed(), bytesProduced / 2);
            allocateBuffer4.position(unwrap.bytesConsumed());
            ByteBuffer duplicate2 = allocateBuffer4.duplicate();
            int remaining = duplicate2.remaining() - 1;
            duplicate2.limit(duplicate2.limit() - 1);
            SSLEngineResult unwrap2 = wrapEngine2.unwrap(duplicate2, allocateBuffer5);
            Assertions.assertEquals(SSLEngineResult.Status.OK, unwrap2.getStatus());
            Assertions.assertEquals(unwrap2.bytesConsumed(), remaining);
            allocateBuffer4.position(allocateBuffer4.position() + unwrap2.bytesConsumed());
            SSLEngineResult unwrap3 = wrapEngine2.unwrap(allocateBuffer4, allocateBuffer5);
            Assertions.assertEquals(SSLEngineResult.Status.OK, unwrap3.getStatus());
            Assertions.assertEquals(unwrap3.bytesConsumed(), 1);
            allocateBuffer5.flip();
            Assertions.assertEquals(allocateBuffer3, allocateBuffer5);
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testBufferUnderFlowAvoidedIfJDKCompatabilityModeOff(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new X509Certificate[]{cachedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).endpointIdentificationAlgorithm((String) null).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine());
        try {
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), 1024);
            allocateBuffer.limit(allocateBuffer.capacity());
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer3 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine2.getSession().getApplicationBufferSize());
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer, allocateBuffer2);
            Assertions.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
            Assertions.assertEquals(wrap.bytesConsumed(), allocateBuffer.capacity());
            allocateBuffer2.flip();
            int remaining = allocateBuffer2.remaining();
            allocateBuffer2.limit(4);
            SSLEngineResult unwrap = wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3);
            Assertions.assertEquals(SSLEngineResult.Status.OK, unwrap.getStatus());
            Assertions.assertEquals(4, unwrap.bytesConsumed());
            Assertions.assertEquals(0, unwrap.bytesProduced());
            int bytesConsumed = remaining - unwrap.bytesConsumed();
            allocateBuffer2.limit(5);
            SSLEngineResult unwrap2 = wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3);
            Assertions.assertEquals(SSLEngineResult.Status.OK, unwrap2.getStatus());
            Assertions.assertEquals(1, unwrap2.bytesConsumed());
            Assertions.assertEquals(0, unwrap2.bytesProduced());
            int bytesConsumed2 = bytesConsumed - unwrap2.bytesConsumed();
            allocateBuffer2.limit(((5 + bytesConsumed2) - 1) - 5);
            SSLEngineResult unwrap3 = wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3);
            Assertions.assertEquals(SSLEngineResult.Status.OK, unwrap3.getStatus());
            Assertions.assertEquals(allocateBuffer2.limit() - 5, unwrap3.bytesConsumed());
            Assertions.assertEquals(0, unwrap3.bytesProduced());
            int bytesConsumed3 = bytesConsumed2 - unwrap3.bytesConsumed();
            allocateBuffer2.limit(bytesConsumed3);
            Assertions.assertEquals(0, allocateBuffer2.remaining());
            SSLEngineResult unwrap4 = wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3);
            Assertions.assertEquals(SSLEngineResult.Status.BUFFER_UNDERFLOW, unwrap4.getStatus());
            Assertions.assertEquals(0, unwrap4.bytesConsumed());
            Assertions.assertEquals(0, unwrap4.bytesProduced());
            allocateBuffer2.position(0);
            SSLEngineResult unwrap5 = wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3);
            Assertions.assertEquals(SSLEngineResult.Status.OK, unwrap5.getStatus());
            Assertions.assertEquals(bytesConsumed3, unwrap5.bytesConsumed());
            Assertions.assertEquals(0, unwrap5.bytesProduced());
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    private void testWrapWithDifferentSizes(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam, String str, String str2) throws Exception {
        Assumptions.assumeTrue(OpenSsl.SUPPORTED_PROTOCOLS_SET.contains(str));
        if (OpenSsl.isCipherSuiteAvailable(str2)) {
            SSLEngine sSLEngine = null;
            SSLEngine sSLEngine2 = null;
            try {
                sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
                sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
                sSLEngine.setEnabledCipherSuites(new String[]{str2});
                sSLEngine.setEnabledProtocols(new String[]{str});
                sSLEngine2.setEnabledCipherSuites(new String[]{str2});
                sSLEngine2.setEnabledProtocols(new String[]{str});
                try {
                    handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
                    int i = 64;
                    do {
                        testWrapDstBigEnough(sSLEngineTestParam.type(), sSLEngine, i);
                        i += 64;
                    } while (i < ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH);
                    testWrapDstBigEnough(sSLEngineTestParam.type(), sSLEngine, ReferenceCountedOpenSslEngine.MAX_PLAINTEXT_LENGTH);
                    cleanupClientSslEngine(sSLEngine);
                    cleanupServerSslEngine(sSLEngine2);
                } catch (SSLException e) {
                    if (!e.getMessage().contains("unsupported protocol") && !e.getMessage().contains("no protocols available")) {
                        throw e;
                    }
                    throw new TestAbortedException(str + " not supported with cipher " + str2, e);
                }
            } catch (Throwable th) {
                cleanupClientSslEngine(sSLEngine);
                cleanupServerSslEngine(sSLEngine2);
                throw th;
            }
        }
    }

    private void testWrapDstBigEnough(SSLEngineTest.BufferType bufferType, SSLEngine sSLEngine, int i) throws SSLException {
        ByteBuffer allocateBuffer = allocateBuffer(bufferType, i);
        ByteBuffer allocateBuffer2 = allocateBuffer(bufferType, i + unwrapEngine(sSLEngine).maxWrapOverhead());
        SSLEngineResult wrap = sSLEngine.wrap(allocateBuffer, allocateBuffer2);
        Assertions.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
        int bytesConsumed = wrap.bytesConsumed();
        int bytesProduced = wrap.bytesProduced();
        Assertions.assertEquals(i, bytesConsumed);
        Assertions.assertTrue(bytesProduced > bytesConsumed);
        allocateBuffer2.flip();
        Assertions.assertEquals(bytesProduced, allocateBuffer2.remaining());
        Assertions.assertFalse(allocateBuffer.hasRemaining());
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSNIMatchersDoesNotThrow(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            SSLParameters sSLParameters = new SSLParameters();
            Java8SslTestUtils.setSNIMatcher(sSLParameters, EmptyArrays.EMPTY_BYTES);
            wrapEngine.setSSLParameters(sSLParameters);
            cleanupServerSslEngine(wrapEngine);
        } catch (Throwable th) {
            cleanupServerSslEngine(wrapEngine);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSNIMatchersWithSNINameWithUnderscore(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        byte[] bytes = "rb8hx3pww30y3tvw0mwy.v1_1".getBytes(CharsetUtil.UTF_8);
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            SSLParameters sSLParameters = new SSLParameters();
            Java8SslTestUtils.setSNIMatcher(sSLParameters, bytes);
            wrapEngine.setSSLParameters(sSLParameters);
            Assertions.assertFalse(unwrapEngine(wrapEngine).checkSniHostnameMatch("other".getBytes(CharsetUtil.UTF_8)));
            cleanupServerSslEngine(wrapEngine);
        } catch (Throwable th) {
            cleanupServerSslEngine(wrapEngine);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testAlgorithmConstraintsThrows(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        final SSLEngine wrapEngine = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        final SSLParameters sSLParameters = new SSLParameters();
        sSLParameters.setAlgorithmConstraints(new AlgorithmConstraints() { // from class: io.netty.handler.ssl.OpenSslEngineTest.1
            @Override // java.security.AlgorithmConstraints
            public boolean permits(Set<CryptoPrimitive> set, String str, AlgorithmParameters algorithmParameters) {
                return false;
            }

            @Override // java.security.AlgorithmConstraints
            public boolean permits(Set<CryptoPrimitive> set, Key key) {
                return false;
            }

            @Override // java.security.AlgorithmConstraints
            public boolean permits(Set<CryptoPrimitive> set, String str, Key key, AlgorithmParameters algorithmParameters) {
                return false;
            }
        });
        try {
            Assertions.assertThrows(IllegalArgumentException.class, new Executable() { // from class: io.netty.handler.ssl.OpenSslEngineTest.2
                public void execute() throws Throwable {
                    wrapEngine.setSSLParameters(sSLParameters);
                }
            });
            cleanupServerSslEngine(wrapEngine);
        } catch (Throwable th) {
            cleanupServerSslEngine(wrapEngine);
            throw th;
        }
    }

    private static void runTasksIfNeeded(SSLEngine sSLEngine) {
        if (sSLEngine.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_TASK) {
            return;
        }
        while (true) {
            Runnable delegatedTask = sSLEngine.getDelegatedTask();
            if (delegatedTask == null) {
                Assertions.assertNotEquals(SSLEngineResult.HandshakeStatus.NEED_TASK, sSLEngine.getHandshakeStatus());
                return;
            }
            delegatedTask.run();
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testExtractMasterkeyWorksCorrectly(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        if (sSLEngineTestParam.combo() != SSLEngineTest.ProtocolCipherCombo.tlsv12()) {
            return;
        }
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.key(), new X509Certificate[]{cachedCertificate.cert()}).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).sslProvider(SslProvider.OPENSSL).build());
        SSLEngine wrapEngine = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(cachedCertificate.certificate()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).endpointIdentificationAlgorithm((String) null).sslProvider(SslProvider.OPENSSL).build());
        SSLEngine wrapEngine2 = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            Assumptions.assumeTrue(Arrays.asList(wrapEngine2.getSupportedCipherSuites()).contains("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"), "The diffie hellman cipher is not supported on your runtime.");
            wrapEngine2.setEnabledCipherSuites(new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"});
            wrapEngine.setEnabledCipherSuites(new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"});
            int applicationBufferSize = wrapEngine2.getSession().getApplicationBufferSize();
            int packetBufferSize = wrapEngine2.getSession().getPacketBufferSize();
            ByteBuffer allocate = ByteBuffer.allocate(applicationBufferSize + 50);
            ByteBuffer allocate2 = ByteBuffer.allocate(applicationBufferSize + 50);
            ByteBuffer allocate3 = ByteBuffer.allocate(packetBufferSize);
            ByteBuffer allocate4 = ByteBuffer.allocate(packetBufferSize);
            ByteBuffer wrap = ByteBuffer.wrap("Hi Server, I'm Client".getBytes(CharsetUtil.US_ASCII));
            ByteBuffer wrap2 = ByteBuffer.wrap("Hello Client, I'm Server".getBytes(CharsetUtil.US_ASCII));
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= 1000) {
                    break;
                }
                wrapEngine2.wrap(wrap, allocate3);
                wrapEngine.wrap(wrap2, allocate4);
                allocate3.flip();
                allocate4.flip();
                runTasksIfNeeded(wrapEngine2);
                runTasksIfNeeded(wrapEngine);
                wrapEngine2.unwrap(allocate4, allocate);
                wrapEngine.unwrap(allocate3, allocate2);
                runTasksIfNeeded(wrapEngine2);
                runTasksIfNeeded(wrapEngine);
                if (wrap.limit() == allocate2.position() && wrap2.limit() == allocate.position()) {
                    byte[] serverRandom = SSL.getServerRandom(unwrapEngine(wrapEngine).sslPointer());
                    byte[] clientRandom = SSL.getClientRandom(unwrapEngine(wrapEngine2).sslPointer());
                    byte[] masterKey = SSL.getMasterKey(unwrapEngine(wrapEngine).sslPointer());
                    z = true;
                    Assertions.assertArrayEquals(masterKey, SSL.getMasterKey(unwrapEngine(wrapEngine2).sslPointer()));
                    allocate3.flip();
                    allocate4.flip();
                    byte[] bArr = new byte[serverRandom.length + clientRandom.length];
                    System.arraycopy(serverRandom, 0, bArr, 0, serverRandom.length);
                    System.arraycopy(clientRandom, 0, bArr, serverRandom.length, clientRandom.length);
                    byte[] hash = PseudoRandomFunction.hash(masterKey, "key expansion".getBytes(CharsetUtil.US_ASCII), bArr, (2 * 16) + (2 * 32), "HmacSha256");
                    Arrays.copyOfRange(hash, 0, 0 + 32);
                    int i2 = 0 + 32;
                    Arrays.copyOfRange(hash, i2, i2 + 32);
                    int i3 = i2 + 32;
                    byte[] copyOfRange = Arrays.copyOfRange(hash, i3, i3 + 16);
                    int i4 = i3 + 16;
                    Arrays.copyOfRange(hash, i4, i4 + 16);
                    int i5 = i4 + 16;
                    allocate3.position(allocate3.position() + 5);
                    byte[] bArr2 = new byte[allocate3.remaining()];
                    allocate3.get(bArr2);
                    byte[] copyOfRange2 = Arrays.copyOfRange(bArr2, 0, 16);
                    byte[] copyOfRange3 = Arrays.copyOfRange(bArr2, 16, bArr2.length);
                    SecretKeySpec secretKeySpec = new SecretKeySpec(copyOfRange, "AES");
                    IvParameterSpec ivParameterSpec = new IvParameterSpec(copyOfRange2);
                    Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
                    cipher.init(2, secretKeySpec, ivParameterSpec);
                    Assertions.assertTrue(new String(cipher.doFinal(copyOfRange3)).startsWith("Hi Server, I'm Client"));
                    break;
                }
                allocate3.compact();
                allocate4.compact();
                i++;
            }
            Assertions.assertTrue(z, "The assertions were never executed.");
            cleanupClientSslEngine(wrapEngine2);
            cleanupServerSslEngine(wrapEngine);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine2);
            cleanupServerSslEngine(wrapEngine);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testNoKeyFound(final SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        final SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(new X509ExtendedKeyManager() { // from class: io.netty.handler.ssl.OpenSslEngineTest.3
            @Override // javax.net.ssl.X509KeyManager
            public String[] getClientAliases(String str, Principal[] principalArr) {
                return new String[0];
            }

            @Override // javax.net.ssl.X509KeyManager
            public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                return null;
            }

            @Override // javax.net.ssl.X509KeyManager
            public String[] getServerAliases(String str, Principal[] principalArr) {
                return new String[0];
            }

            @Override // javax.net.ssl.X509KeyManager
            public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
                return null;
            }

            @Override // javax.net.ssl.X509KeyManager
            public X509Certificate[] getCertificateChain(String str) {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509KeyManager
            public PrivateKey getPrivateKey(String str) {
                return null;
            }
        }).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        final SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            Assertions.assertThrows(SSLException.class, new Executable() { // from class: io.netty.handler.ssl.OpenSslEngineTest.4
                public void execute() throws Throwable {
                    OpenSslEngineTest.this.handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
                }
            });
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testSessionLocalWhenNonMutualWithKeyManager(sSLEngineTestParam);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        Assumptions.assumeTrue(OpenSsl.supportsKeyManagerFactory());
        super.testSessionLocalWhenNonMutualWithoutKeyManager(sSLEngineTestParam);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testDefaultTLS1NotAcceptedByDefaultServer(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testDefaultTLS1NotAcceptedByDefault(sSLEngineTestParam, null, "TLSv1");
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testDefaultTLS11NotAcceptedByDefaultServer(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testDefaultTLS1NotAcceptedByDefault(sSLEngineTestParam, null, "TLSv1.1");
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testDefaultTLS1NotAcceptedByDefaultClient(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testDefaultTLS1NotAcceptedByDefault(sSLEngineTestParam, "TLSv1", null);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testDefaultTLS11NotAcceptedByDefaultClient(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testDefaultTLS1NotAcceptedByDefault(sSLEngineTestParam, "TLSv1.1", null);
    }

    private void testDefaultTLS1NotAcceptedByDefault(final SSLEngineTest.SSLEngineTestParam sSLEngineTestParam, String str, String str2) throws Exception {
        SslContextBuilder sslContextProvider = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider());
        if (str != null) {
            sslContextProvider.protocols(new String[]{str});
        }
        this.clientSslCtx = wrapContext(sSLEngineTestParam, sslContextProvider.build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        SslContextBuilder sslContextProvider2 = SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider());
        if (str2 != null) {
            sslContextProvider2.protocols(new String[]{str2});
        }
        this.serverSslCtx = wrapContext(sSLEngineTestParam, sslContextProvider2.build());
        final SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        final SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            Assertions.assertThrows(SSLHandshakeException.class, new Executable() { // from class: io.netty.handler.ssl.OpenSslEngineTest.5
                public void execute() throws Throwable {
                    OpenSslEngineTest.this.handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
                }
            });
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected SslProvider sslClientProvider() {
        return SslProvider.OPENSSL;
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected SslProvider sslServerProvider() {
        return SslProvider.OPENSSL;
    }

    private static ApplicationProtocolConfig acceptingNegotiator(ApplicationProtocolConfig.Protocol protocol, String... strArr) {
        return new ApplicationProtocolConfig(protocol, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, strArr);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected SSLEngine wrapEngine(SSLEngine sSLEngine) {
        return Java8SslTestUtils.wrapSSLEngineForTesting(sSLEngine);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ReferenceCountedOpenSslEngine unwrapEngine(SSLEngine sSLEngine) {
        return sSLEngine instanceof JdkSslEngine ? ((JdkSslEngine) sSLEngine).getWrappedEngine() : (ReferenceCountedOpenSslEngine) sSLEngine;
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected SslContext wrapContext(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam, SslContext sslContext) {
        if (sslContext instanceof OpenSslContext) {
            if (sSLEngineTestParam instanceof OpenSslEngineTestParam) {
                ((OpenSslContext) sslContext).setUseTasks(((OpenSslEngineTestParam) sSLEngineTestParam).useTasks);
            }
            ((OpenSslContext) sslContext).sessionContext().setSessionCacheEnabled(true);
        }
        return sslContext;
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionCache(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        Assumptions.assumeTrue(OpenSsl.isSessionCacheSupported());
        super.testSessionCache(sSLEngineTestParam);
        assertSessionContext(this.clientSslCtx);
        assertSessionContext(this.serverSslCtx);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionCacheTimeout(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        Assumptions.assumeTrue(OpenSsl.isSessionCacheSupported());
        super.testSessionCacheTimeout(sSLEngineTestParam);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionCacheSize(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        Assumptions.assumeTrue(OpenSsl.isSessionCacheSupported());
        super.testSessionCacheSize(sSLEngineTestParam);
    }

    private static void assertSessionContext(SslContext sslContext) {
        if (sslContext == null) {
            return;
        }
        OpenSslSessionContext sessionContext = sslContext.sessionContext();
        Assertions.assertTrue(sessionContext.isSessionCacheEnabled());
        if (sessionContext.getIds().hasMoreElements()) {
            sessionContext.setSessionCacheEnabled(false);
            Assertions.assertFalse(sessionContext.getIds().hasMoreElements());
            Assertions.assertFalse(sessionContext.isSessionCacheEnabled());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.netty.handler.ssl.SSLEngineTest
    public void assertSessionReusedForEngine(SSLEngine sSLEngine, SSLEngine sSLEngine2, boolean z) {
        Assertions.assertEquals(Boolean.valueOf(z), Boolean.valueOf(unwrapEngine(sSLEngine).isSessionReused()));
        Assertions.assertEquals(Boolean.valueOf(z), Boolean.valueOf(unwrapEngine(sSLEngine2).isSessionReused()));
        super.assertSessionReusedForEngine(sSLEngine, sSLEngine2, z);
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    protected SSLEngineTest.SessionReusedState isSessionReused(SSLEngine sSLEngine) {
        return unwrapEngine(sSLEngine).isSessionReused() ? SSLEngineTest.SessionReusedState.REUSED : SSLEngineTest.SessionReusedState.NOT_REUSED;
    }

    @Override // io.netty.handler.ssl.SSLEngineTest
    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testRSASSAPSS(SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        OpenSslTestUtils.checkShouldUseKeyManagerFactory();
        super.testRSASSAPSS(sSLEngineTestParam);
    }

    @Test
    public void testExtraDataInLastSrcBufferForClientUnwrapNonjdkCompatabilityMode() throws Exception {
        SSLEngineTest.SSLEngineTestParam sSLEngineTestParam = new SSLEngineTest.SSLEngineTestParam(SSLEngineTest.BufferType.Direct, SSLEngineTest.ProtocolCipherCombo.tlsv12(), false);
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).clientAuth(ClientAuth.NONE).build());
        testExtraDataInLastSrcBufferForClientUnwrap(sSLEngineTestParam, wrapEngine(this.clientSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()), wrapEngine(this.serverSslCtx.newHandler(UnpooledByteBufAllocator.DEFAULT).engine()));
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testMaxCertificateList(final SSLEngineTest.SSLEngineTestParam sSLEngineTestParam) throws Exception {
        Assumptions.assumeTrue(SslProvider.isOptionSupported(sslClientProvider(), OpenSslContextOption.MAX_CERTIFICATE_LIST_BYTES));
        Assumptions.assumeTrue(SslProvider.isOptionSupported(sslServerProvider(), OpenSslContextOption.MAX_CERTIFICATE_LIST_BYTES));
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).keyManager(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).option(OpenSslContextOption.MAX_CERTIFICATE_LIST_BYTES, 10).build());
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).option(OpenSslContextOption.MAX_CERTIFICATE_LIST_BYTES, 10).clientAuth(ClientAuth.REQUIRE).build());
        final SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        final SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            SSLException sSLException = (SSLException) Assertions.assertThrows(SSLException.class, new Executable() { // from class: io.netty.handler.ssl.OpenSslEngineTest.6
                public void execute() throws Throwable {
                    OpenSslEngineTest.this.handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
                }
            });
            if (!"TLSv1.3".equals(wrapEngine.getSession().getProtocol())) {
                Assertions.assertInstanceOf(SSLHandshakeException.class, sSLException);
            }
        } finally {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        }
    }
}
