package io.vertx.core.http;

import io.netty.util.internal.PlatformDependent;
import io.vertx.core.Future;
import io.vertx.core.Vertx;
import io.vertx.core.VertxException;
import io.vertx.core.VertxOptions;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.net.JdkSSLEngineOptions;
import io.vertx.core.net.JksOptions;
import io.vertx.core.net.KeyCertOptions;
import io.vertx.core.net.KeyStoreOptions;
import io.vertx.core.net.OpenSSLEngineOptions;
import io.vertx.core.net.PemKeyCertOptions;
import io.vertx.core.net.PemTrustOptions;
import io.vertx.core.net.PfxOptions;
import io.vertx.core.net.ProxyOptions;
import io.vertx.core.net.ProxyType;
import io.vertx.core.net.SelfSignedCertificate;
import io.vertx.core.net.SocketAddress;
import io.vertx.core.net.TrustOptions;
import io.vertx.core.net.impl.TrustAllTrustManager;
import io.vertx.test.core.TestUtils;
import io.vertx.test.proxy.HAProxy;
import io.vertx.test.tls.Cert;
import io.vertx.test.tls.Trust;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.NoSuchFileException;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Function;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.TrustManagerFactorySpi;
import org.junit.Assume;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;

/* loaded from: input_file:io/vertx/core/http/HttpTLSTest.class */
public abstract class HttpTLSTest extends HttpTestBase {

    @Rule
    public TemporaryFolder testFolder = new TemporaryFolder();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/vertx/core/http/HttpTLSTest$TLSTest.class */
    public class TLSTest {
        KeyCertOptions clientCert;
        TrustOptions clientTrust;
        boolean clientTrustAll;
        boolean clientUsesCrl;
        boolean clientUsesAlpn;
        boolean clientOpenSSL;
        boolean requiresClientAuth;
        KeyCertOptions serverCert;
        TrustOptions serverTrust;
        boolean serverUsesCrl;
        boolean serverOpenSSL;
        boolean serverUsesAlpn;
        ProxyType proxyType;
        boolean useProxyAuth;
        private String connectHostname;
        private Integer connectPort;
        private boolean followRedirects;
        private boolean serverSNI;
        private boolean clientForceSNI;
        Certificate clientPeerCert;
        String indicatedServerName;
        boolean clientVerifyHost = true;
        boolean clientSSL = true;
        boolean serverSSL = true;
        boolean serverUsesProxyProtocol = false;
        String[] clientEnabledCipherSuites = new String[0];
        String[] serverEnabledCipherSuites = new String[0];
        String[] clientEnabledSecureTransportProtocol = new String[0];
        String[] serverEnabledSecureTransportProtocol = new String[0];
        private Function<HttpClient, Future<HttpClientRequest>> requestProvider = httpClient -> {
            return httpClient.request(new RequestOptions().setMethod(HttpMethod.POST).setHost(this.connectHostname != null ? this.connectHostname : "localhost").setPort(Integer.valueOf(this.connectPort != null ? this.connectPort.intValue() : 4043)).setURI(HttpTestBase.DEFAULT_TEST_URI));
        };
        HttpVersion version = HttpVersion.HTTP_1_1;

        public TLSTest(Cert<?> cert, Trust<?> trust, Cert<?> cert2, Trust<?> trust2) {
            this.clientCert = (KeyCertOptions) cert.get();
            this.clientTrust = (TrustOptions) trust.get();
            this.serverCert = (KeyCertOptions) cert2.get();
            this.serverTrust = (TrustOptions) trust2.get();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public TLSTest version(HttpVersion httpVersion) {
            this.version = httpVersion;
            return this;
        }

        TLSTest requiresClientAuth() {
            this.requiresClientAuth = true;
            return this;
        }

        TLSTest serverUsesCrl() {
            this.serverUsesCrl = true;
            return this;
        }

        TLSTest serverOpenSSL() {
            this.serverOpenSSL = true;
            return this;
        }

        TLSTest clientOpenSSL() {
            this.clientOpenSSL = true;
            return this;
        }

        TLSTest clientUsesCrl() {
            this.clientUsesCrl = true;
            return this;
        }

        TLSTest clientTrustAll() {
            this.clientTrustAll = true;
            return this;
        }

        TLSTest clientVerifyHost() {
            this.clientVerifyHost = true;
            return this;
        }

        TLSTest clientVerifyHost(boolean z) {
            this.clientVerifyHost = z;
            return this;
        }

        TLSTest clientEnabledCipherSuites(String[] strArr) {
            this.clientEnabledCipherSuites = strArr;
            return this;
        }

        TLSTest serverEnabledCipherSuites(String[] strArr) {
            this.serverEnabledCipherSuites = strArr;
            return this;
        }

        TLSTest clientEnabledSecureTransportProtocol(String[] strArr) {
            this.clientEnabledSecureTransportProtocol = strArr;
            return this;
        }

        TLSTest serverEnabledSecureTransportProtocol(String[] strArr) {
            this.serverEnabledSecureTransportProtocol = strArr;
            return this;
        }

        TLSTest serverSni() {
            this.serverSNI = true;
            return this;
        }

        TLSTest clientForceSni() {
            this.clientForceSNI = true;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public TLSTest clientUsesAlpn() {
            this.clientUsesAlpn = true;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public TLSTest serverUsesAlpn() {
            this.serverUsesAlpn = true;
            return this;
        }

        TLSTest useProxy(ProxyType proxyType) {
            this.proxyType = proxyType;
            return this;
        }

        TLSTest useProxyAuth() {
            this.useProxyAuth = true;
            return this;
        }

        TLSTest serverUsesProxyProtocol() {
            this.serverUsesProxyProtocol = true;
            return this;
        }

        TLSTest connectHostname(String str) {
            this.connectHostname = str;
            return this;
        }

        TLSTest connectPort(int i) {
            this.connectPort = Integer.valueOf(i);
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public TLSTest requestOptions(RequestOptions requestOptions) {
            this.requestProvider = httpClient -> {
                return httpClient.request(requestOptions);
            };
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public TLSTest requestProvider(Function<HttpClient, Future<HttpClientRequest>> function) {
            this.requestProvider = function;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public TLSTest clientSSL(boolean z) {
            this.clientSSL = z;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public TLSTest serverSSL(boolean z) {
            this.serverSSL = z;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public TLSTest followRedirects(boolean z) {
            this.followRedirects = z;
            return this;
        }

        public Certificate clientPeerCert() {
            return this.clientPeerCert;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public TLSTest pass() {
            return run(true);
        }

        TLSTest fail() {
            return run(false);
        }

        TLSTest run(boolean z) {
            if (this.proxyType == null || z) {
                HttpTLSTest.this.waitFor(2);
            }
            HttpTLSTest.this.server.close();
            HttpClientOptions httpClientOptions = new HttpClientOptions();
            httpClientOptions.setProtocolVersion(this.version);
            httpClientOptions.setSsl(this.clientSSL);
            httpClientOptions.setForceSni(this.clientForceSNI);
            if (this.clientTrustAll) {
                httpClientOptions.setTrustAll(true);
            }
            if (this.clientUsesCrl) {
                httpClientOptions.addCrlPath("tls/root-ca/crl.pem");
            }
            if (this.clientOpenSSL) {
                httpClientOptions.setOpenSslEngineOptions(new OpenSSLEngineOptions());
            } else {
                httpClientOptions.setJdkSslEngineOptions(new JdkSSLEngineOptions());
            }
            if (this.clientUsesAlpn) {
                httpClientOptions.setUseAlpn(true);
            }
            httpClientOptions.setVerifyHost(this.clientVerifyHost);
            httpClientOptions.setTrustOptions(this.clientTrust);
            httpClientOptions.setKeyCertOptions(this.clientCert);
            for (String str : this.clientEnabledCipherSuites) {
                httpClientOptions.addEnabledCipherSuite(str);
            }
            if (this.clientEnabledSecureTransportProtocol.length > 0) {
                Set enabledSecureTransportProtocols = httpClientOptions.getEnabledSecureTransportProtocols();
                httpClientOptions.getClass();
                enabledSecureTransportProtocols.forEach(httpClientOptions::removeEnabledSecureTransportProtocol);
            }
            for (String str2 : this.clientEnabledSecureTransportProtocol) {
                httpClientOptions.addEnabledSecureTransportProtocol(str2);
            }
            if (this.proxyType != null) {
                ProxyOptions type = this.proxyType == ProxyType.SOCKS5 ? new ProxyOptions().setHost("localhost").setPort(11080).setType(ProxyType.SOCKS5) : new ProxyOptions().setHost("localhost").setPort(13128).setType(ProxyType.HTTP);
                if (this.useProxyAuth) {
                    type.setUsername("username").setPassword("username");
                }
                httpClientOptions.setProxyOptions(type);
            }
            HttpTLSTest.this.client = HttpTLSTest.this.createHttpClient(httpClientOptions);
            HttpServerOptions httpServerOptions = new HttpServerOptions();
            httpServerOptions.setTrustOptions(this.serverTrust);
            httpServerOptions.setKeyCertOptions(this.serverCert);
            if (this.requiresClientAuth) {
                httpServerOptions.setClientAuth(ClientAuth.REQUIRED);
            }
            if (this.serverUsesCrl) {
                httpServerOptions.addCrlPath("tls/root-ca/crl.pem");
            }
            if (this.serverOpenSSL) {
                httpServerOptions.setOpenSslEngineOptions(new OpenSSLEngineOptions());
            }
            httpServerOptions.setUseAlpn(this.serverUsesAlpn);
            httpServerOptions.setSsl(this.serverSSL);
            httpServerOptions.setSni(this.serverSNI);
            httpServerOptions.setUseProxyProtocol(this.serverUsesProxyProtocol);
            for (String str3 : this.serverEnabledCipherSuites) {
                httpServerOptions.addEnabledCipherSuite(str3);
            }
            if (this.serverEnabledSecureTransportProtocol.length > 0) {
                Set enabledSecureTransportProtocols2 = httpServerOptions.getEnabledSecureTransportProtocols();
                httpServerOptions.getClass();
                enabledSecureTransportProtocols2.forEach(httpServerOptions::removeEnabledSecureTransportProtocol);
            }
            for (String str4 : this.serverEnabledSecureTransportProtocol) {
                httpServerOptions.addEnabledSecureTransportProtocol(str4);
            }
            HttpTLSTest.this.server = HttpTLSTest.this.createHttpServer(httpServerOptions.setPort(HttpTestBase.DEFAULT_HTTPS_PORT));
            HttpTLSTest.this.server.connectionHandler(httpConnection -> {
                HttpTLSTest.this.complete();
            });
            AtomicInteger atomicInteger = new AtomicInteger();
            HttpTLSTest.this.server.exceptionHandler(th -> {
                if (z) {
                    HttpTLSTest.this.fail(th);
                } else if (atomicInteger.incrementAndGet() == 1) {
                    HttpTLSTest.this.complete();
                }
            });
            HttpTLSTest.this.server.requestHandler(httpServerRequest -> {
                this.indicatedServerName = httpServerRequest.connection().indicatedServerName();
                HttpTLSTest.this.assertEquals(this.version, httpServerRequest.version());
                HttpTLSTest.this.assertEquals(Boolean.valueOf(this.serverSSL), Boolean.valueOf(httpServerRequest.isSSL()));
                if (httpServerRequest.method() == HttpMethod.GET || httpServerRequest.method() == HttpMethod.HEAD) {
                    httpServerRequest.response().end();
                } else {
                    httpServerRequest.bodyHandler(buffer -> {
                        HttpTLSTest.this.assertEquals("foo", buffer.toString());
                        httpServerRequest.response().end("bar");
                    });
                }
            });
            HttpTLSTest.this.server.listen(asyncResult -> {
                HttpTLSTest.this.assertTrue(asyncResult.succeeded());
                if (this.connectHostname != null) {
                    String str5 = this.connectHostname;
                }
                this.requestProvider.apply(HttpTLSTest.this.client).onComplete(asyncResult -> {
                    if (asyncResult.succeeded()) {
                        HttpClientRequest httpClientRequest = (HttpClientRequest) asyncResult.result();
                        httpClientRequest.setFollowRedirects(this.followRedirects);
                        httpClientRequest.send("foo", asyncResult -> {
                            if (!asyncResult.succeeded()) {
                                System.out.println("HANDLE ME");
                                return;
                            }
                            HttpClientResponse httpClientResponse = (HttpClientResponse) asyncResult.result();
                            HttpConnection connection = httpClientResponse.request().connection();
                            if (connection.isSsl()) {
                                try {
                                    this.clientPeerCert = (Certificate) connection.peerCertificates().get(0);
                                } catch (SSLPeerUnverifiedException e) {
                                }
                            }
                            if (!z) {
                                HttpTLSTest.this.fail("Should not get a response");
                                return;
                            }
                            httpClientResponse.version();
                            HttpMethod method = httpClientResponse.request().getMethod();
                            if (method == HttpMethod.GET || method == HttpMethod.HEAD) {
                                HttpTLSTest.this.complete();
                            } else {
                                httpClientResponse.bodyHandler(buffer -> {
                                    HttpTLSTest.this.assertEquals("bar", buffer.toString());
                                    HttpTLSTest.this.complete();
                                });
                            }
                        });
                    } else {
                        Throwable cause = asyncResult.cause();
                        if (!z) {
                            HttpTLSTest.this.complete();
                        } else {
                            cause.printStackTrace();
                            HttpTLSTest.this.fail("Should not throw exception");
                        }
                    }
                });
            });
            HttpTLSTest.this.await();
            return this;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.vertx.test.core.VertxTestBase
    public VertxOptions getOptions() {
        VertxOptions options = super.getOptions();
        options.getAddressResolverOptions().setHostsValue(Buffer.buffer("127.0.0.1 localhost\n127.0.0.1 host1\n127.0.0.1 host2.com\n127.0.0.1 sub.host3.com\n127.0.0.1 host4.com\n127.0.0.1 www.host4.com\n127.0.0.1 host5.com\n127.0.0.1 www.host5.com\n127.0.0.1 unknown.com"));
        return options;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.vertx.core.http.HttpTestBase, io.vertx.test.core.VertxTestBase, io.vertx.test.core.AsyncTestBase
    public void tearDown() throws Exception {
        if (this.proxy != null) {
            this.proxy.stop();
        }
        super.tearDown();
    }

    @Test
    public void testTLSClientTrustAll() throws Exception {
        testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().pass();
    }

    @Test
    public void testTLSClientTrustServerCert() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertKeyStore() throws Exception {
        testTLS(Cert.NONE, () -> {
            JksOptions jksOptions = (JksOptions) Trust.SERVER_JKS.get();
            return new KeyStoreOptions().setType("JKS").setPath(jksOptions.getPath()).setPassword(jksOptions.getPassword());
        }, () -> {
            JksOptions jksOptions = (JksOptions) Cert.SERVER_JKS.get();
            return new KeyStoreOptions().setType("JKS").setPath(jksOptions.getPath()).setPassword(jksOptions.getPassword());
        }, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertPKCS12() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_PKCS12, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertPEM() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_PEM, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertJKSRootCAWithJKSRootCA() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS_ROOT_CA, Cert.SERVER_JKS_ROOT_CA, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertJKSRootCAWithPKCS12RootCA() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PKCS12_ROOT_CA, Cert.SERVER_JKS_ROOT_CA, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertJKSRootRootCAWithPEMRootCA() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PEM_ROOT_CA, Cert.SERVER_JKS_ROOT_CA, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertPKCS12RootCAWithJKSRootCA() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS_ROOT_CA, Cert.SERVER_PKCS12_ROOT_CA, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertPKCS12RootCAWithPKCS12RootCA() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PKCS12_ROOT_CA, Cert.SERVER_PKCS12_ROOT_CA, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertPKCS12RootCAWithPEMRootCA() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PEM_ROOT_CA, Cert.SERVER_PKCS12_ROOT_CA, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertPEMRootCAWithJKSRootCA() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS_ROOT_CA, Cert.SERVER_PEM_ROOT_CA, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertPEMRootCAWithPKCS12RootCA() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PKCS12_ROOT_CA, Cert.SERVER_PEM_ROOT_CA, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertPEMRootCAWithPEMRootCA() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PEM_ROOT_CA, Cert.SERVER_PEM_ROOT_CA, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertMultiPemWithPEMRootCA() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PEM_ROOT_CA_AND_OTHER_CA, Cert.SERVER_PEM_ROOT_CA, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertMultiPemWithPEMOtherCA() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PEM_ROOT_CA_AND_OTHER_CA, Cert.SERVER_PEM_OTHER_CA, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustServerCertPEMRootCAWithPEMCAChain() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PEM_ROOT_CA, Cert.SERVER_PEM_CA_CHAIN, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientUntrustedServerCertPEMRootCAWithPEMCA() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PEM_ROOT_CA, Cert.SERVER_PEM_INT_CA, Trust.NONE).fail();
    }

    @Test
    public void testTLSClientTrustPKCS12ServerCert() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PKCS12, Cert.SERVER_JKS, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientTrustPEMServerCert() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PEM, Cert.SERVER_JKS, Trust.NONE).pass();
    }

    @Test
    public void testTLSClientUntrustedServer() throws Exception {
        testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).fail();
    }

    @Test
    public void testTLSClientUntrustedServerPEM() throws Exception {
        testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_PEM, Trust.NONE).fail();
    }

    @Test
    public void testTLSClientCertNotRequired() throws Exception {
        testTLS(Cert.CLIENT_JKS, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.CLIENT_JKS).pass();
    }

    @Test
    public void testTLSClientCertNotRequiredPEM() throws Exception {
        testTLS(Cert.CLIENT_JKS, Trust.SERVER_JKS, Cert.SERVER_PEM, Trust.CLIENT_JKS).pass();
    }

    @Test
    public void testTLSClientCertRequired() throws Exception {
        testTLS(Cert.CLIENT_JKS, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.CLIENT_JKS).requiresClientAuth().pass();
    }

    @Test
    public void testTLSClientCertRequiredPKCS12() throws Exception {
        testTLS(Cert.CLIENT_JKS, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.CLIENT_PKCS12).requiresClientAuth().pass();
    }

    @Test
    public void testTLSClientCertRequiredPEM() throws Exception {
        testTLS(Cert.CLIENT_JKS, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.CLIENT_PEM).requiresClientAuth().pass();
    }

    @Test
    public void testTLSClientCertPKCS12Required() throws Exception {
        testTLS(Cert.CLIENT_PKCS12, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.CLIENT_JKS).requiresClientAuth().pass();
    }

    @Test
    public void testTLSClientCertPEMRequired() throws Exception {
        testTLS(Cert.CLIENT_PEM, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.CLIENT_JKS).requiresClientAuth().pass();
    }

    @Test
    public void testTLSClientCertPEM_CARequired() throws Exception {
        testTLS(Cert.CLIENT_PEM_ROOT_CA, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.CLIENT_PEM_ROOT_CA).requiresClientAuth().pass();
    }

    @Test
    public void testTLSClientCertRequiredNoClientCert() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.CLIENT_JKS).requiresClientAuth().fail();
    }

    @Test
    public void testTLSClientCertClientNotTrusted() throws Exception {
        testTLS(Cert.CLIENT_JKS, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).requiresClientAuth().fail();
    }

    @Test
    public void testTLSClientRevokedServerCert() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PEM_ROOT_CA, Cert.SERVER_PEM_ROOT_CA, Trust.NONE).clientUsesCrl().fail();
    }

    @Test
    public void testTLSRevokedClientCertServer() throws Exception {
        testTLS(Cert.CLIENT_PEM_ROOT_CA, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.CLIENT_PEM_ROOT_CA).requiresClientAuth().serverUsesCrl().fail();
    }

    @Test
    public void testTLSMatchingCipherSuites() throws Exception {
        testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledCipherSuites(ENABLED_CIPHER_SUITES).pass();
    }

    @Test
    public void testTLSNonMatchingCipherSuites() throws Exception {
        testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledCipherSuites(new String[]{"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"}).clientEnabledCipherSuites(new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}).fail();
    }

    @Test
    public void testTLSMatchingProtocolVersions() throws Exception {
        testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledSecureTransportProtocol(new String[]{"SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2"}).pass();
    }

    @Test
    public void testTLSTrailingDotHost() throws Exception {
        Assume.assumeTrue(PlatformDependent.javaVersion() < 9);
        SelfSignedCertificate create = SelfSignedCertificate.create("host2.com");
        Cert<KeyCertOptions> cert = Cert.NONE;
        create.getClass();
        Trust<?> trust = create::trustOptions;
        create.getClass();
        assertEquals("host2.com", TestUtils.cnOf(testTLS(cert, trust, create::keyCertOptions, Trust.NONE).requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com.")).pass().clientPeerCert()));
    }

    @Test
    public void testTLSInvalidProtocolVersion() throws Exception {
        testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledSecureTransportProtocol(new String[]{"HelloWorld"}).fail();
    }

    @Test
    public void testTLSNonMatchingProtocolVersions() throws Exception {
        testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledSecureTransportProtocol(new String[]{"TLSv1.2"}).clientEnabledSecureTransportProtocol(new String[]{"SSLv2Hello", "TLSv1.1"}).fail();
    }

    @Test
    public void testTLSVerifyMatchingHost() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).clientVerifyHost().pass();
    }

    @Test
    public void testTLSVerifyNonMatchingHost() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_MIM, Trust.NONE).clientVerifyHost().fail();
    }

    @Test
    public void testTLSVerifyMatchingHostOpenSSL() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).clientVerifyHost().clientOpenSSL().pass();
    }

    @Test
    public void testTLSVerifyNonMatchingHostOpenSSL() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_MIM, Trust.NONE).clientVerifyHost().clientOpenSSL().fail();
    }

    @Test
    public void testTLSClientTrustServerCertJKSOpenSSL() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).serverOpenSSL().pass();
    }

    @Test
    public void testTLSClientTrustServerCertPKCS12OpenSSL() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_PKCS12, Trust.NONE).serverOpenSSL().pass();
    }

    @Test
    public void testTLSClientTrustServerCertPEMOpenSSL() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_PEM, Trust.NONE).serverOpenSSL().pass();
    }

    @Test
    public void testTLSClientTrustServerCertWithJKSOpenSSL() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).clientOpenSSL().pass();
    }

    @Test
    public void testTLSClientTrustServerCertWithPKCS12OpenSSL() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PKCS12, Cert.SERVER_JKS, Trust.NONE).clientOpenSSL().pass();
    }

    @Test
    public void testTLSClientTrustServerCertWithPEMOpenSSL() throws Exception {
        testTLS(Cert.NONE, Trust.SERVER_PEM, Cert.SERVER_JKS, Trust.NONE).clientOpenSSL().pass();
    }

    @Test
    public void testTLSClientCertRequiredOpenSSL() throws Exception {
        testTLS(Cert.CLIENT_JKS, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.CLIENT_JKS).clientOpenSSL().requiresClientAuth().pass();
    }

    @Test
    public void testTLSClientCertPKCS12RequiredOpenSSL() throws Exception {
        testTLS(Cert.CLIENT_PKCS12, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.CLIENT_JKS).clientOpenSSL().requiresClientAuth().pass();
    }

    @Test
    public void testTLSClientCertPEMRequiredOpenSSL() throws Exception {
        testTLS(Cert.CLIENT_PEM, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.CLIENT_JKS).clientOpenSSL().requiresClientAuth().pass();
    }

    @Test
    public void testSNITrust() throws Exception {
        TLSTest pass = testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com")).pass();
        assertEquals("host2.com", TestUtils.cnOf(pass.clientPeerCert()));
        assertEquals("host2.com", pass.indicatedServerName);
    }

    @Test
    public void testSNITrustPKCS12() throws Exception {
        assertEquals("host2.com", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_PKCS12, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNITrustPEM() throws Exception {
        assertEquals("host2.com", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_PEM, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNIServerIgnoresExtension1() throws Exception {
        testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.NONE).requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com")).fail();
    }

    @Test
    public void testSNIServerIgnoresExtension2() throws Exception {
        assertEquals("localhost", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SNI_JKS, Trust.NONE).clientVerifyHost(false).requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNIUnknownServerName1() throws Exception {
        testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("unknown.com")).fail();
    }

    @Test
    public void testSNIUnknownServerName2() throws Exception {
        TLSTest pass = testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SNI_JKS, Trust.NONE).serverSni().clientVerifyHost(false).requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("unknown.com")).pass();
        assertEquals("localhost", TestUtils.cnOf(pass.clientPeerCert()));
        assertEquals("unknown.com", pass.indicatedServerName);
    }

    @Test
    public void testSNIWildcardMatch() throws Exception {
        TLSTest pass = testTLS(Cert.NONE, Trust.SNI_JKS_HOST3, Cert.SNI_JKS, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("sub.host3.com")).pass();
        assertEquals("*.host3.com", TestUtils.cnOf(pass.clientPeerCert()));
        assertEquals("sub.host3.com", pass.indicatedServerName);
    }

    @Test
    public void testSNIWildcardMatchPKCS12() throws Exception {
        assertEquals("*.host3.com", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST3, Cert.SNI_PKCS12, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("sub.host3.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNIWildcardMatchPEM() throws Exception {
        assertEquals("*.host3.com", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST3, Cert.SNI_PEM, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("sub.host3.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNISubjectAlternativeNameMatch1() throws Exception {
        assertEquals("host4.com certificate", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_JKS, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host4.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNISubjectAlternativeNameMatch1PKCS12() throws Exception {
        assertEquals("host4.com certificate", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_PKCS12, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host4.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNISubjectAlternativeNameMatch1PEM() throws Exception {
        assertEquals("host4.com certificate", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_PEM, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host4.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNISubjectAlternativeNameMatch2() throws Exception {
        assertEquals("host4.com certificate", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_JKS, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("www.host4.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNISubjectAlternativeNameMatch2PKCS12() throws Exception {
        assertEquals("host4.com certificate", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_PKCS12, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("www.host4.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNISubjectAlternativeNameMatch2PEM() throws Exception {
        assertEquals("host4.com certificate", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_PEM, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("www.host4.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNISubjectAlternativeNameWildcardMatch() throws Exception {
        assertEquals("host5.com", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_JKS, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("www.host5.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNISubjectAlternativeNameWildcardMatchPKCS12() throws Exception {
        assertEquals("host5.com", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PKCS12, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("www.host5.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNISubjectAlternativeNameWildcardMatchPEM() throws Exception {
        assertEquals("host5.com", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PEM, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("www.host5.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNISubjectAltenativeNameCNMatch1() throws Exception {
        testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_JKS, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host5.com")).fail().clientPeerCert();
    }

    @Test
    public void testSNISubjectAltenativeNameCNMatch1PKCS12() throws Exception {
        testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PKCS12, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host5.com")).fail().clientPeerCert();
    }

    @Test
    public void testSNISubjectAltenativeNameCNMatch1PEM() throws Exception {
        testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PEM, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host5.com")).fail().clientPeerCert();
    }

    @Test
    public void testSNISubjectAltenativeNameCNMatch2() throws Exception {
        assertEquals("host5.com", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_JKS, Trust.NONE).serverSni().clientVerifyHost(false).requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host5.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNISubjectAltenativeNameCNMatch2PKCS12() throws Exception {
        assertEquals("host5.com", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PKCS12, Trust.NONE).serverSni().clientVerifyHost(false).requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host5.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNISubjectAltenativeNameCNMatch2PEM() throws Exception {
        assertEquals("host5.com", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PEM, Trust.NONE).serverSni().clientVerifyHost(false).requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host5.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNIWithALPN() throws Exception {
        assertEquals("host2.com", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.NONE).serverSni().clientUsesAlpn().serverUsesAlpn().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNIWithHostHeader() throws Exception {
        assertEquals("host2.com", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.NONE).serverSni().requestProvider(httpClient -> {
            return httpClient.request(new RequestOptions().setServer(SocketAddress.inetSocketAddress(HttpTestBase.DEFAULT_HTTPS_PORT, "localhost")).setMethod(HttpMethod.POST).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com").setURI("/somepath"));
        }).pass().clientPeerCert()));
    }

    @Test
    public void testSNIWithOpenSSL() throws Exception {
        assertEquals("host2.com", TestUtils.cnOf(testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.NONE).clientOpenSSL().serverOpenSSL().serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com")).pass().clientPeerCert()));
    }

    @Test
    public void testSNIDontSendServerNameForShortnames1() throws Exception {
        testTLS(Cert.NONE, Trust.SNI_JKS_HOST1, Cert.SNI_JKS, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host1")).fail();
    }

    @Test
    public void testSNIDontSendServerNameForShortnames2() throws Exception {
        assertEquals((Object) null, testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SNI_JKS, Trust.NONE).clientVerifyHost(false).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host1")).pass().indicatedServerName);
    }

    @Test
    public void testSNIForceSend() throws Exception {
        assertEquals("host1", testTLS(Cert.NONE, Trust.SNI_JKS_HOST1, Cert.SNI_JKS, Trust.NONE).clientForceSni().serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host1")).pass().indicatedServerName);
    }

    @Test
    public void testSNIWithServerNameTrust() throws Exception {
        testTLS(Cert.CLIENT_PEM_ROOT_CA, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.SNI_SERVER_ROOT_CA_AND_OTHER_CA_1).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com")).requiresClientAuth().pass();
    }

    @Test
    public void testSNIWithServerNameTrustFallback() throws Exception {
        testTLS(Cert.CLIENT_PEM_ROOT_CA, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.SNI_SERVER_ROOT_CA_FALLBACK).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com")).requiresClientAuth().pass();
    }

    @Test
    public void testSNIWithServerNameTrustFallbackFail() throws Exception {
        testTLS(Cert.CLIENT_PEM_ROOT_CA, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.SNI_SERVER_OTHER_CA_FALLBACK).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com")).requiresClientAuth().fail();
    }

    @Test
    public void testSNIWithServerNameTrustFail() throws Exception {
        testTLS(Cert.CLIENT_PEM_ROOT_CA, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.SNI_SERVER_ROOT_CA_AND_OTHER_CA_2).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com")).requiresClientAuth().fail();
    }

    @Test
    public void testSNICustomTrustManagerFactoryMapper() throws Exception {
        testTLS(Cert.CLIENT_PEM, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, () -> {
            return new TrustOptions() { // from class: io.vertx.core.http.HttpTLSTest.1
                public Function<String, TrustManager[]> trustManagerMapper(Vertx vertx) throws Exception {
                    return null;
                }

                public TrustManagerFactory getTrustManagerFactory(Vertx vertx) throws Exception {
                    return new TrustManagerFactory(new TrustManagerFactorySpi() { // from class: io.vertx.core.http.HttpTLSTest.1.1
                        @Override // javax.net.ssl.TrustManagerFactorySpi
                        protected void engineInit(KeyStore keyStore) throws KeyStoreException {
                        }

                        @Override // javax.net.ssl.TrustManagerFactorySpi
                        protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
                        }

                        @Override // javax.net.ssl.TrustManagerFactorySpi
                        protected TrustManager[] engineGetTrustManagers() {
                            return new TrustManager[]{TrustAllTrustManager.INSTANCE};
                        }
                    }, KeyPairGenerator.getInstance("RSA").getProvider(), KeyPairGenerator.getInstance("RSA").getAlgorithm()) { // from class: io.vertx.core.http.HttpTLSTest.1.2
                    };
                }

                public TrustOptions copy() {
                    return this;
                }
            };
        }).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com")).requiresClientAuth().pass();
    }

    @Test
    public void testSNICustomTrustManagerFactoryMapper2() throws Exception {
        testTLS(Cert.CLIENT_PEM, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, () -> {
            return new TrustOptions() { // from class: io.vertx.core.http.HttpTLSTest.2
                public Function<String, TrustManager[]> trustManagerMapper(Vertx vertx) throws Exception {
                    return str -> {
                        return new TrustManager[]{TrustAllTrustManager.INSTANCE};
                    };
                }

                public TrustManagerFactory getTrustManagerFactory(Vertx vertx) throws Exception {
                    return new TrustManagerFactory(new TrustManagerFactorySpi() { // from class: io.vertx.core.http.HttpTLSTest.2.1
                        @Override // javax.net.ssl.TrustManagerFactorySpi
                        protected void engineInit(KeyStore keyStore) throws KeyStoreException {
                        }

                        @Override // javax.net.ssl.TrustManagerFactorySpi
                        protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
                        }

                        @Override // javax.net.ssl.TrustManagerFactorySpi
                        protected TrustManager[] engineGetTrustManagers() {
                            return new TrustManager[]{TrustAllTrustManager.INSTANCE};
                        }
                    }, KeyPairGenerator.getInstance("RSA").getProvider(), KeyPairGenerator.getInstance("RSA").getAlgorithm()) { // from class: io.vertx.core.http.HttpTLSTest.2.2
                    };
                }

                public TrustOptions copy() {
                    return this;
                }
            };
        }).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com")).requiresClientAuth().pass();
    }

    @Test
    public void testSniWithTrailingDotHost() throws Exception {
        TLSTest pass = testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.NONE).serverSni().requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com.")).pass();
        assertEquals("host2.com", TestUtils.cnOf(pass.clientPeerCert()));
        assertEquals("host2.com", pass.indicatedServerName);
    }

    @Test
    public void testCustomTrustManagerFactory() throws Exception {
        testTLS(Cert.NONE, () -> {
            return new TrustOptions() { // from class: io.vertx.core.http.HttpTLSTest.3
                public Function<String, TrustManager[]> trustManagerMapper(Vertx vertx) throws Exception {
                    return null;
                }

                public TrustManagerFactory getTrustManagerFactory(Vertx vertx) throws Exception {
                    return new TrustManagerFactory(new TrustManagerFactorySpi() { // from class: io.vertx.core.http.HttpTLSTest.3.1
                        @Override // javax.net.ssl.TrustManagerFactorySpi
                        protected void engineInit(KeyStore keyStore) throws KeyStoreException {
                        }

                        @Override // javax.net.ssl.TrustManagerFactorySpi
                        protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
                        }

                        @Override // javax.net.ssl.TrustManagerFactorySpi
                        protected TrustManager[] engineGetTrustManagers() {
                            return new TrustManager[]{TrustAllTrustManager.INSTANCE};
                        }
                    }, KeyPairGenerator.getInstance("RSA").getProvider(), KeyPairGenerator.getInstance("RSA").getAlgorithm()) { // from class: io.vertx.core.http.HttpTLSTest.3.2
                    };
                }

                public TrustOptions copy() {
                    return this;
                }
            };
        }, Cert.SERVER_JKS, Trust.NONE).pass();
    }

    abstract HttpServer createHttpServer(HttpServerOptions httpServerOptions);

    abstract HttpClient createHttpClient(HttpClientOptions httpClientOptions);

    /* JADX INFO: Access modifiers changed from: protected */
    public TLSTest testTLS(Cert<?> cert, Trust<?> trust, Cert<?> cert2, Trust<?> trust2) throws Exception {
        return new TLSTest(cert, trust, cert2, trust2);
    }

    @Test
    public void testJKSInvalidPath() {
        testInvalidKeyStore((KeyCertOptions) ((JksOptions) Cert.SERVER_JKS.get()).setPath("/invalid.jks"), "java.nio.file.NoSuchFileException: ", "invalid.jks");
    }

    @Test
    public void testJKSMissingPassword() {
        testInvalidKeyStore((KeyCertOptions) ((JksOptions) Cert.SERVER_JKS.get()).setPassword((String) null), "Password must not be null", (String) null);
    }

    @Test
    public void testJKSInvalidPassword() {
        testInvalidKeyStore((KeyCertOptions) ((JksOptions) Cert.SERVER_JKS.get()).setPassword("wrongpassword"), "Keystore was tampered with, or password was incorrect", (String) null);
    }

    @Test
    public void testPKCS12InvalidPath() {
        testInvalidKeyStore((KeyCertOptions) ((PfxOptions) Cert.SERVER_PKCS12.get()).setPath("/invalid.p12"), "java.nio.file.NoSuchFileException: ", "invalid.p12");
    }

    @Test
    public void testPKCS12MissingPassword() {
        testInvalidKeyStore((KeyCertOptions) ((PfxOptions) Cert.SERVER_PKCS12.get()).setPassword((String) null), PlatformDependent.javaVersion() < 15 ? "Get Key failed: null" : "Get Key failed: Cannot read the array length because \"password\" is null", (String) null);
    }

    @Test
    public void testPKCS12InvalidPassword() {
        testInvalidKeyStore((KeyCertOptions) ((PfxOptions) Cert.SERVER_PKCS12.get()).setPassword("wrongpassword"), Arrays.asList("failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded", "keystore password was incorrect"), (String) null);
    }

    @Test
    public void testKeyCertMissingKeyPath() {
        testInvalidKeyStore((KeyCertOptions) ((PemKeyCertOptions) Cert.SERVER_PEM.get()).setKeyPath((String) null), "Missing private key", (String) null);
    }

    @Test
    public void testKeyCertInvalidKeyPath() {
        testInvalidKeyStore((KeyCertOptions) ((PemKeyCertOptions) Cert.SERVER_PEM.get()).setKeyPath("/invalid.pem"), "java.nio.file.NoSuchFileException: ", "invalid.pem");
    }

    @Test
    public void testKeyCertMissingCertPath() {
        testInvalidKeyStore((KeyCertOptions) ((PemKeyCertOptions) Cert.SERVER_PEM.get()).setCertPath((String) null), "Missing X.509 certificate", (String) null);
    }

    @Test
    public void testKeyCertInvalidCertPath() {
        testInvalidKeyStore((KeyCertOptions) ((PemKeyCertOptions) Cert.SERVER_PEM.get()).setCertPath("/invalid.pem"), "java.nio.file.NoSuchFileException: ", "invalid.pem");
    }

    @Test
    public void testKeyCertInvalidPem() throws IOException {
        String[] strArr = {"", "-----BEGIN PRIVATE KEY-----", "-----BEGIN RSA PRIVATE KEY-----", "-----BEGIN PRIVATE KEY-----\n-----END PRIVATE KEY-----", "-----BEGIN RSA PRIVATE KEY-----\n-----END RSA PRIVATE KEY-----", "-----BEGIN PRIVATE KEY-----\n*\n-----END PRIVATE KEY-----", "-----BEGIN RSA PRIVATE KEY-----\n*\n-----END RSA PRIVATE KEY-----"};
        String[] strArr2 = {"Missing -----BEGIN PRIVATE KEY----- or -----BEGIN RSA PRIVATE KEY----- delimiter", "Missing -----END PRIVATE KEY----- delimiter", "Missing -----END RSA PRIVATE KEY----- delimiter", "Empty pem file", "Empty pem file", "Input byte[] should at least have 2 bytes for base64 bytes", "Input byte[] should at least have 2 bytes for base64 bytes"};
        for (int i = 0; i < strArr.length; i++) {
            Path path = this.testFolder.newFile("vertx" + UUID.randomUUID().toString() + ".pem").toPath();
            Files.write(path, Collections.singleton(strArr[i]), new OpenOption[0]);
            testInvalidKeyStore((KeyCertOptions) ((PemKeyCertOptions) Cert.SERVER_PEM.get()).setKeyPath(path.toString()), strArr2[i], (String) null);
        }
    }

    @Test
    public void testNoKeyCert() {
        testInvalidKeyStore((KeyCertOptions) null, "Key/certificate is mandatory for SSL", (String) null);
    }

    @Test
    public void testCaInvalidPath() {
        testInvalidTrustStore(new PemTrustOptions().addCertPath("/invalid.pem"), "java.nio.file.NoSuchFileException: ", "invalid.pem");
    }

    @Test
    public void testCaInvalidPem() throws IOException {
        String[] strArr = {"", "-----BEGIN CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n*\n-----END CERTIFICATE-----"};
        String[] strArr2 = {"Missing -----BEGIN CERTIFICATE----- delimiter", "Missing -----END CERTIFICATE----- delimiter", "Empty pem file", "Input byte[] should at least have 2 bytes for base64 bytes"};
        for (int i = 0; i < strArr.length; i++) {
            Path path = this.testFolder.newFile("vertx" + UUID.randomUUID().toString() + ".pem").toPath();
            Files.write(path, Collections.singleton(strArr[i]), new OpenOption[0]);
            testInvalidTrustStore(new PemTrustOptions().addCertPath(path.toString()), strArr2[i], null);
        }
    }

    private void testInvalidKeyStore(KeyCertOptions keyCertOptions, String str, String str2) {
        HttpServerOptions httpServerOptions = new HttpServerOptions();
        setOptions(httpServerOptions, keyCertOptions);
        testStore(httpServerOptions, Collections.singletonList(str), str2);
    }

    private void testInvalidKeyStore(KeyCertOptions keyCertOptions, List<String> list, String str) {
        HttpServerOptions httpServerOptions = new HttpServerOptions();
        setOptions(httpServerOptions, keyCertOptions);
        testStore(httpServerOptions, list, str);
    }

    private void testInvalidTrustStore(TrustOptions trustOptions, String str, String str2) {
        HttpServerOptions httpServerOptions = new HttpServerOptions();
        httpServerOptions.setTrustOptions(trustOptions);
        testStore(httpServerOptions, Collections.singletonList(str), str2);
    }

    private void testStore(HttpServerOptions httpServerOptions, List<String> list, String str) {
        httpServerOptions.setSsl(true);
        httpServerOptions.setPort(HttpTestBase.DEFAULT_HTTPS_PORT);
        HttpServer createHttpServer = this.vertx.createHttpServer(httpServerOptions);
        createHttpServer.requestHandler(httpServerRequest -> {
        });
        AtomicReference atomicReference = new AtomicReference();
        atomicReference.getClass();
        createHttpServer.listen(onFailure((v1) -> {
            r2.set(v1);
        }));
        assertWaitUntil(() -> {
            return atomicReference.get() != null;
        });
        Throwable cause = ((Throwable) atomicReference.get()).getCause();
        if (str == null) {
            boolean isEmpty = list.isEmpty();
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                isEmpty |= it.next().equals(cause.getMessage());
            }
            if (isEmpty) {
                return;
            }
            fail("Was expecting <" + cause.getMessage() + ">  to be equals to one of " + list);
            return;
        }
        boolean isEmpty2 = list.isEmpty();
        Iterator<String> it2 = list.iterator();
        while (it2.hasNext()) {
            isEmpty2 |= cause.getMessage().startsWith(it2.next());
        }
        if (!isEmpty2) {
            fail("Was expecting <" + cause.getMessage() + "> e.getCause().getMessage() to be prefixed by one of " + list);
        }
        assertTrue(cause.getMessage().endsWith(str));
    }

    @Test
    public void testCrlInvalidPath() throws Exception {
        HttpClientOptions httpClientOptions = new HttpClientOptions();
        httpClientOptions.setTrustOptions((TrustOptions) Trust.SERVER_PEM_ROOT_CA.get());
        httpClientOptions.setSsl(true);
        httpClientOptions.addCrlPath("/invalid.pem");
        try {
            this.vertx.createHttpClient(httpClientOptions);
            fail("Was expecting a failure");
        } catch (VertxException e) {
            assertNotNull(e.getCause());
            assertEquals(NoSuchFileException.class, e.getCause().getCause().getClass());
        }
    }

    @Test
    public void testHttpsProxy() throws Exception {
        testProxy(ProxyType.HTTP);
        assertEquals("Host header doesn't contain target host", HttpTestBase.DEFAULT_HTTPS_HOST_AND_PORT, this.proxy.getLastRequestHeaders().get("Host"));
        assertEquals("Host header doesn't contain target host", HttpMethod.CONNECT, this.proxy.getLastMethod());
    }

    private void testProxy(ProxyType proxyType) throws Exception {
        startProxy(null, proxyType);
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).useProxy(proxyType).pass();
        assertNotNull("connection didn't access the proxy", this.proxy.getLastUri());
        assertEquals("hostname resolved but it shouldn't be", HttpTestBase.DEFAULT_HTTPS_HOST_AND_PORT, this.proxy.getLastUri());
    }

    @Test
    public void testHttpsProxyWithSNI() throws Exception {
        testProxyWithSNI(ProxyType.HTTP);
        assertEquals("Host header doesn't contain target host", "host2.com:4043", this.proxy.getLastRequestHeaders().get("Host"));
        assertEquals("Host header doesn't contain target host", HttpMethod.CONNECT, this.proxy.getLastMethod());
    }

    private void testProxyWithSNI(ProxyType proxyType) throws Exception {
        startProxy(null, proxyType);
        Certificate clientPeerCert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.NONE).serverSni().useProxy(proxyType).requestOptions(new RequestOptions().setSsl(true).setPort(Integer.valueOf(HttpTestBase.DEFAULT_HTTPS_PORT)).setHost("host2.com")).pass().clientPeerCert();
        assertNotNull("connection didn't access the proxy", this.proxy.getLastUri());
        assertEquals("hostname resolved but it shouldn't be", "host2.com:4043", this.proxy.getLastUri());
        assertEquals("host2.com", TestUtils.cnOf(clientPeerCert));
    }

    @Test
    public void testHttpsProxyAuthFail() throws Exception {
        startProxy("username", ProxyType.HTTP);
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).useProxy(ProxyType.HTTP).fail();
    }

    @Test
    public void testHttpsProxyAuth() throws Exception {
        startProxy("username", ProxyType.HTTP);
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).useProxy(ProxyType.HTTP).useProxyAuth().pass();
        assertNotNull("connection didn't access the proxy", this.proxy.getLastUri());
        assertEquals("hostname resolved but it shouldn't be", HttpTestBase.DEFAULT_HTTPS_HOST_AND_PORT, this.proxy.getLastUri());
        assertEquals("Host header doesn't contain target host", HttpTestBase.DEFAULT_HTTPS_HOST_AND_PORT, this.proxy.getLastRequestHeaders().get("Host"));
        assertEquals("Host header doesn't contain target host", HttpMethod.CONNECT, this.proxy.getLastMethod());
    }

    @Test
    public void testHttpsProxyUnknownHost() throws Exception {
        startProxy(null, ProxyType.HTTP);
        this.proxy.setForceUri(HttpTestBase.DEFAULT_HTTPS_HOST_AND_PORT);
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).useProxy(ProxyType.HTTP).connectHostname("doesnt-resolve.host-name").clientTrustAll().clientVerifyHost(false).pass();
        assertNotNull("connection didn't access the proxy", this.proxy.getLastUri());
        assertEquals("hostname resolved but it shouldn't be", "doesnt-resolve.host-name:4043", this.proxy.getLastUri());
        assertEquals("Host header doesn't contain target host", "doesnt-resolve.host-name:4043", this.proxy.getLastRequestHeaders().get("Host"));
        assertEquals("Host header doesn't contain target host", HttpMethod.CONNECT, this.proxy.getLastMethod());
    }

    @Test
    public void testHttpsSocks() throws Exception {
        testProxy(ProxyType.SOCKS5);
    }

    @Test
    public void testHttpsSocksWithSNI() throws Exception {
        testProxyWithSNI(ProxyType.SOCKS5);
    }

    @Test
    public void testHttpsSocksAuth() throws Exception {
        startProxy("username", ProxyType.SOCKS5);
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).useProxy(ProxyType.SOCKS5).useProxyAuth().pass();
        assertNotNull("connection didn't access the proxy", this.proxy.getLastUri());
        assertEquals("hostname resolved but it shouldn't be", HttpTestBase.DEFAULT_HTTPS_HOST_AND_PORT, this.proxy.getLastUri());
    }

    @Test
    public void testSocksProxyUnknownHost() throws Exception {
        startProxy(null, ProxyType.SOCKS5);
        this.proxy.setForceUri(HttpTestBase.DEFAULT_HTTPS_HOST_AND_PORT);
        testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).useProxy(ProxyType.SOCKS5).connectHostname("doesnt-resolve.host-name").clientTrustAll().clientVerifyHost(false).pass();
        assertNotNull("connection didn't access the proxy", this.proxy.getLastUri());
        assertEquals("hostname resolved but it shouldn't be", "doesnt-resolve.host-name:4043", this.proxy.getLastUri());
    }

    @Test
    public void testHAProxy() throws Exception {
        HAProxy hAProxy = new HAProxy("localhost", HttpTestBase.DEFAULT_HTTPS_PORT, HAProxy.createVersion1TCP4ProtocolHeader(SocketAddress.inetSocketAddress(56324, "192.168.0.1"), SocketAddress.inetSocketAddress(443, "192.168.0.11")));
        hAProxy.start(this.vertx);
        try {
            testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).serverUsesProxyProtocol().connectHostname(hAProxy.getHost()).connectPort(hAProxy.getPort()).pass();
            hAProxy.stop();
        } catch (Throwable th) {
            hAProxy.stop();
            throw th;
        }
    }
}
