package io.netty.handler.ssl.ocsp;

import io.netty.bootstrap.Bootstrap;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.Unpooled;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.DefaultEventLoopGroup;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.local.LocalAddress;
import io.netty.channel.local.LocalChannel;
import io.netty.channel.local.LocalServerChannel;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.ReferenceCountedOpenSslEngine;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.util.CharsetUtil;
import io.netty.util.ReferenceCountUtil;
import java.net.SocketAddress;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLHandshakeException;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:io/netty/handler/ssl/ocsp/OcspTest.class */
public class OcspTest {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/netty/handler/ssl/ocsp/OcspTest$OcspClientCallback.class */
    public interface OcspClientCallback {
        boolean verify(byte[] bArr) throws Exception;
    }

    /* loaded from: input_file:io/netty/handler/ssl/ocsp/OcspTest$OcspClientCallbackHandler.class */
    private static final class OcspClientCallbackHandler extends OcspClientHandler {
        private final OcspClientCallback callback;

        OcspClientCallbackHandler(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, OcspClientCallback ocspClientCallback) {
            super(referenceCountedOpenSslEngine);
            this.callback = ocspClientCallback;
        }

        protected boolean verify(ChannelHandlerContext channelHandlerContext, ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) throws Exception {
            return this.callback.verify(referenceCountedOpenSslEngine.getOcspResponse());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/netty/handler/ssl/ocsp/OcspTest$OcspTestException.class */
    public static final class OcspTestException extends IllegalStateException {
        private static final long serialVersionUID = 4516426833250228159L;

        OcspTestException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/netty/handler/ssl/ocsp/OcspTest$TestClientOcspContext.class */
    public static final class TestClientOcspContext implements OcspClientCallback {
        private final CountDownLatch latch = new CountDownLatch(1);
        private final boolean valid;
        private volatile byte[] response;

        TestClientOcspContext(boolean z) {
            this.valid = z;
        }

        public byte[] response() throws InterruptedException, TimeoutException {
            Assert.assertTrue(this.latch.await(10L, TimeUnit.SECONDS));
            return this.response;
        }

        @Override // io.netty.handler.ssl.ocsp.OcspTest.OcspClientCallback
        public boolean verify(byte[] bArr) throws Exception {
            this.response = bArr;
            this.latch.countDown();
            return this.valid;
        }
    }

    @BeforeClass
    public static void checkOcspSupported() {
        Assume.assumeTrue(OpenSsl.isOcspSupported());
    }

    @Test(expected = IllegalArgumentException.class)
    public void testJdkClientEnableOcsp() throws Exception {
        SslContextBuilder.forClient().sslProvider(SslProvider.JDK).enableOcsp(true).build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void testJdkServerEnableOcsp() throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        try {
            SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(SslProvider.JDK).enableOcsp(true).build();
        } finally {
            selfSignedCertificate.delete();
        }
    }

    @Test(expected = IllegalStateException.class)
    public void testClientOcspNotEnabledOpenSsl() throws Exception {
        testClientOcspNotEnabled(SslProvider.OPENSSL);
    }

    @Test(expected = IllegalStateException.class)
    public void testClientOcspNotEnabledOpenSslRefCnt() throws Exception {
        testClientOcspNotEnabled(SslProvider.OPENSSL_REFCNT);
    }

    private static void testClientOcspNotEnabled(SslProvider sslProvider) throws Exception {
        SslContext build = SslContextBuilder.forClient().sslProvider(sslProvider).build();
        try {
            ReferenceCountedOpenSslEngine engine = build.newHandler(ByteBufAllocator.DEFAULT).engine();
            try {
                engine.getOcspResponse();
                engine.release();
            } catch (Throwable th) {
                engine.release();
                throw th;
            }
        } finally {
            ReferenceCountUtil.release(build);
        }
    }

    @Test(expected = IllegalStateException.class)
    public void testServerOcspNotEnabledOpenSsl() throws Exception {
        testServerOcspNotEnabled(SslProvider.OPENSSL);
    }

    @Test(expected = IllegalStateException.class)
    public void testServerOcspNotEnabledOpenSslRefCnt() throws Exception {
        testServerOcspNotEnabled(SslProvider.OPENSSL_REFCNT);
    }

    /* JADX WARN: Finally extract failed */
    private static void testServerOcspNotEnabled(SslProvider sslProvider) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        try {
            SslContext build = SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslProvider).build();
            try {
                ReferenceCountedOpenSslEngine engine = build.newHandler(ByteBufAllocator.DEFAULT).engine();
                try {
                    engine.setOcspResponse(new byte[]{1, 2, 3});
                    engine.release();
                    ReferenceCountUtil.release(build);
                } catch (Throwable th) {
                    engine.release();
                    throw th;
                }
            } catch (Throwable th2) {
                ReferenceCountUtil.release(build);
                throw th2;
            }
        } finally {
            selfSignedCertificate.delete();
        }
    }

    @Test(timeout = 10000)
    public void testClientAcceptingOcspStapleOpenSsl() throws Exception {
        testClientAcceptingOcspStaple(SslProvider.OPENSSL);
    }

    @Test(timeout = 10000)
    public void testClientAcceptingOcspStapleOpenSslRefCnt() throws Exception {
        testClientAcceptingOcspStaple(SslProvider.OPENSSL_REFCNT);
    }

    private static void testClientAcceptingOcspStaple(SslProvider sslProvider) throws Exception {
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        ChannelInboundHandlerAdapter channelInboundHandlerAdapter = new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.ocsp.OcspTest.1
            public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
                channelHandlerContext.writeAndFlush(Unpooled.wrappedBuffer("Hello, World!".getBytes()));
                channelHandlerContext.fireChannelActive();
            }
        };
        ChannelInboundHandlerAdapter channelInboundHandlerAdapter2 = new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.ocsp.OcspTest.2
            public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                try {
                    ReferenceCountUtil.release(obj);
                } finally {
                    countDownLatch.countDown();
                }
            }
        };
        byte[] newOcspResponse = newOcspResponse();
        TestClientOcspContext testClientOcspContext = new TestClientOcspContext(true);
        handshake(sslProvider, countDownLatch, channelInboundHandlerAdapter, newOcspResponse, channelInboundHandlerAdapter2, testClientOcspContext);
        byte[] response = testClientOcspContext.response();
        Assert.assertNotNull(response);
        Assert.assertNotSame(newOcspResponse, response);
        Assert.assertArrayEquals(newOcspResponse, response);
    }

    @Test(timeout = 10000)
    public void testClientRejectingOcspStapleOpenSsl() throws Exception {
        testClientRejectingOcspStaple(SslProvider.OPENSSL);
    }

    @Test(timeout = 10000)
    public void testClientRejectingOcspStapleOpenSslRefCnt() throws Exception {
        testClientRejectingOcspStaple(SslProvider.OPENSSL_REFCNT);
    }

    private static void testClientRejectingOcspStaple(SslProvider sslProvider) throws Exception {
        final AtomicReference atomicReference = new AtomicReference();
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        ChannelInboundHandlerAdapter channelInboundHandlerAdapter = new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.ocsp.OcspTest.3
            public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                try {
                    atomicReference.set(th);
                } finally {
                    countDownLatch.countDown();
                }
            }
        };
        byte[] newOcspResponse = newOcspResponse();
        TestClientOcspContext testClientOcspContext = new TestClientOcspContext(false);
        handshake(sslProvider, countDownLatch, null, newOcspResponse, channelInboundHandlerAdapter, testClientOcspContext);
        byte[] response = testClientOcspContext.response();
        Assert.assertNotNull(response);
        Assert.assertNotSame(newOcspResponse, response);
        Assert.assertArrayEquals(newOcspResponse, response);
        Throwable th = (Throwable) atomicReference.get();
        Assert.assertTrue("" + th, th instanceof SSLHandshakeException);
    }

    @Test(timeout = 10000)
    public void testServerHasNoStapleOpenSsl() throws Exception {
        testServerHasNoStaple(SslProvider.OPENSSL);
    }

    @Test(timeout = 10000)
    public void testServerHasNoStapleOpenSslRefCnt() throws Exception {
        testServerHasNoStaple(SslProvider.OPENSSL_REFCNT);
    }

    private static void testServerHasNoStaple(SslProvider sslProvider) throws Exception {
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        ChannelInboundHandlerAdapter channelInboundHandlerAdapter = new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.ocsp.OcspTest.4
            public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
                channelHandlerContext.writeAndFlush(Unpooled.wrappedBuffer("Hello, World!".getBytes()));
                channelHandlerContext.fireChannelActive();
            }
        };
        ChannelInboundHandlerAdapter channelInboundHandlerAdapter2 = new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.ocsp.OcspTest.5
            public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                try {
                    ReferenceCountUtil.release(obj);
                } finally {
                    countDownLatch.countDown();
                }
            }
        };
        TestClientOcspContext testClientOcspContext = new TestClientOcspContext(true);
        handshake(sslProvider, countDownLatch, channelInboundHandlerAdapter, null, channelInboundHandlerAdapter2, testClientOcspContext);
        byte[] response = testClientOcspContext.response();
        Assert.assertNull((Object) null);
        Assert.assertNull(response);
    }

    @Test(timeout = 10000)
    public void testClientExceptionOpenSsl() throws Exception {
        testClientException(SslProvider.OPENSSL);
    }

    @Test(timeout = 10000)
    public void testClientExceptionOpenSslRefCnt() throws Exception {
        testClientException(SslProvider.OPENSSL_REFCNT);
    }

    private static void testClientException(SslProvider sslProvider) throws Exception {
        final AtomicReference atomicReference = new AtomicReference();
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        ChannelInboundHandlerAdapter channelInboundHandlerAdapter = new ChannelInboundHandlerAdapter() { // from class: io.netty.handler.ssl.ocsp.OcspTest.6
            public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                try {
                    atomicReference.set(th);
                } finally {
                    countDownLatch.countDown();
                }
            }
        };
        final OcspTestException ocspTestException = new OcspTestException("testClientException");
        handshake(sslProvider, countDownLatch, null, newOcspResponse(), channelInboundHandlerAdapter, new OcspClientCallback() { // from class: io.netty.handler.ssl.ocsp.OcspTest.7
            @Override // io.netty.handler.ssl.ocsp.OcspTest.OcspClientCallback
            public boolean verify(byte[] bArr) throws Exception {
                throw OcspTestException.this;
            }
        });
        Assert.assertSame(ocspTestException, atomicReference.get());
    }

    /* JADX WARN: Finally extract failed */
    private static void handshake(SslProvider sslProvider, CountDownLatch countDownLatch, ChannelHandler channelHandler, byte[] bArr, ChannelHandler channelHandler2, OcspClientCallback ocspClientCallback) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        try {
            SslContext build = SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslProvider).enableOcsp(true).build();
            try {
                build = SslContextBuilder.forClient().sslProvider(sslProvider).enableOcsp(true).trustManager(InsecureTrustManagerFactory.INSTANCE).build();
                try {
                    DefaultEventLoopGroup defaultEventLoopGroup = new DefaultEventLoopGroup();
                    try {
                        LocalAddress localAddress = new LocalAddress("handshake-" + Math.random());
                        Channel newServer = newServer(defaultEventLoopGroup, localAddress, build, bArr, channelHandler);
                        Channel newClient = newClient(defaultEventLoopGroup, localAddress, build, ocspClientCallback, channelHandler2);
                        try {
                            Assert.assertTrue("Something went wrong.", countDownLatch.await(10L, TimeUnit.SECONDS));
                            newClient.close().syncUninterruptibly();
                            newServer.close().syncUninterruptibly();
                            defaultEventLoopGroup.shutdownGracefully(1L, 1L, TimeUnit.SECONDS);
                            ReferenceCountUtil.release(build);
                            ReferenceCountUtil.release(build);
                        } catch (Throwable th) {
                            newClient.close().syncUninterruptibly();
                            newServer.close().syncUninterruptibly();
                            throw th;
                        }
                    } catch (Throwable th2) {
                        defaultEventLoopGroup.shutdownGracefully(1L, 1L, TimeUnit.SECONDS);
                        throw th2;
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            selfSignedCertificate.delete();
        }
    }

    private static Channel newServer(EventLoopGroup eventLoopGroup, SocketAddress socketAddress, SslContext sslContext, byte[] bArr, ChannelHandler channelHandler) {
        return new ServerBootstrap().channel(LocalServerChannel.class).group(eventLoopGroup).childHandler(newServerHandler(sslContext, bArr, channelHandler)).bind(socketAddress).syncUninterruptibly().channel();
    }

    private static Channel newClient(EventLoopGroup eventLoopGroup, SocketAddress socketAddress, SslContext sslContext, OcspClientCallback ocspClientCallback, ChannelHandler channelHandler) {
        return new Bootstrap().channel(LocalChannel.class).group(eventLoopGroup).handler(newClientHandler(sslContext, ocspClientCallback, channelHandler)).connect(socketAddress).syncUninterruptibly().channel();
    }

    private static ChannelHandler newServerHandler(final SslContext sslContext, final byte[] bArr, final ChannelHandler channelHandler) {
        return new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.ocsp.OcspTest.8
            protected void initChannel(Channel channel) throws Exception {
                ChannelPipeline pipeline = channel.pipeline();
                ChannelHandler newHandler = sslContext.newHandler(channel.alloc());
                if (bArr != null) {
                    newHandler.engine().setOcspResponse(bArr);
                }
                pipeline.addLast(new ChannelHandler[]{newHandler});
                if (channelHandler != null) {
                    pipeline.addLast(new ChannelHandler[]{channelHandler});
                }
            }
        };
    }

    private static ChannelHandler newClientHandler(final SslContext sslContext, final OcspClientCallback ocspClientCallback, final ChannelHandler channelHandler) {
        return new ChannelInitializer<Channel>() { // from class: io.netty.handler.ssl.ocsp.OcspTest.9
            protected void initChannel(Channel channel) throws Exception {
                ChannelPipeline pipeline = channel.pipeline();
                ChannelHandler newHandler = sslContext.newHandler(channel.alloc());
                ReferenceCountedOpenSslEngine engine = newHandler.engine();
                pipeline.addLast(new ChannelHandler[]{newHandler});
                pipeline.addLast(new ChannelHandler[]{new OcspClientCallbackHandler(engine, ocspClientCallback)});
                if (channelHandler != null) {
                    pipeline.addLast(new ChannelHandler[]{channelHandler});
                }
            }
        };
    }

    private static byte[] newOcspResponse() {
        return "I am a bogus OCSP staple. OpenSSL does not care about the format of the byte[]!".getBytes(CharsetUtil.US_ASCII);
    }
}
