package io.netty5.handler.ssl;

import io.netty5.bootstrap.Bootstrap;
import io.netty5.bootstrap.ServerBootstrap;
import io.netty5.channel.Channel;
import io.netty5.channel.ChannelHandler;
import io.netty5.channel.ChannelHandlerContext;
import io.netty5.channel.ChannelInitializer;
import io.netty5.channel.MultithreadEventLoopGroup;
import io.netty5.channel.nio.NioHandler;
import io.netty5.channel.socket.nio.NioServerSocketChannel;
import io.netty5.channel.socket.nio.NioSocketChannel;
import io.netty5.handler.logging.LogLevel;
import io.netty5.handler.logging.LoggingHandler;
import io.netty5.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty5.handler.ssl.util.SelfSignedCertificate;
import io.netty5.handler.ssl.util.SimpleTrustManagerFactory;
import io.netty5.util.concurrent.Promise;
import io.netty5.util.internal.EmptyArrays;
import io.netty5.util.internal.SilentDispose;
import java.io.File;
import java.security.KeyStore;
import java.security.cert.CRLReason;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Locale;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import org.junit.jupiter.api.Timeout;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;

/* loaded from: input_file:io/netty5/handler/ssl/SslErrorTest.class */
public class SslErrorTest {

    /* loaded from: input_file:io/netty5/handler/ssl/SslErrorTest$AlertValidationHandler.class */
    private static final class AlertValidationHandler implements ChannelHandler {
        private final SslProvider clientProvider;
        private final boolean serverProduceError;
        private final CertificateException exception;
        private final Promise<Void> promise;

        AlertValidationHandler(SslProvider sslProvider, boolean z, CertificateException certificateException, Promise<Void> promise) {
            this.clientProvider = sslProvider;
            this.serverProduceError = z;
            this.exception = certificateException;
            this.promise = promise;
        }

        public void channelExceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) {
            Throwable cause = th.getCause();
            if (cause instanceof SSLException) {
                if (!(this.exception instanceof TestCertificateException)) {
                    if (this.exception instanceof CertificateExpiredException) {
                        SslErrorTest.verifyException(this.clientProvider, this.serverProduceError, cause, this.promise, "expired");
                        return;
                    } else if (this.exception instanceof CertificateNotYetValidException) {
                        SslErrorTest.verifyException(this.clientProvider, this.serverProduceError, cause, this.promise, "expired", "bad");
                        return;
                    } else {
                        if (this.exception instanceof CertificateRevokedException) {
                            SslErrorTest.verifyException(this.clientProvider, this.serverProduceError, cause, this.promise, "revoked");
                            return;
                        }
                        return;
                    }
                }
                CertPathValidatorException.Reason reason = ((CertPathValidatorException) this.exception.getCause()).getReason();
                if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
                    SslErrorTest.verifyException(this.clientProvider, this.serverProduceError, cause, this.promise, "expired");
                } else if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
                    SslErrorTest.verifyException(this.clientProvider, this.serverProduceError, cause, this.promise, "expired", "bad");
                } else if (reason == CertPathValidatorException.BasicReason.REVOKED) {
                    SslErrorTest.verifyException(this.clientProvider, this.serverProduceError, cause, this.promise, "revoked");
                }
            }
        }
    }

    /* loaded from: input_file:io/netty5/handler/ssl/SslErrorTest$ExceptionTrustManagerFactory.class */
    private static final class ExceptionTrustManagerFactory extends SimpleTrustManagerFactory {
        private final CertificateException exception;

        ExceptionTrustManagerFactory(CertificateException certificateException) {
            this.exception = certificateException;
        }

        protected void engineInit(KeyStore keyStore) {
        }

        protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
        }

        protected TrustManager[] engineGetTrustManagers() {
            return new TrustManager[]{new X509TrustManager() { // from class: io.netty5.handler.ssl.SslErrorTest.ExceptionTrustManagerFactory.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    throw ExceptionTrustManagerFactory.this.exception;
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    throw ExceptionTrustManagerFactory.this.exception;
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return EmptyArrays.EMPTY_X509_CERTIFICATES;
                }
            }};
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/netty5/handler/ssl/SslErrorTest$TestCertificateException.class */
    public static final class TestCertificateException extends CertificateException {
        private static final long serialVersionUID = -5816338303868751410L;

        TestCertificateException(Throwable th) {
            super(th);
        }
    }

    static Collection<Object[]> data() {
        ArrayList<SslProvider> arrayList = new ArrayList(2);
        ArrayList<SslProvider> arrayList2 = new ArrayList(3);
        if (OpenSsl.isAvailable()) {
            arrayList.add(SslProvider.OPENSSL);
            arrayList.add(SslProvider.OPENSSL_REFCNT);
            arrayList2.add(SslProvider.OPENSSL);
            arrayList2.add(SslProvider.OPENSSL_REFCNT);
        }
        arrayList2.add(SslProvider.JDK);
        ArrayList<CertificateException> arrayList3 = new ArrayList(6);
        arrayList3.add(new CertificateExpiredException());
        arrayList3.add(new CertificateNotYetValidException());
        arrayList3.add(new CertificateRevokedException(new Date(), CRLReason.AA_COMPROMISE, new X500Principal(""), Collections.emptyMap()));
        arrayList3.add(newCertificateException(CertPathValidatorException.BasicReason.EXPIRED));
        arrayList3.add(newCertificateException(CertPathValidatorException.BasicReason.NOT_YET_VALID));
        arrayList3.add(newCertificateException(CertPathValidatorException.BasicReason.REVOKED));
        ArrayList arrayList4 = new ArrayList();
        for (SslProvider sslProvider : arrayList) {
            for (SslProvider sslProvider2 : arrayList2) {
                for (CertificateException certificateException : arrayList3) {
                    arrayList4.add(new Object[]{sslProvider, sslProvider2, certificateException, true});
                    arrayList4.add(new Object[]{sslProvider, sslProvider2, certificateException, false});
                }
            }
        }
        return arrayList4;
    }

    private static CertificateException newCertificateException(CertPathValidatorException.Reason reason) {
        return new TestCertificateException(new CertPathValidatorException("x", null, null, -1, reason));
    }

    @MethodSource({"data"})
    @Timeout(value = 30000, unit = TimeUnit.MILLISECONDS)
    @ParameterizedTest(name = "{index}: serverProvider = {0}, clientProvider = {1}, exception = {2}, serverProduceError = {3}")
    public void testCorrectAlert(SslProvider sslProvider, final SslProvider sslProvider2, final CertificateException certificateException, final boolean z) throws Exception {
        OpenSsl.ensureAvailability();
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        SslContextBuilder clientAuth = SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslProvider).clientAuth(ClientAuth.REQUIRE);
        SslContextBuilder sslProvider3 = SslContextBuilder.forClient().keyManager(new File(getClass().getResource("test.crt").getFile()), new File(getClass().getResource("test_unencrypted.pem").getFile())).sslProvider(sslProvider2);
        if (z) {
            clientAuth.trustManager(new ExceptionTrustManagerFactory(certificateException));
            sslProvider3.trustManager(InsecureTrustManagerFactory.INSTANCE);
        } else {
            clientAuth.trustManager(InsecureTrustManagerFactory.INSTANCE);
            sslProvider3.trustManager(new ExceptionTrustManagerFactory(certificateException));
        }
        final SslContext build = clientAuth.build();
        final SslContext build2 = sslProvider3.build();
        Channel channel = null;
        Channel channel2 = null;
        MultithreadEventLoopGroup multithreadEventLoopGroup = new MultithreadEventLoopGroup(NioHandler.newFactory());
        final Promise newPromise = multithreadEventLoopGroup.next().newPromise();
        try {
            AutoCloseable autoClosing = SilentDispose.autoClosing(build);
            try {
                AutoCloseable autoClosing2 = SilentDispose.autoClosing(build2);
                try {
                    Channel channel3 = (Channel) new ServerBootstrap().group(multithreadEventLoopGroup).channel(NioServerSocketChannel.class).handler(new LoggingHandler(LogLevel.INFO)).childHandler(new ChannelInitializer<Channel>() { // from class: io.netty5.handler.ssl.SslErrorTest.1
                        protected void initChannel(Channel channel4) {
                            channel4.pipeline().addLast(new ChannelHandler[]{build.newHandler(channel4.bufferAllocator())});
                            if (!z) {
                                channel4.pipeline().addLast(new ChannelHandler[]{new AlertValidationHandler(sslProvider2, z, certificateException, newPromise)});
                            }
                            channel4.pipeline().addLast(new ChannelHandler[]{new ChannelHandler() { // from class: io.netty5.handler.ssl.SslErrorTest.1.1
                                public void channelExceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) {
                                    channelHandlerContext.close();
                                }
                            }});
                        }
                    }).bind(0).asStage().get();
                    Channel channel4 = (Channel) new Bootstrap().group(multithreadEventLoopGroup).channel(NioSocketChannel.class).handler(new ChannelInitializer<Channel>() { // from class: io.netty5.handler.ssl.SslErrorTest.2
                        protected void initChannel(Channel channel5) {
                            channel5.pipeline().addLast(new ChannelHandler[]{build2.newHandler(channel5.bufferAllocator())});
                            if (z) {
                                channel5.pipeline().addLast(new ChannelHandler[]{new AlertValidationHandler(sslProvider2, z, certificateException, newPromise)});
                            }
                            channel5.pipeline().addLast(new ChannelHandler[]{new ChannelHandler() { // from class: io.netty5.handler.ssl.SslErrorTest.2.1
                                public void channelExceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) {
                                    channelHandlerContext.close();
                                }
                            }});
                        }
                    }).connect(channel3.localAddress()).asStage().get();
                    newPromise.asFuture().asStage().sync();
                    if (autoClosing2 != null) {
                        autoClosing2.close();
                    }
                    if (autoClosing != null) {
                        autoClosing.close();
                    }
                    if (channel4 != null) {
                        channel4.close().asStage().sync();
                    }
                    if (channel3 != null) {
                        channel3.close().asStage().sync();
                    }
                    multithreadEventLoopGroup.shutdownGracefully();
                } catch (Throwable th) {
                    if (autoClosing2 != null) {
                        try {
                            autoClosing2.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (0 != 0) {
                channel2.close().asStage().sync();
            }
            if (0 != 0) {
                channel.close().asStage().sync();
            }
            multithreadEventLoopGroup.shutdownGracefully();
            throw th3;
        }
    }

    private static void verifyException(SslProvider sslProvider, boolean z, Throwable th, Promise<Void> promise, String... strArr) {
        String message = th.getMessage();
        if (!z && sslProvider == SslProvider.JDK && message.toLowerCase(Locale.UK).contains("unknown")) {
            promise.setSuccess((Object) null);
            return;
        }
        for (String str : strArr) {
            if (message.toLowerCase(Locale.UK).contains(str.toLowerCase(Locale.UK))) {
                promise.setSuccess((Object) null);
                return;
            }
        }
        promise.setFailure(new AssertionError("message not contains any of '" + Arrays.toString(strArr) + "': " + message, th));
    }
}
