package io.netty.testsuite.transport.socket;

import io.netty.bootstrap.Bootstrap;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.Unpooled;
import io.netty.channel.Channel;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.MultiThreadIoEventLoopGroup;
import io.netty.channel.nio.NioIoHandler;
import io.netty.channel.socket.nio.NioServerSocketChannel;
import io.netty.channel.socket.nio.NioSocketChannel;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.OpenSslContextOption;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandshakeCompletionEvent;
import io.netty.handler.ssl.SslProvider;
import io.netty.pkitesting.CertificateBuilder;
import io.netty.pkitesting.X509Bundle;
import io.netty.util.ReferenceCountUtil;
import io.netty.util.concurrent.ImmediateEventExecutor;
import io.netty.util.concurrent.Promise;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ThreadLocalRandom;
import java.util.concurrent.TimeUnit;
import java.util.stream.IntStream;
import java.util.stream.Stream;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.TrustManagerFactory;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.TestInstance;
import org.junit.jupiter.api.condition.EnabledIf;
import org.junit.jupiter.api.parallel.Execution;
import org.junit.jupiter.api.parallel.ExecutionMode;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;

@Execution(ExecutionMode.SAME_THREAD)
@EnabledIf("supportKeyManagerAndTLS13")
@TestInstance(TestInstance.Lifecycle.PER_CLASS)
/* loaded from: input_file:io/netty/testsuite/transport/socket/SocketSslLargeCertificateTest.class */
public class SocketSslLargeCertificateTest {
    private CertificateBuilder base;
    private X509Bundle rootCert;
    private MultiThreadIoEventLoopGroup group;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.netty.testsuite.transport.socket.SocketSslLargeCertificateTest$2, reason: invalid class name */
    /* loaded from: input_file:io/netty/testsuite/transport/socket/SocketSslLargeCertificateTest$2.class */
    public class AnonymousClass2 extends ChannelInitializer<Channel> {
        final /* synthetic */ SslContext val$clientSsl;
        final /* synthetic */ InetSocketAddress val$serverAddress;
        final /* synthetic */ Promise val$completion;

        AnonymousClass2(SslContext sslContext, InetSocketAddress inetSocketAddress, Promise promise) {
            this.val$clientSsl = sslContext;
            this.val$serverAddress = inetSocketAddress;
            this.val$completion = promise;
        }

        protected void initChannel(Channel channel) throws Exception {
            channel.pipeline().addLast(new ChannelHandler[]{this.val$clientSsl.newHandler(channel.alloc(), "localhost", this.val$serverAddress.getPort())});
            channel.pipeline().addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: io.netty.testsuite.transport.socket.SocketSslLargeCertificateTest.2.1
                private boolean receivedRead;

                public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                    if (obj instanceof SslHandshakeCompletionEvent) {
                        SslHandshakeCompletionEvent sslHandshakeCompletionEvent = (SslHandshakeCompletionEvent) obj;
                        if (sslHandshakeCompletionEvent.isSuccess()) {
                            channelHandlerContext.writeAndFlush(Unpooled.copiedBuffer("hello", StandardCharsets.UTF_8));
                        } else {
                            AnonymousClass2.this.val$completion.tryFailure(new ExecutionException(sslHandshakeCompletionEvent.cause()));
                            channelHandlerContext.close();
                        }
                    }
                }

                public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                    this.receivedRead = true;
                    ReferenceCountUtil.release(obj);
                }

                public void channelReadComplete(ChannelHandlerContext channelHandlerContext) throws Exception {
                    channelHandlerContext.fireChannelReadComplete();
                    if (this.receivedRead) {
                        this.receivedRead = false;
                        channelHandlerContext.writeAndFlush(Unpooled.buffer()).addListener(ChannelFutureListener.CLOSE);
                        channelHandlerContext.channel().closeFuture().addListener(new ChannelFutureListener() { // from class: io.netty.testsuite.transport.socket.SocketSslLargeCertificateTest.2.1.1
                            public void operationComplete(ChannelFuture channelFuture) throws Exception {
                                AnonymousClass2.this.val$completion.setSuccess((Object) null);
                            }
                        });
                    }
                }

                public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                    AnonymousClass2.this.val$completion.tryFailure(th);
                    super.exceptionCaught(channelHandlerContext, th);
                }
            }});
        }
    }

    @BeforeAll
    public void setUp() throws Exception {
        this.base = new CertificateBuilder().ecp256().setKeyUsage(true, new CertificateBuilder.KeyUsage[]{CertificateBuilder.KeyUsage.digitalSignature, CertificateBuilder.KeyUsage.keyCertSign});
        this.rootCert = this.base.copy().subject("cn=root.netty.io").setIsCertificateAuthority(true).buildSelfSigned();
        this.group = new MultiThreadIoEventLoopGroup(NioIoHandler.newFactory());
    }

    @AfterAll
    public void tearDown() {
        this.group.shutdownGracefully(100L, 1000L, TimeUnit.MILLISECONDS);
    }

    public static boolean supportKeyManagerAndTLS13() {
        return OpenSsl.isAvailable() && OpenSsl.supportsKeyManagerFactory() && SslProvider.isTlsv13Supported(SslProvider.OPENSSL);
    }

    public static Stream<Arguments> certExtensionSizes() {
        return IntStream.rangeClosed(16384 - 768, 16384).mapToObj(obj -> {
            return Arguments.of(new Object[]{obj});
        });
    }

    @MethodSource({"certExtensionSizes"})
    @ParameterizedTest
    void resumptionWithLargeCertificates(int i) throws Exception {
        X509Bundle buildIssuedBy = this.base.copy().subject("cn=localhost").addExtendedKeyUsageServerAuth().buildIssuedBy(this.rootCert);
        byte[] bArr = new byte[i];
        ThreadLocalRandom.current().nextBytes(bArr);
        X509Bundle buildIssuedBy2 = this.base.copy().subject("cn=client").addExtendedKeyUsageClientAuth().addExtensionOctetString("1.2.840.113635.100.6.2.1", false, bArr).buildIssuedBy(this.rootCert);
        TrustManagerFactory trustManagerFactory = this.rootCert.toTrustManagerFactory();
        KeyManagerFactory keyManagerFactory = buildIssuedBy.toKeyManagerFactory();
        KeyManagerFactory keyManagerFactory2 = buildIssuedBy2.toKeyManagerFactory();
        final SslContext build = SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.OPENSSL).trustManager(trustManagerFactory).protocols(new String[]{"TLSv1.3"}).clientAuth(ClientAuth.REQUIRE).option(OpenSslContextOption.MAX_CERTIFICATE_LIST_BYTES, 32768).build();
        SslContext build2 = SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL).keyManager(keyManagerFactory2).trustManager(trustManagerFactory).protocols(new String[]{"TLSv1.3"}).option(OpenSslContextOption.MAX_CERTIFICATE_LIST_BYTES, 32768).serverName(new SNIHostName("localhost")).endpointIdentificationAlgorithm((String) null).build();
        final Promise newPromise = ImmediateEventExecutor.INSTANCE.newPromise();
        Channel channel = new ServerBootstrap().group(this.group).channel(NioServerSocketChannel.class).childHandler(new ChannelInitializer<Channel>() { // from class: io.netty.testsuite.transport.socket.SocketSslLargeCertificateTest.1
            protected void initChannel(Channel channel2) throws Exception {
                channel2.pipeline().addLast(new ChannelHandler[]{build.newHandler(channel2.alloc())});
                channel2.pipeline().addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: io.netty.testsuite.transport.socket.SocketSslLargeCertificateTest.1.1
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj instanceof SslHandshakeCompletionEvent) {
                            SslHandshakeCompletionEvent sslHandshakeCompletionEvent = (SslHandshakeCompletionEvent) obj;
                            if (sslHandshakeCompletionEvent.isSuccess()) {
                                channelHandlerContext.writeAndFlush(Unpooled.buffer());
                            } else {
                                newPromise.tryFailure(new ExecutionException(sslHandshakeCompletionEvent.cause()));
                                channelHandlerContext.close();
                            }
                        }
                    }

                    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        channelHandlerContext.write(obj);
                    }

                    public void channelReadComplete(ChannelHandlerContext channelHandlerContext) throws Exception {
                        channelHandlerContext.flush();
                    }
                }});
            }
        }).bind(InetAddress.getLoopbackAddress(), 0).sync().channel();
        InetSocketAddress inetSocketAddress = (InetSocketAddress) channel.localAddress();
        Channel channel2 = new Bootstrap().group(this.group).channel(NioSocketChannel.class).handler(new AnonymousClass2(build2, inetSocketAddress, newPromise)).connect(inetSocketAddress).sync().channel();
        newPromise.sync();
        channel2.close().sync();
        channel.close().sync();
    }
}
