package io.netty5.handler.ssl.ocsp;

import io.netty5.bootstrap.Bootstrap;
import io.netty5.bootstrap.ServerBootstrap;
import io.netty5.buffer.DefaultBufferAllocators;
import io.netty5.channel.Channel;
import io.netty5.channel.ChannelHandler;
import io.netty5.channel.ChannelHandlerContext;
import io.netty5.channel.ChannelInitializer;
import io.netty5.channel.ChannelPipeline;
import io.netty5.channel.EventLoopGroup;
import io.netty5.channel.MultithreadEventLoopGroup;
import io.netty5.channel.local.LocalAddress;
import io.netty5.channel.local.LocalChannel;
import io.netty5.channel.local.LocalHandler;
import io.netty5.channel.local.LocalServerChannel;
import io.netty5.handler.ssl.OpenSsl;
import io.netty5.handler.ssl.ReferenceCountedOpenSslEngine;
import io.netty5.handler.ssl.SslContext;
import io.netty5.handler.ssl.SslContextBuilder;
import io.netty5.handler.ssl.SslProvider;
import io.netty5.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty5.handler.ssl.util.SelfSignedCertificate;
import io.netty5.util.Resource;
import io.netty5.util.internal.SilentDispose;
import java.net.SocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLHandshakeException;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.Timeout;
import org.junit.jupiter.api.function.Executable;

/* loaded from: input_file:io/netty5/handler/ssl/ocsp/OcspTest.class */
public class OcspTest {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/netty5/handler/ssl/ocsp/OcspTest$OcspClientCallback.class */
    public interface OcspClientCallback {
        boolean verify(byte[] bArr) throws Exception;
    }

    /* loaded from: input_file:io/netty5/handler/ssl/ocsp/OcspTest$OcspClientCallbackHandler.class */
    private static final class OcspClientCallbackHandler extends OcspClientHandler {
        private final OcspClientCallback callback;

        OcspClientCallbackHandler(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, OcspClientCallback ocspClientCallback) {
            super(referenceCountedOpenSslEngine);
            this.callback = ocspClientCallback;
        }

        protected boolean verify(ChannelHandlerContext channelHandlerContext, ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine) throws Exception {
            return this.callback.verify(referenceCountedOpenSslEngine.getOcspResponse());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/netty5/handler/ssl/ocsp/OcspTest$OcspTestException.class */
    public static final class OcspTestException extends IllegalStateException {
        private static final long serialVersionUID = 4516426833250228159L;

        OcspTestException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/netty5/handler/ssl/ocsp/OcspTest$TestClientOcspContext.class */
    public static final class TestClientOcspContext implements OcspClientCallback {
        private final CountDownLatch latch = new CountDownLatch(1);
        private final boolean valid;
        private volatile byte[] response;

        TestClientOcspContext(boolean z) {
            this.valid = z;
        }

        public byte[] response() throws InterruptedException, TimeoutException {
            Assertions.assertTrue(this.latch.await(10L, TimeUnit.SECONDS));
            return this.response;
        }

        @Override // io.netty5.handler.ssl.ocsp.OcspTest.OcspClientCallback
        public boolean verify(byte[] bArr) throws Exception {
            this.response = bArr;
            this.latch.countDown();
            return this.valid;
        }
    }

    @BeforeAll
    public static void checkOcspSupported() {
        Assumptions.assumeTrue(OpenSsl.isOcspSupported());
    }

    @Test
    public void testJdkClientEnableOcsp() throws Exception {
        Assertions.assertThrows(IllegalArgumentException.class, new Executable() { // from class: io.netty5.handler.ssl.ocsp.OcspTest.1
            public void execute() throws Throwable {
                SslContextBuilder.forClient().sslProvider(SslProvider.JDK).enableOcsp(true).build();
            }
        });
    }

    @Test
    public void testJdkServerEnableOcsp() throws Exception {
        final SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        try {
            Assertions.assertThrows(IllegalArgumentException.class, new Executable() { // from class: io.netty5.handler.ssl.ocsp.OcspTest.2
                public void execute() throws Throwable {
                    SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(SslProvider.JDK).enableOcsp(true).build();
                }
            });
        } finally {
            selfSignedCertificate.delete();
        }
    }

    @Test
    public void testClientOcspNotEnabledOpenSsl() throws Exception {
        testClientOcspNotEnabled(SslProvider.OPENSSL);
    }

    @Test
    public void testClientOcspNotEnabledOpenSslRefCnt() throws Exception {
        testClientOcspNotEnabled(SslProvider.OPENSSL_REFCNT);
    }

    private static void testClientOcspNotEnabled(SslProvider sslProvider) throws Exception {
        SslContext build = SslContextBuilder.forClient().sslProvider(sslProvider).build();
        AutoCloseable autoClosing = SilentDispose.autoClosing(build);
        try {
            final ReferenceCountedOpenSslEngine engine = build.newHandler(DefaultBufferAllocators.offHeapAllocator()).engine();
            AutoCloseable autoClosing2 = SilentDispose.autoClosing(engine);
            try {
                Assertions.assertThrows(IllegalStateException.class, new Executable() { // from class: io.netty5.handler.ssl.ocsp.OcspTest.3
                    public void execute() {
                        engine.getOcspResponse();
                    }
                });
                if (autoClosing2 != null) {
                    autoClosing2.close();
                }
                if (autoClosing != null) {
                    autoClosing.close();
                }
            } catch (Throwable th) {
                if (autoClosing2 != null) {
                    try {
                        autoClosing2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (autoClosing != null) {
                try {
                    autoClosing.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Test
    public void testServerOcspNotEnabledOpenSsl() throws Exception {
        testServerOcspNotEnabled(SslProvider.OPENSSL);
    }

    @Test
    public void testServerOcspNotEnabledOpenSslRefCnt() throws Exception {
        testServerOcspNotEnabled(SslProvider.OPENSSL_REFCNT);
    }

    private static void testServerOcspNotEnabled(SslProvider sslProvider) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        try {
            SslContext build = SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslProvider).build();
            AutoCloseable autoClosing = SilentDispose.autoClosing(build);
            try {
                final ReferenceCountedOpenSslEngine engine = build.newHandler(DefaultBufferAllocators.offHeapAllocator()).engine();
                AutoCloseable autoClosing2 = SilentDispose.autoClosing(engine);
                try {
                    Assertions.assertThrows(IllegalStateException.class, new Executable() { // from class: io.netty5.handler.ssl.ocsp.OcspTest.4
                        public void execute() {
                            engine.setOcspResponse(new byte[]{1, 2, 3});
                        }
                    });
                    if (autoClosing2 != null) {
                        autoClosing2.close();
                    }
                    if (autoClosing != null) {
                        autoClosing.close();
                    }
                } catch (Throwable th) {
                    if (autoClosing2 != null) {
                        try {
                            autoClosing2.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } finally {
            selfSignedCertificate.delete();
        }
    }

    @Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
    @Test
    public void testClientAcceptingOcspStapleOpenSsl() throws Exception {
        testClientAcceptingOcspStaple(SslProvider.OPENSSL);
    }

    @Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
    @Test
    public void testClientAcceptingOcspStapleOpenSslRefCnt() throws Exception {
        testClientAcceptingOcspStaple(SslProvider.OPENSSL_REFCNT);
    }

    private static void testClientAcceptingOcspStaple(SslProvider sslProvider) throws Exception {
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        ChannelHandler channelHandler = new ChannelHandler() { // from class: io.netty5.handler.ssl.ocsp.OcspTest.5
            public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
                channelHandlerContext.writeAndFlush(channelHandlerContext.bufferAllocator().copyOf("Hello, World!", StandardCharsets.UTF_8));
                channelHandlerContext.fireChannelActive();
            }
        };
        ChannelHandler channelHandler2 = new ChannelHandler() { // from class: io.netty5.handler.ssl.ocsp.OcspTest.6
            public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                try {
                    Resource.dispose(obj);
                } finally {
                    countDownLatch.countDown();
                }
            }
        };
        byte[] newOcspResponse = newOcspResponse();
        TestClientOcspContext testClientOcspContext = new TestClientOcspContext(true);
        handshake(sslProvider, countDownLatch, channelHandler, newOcspResponse, channelHandler2, testClientOcspContext);
        byte[] response = testClientOcspContext.response();
        Assertions.assertNotNull(response);
        Assertions.assertNotSame(newOcspResponse, response);
        Assertions.assertArrayEquals(newOcspResponse, response);
    }

    @Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
    @Test
    public void testClientRejectingOcspStapleOpenSsl() throws Exception {
        testClientRejectingOcspStaple(SslProvider.OPENSSL);
    }

    @Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
    @Test
    public void testClientRejectingOcspStapleOpenSslRefCnt() throws Exception {
        testClientRejectingOcspStaple(SslProvider.OPENSSL_REFCNT);
    }

    private static void testClientRejectingOcspStaple(SslProvider sslProvider) throws Exception {
        final AtomicReference atomicReference = new AtomicReference();
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        ChannelHandler channelHandler = new ChannelHandler() { // from class: io.netty5.handler.ssl.ocsp.OcspTest.7
            public void channelExceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                try {
                    atomicReference.set(th);
                } finally {
                    countDownLatch.countDown();
                }
            }
        };
        byte[] newOcspResponse = newOcspResponse();
        TestClientOcspContext testClientOcspContext = new TestClientOcspContext(false);
        handshake(sslProvider, countDownLatch, null, newOcspResponse, channelHandler, testClientOcspContext);
        byte[] response = testClientOcspContext.response();
        Assertions.assertNotNull(response);
        Assertions.assertNotSame(newOcspResponse, response);
        Assertions.assertArrayEquals(newOcspResponse, response);
        MatcherAssert.assertThat((Throwable) atomicReference.get(), CoreMatchers.instanceOf(SSLHandshakeException.class));
    }

    @Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
    @Test
    public void testServerHasNoStapleOpenSsl() throws Exception {
        testServerHasNoStaple(SslProvider.OPENSSL);
    }

    @Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
    @Test
    public void testServerHasNoStapleOpenSslRefCnt() throws Exception {
        testServerHasNoStaple(SslProvider.OPENSSL_REFCNT);
    }

    private static void testServerHasNoStaple(SslProvider sslProvider) throws Exception {
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        ChannelHandler channelHandler = new ChannelHandler() { // from class: io.netty5.handler.ssl.ocsp.OcspTest.8
            public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
                channelHandlerContext.writeAndFlush(channelHandlerContext.bufferAllocator().copyOf("Hello, World!", StandardCharsets.UTF_8));
                channelHandlerContext.fireChannelActive();
            }
        };
        ChannelHandler channelHandler2 = new ChannelHandler() { // from class: io.netty5.handler.ssl.ocsp.OcspTest.9
            public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                try {
                    Resource.dispose(obj);
                } finally {
                    countDownLatch.countDown();
                }
            }
        };
        TestClientOcspContext testClientOcspContext = new TestClientOcspContext(true);
        handshake(sslProvider, countDownLatch, channelHandler, null, channelHandler2, testClientOcspContext);
        byte[] response = testClientOcspContext.response();
        Assertions.assertNull((Object) null);
        Assertions.assertNull(response);
    }

    @Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
    @Test
    public void testClientExceptionOpenSsl() throws Exception {
        testClientException(SslProvider.OPENSSL);
    }

    @Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
    @Test
    public void testClientExceptionOpenSslRefCnt() throws Exception {
        testClientException(SslProvider.OPENSSL_REFCNT);
    }

    private static void testClientException(SslProvider sslProvider) throws Exception {
        final AtomicReference atomicReference = new AtomicReference();
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        ChannelHandler channelHandler = new ChannelHandler() { // from class: io.netty5.handler.ssl.ocsp.OcspTest.10
            public void channelExceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                try {
                    atomicReference.set(th);
                } finally {
                    countDownLatch.countDown();
                }
            }
        };
        OcspTestException ocspTestException = new OcspTestException("testClientException");
        handshake(sslProvider, countDownLatch, null, newOcspResponse(), channelHandler, bArr -> {
            throw ocspTestException;
        });
        Assertions.assertSame(ocspTestException, atomicReference.get());
    }

    /* JADX WARN: Finally extract failed */
    private static void handshake(SslProvider sslProvider, CountDownLatch countDownLatch, ChannelHandler channelHandler, byte[] bArr, ChannelHandler channelHandler2, OcspClientCallback ocspClientCallback) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        try {
            SslContext build = SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslProvider).enableOcsp(true).build();
            AutoCloseable autoClosing = SilentDispose.autoClosing(build);
            try {
                SslContext build2 = SslContextBuilder.forClient().sslProvider(sslProvider).enableOcsp(true).trustManager(InsecureTrustManagerFactory.INSTANCE).build();
                AutoCloseable autoClosing2 = SilentDispose.autoClosing(build2);
                try {
                    MultithreadEventLoopGroup multithreadEventLoopGroup = new MultithreadEventLoopGroup(LocalHandler.newFactory());
                    try {
                        LocalAddress localAddress = new LocalAddress(OcspTest.class);
                        Channel newServer = newServer(multithreadEventLoopGroup, localAddress, build, bArr, channelHandler);
                        Channel newClient = newClient(multithreadEventLoopGroup, localAddress, build2, ocspClientCallback, channelHandler2);
                        try {
                            Assertions.assertTrue(countDownLatch.await(10L, TimeUnit.SECONDS));
                            newClient.close().asStage().sync();
                            newServer.close().asStage().sync();
                            multithreadEventLoopGroup.shutdownGracefully(1L, 1L, TimeUnit.SECONDS);
                            if (autoClosing2 != null) {
                                autoClosing2.close();
                            }
                            if (autoClosing != null) {
                                autoClosing.close();
                            }
                        } catch (Throwable th) {
                            newClient.close().asStage().sync();
                            newServer.close().asStage().sync();
                            throw th;
                        }
                    } catch (Throwable th2) {
                        multithreadEventLoopGroup.shutdownGracefully(1L, 1L, TimeUnit.SECONDS);
                        throw th2;
                    }
                } catch (Throwable th3) {
                    if (autoClosing2 != null) {
                        try {
                            autoClosing2.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            } finally {
            }
        } finally {
            selfSignedCertificate.delete();
        }
    }

    private static Channel newServer(EventLoopGroup eventLoopGroup, SocketAddress socketAddress, SslContext sslContext, byte[] bArr, ChannelHandler channelHandler) throws Exception {
        return (Channel) new ServerBootstrap().channel(LocalServerChannel.class).group(eventLoopGroup).childHandler(newServerHandler(sslContext, bArr, channelHandler)).bind(socketAddress).asStage().get();
    }

    private static Channel newClient(EventLoopGroup eventLoopGroup, SocketAddress socketAddress, SslContext sslContext, OcspClientCallback ocspClientCallback, ChannelHandler channelHandler) throws Exception {
        return (Channel) new Bootstrap().channel(LocalChannel.class).group(eventLoopGroup).handler(newClientHandler(sslContext, ocspClientCallback, channelHandler)).connect(socketAddress).asStage().get();
    }

    private static ChannelHandler newServerHandler(final SslContext sslContext, final byte[] bArr, final ChannelHandler channelHandler) {
        return new ChannelInitializer<Channel>() { // from class: io.netty5.handler.ssl.ocsp.OcspTest.11
            protected void initChannel(Channel channel) throws Exception {
                ChannelPipeline pipeline = channel.pipeline();
                ChannelHandler newHandler = sslContext.newHandler(channel.bufferAllocator());
                if (bArr != null) {
                    newHandler.engine().setOcspResponse(bArr);
                }
                pipeline.addLast(new ChannelHandler[]{newHandler});
                if (channelHandler != null) {
                    pipeline.addLast(new ChannelHandler[]{channelHandler});
                }
            }
        };
    }

    private static ChannelHandler newClientHandler(final SslContext sslContext, final OcspClientCallback ocspClientCallback, final ChannelHandler channelHandler) {
        return new ChannelInitializer<Channel>() { // from class: io.netty5.handler.ssl.ocsp.OcspTest.12
            protected void initChannel(Channel channel) throws Exception {
                ChannelPipeline pipeline = channel.pipeline();
                ChannelHandler newHandler = sslContext.newHandler(channel.bufferAllocator());
                ReferenceCountedOpenSslEngine engine = newHandler.engine();
                pipeline.addLast(new ChannelHandler[]{newHandler});
                pipeline.addLast(new ChannelHandler[]{new OcspClientCallbackHandler(engine, ocspClientCallback)});
                if (channelHandler != null) {
                    pipeline.addLast(new ChannelHandler[]{channelHandler});
                }
            }
        };
    }

    private static byte[] newOcspResponse() {
        return "I am a bogus OCSP staple. OpenSSL does not care about the format of the byte[]!".getBytes(StandardCharsets.US_ASCII);
    }
}
