package org.newsclub.net.unix.ssl;

import com.kohlschutter.annotations.compiletime.SuppressFBWarnings;
import com.kohlschutter.testutil.TestAbortedWithImportantMessageException;
import com.kohlschutter.testutil.TestResourceUtil;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.security.Provider;
import java.time.Duration;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.EnumSource;
import org.newsclub.net.unix.AFSocket;
import org.newsclub.net.unix.AFUNIXSocket;
import org.newsclub.net.unix.AFUNIXSocketAddress;
import org.newsclub.net.unix.KnownJavaBugIOException;
import org.newsclub.net.unix.ssl.SSLTestBase;
import org.opentest4j.AssertionFailedError;

/* loaded from: input_file:org/newsclub/net/unix/ssl/SNIHostnameCaptureTest.class */
public class SNIHostnameCaptureTest extends SSLTestBase {
    private static SSLSocketFactory initClientSocketFactory(SSLTestBase.TestSSLConfiguration testSSLConfiguration) throws Exception {
        try {
            return testSSLConfiguration.configure(SSLContextBuilder.forClient()).withTrustStore(TestResourceUtil.getRequiredResource(SSLContextBuilderTest.class, "juxclient.truststore"), () -> {
                return "clienttrustpass".toCharArray();
            }).buildAndDestroyBuilder().getSocketFactory();
        } catch (KnownJavaBugIOException e) {
            throw new TestAbortedWithImportantMessageException(TestAbortedWithImportantMessageException.MessageType.TEST_ABORTED_SHORT_WITH_ISSUES, e.getMessage(), e);
        }
    }

    @EnumSource(SSLTestBase.TestSSLConfiguration.class)
    @ParameterizedTest
    public void testSNISuccessExpectDefault_NO_serverNullDefault_NO_clientEmptyDefault_NO(SSLTestBase.TestSSLConfiguration testSSLConfiguration) throws Exception {
        testSNISuccess(testSSLConfiguration, false, false, false);
    }

    @EnumSource(SSLTestBase.TestSSLConfiguration.class)
    @ParameterizedTest
    public void testSNISuccessExpectDefault_NO_serverNullDefault_YES_clientEmptyDefault_NO(SSLTestBase.TestSSLConfiguration testSSLConfiguration) throws Exception {
        testSNISuccess(testSSLConfiguration, false, true, false);
    }

    @EnumSource(SSLTestBase.TestSSLConfiguration.class)
    @ParameterizedTest
    public void testSNISuccessExpectDefault_NO_serverNullDefault_NO_clientEmptyDefault_YES(SSLTestBase.TestSSLConfiguration testSSLConfiguration) throws Exception {
        testSNISuccess(testSSLConfiguration, false, false, true);
    }

    @EnumSource(SSLTestBase.TestSSLConfiguration.class)
    @ParameterizedTest
    public void testSNISuccessExpectDefault_NO_serverNullDefault_YES_clientEmptyDefault_YES(SSLTestBase.TestSSLConfiguration testSSLConfiguration) throws Exception {
        testSNISuccess(testSSLConfiguration, false, true, true);
    }

    @EnumSource(SSLTestBase.TestSSLConfiguration.class)
    @ParameterizedTest
    public void testSNISuccessExpectDefault_YES_serverNullDefault_NO_clientEmptyDefault_NO(SSLTestBase.TestSSLConfiguration testSSLConfiguration) throws Exception {
        testSNISuccess(testSSLConfiguration, true, false, false);
    }

    @EnumSource(SSLTestBase.TestSSLConfiguration.class)
    @ParameterizedTest
    public void testSNISuccessExpectDefault_YES_serverNullDefault_YES_clientEmptyDefault_NO(SSLTestBase.TestSSLConfiguration testSSLConfiguration) throws Exception {
        testSNISuccess(testSSLConfiguration, true, true, false);
    }

    @EnumSource(SSLTestBase.TestSSLConfiguration.class)
    @ParameterizedTest
    public void testSNISuccessExpectDefault_YES_serverNullDefault_NO_clientEmptyDefault_YES(SSLTestBase.TestSSLConfiguration testSSLConfiguration) throws Exception {
        testSNISuccess(testSSLConfiguration, true, false, true);
    }

    @EnumSource(SSLTestBase.TestSSLConfiguration.class)
    @ParameterizedTest
    public void testSNISuccessExpectDefault_YES_serverNullDefault_YES_clientEmptyDefault_YES(SSLTestBase.TestSSLConfiguration testSSLConfiguration) throws Exception {
        testSNISuccess(testSSLConfiguration, true, true, true);
    }

    private void testSNISuccess(SSLTestBase.TestSSLConfiguration testSSLConfiguration, boolean z, boolean z2, boolean z3) throws Exception {
        AFUNIXSocketAddress ofNewTempFile = AFUNIXSocketAddress.ofNewTempFile();
        try {
            try {
                try {
                    SSLSocketFactory socketFactory = testSSLConfiguration.configure(SSLContextBuilder.forServer()).withKeyStore(TestResourceUtil.getRequiredResource(SSLContextBuilderTest.class, "juxserver.p12"), () -> {
                        return "serverpass".toCharArray();
                    }).buildAndDestroyBuilder().getSocketFactory();
                    Assertions.assertTimeoutPreemptively(Duration.ofSeconds(5L), () -> {
                        runServerAndClient(testSSLConfiguration, ofNewTempFile, socketFactory, z, z2, z3);
                    });
                    Files.deleteIfExists(ofNewTempFile.getFile().toPath());
                } catch (Error | Exception e) {
                    throw testSSLConfiguration.handleException(e);
                }
            } catch (KnownJavaBugIOException e2) {
                throw new TestAbortedWithImportantMessageException(TestAbortedWithImportantMessageException.MessageType.TEST_ABORTED_SHORT_WITH_ISSUES, e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            Files.deleteIfExists(ofNewTempFile.getFile().toPath());
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isBouncyCastleJSSE(SSLSocketFactory sSLSocketFactory) {
        Provider provider;
        SSLContext context = sSLSocketFactory instanceof BuilderSSLSocketFactory ? ((BuilderSSLSocketFactory) sSLSocketFactory).getContext() : null;
        return (context == null || (provider = context.getProvider()) == null || !"BCJSSE".equals(provider.getName())) ? false : true;
    }

    private void runServerAndClient(final SSLTestBase.TestSSLConfiguration testSSLConfiguration, AFUNIXSocketAddress aFUNIXSocketAddress, final SSLSocketFactory sSLSocketFactory, final boolean z, final boolean z2, final boolean z3) throws Exception {
        int read;
        final CompletableFuture completableFuture = new CompletableFuture();
        CompletableFuture completableFuture2 = new CompletableFuture();
        SSLSocketFactory initClientSocketFactory = initClientSocketFactory(testSSLConfiguration);
        final AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        TestingAFSocketServer<AFUNIXSocketAddress> testingAFSocketServer = new TestingAFSocketServer<AFUNIXSocketAddress>(aFUNIXSocketAddress) { // from class: org.newsclub.net.unix.ssl.SNIHostnameCaptureTest.1
            /* JADX INFO: Access modifiers changed from: protected */
            public void doServeSocket(AFSocket<? extends AFUNIXSocketAddress> aFSocket) throws IOException {
                SSLSocket sSLSocket;
                boolean z4 = false;
                try {
                    sSLSocket = (SSLSocket) sSLSocketFactory.createSocket((Socket) aFSocket, "localhost.junixsocket", aFSocket.getPort(), false);
                } catch (Error | Exception e) {
                    completableFuture.complete(e);
                }
                try {
                    SNIHostnameCapture configure = z2 ? SNIHostnameCapture.configure(sSLSocket, SNIHostnameCapture.ACCEPT_ANY_HOSTNAME) : SNIHostnameCapture.configure(sSLSocket, SNIHostnameCapture.ACCEPT_ANY_HOSTNAME, () -> {
                        return "defaulthost";
                    });
                    Assertions.assertFalse(configure.isComplete());
                    Assertions.assertThrows(IllegalStateException.class, () -> {
                        configure.getHostname();
                    });
                    sSLSocket.startHandshake();
                    configure.isComplete(1L, TimeUnit.SECONDS);
                    atomicBoolean.set(configure.isComplete());
                    try {
                        if (z) {
                            if (z2 && z3) {
                                Assertions.assertNull(configure.getHostname());
                            } else if (z3) {
                                Assertions.assertEquals("defaulthost", configure.getHostname());
                            } else {
                                Assertions.assertEquals("localhost.junixsocket", configure.getHostname());
                            }
                        } else if ("defaulthost".equals(configure.getHostname()) && AFSocket.isRunningOnAndroid()) {
                            completableFuture.complete(new TestAbortedWithImportantMessageException(TestAbortedWithImportantMessageException.MessageType.TEST_ABORTED_SHORT_WITH_ISSUES, "Android seems to not properly send the SNI hostname request"));
                        } else {
                            Assertions.assertEquals("subdomain.example.com", configure.getHostname());
                        }
                    } catch (AssertionFailedError e2) {
                        if (!testSSLConfiguration.isSniBroken()) {
                            throw e2;
                        }
                        z4 = true;
                    }
                    InputStream inputStream = sSLSocket.getInputStream();
                    try {
                        OutputStream outputStream = sSLSocket.getOutputStream();
                        try {
                            Assertions.assertEquals(63, inputStream.read());
                            if (!configure.isComplete()) {
                                Assertions.fail("Handshake is not marked complete, but data can be read");
                            }
                            CompletableFuture completableFuture3 = new CompletableFuture();
                            try {
                                Objects.requireNonNull(completableFuture3);
                                Assertions.assertEquals(configure.getHostnameFromSSLSession(sSLSocket, (v1) -> {
                                    r2.complete(v1);
                                }), configure.getHostname());
                            } catch (AssertionFailedError e3) {
                                if (!completableFuture3.isDone() || !SNIHostnameCaptureTest.isBouncyCastleJSSE(sSLSocketFactory)) {
                                    throw e3;
                                }
                            }
                            Assertions.assertEquals(z ? 1 : 0, inputStream.read());
                            Assertions.assertEquals(z2 ? 1 : 0, inputStream.read());
                            Assertions.assertEquals(z3 ? 1 : 0, inputStream.read());
                            outputStream.write("Hello World".getBytes(StandardCharsets.UTF_8));
                            outputStream.flush();
                            if (outputStream != null) {
                                outputStream.close();
                            }
                            if (inputStream != null) {
                                inputStream.close();
                            }
                            if (!atomicBoolean.get()) {
                                Assertions.fail("Handshake was not marked complete in time, but eventually was");
                            }
                            if (z4) {
                                throw new TestAbortedWithImportantMessageException(TestAbortedWithImportantMessageException.MessageType.TEST_ABORTED_SHORT_WITH_ISSUES, "SNI support is knowingly incomplete for " + testSSLConfiguration);
                            }
                            if (sSLSocket != null) {
                                sSLSocket.close();
                            }
                            if (atomicBoolean.get()) {
                                return;
                            }
                            completableFuture.complete(new AssertionFailedError("Handshake was not marked complete in time"));
                        } catch (Throwable th) {
                            if (outputStream != null) {
                                try {
                                    outputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            }
                            throw th;
                        }
                    } catch (Throwable th3) {
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        }
                        throw th3;
                    }
                } finally {
                }
            }
        };
        try {
            testingAFSocketServer.startAndWaitToBecomeReady();
            AFUNIXSocket connectTo = AFUNIXSocket.connectTo(aFUNIXSocketAddress);
            try {
                SSLSocket sSLSocket = (SSLSocket) initClientSocketFactory.createSocket((Socket) connectTo, z3 ? "" : "localhost.junixsocket", connectTo.getPort(), false);
                if (!z) {
                    try {
                        SSLParametersUtil.setSNIServerName(sSLSocket, new SNIHostName("subdomain.example.com"));
                    } catch (Throwable th) {
                        if (sSLSocket != null) {
                            try {
                                sSLSocket.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                }
                try {
                    InputStream inputStream = sSLSocket.getInputStream();
                    try {
                        OutputStream outputStream = sSLSocket.getOutputStream();
                        try {
                            outputStream.write(63);
                            outputStream.write(z ? 1 : 0);
                            outputStream.write(z2 ? 1 : 0);
                            outputStream.write(z3 ? 1 : 0);
                            outputStream.flush();
                            byte[] bArr = new byte[11];
                            int i = 0;
                            while (i < bArr.length && (read = inputStream.read(bArr, i, bArr.length - i)) >= 0) {
                                i += read;
                            }
                            Assertions.assertEquals("Hello World", new String(bArr, 0, i, StandardCharsets.UTF_8));
                            if (outputStream != null) {
                                outputStream.close();
                            }
                            if (inputStream != null) {
                                inputStream.close();
                            }
                        } catch (Throwable th3) {
                            if (outputStream != null) {
                                try {
                                    outputStream.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            }
                            throw th3;
                        }
                    } catch (Throwable th5) {
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (Throwable th6) {
                                th5.addSuppressed(th6);
                            }
                        }
                        throw th5;
                    }
                } catch (Exception e) {
                    completableFuture2.complete(e);
                }
                if (sSLSocket != null) {
                    sSLSocket.close();
                }
                if (connectTo != null) {
                    connectTo.close();
                }
            } finally {
            }
        } finally {
            testingAFSocketServer.stop();
            TestUtil.throwMoreInterestingThrowableThanSocketException(() -> {
                return (Throwable) completableFuture.getNow(null);
            }, () -> {
                return (Throwable) completableFuture2.getNow(null);
            });
            testingAFSocketServer.checkThrowable();
        }
    }

    @Test
    public void testWonkySSLSocket() throws Exception {
        testWonkySSLSocket(0);
        testWonkySSLSocket(23);
    }

    private void testWonkySSLSocket(final int i) throws Exception {
        SSLSocket sSLSocket = new SSLSocket() { // from class: org.newsclub.net.unix.ssl.SNIHostnameCaptureTest.2
            private HandshakeCompletedListener hcl;
            private SSLParameters params = new SSLParameters();

            @Override // javax.net.ssl.SSLSocket
            @SuppressFBWarnings({"RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT"})
            public void startHandshake() throws IOException {
                for (SNIMatcher sNIMatcher : getSSLParameters().getSNIMatchers()) {
                    sNIMatcher.matches(new SNIHostName("hostname"));
                    sNIMatcher.matches(new SNIServerName(23, "WAT".getBytes(StandardCharsets.US_ASCII)) { // from class: org.newsclub.net.unix.ssl.SNIHostnameCaptureTest.2.1
                    });
                    sNIMatcher.matches(new SNIHostName("hostname"));
                    sNIMatcher.matches(new SNIHostName("anotherHostname"));
                }
                this.hcl.handshakeCompleted(new HandshakeCompletedEvent(this, null));
            }

            @Override // javax.net.ssl.SSLSocket
            public void setWantClientAuth(boolean z) {
            }

            @Override // javax.net.ssl.SSLSocket
            public void setUseClientMode(boolean z) {
            }

            @Override // javax.net.ssl.SSLSocket
            public void setNeedClientAuth(boolean z) {
            }

            @Override // javax.net.ssl.SSLSocket
            public void setEnabledProtocols(String[] strArr) {
            }

            @Override // javax.net.ssl.SSLSocket
            public void setEnabledCipherSuites(String[] strArr) {
            }

            @Override // javax.net.ssl.SSLSocket
            public void setEnableSessionCreation(boolean z) {
            }

            @Override // javax.net.ssl.SSLSocket
            public void removeHandshakeCompletedListener(HandshakeCompletedListener handshakeCompletedListener) {
            }

            @Override // javax.net.ssl.SSLSocket
            public boolean getWantClientAuth() {
                return false;
            }

            @Override // javax.net.ssl.SSLSocket
            public boolean getUseClientMode() {
                return false;
            }

            @Override // javax.net.ssl.SSLSocket
            public String[] getSupportedProtocols() {
                return null;
            }

            @Override // javax.net.ssl.SSLSocket
            public String[] getSupportedCipherSuites() {
                return null;
            }

            @Override // javax.net.ssl.SSLSocket
            public SSLSession getSession() {
                return null;
            }

            @Override // javax.net.ssl.SSLSocket
            public boolean getNeedClientAuth() {
                return false;
            }

            @Override // javax.net.ssl.SSLSocket
            public String[] getEnabledProtocols() {
                return null;
            }

            @Override // javax.net.ssl.SSLSocket
            public String[] getEnabledCipherSuites() {
                return null;
            }

            @Override // javax.net.ssl.SSLSocket
            public boolean getEnableSessionCreation() {
                return false;
            }

            @Override // javax.net.ssl.SSLSocket
            public SSLParameters getSSLParameters() {
                return this.params;
            }

            @Override // javax.net.ssl.SSLSocket
            public void setSSLParameters(SSLParameters sSLParameters) {
                this.params = sSLParameters;
            }

            @Override // javax.net.ssl.SSLSocket
            public void addHandshakeCompletedListener(HandshakeCompletedListener handshakeCompletedListener) {
                if (this.hcl != null) {
                    throw new IllegalStateException();
                }
                this.hcl = handshakeCompletedListener;
            }
        };
        SNIHostnameCapture configure = SNIHostnameCapture.configure(sSLSocket, new SNIMatcher(i) { // from class: org.newsclub.net.unix.ssl.SNIHostnameCaptureTest.3
            @Override // javax.net.ssl.SNIMatcher
            public boolean matches(SNIServerName sNIServerName) {
                return sNIServerName.getType() == i;
            }
        });
        sSLSocket.startHandshake();
        if (i == 0) {
            Assertions.assertEquals("hostname", configure.getHostname());
        } else {
            Assertions.assertNull(configure.getHostname());
        }
    }
}
