package io.netty.handler.ssl;

import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.UnpooledByteBufAllocator;
import io.netty.handler.ssl.OpenSslPrivateKey;
import io.netty.internal.tcnative.SSL;
import io.netty.util.ReferenceCountUtil;
import java.io.InputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/netty/handler/ssl/OpenSslKeyMaterialProviderTest.class */
public class OpenSslKeyMaterialProviderTest {
    static final String PASSWORD = "example";
    static final String EXISTING_ALIAS = "1";
    private static final String NON_EXISTING_ALIAS = "nonexisting";

    /* loaded from: input_file:io/netty/handler/ssl/OpenSslKeyMaterialProviderTest$SingleKeyManager.class */
    private static final class SingleKeyManager implements X509KeyManager {
        private final String keyAlias;
        private final PrivateKey pk;
        private final X509Certificate[] certChain;

        SingleKeyManager(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
            this.keyAlias = str;
            this.pk = privateKey;
            this.certChain = x509CertificateArr;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return new String[]{this.keyAlias};
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.keyAlias;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return new String[]{this.keyAlias};
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.keyAlias;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.certChain;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.pk;
        }
    }

    @BeforeAll
    static void checkOpenSsl() {
        OpenSsl.ensureAvailability();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyManagerFactory newKeyManagerFactory() throws Exception {
        return newKeyManagerFactory(KeyManagerFactory.getDefaultAlgorithm());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyManagerFactory newKeyManagerFactory(String str) throws Exception {
        char[] charArray = PASSWORD.toCharArray();
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        InputStream resourceAsStream = getClass().getResourceAsStream("mutual_auth_server.p12");
        try {
            keyStore.load(resourceAsStream, charArray);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
            keyManagerFactory.init(keyStore, charArray);
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
            return keyManagerFactory;
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected OpenSslKeyMaterialProvider newMaterialProvider(KeyManagerFactory keyManagerFactory, String str) {
        return new OpenSslKeyMaterialProvider(ReferenceCountedOpenSslContext.chooseX509KeyManager(keyManagerFactory.getKeyManagers()), str);
    }

    protected void assertRelease(OpenSslKeyMaterial openSslKeyMaterial) {
        Assertions.assertTrue(openSslKeyMaterial.release());
    }

    @Test
    public void testChooseKeyMaterial() throws Exception {
        OpenSslKeyMaterialProvider newMaterialProvider = newMaterialProvider(newKeyManagerFactory(), PASSWORD);
        Assertions.assertNull(newMaterialProvider.chooseKeyMaterial(UnpooledByteBufAllocator.DEFAULT, NON_EXISTING_ALIAS));
        OpenSslKeyMaterial chooseKeyMaterial = newMaterialProvider.chooseKeyMaterial(UnpooledByteBufAllocator.DEFAULT, EXISTING_ALIAS);
        Assertions.assertNotNull(chooseKeyMaterial);
        Assertions.assertNotEquals(0L, chooseKeyMaterial.certificateChainAddress());
        Assertions.assertNotEquals(0L, chooseKeyMaterial.privateKeyAddress());
        assertRelease(chooseKeyMaterial);
        newMaterialProvider.destroy();
    }

    @Test
    public void testChooseOpenSslPrivateKeyMaterial() throws Exception {
        InputStream resourceAsStream = getClass().getResourceAsStream("localhost_server.key");
        try {
            PrivateKey privateKey = SslContext.toPrivateKey(resourceAsStream, (String) null);
            Assertions.assertNotNull(privateKey);
            Assertions.assertEquals("PKCS#8", privateKey.getFormat());
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
            resourceAsStream = getClass().getResourceAsStream("localhost_server.pem");
            try {
                X509Certificate[] x509Certificates = SslContext.toX509Certificates(resourceAsStream);
                Assertions.assertNotNull(x509Certificates);
                PemEncoded pemEncoded = null;
                long j = 0;
                try {
                    pemEncoded = PemPrivateKey.toPEM(ByteBufAllocator.DEFAULT, true, privateKey);
                    j = ReferenceCountedOpenSslContext.toBIO(ByteBufAllocator.DEFAULT, pemEncoded.retain());
                    OpenSslPrivateKey openSslPrivateKey = new OpenSslPrivateKey(SSL.parsePrivateKey(j, (String) null));
                    ReferenceCountUtil.safeRelease(pemEncoded);
                    if (j != 0) {
                        SSL.freeBIO(j);
                    }
                    OpenSslKeyMaterialProvider openSslKeyMaterialProvider = new OpenSslKeyMaterialProvider(new SingleKeyManager("key", openSslPrivateKey, x509Certificates), (String) null);
                    OpenSslKeyMaterial chooseKeyMaterial = openSslKeyMaterialProvider.chooseKeyMaterial(ByteBufAllocator.DEFAULT, "key");
                    Assertions.assertNotNull(chooseKeyMaterial);
                    Assertions.assertEquals(2, openSslPrivateKey.refCnt());
                    Assertions.assertEquals(1, chooseKeyMaterial.refCnt());
                    Assertions.assertTrue(chooseKeyMaterial.release());
                    Assertions.assertEquals(1, openSslPrivateKey.refCnt());
                    OpenSslPrivateKey.OpenSslPrivateKeyMaterial chooseKeyMaterial2 = openSslKeyMaterialProvider.chooseKeyMaterial(ByteBufAllocator.DEFAULT, "key");
                    Assertions.assertNotNull(chooseKeyMaterial2);
                    Assertions.assertEquals(2, openSslPrivateKey.refCnt());
                    Assertions.assertTrue(chooseKeyMaterial2.release());
                    Assertions.assertTrue(openSslPrivateKey.release());
                    Assertions.assertEquals(0, openSslPrivateKey.refCnt());
                    Assertions.assertEquals(0, chooseKeyMaterial2.refCnt());
                    Assertions.assertEquals(0L, chooseKeyMaterial2.certificateChain);
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                } catch (Throwable th) {
                    ReferenceCountUtil.safeRelease(pemEncoded);
                    if (j != 0) {
                        SSL.freeBIO(j);
                    }
                    throw th;
                }
            } finally {
            }
        } finally {
        }
    }
}
