package io.netty.handler.ssl;

import io.netty.buffer.UnpooledByteBufAllocator;
import io.netty.handler.ssl.util.CachedSelfSignedCertificate;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.util.CharsetUtil;
import java.io.ByteArrayInputStream;
import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.function.Executable;

/* loaded from: input_file:io/netty/handler/ssl/SslContextBuilderTest.class */
public class SslContextBuilderTest {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/netty/handler/ssl/SslContextBuilderTest$SpySecureRandom.class */
    public static final class SpySecureRandom extends SecureRandom {
        private int count;

        private SpySecureRandom() {
        }

        @Override // java.util.Random
        public int nextInt() {
            this.count++;
            return super.nextInt();
        }

        @Override // java.util.Random
        public int nextInt(int i) {
            this.count++;
            return super.nextInt(i);
        }

        @Override // java.util.Random
        public long nextLong() {
            this.count++;
            return super.nextLong();
        }

        @Override // java.util.Random
        public boolean nextBoolean() {
            this.count++;
            return super.nextBoolean();
        }

        @Override // java.util.Random
        public float nextFloat() {
            this.count++;
            return super.nextFloat();
        }

        @Override // java.util.Random
        public double nextDouble() {
            this.count++;
            return super.nextDouble();
        }

        @Override // java.util.Random
        public double nextGaussian() {
            this.count++;
            return super.nextGaussian();
        }

        public int getCount() {
            return this.count;
        }
    }

    @Test
    public void testClientContextFromFileJdk() throws Exception {
        testClientContextFromFile(SslProvider.JDK);
    }

    @Test
    public void testClientContextFromFileOpenssl() throws Exception {
        OpenSsl.ensureAvailability();
        testClientContextFromFile(SslProvider.OPENSSL);
    }

    @Test
    public void testClientContextJdk() throws Exception {
        testClientContext(SslProvider.JDK);
    }

    @Test
    public void testClientContextOpenssl() throws Exception {
        OpenSsl.ensureAvailability();
        testClientContext(SslProvider.OPENSSL);
    }

    @Test
    public void testCombinedPemFileClientContextJdk() throws Exception {
        testServerContextWithCombinedCertAndKeyInPem(SslProvider.JDK);
    }

    @Test
    public void testCombinedPemFileClientContextOpenssl() throws Exception {
        OpenSsl.ensureAvailability();
        testServerContextWithCombinedCertAndKeyInPem(SslProvider.OPENSSL);
    }

    @Test
    public void testKeyStoreTypeJdk() throws Exception {
        testKeyStoreType(SslProvider.JDK);
    }

    @Test
    public void testKeyStoreTypeOpenssl() throws Exception {
        OpenSsl.ensureAvailability();
        testKeyStoreType(SslProvider.OPENSSL);
    }

    @Test
    public void testServerContextFromFileJdk() throws Exception {
        testServerContextFromFile(SslProvider.JDK);
    }

    @Test
    public void testServerContextFromFileOpenssl() throws Exception {
        OpenSsl.ensureAvailability();
        testServerContextFromFile(SslProvider.OPENSSL);
    }

    @Test
    public void testServerContextJdk() throws Exception {
        testServerContext(SslProvider.JDK);
    }

    @Test
    public void testServerContextOpenssl() throws Exception {
        OpenSsl.ensureAvailability();
        testServerContext(SslProvider.OPENSSL);
    }

    @Test
    public void testContextFromManagersJdk() throws Exception {
        testContextFromManagers(SslProvider.JDK);
    }

    @Test
    public void testContextFromManagersOpenssl() throws Exception {
        OpenSsl.ensureAvailability();
        Assumptions.assumeTrue(OpenSsl.useKeyManagerFactory());
        testContextFromManagers(SslProvider.OPENSSL);
    }

    @Test
    public void testUnsupportedPrivateKeyFailsFastForServer() {
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        testUnsupportedPrivateKeyFailsFast(true);
    }

    @Test
    public void testUnsupportedPrivateKeyFailsFastForClient() {
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        testUnsupportedPrivateKeyFailsFast(false);
    }

    private static void testUnsupportedPrivateKeyFailsFast(boolean z) {
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream("-----BEGIN CERTIFICATE-----\nMIICODCCAY2gAwIBAgIEXKTrajAKBggqhkjOPQQDBDBUMQswCQYDVQQGEwJVUzEM\nMAoGA1UECAwDTi9hMQwwCgYDVQQHDANOL2ExDDAKBgNVBAoMA04vYTEMMAoGA1UE\nCwwDTi9hMQ0wCwYDVQQDDARUZXN0MB4XDTE5MDQwMzE3MjA0MloXDTIwMDQwMjE3\nMjA0MlowVDELMAkGA1UEBhMCVVMxDDAKBgNVBAgMA04vYTEMMAoGA1UEBwwDTi9h\nMQwwCgYDVQQKDANOL2ExDDAKBgNVBAsMA04vYTENMAsGA1UEAwwEVGVzdDCBpzAQ\nBgcqhkjOPQIBBgUrgQQAJwOBkgAEBPYWoTjlS2pCMGEM2P8qZnmURWA5e7XxPfIh\nHA876sjmgjJluPgT0OkweuxI4Y/XjzcPnnEBONgzAV1X93UmXdtRiIau/zvsAeFb\nj/q+6sfj1jdnUk6QsMx22kAwplXHmdz1z5ShXQ7mDZPxDbhCPEAUXzIzOqvWIZyA\nHgFxZXmQKEhExA8nxgSIvzQ3ucMwMAoGCCqGSM49BAMEA4GYADCBlAJIAdPD6jaN\nvGxkxcsIbcHn2gSfP1F1G8iNJYrXIN91KbQm8OEp4wxqnBwX8gb/3rmSoEhIU/te\nCcHuFs0guBjfgRWtJ/eDnKB/AkgDbkqrB5wqJFBmVd/rJ5QdwUVNuGP/vDjFVlb6\nEsny6//gTL7jYubLUKHOPIMftCZ2Jn4b+5l0kAs62HD5XkZLPDTwRbf7VCE=\n-----END CERTIFICATE-----".getBytes(CharsetUtil.US_ASCII));
        ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream("-----BEGIN PRIVATE KEY-----\nMIIBCQIBADAQBgcqhkjOPQIBBgUrgQQAJwSB8TCB7gIBAQRIALNClTXqQWWlYDHw\nLjNxXpLk17iPepkmablhbxmYX/8CNzoz1o2gcUidoIO2DM9hm7adI/W31EOmSiUJ\n+UsC/ZH3i2qr0wn+oAcGBSuBBAAnoYGVA4GSAAQE9hahOOVLakIwYQzY/ypmeZRF\nYDl7tfE98iEcDzvqyOaCMmW4+BPQ6TB67Ejhj9ePNw+ecQE42DMBXVf3dSZd21GI\nhq7/O+wB4VuP+r7qx+PWN2dSTpCwzHbaQDCmVceZ3PXPlKFdDuYNk/ENuEI8QBRf\nMjM6q9YhnIAeAXFleZAoSETEDyfGBIi/NDe5wzA=\n-----END PRIVATE KEY-----".getBytes(CharsetUtil.US_ASCII));
        try {
            final SslContextBuilder forServer = z ? SslContextBuilder.forServer(byteArrayInputStream, byteArrayInputStream2, (String) null) : SslContextBuilder.forClient().keyManager(byteArrayInputStream, byteArrayInputStream2, (String) null);
            Assertions.assertThrows(SSLException.class, new Executable() { // from class: io.netty.handler.ssl.SslContextBuilderTest.1
                public void execute() throws Throwable {
                    forServer.sslProvider(SslProvider.OPENSSL).build();
                }
            });
        } catch (IllegalArgumentException e) {
            Assumptions.assumeFalse("Input stream not contain valid certificates.".equals(e.getMessage()) && e.getCause() != null && "java.io.IOException: Unknown named curve: 1.3.132.0.39".equals(e.getCause().getMessage()), "Cannot test that SslProvider rejects certificates with curve 1.3.132.0.39 because the key manager does not know the curve either.");
            throw e;
        }
    }

    private void testServerContextWithCombinedCertAndKeyInPem(SslProvider sslProvider) throws SSLException {
        SSLEngine newEngine = SslContextBuilder.forServer(new ByteArrayInputStream("-----BEGIN CERTIFICATE-----\nMIIB1jCCAX0CCQDq4PSOirh7MDAJBgcqhkjOPQQBMHIxCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIDAJDQTEMMAoGA1UEBwwDRm9vMQwwCgYDVQQKDANCYXIxDDAKBgNVBAsM\nA0JhejEQMA4GA1UEAwwHQmFyLmNvbTEaMBgGCSqGSIb3DQEJARYLZm9vQGJhci5j\nb20wHhcNMjIxMDAyMTYzODAyWhcNMjIxMjAxMTYzODAyWjB2MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQ0ExDDAKBgNVBAcMA0ZvbzEMMAoGA1UECgwDQmFyMQwwCgYD\nVQQLDANiYXoxFDASBgNVBAMMC2Jhci5iYXIuYmF6MRowGAYJKoZIhvcNAQkBFgtm\nb29AYmFyLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHiEmjPEqQbqXYMB\nnAPOv24rJf6MhTwHB0QC1suZ9q9XFUkalnqGryqf/emHs81RsXWKz4sCsbIJkmHz\nH8HYhmkwCQYHKoZIzj0EAQNIADBFAiBCgzxZ5qviemPdejt2WazSgwNJTbirzoQa\nFMv2XFTTCwIhANS3fZ8BulbYkdRWVEFwm2FGotqLfC60JA/gg/brlWSP\n-----END CERTIFICATE-----\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIF8RlaD0JX8u2Lryq1+AbYfDaTBPJnPSA8+N2L12YuuUoAoGCCqGSM49\nAwEHoUQDQgAEeISaM8SpBupdgwGcA86/bisl/oyFPAcHRALWy5n2r1cVSRqWeoav\nKp/96YezzVGxdYrPiwKxsgmSYfMfwdiGaQ==\n-----END EC PRIVATE KEY-----".getBytes(CharsetUtil.US_ASCII)), new ByteArrayInputStream("-----BEGIN CERTIFICATE-----\nMIIB1jCCAX0CCQDq4PSOirh7MDAJBgcqhkjOPQQBMHIxCzAJBgNVBAYTAlVTMQsw\nCQYDVQQIDAJDQTEMMAoGA1UEBwwDRm9vMQwwCgYDVQQKDANCYXIxDDAKBgNVBAsM\nA0JhejEQMA4GA1UEAwwHQmFyLmNvbTEaMBgGCSqGSIb3DQEJARYLZm9vQGJhci5j\nb20wHhcNMjIxMDAyMTYzODAyWhcNMjIxMjAxMTYzODAyWjB2MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQ0ExDDAKBgNVBAcMA0ZvbzEMMAoGA1UECgwDQmFyMQwwCgYD\nVQQLDANiYXoxFDASBgNVBAMMC2Jhci5iYXIuYmF6MRowGAYJKoZIhvcNAQkBFgtm\nb29AYmFyLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHiEmjPEqQbqXYMB\nnAPOv24rJf6MhTwHB0QC1suZ9q9XFUkalnqGryqf/emHs81RsXWKz4sCsbIJkmHz\nH8HYhmkwCQYHKoZIzj0EAQNIADBFAiBCgzxZ5qviemPdejt2WazSgwNJTbirzoQa\nFMv2XFTTCwIhANS3fZ8BulbYkdRWVEFwm2FGotqLfC60JA/gg/brlWSP\n-----END CERTIFICATE-----\n-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIF8RlaD0JX8u2Lryq1+AbYfDaTBPJnPSA8+N2L12YuuUoAoGCCqGSM49\nAwEHoUQDQgAEeISaM8SpBupdgwGcA86/bisl/oyFPAcHRALWy5n2r1cVSRqWeoav\nKp/96YezzVGxdYrPiwKxsgmSYfMfwdiGaQ==\n-----END EC PRIVATE KEY-----".getBytes(CharsetUtil.US_ASCII)), (String) null).sslProvider(sslProvider).clientAuth(ClientAuth.OPTIONAL).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertTrue(newEngine.getWantClientAuth());
        Assertions.assertFalse(newEngine.getNeedClientAuth());
        newEngine.closeInbound();
        newEngine.closeOutbound();
    }

    @Test
    public void testInvalidCipherJdk() throws Exception {
        OpenSsl.ensureAvailability();
        Assertions.assertThrows(IllegalArgumentException.class, new Executable() { // from class: io.netty.handler.ssl.SslContextBuilderTest.2
            public void execute() throws Throwable {
                SslContextBuilderTest.testInvalidCipher(SslProvider.JDK);
            }
        });
    }

    @Test
    public void testInvalidCipherOpenSSL() throws Exception {
        OpenSsl.ensureAvailability();
        try {
            testInvalidCipher(SslProvider.OPENSSL);
            if (!OpenSsl.versionString().contains("1.1.1")) {
                Assertions.fail();
            }
        } catch (SSLException e) {
        }
    }

    @Test
    public void testServerContextWithSecureRandom() throws Exception {
        testServerContextWithSecureRandom(SslProvider.JDK, new SpySecureRandom());
    }

    @Test
    public void testClientContextWithSecureRandom() throws Exception {
        testClientContextWithSecureRandom(SslProvider.JDK, new SpySecureRandom());
    }

    private static void testKeyStoreType(SslProvider sslProvider) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        SSLEngine newEngine = SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslProvider).keyStoreType("PKCS12").build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        newEngine.closeInbound();
        newEngine.closeOutbound();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void testInvalidCipher(SslProvider sslProvider) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        SslContextBuilder.forClient().sslProvider(sslProvider).ciphers(Collections.singleton("SOME_INVALID_CIPHER")).keyManager(cachedCertificate.certificate(), cachedCertificate.privateKey()).trustManager(cachedCertificate.certificate()).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
    }

    private static void testClientContextFromFile(SslProvider sslProvider) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        SSLEngine newEngine = SslContextBuilder.forClient().sslProvider(sslProvider).keyManager(cachedCertificate.certificate(), cachedCertificate.privateKey()).trustManager(cachedCertificate.certificate()).clientAuth(ClientAuth.OPTIONAL).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertFalse(newEngine.getWantClientAuth());
        Assertions.assertFalse(newEngine.getNeedClientAuth());
        newEngine.closeInbound();
        newEngine.closeOutbound();
    }

    private static void testClientContext(SslProvider sslProvider) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        SSLEngine newEngine = SslContextBuilder.forClient().sslProvider(sslProvider).keyManager(cachedCertificate.key(), new X509Certificate[]{cachedCertificate.cert()}).trustManager(new X509Certificate[]{cachedCertificate.cert()}).clientAuth(ClientAuth.OPTIONAL).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertFalse(newEngine.getWantClientAuth());
        Assertions.assertFalse(newEngine.getNeedClientAuth());
        newEngine.closeInbound();
        newEngine.closeOutbound();
    }

    private static void testServerContextFromFile(SslProvider sslProvider) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        SSLEngine newEngine = SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslProvider).trustManager(cachedCertificate.certificate()).clientAuth(ClientAuth.OPTIONAL).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertTrue(newEngine.getWantClientAuth());
        Assertions.assertFalse(newEngine.getNeedClientAuth());
        newEngine.closeInbound();
        newEngine.closeOutbound();
    }

    private static void testServerContext(SslProvider sslProvider) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        SSLEngine newEngine = SslContextBuilder.forServer(cachedCertificate.key(), new X509Certificate[]{cachedCertificate.cert()}).sslProvider(sslProvider).trustManager(new X509Certificate[]{cachedCertificate.cert()}).clientAuth(ClientAuth.REQUIRE).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertFalse(newEngine.getWantClientAuth());
        Assertions.assertTrue(newEngine.getNeedClientAuth());
        newEngine.closeInbound();
        newEngine.closeOutbound();
    }

    private static void testServerContextWithSecureRandom(SslProvider sslProvider, SpySecureRandom spySecureRandom) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        SSLEngine newEngine = SslContextBuilder.forServer(cachedCertificate.key(), new X509Certificate[]{cachedCertificate.cert()}).sslProvider(sslProvider).secureRandom(spySecureRandom).trustManager(new X509Certificate[]{cachedCertificate.cert()}).clientAuth(ClientAuth.REQUIRE).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertFalse(newEngine.getWantClientAuth());
        Assertions.assertTrue(newEngine.getNeedClientAuth());
        Assertions.assertTrue(spySecureRandom.getCount() > 0);
        newEngine.closeInbound();
        newEngine.closeOutbound();
    }

    private static void testClientContextWithSecureRandom(SslProvider sslProvider, SpySecureRandom spySecureRandom) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        SSLEngine newEngine = SslContextBuilder.forClient().sslProvider(sslProvider).secureRandom(spySecureRandom).keyManager(cachedCertificate.key(), new X509Certificate[]{cachedCertificate.cert()}).trustManager(new X509Certificate[]{cachedCertificate.cert()}).clientAuth(ClientAuth.OPTIONAL).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertFalse(newEngine.getWantClientAuth());
        Assertions.assertFalse(newEngine.getNeedClientAuth());
        Assertions.assertTrue(spySecureRandom.getCount() > 0);
        newEngine.closeInbound();
        newEngine.closeOutbound();
    }

    private static void testContextFromManagers(SslProvider sslProvider) throws Exception {
        final SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        X509ExtendedKeyManager x509ExtendedKeyManager = new X509ExtendedKeyManager() { // from class: io.netty.handler.ssl.SslContextBuilderTest.3
            @Override // javax.net.ssl.X509KeyManager
            public String[] getClientAliases(String str, Principal[] principalArr) {
                return new String[0];
            }

            @Override // javax.net.ssl.X509KeyManager
            public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                return "cert_sent_to_server";
            }

            @Override // javax.net.ssl.X509KeyManager
            public String[] getServerAliases(String str, Principal[] principalArr) {
                return new String[0];
            }

            @Override // javax.net.ssl.X509KeyManager
            public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
                return null;
            }

            @Override // javax.net.ssl.X509KeyManager
            public X509Certificate[] getCertificateChain(String str) {
                new X509Certificate[1][0] = cachedCertificate.cert();
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509KeyManager
            public PrivateKey getPrivateKey(String str) {
                return cachedCertificate.key();
            }
        };
        X509ExtendedTrustManager x509ExtendedTrustManager = new X509ExtendedTrustManager() { // from class: io.netty.handler.ssl.SslContextBuilderTest.4
            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
        SSLEngine newEngine = SslContextBuilder.forClient().sslProvider(sslProvider).keyManager(x509ExtendedKeyManager).trustManager(x509ExtendedTrustManager).clientAuth(ClientAuth.OPTIONAL).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertFalse(newEngine.getWantClientAuth());
        Assertions.assertFalse(newEngine.getNeedClientAuth());
        newEngine.closeInbound();
        newEngine.closeOutbound();
        SSLEngine newEngine2 = SslContextBuilder.forServer(x509ExtendedKeyManager).sslProvider(sslProvider).trustManager(x509ExtendedTrustManager).clientAuth(ClientAuth.REQUIRE).build().newEngine(UnpooledByteBufAllocator.DEFAULT);
        Assertions.assertFalse(newEngine2.getWantClientAuth());
        Assertions.assertTrue(newEngine2.getNeedClientAuth());
        newEngine2.closeInbound();
        newEngine2.closeOutbound();
    }
}
