package org.neo4j.driver.internal.shaded.io.netty.handler.ssl;

import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.function.Executable;
import org.neo4j.driver.internal.shaded.io.netty.bootstrap.Bootstrap;
import org.neo4j.driver.internal.shaded.io.netty.bootstrap.ServerBootstrap;
import org.neo4j.driver.internal.shaded.io.netty.channel.Channel;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelHandler;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelHandlerContext;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelInitializer;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelPipeline;
import org.neo4j.driver.internal.shaded.io.netty.channel.SimpleChannelInboundHandler;
import org.neo4j.driver.internal.shaded.io.netty.channel.local.LocalAddress;
import org.neo4j.driver.internal.shaded.io.netty.channel.local.LocalChannel;
import org.neo4j.driver.internal.shaded.io.netty.channel.local.LocalEventLoopGroup;
import org.neo4j.driver.internal.shaded.io.netty.channel.local.LocalServerChannel;
import org.neo4j.driver.internal.shaded.io.netty.handler.ssl.OpenSslCertificateCompressionConfig;
import org.neo4j.driver.internal.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import org.neo4j.driver.internal.shaded.io.netty.handler.ssl.util.SelfSignedCertificate;
import org.neo4j.driver.internal.shaded.io.netty.internal.tcnative.CertificateCompressionAlgo;
import org.neo4j.driver.internal.shaded.io.netty.util.concurrent.Promise;

/* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/OpenSslCertificateCompressionTest.class */
public class OpenSslCertificateCompressionTest {
    private static SelfSignedCertificate cert;
    private TestCertCompressionAlgo testZLibAlgoServer;
    private TestCertCompressionAlgo testBrotliAlgoServer;
    private TestCertCompressionAlgo testZstdAlgoServer;
    private TestCertCompressionAlgo testZlibAlgoClient;
    private TestCertCompressionAlgo testBrotliAlgoClient;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/OpenSslCertificateCompressionTest$CertCompressionTestChannelInitializer.class */
    public static class CertCompressionTestChannelInitializer extends ChannelInitializer<Channel> {
        private final Promise<Object> channelPromise;
        private final SslContext sslContext;

        CertCompressionTestChannelInitializer(Promise<Object> promise, SslContext sslContext) {
            this.channelPromise = promise;
            this.sslContext = sslContext;
        }

        protected void initChannel(Channel channel) {
            ChannelPipeline pipeline = channel.pipeline();
            pipeline.addLast(new ChannelHandler[]{this.sslContext.newHandler(channel.alloc())});
            pipeline.addLast(new ChannelHandler[]{new SimpleChannelInboundHandler<Object>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.OpenSslCertificateCompressionTest.CertCompressionTestChannelInitializer.1
                public void channelRead0(ChannelHandlerContext channelHandlerContext, Object obj) {
                }

                public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) {
                    if (obj instanceof SslHandshakeCompletionEvent) {
                        if (((SslHandshakeCompletionEvent) obj).isSuccess()) {
                            CertCompressionTestChannelInitializer.this.channelPromise.trySuccess(obj);
                        } else {
                            CertCompressionTestChannelInitializer.this.channelPromise.tryFailure(((SslHandshakeCompletionEvent) obj).cause());
                        }
                    }
                    channelHandlerContext.fireUserEventTriggered(obj);
                }
            }});
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/OpenSslCertificateCompressionTest$TestCertCompressionAlgo.class */
    public static class TestCertCompressionAlgo implements OpenSslCertificateCompressionAlgorithm {
        private static final int BASE_PADDING_SIZE = 10;
        public boolean compressCalled;
        public boolean decompressCalled;
        private final int algorithmId;

        TestCertCompressionAlgo(int i) {
            this.algorithmId = i;
        }

        public byte[] compress(SSLEngine sSLEngine, byte[] bArr) throws Exception {
            this.compressCalled = true;
            byte[] bArr2 = new byte[bArr.length + BASE_PADDING_SIZE + this.algorithmId];
            System.arraycopy(bArr, 0, bArr2, BASE_PADDING_SIZE + this.algorithmId, bArr.length);
            return bArr2;
        }

        public byte[] decompress(SSLEngine sSLEngine, int i, byte[] bArr) {
            this.decompressCalled = true;
            byte[] bArr2 = new byte[bArr.length - (BASE_PADDING_SIZE + this.algorithmId)];
            System.arraycopy(bArr, BASE_PADDING_SIZE + this.algorithmId, bArr2, 0, bArr2.length);
            return bArr2;
        }

        public int algorithmId() {
            return this.algorithmId;
        }
    }

    @BeforeAll
    public static void init() throws Exception {
        Assumptions.assumeTrue(OpenSsl.isTlsv13Supported());
        cert = new SelfSignedCertificate();
    }

    @BeforeEach
    public void refreshAlgos() {
        this.testZLibAlgoServer = new TestCertCompressionAlgo(CertificateCompressionAlgo.TLS_EXT_CERT_COMPRESSION_ZLIB);
        this.testBrotliAlgoServer = new TestCertCompressionAlgo(CertificateCompressionAlgo.TLS_EXT_CERT_COMPRESSION_BROTLI);
        this.testZstdAlgoServer = new TestCertCompressionAlgo(CertificateCompressionAlgo.TLS_EXT_CERT_COMPRESSION_ZSTD);
        this.testZlibAlgoClient = new TestCertCompressionAlgo(CertificateCompressionAlgo.TLS_EXT_CERT_COMPRESSION_ZLIB);
        this.testBrotliAlgoClient = new TestCertCompressionAlgo(CertificateCompressionAlgo.TLS_EXT_CERT_COMPRESSION_BROTLI);
    }

    @Test
    public void testSimple() throws Throwable {
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        runCertCompressionTest(buildClientContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(this.testBrotliAlgoClient, OpenSslCertificateCompressionConfig.AlgorithmMode.Decompress).build()), buildServerContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(this.testBrotliAlgoServer, OpenSslCertificateCompressionConfig.AlgorithmMode.Compress).build()));
        assertCompress(this.testBrotliAlgoServer);
        assertDecompress(this.testBrotliAlgoClient);
    }

    @Test
    public void testServerPriority() throws Throwable {
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        runCertCompressionTest(buildClientContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(this.testBrotliAlgoClient, OpenSslCertificateCompressionConfig.AlgorithmMode.Decompress).addAlgorithm(this.testZlibAlgoClient, OpenSslCertificateCompressionConfig.AlgorithmMode.Decompress).build()), buildServerContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(this.testZLibAlgoServer, OpenSslCertificateCompressionConfig.AlgorithmMode.Compress).addAlgorithm(this.testBrotliAlgoServer, OpenSslCertificateCompressionConfig.AlgorithmMode.Compress).build()));
        assertCompress(this.testZLibAlgoServer);
        assertDecompress(this.testZlibAlgoClient);
        assertNone(this.testBrotliAlgoClient, this.testBrotliAlgoServer);
    }

    @Test
    public void testServerPriorityReverse() throws Throwable {
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        runCertCompressionTest(buildClientContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(this.testBrotliAlgoClient, OpenSslCertificateCompressionConfig.AlgorithmMode.Decompress).addAlgorithm(this.testZlibAlgoClient, OpenSslCertificateCompressionConfig.AlgorithmMode.Decompress).build()), buildServerContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(this.testBrotliAlgoServer, OpenSslCertificateCompressionConfig.AlgorithmMode.Compress).addAlgorithm(this.testZLibAlgoServer, OpenSslCertificateCompressionConfig.AlgorithmMode.Compress).build()));
        assertCompress(this.testBrotliAlgoServer);
        assertDecompress(this.testBrotliAlgoClient);
        assertNone(this.testZLibAlgoServer, this.testZlibAlgoClient);
    }

    @Test
    public void testFailedNegotiation() throws Throwable {
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        runCertCompressionTest(buildClientContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(this.testBrotliAlgoClient, OpenSslCertificateCompressionConfig.AlgorithmMode.Decompress).addAlgorithm(this.testZlibAlgoClient, OpenSslCertificateCompressionConfig.AlgorithmMode.Decompress).build()), buildServerContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(this.testZstdAlgoServer, OpenSslCertificateCompressionConfig.AlgorithmMode.Compress).build()));
        assertNone(this.testBrotliAlgoClient, this.testZlibAlgoClient, this.testZstdAlgoServer);
    }

    @Test
    public void testAlgoFailure() throws Throwable {
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        final SslContext buildClientContext = buildClientContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(new TestCertCompressionAlgo(CertificateCompressionAlgo.TLS_EXT_CERT_COMPRESSION_ZLIB) { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.OpenSslCertificateCompressionTest.1
            @Override // org.neo4j.driver.internal.shaded.io.netty.handler.ssl.OpenSslCertificateCompressionTest.TestCertCompressionAlgo
            public byte[] decompress(SSLEngine sSLEngine, int i, byte[] bArr) {
                return bArr;
            }
        }, OpenSslCertificateCompressionConfig.AlgorithmMode.Decompress).build());
        final SslContext buildServerContext = buildServerContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(this.testZLibAlgoServer, OpenSslCertificateCompressionConfig.AlgorithmMode.Compress).build());
        Assertions.assertThrows(SSLHandshakeException.class, new Executable() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.OpenSslCertificateCompressionTest.2
            public void execute() throws Throwable {
                OpenSslCertificateCompressionTest.this.runCertCompressionTest(buildClientContext, buildServerContext);
            }
        });
    }

    @Test
    public void testAlgoException() throws Throwable {
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        final SslContext buildClientContext = buildClientContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(new TestCertCompressionAlgo(CertificateCompressionAlgo.TLS_EXT_CERT_COMPRESSION_ZLIB) { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.OpenSslCertificateCompressionTest.3
            @Override // org.neo4j.driver.internal.shaded.io.netty.handler.ssl.OpenSslCertificateCompressionTest.TestCertCompressionAlgo
            public byte[] decompress(SSLEngine sSLEngine, int i, byte[] bArr) {
                throw new RuntimeException("broken");
            }
        }, OpenSslCertificateCompressionConfig.AlgorithmMode.Decompress).build());
        final SslContext buildServerContext = buildServerContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(this.testZLibAlgoServer, OpenSslCertificateCompressionConfig.AlgorithmMode.Compress).build());
        Assertions.assertThrows(SSLHandshakeException.class, new Executable() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.OpenSslCertificateCompressionTest.4
            public void execute() throws Throwable {
                OpenSslCertificateCompressionTest.this.runCertCompressionTest(buildClientContext, buildServerContext);
            }
        });
    }

    @Test
    public void testTlsLessThan13() throws Throwable {
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        runCertCompressionTest(SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL).protocols(new String[]{"TLSv1.2"}).trustManager(InsecureTrustManagerFactory.INSTANCE).option(OpenSslContextOption.CERTIFICATE_COMPRESSION_ALGORITHMS, OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(this.testBrotliAlgoClient, OpenSslCertificateCompressionConfig.AlgorithmMode.Decompress).build()).build(), SslContextBuilder.forServer(cert.key(), new X509Certificate[]{cert.cert()}).sslProvider(SslProvider.OPENSSL).protocols(new String[]{"TLSv1.2"}).option(OpenSslContextOption.CERTIFICATE_COMPRESSION_ALGORITHMS, OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(this.testBrotliAlgoServer, OpenSslCertificateCompressionConfig.AlgorithmMode.Compress).build()).build());
        assertNone(this.testBrotliAlgoClient, this.testBrotliAlgoServer);
    }

    @Test
    public void testDuplicateAdd() throws Throwable {
        Assumptions.assumeTrue(OpenSsl.isBoringSSL());
        Assertions.assertThrows(Exception.class, new Executable() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.OpenSslCertificateCompressionTest.5
            public void execute() throws Throwable {
                OpenSslCertificateCompressionTest.this.buildClientContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(OpenSslCertificateCompressionTest.this.testBrotliAlgoClient, OpenSslCertificateCompressionConfig.AlgorithmMode.Decompress).addAlgorithm(OpenSslCertificateCompressionTest.this.testBrotliAlgoClient, OpenSslCertificateCompressionConfig.AlgorithmMode.Compress).build());
            }
        });
        Assertions.assertThrows(Exception.class, new Executable() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.OpenSslCertificateCompressionTest.6
            public void execute() throws Throwable {
                OpenSslCertificateCompressionTest.this.buildServerContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(OpenSslCertificateCompressionTest.this.testBrotliAlgoServer, OpenSslCertificateCompressionConfig.AlgorithmMode.Compress).addAlgorithm(OpenSslCertificateCompressionTest.this.testBrotliAlgoServer, OpenSslCertificateCompressionConfig.AlgorithmMode.Both).build());
            }
        });
    }

    @Test
    public void testNotBoringAdd() throws Throwable {
        Assumptions.assumeTrue(!OpenSsl.isBoringSSL());
        Assertions.assertThrows(Exception.class, new Executable() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.OpenSslCertificateCompressionTest.7
            public void execute() throws Throwable {
                OpenSslCertificateCompressionTest.this.buildClientContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(OpenSslCertificateCompressionTest.this.testBrotliAlgoClient, OpenSslCertificateCompressionConfig.AlgorithmMode.Decompress).build());
            }
        });
        Assertions.assertThrows(Exception.class, new Executable() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.OpenSslCertificateCompressionTest.8
            public void execute() throws Throwable {
                OpenSslCertificateCompressionTest.this.buildServerContext(OpenSslCertificateCompressionConfig.newBuilder().addAlgorithm(OpenSslCertificateCompressionTest.this.testBrotliAlgoServer, OpenSslCertificateCompressionConfig.AlgorithmMode.Compress).build());
            }
        });
    }

    public void runCertCompressionTest(SslContext sslContext, SslContext sslContext2) throws Throwable {
        LocalEventLoopGroup localEventLoopGroup = new LocalEventLoopGroup();
        Promise newPromise = localEventLoopGroup.next().newPromise();
        Promise newPromise2 = localEventLoopGroup.next().newPromise();
        try {
            ServerBootstrap serverBootstrap = new ServerBootstrap();
            serverBootstrap.group(localEventLoopGroup).channel(LocalServerChannel.class).childHandler(new CertCompressionTestChannelInitializer(newPromise2, sslContext2));
            Channel channel = serverBootstrap.bind(new LocalAddress("testCertificateCompression")).syncUninterruptibly().channel();
            Bootstrap bootstrap = new Bootstrap();
            bootstrap.group(localEventLoopGroup).channel(LocalChannel.class).handler(new CertCompressionTestChannelInitializer(newPromise, sslContext));
            Channel channel2 = bootstrap.connect(channel.localAddress()).syncUninterruptibly().channel();
            Assertions.assertTrue(newPromise.await(5L, TimeUnit.SECONDS), "client timeout");
            Assertions.assertTrue(newPromise2.await(5L, TimeUnit.SECONDS), "server timeout");
            newPromise.sync();
            newPromise2.sync();
            channel2.close().syncUninterruptibly();
            channel.close().syncUninterruptibly();
            localEventLoopGroup.shutdownGracefully();
        } catch (Throwable th) {
            localEventLoopGroup.shutdownGracefully();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SslContext buildServerContext(OpenSslCertificateCompressionConfig openSslCertificateCompressionConfig) throws SSLException {
        return SslContextBuilder.forServer(cert.key(), new X509Certificate[]{cert.cert()}).sslProvider(SslProvider.OPENSSL).protocols(new String[]{"TLSv1.3"}).option(OpenSslContextOption.CERTIFICATE_COMPRESSION_ALGORITHMS, openSslCertificateCompressionConfig).build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SslContext buildClientContext(OpenSslCertificateCompressionConfig openSslCertificateCompressionConfig) throws SSLException {
        return SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL).protocols(new String[]{"TLSv1.3"}).trustManager(InsecureTrustManagerFactory.INSTANCE).option(OpenSslContextOption.CERTIFICATE_COMPRESSION_ALGORITHMS, openSslCertificateCompressionConfig).build();
    }

    private void assertCompress(TestCertCompressionAlgo testCertCompressionAlgo) {
        Assertions.assertTrue(testCertCompressionAlgo.compressCalled && !testCertCompressionAlgo.decompressCalled);
    }

    private void assertDecompress(TestCertCompressionAlgo testCertCompressionAlgo) {
        Assertions.assertTrue(!testCertCompressionAlgo.compressCalled && testCertCompressionAlgo.decompressCalled);
    }

    private void assertNone(TestCertCompressionAlgo... testCertCompressionAlgoArr) {
        for (TestCertCompressionAlgo testCertCompressionAlgo : testCertCompressionAlgoArr) {
            Assertions.assertTrue((testCertCompressionAlgo.compressCalled || testCertCompressionAlgo.decompressCalled) ? false : true);
        }
    }
}
