package org.neo4j.driver.internal.shaded.io.netty.handler.ssl;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.nio.ByteBuffer;
import java.nio.channels.ClosedChannelException;
import java.nio.file.Files;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.TimeUnit;
import javax.crypto.SecretKey;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.KeyManagerFactorySpi;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionBindingEvent;
import javax.net.ssl.SSLSessionBindingListener;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.TrustManagerFactorySpi;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.conscrypt.OpenSSLProvider;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;
import org.junit.jupiter.api.Timeout;
import org.junit.jupiter.api.function.Executable;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import org.neo4j.driver.internal.shaded.io.netty.bootstrap.Bootstrap;
import org.neo4j.driver.internal.shaded.io.netty.bootstrap.ServerBootstrap;
import org.neo4j.driver.internal.shaded.io.netty.buffer.ByteBuf;
import org.neo4j.driver.internal.shaded.io.netty.buffer.ByteBufAllocator;
import org.neo4j.driver.internal.shaded.io.netty.buffer.CompositeByteBuf;
import org.neo4j.driver.internal.shaded.io.netty.buffer.Unpooled;
import org.neo4j.driver.internal.shaded.io.netty.buffer.UnpooledByteBufAllocator;
import org.neo4j.driver.internal.shaded.io.netty.channel.Channel;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelFuture;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelFutureListener;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelHandler;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelHandlerContext;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelInboundHandlerAdapter;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelInitializer;
import org.neo4j.driver.internal.shaded.io.netty.channel.ChannelPipeline;
import org.neo4j.driver.internal.shaded.io.netty.channel.SimpleChannelInboundHandler;
import org.neo4j.driver.internal.shaded.io.netty.channel.nio.NioEventLoopGroup;
import org.neo4j.driver.internal.shaded.io.netty.channel.socket.SocketChannel;
import org.neo4j.driver.internal.shaded.io.netty.channel.socket.nio.NioServerSocketChannel;
import org.neo4j.driver.internal.shaded.io.netty.channel.socket.nio.NioSocketChannel;
import org.neo4j.driver.internal.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
import org.neo4j.driver.internal.shaded.io.netty.handler.ssl.util.CachedSelfSignedCertificate;
import org.neo4j.driver.internal.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import org.neo4j.driver.internal.shaded.io.netty.handler.ssl.util.SelfSignedCertificate;
import org.neo4j.driver.internal.shaded.io.netty.handler.ssl.util.SimpleTrustManagerFactory;
import org.neo4j.driver.internal.shaded.io.netty.util.CharsetUtil;
import org.neo4j.driver.internal.shaded.io.netty.util.NetUtil;
import org.neo4j.driver.internal.shaded.io.netty.util.ReferenceCountUtil;
import org.neo4j.driver.internal.shaded.io.netty.util.concurrent.Future;
import org.neo4j.driver.internal.shaded.io.netty.util.concurrent.ImmediateEventExecutor;
import org.neo4j.driver.internal.shaded.io.netty.util.concurrent.Promise;
import org.neo4j.driver.internal.shaded.io.netty.util.concurrent.PromiseNotifier;
import org.neo4j.driver.internal.shaded.io.netty.util.internal.EmptyArrays;
import org.neo4j.driver.internal.shaded.io.netty.util.internal.PlatformDependent;
import org.neo4j.driver.internal.shaded.io.netty.util.internal.ResourcesUtil;
import org.neo4j.driver.internal.shaded.io.netty.util.internal.SystemPropertyUtil;
import org.neo4j.driver.internal.shaded.io.netty.util.internal.logging.InternalLogger;
import org.neo4j.driver.internal.shaded.io.netty.util.internal.logging.InternalLoggerFactory;
import org.opentest4j.AssertionFailedError;

@TestInstance(TestInstance.Lifecycle.PER_CLASS)
/* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SSLEngineTest.class */
public abstract class SSLEngineTest {
    private static final String PRINCIPAL_NAME = "CN=e8ac02fa0d65a84219016045db8b05c485b4ecdf.netty.test";
    private final boolean tlsv13Supported;
    protected MessageReceiver serverReceiver;
    protected MessageReceiver clientReceiver;
    protected volatile Throwable serverException;
    protected volatile Throwable clientException;
    protected SslContext serverSslCtx;
    protected SslContext clientSslCtx;
    protected ServerBootstrap sb;
    protected Bootstrap cb;
    protected Channel serverChannel;
    protected Channel serverConnectedChannel;
    protected Channel clientChannel;
    protected CountDownLatch serverLatch;
    protected CountDownLatch clientLatch;
    protected volatile Future<Channel> serverSslHandshakeFuture;
    protected volatile Future<Channel> clientSslHandshakeFuture;
    private DelayingExecutor delegatingExecutor;
    private static final InternalLogger logger = InternalLoggerFactory.getInstance(SSLEngineTest.class);
    private static final Runnable NOOP = new Runnable() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.1
        @Override // java.lang.Runnable
        public void run() {
        }
    };

    /* renamed from: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest$1SSLSessionBindingEventValue, reason: invalid class name */
    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SSLEngineTest$1SSLSessionBindingEventValue.class */
    class C1SSLSessionBindingEventValue implements SSLSessionBindingListener {
        SSLSessionBindingEvent boundEvent;
        SSLSessionBindingEvent unboundEvent;

        C1SSLSessionBindingEventValue() {
        }

        @Override // javax.net.ssl.SSLSessionBindingListener
        public void valueBound(SSLSessionBindingEvent sSLSessionBindingEvent) {
            Assertions.assertNull(this.boundEvent);
            this.boundEvent = sSLSessionBindingEvent;
        }

        @Override // javax.net.ssl.SSLSessionBindingListener
        public void valueUnbound(SSLSessionBindingEvent sSLSessionBindingEvent) {
            Assertions.assertNull(this.unboundEvent);
            this.unboundEvent = sSLSessionBindingEvent;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SSLEngineTest$BufferType.class */
    public enum BufferType {
        Direct,
        Heap,
        Mixed
    }

    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SSLEngineTest$MessageDelegatorChannelHandler.class */
    protected static final class MessageDelegatorChannelHandler extends SimpleChannelInboundHandler<ByteBuf> {
        private final MessageReceiver receiver;
        private final CountDownLatch latch;

        public MessageDelegatorChannelHandler(MessageReceiver messageReceiver, CountDownLatch countDownLatch) {
            super(false);
            this.receiver = messageReceiver;
            this.latch = countDownLatch;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public void channelRead0(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) throws Exception {
            this.receiver.messageReceived(channelHandlerContext, byteBuf);
            this.latch.countDown();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SSLEngineTest$MessageReceiver.class */
    public static final class MessageReceiver {
        final BlockingQueue<ByteBuf> messages = new LinkedBlockingQueue();
        final BlockingQueue<OnNextMessage> onNextMessages = new LinkedBlockingQueue();

        MessageReceiver() {
        }

        void messageReceived(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) throws Exception {
            this.messages.add(byteBuf);
            OnNextMessage poll = this.onNextMessages.poll();
            if (poll != null) {
                poll.messageReceived(channelHandlerContext, byteBuf);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SSLEngineTest$OnNextMessage.class */
    public interface OnNextMessage {
        void messageReceived(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) throws Exception;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SSLEngineTest$ProtocolCipherCombo.class */
    public static final class ProtocolCipherCombo {
        private static final ProtocolCipherCombo TLSV12 = new ProtocolCipherCombo("TLSv1.2", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
        private static final ProtocolCipherCombo TLSV13 = new ProtocolCipherCombo("TLSv1.3", "TLS_AES_128_GCM_SHA256");
        final String protocol;
        final String cipher;

        private ProtocolCipherCombo(String str, String str2) {
            this.protocol = str;
            this.cipher = str2;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static ProtocolCipherCombo tlsv12() {
            return TLSV12;
        }

        static ProtocolCipherCombo tlsv13() {
            return TLSV13;
        }

        public String toString() {
            return "ProtocolCipherCombo{protocol='" + this.protocol + "', cipher='" + this.cipher + "'}";
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SSLEngineTest$SSLEngineTestParam.class */
    public static class SSLEngineTestParam {
        private final BufferType type;
        private final ProtocolCipherCombo protocolCipherCombo;
        private final boolean delegate;

        /* JADX INFO: Access modifiers changed from: package-private */
        public SSLEngineTestParam(BufferType bufferType, ProtocolCipherCombo protocolCipherCombo, boolean z) {
            this.type = bufferType;
            this.protocolCipherCombo = protocolCipherCombo;
            this.delegate = z;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public final BufferType type() {
            return this.type;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public final ProtocolCipherCombo combo() {
            return this.protocolCipherCombo;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public final boolean delegate() {
            return this.delegate;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public final List<String> protocols() {
            return Collections.singletonList(this.protocolCipherCombo.protocol);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public final List<String> ciphers() {
            return Collections.singletonList(this.protocolCipherCombo.cipher);
        }

        public String toString() {
            return "SslEngineTestParam{type=" + type() + ", protocolCipherCombo=" + combo() + ", delegate=" + delegate() + '}';
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SSLEngineTest$SessionReusedState.class */
    public enum SessionReusedState {
        NOT_REUSED,
        MAYBE_REUSED,
        REUSED
    }

    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SSLEngineTest$SessionValueSettingTrustManager.class */
    private class SessionValueSettingTrustManager extends EmptyExtendedX509TrustManager implements ResumableX509ExtendedTrustManager {
        private final String key;
        private final String value;

        SessionValueSettingTrustManager(String str, String str2) {
            this.key = str;
            this.value = str2;
        }

        @Override // org.neo4j.driver.internal.shaded.io.netty.handler.ssl.EmptyExtendedX509TrustManager, javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            SSLEngineTest.logger.debug("Authenticating client session: {} ({}, {})", new Object[]{sSLEngine.getHandshakeSession(), sSLEngine.getHandshakeStatus(), SSLEngineTest.this.clientChannel});
            sSLEngine.getHandshakeSession().putValue(this.key, this.value);
        }

        @Override // org.neo4j.driver.internal.shaded.io.netty.handler.ssl.EmptyExtendedX509TrustManager, javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            SSLEngineTest.logger.debug("Authenticating server session: {} ({}, {})", new Object[]{sSLEngine.getHandshakeSession(), sSLEngine.getHandshakeStatus(), SSLEngineTest.this.serverChannel});
            sSLEngine.getHandshakeSession().putValue(this.key, this.value);
        }

        public void resumeClientTrusted(X509Certificate[] x509CertificateArr, SSLEngine sSLEngine) throws CertificateException {
            SSLEngineTest.logger.debug("Resuming client session: {} ({}, {})", new Object[]{sSLEngine.getSession(), sSLEngine.getHandshakeStatus(), SSLEngineTest.this.clientChannel});
            sSLEngine.getSession().putValue(this.key, this.value);
        }

        public void resumeServerTrusted(X509Certificate[] x509CertificateArr, SSLEngine sSLEngine) throws CertificateException {
            SSLEngineTest.logger.debug("Resuming server session: {} ({}, {})", new Object[]{sSLEngine.getSession(), sSLEngine.getHandshakeStatus(), SSLEngineTest.this.serverChannel});
            sSLEngine.getSession().putValue(this.key, this.value);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SSLEngineTest$TestByteBufAllocator.class */
    public static final class TestByteBufAllocator implements ByteBufAllocator {
        private final ByteBufAllocator allocator;
        private final BufferType type;

        TestByteBufAllocator(ByteBufAllocator byteBufAllocator, BufferType bufferType) {
            this.allocator = byteBufAllocator;
            this.type = bufferType;
        }

        public ByteBuf buffer() {
            switch (this.type) {
                case Direct:
                    return this.allocator.directBuffer();
                case Heap:
                    return this.allocator.heapBuffer();
                case Mixed:
                    return PlatformDependent.threadLocalRandom().nextBoolean() ? this.allocator.directBuffer() : this.allocator.heapBuffer();
                default:
                    throw new Error();
            }
        }

        public ByteBuf buffer(int i) {
            switch (this.type) {
                case Direct:
                    return this.allocator.directBuffer(i);
                case Heap:
                    return this.allocator.heapBuffer(i);
                case Mixed:
                    return PlatformDependent.threadLocalRandom().nextBoolean() ? this.allocator.directBuffer(i) : this.allocator.heapBuffer(i);
                default:
                    throw new Error();
            }
        }

        public ByteBuf buffer(int i, int i2) {
            switch (this.type) {
                case Direct:
                    return this.allocator.directBuffer(i, i2);
                case Heap:
                    return this.allocator.heapBuffer(i, i2);
                case Mixed:
                    return PlatformDependent.threadLocalRandom().nextBoolean() ? this.allocator.directBuffer(i, i2) : this.allocator.heapBuffer(i, i2);
                default:
                    throw new Error();
            }
        }

        public ByteBuf ioBuffer() {
            return this.allocator.ioBuffer();
        }

        public ByteBuf ioBuffer(int i) {
            return this.allocator.ioBuffer(i);
        }

        public ByteBuf ioBuffer(int i, int i2) {
            return this.allocator.ioBuffer(i, i2);
        }

        public ByteBuf heapBuffer() {
            return this.allocator.heapBuffer();
        }

        public ByteBuf heapBuffer(int i) {
            return this.allocator.heapBuffer(i);
        }

        public ByteBuf heapBuffer(int i, int i2) {
            return this.allocator.heapBuffer(i, i2);
        }

        public ByteBuf directBuffer() {
            return this.allocator.directBuffer();
        }

        public ByteBuf directBuffer(int i) {
            return this.allocator.directBuffer(i);
        }

        public ByteBuf directBuffer(int i, int i2) {
            return this.allocator.directBuffer(i, i2);
        }

        public CompositeByteBuf compositeBuffer() {
            switch (this.type) {
                case Direct:
                    return this.allocator.compositeDirectBuffer();
                case Heap:
                    return this.allocator.compositeHeapBuffer();
                case Mixed:
                    return PlatformDependent.threadLocalRandom().nextBoolean() ? this.allocator.compositeDirectBuffer() : this.allocator.compositeHeapBuffer();
                default:
                    throw new Error();
            }
        }

        public CompositeByteBuf compositeBuffer(int i) {
            switch (this.type) {
                case Direct:
                    return this.allocator.compositeDirectBuffer(i);
                case Heap:
                    return this.allocator.compositeHeapBuffer(i);
                case Mixed:
                    return PlatformDependent.threadLocalRandom().nextBoolean() ? this.allocator.compositeDirectBuffer(i) : this.allocator.compositeHeapBuffer(i);
                default:
                    throw new Error();
            }
        }

        public CompositeByteBuf compositeHeapBuffer() {
            return this.allocator.compositeHeapBuffer();
        }

        public CompositeByteBuf compositeHeapBuffer(int i) {
            return this.allocator.compositeHeapBuffer(i);
        }

        public CompositeByteBuf compositeDirectBuffer() {
            return this.allocator.compositeDirectBuffer();
        }

        public CompositeByteBuf compositeDirectBuffer(int i) {
            return this.allocator.compositeDirectBuffer(i);
        }

        public boolean isDirectBufferPooled() {
            return this.allocator.isDirectBufferPooled();
        }

        public int calculateNewCapacity(int i, int i2) {
            return this.allocator.calculateNewCapacity(i, i2);
        }
    }

    /* loaded from: input_file:org/neo4j/driver/internal/shaded/io/netty/handler/ssl/SSLEngineTest$TestTrustManagerFactory.class */
    private static final class TestTrustManagerFactory extends X509ExtendedTrustManager {
        private final Certificate localCert;
        private volatile boolean verified;

        TestTrustManagerFactory(Certificate certificate) {
            this.localCert = certificate;
        }

        boolean isVerified() {
            return this.verified;
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
            Assertions.fail();
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
            Assertions.fail();
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
            this.verified = true;
            Assertions.assertFalse(sSLEngine.getUseClientMode());
            SSLSession handshakeSession = sSLEngine.getHandshakeSession();
            Assertions.assertNotNull(handshakeSession);
            Certificate[] localCertificates = handshakeSession.getLocalCertificates();
            Assertions.assertNotNull(localCertificates);
            Assertions.assertEquals(1, localCertificates.length);
            Assertions.assertEquals(this.localCert, localCertificates[0]);
            Assertions.assertNotNull(handshakeSession.getLocalPrincipal());
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
            this.verified = true;
            Assertions.assertTrue(sSLEngine.getUseClientMode());
            SSLSession handshakeSession = sSLEngine.getHandshakeSession();
            Assertions.assertNotNull(handshakeSession);
            Assertions.assertNull(handshakeSession.getLocalCertificates());
            Assertions.assertNull(handshakeSession.getLocalPrincipal());
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            Assertions.fail();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            Assertions.fail();
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return EmptyArrays.EMPTY_X509_CERTIFICATES;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLEngineTest(boolean z) {
        this.tlsv13Supported = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<SSLEngineTestParam> newTestParams() {
        ArrayList arrayList = new ArrayList();
        for (BufferType bufferType : BufferType.values()) {
            arrayList.add(new SSLEngineTestParam(bufferType, ProtocolCipherCombo.tlsv12(), false));
            arrayList.add(new SSLEngineTestParam(bufferType, ProtocolCipherCombo.tlsv12(), true));
            if (this.tlsv13Supported) {
                arrayList.add(new SSLEngineTestParam(bufferType, ProtocolCipherCombo.tlsv13(), false));
                arrayList.add(new SSLEngineTestParam(bufferType, ProtocolCipherCombo.tlsv13(), true));
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ByteBuffer allocateBuffer(BufferType bufferType, int i) {
        switch (bufferType) {
            case Direct:
                return ByteBuffer.allocateDirect(i);
            case Heap:
                return ByteBuffer.allocate(i);
            case Mixed:
                return PlatformDependent.threadLocalRandom().nextBoolean() ? ByteBuffer.allocateDirect(i) : ByteBuffer.allocate(i);
            default:
                throw new Error();
        }
    }

    @BeforeEach
    public void setup() {
        this.serverLatch = new CountDownLatch(1);
        this.clientLatch = new CountDownLatch(1);
        this.delegatingExecutor = new DelayingExecutor();
        this.serverReceiver = new MessageReceiver();
        this.clientReceiver = new MessageReceiver();
    }

    @AfterEach
    public void tearDown() throws InterruptedException {
        ChannelFuture channelFuture = null;
        ChannelFuture channelFuture2 = null;
        ChannelFuture channelFuture3 = null;
        if (this.clientChannel != null) {
            channelFuture = this.clientChannel.close();
            this.clientChannel = null;
        }
        if (this.serverConnectedChannel != null) {
            channelFuture2 = this.serverConnectedChannel.close();
            this.serverConnectedChannel = null;
        }
        if (this.serverChannel != null) {
            channelFuture3 = this.serverChannel.close();
            this.serverChannel = null;
        }
        if (channelFuture != null) {
            channelFuture.sync();
        }
        if (channelFuture2 != null) {
            channelFuture2.sync();
        }
        if (channelFuture3 != null) {
            channelFuture3.sync();
        }
        if (this.serverSslCtx != null) {
            cleanupServerSslContext(this.serverSslCtx);
            this.serverSslCtx = null;
        }
        if (this.clientSslCtx != null) {
            cleanupClientSslContext(this.clientSslCtx);
            this.clientSslCtx = null;
        }
        Future future = null;
        Future future2 = null;
        Future future3 = null;
        if (this.sb != null) {
            future = this.sb.config().group().shutdownGracefully(0L, 0L, TimeUnit.MILLISECONDS);
            future2 = this.sb.config().childGroup().shutdownGracefully(0L, 0L, TimeUnit.MILLISECONDS);
        }
        if (this.cb != null) {
            future3 = this.cb.config().group().shutdownGracefully(0L, 0L, TimeUnit.MILLISECONDS);
        }
        if (future != null) {
            future.sync();
            future2.sync();
        }
        if (future3 != null) {
            future3.sync();
        }
        this.delegatingExecutor.shutdown();
        this.serverException = null;
        this.clientException = null;
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testMutualAuthSameCerts(SSLEngineTestParam sSLEngineTestParam) throws Throwable {
        mySetupMutualAuth(sSLEngineTestParam, ResourcesUtil.getFile(getClass(), "test_unencrypted.pem"), ResourcesUtil.getFile(getClass(), "test.crt"), null);
        runTest(null);
        Assertions.assertTrue(this.serverLatch.await(2L, TimeUnit.SECONDS));
        Throwable th = this.serverException;
        if (th != null) {
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSetSupportedCiphers(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        if (sSLEngineTestParam.protocolCipherCombo != ProtocolCipherCombo.tlsv12()) {
            return;
        }
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.key(), new X509Certificate[]{cachedCertificate.cert()}).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).sslProvider(sslServerProvider()).build());
        SSLEngine wrapEngine = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(cachedCertificate.certificate()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).sslProvider(sslClientProvider()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        String[] strArr = {sSLEngineTestParam.ciphers().get(0)};
        try {
            wrapEngine2.setEnabledCipherSuites(strArr);
            wrapEngine.setEnabledCipherSuites(strArr);
            Assertions.assertArrayEquals(strArr, wrapEngine2.getEnabledCipherSuites());
            Assertions.assertArrayEquals(strArr, wrapEngine.getEnabledCipherSuites());
            cleanupClientSslEngine(wrapEngine2);
            cleanupServerSslEngine(wrapEngine);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine2);
            cleanupServerSslEngine(wrapEngine);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testIncompatibleCiphers(final SSLEngineTestParam sSLEngineTestParam) throws Exception {
        Assumptions.assumeTrue(SslProvider.isTlsv13Supported(sslClientProvider()));
        Assumptions.assumeTrue(SslProvider.isTlsv13Supported(sslServerProvider()));
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).protocols(new String[]{"TLSv1.3", "TLSv1.2", "TLSv1"}).sslContextProvider(clientSslContextProvider()).sslProvider(sslClientProvider()).build());
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).protocols(new String[]{"TLSv1.3", "TLSv1.2", "TLSv1"}).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).build());
        final SSLEngine sSLEngine = null;
        final SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2.setEnabledCipherSuites(new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA"});
            sSLEngine.setEnabledCipherSuites(new String[]{"TLS_AES_256_GCM_SHA384"});
            Assertions.assertThrows(SSLHandshakeException.class, new Executable() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.2
                public void execute() throws Throwable {
                    SSLEngineTest.this.handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
                }
            });
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testMutualAuthDiffCerts(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        File file = ResourcesUtil.getFile(getClass(), "test_encrypted.pem");
        File file2 = ResourcesUtil.getFile(getClass(), "test.crt");
        File file3 = ResourcesUtil.getFile(getClass(), "test2_encrypted.pem");
        File file4 = ResourcesUtil.getFile(getClass(), "test2.crt");
        mySetupMutualAuth(sSLEngineTestParam, file4, file, file2, "12345", file2, file3, file4, "12345");
        runTest(null);
        Assertions.assertTrue(this.serverLatch.await(2L, TimeUnit.SECONDS));
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testMutualAuthDiffCertsServerFailure(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        File file = ResourcesUtil.getFile(getClass(), "test_encrypted.pem");
        File file2 = ResourcesUtil.getFile(getClass(), "test.crt");
        mySetupMutualAuth(sSLEngineTestParam, file2, file, file2, "12345", file2, ResourcesUtil.getFile(getClass(), "test2_encrypted.pem"), ResourcesUtil.getFile(getClass(), "test2.crt"), "12345");
        Assertions.assertTrue(this.serverLatch.await(10L, TimeUnit.SECONDS));
        Assertions.assertTrue(this.serverException instanceof SSLHandshakeException);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testMutualAuthDiffCertsClientFailure(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        File file = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem");
        File file2 = ResourcesUtil.getFile(getClass(), "test.crt");
        File file3 = ResourcesUtil.getFile(getClass(), "test2_unencrypted.pem");
        File file4 = ResourcesUtil.getFile(getClass(), "test2.crt");
        mySetupMutualAuth(sSLEngineTestParam, file4, file, file2, null, file4, file3, file4, null);
        Assertions.assertTrue(this.clientLatch.await(10L, TimeUnit.SECONDS));
        Assertions.assertTrue(this.clientException instanceof SSLHandshakeException);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testMutualAuthInvalidClientCertSucceed(sSLEngineTestParam, ClientAuth.NONE);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testMutualAuthClientCertFail(sSLEngineTestParam, ClientAuth.OPTIONAL);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testMutualAuthClientCertFail(sSLEngineTestParam, ClientAuth.REQUIRE);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testMutualAuthClientCertFail(sSLEngineTestParam, ClientAuth.OPTIONAL, "mutual_auth_client.p12", true);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testMutualAuthClientCertFail(sSLEngineTestParam, ClientAuth.REQUIRE, "mutual_auth_client.p12", true);
    }

    private void testMutualAuthInvalidClientCertSucceed(SSLEngineTestParam sSLEngineTestParam, ClientAuth clientAuth) throws Exception {
        char[] charArray = "example".toCharArray();
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(getClass().getResourceAsStream("mutual_auth_server.p12"), charArray);
        KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
        keyStore2.load(getClass().getResourceAsStream("mutual_auth_invalid_client.p12"), charArray);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, charArray);
        KeyManagerFactory keyManagerFactory2 = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory2.init(keyStore2, charArray);
        File file = ResourcesUtil.getFile(getClass(), "mutual_auth_ca.pem");
        mySetupMutualAuth(sSLEngineTestParam, keyManagerFactory, file, keyManagerFactory2, file, clientAuth, false, false);
        Assertions.assertTrue(this.clientLatch.await(10L, TimeUnit.SECONDS));
        rethrowIfNotNull(this.clientException);
        Assertions.assertTrue(this.serverLatch.await(5L, TimeUnit.SECONDS));
        rethrowIfNotNull(this.serverException);
    }

    private void testMutualAuthClientCertFail(SSLEngineTestParam sSLEngineTestParam, ClientAuth clientAuth) throws Exception {
        testMutualAuthClientCertFail(sSLEngineTestParam, clientAuth, "mutual_auth_invalid_client.p12", false);
    }

    private void testMutualAuthClientCertFail(SSLEngineTestParam sSLEngineTestParam, ClientAuth clientAuth, String str, boolean z) throws Exception {
        char[] charArray = "example".toCharArray();
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(getClass().getResourceAsStream("mutual_auth_server.p12"), charArray);
        KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
        keyStore2.load(getClass().getResourceAsStream(str), charArray);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, charArray);
        KeyManagerFactory keyManagerFactory2 = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory2.init(keyStore2, charArray);
        File file = ResourcesUtil.getFile(getClass(), "mutual_auth_ca.pem");
        mySetupMutualAuth(sSLEngineTestParam, keyManagerFactory, file, keyManagerFactory2, file, clientAuth, true, z);
        Assertions.assertTrue(this.clientLatch.await(10L, TimeUnit.SECONDS));
        Assertions.assertTrue(mySetupMutualAuthServerIsValidClientException(this.clientException), "unexpected exception: " + this.clientException);
        Assertions.assertTrue(this.serverLatch.await(5L, TimeUnit.SECONDS));
        Assertions.assertTrue(mySetupMutualAuthServerIsValidServerException(this.serverException), "unexpected exception: " + this.serverException);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean causedBySSLException(Throwable th) {
        Throwable th2 = th;
        while (!(th2 instanceof SSLException)) {
            th2 = th2.getCause();
            if (th2 == null) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean mySetupMutualAuthServerIsValidServerException(Throwable th) {
        return mySetupMutualAuthServerIsValidException(th);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean mySetupMutualAuthServerIsValidClientException(Throwable th) {
        return mySetupMutualAuthServerIsValidException(th);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean mySetupMutualAuthServerIsValidException(Throwable th) {
        return (th instanceof SSLException) || (th instanceof ClosedChannelException);
    }

    protected void mySetupMutualAuthServerInitSslHandler(SslHandler sslHandler) {
    }

    protected void mySetupMutualAuth(final SSLEngineTestParam sSLEngineTestParam, KeyManagerFactory keyManagerFactory, File file, KeyManagerFactory keyManagerFactory2, File file2, ClientAuth clientAuth, final boolean z, final boolean z2) throws SSLException, InterruptedException {
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(keyManagerFactory).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).trustManager(file).clientAuth(clientAuth).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0L).sessionTimeout(0L).build());
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).trustManager(file2).keyManager(keyManagerFactory2).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0L).sessionTimeout(0L).build());
        this.serverConnectedChannel = null;
        this.sb = new ServerBootstrap();
        this.cb = new Bootstrap();
        this.sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
        this.sb.channel(NioServerSocketChannel.class);
        this.sb.childHandler(new ChannelInitializer<Channel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.3
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), sSLEngineTestParam.type()));
                ChannelPipeline pipeline = channel.pipeline();
                SslHandler newHandler = !sSLEngineTestParam.delegate ? SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor);
                if (z2) {
                    SSLEngineTest.this.mySetupMutualAuthServerInitSslHandler(newHandler);
                }
                pipeline.addLast(new ChannelHandler[]{newHandler});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.serverReceiver, SSLEngineTest.this.serverLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.3.1
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj == SslHandshakeCompletionEvent.SUCCESS) {
                            if (z) {
                                SSLEngineTest.this.serverException = new IllegalStateException("handshake complete. expected failure");
                            }
                            SSLEngineTest.this.serverLatch.countDown();
                        } else if (obj instanceof SslHandshakeCompletionEvent) {
                            SSLEngineTest.this.serverException = ((SslHandshakeCompletionEvent) obj).cause();
                            SSLEngineTest.this.serverLatch.countDown();
                        }
                        channelHandlerContext.fireUserEventTriggered(obj);
                    }

                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLHandshakeException)) {
                            SSLEngineTest.this.serverException = th;
                            channelHandlerContext.fireExceptionCaught(th);
                        } else {
                            SSLEngineTest.this.serverException = th.getCause();
                            SSLEngineTest.this.serverLatch.countDown();
                        }
                    }
                }});
                SSLEngineTest.this.serverConnectedChannel = channel;
            }
        });
        this.cb.group(new NioEventLoopGroup());
        this.cb.channel(NioSocketChannel.class);
        this.cb.handler(new ChannelInitializer<Channel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.4
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), sSLEngineTestParam.type));
                ChannelPipeline pipeline = channel.pipeline();
                pipeline.addLast(new ChannelHandler[]{!sSLEngineTestParam.delegate ? SSLEngineTest.this.clientSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.clientSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor)});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.clientReceiver, SSLEngineTest.this.clientLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.4.1
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj == SslHandshakeCompletionEvent.SUCCESS) {
                            if (!z) {
                                SSLEngineTest.this.clientLatch.countDown();
                            }
                        } else if (obj instanceof SslHandshakeCompletionEvent) {
                            SSLEngineTest.this.clientException = ((SslHandshakeCompletionEvent) obj).cause();
                            SSLEngineTest.this.clientLatch.countDown();
                        }
                        channelHandlerContext.fireUserEventTriggered(obj);
                    }

                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLException)) {
                            channelHandlerContext.fireExceptionCaught(th);
                            return;
                        }
                        SSLEngineTest.this.clientException = th.getCause();
                        SSLEngineTest.this.clientLatch.countDown();
                    }
                }});
            }
        });
        this.serverChannel = this.sb.bind(new InetSocketAddress(0)).sync().channel();
        ChannelFuture connect = this.cb.connect(new InetSocketAddress(NetUtil.LOCALHOST, ((InetSocketAddress) this.serverChannel.localAddress()).getPort()));
        Assertions.assertTrue(connect.awaitUninterruptibly().isSuccess());
        this.clientChannel = connect.channel();
    }

    protected static void rethrowIfNotNull(Throwable th) {
        if (th != null) {
            throw new AssertionFailedError("Expected no error", th);
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testClientHostnameValidationSuccess(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        mySetupClientHostnameValidation(sSLEngineTestParam, ResourcesUtil.getFile(getClass(), "localhost_server.pem"), ResourcesUtil.getFile(getClass(), "localhost_server.key"), ResourcesUtil.getFile(getClass(), "mutual_auth_ca.pem"), false);
        Assertions.assertTrue(this.clientLatch.await(10L, TimeUnit.SECONDS));
        rethrowIfNotNull(this.clientException);
        Assertions.assertTrue(this.serverLatch.await(5L, TimeUnit.SECONDS));
        rethrowIfNotNull(this.serverException);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testClientHostnameValidationFail(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        Future<Void> mySetupClientHostnameValidation = mySetupClientHostnameValidation(sSLEngineTestParam, ResourcesUtil.getFile(getClass(), "notlocalhost_server.pem"), ResourcesUtil.getFile(getClass(), "notlocalhost_server.key"), ResourcesUtil.getFile(getClass(), "mutual_auth_ca.pem"), true);
        Assertions.assertTrue(this.clientLatch.await(10L, TimeUnit.SECONDS));
        Assertions.assertTrue(mySetupMutualAuthServerIsValidClientException(this.clientException), "unexpected exception: " + this.clientException);
        Assertions.assertTrue(this.serverLatch.await(5L, TimeUnit.SECONDS));
        Assertions.assertTrue(mySetupMutualAuthServerIsValidServerException(this.serverException), "unexpected exception: " + this.serverException);
        mySetupClientHostnameValidation.awaitUninterruptibly();
        Assertions.assertSame(this.clientException, mySetupClientHostnameValidation.cause());
    }

    private Future<Void> mySetupClientHostnameValidation(final SSLEngineTestParam sSLEngineTestParam, File file, File file2, File file3, final boolean z) throws SSLException, InterruptedException {
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(file, file2, (String) null).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).sslContextProvider(serverSslContextProvider()).trustManager(InsecureTrustManagerFactory.INSTANCE).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0L).sessionTimeout(0L).build());
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).sslContextProvider(clientSslContextProvider()).trustManager(file3).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0L).sessionTimeout(0L).build());
        this.serverConnectedChannel = null;
        this.sb = new ServerBootstrap();
        this.cb = new Bootstrap();
        this.sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
        this.sb.channel(NioServerSocketChannel.class);
        this.sb.childHandler(new ChannelInitializer<Channel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.5
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), sSLEngineTestParam.type));
                ChannelPipeline pipeline = channel.pipeline();
                pipeline.addLast(new ChannelHandler[]{!sSLEngineTestParam.delegate ? SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor)});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.serverReceiver, SSLEngineTest.this.serverLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.5.1
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj == SslHandshakeCompletionEvent.SUCCESS) {
                            if (z) {
                                SSLEngineTest.this.serverException = new IllegalStateException("handshake complete. expected failure");
                            }
                            SSLEngineTest.this.serverLatch.countDown();
                        } else if (obj instanceof SslHandshakeCompletionEvent) {
                            SSLEngineTest.this.serverException = ((SslHandshakeCompletionEvent) obj).cause();
                            SSLEngineTest.this.serverLatch.countDown();
                        }
                        channelHandlerContext.fireUserEventTriggered(obj);
                    }

                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLHandshakeException)) {
                            SSLEngineTest.this.serverException = th;
                            channelHandlerContext.fireExceptionCaught(th);
                        } else {
                            SSLEngineTest.this.serverException = th.getCause();
                            SSLEngineTest.this.serverLatch.countDown();
                        }
                    }
                }});
                SSLEngineTest.this.serverConnectedChannel = channel;
            }
        });
        final Promise newPromise = ImmediateEventExecutor.INSTANCE.newPromise();
        this.cb.group(new NioEventLoopGroup());
        this.cb.channel(NioSocketChannel.class);
        this.cb.handler(new ChannelInitializer<Channel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.6
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), sSLEngineTestParam.type));
                ChannelPipeline pipeline = channel.pipeline();
                SslHandler newHandler = !sSLEngineTestParam.delegate ? SSLEngineTest.this.clientSslCtx.newHandler(channel.alloc(), "localhost", 0) : SSLEngineTest.this.clientSslCtx.newHandler(channel.alloc(), "localhost", 0, SSLEngineTest.this.delegatingExecutor);
                SSLParameters sSLParameters = newHandler.engine().getSSLParameters();
                if (SslUtils.isValidHostNameForSNI("localhost")) {
                    Assertions.assertEquals(1, sSLParameters.getServerNames().size());
                    Assertions.assertEquals(new SNIHostName("localhost"), sSLParameters.getServerNames().get(0));
                }
                sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
                newHandler.engine().setSSLParameters(sSLParameters);
                pipeline.addLast(new ChannelHandler[]{newHandler});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.clientReceiver, SSLEngineTest.this.clientLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.6.1
                    public void handlerAdded(ChannelHandlerContext channelHandlerContext) {
                        if (z) {
                            PromiseNotifier.cascade(channelHandlerContext.write(channelHandlerContext.alloc().buffer(1).writeByte(1)), newPromise);
                        }
                    }

                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj == SslHandshakeCompletionEvent.SUCCESS) {
                            if (z) {
                                SSLEngineTest.this.clientException = new IllegalStateException("handshake complete. expected failure");
                            }
                            SSLEngineTest.this.clientLatch.countDown();
                        } else if (obj instanceof SslHandshakeCompletionEvent) {
                            SSLEngineTest.this.clientException = ((SslHandshakeCompletionEvent) obj).cause();
                            SSLEngineTest.this.clientLatch.countDown();
                        }
                        channelHandlerContext.fireUserEventTriggered(obj);
                    }

                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLHandshakeException)) {
                            channelHandlerContext.fireExceptionCaught(th);
                            return;
                        }
                        SSLEngineTest.this.clientException = th.getCause();
                        SSLEngineTest.this.clientLatch.countDown();
                    }
                }});
            }
        });
        this.serverChannel = this.sb.bind(new InetSocketAddress("localhost", 0)).sync().channel();
        ChannelFuture connect = this.cb.connect(new InetSocketAddress("localhost", ((InetSocketAddress) this.serverChannel.localAddress()).getPort()));
        Assertions.assertTrue(connect.awaitUninterruptibly().isSuccess());
        this.clientChannel = connect.channel();
        return newPromise;
    }

    private void mySetupMutualAuth(SSLEngineTestParam sSLEngineTestParam, File file, File file2, String str) throws SSLException, InterruptedException {
        mySetupMutualAuth(sSLEngineTestParam, file2, file, file2, str, file2, file, file2, str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void verifySSLSessionForMutualAuth(SSLEngineTestParam sSLEngineTestParam, SSLSession sSLSession, File file, String str) throws Exception {
        FileInputStream fileInputStream = null;
        try {
            Assertions.assertEquals(str, sSLSession.getLocalPrincipal().getName());
            Assertions.assertEquals(str, sSLSession.getPeerPrincipal().getName());
            Assertions.assertNotNull(sSLSession.getId());
            Assertions.assertEquals(sSLEngineTestParam.combo().cipher, sSLSession.getCipherSuite());
            Assertions.assertEquals(sSLEngineTestParam.combo().protocol, sSLSession.getProtocol());
            Assertions.assertTrue(sSLSession.getApplicationBufferSize() > 0);
            Assertions.assertTrue(sSLSession.getCreationTime() > 0);
            Assertions.assertTrue(sSLSession.isValid());
            Assertions.assertTrue(sSLSession.getLastAccessedTime() > 0);
            fileInputStream = new FileInputStream(file);
            byte[] encoded = SslContext.X509_CERT_FACTORY.generateCertificate(fileInputStream).getEncoded();
            Assertions.assertEquals(1, sSLSession.getPeerCertificates().length);
            Assertions.assertArrayEquals(encoded, sSLSession.getPeerCertificates()[0].getEncoded());
            try {
                Assertions.assertEquals(1, sSLSession.getPeerCertificateChain().length);
                Assertions.assertArrayEquals(encoded, sSLSession.getPeerCertificateChain()[0].getEncoded());
            } catch (UnsupportedOperationException e) {
                Assertions.assertTrue(PlatformDependent.javaVersion() >= 15);
            }
            Assertions.assertEquals(1, sSLSession.getLocalCertificates().length);
            Assertions.assertArrayEquals(encoded, sSLSession.getLocalCertificates()[0].getEncoded());
            if (fileInputStream != null) {
                fileInputStream.close();
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private void mySetupMutualAuth(final SSLEngineTestParam sSLEngineTestParam, File file, File file2, final File file3, String str, File file4, File file5, final File file6, String str2) throws InterruptedException, SSLException {
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(file3, file2, str).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).trustManager(file).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0L).sessionTimeout(0L).build());
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).trustManager(file4).keyManager(file6, file5, str2).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0L).sessionTimeout(0L).build());
        this.serverConnectedChannel = null;
        this.sb = new ServerBootstrap();
        this.cb = new Bootstrap();
        this.sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
        this.sb.channel(NioServerSocketChannel.class);
        this.sb.childHandler(new ChannelInitializer<Channel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.7
            protected void initChannel(Channel channel) {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), sSLEngineTestParam.type));
                ChannelPipeline pipeline = channel.pipeline();
                final SSLEngine wrapEngine = SSLEngineTest.this.wrapEngine(SSLEngineTest.this.serverSslCtx.newEngine(channel.alloc()));
                wrapEngine.setUseClientMode(false);
                wrapEngine.setNeedClientAuth(true);
                pipeline.addLast(new ChannelHandler[]{new SslHandler(wrapEngine)});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.serverReceiver, SSLEngineTest.this.serverLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.7.1
                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLHandshakeException)) {
                            SSLEngineTest.this.serverException = th;
                            channelHandlerContext.fireExceptionCaught(th);
                        } else {
                            SSLEngineTest.this.serverException = th.getCause();
                            SSLEngineTest.this.serverLatch.countDown();
                        }
                    }

                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj == SslHandshakeCompletionEvent.SUCCESS) {
                            try {
                                SSLEngineTest.this.verifySSLSessionForMutualAuth(sSLEngineTestParam, wrapEngine.getSession(), file3, SSLEngineTest.PRINCIPAL_NAME);
                            } catch (Throwable th) {
                                SSLEngineTest.this.serverException = th;
                            }
                        }
                    }
                }});
                SSLEngineTest.this.serverConnectedChannel = channel;
            }
        });
        this.cb.group(new NioEventLoopGroup());
        this.cb.channel(NioSocketChannel.class);
        this.cb.handler(new ChannelInitializer<Channel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.8
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), sSLEngineTestParam.type));
                final SslHandler newHandler = !sSLEngineTestParam.delegate ? SSLEngineTest.this.clientSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.clientSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor);
                newHandler.engine().setNeedClientAuth(true);
                ChannelPipeline pipeline = channel.pipeline();
                pipeline.addLast(new ChannelHandler[]{newHandler});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.clientReceiver, SSLEngineTest.this.clientLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.8.1
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj == SslHandshakeCompletionEvent.SUCCESS) {
                            try {
                                SSLEngineTest.this.verifySSLSessionForMutualAuth(sSLEngineTestParam, newHandler.engine().getSession(), file6, SSLEngineTest.PRINCIPAL_NAME);
                            } catch (Throwable th) {
                                SSLEngineTest.this.clientException = th;
                            }
                        }
                    }

                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLHandshakeException)) {
                            channelHandlerContext.fireExceptionCaught(th);
                            return;
                        }
                        SSLEngineTest.this.clientException = th.getCause();
                        SSLEngineTest.this.clientLatch.countDown();
                    }
                }});
            }
        });
        this.serverChannel = this.sb.bind(new InetSocketAddress(0)).sync().channel();
        ChannelFuture connect = this.cb.connect(new InetSocketAddress(NetUtil.LOCALHOST, ((InetSocketAddress) this.serverChannel.localAddress()).getPort()));
        Assertions.assertTrue(connect.awaitUninterruptibly().isSuccess());
        this.clientChannel = connect.channel();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void runTest(String str) throws Exception {
        ByteBuf copiedBuffer = Unpooled.copiedBuffer("I am a client".getBytes());
        ByteBuf copiedBuffer2 = Unpooled.copiedBuffer("I am a server".getBytes());
        try {
            writeAndVerifyReceived(copiedBuffer.retain(), this.clientChannel, this.serverLatch, this.serverReceiver);
            writeAndVerifyReceived(copiedBuffer2.retain(), this.serverConnectedChannel, this.clientLatch, this.clientReceiver);
            verifyApplicationLevelProtocol(this.clientChannel, str);
            verifyApplicationLevelProtocol(this.serverConnectedChannel, str);
            copiedBuffer.release();
            copiedBuffer2.release();
        } catch (Throwable th) {
            copiedBuffer.release();
            copiedBuffer2.release();
            throw th;
        }
    }

    private static void verifyApplicationLevelProtocol(Channel channel, String str) {
        SslHandler sslHandler = channel.pipeline().get(SslHandler.class);
        Assertions.assertNotNull(sslHandler);
        Assertions.assertEquals(str, sslHandler.applicationProtocol());
        JdkAlpnSslEngine engine = sslHandler.engine();
        if (engine instanceof JdkAlpnSslEngine) {
            Assertions.assertEquals(str == null ? "" : str, engine.getApplicationProtocol());
        }
    }

    private static void writeAndVerifyReceived(ByteBuf byteBuf, Channel channel, CountDownLatch countDownLatch, MessageReceiver messageReceiver) throws Exception {
        ArrayList arrayList = null;
        try {
            Assertions.assertTrue(channel.writeAndFlush(byteBuf).await(10L, TimeUnit.SECONDS));
            countDownLatch.await(5L, TimeUnit.SECONDS);
            byteBuf.resetReaderIndex();
            Assertions.assertFalse(messageReceiver.messages.isEmpty());
            arrayList = new ArrayList();
            messageReceiver.messages.drainTo(arrayList);
            Assertions.assertEquals(byteBuf, arrayList.get(0));
            if (arrayList != null) {
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    ((ByteBuf) it.next()).release();
                }
            }
        } catch (Throwable th) {
            if (arrayList != null) {
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    ((ByteBuf) it2.next()).release();
                }
            }
            throw th;
        }
    }

    @Test
    public void testGetCreationTime() throws Exception {
        this.clientSslCtx = wrapContext(null, SslContextBuilder.forClient().sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).build());
        SSLEngine sSLEngine = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            Assertions.assertTrue(sSLEngine.getSession().getCreationTime() <= System.currentTimeMillis());
            cleanupClientSslEngine(sSLEngine);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionInvalidate(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            SSLSession session = sSLEngine2.getSession();
            Assertions.assertTrue(session.isValid());
            session.invalidate();
            Assertions.assertFalse(session.isValid());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSSLSessionId(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).sslContextProvider(clientSslContextProvider()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).sslContextProvider(serverSslContextProvider()).build());
        try {
            SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            Assertions.assertEquals(0, wrapEngine.getSession().getId().length);
            Assertions.assertEquals(0, wrapEngine2.getSession().getId().length);
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
            if (sSLEngineTestParam.protocolCipherCombo == ProtocolCipherCombo.TLSV13) {
                ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), 32768);
                ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), 32768);
                allocateBuffer2.clear().position(4).flip();
                allocateBuffer.clear();
                while (true) {
                    SSLEngineResult wrap = wrapEngine2.wrap(allocateBuffer2, allocateBuffer);
                    if (!allocateBuffer2.hasRemaining() && wrap.bytesProduced() <= 0) {
                        allocateBuffer2.clear();
                        allocateBuffer.flip();
                        while (true) {
                            SSLEngineResult unwrap = wrapEngine.unwrap(allocateBuffer, allocateBuffer2);
                            if (!allocateBuffer.hasRemaining() && unwrap.bytesProduced() <= 0) {
                                break;
                            }
                        }
                        allocateBuffer.clear();
                        allocateBuffer2.clear().position(4).flip();
                        while (true) {
                            SSLEngineResult wrap2 = wrapEngine.wrap(allocateBuffer2, allocateBuffer);
                            if (!allocateBuffer2.hasRemaining() && wrap2.bytesProduced() <= 0) {
                                break;
                            }
                        }
                        allocateBuffer2.clear();
                        allocateBuffer.flip();
                        while (true) {
                            SSLEngineResult unwrap2 = wrapEngine2.unwrap(allocateBuffer, allocateBuffer2);
                            if (!allocateBuffer.hasRemaining() && unwrap2.bytesProduced() <= 0) {
                                break;
                            }
                        }
                        allocateBuffer.clear();
                        allocateBuffer2.clear().position(4).flip();
                        if (wrapEngine.getSession().getId().length != 0) {
                            break;
                        }
                    }
                }
                Assertions.assertFalse(Arrays.equals(wrapEngine.getSession().getId(), wrapEngine2.getSession().getId()));
            } else if (OpenSslEngineTestParam.isUsingTickets(sSLEngineTestParam)) {
                Assertions.assertNotEquals(0, wrapEngine.getSession().getId().length);
            } else {
                Assertions.assertNotEquals(0, wrapEngine.getSession().getId().length);
                Assertions.assertNotEquals(0, wrapEngine2.getSession().getId().length);
                Assertions.assertArrayEquals(wrapEngine.getSession().getId(), wrapEngine2.getSession().getId());
            }
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(null);
            cleanupServerSslEngine(null);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @Timeout(30)
    @ParameterizedTest
    public void clientInitiatedRenegotiationWithFatalAlertDoesNotInfiniteLoopServer(final SSLEngineTestParam sSLEngineTestParam) throws Exception {
        Assumptions.assumeTrue(PlatformDependent.javaVersion() >= 11);
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        this.sb = new ServerBootstrap().group(new NioEventLoopGroup(1)).channel(NioServerSocketChannel.class).childHandler(new ChannelInitializer<SocketChannel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.9
            public void initChannel(SocketChannel socketChannel) {
                socketChannel.config().setAllocator(new TestByteBufAllocator(socketChannel.config().getAllocator(), sSLEngineTestParam.type));
                ChannelPipeline pipeline = socketChannel.pipeline();
                pipeline.addLast(new ChannelHandler[]{!sSLEngineTestParam.delegate ? SSLEngineTest.this.serverSslCtx.newHandler(socketChannel.alloc()) : SSLEngineTest.this.serverSslCtx.newHandler(socketChannel.alloc(), SSLEngineTest.this.delegatingExecutor)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.9.1
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) {
                        if ((obj instanceof SslHandshakeCompletionEvent) && ((SslHandshakeCompletionEvent) obj).isSuccess()) {
                            channelHandlerContext.writeAndFlush(channelHandlerContext.alloc().buffer(1).writeByte(100));
                        }
                        channelHandlerContext.fireUserEventTriggered(obj);
                    }

                    public void channelRead(final ChannelHandlerContext channelHandlerContext, Object obj) {
                        ReferenceCountUtil.release(obj);
                        channelHandlerContext.channel().eventLoop().schedule(new Runnable() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.9.1.1
                            @Override // java.lang.Runnable
                            public void run() {
                                channelHandlerContext.writeAndFlush(channelHandlerContext.alloc().buffer(1).writeByte(101));
                            }
                        }, 500L, TimeUnit.MILLISECONDS);
                    }

                    public void channelInactive(ChannelHandlerContext channelHandlerContext) {
                        SSLEngineTest.this.serverLatch.countDown();
                    }
                }});
                SSLEngineTest.this.serverConnectedChannel = socketChannel;
            }
        });
        this.serverChannel = this.sb.bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(InsecureTrustManagerFactory.INSTANCE).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        this.cb = new Bootstrap();
        this.cb.group(new NioEventLoopGroup(1)).channel(NioSocketChannel.class).handler(new ChannelInitializer<SocketChannel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.10
            public void initChannel(SocketChannel socketChannel) {
                socketChannel.config().setAllocator(new TestByteBufAllocator(socketChannel.config().getAllocator(), sSLEngineTestParam.type()));
                ChannelPipeline pipeline = socketChannel.pipeline();
                SslHandler newHandler = !sSLEngineTestParam.delegate ? SSLEngineTest.this.clientSslCtx.newHandler(socketChannel.alloc()) : SSLEngineTest.this.clientSslCtx.newHandler(socketChannel.alloc(), SSLEngineTest.this.delegatingExecutor);
                newHandler.setHandshakeTimeout(1L, TimeUnit.SECONDS);
                pipeline.addLast(new ChannelHandler[]{newHandler});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.10.1
                    private int handshakeCount;

                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) {
                        if (obj instanceof SslHandshakeCompletionEvent) {
                            int i = this.handshakeCount + 1;
                            this.handshakeCount = i;
                            if (i == 2) {
                                channelHandlerContext.close();
                                return;
                            }
                        }
                        channelHandlerContext.fireUserEventTriggered(obj);
                    }

                    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) {
                        ReferenceCountUtil.release(obj);
                        channelHandlerContext.writeAndFlush(channelHandlerContext.alloc().buffer(1).writeByte(102));
                        channelHandlerContext.pipeline().get(SslHandler.class).renegotiate();
                    }
                }});
            }
        });
        ChannelFuture connect = this.cb.connect(this.serverChannel.localAddress());
        Assertions.assertTrue(connect.syncUninterruptibly().isSuccess());
        this.clientChannel = connect.channel();
        this.serverLatch.await();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void testEnablingAnAlreadyDisabledSslProtocol(SSLEngineTestParam sSLEngineTestParam, String[] strArr, String[] strArr2) throws Exception {
        SSLEngine sSLEngine = null;
        try {
            this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(ResourcesUtil.getFile(getClass(), "test.crt"), ResourcesUtil.getFile(getClass(), "test_unencrypted.pem")).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
            sSLEngine = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine.setEnabledProtocols(EmptyArrays.EMPTY_STRINGS);
            Assertions.assertArrayEquals(strArr, sSLEngine.getEnabledProtocols());
            sSLEngine.setEnabledProtocols(new String[]{"TLSv1.2"});
            String[] enabledProtocols = sSLEngine.getEnabledProtocols();
            Assertions.assertEquals(strArr2.length, enabledProtocols.length);
            Assertions.assertArrayEquals(strArr2, enabledProtocols);
            if (sSLEngine != null) {
                sSLEngine.closeInbound();
                sSLEngine.closeOutbound();
                cleanupServerSslEngine(sSLEngine);
            }
        } catch (Throwable th) {
            if (sSLEngine != null) {
                sSLEngine.closeInbound();
                sSLEngine.closeOutbound();
                cleanupServerSslEngine(sSLEngine);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handshake(BufferType bufferType, boolean z, SSLEngine sSLEngine, SSLEngine sSLEngine2) throws Exception {
        ByteBuffer allocateBuffer = allocateBuffer(bufferType, sSLEngine.getSession().getPacketBufferSize());
        ByteBuffer allocateBuffer2 = allocateBuffer(bufferType, sSLEngine2.getSession().getPacketBufferSize());
        ByteBuffer allocateBuffer3 = allocateBuffer(bufferType, sSLEngine2.getSession().getApplicationBufferSize());
        ByteBuffer allocateBuffer4 = allocateBuffer(bufferType, sSLEngine.getSession().getApplicationBufferSize());
        Assertions.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, sSLEngine.getHandshakeStatus());
        Assertions.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, sSLEngine2.getHandshakeStatus());
        sSLEngine.beginHandshake();
        sSLEngine2.beginHandshake();
        ByteBuffer allocateBuffer5 = allocateBuffer(bufferType, 0);
        boolean z2 = false;
        boolean z3 = false;
        while (true) {
            int position = allocateBuffer.position();
            int position2 = allocateBuffer2.position();
            if (!z2) {
                SSLEngineResult wrap = sSLEngine.wrap(allocateBuffer5, allocateBuffer);
                runDelegatedTasks(z, wrap, sSLEngine);
                Assertions.assertEquals(allocateBuffer5.remaining(), wrap.bytesConsumed());
                Assertions.assertEquals(allocateBuffer.position() - position, wrap.bytesProduced());
                z2 = assertHandshakeStatus(sSLEngine, wrap);
                if (wrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                    allocateBuffer = increaseDstBuffer(sSLEngine.getSession().getPacketBufferSize(), bufferType, allocateBuffer);
                }
            }
            if (!z3) {
                SSLEngineResult wrap2 = sSLEngine2.wrap(allocateBuffer5, allocateBuffer2);
                runDelegatedTasks(z, wrap2, sSLEngine2);
                Assertions.assertEquals(allocateBuffer5.remaining(), wrap2.bytesConsumed());
                Assertions.assertEquals(allocateBuffer2.position() - position2, wrap2.bytesProduced());
                z3 = assertHandshakeStatus(sSLEngine2, wrap2);
                if (wrap2.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                    allocateBuffer2 = increaseDstBuffer(sSLEngine2.getSession().getPacketBufferSize(), bufferType, allocateBuffer2);
                }
            }
            allocateBuffer.flip();
            allocateBuffer2.flip();
            int position3 = allocateBuffer.position();
            int position4 = allocateBuffer2.position();
            if (z2 && !"TLSv1.3".equals(sSLEngine.getSession().getProtocol())) {
                Assertions.assertEquals(0, allocateBuffer2.remaining());
            } else if (allocateBuffer2.hasRemaining() || Conscrypt.isEngineSupported(sSLEngine)) {
                int position5 = allocateBuffer4.position();
                SSLEngineResult unwrap = sSLEngine.unwrap(allocateBuffer2, allocateBuffer4);
                runDelegatedTasks(z, unwrap, sSLEngine);
                Assertions.assertEquals(allocateBuffer2.position() - position4, unwrap.bytesConsumed());
                Assertions.assertEquals(allocateBuffer4.position() - position5, unwrap.bytesProduced());
                Assertions.assertEquals(0, allocateBuffer4.position());
                if (assertHandshakeStatus(sSLEngine, unwrap)) {
                    z2 = true;
                }
                if (unwrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                    allocateBuffer4 = increaseDstBuffer(sSLEngine.getSession().getApplicationBufferSize(), bufferType, allocateBuffer4);
                }
            }
            if (z3) {
                Assertions.assertFalse(allocateBuffer.hasRemaining());
            } else if (allocateBuffer.hasRemaining() || Conscrypt.isEngineSupported(sSLEngine2)) {
                int position6 = allocateBuffer3.position();
                SSLEngineResult unwrap2 = sSLEngine2.unwrap(allocateBuffer, allocateBuffer3);
                runDelegatedTasks(z, unwrap2, sSLEngine2);
                Assertions.assertEquals(allocateBuffer.position() - position3, unwrap2.bytesConsumed());
                Assertions.assertEquals(allocateBuffer3.position() - position6, unwrap2.bytesProduced());
                Assertions.assertEquals(0, allocateBuffer3.position());
                z3 = assertHandshakeStatus(sSLEngine2, unwrap2);
                if (unwrap2.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                    allocateBuffer3 = increaseDstBuffer(sSLEngine2.getSession().getApplicationBufferSize(), bufferType, allocateBuffer3);
                }
            }
            boolean compactOrClear = compactOrClear(allocateBuffer);
            boolean compactOrClear2 = compactOrClear(allocateBuffer2);
            allocateBuffer3.clear();
            allocateBuffer4.clear();
            if (z2 && z3 && !compactOrClear && !compactOrClear2) {
                return;
            }
        }
    }

    private static boolean compactOrClear(ByteBuffer byteBuffer) {
        if (byteBuffer.hasRemaining()) {
            byteBuffer.compact();
            return true;
        }
        byteBuffer.clear();
        return false;
    }

    private ByteBuffer increaseDstBuffer(int i, BufferType bufferType, ByteBuffer byteBuffer) {
        Assumptions.assumeFalse(i == byteBuffer.remaining());
        byteBuffer.flip();
        ByteBuffer allocateBuffer = allocateBuffer(bufferType, i + byteBuffer.remaining());
        allocateBuffer.put(byteBuffer);
        return allocateBuffer;
    }

    private static boolean assertHandshakeStatus(SSLEngine sSLEngine, SSLEngineResult sSLEngineResult) {
        if (sSLEngineResult.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.FINISHED) {
            return false;
        }
        Assertions.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, sSLEngine.getHandshakeStatus());
        return true;
    }

    private void runDelegatedTasks(boolean z, SSLEngineResult sSLEngineResult, SSLEngine sSLEngine) {
        if (sSLEngineResult.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_TASK) {
            return;
        }
        while (true) {
            Runnable delegatedTask = sSLEngine.getDelegatedTask();
            if (delegatedTask == null) {
                return;
            }
            if (z) {
                this.delegatingExecutor.execute(delegatedTask);
            } else {
                delegatedTask.run();
            }
        }
    }

    protected abstract SslProvider sslClientProvider();

    protected abstract SslProvider sslServerProvider();

    /* JADX INFO: Access modifiers changed from: protected */
    public Provider clientSslContextProvider() {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Provider serverSslContextProvider() {
        return null;
    }

    protected void cleanupClientSslContext(SslContext sslContext) {
    }

    protected void cleanupServerSslContext(SslContext sslContext) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void cleanupClientSslEngine(SSLEngine sSLEngine) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void cleanupServerSslEngine(SSLEngine sSLEngine) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setupHandlers(SSLEngineTestParam sSLEngineTestParam, ApplicationProtocolConfig applicationProtocolConfig) throws InterruptedException, SSLException, CertificateException {
        setupHandlers(sSLEngineTestParam, applicationProtocolConfig, applicationProtocolConfig);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setupHandlers(SSLEngineTestParam sSLEngineTestParam, ApplicationProtocolConfig applicationProtocolConfig, ApplicationProtocolConfig applicationProtocolConfig2) throws InterruptedException, SSLException, CertificateException {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        SslContextBuilder sessionTimeout = SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey(), (String) null).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).applicationProtocolConfig(applicationProtocolConfig).sessionCacheSize(0L).sessionTimeout(0L);
        if (applicationProtocolConfig.protocol() == ApplicationProtocolConfig.Protocol.NPN || applicationProtocolConfig.protocol() == ApplicationProtocolConfig.Protocol.NPN_AND_ALPN) {
            sessionTimeout.protocols(new String[]{"TLSv1.2"});
        }
        SslContextBuilder sessionTimeout2 = SslContextBuilder.forClient().sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).applicationProtocolConfig(applicationProtocolConfig2).trustManager(InsecureTrustManagerFactory.INSTANCE).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0L).sessionTimeout(0L);
        if (applicationProtocolConfig2.protocol() == ApplicationProtocolConfig.Protocol.NPN || applicationProtocolConfig2.protocol() == ApplicationProtocolConfig.Protocol.NPN_AND_ALPN) {
            sessionTimeout2.protocols(new String[]{"TLSv1.2"});
        }
        setupHandlers(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapContext(sSLEngineTestParam, sessionTimeout.build()), wrapContext(sSLEngineTestParam, sessionTimeout2.build()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setupHandlers(BufferType bufferType, boolean z, SslContext sslContext, SslContext sslContext2) throws InterruptedException, SSLException, CertificateException {
        this.serverSslCtx = sslContext;
        this.clientSslCtx = sslContext2;
        setupServer(bufferType, z);
        setupClient(bufferType, z, null, 0);
        ChannelFuture connect = this.cb.connect(this.serverChannel.localAddress());
        Assertions.assertTrue(connect.syncUninterruptibly().isSuccess());
        this.clientChannel = connect.channel();
    }

    private void setupServer(final BufferType bufferType, final boolean z) {
        this.serverConnectedChannel = null;
        this.sb = new ServerBootstrap();
        this.sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
        this.sb.channel(NioServerSocketChannel.class);
        this.sb.childHandler(new ChannelInitializer<Channel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.11
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), bufferType));
                ChannelPipeline pipeline = channel.pipeline();
                SslHandler newHandler = !z ? SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor);
                SSLEngineTest.this.serverSslHandshakeFuture = newHandler.handshakeFuture();
                pipeline.addLast(new ChannelHandler[]{newHandler});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.serverReceiver, SSLEngineTest.this.serverLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.11.1
                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLHandshakeException)) {
                            channelHandlerContext.fireExceptionCaught(th);
                            return;
                        }
                        SSLEngineTest.this.serverException = th.getCause();
                        SSLEngineTest.this.serverLatch.countDown();
                    }
                }});
                SSLEngineTest.this.serverConnectedChannel = channel;
            }
        });
        this.serverChannel = this.sb.bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
    }

    private void setupClient(final BufferType bufferType, final boolean z, final String str, final int i) {
        this.cb = new Bootstrap();
        this.cb.group(new NioEventLoopGroup());
        this.cb.channel(NioSocketChannel.class);
        this.cb.handler(new ChannelInitializer<Channel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.12
            protected void initChannel(Channel channel) throws Exception {
                SslHandler newHandler;
                TestByteBufAllocator testByteBufAllocator = new TestByteBufAllocator(channel.config().getAllocator(), bufferType);
                channel.config().setAllocator(testByteBufAllocator);
                ChannelPipeline pipeline = channel.pipeline();
                if (z) {
                    newHandler = str != null ? SSLEngineTest.this.clientSslCtx.newHandler(testByteBufAllocator, str, i, SSLEngineTest.this.delegatingExecutor) : SSLEngineTest.this.clientSslCtx.newHandler(testByteBufAllocator, SSLEngineTest.this.delegatingExecutor);
                } else {
                    newHandler = str != null ? SSLEngineTest.this.clientSslCtx.newHandler(testByteBufAllocator, str, i) : SSLEngineTest.this.clientSslCtx.newHandler(testByteBufAllocator);
                }
                SSLEngineTest.this.clientSslHandshakeFuture = newHandler.handshakeFuture();
                pipeline.addLast(new ChannelHandler[]{newHandler});
                pipeline.addLast(new ChannelHandler[]{new MessageDelegatorChannelHandler(SSLEngineTest.this.clientReceiver, SSLEngineTest.this.clientLatch)});
                pipeline.addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.12.1
                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if (!(th.getCause() instanceof SSLHandshakeException)) {
                            channelHandlerContext.fireExceptionCaught(th);
                            return;
                        }
                        SSLEngineTest.this.clientException = th.getCause();
                        SSLEngineTest.this.clientLatch.countDown();
                    }

                    public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
                        SSLEngineTest.this.clientLatch.countDown();
                    }
                }});
            }
        });
    }

    @MethodSource({"newTestParams"})
    @Timeout(30)
    @ParameterizedTest
    public void testMutualAuthSameCertChain(final SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        SelfSignedCertificate selfSignedCertificate2 = new SelfSignedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).trustManager(new X509Certificate[]{selfSignedCertificate2.cert()}).clientAuth(ClientAuth.REQUIRE).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        this.sb = new ServerBootstrap();
        this.sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
        this.sb.channel(NioServerSocketChannel.class);
        final Promise newPromise = this.sb.config().group().next().newPromise();
        this.serverChannel = this.sb.childHandler(new ChannelInitializer<Channel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.13
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), sSLEngineTestParam.type()));
                channel.pipeline().addFirst(new ChannelHandler[]{!sSLEngineTestParam.delegate ? SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor)});
                channel.pipeline().addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.13.1
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if (obj instanceof SslHandshakeCompletionEvent) {
                            Throwable cause = ((SslHandshakeCompletionEvent) obj).cause();
                            if (cause != null) {
                                newPromise.setFailure(cause);
                                return;
                            }
                            SSLSession session = channelHandlerContext.pipeline().first().engine().getSession();
                            Certificate[] peerCertificates = session.getPeerCertificates();
                            if (peerCertificates == null) {
                                newPromise.setFailure(new NullPointerException("peerCertificates"));
                                return;
                            }
                            try {
                                javax.security.cert.X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
                                if (peerCertificateChain == null) {
                                    newPromise.setFailure(new NullPointerException("peerCertificateChain"));
                                } else if (peerCertificateChain.length + peerCertificates.length != 4) {
                                    newPromise.setFailure(new IllegalStateException(String.format("peerCertificateChain.length:%s, peerCertificates.length:%s", Integer.valueOf(peerCertificateChain.length), Integer.valueOf(peerCertificates.length))));
                                } else {
                                    for (int i = 0; i < peerCertificateChain.length; i++) {
                                        if (peerCertificateChain[i] == null || peerCertificates[i] == null) {
                                            newPromise.setFailure(new IllegalStateException("Certificate in chain is null"));
                                            return;
                                        }
                                    }
                                    newPromise.setSuccess((Object) null);
                                }
                            } catch (UnsupportedOperationException e) {
                                Assertions.assertTrue(PlatformDependent.javaVersion() >= 15);
                                Assertions.assertEquals(2, peerCertificates.length);
                                for (Certificate certificate : peerCertificates) {
                                    if (certificate == null) {
                                        newPromise.setFailure(new IllegalStateException("Certificate in chain is null"));
                                        return;
                                    }
                                }
                                newPromise.setSuccess((Object) null);
                            }
                        }
                    }
                }});
                SSLEngineTest.this.serverConnectedChannel = channel;
            }
        }).bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(Files.readAllBytes(selfSignedCertificate2.certificate().toPath()));
        byteArrayOutputStream.write(Files.readAllBytes(selfSignedCertificate.certificate().toPath()));
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().keyManager(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), new FileInputStream(selfSignedCertificate2.privateKey())).trustManager(new FileInputStream(selfSignedCertificate.certificate())).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        this.cb = new Bootstrap();
        this.cb.group(new NioEventLoopGroup());
        this.cb.channel(NioSocketChannel.class);
        this.clientChannel = this.cb.handler(new ChannelInitializer<Channel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.14
            protected void initChannel(Channel channel) throws Exception {
                channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), sSLEngineTestParam.type()));
                channel.pipeline().addLast(new ChannelHandler[]{new SslHandler(SSLEngineTest.this.wrapEngine(SSLEngineTest.this.clientSslCtx.newEngine(channel.alloc())))});
            }
        }).connect(this.serverChannel.localAddress()).syncUninterruptibly().channel();
        newPromise.syncUninterruptibly();
        selfSignedCertificate.delete();
        selfSignedCertificate2.delete();
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testUnwrapBehavior(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new X509Certificate[]{cachedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        byte[] bytes = "Hello World".getBytes(CharsetUtil.US_ASCII);
        try {
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type, wrapEngine.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type, wrapEngine2.getSession().getPacketBufferSize() * 2);
            ByteBuffer allocateBuffer3 = allocateBuffer(sSLEngineTestParam.type, wrapEngine2.getSession().getApplicationBufferSize());
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
            allocateBuffer.put(bytes, 0, 5);
            allocateBuffer.flip();
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer, allocateBuffer2);
            Assertions.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
            Assertions.assertEquals(5, wrap.bytesConsumed());
            Assertions.assertTrue(wrap.bytesProduced() > 0);
            Assertions.assertFalse(allocateBuffer.hasRemaining());
            allocateBuffer.clear();
            allocateBuffer.put(bytes, 5, 6);
            allocateBuffer.flip();
            SSLEngineResult wrap2 = wrapEngine.wrap(allocateBuffer, allocateBuffer2);
            Assertions.assertEquals(SSLEngineResult.Status.OK, wrap2.getStatus());
            Assertions.assertEquals(6, wrap2.bytesConsumed());
            Assertions.assertTrue(wrap2.bytesProduced() > 0);
            allocateBuffer2.flip();
            int remaining = allocateBuffer2.remaining();
            Assertions.assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, wrapEngine2.unwrap(allocateBuffer2, allocateBuffer(sSLEngineTestParam.type, 3)).getStatus());
            Assertions.assertEquals(remaining, allocateBuffer2.remaining());
            SSLEngineResult unwrap = wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3);
            Assertions.assertEquals(SSLEngineResult.Status.OK, unwrap.getStatus());
            Assertions.assertEquals(5, unwrap.bytesProduced());
            Assertions.assertTrue(allocateBuffer2.hasRemaining());
            SSLEngineResult unwrap2 = wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3);
            Assertions.assertEquals(SSLEngineResult.Status.OK, unwrap2.getStatus());
            Assertions.assertEquals(6, unwrap2.bytesProduced());
            Assertions.assertFalse(allocateBuffer2.hasRemaining());
            allocateBuffer3.flip();
            Assertions.assertEquals(ByteBuffer.wrap(bytes), allocateBuffer3);
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testProtocolMatch(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testProtocol(sSLEngineTestParam, false, new String[]{"TLSv1.2"}, new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"});
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testProtocolNoMatch(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testProtocol(sSLEngineTestParam, true, new String[]{"TLSv1.2"}, new String[]{"TLSv1", "TLSv1.1"});
    }

    private void testProtocol(final SSLEngineTestParam sSLEngineTestParam, boolean z, String[] strArr, String[] strArr2) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new X509Certificate[]{cachedCertificate.cert()}).sslProvider(sslClientProvider()).protocols(strArr).build());
        final SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).protocols(strArr2).build());
        final SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            if (z) {
                Assertions.assertThrows(SSLHandshakeException.class, new Executable() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.15
                    public void execute() throws Throwable {
                        SSLEngineTest.this.handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
                    }
                });
            } else {
                handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
            }
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    private String[] nonContiguousProtocols(SslProvider sslProvider) {
        return sslProvider != null ? new String[]{"TLSv1.2"} : new String[]{"TLSv1.2", "TLSv1"};
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testHandshakeCompletesWithNonContiguousProtocolsTLSv1_2CipherOnly(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).ciphers(Collections.singletonList("TLS_RSA_WITH_AES_128_CBC_SHA")).protocols(nonContiguousProtocols(sslClientProvider())).sslContextProvider(clientSslContextProvider()).sslProvider(sslClientProvider()).build());
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).ciphers(Collections.singletonList("TLS_RSA_WITH_AES_128_CBC_SHA")).protocols(nonContiguousProtocols(sslServerProvider())).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testHandshakeCompletesWithoutFilteringSupportedCipher(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).ciphers(Collections.singletonList("TLS_RSA_WITH_AES_128_CBC_SHA"), SupportedCipherSuiteFilter.INSTANCE).protocols(nonContiguousProtocols(sslClientProvider())).sslContextProvider(clientSslContextProvider()).sslProvider(sslClientProvider()).build());
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).ciphers(Collections.singletonList("TLS_RSA_WITH_AES_128_CBC_SHA"), SupportedCipherSuiteFilter.INSTANCE).protocols(nonContiguousProtocols(sslServerProvider())).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testPacketBufferSizeLimit(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new X509Certificate[]{cachedCertificate.cert()}).sslContextProvider(clientSslContextProvider()).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), wrapEngine2.getSession().getApplicationBufferSize() * 2);
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
            allocateBuffer.position(allocateBuffer.capacity());
            allocateBuffer.flip();
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine2.getSession().getPacketBufferSize());
            int position = allocateBuffer2.position();
            int position2 = allocateBuffer.position();
            SSLEngineResult wrap = wrapEngine2.wrap(allocateBuffer, allocateBuffer2);
            Assertions.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
            Assertions.assertEquals(allocateBuffer.position() - position2, wrap.bytesConsumed());
            Assertions.assertEquals(allocateBuffer2.position() - position, wrap.bytesProduced());
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSSLEngineUnwrapNoSslRecord(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().sslContextProvider(clientSslContextProvider()).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        final SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            final ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), wrapEngine.getSession().getApplicationBufferSize());
            final ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine.getSession().getPacketBufferSize());
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer(sSLEngineTestParam.type(), 0), allocateBuffer2);
            Assertions.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
            Assertions.assertEquals(SSLEngineResult.HandshakeStatus.NEED_UNWRAP, wrap.getHandshakeStatus());
            Assertions.assertThrows(SSLException.class, new Executable() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.16
                public void execute() throws Throwable {
                    wrapEngine.unwrap(allocateBuffer, allocateBuffer2);
                }
            });
            cleanupClientSslEngine(wrapEngine);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testBeginHandshakeAfterEngineClosed(SSLEngineTestParam sSLEngineTestParam) throws SSLException {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().sslContextProvider(clientSslContextProvider()).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            wrapEngine.closeInbound();
            wrapEngine.closeOutbound();
            try {
                wrapEngine.beginHandshake();
                Assertions.fail();
            } catch (IllegalStateException e) {
                if (!Conscrypt.isEngineSupported(wrapEngine)) {
                    throw e;
                }
            } catch (SSLException e2) {
            }
        } finally {
            cleanupClientSslEngine(wrapEngine);
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testBeginHandshakeCloseOutbound(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().sslContextProvider(clientSslContextProvider()).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            testBeginHandshakeCloseOutbound(sSLEngineTestParam, wrapEngine);
            testBeginHandshakeCloseOutbound(sSLEngineTestParam, wrapEngine2);
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    private void testBeginHandshakeCloseOutbound(SSLEngineTestParam sSLEngineTestParam, SSLEngine sSLEngine) throws SSLException {
        ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), sSLEngine.getSession().getPacketBufferSize());
        ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), 0);
        sSLEngine.beginHandshake();
        sSLEngine.closeOutbound();
        while (true) {
            SSLEngineResult wrap = sSLEngine.wrap(allocateBuffer2, allocateBuffer);
            allocateBuffer.flip();
            Assertions.assertEquals(0, wrap.bytesConsumed());
            Assertions.assertEquals(allocateBuffer.remaining(), wrap.bytesProduced());
            if (wrap.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                Assertions.assertEquals(SSLEngineResult.Status.CLOSED, wrap.getStatus());
                return;
            }
            allocateBuffer.clear();
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testCloseInboundAfterBeginHandshake(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().sslContextProvider(clientSslContextProvider()).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            testCloseInboundAfterBeginHandshake(wrapEngine);
            testCloseInboundAfterBeginHandshake(wrapEngine2);
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    private static void testCloseInboundAfterBeginHandshake(SSLEngine sSLEngine) throws SSLException {
        sSLEngine.beginHandshake();
        try {
            sSLEngine.closeInbound();
            if (!Conscrypt.isEngineSupported(sSLEngine)) {
                Assertions.fail();
            }
        } catch (SSLException e) {
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testCloseNotifySequence(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new X509Certificate[]{cachedCertificate.cert()}).sslContextProvider(clientSslContextProvider()).sslProvider(sslClientProvider()).protocols(new String[]{"TLSv1.2"}).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).protocols(new String[]{"TLSv1.2"}).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), wrapEngine.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine2.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer3 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer4 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine2.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer5 = allocateBuffer(sSLEngineTestParam.type(), 0);
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
            wrapEngine.closeOutbound();
            Assertions.assertFalse(wrapEngine.isOutboundDone());
            Assertions.assertFalse(wrapEngine.isInboundDone());
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer5, allocateBuffer3);
            allocateBuffer3.flip();
            Assertions.assertEquals(SSLEngineResult.Status.CLOSED, wrap.getStatus());
            SSLEngineResult.HandshakeStatus handshakeStatus = wrap.getHandshakeStatus();
            if (sslClientProvider() == SslProvider.JDK || Conscrypt.isEngineSupported(wrapEngine)) {
                Assertions.assertTrue(handshakeStatus == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING || handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP);
            } else {
                Assertions.assertEquals(SSLEngineResult.HandshakeStatus.NEED_UNWRAP, handshakeStatus);
            }
            int bytesProduced = wrap.bytesProduced();
            int bytesConsumed = wrap.bytesConsumed();
            Assertions.assertTrue(bytesProduced > 0);
            Assertions.assertEquals(0, bytesConsumed);
            Assertions.assertEquals(bytesProduced, allocateBuffer3.remaining());
            Assertions.assertTrue(wrapEngine.isOutboundDone());
            Assertions.assertFalse(wrapEngine.isInboundDone());
            Assertions.assertFalse(wrapEngine2.isOutboundDone());
            Assertions.assertFalse(wrapEngine2.isInboundDone());
            SSLEngineResult unwrap = wrapEngine2.unwrap(allocateBuffer3, allocateBuffer2);
            allocateBuffer2.flip();
            Assertions.assertEquals(SSLEngineResult.Status.CLOSED, unwrap.getStatus());
            Assertions.assertEquals(SSLEngineResult.HandshakeStatus.NEED_WRAP, unwrap.getHandshakeStatus());
            int bytesProduced2 = unwrap.bytesProduced();
            Assertions.assertEquals(bytesProduced, unwrap.bytesConsumed());
            Assertions.assertEquals(0, bytesProduced2);
            Assertions.assertEquals(0, allocateBuffer3.remaining());
            Assertions.assertEquals(0, allocateBuffer2.remaining());
            Assertions.assertFalse(wrapEngine2.isOutboundDone());
            Assertions.assertTrue(wrapEngine2.isInboundDone());
            SSLEngineResult wrap2 = wrapEngine2.wrap(allocateBuffer5, allocateBuffer4);
            allocateBuffer4.flip();
            Assertions.assertEquals(SSLEngineResult.Status.CLOSED, wrap2.getStatus());
            Assertions.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, wrap2.getHandshakeStatus());
            int bytesProduced3 = wrap2.bytesProduced();
            int bytesConsumed2 = wrap2.bytesConsumed();
            Assertions.assertEquals(bytesProduced, bytesProduced3);
            Assertions.assertEquals(0, bytesConsumed2);
            Assertions.assertEquals(bytesProduced3, allocateBuffer4.remaining());
            Assertions.assertTrue(wrapEngine2.isOutboundDone());
            Assertions.assertTrue(wrapEngine2.isInboundDone());
            SSLEngineResult unwrap2 = wrapEngine.unwrap(allocateBuffer4, allocateBuffer);
            allocateBuffer.flip();
            Assertions.assertEquals(SSLEngineResult.Status.CLOSED, unwrap2.getStatus());
            Assertions.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, unwrap2.getHandshakeStatus());
            int bytesProduced4 = unwrap2.bytesProduced();
            Assertions.assertEquals(bytesProduced, unwrap2.bytesConsumed());
            Assertions.assertEquals(0, bytesProduced4);
            Assertions.assertEquals(0, allocateBuffer4.remaining());
            Assertions.assertTrue(wrapEngine.isOutboundDone());
            Assertions.assertTrue(wrapEngine.isInboundDone());
            allocateBuffer4.clear();
            allocateBuffer2.clear();
            assertEngineRemainsClosed(wrapEngine2.wrap(allocateBuffer2, allocateBuffer4));
            allocateBuffer3.clear();
            allocateBuffer2.clear();
            assertEngineRemainsClosed(wrapEngine2.unwrap(allocateBuffer3, allocateBuffer2));
            allocateBuffer3.clear();
            allocateBuffer.clear();
            assertEngineRemainsClosed(wrapEngine.wrap(allocateBuffer, allocateBuffer3));
            allocateBuffer4.clear();
            allocateBuffer.clear();
            assertEngineRemainsClosed(wrapEngine.unwrap(allocateBuffer4, allocateBuffer));
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    private static void assertEngineRemainsClosed(SSLEngineResult sSLEngineResult) {
        Assertions.assertEquals(SSLEngineResult.Status.CLOSED, sSLEngineResult.getStatus());
        Assertions.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, sSLEngineResult.getHandshakeStatus());
        Assertions.assertEquals(0, sSLEngineResult.bytesConsumed());
        Assertions.assertEquals(0, sSLEngineResult.bytesProduced());
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testWrapAfterCloseOutbound(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new X509Certificate[]{cachedCertificate.cert()}).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), wrapEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), 1024);
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
            wrapEngine.closeOutbound();
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer2, allocateBuffer);
            Assertions.assertEquals(SSLEngineResult.Status.CLOSED, wrap.getStatus());
            Assertions.assertEquals(0, wrap.bytesConsumed());
            Assertions.assertTrue(wrap.bytesProduced() > 0);
            Assertions.assertTrue(wrapEngine.isOutboundDone());
            Assertions.assertFalse(wrapEngine.isInboundDone());
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testMultipleRecordsInOneBufferWithNonZeroPosition(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new X509Certificate[]{cachedCertificate.cert()}).sslContextProvider(clientSslContextProvider()).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), 1024);
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine2.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer3 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer4 = allocateBuffer(sSLEngineTestParam.type(), (allocateBuffer3.capacity() * 2) + 1);
            allocateBuffer4.position(1);
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
            allocateBuffer.limit(allocateBuffer.capacity());
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer, allocateBuffer3);
            Assertions.assertEquals(allocateBuffer.capacity(), wrap.bytesConsumed());
            Assertions.assertTrue(wrap.bytesProduced() > 0);
            allocateBuffer3.flip();
            allocateBuffer4.put(allocateBuffer3);
            allocateBuffer.clear();
            allocateBuffer3.clear();
            SSLEngineResult wrap2 = wrapEngine.wrap(allocateBuffer, allocateBuffer3);
            Assertions.assertEquals(allocateBuffer.capacity(), wrap2.bytesConsumed());
            Assertions.assertTrue(wrap2.bytesProduced() > 0);
            allocateBuffer3.flip();
            int remaining = allocateBuffer3.remaining();
            allocateBuffer4.put(allocateBuffer3);
            allocateBuffer3.clear();
            allocateBuffer4.flip();
            allocateBuffer4.position(1);
            allocateBuffer4.limit(allocateBuffer4.limit() - (remaining - 1));
            SSLEngineResult unwrap = wrapEngine2.unwrap(allocateBuffer4, allocateBuffer2);
            Assertions.assertEquals(remaining, unwrap.bytesConsumed());
            Assertions.assertTrue(unwrap.bytesProduced() > 0);
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testMultipleRecordsInOneBufferBiggerThenPacketBufferSize(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new X509Certificate[]{cachedCertificate.cert()}).sslContextProvider(clientSslContextProvider()).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), 4096);
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine2.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer3 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine2.getSession().getPacketBufferSize() * 2);
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
            int remaining = allocateBuffer.remaining();
            int i = 0;
            while (true) {
                int position = allocateBuffer.position();
                int position2 = allocateBuffer3.position();
                SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer, allocateBuffer3);
                if (wrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                    Assertions.assertEquals(position, allocateBuffer.position());
                    Assertions.assertEquals(position2, allocateBuffer3.position());
                    break;
                }
                Assertions.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
                Assertions.assertEquals(remaining, wrap.bytesConsumed());
                Assertions.assertTrue(wrap.bytesProduced() > 0);
                allocateBuffer.clear();
                i++;
                if (allocateBuffer3.position() >= wrapEngine2.getSession().getPacketBufferSize()) {
                    break;
                }
            }
            Assertions.assertTrue(i >= 2);
            allocateBuffer3.flip();
            SSLEngineResult unwrap = wrapEngine2.unwrap(allocateBuffer3, allocateBuffer2);
            Assertions.assertEquals(SSLEngineResult.Status.OK, unwrap.getStatus());
            Assertions.assertTrue(unwrap.bytesConsumed() > 0);
            Assertions.assertTrue(unwrap.bytesProduced() > 0);
            Assertions.assertTrue(allocateBuffer3.hasRemaining());
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testBufferUnderFlow(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new X509Certificate[]{cachedCertificate.cert()}).sslContextProvider(clientSslContextProvider()).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), 1024);
            allocateBuffer.limit(allocateBuffer.capacity());
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer3 = allocateBuffer(sSLEngineTestParam.type(), wrapEngine2.getSession().getApplicationBufferSize());
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
            SSLEngineResult wrap = wrapEngine.wrap(allocateBuffer, allocateBuffer2);
            Assertions.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
            Assertions.assertEquals(wrap.bytesConsumed(), allocateBuffer.capacity());
            allocateBuffer2.flip();
            int remaining = allocateBuffer2.remaining();
            allocateBuffer2.limit(4);
            assertResultIsBufferUnderflow(wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3));
            allocateBuffer2.limit(5);
            assertResultIsBufferUnderflow(wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3));
            allocateBuffer2.limit(((5 + remaining) - 1) - 5);
            assertResultIsBufferUnderflow(wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3));
            allocateBuffer2.limit(remaining);
            SSLEngineResult unwrap = wrapEngine2.unwrap(allocateBuffer2, allocateBuffer3);
            Assertions.assertEquals(SSLEngineResult.Status.OK, unwrap.getStatus());
            Assertions.assertEquals(unwrap.bytesConsumed(), remaining);
            Assertions.assertTrue(unwrap.bytesProduced() > 0);
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    private static void assertResultIsBufferUnderflow(SSLEngineResult sSLEngineResult) {
        Assertions.assertEquals(SSLEngineResult.Status.BUFFER_UNDERFLOW, sSLEngineResult.getStatus());
        Assertions.assertEquals(0, sSLEngineResult.bytesConsumed());
        Assertions.assertEquals(0, sSLEngineResult.bytesProduced());
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testWrapDoesNotZeroOutSrc(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new X509Certificate[]{cachedCertificate.cert()}).sslContextProvider(clientSslContextProvider()).sslProvider(sslClientProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), wrapEngine2.getSession().getApplicationBufferSize() / 2);
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
            for (int i = 0; i < allocateBuffer.capacity(); i++) {
                allocateBuffer.put(i, (byte) i);
            }
            allocateBuffer.position(allocateBuffer.capacity());
            allocateBuffer.flip();
            SSLEngineResult wrap = wrapEngine2.wrap(allocateBuffer, allocateBuffer(sSLEngineTestParam.type(), wrapEngine2.getSession().getPacketBufferSize()));
            Assertions.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
            Assertions.assertTrue(wrap.bytesConsumed() > 0);
            for (int i2 = 0; i2 < allocateBuffer.capacity(); i2++) {
                Assertions.assertEquals((byte) i2, allocateBuffer.get(i2));
            }
        } finally {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testDisableProtocols(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testDisableProtocols(sSLEngineTestParam, "SSLv2", "SSLv2");
        testDisableProtocols(sSLEngineTestParam, "SSLv3", "SSLv2", "SSLv3");
        testDisableProtocols(sSLEngineTestParam, "TLSv1", "SSLv2", "SSLv3", "TLSv1");
        testDisableProtocols(sSLEngineTestParam, "TLSv1.1", "SSLv2", "SSLv3", "TLSv1", "TLSv1.1");
        testDisableProtocols(sSLEngineTestParam, "TLSv1.2", "SSLv2", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
    }

    private void testDisableProtocols(SSLEngineTestParam sSLEngineTestParam, String str, String... strArr) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        SslContext wrapContext = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine wrapEngine = wrapEngine(wrapContext.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            HashSet hashSet = new HashSet(Arrays.asList(wrapEngine.getSupportedProtocols()));
            if (hashSet.contains(str)) {
                wrapEngine.setEnabledProtocols(wrapEngine.getSupportedProtocols());
                Assertions.assertEquals(hashSet, new HashSet(Arrays.asList(wrapEngine.getSupportedProtocols())));
                for (String str2 : strArr) {
                    hashSet.remove(str2);
                }
                if (hashSet.contains("SSLv2Hello") && hashSet.size() == 1) {
                    return;
                }
                wrapEngine.setEnabledProtocols((String[]) hashSet.toArray(new String[0]));
                Assertions.assertEquals(hashSet, new HashSet(Arrays.asList(wrapEngine.getEnabledProtocols())));
                wrapEngine.setEnabledProtocols(wrapEngine.getSupportedProtocols());
            }
            cleanupServerSslEngine(wrapEngine);
            cleanupClientSslContext(wrapContext);
        } finally {
            cleanupServerSslEngine(wrapEngine);
            cleanupClientSslContext(wrapContext);
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testUsingX509TrustManagerVerifiesHostname(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testUsingX509TrustManagerVerifiesHostname(sSLEngineTestParam, false);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testUsingX509TrustManagerVerifiesSNIHostname(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testUsingX509TrustManagerVerifiesHostname(sSLEngineTestParam, true);
    }

    private void testUsingX509TrustManagerVerifiesHostname(SSLEngineTestParam sSLEngineTestParam, boolean z) throws Exception {
        if (clientSslContextProvider() != null) {
            return;
        }
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate("something.netty.io");
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new TrustManagerFactory(new TrustManagerFactorySpi() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.17
            @Override // javax.net.ssl.TrustManagerFactorySpi
            protected void engineInit(KeyStore keyStore) {
            }

            @Override // javax.net.ssl.TrustManagerFactorySpi
            protected TrustManager[] engineGetTrustManagers() {
                return new TrustManager[]{new X509TrustManager() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.17.1
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return EmptyArrays.EMPTY_X509_CERTIFICATES;
                    }
                }};
            }

            @Override // javax.net.ssl.TrustManagerFactorySpi
            protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
            }
        }, null, TrustManagerFactory.getDefaultAlgorithm()) { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.18
        }).sslContextProvider(clientSslContextProvider()).sslProvider(sslClientProvider()).build());
        SSLEngine wrapEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT, "127.0.0.1", 1234));
        SSLParameters sSLParameters = wrapEngine.getSSLParameters();
        sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
        if (z) {
            sSLParameters.setServerNames(Collections.singletonList(new SNIHostName("something.netty.io")));
        }
        wrapEngine.setSSLParameters(sSLParameters);
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).build());
        SSLEngine wrapEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        try {
            try {
                handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), wrapEngine, wrapEngine2);
                if (!z) {
                    Assertions.fail();
                }
                cleanupClientSslEngine(wrapEngine);
                cleanupServerSslEngine(wrapEngine2);
            } catch (SSLException e) {
                if (z) {
                    throw e;
                }
                cleanupClientSslEngine(wrapEngine);
                cleanupServerSslEngine(wrapEngine2);
            }
        } catch (Throwable th) {
            cleanupClientSslEngine(wrapEngine);
            cleanupServerSslEngine(wrapEngine2);
            throw th;
        }
    }

    @Test
    public void testInvalidCipher() throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, ((SSLSocketFactory) SSLSocketFactory.getDefault()).getDefaultCipherSuites());
        arrayList.add("InvalidCipher");
        SSLEngine sSLEngine = null;
        try {
            this.serverSslCtx = wrapContext(null, SslContextBuilder.forServer(cachedCertificate.key(), new X509Certificate[]{cachedCertificate.cert()}).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).ciphers(arrayList).build());
            sSLEngine = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            Assertions.fail();
            cleanupServerSslEngine(sSLEngine);
        } catch (IllegalArgumentException e) {
            cleanupServerSslEngine(sSLEngine);
        } catch (SSLException e2) {
            cleanupServerSslEngine(sSLEngine);
        } catch (Throwable th) {
            cleanupServerSslEngine(sSLEngine);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testGetCiphersuite(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            String cipherSuite = sSLEngine.getSession().getCipherSuite();
            Assertions.assertEquals(cipherSuite, sSLEngine2.getSession().getCipherSuite());
            Assertions.assertEquals(sSLEngineTestParam.protocolCipherCombo.cipher, cipherSuite);
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionCache(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        doHandshakeVerifyReusedAndClose(sSLEngineTestParam, "a.netty.io", 9999, false);
        doHandshakeVerifyReusedAndClose(sSLEngineTestParam, "a.netty.io", 9999, true);
        doHandshakeVerifyReusedAndClose(sSLEngineTestParam, "b.netty.io", 9999, false);
        invalidateSessionsAndAssert(this.serverSslCtx.sessionContext());
        invalidateSessionsAndAssert(this.clientSslCtx.sessionContext());
    }

    protected void invalidateSessionsAndAssert(SSLSessionContext sSLSessionContext) {
        Enumeration<byte[]> ids = sSLSessionContext.getIds();
        while (ids.hasMoreElements()) {
            byte[] nextElement = ids.nextElement();
            SSLSession session = sSLSessionContext.getSession(nextElement);
            if (session != null) {
                session.invalidate();
                Assertions.assertFalse(session.isValid());
                Assertions.assertNull(sSLSessionContext.getSession(nextElement));
            }
        }
    }

    private static void assertSessionCache(SSLSessionContext sSLSessionContext, int i) {
        Enumeration<byte[]> ids = sSLSessionContext.getIds();
        int i2 = 0;
        while (ids.hasMoreElements()) {
            i2++;
            byte[] nextElement = ids.nextElement();
            Assertions.assertNotEquals(0, nextElement.length);
            Assertions.assertArrayEquals(nextElement, sSLSessionContext.getSession(nextElement).getId());
        }
        Assertions.assertEquals(i, i2);
    }

    private void doHandshakeVerifyReusedAndClose(SSLEngineTestParam sSLEngineTestParam, String str, int i, boolean z) throws Exception {
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT, str, i));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            int currentSessionCacheSize = currentSessionCacheSize(this.clientSslCtx.sessionContext());
            int currentSessionCacheSize2 = currentSessionCacheSize(this.serverSslCtx.sessionContext());
            SessionReusedState sessionReusedState = SessionReusedState.NOT_REUSED;
            SessionReusedState sessionReusedState2 = SessionReusedState.NOT_REUSED;
            if (sSLEngineTestParam.protocolCipherCombo == ProtocolCipherCombo.TLSV13) {
                ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), 32768);
                ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), 32768);
                allocateBuffer2.clear().position(4).flip();
                allocateBuffer.clear();
                while (true) {
                    SSLEngineResult wrap = sSLEngine2.wrap(allocateBuffer2, allocateBuffer);
                    if (!allocateBuffer2.hasRemaining() && wrap.bytesProduced() <= 0) {
                        allocateBuffer2.clear();
                        allocateBuffer.flip();
                        while (true) {
                            SSLEngineResult unwrap = sSLEngine.unwrap(allocateBuffer, allocateBuffer2);
                            if (!allocateBuffer.hasRemaining() && unwrap.bytesProduced() <= 0) {
                                break;
                            }
                        }
                        allocateBuffer.clear();
                        allocateBuffer2.clear().position(4).flip();
                        while (true) {
                            SSLEngineResult wrap2 = sSLEngine.wrap(allocateBuffer2, allocateBuffer);
                            if (!allocateBuffer2.hasRemaining() && wrap2.bytesProduced() <= 0) {
                                break;
                            }
                        }
                        allocateBuffer2.clear();
                        allocateBuffer.flip();
                        while (true) {
                            SSLEngineResult unwrap2 = sSLEngine2.unwrap(allocateBuffer, allocateBuffer2);
                            if (!allocateBuffer.hasRemaining() && unwrap2.bytesProduced() <= 0) {
                                break;
                            }
                        }
                        allocateBuffer.clear();
                        allocateBuffer2.clear().position(4).flip();
                        int currentSessionCacheSize3 = currentSessionCacheSize(this.clientSslCtx.sessionContext());
                        int currentSessionCacheSize4 = currentSessionCacheSize(this.serverSslCtx.sessionContext());
                        sessionReusedState = isSessionReused(sSLEngine);
                        SessionReusedState isSessionReused = isSessionReused(sSLEngine2);
                        if (!z || (sessionReusedState != SessionReusedState.NOT_REUSED && isSessionReused != SessionReusedState.NOT_REUSED)) {
                            if (!z) {
                                if (currentSessionCacheSize3 >= currentSessionCacheSize && currentSessionCacheSize4 >= currentSessionCacheSize2) {
                                    break;
                                }
                            } else {
                                break;
                            }
                        }
                    }
                }
            }
            assertSessionReusedForEngine(sSLEngine, sSLEngine2, z);
            if (!z) {
                Thread.sleep(1L);
                sSLEngine.getSession().putValue("key", Boolean.TRUE);
            } else if (sessionReusedState != SessionReusedState.NOT_REUSED) {
                if (!Conscrypt.isEngineSupported(sSLEngine)) {
                    Assertions.assertEquals(Boolean.TRUE, sSLEngine.getSession().getValue("key"));
                }
                MatcherAssert.assertThat(Long.valueOf(sSLEngine.getSession().getLastAccessedTime()), CoreMatchers.is(sessionReusedState == SessionReusedState.REUSED ? Matchers.greaterThan(Long.valueOf(sSLEngine.getSession().getCreationTime())) : Matchers.greaterThanOrEqualTo(Long.valueOf(sSLEngine.getSession().getCreationTime()))));
            }
            closeOutboundAndInbound(sSLEngineTestParam.type(), sSLEngine, sSLEngine2);
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    protected SessionReusedState isSessionReused(SSLEngine sSLEngine) {
        return SessionReusedState.MAYBE_REUSED;
    }

    private static int currentSessionCacheSize(SSLSessionContext sSLSessionContext) {
        Enumeration<byte[]> ids = sSLSessionContext.getIds();
        int i = 0;
        while (ids.hasMoreElements()) {
            i++;
            ids.nextElement();
        }
        return i;
    }

    private void closeOutboundAndInbound(BufferType bufferType, SSLEngine sSLEngine, SSLEngine sSLEngine2) throws SSLException {
        Assertions.assertFalse(sSLEngine.isInboundDone());
        Assertions.assertFalse(sSLEngine.isOutboundDone());
        Assertions.assertFalse(sSLEngine2.isInboundDone());
        Assertions.assertFalse(sSLEngine2.isOutboundDone());
        ByteBuffer allocateBuffer = allocateBuffer(bufferType, 0);
        ByteBuffer allocateBuffer2 = allocateBuffer(bufferType, sSLEngine.getSession().getPacketBufferSize() * 4);
        ByteBuffer allocateBuffer3 = allocateBuffer(bufferType, sSLEngine2.getSession().getPacketBufferSize() * 4);
        ByteBuffer allocateBuffer4 = allocateBuffer(bufferType, sSLEngine.getSession().getApplicationBufferSize() * 4);
        ByteBuffer allocateBuffer5 = allocateBuffer(bufferType, sSLEngine2.getSession().getApplicationBufferSize() * 4);
        sSLEngine.closeOutbound();
        while (true) {
            SSLEngineResult wrap = sSLEngine.wrap(allocateBuffer, allocateBuffer2);
            if (wrap.getStatus() == SSLEngineResult.Status.CLOSED && wrap.bytesProduced() == 0) {
                break;
            } else {
                Assertions.assertTrue(allocateBuffer2.hasRemaining());
            }
        }
        allocateBuffer2.flip();
        while (true) {
            SSLEngineResult unwrap = sSLEngine2.unwrap(allocateBuffer2, allocateBuffer5);
            if (unwrap.getStatus() == SSLEngineResult.Status.CLOSED && unwrap.bytesProduced() == 0) {
                break;
            } else {
                Assertions.assertTrue(allocateBuffer5.hasRemaining());
            }
        }
        sSLEngine2.closeOutbound();
        while (true) {
            SSLEngineResult wrap2 = sSLEngine2.wrap(allocateBuffer, allocateBuffer3);
            if (wrap2.getStatus() == SSLEngineResult.Status.CLOSED && wrap2.bytesProduced() == 0) {
                break;
            } else {
                Assertions.assertTrue(allocateBuffer3.hasRemaining());
            }
        }
        allocateBuffer3.flip();
        while (true) {
            SSLEngineResult unwrap2 = sSLEngine.unwrap(allocateBuffer3, allocateBuffer4);
            if (unwrap2.getStatus() == SSLEngineResult.Status.CLOSED && unwrap2.bytesProduced() == 0) {
                sSLEngine.closeInbound();
                sSLEngine2.closeInbound();
                return;
            }
            Assertions.assertTrue(allocateBuffer4.hasRemaining());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertSessionReusedForEngine(SSLEngine sSLEngine, SSLEngine sSLEngine2, boolean z) {
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionCacheTimeout(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).sessionTimeout(1L).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).sessionTimeout(1L).build());
        doHandshakeVerifyReusedAndClose(sSLEngineTestParam, "a.netty.io", 9999, false);
        Thread.sleep(1500L);
        assertSessionCache(this.serverSslCtx.sessionContext(), 0);
        assertSessionCache(this.clientSslCtx.sessionContext(), 0);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionCacheSize(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).sessionCacheSize(1L).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        doHandshakeVerifyReusedAndClose(sSLEngineTestParam, "a.netty.io", 9999, false);
        doHandshakeVerifyReusedAndClose(sSLEngineTestParam, "b.netty.io", 9999, false);
        doHandshakeVerifyReusedAndClose(sSLEngineTestParam, "b.netty.io", 9999, true);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionBindingEvent(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            SSLSession session = sSLEngine.getSession();
            Assertions.assertEquals(0, session.getValueNames().length);
            C1SSLSessionBindingEventValue c1SSLSessionBindingEventValue = new C1SSLSessionBindingEventValue();
            session.putValue("name", c1SSLSessionBindingEventValue);
            assertSSLSessionBindingEventValue("name", session, c1SSLSessionBindingEventValue.boundEvent);
            Assertions.assertNull(c1SSLSessionBindingEventValue.unboundEvent);
            Assertions.assertEquals(1, session.getValueNames().length);
            session.putValue("name2", "value");
            C1SSLSessionBindingEventValue c1SSLSessionBindingEventValue2 = new C1SSLSessionBindingEventValue();
            session.putValue("name", c1SSLSessionBindingEventValue2);
            Assertions.assertEquals(2, session.getValueNames().length);
            assertSSLSessionBindingEventValue("name", session, c1SSLSessionBindingEventValue.unboundEvent);
            assertSSLSessionBindingEventValue("name", session, c1SSLSessionBindingEventValue2.boundEvent);
            Assertions.assertNull(c1SSLSessionBindingEventValue2.unboundEvent);
            Assertions.assertEquals(2, session.getValueNames().length);
            session.removeValue("name");
            assertSSLSessionBindingEventValue("name", session, c1SSLSessionBindingEventValue2.unboundEvent);
            Assertions.assertEquals(1, session.getValueNames().length);
            session.removeValue("name2");
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    private static void assertSSLSessionBindingEventValue(String str, SSLSession sSLSession, SSLSessionBindingEvent sSLSessionBindingEvent) {
        Assertions.assertEquals(str, sSLSessionBindingEvent.getName());
        Assertions.assertEquals(sSLSession, sSLSessionBindingEvent.getSession());
        Assertions.assertEquals(sSLSession, sSLSessionBindingEvent.getSource());
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionAfterHandshake(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testSessionAfterHandshake0(sSLEngineTestParam, false, false);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionAfterHandshakeMutualAuth(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testSessionAfterHandshake0(sSLEngineTestParam, false, true);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionAfterHandshakeKeyManagerFactory(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testSessionAfterHandshake0(sSLEngineTestParam, true, false);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testSessionAfterHandshake0(sSLEngineTestParam, true, true);
    }

    private void testSessionAfterHandshake0(SSLEngineTestParam sSLEngineTestParam, boolean z, boolean z2) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        KeyManagerFactory buildKeyManagerFactory = z ? SslContext.buildKeyManagerFactory(new X509Certificate[]{cachedCertificate.cert()}, (String) null, cachedCertificate.key(), (String) null, (KeyManagerFactory) null, (String) null) : null;
        SslContextBuilder forClient = SslContextBuilder.forClient();
        if (z2) {
            if (buildKeyManagerFactory != null) {
                forClient.keyManager(buildKeyManagerFactory);
            } else {
                forClient.keyManager(cachedCertificate.key(), new X509Certificate[]{cachedCertificate.cert()});
            }
        }
        SimpleTrustManagerFactory constantTrustManagerFactory = new ConstantTrustManagerFactory(new EmptyExtendedX509TrustManager() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.19
            @Override // org.neo4j.driver.internal.shaded.io.netty.handler.ssl.EmptyExtendedX509TrustManager, javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
                if (!Conscrypt.isEngineSupported(sSLEngine)) {
                    Assertions.assertEquals(0, sSLEngine.getHandshakeSession().getValueNames().length);
                }
                sSLEngine.getHandshakeSession().putValue("handshake", Boolean.TRUE);
            }

            @Override // org.neo4j.driver.internal.shaded.io.netty.handler.ssl.EmptyExtendedX509TrustManager, javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
                if (!Conscrypt.isEngineSupported(sSLEngine)) {
                    Assertions.assertEquals(0, sSLEngine.getHandshakeSession().getValueNames().length);
                }
                sSLEngine.getHandshakeSession().putValue("handshake", Boolean.TRUE);
            }
        });
        this.clientSslCtx = wrapContext(sSLEngineTestParam, forClient.trustManager(constantTrustManagerFactory).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SslContextBuilder forServer = buildKeyManagerFactory != null ? SslContextBuilder.forServer(buildKeyManagerFactory) : SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey());
        if (z2) {
            forServer.clientAuth(ClientAuth.REQUIRE);
        }
        this.serverSslCtx = wrapContext(sSLEngineTestParam, forServer.trustManager(constantTrustManagerFactory).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine.getSession().putValue("key", Boolean.TRUE);
            Assertions.assertEquals(Boolean.TRUE, sSLEngine.getSession().getValue("key"));
            sSLEngine2.getSession().putValue("key", Boolean.TRUE);
            Assertions.assertEquals(Boolean.TRUE, sSLEngine2.getSession().getValue("key"));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            SSLSession session = sSLEngine.getSession();
            SSLSession session2 = sSLEngine2.getSession();
            if (!Conscrypt.isEngineSupported(sSLEngine)) {
                Assertions.assertNull(session.getValue("key"));
            }
            if (!Conscrypt.isEngineSupported(sSLEngine2)) {
                Assertions.assertNull(session2.getValue("key"));
            }
            session.removeValue("key");
            session2.removeValue("key");
            Assertions.assertNull(session.getPeerHost());
            Assertions.assertNull(session2.getPeerHost());
            Assertions.assertEquals(-1, session.getPeerPort());
            Assertions.assertEquals(-1, session2.getPeerPort());
            Assertions.assertTrue(session.getCreationTime() > 0);
            Assertions.assertTrue(session2.getCreationTime() > 0);
            Assertions.assertTrue(session.getLastAccessedTime() > 0);
            Assertions.assertTrue(session2.getLastAccessedTime() > 0);
            Assertions.assertEquals(session.getCreationTime(), session.getLastAccessedTime());
            Assertions.assertEquals(session2.getCreationTime(), session2.getLastAccessedTime());
            Assertions.assertEquals(sSLEngineTestParam.combo().protocol, session.getProtocol());
            Assertions.assertEquals(sSLEngineTestParam.combo().protocol, session2.getProtocol());
            Assertions.assertEquals(sSLEngineTestParam.combo().cipher, session.getCipherSuite());
            Assertions.assertEquals(sSLEngineTestParam.combo().cipher, session2.getCipherSuite());
            Assertions.assertNotNull(session.getId());
            Assertions.assertNotNull(session2.getId());
            Assertions.assertTrue(session.getApplicationBufferSize() > 0);
            Assertions.assertTrue(session2.getApplicationBufferSize() > 0);
            Assertions.assertTrue(session.getPacketBufferSize() > 0);
            Assertions.assertTrue(session2.getPacketBufferSize() > 0);
            Assertions.assertNotNull(session.getSessionContext());
            if (PlatformDependent.javaVersion() != 14) {
                Assertions.assertNotNull(session2.getSessionContext());
            }
            Object obj = new Object();
            if (!Conscrypt.isEngineSupported(sSLEngine)) {
                Assertions.assertEquals(1, session.getValueNames().length);
                Assertions.assertEquals(session.getValue("handshake"), Boolean.TRUE);
                session.removeValue("handshake");
            }
            if (z2 && !Conscrypt.isEngineSupported(sSLEngine2)) {
                Assertions.assertEquals(1, session2.getValueNames().length);
                Assertions.assertEquals(session2.getValue("handshake"), Boolean.TRUE);
                session2.removeValue("handshake");
            }
            Assertions.assertEquals(0, session.getValueNames().length);
            session.putValue("test", obj);
            Assertions.assertEquals("test", session.getValueNames()[0]);
            Assertions.assertSame(obj, session.getValue("test"));
            session.removeValue("test");
            Assertions.assertEquals(0, session.getValueNames().length);
            Assertions.assertEquals(0, session2.getValueNames().length);
            session2.putValue("test", obj);
            Assertions.assertEquals("test", session2.getValueNames()[0]);
            Assertions.assertSame(obj, session2.getValue("test"));
            session2.removeValue("test");
            Assertions.assertEquals(0, session2.getValueNames().length);
            Certificate[] localCertificates = session2.getLocalCertificates();
            Assertions.assertEquals(1, localCertificates.length);
            Assertions.assertArrayEquals(cachedCertificate.cert().getEncoded(), localCertificates[0].getEncoded());
            Principal localPrincipal = session2.getLocalPrincipal();
            Assertions.assertNotNull(localPrincipal);
            if (!z2) {
                Assertions.assertNull(session.getLocalCertificates());
                Assertions.assertNull(session.getLocalPrincipal());
                try {
                    session2.getPeerCertificates();
                    Assertions.fail();
                } catch (SSLPeerUnverifiedException e) {
                }
                additionalPeerAssertions(session2, z2);
                try {
                    session2.getPeerCertificateChain();
                    Assertions.fail();
                } catch (UnsupportedOperationException e2) {
                    Assertions.assertTrue(PlatformDependent.javaVersion() >= 15);
                } catch (SSLPeerUnverifiedException e3) {
                }
                try {
                    session2.getPeerPrincipal();
                    Assertions.fail();
                } catch (SSLPeerUnverifiedException e4) {
                }
                Certificate[] peerCertificates = session.getPeerCertificates();
                Assertions.assertEquals(1, peerCertificates.length);
                Assertions.assertArrayEquals(localCertificates[0].getEncoded(), peerCertificates[0].getEncoded());
                javax.security.cert.X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
                Assertions.assertEquals(1, peerCertificateChain.length);
                Assertions.assertArrayEquals(localCertificates[0].getEncoded(), peerCertificateChain[0].getEncoded());
                Assertions.assertEquals(localPrincipal, session.getPeerPrincipal());
                cleanupClientSslEngine(sSLEngine);
                cleanupServerSslEngine(sSLEngine2);
                return;
            }
            Certificate[] localCertificates2 = session.getLocalCertificates();
            Assertions.assertEquals(1, localCertificates2.length);
            Certificate[] peerCertificates2 = session2.getPeerCertificates();
            Assertions.assertEquals(1, peerCertificates2.length);
            Assertions.assertArrayEquals(localCertificates2[0].getEncoded(), peerCertificates2[0].getEncoded());
            additionalPeerAssertions(session2, z2);
            try {
                javax.security.cert.X509Certificate[] peerCertificateChain2 = session2.getPeerCertificateChain();
                Assertions.assertEquals(1, peerCertificateChain2.length);
                Assertions.assertArrayEquals(localCertificates2[0].getEncoded(), peerCertificateChain2[0].getEncoded());
            } catch (UnsupportedOperationException e5) {
                Assertions.assertTrue(PlatformDependent.javaVersion() >= 15);
            }
            Principal localPrincipal2 = session.getLocalPrincipal();
            Assertions.assertNotNull(localPrincipal2);
            Assertions.assertEquals(localPrincipal2, session2.getPeerPrincipal());
            Certificate[] peerCertificates3 = session.getPeerCertificates();
            Assertions.assertEquals(1, peerCertificates3.length);
            Assertions.assertArrayEquals(localCertificates[0].getEncoded(), peerCertificates3[0].getEncoded());
            try {
                javax.security.cert.X509Certificate[] peerCertificateChain3 = session.getPeerCertificateChain();
                Assertions.assertEquals(1, peerCertificateChain3.length);
                Assertions.assertArrayEquals(localCertificates[0].getEncoded(), peerCertificateChain3[0].getEncoded());
            } catch (UnsupportedOperationException e6) {
                Assertions.assertTrue(PlatformDependent.javaVersion() >= 15);
            }
            Assertions.assertEquals(localPrincipal, session.getPeerPrincipal());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            return;
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
        cleanupClientSslEngine(sSLEngine);
        cleanupServerSslEngine(sSLEngine2);
        throw th;
    }

    protected void additionalPeerAssertions(SSLSession sSLSession, boolean z) {
    }

    @MethodSource({"newTestParams"})
    @Timeout(value = 60, threadMode = Timeout.ThreadMode.SEPARATE_THREAD)
    @ParameterizedTest
    public void mustCallResumeTrustedOnSessionResumption(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        SessionValueSettingTrustManager sessionValueSettingTrustManager = new SessionValueSettingTrustManager("key", "client");
        SessionValueSettingTrustManager sessionValueSettingTrustManager2 = new SessionValueSettingTrustManager("key", "server");
        buildClientSslContextForMTLS(sSLEngineTestParam, cachedCertificate, sessionValueSettingTrustManager);
        buildServerSslContextForMTLS(sSLEngineTestParam, cachedCertificate, sessionValueSettingTrustManager2);
        final LinkedBlockingQueue linkedBlockingQueue = new LinkedBlockingQueue();
        final LinkedBlockingQueue linkedBlockingQueue2 = new LinkedBlockingQueue();
        OnNextMessage onNextMessage = new OnNextMessage() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.20
            @Override // org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.OnNextMessage
            public void messageReceived(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) throws Exception {
                byteBuf.release();
                SSLEngine engine = channelHandlerContext.pipeline().get(SslHandler.class).engine();
                SSLEngineTest.logger.debug("Client message received: {} ({}) {} {}", new Object[]{engine.getSession(), engine.getHandshakeStatus(), SSLEngineTest.this.isSessionReused(engine), Arrays.toString(engine.getSession().getValueNames())});
                linkedBlockingQueue.put((String) engine.getSession().getValue("key"));
            }
        };
        OnNextMessage onNextMessage2 = new OnNextMessage() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.21
            @Override // org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.OnNextMessage
            public void messageReceived(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) throws Exception {
                SSLEngine engine = channelHandlerContext.pipeline().get(SslHandler.class).engine();
                SSLEngineTest.logger.debug("Server message received: {} ({}) {} {}", new Object[]{engine.getSession(), engine.getHandshakeStatus(), SSLEngineTest.this.isSessionReused(engine), Arrays.toString(engine.getSession().getValueNames())});
                linkedBlockingQueue2.put((String) engine.getSession().getValue("key"));
                channelHandlerContext.writeAndFlush(byteBuf).addListener(ChannelFutureListener.CLOSE);
            }
        };
        setupServer(sSLEngineTestParam.type(), sSLEngineTestParam.delegate());
        InetSocketAddress inetSocketAddress = (InetSocketAddress) this.serverChannel.localAddress();
        setupClient(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), "a.netty.io", inetSocketAddress.getPort());
        for (int i = 0; i < 10; i++) {
            this.clientReceiver.onNextMessages.offer(onNextMessage);
            this.serverReceiver.onNextMessages.offer(onNextMessage2);
            ChannelFuture connect = this.cb.connect(inetSocketAddress);
            Assertions.assertTrue(connect.syncUninterruptibly().isSuccess());
            this.clientChannel = connect.channel();
            this.clientChannel.writeAndFlush(this.clientChannel.alloc().buffer().writeInt(42)).sync();
            Assertions.assertEquals("client", linkedBlockingQueue.take());
            Assertions.assertEquals("server", linkedBlockingQueue2.take());
            this.clientChannel.closeFuture().sync();
        }
        Assertions.assertTrue(this.clientReceiver.onNextMessages.isEmpty());
        Assertions.assertTrue(this.serverReceiver.onNextMessages.isEmpty());
        Assertions.assertTrue(linkedBlockingQueue.isEmpty());
        Assertions.assertTrue(linkedBlockingQueue2.isEmpty());
    }

    /* JADX WARN: Removed duplicated region for block: B:15:0x0170 A[LOOP:2: B:13:0x015b->B:15:0x0170, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:16:0x0179 A[SYNTHETIC] */
    @org.junit.jupiter.params.provider.MethodSource({"newTestParams"})
    @org.junit.jupiter.api.Timeout(value = 60, threadMode = org.junit.jupiter.api.Timeout.ThreadMode.SEPARATE_THREAD)
    @org.junit.jupiter.params.ParameterizedTest
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    void mustFailHandshakePromiseIfResumeServerTrustedThrows(org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.SSLEngineTestParam r8) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 378
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.mustFailHandshakePromiseIfResumeServerTrustedThrows(org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest$SSLEngineTestParam):void");
    }

    /* JADX WARN: Removed duplicated region for block: B:15:0x0170 A[LOOP:2: B:13:0x015b->B:15:0x0170, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:16:0x0179 A[SYNTHETIC] */
    @org.junit.jupiter.params.provider.MethodSource({"newTestParams"})
    @org.junit.jupiter.api.Timeout(value = 60, threadMode = org.junit.jupiter.api.Timeout.ThreadMode.SEPARATE_THREAD)
    @org.junit.jupiter.params.ParameterizedTest
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    void mustFailHandshakePromiseIfResumeClientTrustedThrows(org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.SSLEngineTestParam r8) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 378
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.mustFailHandshakePromiseIfResumeClientTrustedThrows(org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest$SSLEngineTestParam):void");
    }

    @MethodSource({"newTestParams"})
    @Timeout(value = 60, threadMode = Timeout.ThreadMode.SEPARATE_THREAD)
    @ParameterizedTest
    public void mustNotCallResumeWhenClientAuthIsOptionalAndNoClientCertIsProvided(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        SessionValueSettingTrustManager sessionValueSettingTrustManager = new SessionValueSettingTrustManager("key", "client");
        SessionValueSettingTrustManager sessionValueSettingTrustManager2 = new SessionValueSettingTrustManager("key", "server");
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(sessionValueSettingTrustManager).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).trustManager(sessionValueSettingTrustManager2).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).clientAuth(ClientAuth.OPTIONAL).build());
        final LinkedBlockingQueue linkedBlockingQueue = new LinkedBlockingQueue();
        final LinkedBlockingQueue linkedBlockingQueue2 = new LinkedBlockingQueue();
        OnNextMessage onNextMessage = new OnNextMessage() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.26
            @Override // org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.OnNextMessage
            public void messageReceived(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) throws Exception {
                byteBuf.release();
                SSLEngine engine = channelHandlerContext.pipeline().get(SslHandler.class).engine();
                SSLEngineTest.logger.debug("Client message received: {} ({}) {} {}", new Object[]{engine.getSession(), engine.getHandshakeStatus(), SSLEngineTest.this.isSessionReused(engine), Arrays.toString(engine.getSession().getValueNames())});
                linkedBlockingQueue.put((String) engine.getSession().getValue("key"));
            }
        };
        OnNextMessage onNextMessage2 = new OnNextMessage() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.27
            @Override // org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.OnNextMessage
            public void messageReceived(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) throws Exception {
                SSLEngine engine = channelHandlerContext.pipeline().get(SslHandler.class).engine();
                SSLEngineTest.logger.debug("Server message received: {} ({}) {} {}", new Object[]{engine.getSession(), engine.getHandshakeStatus(), SSLEngineTest.this.isSessionReused(engine), Arrays.toString(engine.getSession().getValueNames())});
                Object value = engine.getSession().getValue("key");
                linkedBlockingQueue2.put(value == null ? "NULL" : String.valueOf(value));
                channelHandlerContext.writeAndFlush(byteBuf).addListener(ChannelFutureListener.CLOSE);
            }
        };
        setupServer(sSLEngineTestParam.type(), sSLEngineTestParam.delegate());
        InetSocketAddress inetSocketAddress = (InetSocketAddress) this.serverChannel.localAddress();
        setupClient(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), "a.netty.io", inetSocketAddress.getPort());
        for (int i = 0; i < 10; i++) {
            this.clientReceiver.onNextMessages.offer(onNextMessage);
            this.serverReceiver.onNextMessages.offer(onNextMessage2);
            ChannelFuture connect = this.cb.connect(inetSocketAddress);
            Assertions.assertTrue(connect.syncUninterruptibly().isSuccess());
            this.clientChannel = connect.channel();
            this.clientChannel.writeAndFlush(this.clientChannel.alloc().buffer().writeInt(42)).sync();
            Assertions.assertEquals("client", linkedBlockingQueue.take());
            Assertions.assertEquals("NULL", linkedBlockingQueue2.take());
            this.clientChannel.closeFuture().sync();
        }
        Assertions.assertTrue(this.clientReceiver.onNextMessages.isEmpty());
        Assertions.assertTrue(this.serverReceiver.onNextMessages.isEmpty());
        Assertions.assertTrue(linkedBlockingQueue.isEmpty());
        Assertions.assertTrue(linkedBlockingQueue2.isEmpty());
    }

    private void buildClientSslContextForMTLS(SSLEngineTestParam sSLEngineTestParam, SelfSignedCertificate selfSignedCertificate, TrustManager trustManager) throws SSLException {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().keyManager(selfSignedCertificate.key(), new X509Certificate[]{selfSignedCertificate.cert()}).trustManager(trustManager).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
    }

    private void buildServerSslContextForMTLS(SSLEngineTestParam sSLEngineTestParam, SelfSignedCertificate selfSignedCertificate, TrustManager trustManager) throws SSLException {
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).trustManager(trustManager).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).clientAuth(ClientAuth.REQUIRE).build());
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSupportedSignatureAlgorithms(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().keyManager(new KeyManagerFactory(newKeyManagerFactory(cachedCertificate)) { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.1TestKeyManagerFactory
            {
                super(new KeyManagerFactorySpi() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.1TestKeyManagerFactory.1
                    private final KeyManager[] managers;

                    {
                        this.managers = r5.getKeyManagers();
                    }

                    @Override // javax.net.ssl.KeyManagerFactorySpi
                    protected void engineInit(KeyStore keyStore, char[] cArr) {
                        throw new UnsupportedOperationException();
                    }

                    @Override // javax.net.ssl.KeyManagerFactorySpi
                    protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
                        throw new UnsupportedOperationException();
                    }

                    @Override // javax.net.ssl.KeyManagerFactorySpi
                    protected KeyManager[] engineGetKeyManagers() {
                        KeyManager[] keyManagerArr = new KeyManager[this.managers.length];
                        for (int i = 0; i < keyManagerArr.length; i++) {
                            final X509ExtendedKeyManager x509ExtendedKeyManager = (X509ExtendedKeyManager) this.managers[i];
                            keyManagerArr[i] = new X509ExtendedKeyManager() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.1TestKeyManagerFactory.1.1
                                @Override // javax.net.ssl.X509KeyManager
                                public String[] getClientAliases(String str, Principal[] principalArr) {
                                    Assertions.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                                    Assertions.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String[] getServerAliases(String str, Principal[] principalArr) {
                                    Assertions.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
                                    Assertions.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509ExtendedKeyManager
                                public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
                                    Assertions.assertNotEquals(0, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getPeerSupportedSignatureAlgorithms().length);
                                    Assertions.assertNotEquals(0, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getLocalSupportedSignatureAlgorithms().length);
                                    return x509ExtendedKeyManager.chooseEngineClientAlias(strArr, principalArr, sSLEngine);
                                }

                                @Override // javax.net.ssl.X509ExtendedKeyManager
                                public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
                                    Assertions.assertNotEquals(0, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getPeerSupportedSignatureAlgorithms().length);
                                    Assertions.assertNotEquals(0, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getLocalSupportedSignatureAlgorithms().length);
                                    return x509ExtendedKeyManager.chooseEngineServerAlias(str, principalArr, sSLEngine);
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public X509Certificate[] getCertificateChain(String str) {
                                    return x509ExtendedKeyManager.getCertificateChain(str);
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public PrivateKey getPrivateKey(String str) {
                                    return x509ExtendedKeyManager.getPrivateKey(str);
                                }
                            };
                        }
                        return keyManagerArr;
                    }
                }, r8.getProvider(), r8.getAlgorithm());
            }
        }).trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(new KeyManagerFactory(newKeyManagerFactory(cachedCertificate)) { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.1TestKeyManagerFactory
            {
                super(new KeyManagerFactorySpi() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.1TestKeyManagerFactory.1
                    private final KeyManager[] managers;

                    {
                        this.managers = r5.getKeyManagers();
                    }

                    @Override // javax.net.ssl.KeyManagerFactorySpi
                    protected void engineInit(KeyStore keyStore, char[] cArr) {
                        throw new UnsupportedOperationException();
                    }

                    @Override // javax.net.ssl.KeyManagerFactorySpi
                    protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
                        throw new UnsupportedOperationException();
                    }

                    @Override // javax.net.ssl.KeyManagerFactorySpi
                    protected KeyManager[] engineGetKeyManagers() {
                        KeyManager[] keyManagerArr = new KeyManager[this.managers.length];
                        for (int i = 0; i < keyManagerArr.length; i++) {
                            final X509ExtendedKeyManager x509ExtendedKeyManager = (X509ExtendedKeyManager) this.managers[i];
                            keyManagerArr[i] = new X509ExtendedKeyManager() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.1TestKeyManagerFactory.1.1
                                @Override // javax.net.ssl.X509KeyManager
                                public String[] getClientAliases(String str, Principal[] principalArr) {
                                    Assertions.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                                    Assertions.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String[] getServerAliases(String str, Principal[] principalArr) {
                                    Assertions.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
                                    Assertions.fail();
                                    return null;
                                }

                                @Override // javax.net.ssl.X509ExtendedKeyManager
                                public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
                                    Assertions.assertNotEquals(0, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getPeerSupportedSignatureAlgorithms().length);
                                    Assertions.assertNotEquals(0, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getLocalSupportedSignatureAlgorithms().length);
                                    return x509ExtendedKeyManager.chooseEngineClientAlias(strArr, principalArr, sSLEngine);
                                }

                                @Override // javax.net.ssl.X509ExtendedKeyManager
                                public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
                                    Assertions.assertNotEquals(0, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getPeerSupportedSignatureAlgorithms().length);
                                    Assertions.assertNotEquals(0, ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getLocalSupportedSignatureAlgorithms().length);
                                    return x509ExtendedKeyManager.chooseEngineServerAlias(str, principalArr, sSLEngine);
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public X509Certificate[] getCertificateChain(String str) {
                                    return x509ExtendedKeyManager.getCertificateChain(str);
                                }

                                @Override // javax.net.ssl.X509KeyManager
                                public PrivateKey getPrivateKey(String str) {
                                    return x509ExtendedKeyManager.getPrivateKey(str);
                                }
                            };
                        }
                        return keyManagerArr;
                    }
                }, r8.getProvider(), r8.getAlgorithm());
            }
        }).trustManager(InsecureTrustManagerFactory.INSTANCE).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).clientAuth(ClientAuth.REQUIRE).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testHandshakeSession(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        final TestTrustManagerFactory testTrustManagerFactory = new TestTrustManagerFactory(cachedCertificate.cert());
        final TestTrustManagerFactory testTrustManagerFactory2 = new TestTrustManagerFactory(cachedCertificate.cert());
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(new SimpleTrustManagerFactory() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.28
            protected void engineInit(KeyStore keyStore) {
            }

            protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
            }

            protected TrustManager[] engineGetTrustManagers() {
                return new TrustManager[]{testTrustManagerFactory};
            }
        }).keyManager(newKeyManagerFactory(cachedCertificate)).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(newKeyManagerFactory(cachedCertificate)).trustManager(new SimpleTrustManagerFactory() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.29
            protected void engineInit(KeyStore keyStore) {
            }

            protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
            }

            protected TrustManager[] engineGetTrustManagers() {
                return new TrustManager[]{testTrustManagerFactory2};
            }
        }).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).clientAuth(ClientAuth.REQUIRE).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            Assertions.assertTrue(testTrustManagerFactory.isVerified());
            Assertions.assertTrue(testTrustManagerFactory2.isVerified());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testSessionLocalWhenNonMutual(sSLEngineTestParam, true);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        testSessionLocalWhenNonMutual(sSLEngineTestParam, false);
    }

    private void testSessionLocalWhenNonMutual(SSLEngineTestParam sSLEngineTestParam, boolean z) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        SslContextBuilder ciphers = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers());
        if (z) {
            ciphers.keyManager(newKeyManagerFactory(cachedCertificate));
        } else {
            ciphers.keyManager(cachedCertificate.certificate(), cachedCertificate.privateKey());
        }
        this.clientSslCtx = wrapContext(sSLEngineTestParam, ciphers.build());
        SslContextBuilder forServer = z ? SslContextBuilder.forServer(newKeyManagerFactory(cachedCertificate)) : SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey());
        forServer.trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).clientAuth(ClientAuth.NONE);
        this.serverSslCtx = wrapContext(sSLEngineTestParam, forServer.build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            SSLSession session = sSLEngine.getSession();
            Assertions.assertNull(session.getLocalCertificates());
            Assertions.assertNull(session.getLocalPrincipal());
            SSLSession session2 = sSLEngine2.getSession();
            Assertions.assertNotNull(session2.getLocalCertificates());
            Assertions.assertNotNull(session2.getLocalPrincipal());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testEnabledProtocolsAndCiphers(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            assertEnabledProtocolsAndCipherSuites(sSLEngine);
            assertEnabledProtocolsAndCipherSuites(sSLEngine2);
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    private static void assertEnabledProtocolsAndCipherSuites(SSLEngine sSLEngine) {
        String protocol = sSLEngine.getSession().getProtocol();
        String cipherSuite = sSLEngine.getSession().getCipherSuite();
        assertArrayContains(protocol, sSLEngine.getEnabledProtocols());
        assertArrayContains(cipherSuite, sSLEngine.getEnabledCipherSuites());
    }

    private static void assertArrayContains(String str, String[] strArr) {
        for (String str2 : strArr) {
            if (str.equals(str2)) {
                return;
            }
        }
        Assertions.fail("Array did not contain '" + str + "':" + Arrays.toString(strArr));
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testMasterKeyLogging(final SSLEngineTestParam sSLEngineTestParam) throws Exception {
        if (sSLEngineTestParam.combo() != ProtocolCipherCombo.tlsv12()) {
            return;
        }
        Assumptions.assumeFalse(serverSslContextProvider() instanceof OpenSSLProvider);
        Assumptions.assumeFalse(sslServerProvider() == SslProvider.JDK && PlatformDependent.javaVersion() > 8);
        String str = SystemPropertyUtil.get("org.neo4j.driver.internal.shaded.io.netty.ssl.masterKeyHandler");
        System.setProperty("org.neo4j.driver.internal.shaded.io.netty.ssl.masterKeyHandler", Boolean.TRUE.toString());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        Socket socket = null;
        try {
            this.sb = new ServerBootstrap();
            this.sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
            this.sb.channel(NioServerSocketChannel.class);
            final Promise newPromise = this.sb.config().group().next().newPromise();
            this.serverChannel = this.sb.childHandler(new ChannelInitializer<Channel>() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.30
                protected void initChannel(Channel channel) {
                    channel.config().setAllocator(new TestByteBufAllocator(channel.config().getAllocator(), sSLEngineTestParam.type()));
                    channel.pipeline().addLast(new ChannelHandler[]{!sSLEngineTestParam.delegate() ? SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc()) : SSLEngineTest.this.serverSslCtx.newHandler(channel.alloc(), SSLEngineTest.this.delegatingExecutor)});
                    channel.pipeline().addLast(new ChannelHandler[]{new SslMasterKeyHandler() { // from class: org.neo4j.driver.internal.shaded.io.netty.handler.ssl.SSLEngineTest.30.1
                        protected void accept(SecretKey secretKey, SSLSession sSLSession) {
                            newPromise.setSuccess(secretKey);
                        }
                    }});
                    SSLEngineTest.this.serverConnectedChannel = channel;
                }
            }).bind(new InetSocketAddress(0)).sync().channel();
            int port = ((InetSocketAddress) this.serverChannel.localAddress()).getPort();
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, InsecureTrustManagerFactory.INSTANCE.getTrustManagers(), null);
            socket = sSLContext.getSocketFactory().createSocket(NetUtil.LOCALHOST, port);
            OutputStream outputStream = socket.getOutputStream();
            outputStream.write(1);
            outputStream.flush();
            Assertions.assertTrue(newPromise.await(10L, TimeUnit.SECONDS));
            Assertions.assertEquals(48, ((SecretKey) newPromise.get()).getEncoded().length, "AES secret key must be 48 bytes");
            closeQuietly(socket);
            if (str != null) {
                System.setProperty("org.neo4j.driver.internal.shaded.io.netty.ssl.masterKeyHandler", str);
            } else {
                System.clearProperty("org.neo4j.driver.internal.shaded.io.netty.ssl.masterKeyHandler");
            }
        } catch (Throwable th) {
            closeQuietly(socket);
            if (str != null) {
                System.setProperty("org.neo4j.driver.internal.shaded.io.netty.ssl.masterKeyHandler", str);
            } else {
                System.clearProperty("org.neo4j.driver.internal.shaded.io.netty.ssl.masterKeyHandler");
            }
            throw th;
        }
    }

    private static void closeQuietly(Closeable closeable) {
        if (closeable != null) {
            try {
                closeable.close();
            } catch (IOException e) {
            }
        }
    }

    private static KeyManagerFactory newKeyManagerFactory(SelfSignedCertificate selfSignedCertificate) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        return SslContext.buildKeyManagerFactory(new X509Certificate[]{selfSignedCertificate.cert()}, (String) null, selfSignedCertificate.key(), (String) null, (KeyManagerFactory) null, (String) null);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testDefaultProtocolsIncludeTLSv13(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).ciphers(sSLEngineTestParam.ciphers()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            String[] enabledProtocols = sSLEngine.getEnabledProtocols();
            String[] enabledProtocols2 = sSLEngine2.getEnabledProtocols();
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            Assertions.assertEquals(Boolean.valueOf(SslProvider.isTlsv13EnabledByDefault(sslClientProvider(), clientSslContextProvider())), Boolean.valueOf(SslUtils.arrayContains(enabledProtocols, "TLSv1.3")));
            Assertions.assertEquals(Boolean.valueOf(SslProvider.isTlsv13EnabledByDefault(sslServerProvider(), serverSslContextProvider())), Boolean.valueOf(SslUtils.arrayContains(enabledProtocols2, "TLSv1.3")));
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testRSASSAPSS(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        char[] charArray = "password".toCharArray();
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(getClass().getResourceAsStream("rsaValidations-server-keystore.p12"), charArray);
        KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
        keyStore2.load(getClass().getResourceAsStream("rsaValidation-user-certs.p12"), charArray);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, charArray);
        KeyManagerFactory keyManagerFactory2 = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory2.init(keyStore2, charArray);
        File file = ResourcesUtil.getFile(getClass(), "rsapss-ca-cert.cert");
        mySetupMutualAuth(sSLEngineTestParam, keyManagerFactory, file, keyManagerFactory2, file, ClientAuth.REQUIRE, false, true);
        Assertions.assertTrue(this.clientLatch.await(10L, TimeUnit.SECONDS));
        rethrowIfNotNull(this.clientException);
        Assertions.assertTrue(this.serverLatch.await(5L, TimeUnit.SECONDS));
        rethrowIfNotNull(this.serverException);
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testInvalidSNIIsIgnoredAndNotThrow(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT, "/invalid.path", 80));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            Assertions.assertNotNull(sSLEngine.getSSLParameters());
            Assertions.assertNotNull(sSLEngine2.getSSLParameters());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @MethodSource({"newTestParams"})
    @ParameterizedTest
    public void testBufferUnderflowPacketSizeDependency(SSLEngineTestParam sSLEngineTestParam) throws Exception {
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().keyManager(cachedCertificate.certificate(), cachedCertificate.privateKey()).trustManager((TrustManagerFactory) null).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).clientAuth(ClientAuth.REQUIRE).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(sSLEngineTestParam.type(), sSLEngineTestParam.delegate(), sSLEngine, sSLEngine2);
            Assertions.fail();
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (SSLException e) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @Test
    public void testTLSv13DisabledIfNoValidCipherSuiteConfigured() throws Exception {
        List singletonList = Collections.singletonList("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(null, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).ciphers(singletonList).build());
        this.serverSslCtx = wrapContext(null, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).ciphers(singletonList).build());
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
            handshake(BufferType.Direct, false, sSLEngine, sSLEngine2);
            Assertions.assertEquals("TLSv1.2", sSLEngine.getSession().getProtocol());
            Assertions.assertEquals("TLSv1.2", sSLEngine2.getSession().getProtocol());
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        } catch (Throwable th) {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
            throw th;
        }
    }

    @Test
    public void testTLSv13EnabledIfNoCipherSuiteConfigured() throws Exception {
        SslProvider sslClientProvider = sslClientProvider();
        SslProvider sslServerProvider = sslServerProvider();
        if (SslProvider.isTlsv13Supported(sslClientProvider) && SslProvider.isTlsv13Supported(sslServerProvider)) {
            SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
            this.clientSslCtx = wrapContext(null, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(new String[]{"TLSv1.3"}).build());
            this.serverSslCtx = wrapContext(null, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(new String[]{"TLSv1.3"}).build());
            SSLEngine sSLEngine = null;
            SSLEngine sSLEngine2 = null;
            try {
                sSLEngine = wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
                sSLEngine2 = wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
                handshake(BufferType.Direct, false, sSLEngine, sSLEngine2);
                Assertions.assertEquals("TLSv1.3", sSLEngine.getSession().getProtocol());
                Assertions.assertEquals("TLSv1.3", sSLEngine2.getSession().getProtocol());
                cleanupClientSslEngine(sSLEngine);
                cleanupServerSslEngine(sSLEngine2);
            } catch (Throwable th) {
                cleanupClientSslEngine(sSLEngine);
                cleanupServerSslEngine(sSLEngine2);
                throw th;
            }
        }
    }

    @Test
    public void testExtraDataInLastSrcBufferForClientUnwrap() throws Exception {
        SSLEngineTestParam sSLEngineTestParam = new SSLEngineTestParam(BufferType.Direct, ProtocolCipherCombo.tlsv12(), false);
        SelfSignedCertificate cachedCertificate = CachedSelfSignedCertificate.getCachedCertificate();
        this.clientSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).build());
        this.serverSslCtx = wrapContext(sSLEngineTestParam, SslContextBuilder.forServer(cachedCertificate.certificate(), cachedCertificate.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(sSLEngineTestParam.protocols()).ciphers(sSLEngineTestParam.ciphers()).clientAuth(ClientAuth.NONE).build());
        testExtraDataInLastSrcBufferForClientUnwrap(sSLEngineTestParam, wrapEngine(this.clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)), wrapEngine(this.serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void testExtraDataInLastSrcBufferForClientUnwrap(SSLEngineTestParam sSLEngineTestParam, SSLEngine sSLEngine, SSLEngine sSLEngine2) throws Exception {
        try {
            ByteBuffer allocateBuffer = allocateBuffer(sSLEngineTestParam.type(), sSLEngine.getSession().getPacketBufferSize());
            ByteBuffer allocateBuffer2 = allocateBuffer(sSLEngineTestParam.type(), sSLEngine2.getSession().getPacketBufferSize() * 2);
            ByteBuffer allocateBuffer3 = allocateBuffer(sSLEngineTestParam.type(), sSLEngine2.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer4 = allocateBuffer(sSLEngineTestParam.type(), sSLEngine.getSession().getApplicationBufferSize());
            ByteBuffer allocateBuffer5 = allocateBuffer(sSLEngineTestParam.type(), 0);
            boolean z = false;
            boolean z2 = false;
            Assertions.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, sSLEngine.getHandshakeStatus());
            Assertions.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, sSLEngine2.getHandshakeStatus());
            while (true) {
                int position = allocateBuffer.position();
                int position2 = allocateBuffer2.position();
                if (!z) {
                    SSLEngineResult wrap = sSLEngine.wrap(allocateBuffer5, allocateBuffer);
                    runDelegatedTasks(sSLEngineTestParam.delegate(), wrap, sSLEngine);
                    Assertions.assertEquals(allocateBuffer5.remaining(), wrap.bytesConsumed());
                    Assertions.assertEquals(allocateBuffer.position() - position, wrap.bytesProduced());
                    z = assertHandshakeStatus(sSLEngine, wrap);
                    if (wrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                        allocateBuffer = increaseDstBuffer(sSLEngine.getSession().getPacketBufferSize(), sSLEngineTestParam.type(), allocateBuffer);
                    }
                }
                if (!z2) {
                    SSLEngineResult wrap2 = sSLEngine2.wrap(allocateBuffer5, allocateBuffer2);
                    runDelegatedTasks(sSLEngineTestParam.delegate(), wrap2, sSLEngine2);
                    Assertions.assertEquals(allocateBuffer5.remaining(), wrap2.bytesConsumed());
                    Assertions.assertEquals(allocateBuffer2.position() - position2, wrap2.bytesProduced());
                    if (assertHandshakeStatus(sSLEngine2, wrap2)) {
                        z2 = true;
                        wrap2 = sSLEngine2.wrap(ByteBuffer.wrap(new byte[8]), allocateBuffer2);
                        Assertions.assertEquals(8, wrap2.bytesConsumed());
                    }
                    if (wrap2.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                        allocateBuffer2 = increaseDstBuffer(sSLEngine2.getSession().getPacketBufferSize(), sSLEngineTestParam.type(), allocateBuffer2);
                    }
                }
                allocateBuffer.flip();
                allocateBuffer2.flip();
                int position3 = allocateBuffer.position();
                int position4 = allocateBuffer2.position();
                if (!z && (allocateBuffer2.hasRemaining() || Conscrypt.isEngineSupported(sSLEngine))) {
                    int position5 = allocateBuffer4.position();
                    SSLEngineResult unwrap = sSLEngine.unwrap(allocateBuffer2, allocateBuffer4);
                    runDelegatedTasks(sSLEngineTestParam.delegate(), unwrap, sSLEngine);
                    Assertions.assertEquals(allocateBuffer2.position() - position4, unwrap.bytesConsumed());
                    Assertions.assertEquals(allocateBuffer4.position() - position5, unwrap.bytesProduced());
                    Assertions.assertEquals(0, allocateBuffer4.position());
                    if (assertHandshakeStatus(sSLEngine, unwrap)) {
                        z = true;
                    } else {
                        Assertions.assertEquals(0, allocateBuffer4.position() - position5);
                    }
                    if (unwrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                        allocateBuffer4 = increaseDstBuffer(sSLEngine.getSession().getApplicationBufferSize(), sSLEngineTestParam.type(), allocateBuffer4);
                    }
                }
                if (!z2 && (allocateBuffer.hasRemaining() || Conscrypt.isEngineSupported(sSLEngine2))) {
                    int position6 = allocateBuffer3.position();
                    SSLEngineResult unwrap2 = sSLEngine2.unwrap(allocateBuffer, allocateBuffer3);
                    runDelegatedTasks(sSLEngineTestParam.delegate(), unwrap2, sSLEngine2);
                    Assertions.assertEquals(allocateBuffer.position() - position3, unwrap2.bytesConsumed());
                    Assertions.assertEquals(allocateBuffer3.position() - position6, unwrap2.bytesProduced());
                    Assertions.assertEquals(0, allocateBuffer3.position());
                    z2 = assertHandshakeStatus(sSLEngine2, unwrap2);
                    if (unwrap2.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                        allocateBuffer3 = increaseDstBuffer(sSLEngine2.getSession().getApplicationBufferSize(), sSLEngineTestParam.type(), allocateBuffer3);
                    }
                }
                compactOrClear(allocateBuffer);
                compactOrClear(allocateBuffer2);
                allocateBuffer3.clear();
                allocateBuffer4.clear();
                if (z && z2) {
                    return;
                }
            }
        } finally {
            cleanupClientSslEngine(sSLEngine);
            cleanupServerSslEngine(sSLEngine2);
        }
    }

    protected SSLEngine wrapEngine(SSLEngine sSLEngine) {
        return sSLEngine;
    }

    protected SslContext wrapContext(SSLEngineTestParam sSLEngineTestParam, SslContext sslContext) {
        return sslContext;
    }
}
