package io.netty.handler.ssl;

import io.netty.bootstrap.Bootstrap;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.Unpooled;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.DefaultEventLoopGroup;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.SimpleChannelInboundHandler;
import io.netty.channel.local.LocalAddress;
import io.netty.channel.local.LocalChannel;
import io.netty.channel.local.LocalServerChannel;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.pkitesting.CertificateBuilder;
import io.netty.pkitesting.X509Bundle;
import io.netty.util.ReferenceCountUtil;
import io.netty.util.concurrent.Promise;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.Executor;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;

/* loaded from: input_file:io/netty/handler/ssl/CipherSuiteCanaryTest.class */
public class CipherSuiteCanaryTest {
    private static EventLoopGroup GROUP;
    private static X509Bundle CERT;

    static Collection<Object[]> parameters() {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(expand("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"));
        return arrayList;
    }

    @BeforeAll
    public static void init() throws Exception {
        GROUP = new DefaultEventLoopGroup();
        CERT = new CertificateBuilder().rsa2048().subject("cn=localhost").setIsCertificateAuthority(true).buildSelfSigned();
    }

    @AfterAll
    public static void destroy() {
        GROUP.shutdownGracefully();
    }

    private static void assumeCipherAvailable(SslProvider sslProvider, String str) throws NoSuchAlgorithmException {
        boolean z = false;
        if (sslProvider == SslProvider.JDK) {
            String[] supportedCipherSuites = SSLContext.getDefault().createSSLEngine().getSupportedCipherSuites();
            int length = supportedCipherSuites.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (str.equals(supportedCipherSuites[i])) {
                    z = true;
                    break;
                }
                i++;
            }
        } else {
            z = OpenSsl.isCipherSuiteAvailable(str);
        }
        Assumptions.assumeTrue(z, "Unsupported cipher: " + str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SslHandler newSslHandler(SslContext sslContext, ByteBufAllocator byteBufAllocator, Executor executor) {
        return executor == null ? sslContext.newHandler(byteBufAllocator) : sslContext.newHandler(byteBufAllocator, executor);
    }

    /* JADX WARN: Finally extract failed */
    @MethodSource({"parameters"})
    @ParameterizedTest(name = "{index}: serverSslProvider = {0}, clientSslProvider = {1}, rfcCipherName = {2}, delegate = {3}")
    public void testHandshake(SslProvider sslProvider, SslProvider sslProvider2, String str, boolean z) throws Exception {
        assumeCipherAvailable(sslProvider, str);
        assumeCipherAvailable(sslProvider2, str);
        List singletonList = Collections.singletonList(str);
        final SslContext build = SslContextBuilder.forServer(CERT.getKeyPair().getPrivate(), CERT.getCertificatePath()).sslProvider(sslProvider).ciphers(singletonList).protocols(new String[]{"TLSv1.2"}).build();
        final ExecutorService newCachedThreadPool = z ? Executors.newCachedThreadPool() : null;
        try {
            build = SslContextBuilder.forClient().sslProvider(sslProvider2).ciphers(singletonList).protocols(new String[]{"TLSv1.2"}).trustManager(InsecureTrustManagerFactory.INSTANCE).build();
            try {
                final Promise newPromise = GROUP.next().newPromise();
                final Promise newPromise2 = GROUP.next().newPromise();
                Channel server = server(new LocalAddress("test-" + sslProvider + '-' + sslProvider2 + '-' + str), new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.CipherSuiteCanaryTest.1
                    protected void initChannel(Channel channel) throws Exception {
                        ChannelPipeline pipeline = channel.pipeline();
                        pipeline.addLast(new ChannelHandler[]{CipherSuiteCanaryTest.newSslHandler(build, channel.alloc(), newCachedThreadPool)});
                        pipeline.addLast(new ChannelHandler[]{new SimpleChannelInboundHandler<Object>() { // from class: io.netty.handler.ssl.CipherSuiteCanaryTest.1.1
                            public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
                                newPromise.cancel(true);
                                channelHandlerContext.fireChannelInactive();
                            }

                            public void channelRead0(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                                if (newPromise.trySuccess((Object) null)) {
                                    channelHandlerContext.writeAndFlush(Unpooled.wrappedBuffer(new byte[]{80, 79, 78, 71}));
                                }
                                channelHandlerContext.close();
                            }

                            public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                                if (newPromise.tryFailure(th)) {
                                    return;
                                }
                                channelHandlerContext.fireExceptionCaught(th);
                            }
                        }});
                    }
                });
                try {
                    Channel client = client(server, new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.CipherSuiteCanaryTest.2
                        protected void initChannel(Channel channel) throws Exception {
                            ChannelPipeline pipeline = channel.pipeline();
                            pipeline.addLast(new ChannelHandler[]{CipherSuiteCanaryTest.newSslHandler(build, channel.alloc(), newCachedThreadPool)});
                            pipeline.addLast(new ChannelHandler[]{new SimpleChannelInboundHandler<Object>() { // from class: io.netty.handler.ssl.CipherSuiteCanaryTest.2.1
                                public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
                                    newPromise2.cancel(true);
                                    channelHandlerContext.fireChannelInactive();
                                }

                                public void channelRead0(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                                    newPromise2.trySuccess((Object) null);
                                    channelHandlerContext.close();
                                }

                                public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                                    if (newPromise2.tryFailure(th)) {
                                        return;
                                    }
                                    channelHandlerContext.fireExceptionCaught(th);
                                }
                            }});
                        }
                    });
                    try {
                        client.writeAndFlush(Unpooled.wrappedBuffer(new byte[]{80, 73, 78, 71})).syncUninterruptibly();
                        Assertions.assertTrue(newPromise2.await(5L, TimeUnit.SECONDS), "client timeout");
                        Assertions.assertTrue(newPromise.await(5L, TimeUnit.SECONDS), "server timeout");
                        newPromise2.sync();
                        newPromise.sync();
                        client.close().sync();
                        server.close().sync();
                        ReferenceCountUtil.release(build);
                    } catch (Throwable th) {
                        client.close().sync();
                        throw th;
                    }
                } catch (Throwable th2) {
                    server.close().sync();
                    throw th2;
                }
            } finally {
                ReferenceCountUtil.release(build);
            }
        } finally {
            ReferenceCountUtil.release(build);
            if (newCachedThreadPool != null) {
                newCachedThreadPool.shutdown();
            }
        }
    }

    private static Channel server(LocalAddress localAddress, ChannelHandler channelHandler) throws Exception {
        return new ServerBootstrap().channel(LocalServerChannel.class).group(GROUP).childHandler(channelHandler).bind(localAddress).sync().channel();
    }

    private static Channel client(Channel channel, ChannelHandler channelHandler) throws Exception {
        return new Bootstrap().channel(LocalChannel.class).group(GROUP).handler(channelHandler).connect(channel.localAddress()).sync().channel();
    }

    private static List<Object[]> expand(String str) {
        ArrayList arrayList = new ArrayList();
        SslProvider[] values = SslProvider.values();
        for (SslProvider sslProvider : values) {
            for (SslProvider sslProvider2 : values) {
                if ((sslProvider == SslProvider.JDK && sslProvider2 == SslProvider.JDK) || OpenSsl.isAvailable()) {
                    arrayList.add(new Object[]{sslProvider, sslProvider2, str, true});
                    arrayList.add(new Object[]{sslProvider, sslProvider2, str, false});
                }
            }
        }
        if (arrayList.isEmpty()) {
            throw new IllegalStateException();
        }
        return arrayList;
    }
}
