package io.netty.handler.ssl;

import io.netty.bootstrap.Bootstrap;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.ByteBufAllocator;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.DefaultEventLoopGroup;
import io.netty.channel.local.LocalAddress;
import io.netty.channel.local.LocalChannel;
import io.netty.channel.local.LocalServerChannel;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.handler.ssl.util.SimpleTrustManagerFactory;
import io.netty.util.ReferenceCountUtil;
import io.netty.util.concurrent.Promise;
import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.ThrowableUtil;
import java.io.IOException;
import java.net.Socket;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.KeyManagerFactorySpi;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import org.junit.Assert;

/* loaded from: input_file:io/netty/handler/ssl/SniClientJava8TestUtil.class */
final class SniClientJava8TestUtil {

    /* loaded from: input_file:io/netty/handler/ssl/SniClientJava8TestUtil$SniX509KeyManagerFactory.class */
    private static final class SniX509KeyManagerFactory extends KeyManagerFactory {
        SniX509KeyManagerFactory(final SNIServerName sNIServerName, final KeyManagerFactory keyManagerFactory) {
            super(new KeyManagerFactorySpi() { // from class: io.netty.handler.ssl.SniClientJava8TestUtil.SniX509KeyManagerFactory.1
                @Override // javax.net.ssl.KeyManagerFactorySpi
                protected void engineInit(KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
                    keyManagerFactory.init(keyStore, cArr);
                }

                @Override // javax.net.ssl.KeyManagerFactorySpi
                protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
                    keyManagerFactory.init(managerFactoryParameters);
                }

                @Override // javax.net.ssl.KeyManagerFactorySpi
                protected KeyManager[] engineGetKeyManagers() {
                    ArrayList arrayList = new ArrayList();
                    for (final KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
                        if (keyManager instanceof X509ExtendedKeyManager) {
                            arrayList.add(new X509ExtendedKeyManager() { // from class: io.netty.handler.ssl.SniClientJava8TestUtil.SniX509KeyManagerFactory.1.1
                                @Override // javax.net.ssl.X509KeyManager
                                public String[] getClientAliases(String str, Principal[] principalArr) {
                                    return ((X509ExtendedKeyManager) keyManager).getClientAliases(str, principalArr);
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                                    return ((X509ExtendedKeyManager) keyManager).chooseClientAlias(strArr, principalArr, socket);
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String[] getServerAliases(String str, Principal[] principalArr) {
                                    return ((X509ExtendedKeyManager) keyManager).getServerAliases(str, principalArr);
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
                                    return ((X509ExtendedKeyManager) keyManager).chooseServerAlias(str, principalArr, socket);
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public X509Certificate[] getCertificateChain(String str) {
                                    return ((X509ExtendedKeyManager) keyManager).getCertificateChain(str);
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public PrivateKey getPrivateKey(String str) {
                                    return ((X509ExtendedKeyManager) keyManager).getPrivateKey(str);
                                }

                                @Override // javax.net.ssl.X509ExtendedKeyManager
                                public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
                                    return ((X509ExtendedKeyManager) keyManager).chooseEngineClientAlias(strArr, principalArr, sSLEngine);
                                }

                                @Override // javax.net.ssl.X509ExtendedKeyManager
                                public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
                                    SniClientJava8TestUtil.assertSSLSession(sSLEngine.getUseClientMode(), sSLEngine.getHandshakeSession(), sNIServerName);
                                    return ((X509ExtendedKeyManager) keyManager).chooseEngineServerAlias(str, principalArr, sSLEngine);
                                }
                            });
                        } else {
                            arrayList.add(keyManager);
                        }
                    }
                    return (KeyManager[]) arrayList.toArray(new KeyManager[0]);
                }
            }, keyManagerFactory.getProvider(), keyManagerFactory.getAlgorithm());
        }
    }

    /* loaded from: input_file:io/netty/handler/ssl/SniClientJava8TestUtil$SniX509TrustmanagerFactory.class */
    private static final class SniX509TrustmanagerFactory extends SimpleTrustManagerFactory {
        private final SNIServerName name;

        SniX509TrustmanagerFactory(SNIServerName sNIServerName) {
            this.name = sNIServerName;
        }

        protected void engineInit(KeyStore keyStore) throws Exception {
        }

        protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws Exception {
        }

        protected TrustManager[] engineGetTrustManagers() {
            return new TrustManager[]{new X509ExtendedTrustManager() { // from class: io.netty.handler.ssl.SniClientJava8TestUtil.SniX509TrustmanagerFactory.1
                @Override // javax.net.ssl.X509ExtendedTrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
                    Assert.fail();
                }

                @Override // javax.net.ssl.X509ExtendedTrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
                    Assert.fail();
                }

                @Override // javax.net.ssl.X509ExtendedTrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                    Assert.fail();
                }

                @Override // javax.net.ssl.X509ExtendedTrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                    SniClientJava8TestUtil.assertSSLSession(sSLEngine.getUseClientMode(), sSLEngine.getHandshakeSession(), SniX509TrustmanagerFactory.this.name);
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    Assert.fail();
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    Assert.fail();
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return EmptyArrays.EMPTY_X509_CERTIFICATES;
                }
            }};
        }
    }

    private SniClientJava8TestUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void testSniClient(SslProvider sslProvider, SslProvider sslProvider2, final boolean z) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        LocalAddress localAddress = new LocalAddress("test");
        DefaultEventLoopGroup defaultEventLoopGroup = new DefaultEventLoopGroup(1);
        final SslContext sslContext = null;
        SslContext sslContext2 = null;
        Channel channel = null;
        Channel channel2 = null;
        try {
            sslContext = SslContextBuilder.forServer(selfSignedCertificate.key(), new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslProvider2).build();
            final Promise newPromise = defaultEventLoopGroup.next().newPromise();
            channel = new ServerBootstrap().group(defaultEventLoopGroup).channel(LocalServerChannel.class).childHandler(new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.SniClientJava8TestUtil.1
                protected void initChannel(Channel channel3) throws Exception {
                    ChannelHandler newHandler = sslContext.newHandler(channel3.alloc());
                    SSLParameters sSLParameters = newHandler.engine().getSSLParameters();
                    sSLParameters.setSNIMatchers(Collections.singleton(new SNIMatcher(0) { // from class: io.netty.handler.ssl.SniClientJava8TestUtil.1.1
                        @Override // javax.net.ssl.SNIMatcher
                        public boolean matches(SNIServerName sNIServerName) {
                            return z;
                        }
                    }));
                    newHandler.engine().setSSLParameters(sSLParameters);
                    channel3.pipeline().addFirst(new ChannelHandler[]{newHandler});
                    channel3.pipeline().addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.SniClientJava8TestUtil.1.2
                        public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                            if (obj instanceof SslHandshakeCompletionEvent) {
                                SslHandshakeCompletionEvent sslHandshakeCompletionEvent = (SslHandshakeCompletionEvent) obj;
                                if (z) {
                                    if (sslHandshakeCompletionEvent.isSuccess()) {
                                        newPromise.setSuccess((Object) null);
                                        return;
                                    } else {
                                        newPromise.setFailure(sslHandshakeCompletionEvent.cause());
                                        return;
                                    }
                                }
                                if (sslHandshakeCompletionEvent.isSuccess()) {
                                    newPromise.setFailure(new AssertionError("expected SSLException"));
                                    return;
                                }
                                Throwable cause = sslHandshakeCompletionEvent.cause();
                                if (cause instanceof SSLException) {
                                    newPromise.setSuccess((Object) null);
                                } else {
                                    newPromise.setFailure(new AssertionError("cause not of type SSLException: " + ThrowableUtil.stackTraceToString(cause)));
                                }
                            }
                        }
                    }});
                }
            }).bind(localAddress).syncUninterruptibly().channel();
            sslContext2 = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslProvider).build();
            SslHandler sslHandler = new SslHandler(sslContext2.newEngine(ByteBufAllocator.DEFAULT, "sni.netty.io", -1));
            channel2 = new Bootstrap().group(defaultEventLoopGroup).channel(LocalChannel.class).handler(sslHandler).connect(localAddress).syncUninterruptibly().channel();
            newPromise.syncUninterruptibly();
            sslHandler.handshakeFuture().syncUninterruptibly();
            if (channel2 != null) {
                channel2.close().syncUninterruptibly();
            }
            if (channel != null) {
                channel.close().syncUninterruptibly();
            }
            ReferenceCountUtil.release(sslContext);
            ReferenceCountUtil.release(sslContext2);
            selfSignedCertificate.delete();
            defaultEventLoopGroup.shutdownGracefully();
        } catch (Throwable th) {
            if (channel2 != null) {
                channel2.close().syncUninterruptibly();
            }
            if (channel != null) {
                channel.close().syncUninterruptibly();
            }
            ReferenceCountUtil.release(sslContext);
            ReferenceCountUtil.release(sslContext2);
            selfSignedCertificate.delete();
            defaultEventLoopGroup.shutdownGracefully();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void assertSSLSession(boolean z, SSLSession sSLSession, String str) {
        assertSSLSession(z, sSLSession, new SNIHostName(str));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void assertSSLSession(boolean z, SSLSession sSLSession, SNIServerName sNIServerName) {
        Assert.assertNotNull(sSLSession);
        if (sSLSession instanceof ExtendedSSLSession) {
            ExtendedSSLSession extendedSSLSession = (ExtendedSSLSession) sSLSession;
            List<SNIServerName> requestedServerNames = extendedSSLSession.getRequestedServerNames();
            Assert.assertEquals(1L, requestedServerNames.size());
            Assert.assertEquals(sNIServerName, requestedServerNames.get(0));
            Assert.assertTrue(extendedSSLSession.getLocalSupportedSignatureAlgorithms().length > 0);
            if (z) {
                Assert.assertEquals(0L, extendedSSLSession.getPeerSupportedSignatureAlgorithms().length);
            } else {
                Assert.assertTrue(extendedSSLSession.getPeerSupportedSignatureAlgorithms().length >= 0);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TrustManagerFactory newSniX509TrustmanagerFactory(String str) {
        return new SniX509TrustmanagerFactory(new SNIHostName(str));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyManagerFactory newSniX509KeyManagerFactory(SelfSignedCertificate selfSignedCertificate, String str) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, IOException, CertificateException {
        return new SniX509KeyManagerFactory(new SNIHostName(str), SslContext.buildKeyManagerFactory(new X509Certificate[]{selfSignedCertificate.cert()}, selfSignedCertificate.key(), (String) null, (KeyManagerFactory) null, (String) null));
    }
}
