package org.neo4j.driver.internal.shaded.io.netty.handler.ssl;

import java.net.InetSocketAddress;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.Timeout;
import org.junit.jupiter.api.function.Executable;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import org.mockito.Mockito;
import org.neo4j.driver.internal.shaded.io.netty.bootstrap.Bootstrap;
import org.neo4j.driver.internal.shaded.io.netty.bootstrap.ServerBootstrap;
import org.neo4j.driver.internal.shaded.io.netty.buffer.ByteBuf;
import org.neo4j.driver.internal.shaded.io.netty.buffer.ByteBufAllocator;
import org.neo4j.driver.internal.shaded.io.netty.buffer.Unpooled;
import org.neo4j.driver.internal.shaded.io.netty.channel.Channel;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelFuture;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelHandler;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelHandlerContext;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelInboundHandlerAdapter;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelInitializer;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelPipeline;
import org.neo4j.driver.internal.shaded.io.netty.channel.DefaultEventLoopGroup;
import org.neo4j.driver.internal.shaded.io.netty.channel.embedded.EmbeddedChannel;
import org.neo4j.driver.internal.shaded.io.netty.channel.local.LocalAddress;
import org.neo4j.driver.internal.shaded.io.netty.channel.local.LocalChannel;
import org.neo4j.driver.internal.shaded.io.netty.channel.local.LocalServerChannel;
import org.neo4j.driver.internal.shaded.io.netty.channel.nio.NioEventLoopGroup;
import org.neo4j.driver.internal.shaded.io.netty.channel.socket.nio.NioServerSocketChannel;
import org.neo4j.driver.internal.shaded.io.netty.channel.socket.nio.NioSocketChannel;
import org.neo4j.driver.internal.shaded.io.netty.handler.codec.DecoderException;
import org.neo4j.driver.internal.shaded.io.netty.handler.codec.TooLongFrameException;
import org.neo4j.driver.internal.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
import org.neo4j.driver.internal.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import org.neo4j.driver.internal.shaded.io.netty.handler.ssl.util.SelfSignedCertificate;
import org.neo4j.driver.internal.shaded.io.netty.util.DomainNameMapping;
import org.neo4j.driver.internal.shaded.io.netty.util.DomainNameMappingBuilder;
import org.neo4j.driver.internal.shaded.io.netty.util.Mapping;
import org.neo4j.driver.internal.shaded.io.netty.util.ReferenceCountUtil;
import org.neo4j.driver.internal.shaded.io.netty.util.ReferenceCounted;
import org.neo4j.driver.internal.shaded.io.netty.util.concurrent.Future;
import org.neo4j.driver.internal.shaded.io.netty.util.concurrent.Promise;
import org.neo4j.driver.internal.shaded.io.netty.util.internal.ObjectUtil;
import org.neo4j.driver.internal.shaded.io.netty.util.internal.ResourcesUtil;
import org.neo4j.driver.internal.shaded.io.netty.util.internal.StringUtil;

/* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SniHandlerTest.class */
public class SniHandlerTest {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest$18, reason: invalid class name */
    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SniHandlerTest$18.class */
    public static /* synthetic */ class AnonymousClass18 {
        static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$SslProvider = new int[SslProvider.values().length];

        static {
            try {
                $SwitchMap$io$netty$handler$ssl$SslProvider[SslProvider.OPENSSL.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$SslProvider[SslProvider.OPENSSL_REFCNT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$SslProvider[SslProvider.JDK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SniHandlerTest$CustomSslHandler.class */
    private static class CustomSslHandler extends SslHandler {
        private final SslContext sslContext;

        CustomSslHandler(SslContext sslContext, SSLEngine sSLEngine) {
            super(sSLEngine);
            this.sslContext = (SslContext) ObjectUtil.checkNotNull(sslContext, "sslContext");
        }

        public void handlerRemoved0(ChannelHandlerContext channelHandlerContext) throws Exception {
            super.handlerRemoved0(channelHandlerContext);
            ReferenceCountUtil.release(this.sslContext);
        }
    }

    private static ApplicationProtocolConfig newApnConfig() {
        return new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, new String[]{"myprotocol"});
    }

    private static void assumeApnSupported(SslProvider sslProvider) {
        switch (AnonymousClass18.$SwitchMap$io$netty$handler$ssl$SslProvider[sslProvider.ordinal()]) {
            case 1:
            case 2:
                Assumptions.assumeTrue(OpenSsl.isAlpnSupported());
                return;
            case 3:
                Assumptions.assumeTrue(JettyAlpnSslEngine.isAvailable());
                return;
            default:
                throw new Error();
        }
    }

    private static SslContext makeSslContext(SslProvider sslProvider, boolean z) throws Exception {
        if (z) {
            assumeApnSupported(sslProvider);
        }
        SslContextBuilder sslProvider2 = SslContextBuilder.forServer(ResourcesUtil.getFile(SniHandlerTest.class, "test.crt"), ResourcesUtil.getFile(SniHandlerTest.class, "test_encrypted.pem"), "12345").sslProvider(sslProvider);
        if (z) {
            sslProvider2.applicationProtocolConfig(newApnConfig());
        }
        return sslProvider2.build();
    }

    private static SslContext makeSslClientContext(SslProvider sslProvider, boolean z) throws Exception {
        if (z) {
            assumeApnSupported(sslProvider);
        }
        SslContextBuilder sslProvider2 = SslContextBuilder.forClient().trustManager(ResourcesUtil.getFile(SniHandlerTest.class, "test.crt")).sslProvider(sslProvider);
        if (z) {
            sslProvider2.applicationProtocolConfig(newApnConfig());
        }
        return sslProvider2.build();
    }

    static Iterable<?> data() {
        ArrayList arrayList = new ArrayList(3);
        if (OpenSsl.isAvailable()) {
            arrayList.add(SslProvider.OPENSSL);
            arrayList.add(SslProvider.OPENSSL_REFCNT);
        }
        arrayList.add(SslProvider.JDK);
        return arrayList;
    }

    @MethodSource({"data"})
    @ParameterizedTest(name = "{index}: sslProvider={0}")
    public void testNonSslRecord(SslProvider sslProvider) throws Exception {
        SslContext makeSslContext = makeSslContext(sslProvider, false);
        try {
            final AtomicReference atomicReference = new AtomicReference();
            final EmbeddedChannel embeddedChannel = new EmbeddedChannel(new ChannelHandler[]{new SniHandler(new DomainNameMappingBuilder(makeSslContext).build()), new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.1
                public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                    if (obj instanceof SslHandshakeCompletionEvent) {
                        Assertions.assertTrue(atomicReference.compareAndSet(null, (SslHandshakeCompletionEvent) obj));
                    }
                }
            }});
            try {
                final byte[] bArr = new byte[1024];
                bArr[0] = 21;
                MatcherAssert.assertThat(Assertions.assertThrows(DecoderException.class, new Executable() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.2
                    public void execute() throws Throwable {
                        embeddedChannel.writeInbound(new Object[]{Unpooled.wrappedBuffer(bArr)});
                    }
                }).getCause(), CoreMatchers.instanceOf(NotSslRecordException.class));
                Assertions.assertFalse(embeddedChannel.finish());
                embeddedChannel.finishAndReleaseAll();
                MatcherAssert.assertThat(((SslHandshakeCompletionEvent) atomicReference.get()).cause(), CoreMatchers.instanceOf(NotSslRecordException.class));
                releaseAll(makeSslContext);
            } catch (Throwable th) {
                embeddedChannel.finishAndReleaseAll();
                throw th;
            }
        } catch (Throwable th2) {
            releaseAll(makeSslContext);
            throw th2;
        }
    }

    @MethodSource({"data"})
    @ParameterizedTest(name = "{index}: sslProvider={0}")
    public void testServerNameParsing(SslProvider sslProvider) throws Exception {
        SslContext makeSslContext = makeSslContext(sslProvider, false);
        SslContext makeSslContext2 = makeSslContext(sslProvider, false);
        SslContext makeSslContext3 = makeSslContext(sslProvider, false);
        try {
            DomainNameMapping build = new DomainNameMappingBuilder(makeSslContext).add("*.netty.io", makeSslContext).add("*.LEANCLOUD.CN", makeSslContext2).add("chat4.leancloud.cn", makeSslContext3).build();
            final AtomicReference atomicReference = new AtomicReference();
            ChannelHandler sniHandler = new SniHandler(build);
            EmbeddedChannel embeddedChannel = new EmbeddedChannel(new ChannelHandler[]{sniHandler, new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.3
                public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                    if (obj instanceof SniCompletionEvent) {
                        Assertions.assertTrue(atomicReference.compareAndSet(null, (SniCompletionEvent) obj));
                    } else {
                        channelHandlerContext.fireUserEventTriggered(obj);
                    }
                }
            }});
            try {
                embeddedChannel.writeInbound(new Object[]{Unpooled.wrappedBuffer(StringUtil.decodeHexDump("16030100"))});
                embeddedChannel.writeInbound(new Object[]{Unpooled.wrappedBuffer(StringUtil.decodeHexDump("c6010000c20303bb0855d66532c05a0ef784f7c384feeafa68b3b655ac7288650d5eed4aa3fb52000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100006100000017001500001243484154342e4c45414e434c4f55442e434e000b000403000102000a000a0008001d00170019001800230000000d0020001e0601060206030501050205030401040204030301030203030201020202030016000000170000"))});
                Assertions.assertTrue(embeddedChannel.finish());
                MatcherAssert.assertThat(sniHandler.hostname(), CoreMatchers.is("chat4.leancloud.cn"));
                MatcherAssert.assertThat(sniHandler.sslContext(), CoreMatchers.is(makeSslContext2));
                SniCompletionEvent sniCompletionEvent = (SniCompletionEvent) atomicReference.get();
                Assertions.assertNotNull(sniCompletionEvent);
                Assertions.assertEquals("chat4.leancloud.cn", sniCompletionEvent.hostname());
                Assertions.assertTrue(sniCompletionEvent.isSuccess());
                Assertions.assertNull(sniCompletionEvent.cause());
                embeddedChannel.finishAndReleaseAll();
                releaseAll(makeSslContext2, makeSslContext3, makeSslContext);
            } catch (Throwable th) {
                embeddedChannel.finishAndReleaseAll();
                throw th;
            }
        } catch (Throwable th2) {
            releaseAll(makeSslContext2, makeSslContext3, makeSslContext);
            throw th2;
        }
    }

    @MethodSource({"data"})
    @ParameterizedTest(name = "{index}: sslProvider={0}")
    public void testNonAsciiServerNameParsing(SslProvider sslProvider) throws Exception {
        SslContext makeSslContext = makeSslContext(sslProvider, false);
        SslContext makeSslContext2 = makeSslContext(sslProvider, false);
        SslContext makeSslContext3 = makeSslContext(sslProvider, false);
        try {
            final EmbeddedChannel embeddedChannel = new EmbeddedChannel(new ChannelHandler[]{new SniHandler(new DomainNameMappingBuilder(makeSslContext).add("*.netty.io", makeSslContext).add("*.LEANCLOUD.CN", makeSslContext2).add("chat4.leancloud.cn", makeSslContext3).build())});
            try {
                embeddedChannel.writeInbound(new Object[]{Unpooled.wrappedBuffer(StringUtil.decodeHexDump("16030100"))});
                Assertions.assertThrows(DecoderException.class, new Executable() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.4
                    public void execute() throws Throwable {
                        embeddedChannel.writeInbound(new Object[]{Unpooled.wrappedBuffer(StringUtil.decodeHexDump("bd010000b90303a74225676d1814ba57faff3b3663656ed05ee9dbb2a4dbb1bb1c32d2ea5fc39e0000000100008c0000001700150000164348415434E380824C45414E434C4F5544E38082434E000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f0010001100230000000d0020001e060106020603050105020503040104020403030103020303020102020203000f00010133740000"))});
                    }
                });
                embeddedChannel.finishAndReleaseAll();
                releaseAll(makeSslContext2, makeSslContext3, makeSslContext);
            } catch (Throwable th) {
                embeddedChannel.finishAndReleaseAll();
                throw th;
            }
        } catch (Throwable th2) {
            releaseAll(makeSslContext2, makeSslContext3, makeSslContext);
            throw th2;
        }
    }

    @MethodSource({"data"})
    @ParameterizedTest(name = "{index}: sslProvider={0}")
    public void testFallbackToDefaultContext(SslProvider sslProvider) throws Exception {
        SslContext makeSslContext = makeSslContext(sslProvider, false);
        SslContext makeSslContext2 = makeSslContext(sslProvider, false);
        SslContext makeSslContext3 = makeSslContext(sslProvider, false);
        try {
            ChannelHandler sniHandler = new SniHandler(new DomainNameMappingBuilder(makeSslContext).add("*.netty.io", makeSslContext).add("*.LEANCLOUD.CN", makeSslContext2).add("chat4.leancloud.cn", makeSslContext3).build());
            EmbeddedChannel embeddedChannel = new EmbeddedChannel(new ChannelHandler[]{sniHandler});
            try {
                embeddedChannel.writeInbound(new Object[]{Unpooled.wrappedBuffer(new byte[]{22, 3, 1, 0, 0})});
            } catch (Exception e) {
            }
            embeddedChannel.close();
            ByteBuf byteBuf = (ByteBuf) embeddedChannel.readOutbound();
            if (byteBuf != null) {
                Assertions.assertFalse(byteBuf.isReadable());
                byteBuf.release();
            }
            MatcherAssert.assertThat(Boolean.valueOf(embeddedChannel.finish()), CoreMatchers.is(false));
            MatcherAssert.assertThat(sniHandler.hostname(), CoreMatchers.nullValue());
            MatcherAssert.assertThat(sniHandler.sslContext(), CoreMatchers.is(makeSslContext));
            releaseAll(makeSslContext2, makeSslContext3, makeSslContext);
        } catch (Throwable th) {
            releaseAll(makeSslContext2, makeSslContext3, makeSslContext);
            throw th;
        }
    }

    @MethodSource({"data"})
    @Timeout(value = 10000, unit = TimeUnit.MILLISECONDS)
    @ParameterizedTest(name = "{index}: sslProvider={0}")
    public void testMajorVersionNot3(SslProvider sslProvider) throws Exception {
        SslContext makeSslContext = makeSslContext(sslProvider, false);
        try {
            ChannelHandler sniHandler = new SniHandler(new DomainNameMappingBuilder(makeSslContext).build());
            EmbeddedChannel embeddedChannel = new EmbeddedChannel(new ChannelHandler[]{sniHandler});
            try {
                embeddedChannel.writeInbound(new Object[]{Unpooled.wrappedBuffer(new byte[]{22, 2, 0, 0, 0})});
            } catch (Exception e) {
            }
            embeddedChannel.close();
            while (true) {
                ByteBuf byteBuf = (ByteBuf) embeddedChannel.readOutbound();
                if (byteBuf == null) {
                    MatcherAssert.assertThat(Boolean.valueOf(embeddedChannel.finish()), CoreMatchers.is(false));
                    MatcherAssert.assertThat(sniHandler.hostname(), CoreMatchers.nullValue());
                    MatcherAssert.assertThat(sniHandler.sslContext(), CoreMatchers.is(makeSslContext));
                    releaseAll(makeSslContext);
                    return;
                }
                byteBuf.release();
            }
        } catch (Throwable th) {
            releaseAll(makeSslContext);
            throw th;
        }
    }

    @MethodSource({"data"})
    @ParameterizedTest(name = "{index}: sslProvider={0}")
    public void testSniWithApnHandler(SslProvider sslProvider) throws Exception {
        SslContext makeSslContext = makeSslContext(sslProvider, true);
        SslContext makeSslContext2 = makeSslContext(sslProvider, true);
        final SslContext makeSslClientContext = makeSslClientContext(sslProvider, true);
        try {
            final AtomicBoolean atomicBoolean = new AtomicBoolean(false);
            final AtomicBoolean atomicBoolean2 = new AtomicBoolean(false);
            final CountDownLatch countDownLatch = new CountDownLatch(1);
            final CountDownLatch countDownLatch2 = new CountDownLatch(1);
            final SniHandler sniHandler = new SniHandler(new DomainNameMappingBuilder(makeSslContext).add("*.netty.io", makeSslContext).add("sni.fake.site", makeSslContext2).build());
            NioEventLoopGroup nioEventLoopGroup = new NioEventLoopGroup(2);
            Channel channel = null;
            Channel channel2 = null;
            try {
                ServerBootstrap serverBootstrap = new ServerBootstrap();
                serverBootstrap.group(nioEventLoopGroup);
                serverBootstrap.channel(NioServerSocketChannel.class);
                serverBootstrap.childHandler(new ChannelInitializer<Channel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.5
                    protected void initChannel(Channel channel3) throws Exception {
                        ChannelPipeline pipeline = channel3.pipeline();
                        pipeline.addLast(new ChannelHandler[]{sniHandler});
                        pipeline.addLast(new ChannelHandler[]{new ApplicationProtocolNegotiationHandler("foo") { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.5.1
                            protected void configurePipeline(ChannelHandlerContext channelHandlerContext, String str) {
                                atomicBoolean.set(channelHandlerContext.pipeline().context(this) != null);
                                countDownLatch.countDown();
                            }
                        }});
                    }
                });
                Bootstrap bootstrap = new Bootstrap();
                bootstrap.group(nioEventLoopGroup);
                bootstrap.channel(NioSocketChannel.class);
                bootstrap.handler(new ChannelInitializer<Channel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.6
                    protected void initChannel(Channel channel3) throws Exception {
                        channel3.pipeline().addLast(new ChannelHandler[]{new SslHandler(makeSslClientContext.newEngine(channel3.alloc(), "sni.fake.site", -1))});
                        channel3.pipeline().addLast(new ChannelHandler[]{new ApplicationProtocolNegotiationHandler("foo") { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.6.1
                            protected void configurePipeline(ChannelHandlerContext channelHandlerContext, String str) {
                                atomicBoolean2.set(channelHandlerContext.pipeline().context(this) != null);
                                countDownLatch2.countDown();
                            }
                        }});
                    }
                });
                channel = serverBootstrap.bind(new InetSocketAddress(0)).sync().channel();
                ChannelFuture connect = bootstrap.connect(channel.localAddress());
                Assertions.assertTrue(connect.awaitUninterruptibly().isSuccess());
                channel2 = connect.channel();
                Assertions.assertTrue(countDownLatch.await(5L, TimeUnit.SECONDS));
                Assertions.assertTrue(countDownLatch2.await(5L, TimeUnit.SECONDS));
                Assertions.assertTrue(atomicBoolean.get());
                Assertions.assertTrue(atomicBoolean2.get());
                MatcherAssert.assertThat(sniHandler.hostname(), CoreMatchers.is("sni.fake.site"));
                MatcherAssert.assertThat(sniHandler.sslContext(), CoreMatchers.is(makeSslContext2));
                if (channel != null) {
                    channel.close().sync();
                }
                if (channel2 != null) {
                    channel2.close().sync();
                }
                nioEventLoopGroup.shutdownGracefully(0L, 0L, TimeUnit.MICROSECONDS);
                releaseAll(makeSslClientContext, makeSslContext, makeSslContext2);
            } catch (Throwable th) {
                if (channel != null) {
                    channel.close().sync();
                }
                if (channel2 != null) {
                    channel2.close().sync();
                }
                nioEventLoopGroup.shutdownGracefully(0L, 0L, TimeUnit.MICROSECONDS);
                throw th;
            }
        } catch (Throwable th2) {
            releaseAll(makeSslClientContext, makeSslContext, makeSslContext2);
            throw th2;
        }
    }

    @MethodSource({"data"})
    @Timeout(value = 30000, unit = TimeUnit.MILLISECONDS)
    @ParameterizedTest(name = "{index}: sslProvider={0}")
    public void testReplaceHandler(SslProvider sslProvider) throws Exception {
        switch (AnonymousClass18.$SwitchMap$io$netty$handler$ssl$SslProvider[sslProvider.ordinal()]) {
            case 1:
            case 2:
                LocalAddress localAddress = new LocalAddress("testReplaceHandler-" + Math.random());
                DefaultEventLoopGroup defaultEventLoopGroup = new DefaultEventLoopGroup(1);
                Channel channel = null;
                Channel channel2 = null;
                SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
                try {
                    final ReferenceCounted build = SslContextBuilder.forServer(selfSignedCertificate.key(), new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslProvider).build();
                    Mapping<String, SslContext> mapping = new Mapping<String, SslContext>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.7
                        public SslContext map(String str) {
                            return build;
                        }
                    };
                    final Promise newPromise = defaultEventLoopGroup.next().newPromise();
                    final SniHandler sniHandler = new SniHandler(mapping) { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.8
                        protected void replaceHandler(ChannelHandlerContext channelHandlerContext, String str, SslContext sslContext) throws Exception {
                            boolean z = false;
                            try {
                                Assertions.assertEquals(1, ((ReferenceCountedOpenSslContext) sslContext).refCnt());
                                SSLEngine newEngine = sslContext.newEngine(channelHandlerContext.alloc());
                                try {
                                    Assertions.assertEquals(2, ((ReferenceCountedOpenSslContext) sslContext).refCnt());
                                    channelHandlerContext.pipeline().replace(this, CustomSslHandler.class.getName(), new CustomSslHandler(sslContext, newEngine) { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.8.1
                                        @Override // org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.CustomSslHandler
                                        public void handlerRemoved0(ChannelHandlerContext channelHandlerContext2) throws Exception {
                                            try {
                                                super.handlerRemoved0(channelHandlerContext2);
                                            } finally {
                                                newPromise.trySuccess((Object) null);
                                            }
                                        }
                                    });
                                    z = true;
                                    if (1 == 0) {
                                        ReferenceCountUtil.safeRelease(newEngine);
                                    }
                                    if (1 == 0) {
                                        ReferenceCountUtil.safeRelease(sslContext);
                                        newPromise.cancel(true);
                                    }
                                } catch (Throwable th) {
                                    if (!z) {
                                        ReferenceCountUtil.safeRelease(newEngine);
                                    }
                                    throw th;
                                }
                            } catch (Throwable th2) {
                                if (!z) {
                                    ReferenceCountUtil.safeRelease(sslContext);
                                    newPromise.cancel(true);
                                }
                                throw th2;
                            }
                        }
                    };
                    Channel channel3 = new ServerBootstrap().group(defaultEventLoopGroup).channel(LocalServerChannel.class).childHandler(new ChannelInitializer<Channel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.9
                        protected void initChannel(Channel channel4) throws Exception {
                            channel4.pipeline().addFirst(new ChannelHandler[]{sniHandler});
                        }
                    }).bind(localAddress).syncUninterruptibly().channel();
                    SslContext build2 = SslContextBuilder.forClient().sslProvider(sslProvider).trustManager(InsecureTrustManagerFactory.INSTANCE).build();
                    Channel channel4 = new Bootstrap().group(defaultEventLoopGroup).channel(LocalChannel.class).handler(new SslHandler(build2.newEngine(ByteBufAllocator.DEFAULT, "sni.netty.io", -1))).connect(localAddress).syncUninterruptibly().channel();
                    channel4.writeAndFlush(Unpooled.wrappedBuffer("Hello, World!".getBytes())).syncUninterruptibly();
                    Assertions.assertEquals(2, build.refCnt());
                    channel4.close().syncUninterruptibly();
                    if (!newPromise.awaitUninterruptibly(10L, TimeUnit.SECONDS)) {
                        throw new IllegalStateException("It doesn't seem #replaceHandler() got called.");
                    }
                    Assertions.assertEquals(0, build.refCnt());
                    if (channel4 != null) {
                        channel4.close().syncUninterruptibly();
                    }
                    if (channel3 != null) {
                        channel3.close().syncUninterruptibly();
                    }
                    if (build2 != null) {
                        ReferenceCountUtil.release(build2);
                    }
                    defaultEventLoopGroup.shutdownGracefully();
                    selfSignedCertificate.delete();
                    return;
                } catch (Throwable th) {
                    if (0 != 0) {
                        channel2.close().syncUninterruptibly();
                    }
                    if (0 != 0) {
                        channel.close().syncUninterruptibly();
                    }
                    if (0 != 0) {
                        ReferenceCountUtil.release((Object) null);
                    }
                    defaultEventLoopGroup.shutdownGracefully();
                    selfSignedCertificate.delete();
                    throw th;
                }
            case 3:
                return;
            default:
                throw new Error();
        }
    }

    private static void releaseAll(SslContext... sslContextArr) {
        for (SslContext sslContext : sslContextArr) {
            ReferenceCountUtil.release(sslContext);
        }
    }

    @MethodSource({"data"})
    @ParameterizedTest(name = "{index}: sslProvider={0}")
    public void testNonFragmented(SslProvider sslProvider) throws Exception {
        testWithFragmentSize(sslProvider, Integer.MAX_VALUE);
    }

    @MethodSource({"data"})
    @ParameterizedTest(name = "{index}: sslProvider={0}")
    public void testFragmented(SslProvider sslProvider) throws Exception {
        testWithFragmentSize(sslProvider, 50);
    }

    private void testWithFragmentSize(SslProvider sslProvider, int i) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        final SslContext build = SslContextBuilder.forServer(selfSignedCertificate.key(), new X509Certificate[]{selfSignedCertificate.cert()}).sslProvider(sslProvider).build();
        try {
            EmbeddedChannel embeddedChannel = new EmbeddedChannel(new ChannelHandler[]{new SniHandler((DomainNameMapping) Mockito.mock(DomainNameMapping.class)) { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.10
                protected Future<SslContext> lookup(ChannelHandlerContext channelHandlerContext, String str) {
                    Assertions.assertEquals("netty.io", str);
                    return channelHandlerContext.executor().newSucceededFuture(build);
                }
            }});
            Iterator<ByteBuf> it = clientHelloInMultipleFragments(sslProvider, "netty.io", i).iterator();
            while (it.hasNext()) {
                embeddedChannel.writeInbound(new Object[]{it.next()});
            }
            Assertions.assertTrue(embeddedChannel.finishAndReleaseAll());
            releaseAll(build);
            selfSignedCertificate.delete();
        } catch (Throwable th) {
            releaseAll(build);
            selfSignedCertificate.delete();
            throw th;
        }
    }

    private static List<ByteBuf> clientHelloInMultipleFragments(SslProvider sslProvider, String str, int i) throws SSLException {
        EmbeddedChannel embeddedChannel = new EmbeddedChannel();
        SslContext build = SslContextBuilder.forClient().sslProvider(sslProvider).trustManager(InsecureTrustManagerFactory.INSTANCE).build();
        try {
            embeddedChannel.pipeline().addLast(new ChannelHandler[]{build.newHandler(embeddedChannel.alloc(), str, -1)});
            List<ByteBuf> split = split((ByteBuf) embeddedChannel.readOutbound(), i);
            Assertions.assertTrue(embeddedChannel.finishAndReleaseAll());
            releaseAll(build);
            return split;
        } catch (Throwable th) {
            releaseAll(build);
            throw th;
        }
    }

    private static List<ByteBuf> split(ByteBuf byteBuf, int i) {
        short readUnsignedByte = byteBuf.readUnsignedByte();
        int readUnsignedShort = byteBuf.readUnsignedShort();
        Assertions.assertEquals(byteBuf.readUnsignedShort(), byteBuf.readableBytes());
        ArrayList arrayList = new ArrayList();
        while (byteBuf.readableBytes() > 0) {
            int min = Math.min(i, byteBuf.readableBytes());
            ByteBuf buffer = byteBuf.alloc().buffer(5 + min);
            buffer.writeByte(readUnsignedByte);
            buffer.writeShort(readUnsignedShort);
            buffer.writeShort(min);
            buffer.writeBytes(byteBuf, min);
            arrayList.add(buffer);
        }
        byteBuf.release();
        return arrayList;
    }

    @Test
    public void testSniHandlerFailsOnTooBigClientHello() throws Exception {
        ChannelHandler sniHandler = new SniHandler(new Mapping<String, SslContext>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.11
            public SslContext map(String str) {
                throw new UnsupportedOperationException("Should not be called");
            }
        }, 10, 0L);
        final AtomicReference atomicReference = new AtomicReference();
        final EmbeddedChannel embeddedChannel = new EmbeddedChannel(new ChannelHandler[]{sniHandler, new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.12
            public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) {
                if (obj instanceof SniCompletionEvent) {
                    atomicReference.set((SniCompletionEvent) obj);
                }
            }
        }});
        final ByteBuf buffer = embeddedChannel.alloc().buffer();
        buffer.writeByte(22);
        buffer.writeShort(771);
        buffer.writeShort(6);
        buffer.writeByte(1);
        buffer.writeMedium(16777215);
        buffer.writeShort(771);
        Assertions.assertThrows(TooLongFrameException.class, new Executable() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.13
            public void execute() throws Throwable {
                embeddedChannel.writeInbound(new Object[]{buffer});
            }
        });
        while (atomicReference.get() == null) {
            try {
                Thread.sleep(100L);
                embeddedChannel.runPendingTasks();
            } catch (Throwable th) {
                embeddedChannel.finishAndReleaseAll();
                throw th;
            }
        }
        SniCompletionEvent sniCompletionEvent = (SniCompletionEvent) atomicReference.get();
        Assertions.assertNotNull(sniCompletionEvent);
        Assertions.assertNotNull(sniCompletionEvent.cause());
        Assertions.assertEquals(TooLongFrameException.class, sniCompletionEvent.cause().getClass());
        embeddedChannel.finishAndReleaseAll();
    }

    @Test
    public void testSniHandlerFiresHandshakeTimeout() throws Exception {
        ChannelHandler sniHandler = new SniHandler(new Mapping<String, SslContext>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.14
            public SslContext map(String str) {
                throw new UnsupportedOperationException("Should not be called");
            }
        }, 0, 10L);
        final AtomicReference atomicReference = new AtomicReference();
        EmbeddedChannel embeddedChannel = new EmbeddedChannel(new ChannelHandler[]{sniHandler, new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.15
            public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) {
                if (obj instanceof SniCompletionEvent) {
                    atomicReference.set((SniCompletionEvent) obj);
                }
            }
        }});
        while (atomicReference.get() == null) {
            try {
                Thread.sleep(100L);
                embeddedChannel.runPendingTasks();
            } catch (Throwable th) {
                embeddedChannel.finishAndReleaseAll();
                throw th;
            }
        }
        SniCompletionEvent sniCompletionEvent = (SniCompletionEvent) atomicReference.get();
        Assertions.assertNotNull(sniCompletionEvent);
        Assertions.assertNotNull(sniCompletionEvent.cause());
        Assertions.assertEquals(SslHandshakeTimeoutException.class, sniCompletionEvent.cause().getClass());
        embeddedChannel.finishAndReleaseAll();
    }

    @MethodSource({"data"})
    @ParameterizedTest(name = "{index}: sslProvider={0}")
    public void testSslHandlerFiresHandshakeTimeout(SslProvider sslProvider) throws Exception {
        final SslContext makeSslContext = makeSslContext(sslProvider, false);
        ChannelHandler sniHandler = new SniHandler(new Mapping<String, SslContext>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.16
            public SslContext map(String str) {
                return makeSslContext;
            }
        }, 0, 100L);
        final AtomicReference atomicReference = new AtomicReference();
        final AtomicReference atomicReference2 = new AtomicReference();
        EmbeddedChannel embeddedChannel = new EmbeddedChannel(new ChannelHandler[]{sniHandler, new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SniHandlerTest.17
            public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) {
                if (obj instanceof SniCompletionEvent) {
                    atomicReference.set((SniCompletionEvent) obj);
                } else if (obj instanceof SslHandshakeCompletionEvent) {
                    atomicReference2.set((SslHandshakeCompletionEvent) obj);
                }
            }
        }});
        try {
            embeddedChannel.writeInbound(new Object[]{Unpooled.wrappedBuffer(StringUtil.decodeHexDump("16030301800100017c0303478ae7e536aa7a9debad1f873121862d2d3d3173e0ef42975c31007faeb252522047f55f81fc84fe58951e2af14026147d6178498fde551fcbafc636462c016ec9005a13011302c02cc02bc030009dc02ec032009f00a3c02f009cc02dc031009e00a2c024c028003dc026c02a006b006ac00ac0140035c005c00f00390038c023c027003cc025c02900670040c009c013002fc004c00e0033003200ff010000d90000000a0008000005686f737431000500050100000000000a00160014001d001700180019001e01000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020011000900070200040000000000170000002b00050403040303002d00020101003300260024001d00200bbc37375e214c1e4e7cb90f869e131dc983a21f8205ba24456177f340904935"))});
            while (atomicReference2.get() == null) {
                Thread.sleep(10L);
                embeddedChannel.runPendingTasks();
            }
            SniCompletionEvent sniCompletionEvent = (SniCompletionEvent) atomicReference.get();
            Assertions.assertNotNull(sniCompletionEvent);
            Assertions.assertEquals("host1", sniCompletionEvent.hostname());
            SslCompletionEvent sslCompletionEvent = (SslCompletionEvent) atomicReference2.get();
            Assertions.assertNotNull(sslCompletionEvent);
            Assertions.assertNotNull(sslCompletionEvent.cause());
            Assertions.assertEquals(SslHandshakeTimeoutException.class, sslCompletionEvent.cause().getClass());
            embeddedChannel.finishAndReleaseAll();
            releaseAll(makeSslContext);
        } catch (Throwable th) {
            embeddedChannel.finishAndReleaseAll();
            releaseAll(makeSslContext);
            throw th;
        }
    }
}
