package com.linkedin.alpini.netty4.ssl;

import com.linkedin.alpini.base.concurrency.ExecutorService;
import com.linkedin.alpini.base.concurrency.Executors;
import com.linkedin.alpini.base.misc.ExceptionUtil;
import com.linkedin.alpini.base.misc.Time;
import com.linkedin.alpini.netty4.ssl.SSLEngineFactoryImpl;
import com.linkedin.alpini.netty4.ssl.SslInitializer;
import com.linkedin.venice.utils.TestUtils;
import io.netty.bootstrap.Bootstrap;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.ByteBufUtil;
import io.netty.buffer.CompositeByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.Channel;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPromise;
import io.netty.channel.DefaultEventLoopGroup;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.ServerChannel;
import io.netty.channel.SimpleChannelInboundHandler;
import io.netty.channel.embedded.EmbeddedChannel;
import io.netty.channel.local.LocalAddress;
import io.netty.channel.local.LocalChannel;
import io.netty.channel.local.LocalServerChannel;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.nio.NioServerSocketChannel;
import io.netty.channel.socket.nio.NioSocketChannel;
import io.netty.handler.codec.DecoderException;
import io.netty.handler.ssl.NotSslRecordException;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.util.Attribute;
import io.netty.util.AttributeKey;
import io.netty.util.concurrent.DefaultEventExecutorGroup;
import io.netty.util.concurrent.EventExecutorGroup;
import io.netty.util.concurrent.ScheduledFuture;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.Callable;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionException;
import java.util.concurrent.RejectedExecutionException;
import java.util.concurrent.ThreadLocalRandom;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Consumer;
import java.util.function.UnaryOperator;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

@Test(groups = {"unit"})
/* loaded from: input_file:com/linkedin/alpini/netty4/ssl/TestSslInitializer.class */
public class TestSslInitializer {
    private static final String LOREM_IPSUM = " Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas tincidunt eget sapien eget aliquet. Proin vitae lacus laoreet, bibendum nisl vel, feugiat mi. Aenean enim mauris, pretium tempus ex eget, pellentesque placerat lacus. Maecenas volutpat neque suscipit, feugiat sapien fermentum, bibendum risus. Vivamus et dolor eu risus eleifend hendrerit eu at diam. Quisque vel ligula enim. Sed varius placerat turpis vel suscipit. Donec eu cursus sem. Vestibulum cursus, velit vel rhoncus lobortis, nulla magna scelerisque ex, porttitor fermentum mi ante in dolor. Phasellus id mauris ac diam rhoncus accumsan ac sed dui. Nulla sodales tempus maximus. Cras fringilla sapien sed ultricies faucibus. Integer nec dui at dui aliquet pulvinar. Ut pharetra eleifend lectus in pulvinar. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Vivamus efficitur velit commodo eros interdum aliquam.\n\nNulla volutpat velit id hendrerit lacinia. Aliquam lectus diam, tempus ac rhoncus laoreet, laoreet vel tellus. Praesent urna lacus, efficitur eget aliquam in, hendrerit at dolor. Quisque eros urna, volutpat vitae aliquet in, iaculis et purus. Maecenas tortor sem, semper in varius fringilla, mattis sit amet ex. Curabitur molestie erat vitae purus malesuada, at feugiat nulla tincidunt. Sed ut neque ut urna sagittis elementum auctor vel ipsum. Curabitur non congue ipsum, in iaculis nisi. Proin ultrices scelerisque nisl, at luctus ligula tempus quis. Praesent suscipit consequat ultricies. Donec molestie cursus ligula quis porttitor. Integer vulputate metus quis ex laoreet pulvinar. Vivamus vitae dui eget nulla congue vestibulum eu in dolor. Proin aliquam sollicitudin eros in tincidunt. Morbi vel vehicula justo. Sed viverra diam at neque porta lacinia eu sed lorem. ";
    private static final Logger LOG = LogManager.getLogger(TestSslInitializer.class);
    private SelfSignedCertificate _selfSignedCertificate;
    private EventExecutorGroup _resolveExecutor;
    private final UnaryOperator<SslInitializer> _enableResolveClient = this::enableResolveClient;
    private final UnaryOperator<SslInitializer> _slowResolveClient = this::slowResolveClient;
    private final UnaryOperator<SslInitializer> _failFirstResolveClient = this::failFirstResolveClient;
    private static final int RESOLVE_EXECUTOR_THREADS = 2;

    @BeforeClass
    public void createCertificate() throws CertificateException {
        this._selfSignedCertificate = new SelfSignedCertificate();
        this._resolveExecutor = new DefaultEventExecutorGroup(RESOLVE_EXECUTOR_THREADS);
    }

    @AfterClass(alwaysRun = true)
    public void done() {
        Optional.ofNullable(this._resolveExecutor).ifPresent((v0) -> {
            v0.shutdown();
        });
    }

    private void configure(SSLEngineFactoryImpl.Config config) {
        config.setSslEnabled(true);
        config.setRequireClientCertOnLocalHost(false);
        config.setKeyStoreFilePath(getClass().getResource("/clientkeystore").getPath());
        config.setKeyStorePassword("clientpassword");
        config.setTrustStoreFilePath(getClass().getResource("/myTrustStore").getPath());
        config.setTrustStoreFilePassword("trustPassword");
    }

    private SSLEngineFactoryImpl newSSLEngineFactory() throws Exception {
        SSLEngineFactoryImpl.Config config = new SSLEngineFactoryImpl.Config();
        configure(config);
        return new SSLEngineFactoryImpl(config);
    }

    private SSLEngineFactoryImpl newSslEngineRefCntFactory() throws Exception {
        SSLEngineFactoryImpl.Config config = new SSLEngineFactoryImpl.Config();
        configure(config);
        config.setUseRefCount(true);
        return new SSLEngineFactoryImpl(config);
    }

    private SSLEngineFactoryImpl newSslEngineSunJSSEFactory() throws Exception {
        SSLEngineFactoryImpl.Config config = new SSLEngineFactoryImpl.Config();
        configure(config);
        config.setSslContextProvider(Security.getProvider("SunJSSE"));
        Assert.assertNotNull(config.getSslContextProvider());
        return new SSLEngineFactoryImpl(config);
    }

    /* JADX WARN: Finally extract failed */
    private <SERVER extends ServerChannel, CLIENT extends Channel> void simpleTest(EventLoopGroup eventLoopGroup, Class<SERVER> cls, Class<CLIENT> cls2, SocketAddress socketAddress, final SslInitializer sslInitializer, final SslClientInitializer sslClientInitializer, String str, int i, final Consumer<ChannelHandlerContext> consumer, final Consumer<ChannelHandlerContext> consumer2) throws Throwable {
        final CompletableFuture completableFuture = new CompletableFuture();
        final AttributeKey valueOf = AttributeKey.valueOf(getClass(), "received");
        try {
            ServerBootstrap childHandler = new ServerBootstrap().group(eventLoopGroup).channel(cls).childHandler(new ChannelInitializer<CLIENT>() { // from class: com.linkedin.alpini.netty4.ssl.TestSslInitializer.1
                /* JADX WARN: Incorrect types in method signature: (TCLIENT;)V */
                protected void initChannel(Channel channel) throws Exception {
                    channel.pipeline().addLast(new ChannelHandler[]{new ChannelInboundHandlerAdapter() { // from class: com.linkedin.alpini.netty4.ssl.TestSslInitializer.1.1
                        public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                            super.channelRead(channelHandlerContext, obj);
                            consumer2.accept(channelHandlerContext);
                        }
                    }, sslInitializer, new SimpleChannelInboundHandler<ByteBuf>() { // from class: com.linkedin.alpini.netty4.ssl.TestSslInitializer.1.2
                        public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                            if (completableFuture.completeExceptionally(th)) {
                                return;
                            }
                            super.exceptionCaught(channelHandlerContext, th);
                        }

                        /* JADX INFO: Access modifiers changed from: protected */
                        public void channelRead0(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) throws Exception {
                            consumer.accept(channelHandlerContext);
                            channelHandlerContext.writeAndFlush(byteBuf.readBytes(byteBuf.readableBytes()));
                        }
                    }});
                }
            });
            Bootstrap handler = new Bootstrap().group(eventLoopGroup).channel(cls2).handler(new ChannelInitializer<CLIENT>() { // from class: com.linkedin.alpini.netty4.ssl.TestSslInitializer.2
                /* JADX WARN: Incorrect types in method signature: (TCLIENT;)V */
                protected void initChannel(Channel channel) throws Exception {
                    channel.pipeline().addLast(new ChannelHandler[]{sslClientInitializer, new SimpleChannelInboundHandler<ByteBuf>() { // from class: com.linkedin.alpini.netty4.ssl.TestSslInitializer.2.1
                        public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
                            if (channelHandlerContext.channel().hasAttr(valueOf)) {
                                ((CompositeByteBuf) channelHandlerContext.channel().attr(valueOf).getAndSet((Object) null)).release();
                            }
                            super.channelInactive(channelHandlerContext);
                        }

                        public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                            if (completableFuture.completeExceptionally(th)) {
                                return;
                            }
                            super.exceptionCaught(channelHandlerContext, th);
                        }

                        /* JADX INFO: Access modifiers changed from: protected */
                        public void channelRead0(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf) throws Exception {
                            Attribute attr = channelHandlerContext.channel().attr(valueOf);
                            if (attr.get() == null) {
                                attr.set(Unpooled.compositeBuffer());
                            }
                            ((CompositeByteBuf) attr.get()).addComponent(true, byteBuf.readBytes(byteBuf.readableBytes()));
                        }
                    }});
                }
            });
            ChannelFuture bind = childHandler.bind(socketAddress);
            try {
                bind.sync();
                SocketAddress localAddress = bind.channel().localAddress();
                LOG.info("Server bound to address: {}", localAddress);
                List list = (List) IntStream.range(0, i).mapToObj(i2 -> {
                    return handler.connect(localAddress);
                }).collect(Collectors.toList());
                try {
                    Iterator it = list.iterator();
                    while (it.hasNext()) {
                        ((ChannelFuture) it.next()).sync();
                    }
                    Iterator it2 = ((List) list.stream().map(channelFuture -> {
                        return channelFuture.channel().writeAndFlush(Unpooled.copiedBuffer(str, StandardCharsets.UTF_8));
                    }).collect(Collectors.toList())).iterator();
                    while (it2.hasNext()) {
                        ((ChannelFuture) it2.next()).await();
                    }
                    for (int i3 = 0; i3 < 10; i3++) {
                        if (completableFuture.isDone()) {
                            break;
                        }
                        Thread.sleep(200L);
                        try {
                            Iterator it3 = list.iterator();
                            while (it3.hasNext()) {
                                CompositeByteBuf compositeByteBuf = (CompositeByteBuf) ((ChannelFuture) it3.next()).channel().attr(valueOf).get();
                                if (compositeByteBuf != null) {
                                    Assert.assertEquals(ByteBufUtil.compare(compositeByteBuf, Unpooled.copiedBuffer(str, StandardCharsets.UTF_8)), 0, ByteBufUtil.hexDump(compositeByteBuf));
                                }
                            }
                            completableFuture.complete(null);
                        } catch (Throwable th) {
                            completableFuture.completeExceptionally(th);
                        }
                    }
                    list.forEach(channelFuture2 -> {
                        channelFuture2.addListener(ChannelFutureListener.CLOSE);
                    });
                    bind.addListener(ChannelFutureListener.CLOSE);
                    eventLoopGroup.shutdownGracefully();
                    if (completableFuture.isCompletedExceptionally()) {
                        try {
                            completableFuture.join();
                        } catch (CompletionException e) {
                            if (!(e.getCause() instanceof DecoderException)) {
                                throw e.getCause();
                            }
                            throw e.getCause().getCause();
                        }
                    }
                    try {
                        completableFuture.join();
                    } catch (CompletionException e2) {
                        if (!(e2.getCause() instanceof DecoderException)) {
                            throw e2.getCause();
                        }
                        throw e2.getCause().getCause();
                    }
                } catch (Throwable th2) {
                    list.forEach(channelFuture22 -> {
                        channelFuture22.addListener(ChannelFutureListener.CLOSE);
                    });
                    throw th2;
                }
            } catch (Throwable th3) {
                bind.addListener(ChannelFutureListener.CLOSE);
                throw th3;
            }
        } catch (Throwable th4) {
            eventLoopGroup.shutdownGracefully();
            if (completableFuture.isCompletedExceptionally()) {
                try {
                    completableFuture.join();
                } catch (CompletionException e3) {
                    if (!(e3.getCause() instanceof DecoderException)) {
                        throw e3.getCause();
                    }
                    throw e3.getCause().getCause();
                }
            }
            throw th4;
        }
    }

    private SSLEngineFactory selfSigned() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        try {
            keyStore.load(null);
        } catch (Exception e) {
        }
        keyStore.setCertificateEntry("1", this._selfSignedCertificate.cert());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, new char[0]);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        final SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
        return new SSLEngineFactory() { // from class: com.linkedin.alpini.netty4.ssl.TestSslInitializer.3
            public SSLEngine createSSLEngine(ByteBufAllocator byteBufAllocator, String str, int i, boolean z) {
                return init(sSLContext.createSSLEngine(str, i), z);
            }

            public SSLEngine createSSLEngine(ByteBufAllocator byteBufAllocator, boolean z) {
                return init(sSLContext.createSSLEngine(), z);
            }

            public SSLSessionContext sessionContext(boolean z) {
                return z ? sSLContext.getServerSessionContext() : sSLContext.getClientSessionContext();
            }

            private SSLEngine init(SSLEngine sSLEngine, boolean z) {
                sSLEngine.setUseClientMode(!z);
                sSLEngine.setEnabledCipherSuites(getSSLParameters().getCipherSuites());
                return sSLEngine;
            }

            public SSLContext getSSLContext() {
                return sSLContext;
            }

            public SSLParameters getSSLParameters() {
                return sSLContext.getDefaultSSLParameters();
            }

            public boolean isSslEnabled() {
                return true;
            }
        };
    }

    private SSLEngineFactory encryptionDisabled() {
        return new SSLEngineFactory() { // from class: com.linkedin.alpini.netty4.ssl.TestSslInitializer.4
            public SSLEngine createSSLEngine(ByteBufAllocator byteBufAllocator, String str, int i, boolean z) {
                throw new IllegalStateException();
            }

            public SSLEngine createSSLEngine(ByteBufAllocator byteBufAllocator, boolean z) {
                throw new IllegalStateException();
            }

            public SSLSessionContext sessionContext(boolean z) {
                throw new IllegalStateException();
            }

            public SSLContext getSSLContext() {
                throw new IllegalStateException();
            }

            public SSLParameters getSSLParameters() {
                throw new IllegalStateException();
            }

            public boolean isSslEnabled() {
                return false;
            }
        };
    }

    @Test
    public void testBasicLocalEncryptionDisabled() throws Throwable {
        SSLEngineFactory encryptionDisabled = encryptionDisabled();
        simpleTest(new DefaultEventLoopGroup(), LocalServerChannel.class, LocalChannel.class, new LocalAddress("testBasicLocalEncryptionDisabled"), new SslInitializer(encryptionDisabled, true, (ChannelHandler) null), new SslClientInitializer(encryptionDisabled), LOREM_IPSUM, 1, channelHandlerContext -> {
        }, channelHandlerContext2 -> {
        });
    }

    @Test
    public void testBasicSocketEncryptionDisabled() throws Throwable {
        SSLEngineFactory encryptionDisabled = encryptionDisabled();
        simpleTest(new NioEventLoopGroup(), NioServerSocketChannel.class, NioSocketChannel.class, new InetSocketAddress(0), new SslInitializer(encryptionDisabled, true, (ChannelHandler) null), new SslClientInitializer(encryptionDisabled), LOREM_IPSUM, 1, channelHandlerContext -> {
        }, channelHandlerContext2 -> {
        });
    }

    private void writeHelloInbound(EmbeddedChannel embeddedChannel) {
        embeddedChannel.writeInbound(new Object[]{Unpooled.copiedBuffer(new byte[]{22, 3, 1, 0, -91, 1, 0, 0, -95, 3, 3, 0, 1, RESOLVE_EXECUTOR_THREADS, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 0, 0, 32, -52, -88, -52, -87, -64, 47, -64, 48, -64, 43, -64, 44, -64, 19, -64, 9, -64, 20, -64, 10, 0, -100, 0, -99, 0, 47, 0, 53, -64, 18, 0, 10, 1, 0, 0, 88, 0, 0, 0, 24, 0, 22, 0, 0, 19, 101, 120, 97, 109, 112, 108, 101, 46, 117, 108, 102, 104, 101, 105, 109, 46, 110, 101, 116, 0, 5, 0, 5, 1, 0, 0, 0, 0, 0, 10, 0, 10, 0, 8, 0, 29, 0, 23, 0, 24, 0, 25, 0, 11, 0, RESOLVE_EXECUTOR_THREADS, 1, 0, 0, 13, 0, 18, 0, 16, 4, 1, 4, 3, 5, 1, 5, 3, 6, 1, 6, 3, RESOLVE_EXECUTOR_THREADS, 1, RESOLVE_EXECUTOR_THREADS, 3, -1, 1, 0, 1, 0, 0, 18, 0, 0})});
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [com.linkedin.alpini.netty4.ssl.TestSslInitializer$5] */
    @Test
    public void testBasicShutdownException1() throws Throwable {
        SSLEngineFactoryImpl newSslEngineSunJSSEFactory = newSslEngineSunJSSEFactory();
        DefaultEventExecutorGroup defaultEventExecutorGroup = new DefaultEventExecutorGroup(1);
        final AtomicInteger atomicInteger = new AtomicInteger();
        EmbeddedChannel embeddedChannel = new EmbeddedChannel(new ChannelHandler[]{new SslInitializer(newSslEngineSunJSSEFactory, true, null) { // from class: com.linkedin.alpini.netty4.ssl.TestSslInitializer.5
            protected void executorFailure(ChannelPromise channelPromise, RejectedExecutionException rejectedExecutionException) {
                atomicInteger.incrementAndGet();
                super.executorFailure(channelPromise, rejectedExecutionException);
            }
        }.enableResolveBeforeSSL(defaultEventExecutorGroup, 5, 1000L, 1)});
        defaultEventExecutorGroup.shutdownGracefully().sync();
        writeHelloInbound(embeddedChannel);
        embeddedChannel.checkException();
        embeddedChannel.finishAndReleaseAll();
        Assert.assertEquals(atomicInteger.get(), 1);
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [com.linkedin.alpini.netty4.ssl.TestSslInitializer$7] */
    @Test
    public void testBasicShutdownException2() throws Throwable {
        SSLEngineFactoryImpl newSslEngineSunJSSEFactory = newSslEngineSunJSSEFactory();
        DefaultEventExecutorGroup defaultEventExecutorGroup = new DefaultEventExecutorGroup(1) { // from class: com.linkedin.alpini.netty4.ssl.TestSslInitializer.6
            /* renamed from: schedule, reason: merged with bridge method [inline-methods] */
            public <V> ScheduledFuture<V> m48schedule(Callable<V> callable, long j, TimeUnit timeUnit) {
                throw new RejectedExecutionException();
            }
        };
        final AtomicInteger atomicInteger = new AtomicInteger();
        ChannelHandler enableResolveBeforeSSL = new SslInitializer(newSslEngineSunJSSEFactory, true, null) { // from class: com.linkedin.alpini.netty4.ssl.TestSslInitializer.7
            protected void executorFailure(ChannelPromise channelPromise, RejectedExecutionException rejectedExecutionException) {
                atomicInteger.incrementAndGet();
                super.executorFailure(channelPromise, rejectedExecutionException);
            }
        }.enableResolveBeforeSSL(defaultEventExecutorGroup, 5, 1000L, 1);
        enableResolveBeforeSSL.setResolveAllByName(str -> {
            defaultEventExecutorGroup.shutdownGracefully(0L, 10L, TimeUnit.SECONDS);
            throw new UnknownHostException();
        });
        final InetAddress byAddress = InetAddress.getByAddress(new byte[]{Byte.MAX_VALUE, 0, 0, 1});
        EmbeddedChannel embeddedChannel = new EmbeddedChannel(new ChannelHandler[]{enableResolveBeforeSSL}) { // from class: com.linkedin.alpini.netty4.ssl.TestSslInitializer.8
            protected SocketAddress remoteAddress0() {
                return new InetSocketAddress(byAddress, 1234);
            }
        };
        writeHelloInbound(embeddedChannel);
        defaultEventExecutorGroup.terminationFuture().sync();
        embeddedChannel.checkException();
        embeddedChannel.finishAndReleaseAll();
        Assert.assertEquals(atomicInteger.get(), 1);
    }

    /* JADX WARN: Type inference failed for: r0v7, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public Object[][] sslEngineFactory() throws Exception {
        SSLEngineFactoryImpl newSSLEngineFactory = newSSLEngineFactory();
        SSLEngineFactoryImpl newSslEngineRefCntFactory = newSslEngineRefCntFactory();
        SSLEngineFactoryImpl newSslEngineSunJSSEFactory = newSslEngineSunJSSEFactory();
        return new Object[]{new Object[]{newSSLEngineFactory, UnaryOperator.identity()}, new Object[]{newSslEngineRefCntFactory, UnaryOperator.identity()}, new Object[]{newSslEngineSunJSSEFactory, UnaryOperator.identity()}, new Object[]{newSSLEngineFactory, this._enableResolveClient}, new Object[]{newSslEngineRefCntFactory, this._enableResolveClient}, new Object[]{newSslEngineSunJSSEFactory, this._enableResolveClient}, new Object[]{newSSLEngineFactory, this._slowResolveClient}, new Object[]{newSslEngineRefCntFactory, this._slowResolveClient}, new Object[]{newSslEngineSunJSSEFactory, this._slowResolveClient}, new Object[]{newSSLEngineFactory, this._failFirstResolveClient}, new Object[]{newSslEngineRefCntFactory, this._failFirstResolveClient}, new Object[]{newSslEngineSunJSSEFactory, this._failFirstResolveClient}};
    }

    private SslInitializer enableResolveClient(SslInitializer sslInitializer) {
        return sslInitializer.enableResolveBeforeSSL(this._resolveExecutor, 5, 1000L);
    }

    private SslInitializer slowResolveClient(SslInitializer sslInitializer) {
        sslInitializer.setResolveByAddress(bArr -> {
            Time.sleepUninterruptably(100L);
            return InetAddress.getByAddress(bArr);
        });
        return enableResolveClient(sslInitializer);
    }

    private SslInitializer failFirstResolveClient(SslInitializer sslInitializer) {
        sslInitializer.setResolveByAddress(new SslInitializer.ResolveByAddress() { // from class: com.linkedin.alpini.netty4.ssl.TestSslInitializer.9
            boolean _second;

            public InetAddress getByAddress(byte[] bArr) throws UnknownHostException {
                if (this._second) {
                    return InetAddress.getByAddress(bArr);
                }
                this._second = true;
                Time.sleepUninterruptably(100L);
                throw new UnknownHostException("Timed out");
            }
        });
        return enableResolveClient(sslInitializer);
    }

    @Test(dataProvider = "sslEngineFactory")
    public void testLocalGoodCertificates(SSLEngineFactory sSLEngineFactory, UnaryOperator<SslInitializer> unaryOperator) throws Throwable {
        SslInitializer sslInitializer = (SslInitializer) unaryOperator.apply(new SslInitializer(sSLEngineFactory, true, (ChannelHandler) null));
        SslClientInitializer sslClientInitializer = new SslClientInitializer(sSLEngineFactory);
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        simpleTest(new DefaultEventLoopGroup(), LocalServerChannel.class, LocalChannel.class, new LocalAddress("testLocalGoodCertificates" + ThreadLocalRandom.current().nextLong()), sslInitializer, sslClientInitializer, LOREM_IPSUM, 1, channelHandlerContext -> {
        }, channelHandlerContext2 -> {
            if (sslInitializer.getPendingHandshakes() > 0) {
                atomicBoolean.set(true);
            }
        });
        TestUtils.waitForNonDeterministicAssertion(1L, TimeUnit.SECONDS, () -> {
            Assert.assertEquals(sslInitializer.getAvailablePermits(), UnaryOperator.identity().equals(unaryOperator) ? 0 : RESOLVE_EXECUTOR_THREADS);
            Assert.assertEquals(sslInitializer.getPendingHandshakes(), 0);
            Assert.assertEquals(sslInitializer.getHandshakesStarted(), 1L);
            Assert.assertEquals(sslInitializer.getHandshakesSuccessful(), 1L);
            Assert.assertEquals(sslInitializer.getHandshakesFailed(), 0L);
            Assert.assertTrue(atomicBoolean.get() || UnaryOperator.identity().equals(unaryOperator));
        });
        atomicBoolean.set(false);
        simpleTest(new DefaultEventLoopGroup(), LocalServerChannel.class, LocalChannel.class, new LocalAddress("testLocalGoodCertificates" + ThreadLocalRandom.current().nextLong()), sslInitializer, sslClientInitializer, LOREM_IPSUM, 1, channelHandlerContext3 -> {
        }, channelHandlerContext4 -> {
            if (sslInitializer.getPendingHandshakes() > 0) {
                atomicBoolean.set(true);
            }
        });
        TestUtils.waitForNonDeterministicAssertion(1L, TimeUnit.SECONDS, () -> {
            Assert.assertEquals(sslInitializer.getAvailablePermits(), UnaryOperator.identity().equals(unaryOperator) ? 0 : RESOLVE_EXECUTOR_THREADS);
            Assert.assertEquals(sslInitializer.getPendingHandshakes(), 0);
            Assert.assertEquals(sslInitializer.getHandshakesStarted(), 2L);
            Assert.assertEquals(sslInitializer.getHandshakesSuccessful(), 2L);
            Assert.assertEquals(sslInitializer.getHandshakesFailed(), 0L);
            Assert.assertTrue(atomicBoolean.get() || UnaryOperator.identity().equals(unaryOperator));
        });
        atomicBoolean.set(false);
    }

    @Test(dataProvider = "sslEngineFactory", enabled = false)
    public void testConcurrentLocalGoodCertificates(SSLEngineFactory sSLEngineFactory, UnaryOperator<SslInitializer> unaryOperator) throws Throwable {
        concurrentLocalGoodCertificates(10, "testConcurrentLocalGoodCertificates", (SslInitializer) unaryOperator.apply(new SslInitializer(sSLEngineFactory, true, (ChannelHandler) null)), new SslClientInitializer(sSLEngineFactory), unaryOperator);
    }

    @Test(dataProvider = "sslEngineFactory")
    public void testOffloadLocalGoodCertificates(SSLEngineFactory sSLEngineFactory, UnaryOperator<SslInitializer> unaryOperator) throws Throwable {
        SslInitializer sslInitializer = (SslInitializer) unaryOperator.apply(new SslInitializer(sSLEngineFactory, true, (ChannelHandler) null));
        SslClientInitializer sslClientInitializer = new SslClientInitializer(sSLEngineFactory);
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        try {
            concurrentLocalGoodCertificates(10, "testOffloadLocalGoodCertificates", sslInitializer.enableSslTaskExecutor(newSingleThreadExecutor), sslClientInitializer.enableSslTaskExecutor(newSingleThreadExecutor), unaryOperator);
            newSingleThreadExecutor.shutdownNow();
        } catch (Throwable th) {
            newSingleThreadExecutor.shutdownNow();
            throw th;
        }
    }

    private void concurrentLocalGoodCertificates(int i, String str, SslInitializer sslInitializer, SslClientInitializer sslClientInitializer, UnaryOperator<SslInitializer> unaryOperator) throws Throwable {
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        simpleTest(new DefaultEventLoopGroup(), LocalServerChannel.class, LocalChannel.class, new LocalAddress(str + ThreadLocalRandom.current().nextLong()), sslInitializer, sslClientInitializer, LOREM_IPSUM, i, channelHandlerContext -> {
        }, channelHandlerContext2 -> {
            if (sslInitializer.getPendingHandshakes() > 1) {
                atomicBoolean.set(true);
            }
        });
        TestUtils.waitForNonDeterministicAssertion(1L, TimeUnit.SECONDS, () -> {
            Assert.assertEquals(sslInitializer.getAvailablePermits(), UnaryOperator.identity().equals(unaryOperator) ? 0 : RESOLVE_EXECUTOR_THREADS);
            Assert.assertEquals(sslInitializer.getPendingHandshakes(), 0);
            Assert.assertEquals(sslInitializer.getHandshakesStarted(), i);
            Assert.assertEquals(sslInitializer.getHandshakesSuccessful(), i);
            Assert.assertEquals(sslInitializer.getHandshakesFailed(), 0L);
            Assert.assertTrue(atomicBoolean.get() || UnaryOperator.identity().equals(unaryOperator));
        });
        atomicBoolean.set(false);
        simpleTest(new DefaultEventLoopGroup(), LocalServerChannel.class, LocalChannel.class, new LocalAddress(str + ThreadLocalRandom.current().nextLong()), sslInitializer, sslClientInitializer, LOREM_IPSUM, i, channelHandlerContext3 -> {
        }, channelHandlerContext4 -> {
            if (sslInitializer.getPendingHandshakes() > 1) {
                atomicBoolean.set(true);
            }
        });
        TestUtils.waitForNonDeterministicAssertion(1L, TimeUnit.SECONDS, () -> {
            Assert.assertEquals(sslInitializer.getAvailablePermits(), UnaryOperator.identity().equals(unaryOperator) ? 0 : RESOLVE_EXECUTOR_THREADS);
            Assert.assertEquals(sslInitializer.getPendingHandshakes(), 0);
            Assert.assertEquals(sslInitializer.getHandshakesStarted(), RESOLVE_EXECUTOR_THREADS * i);
            Assert.assertEquals(sslInitializer.getHandshakesSuccessful(), RESOLVE_EXECUTOR_THREADS * i);
            Assert.assertEquals(sslInitializer.getHandshakesFailed(), 0L);
            Assert.assertTrue(atomicBoolean.get() || UnaryOperator.identity().equals(unaryOperator));
        });
        atomicBoolean.set(false);
    }

    @Test(dataProvider = "sslEngineFactory")
    public void testLocalMismatchedClientDisabled(SSLEngineFactory sSLEngineFactory, UnaryOperator<SslInitializer> unaryOperator) throws Throwable {
        SslInitializer sslInitializer = (SslInitializer) unaryOperator.apply(new SslInitializer(sSLEngineFactory, true, (ChannelHandler) null));
        SslClientInitializer sslClientInitializer = new SslClientInitializer(encryptionDisabled());
        Assert.assertThrows(NotSslRecordException.class, () -> {
            simpleTest(new DefaultEventLoopGroup(), LocalServerChannel.class, LocalChannel.class, new LocalAddress("testLocalMismatchedClientDisabled" + ThreadLocalRandom.current().nextLong()), sslInitializer, sslClientInitializer, LOREM_IPSUM, 1, channelHandlerContext -> {
            }, channelHandlerContext2 -> {
            });
        });
        TestUtils.waitForNonDeterministicAssertion(1L, TimeUnit.SECONDS, () -> {
            Assert.assertEquals(sslInitializer.getAvailablePermits(), UnaryOperator.identity().equals(unaryOperator) ? 0 : RESOLVE_EXECUTOR_THREADS);
            Assert.assertEquals(sslInitializer.getPendingHandshakes(), 0);
            Assert.assertEquals(sslInitializer.getHandshakesStarted(), 0L);
            Assert.assertEquals(sslInitializer.getHandshakesSuccessful(), 0L);
            Assert.assertEquals(sslInitializer.getHandshakesFailed(), 0L);
        });
        Assert.assertThrows(NotSslRecordException.class, () -> {
            simpleTest(new DefaultEventLoopGroup(), LocalServerChannel.class, LocalChannel.class, new LocalAddress("testLocalMismatchedClientDisabled" + ThreadLocalRandom.current().nextLong()), sslInitializer, sslClientInitializer, LOREM_IPSUM, 1, channelHandlerContext -> {
            }, channelHandlerContext2 -> {
            });
        });
        TestUtils.waitForNonDeterministicAssertion(1L, TimeUnit.SECONDS, () -> {
            Assert.assertEquals(sslInitializer.getAvailablePermits(), UnaryOperator.identity().equals(unaryOperator) ? 0 : RESOLVE_EXECUTOR_THREADS);
            Assert.assertEquals(sslInitializer.getPendingHandshakes(), 0);
            Assert.assertEquals(sslInitializer.getHandshakesStarted(), 0L);
            Assert.assertEquals(sslInitializer.getHandshakesSuccessful(), 0L);
            Assert.assertEquals(sslInitializer.getHandshakesFailed(), 0L);
        });
    }

    @Test(dataProvider = "sslEngineFactory")
    public void testLocalMismatchedClientSelfSigned(SSLEngineFactory sSLEngineFactory, UnaryOperator<SslInitializer> unaryOperator) throws Throwable {
        SslInitializer sslInitializer = (SslInitializer) unaryOperator.apply(new SslInitializer(sSLEngineFactory, true, (ChannelHandler) null));
        SslClientInitializer sslClientInitializer = new SslClientInitializer(selfSigned());
        Assert.assertThrows(SSLHandshakeException.class, () -> {
            simpleTest(new DefaultEventLoopGroup(), LocalServerChannel.class, LocalChannel.class, new LocalAddress("testLocalMismatchedClientSelfSigned" + ThreadLocalRandom.current().nextLong()), sslInitializer, sslClientInitializer, LOREM_IPSUM, 1, channelHandlerContext -> {
            }, channelHandlerContext2 -> {
            });
        });
        TestUtils.waitForNonDeterministicAssertion(1L, TimeUnit.SECONDS, () -> {
            Assert.assertEquals(sslInitializer.getAvailablePermits(), UnaryOperator.identity().equals(unaryOperator) ? 0 : RESOLVE_EXECUTOR_THREADS);
            Assert.assertEquals(sslInitializer.getPendingHandshakes(), 0);
            Assert.assertEquals(sslInitializer.getHandshakesStarted(), 1L);
            Assert.assertEquals(sslInitializer.getHandshakesSuccessful(), 0L);
            Assert.assertEquals(sslInitializer.getHandshakesFailed(), 1L);
        });
        Assert.assertThrows(SSLHandshakeException.class, () -> {
            simpleTest(new DefaultEventLoopGroup(), LocalServerChannel.class, LocalChannel.class, new LocalAddress("testLocalMismatchedClientSelfSigned" + ThreadLocalRandom.current().nextLong()), sslInitializer, sslClientInitializer, LOREM_IPSUM, 1, channelHandlerContext -> {
            }, channelHandlerContext2 -> {
            });
        });
        TestUtils.waitForNonDeterministicAssertion(1L, TimeUnit.SECONDS, () -> {
            Assert.assertEquals(sslInitializer.getAvailablePermits(), UnaryOperator.identity().equals(unaryOperator) ? 0 : RESOLVE_EXECUTOR_THREADS);
            Assert.assertEquals(sslInitializer.getPendingHandshakes(), 0);
            Assert.assertEquals(sslInitializer.getHandshakesStarted(), 2L);
            Assert.assertEquals(sslInitializer.getHandshakesSuccessful(), 0L);
            Assert.assertEquals(sslInitializer.getHandshakesFailed(), 2L);
        });
    }

    @Test(dataProvider = "sslEngineFactory")
    public void testLocalMismatchedServerDisabled(SSLEngineFactory sSLEngineFactory, UnaryOperator<SslInitializer> unaryOperator) throws Throwable {
        SslInitializer sslInitializer = (SslInitializer) unaryOperator.apply(new SslInitializer(encryptionDisabled(), true, (ChannelHandler) null));
        SslClientInitializer sslClientInitializer = new SslClientInitializer(sSLEngineFactory);
        Assert.assertThrows(SSLProtocolException.class, () -> {
            simpleTest(new DefaultEventLoopGroup(), LocalServerChannel.class, LocalChannel.class, new LocalAddress("testLocalMismatchedServerDisabled" + ThreadLocalRandom.current().nextLong()), sslInitializer, sslClientInitializer, LOREM_IPSUM, 1, channelHandlerContext -> {
            }, channelHandlerContext2 -> {
            });
        });
        TestUtils.waitForNonDeterministicAssertion(1L, TimeUnit.SECONDS, () -> {
            Assert.assertEquals(sslInitializer.getAvailablePermits(), UnaryOperator.identity().equals(unaryOperator) ? 0 : RESOLVE_EXECUTOR_THREADS);
            Assert.assertEquals(sslInitializer.getPendingHandshakes(), 0);
            Assert.assertEquals(sslInitializer.getHandshakesStarted(), 0L);
            Assert.assertEquals(sslInitializer.getHandshakesSuccessful(), 0L);
            Assert.assertEquals(sslInitializer.getHandshakesFailed(), 0L);
        });
        Assert.assertThrows(SSLProtocolException.class, () -> {
            simpleTest(new DefaultEventLoopGroup(), LocalServerChannel.class, LocalChannel.class, new LocalAddress("testLocalMismatchedServerDisabled" + ThreadLocalRandom.current().nextLong()), sslInitializer, sslClientInitializer, LOREM_IPSUM, 1, channelHandlerContext -> {
            }, channelHandlerContext2 -> {
            });
        });
        TestUtils.waitForNonDeterministicAssertion(1L, TimeUnit.SECONDS, () -> {
            Assert.assertEquals(sslInitializer.getAvailablePermits(), UnaryOperator.identity().equals(unaryOperator) ? 0 : RESOLVE_EXECUTOR_THREADS);
            Assert.assertEquals(sslInitializer.getPendingHandshakes(), 0);
            Assert.assertEquals(sslInitializer.getHandshakesStarted(), 0L);
            Assert.assertEquals(sslInitializer.getHandshakesSuccessful(), 0L);
            Assert.assertEquals(sslInitializer.getHandshakesFailed(), 0L);
        });
    }

    @Test(dataProvider = "sslEngineFactory")
    public void testSocketGoodCertificates(SSLEngineFactory sSLEngineFactory, UnaryOperator<SslInitializer> unaryOperator) throws Throwable {
        socketGoodCertificates((SslInitializer) unaryOperator.apply(new SslInitializer(sSLEngineFactory, true, (ChannelHandler) null)), new SslClientInitializer(sSLEngineFactory), unaryOperator);
    }

    @Test(dataProvider = "sslEngineFactory")
    public void testOffloadSocketGoodCertificates(SSLEngineFactory sSLEngineFactory, UnaryOperator<SslInitializer> unaryOperator) throws Throwable {
        SslInitializer sslInitializer = (SslInitializer) unaryOperator.apply(new SslInitializer(sSLEngineFactory, true, (ChannelHandler) null));
        SslClientInitializer sslClientInitializer = new SslClientInitializer(sSLEngineFactory);
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        try {
            socketGoodCertificates(sslInitializer.enableSslTaskExecutor(newSingleThreadExecutor), sslClientInitializer.enableSslTaskExecutor(newSingleThreadExecutor), unaryOperator);
            newSingleThreadExecutor.shutdownNow();
        } catch (Throwable th) {
            newSingleThreadExecutor.shutdownNow();
            throw th;
        }
    }

    private void socketGoodCertificates(SslInitializer sslInitializer, SslClientInitializer sslClientInitializer, UnaryOperator<SslInitializer> unaryOperator) throws Throwable {
        CompletableFuture completableFuture = new CompletableFuture();
        simpleTest(new NioEventLoopGroup(), NioServerSocketChannel.class, NioSocketChannel.class, new InetSocketAddress(0), sslInitializer, sslClientInitializer, LOREM_IPSUM, 1, channelHandlerContext -> {
            completableFuture.complete(channelHandlerContext.pipeline().get(SslHandler.class).engine().getSession().getProtocol());
        }, channelHandlerContext2 -> {
        });
        Assert.assertTrue(completableFuture.isDone());
        Assert.assertEquals((String) completableFuture.getNow(null), "TLSv1.2");
        TestUtils.waitForNonDeterministicAssertion(1L, TimeUnit.SECONDS, () -> {
            Assert.assertEquals(sslInitializer.getAvailablePermits(), UnaryOperator.identity().equals(unaryOperator) ? 0 : RESOLVE_EXECUTOR_THREADS);
            Assert.assertEquals(sslInitializer.getPendingHandshakes(), 0);
            Assert.assertEquals(sslInitializer.getHandshakesStarted(), 1L);
            Assert.assertEquals(sslInitializer.getHandshakesSuccessful(), 1L);
            Assert.assertEquals(sslInitializer.getHandshakesFailed(), 0L);
        });
        CompletableFuture completableFuture2 = new CompletableFuture();
        simpleTest(new NioEventLoopGroup(), NioServerSocketChannel.class, NioSocketChannel.class, new InetSocketAddress(0), sslInitializer, sslClientInitializer, LOREM_IPSUM, 1, channelHandlerContext3 -> {
            completableFuture2.complete(channelHandlerContext3.pipeline().get(SslHandler.class).engine().getSession().getProtocol());
        }, channelHandlerContext4 -> {
        });
        Assert.assertTrue(completableFuture2.isDone());
        Assert.assertEquals((String) completableFuture2.getNow(null), "TLSv1.2");
        TestUtils.waitForNonDeterministicAssertion(1L, TimeUnit.SECONDS, () -> {
            Assert.assertEquals(sslInitializer.getAvailablePermits(), UnaryOperator.identity().equals(unaryOperator) ? 0 : RESOLVE_EXECUTOR_THREADS);
            Assert.assertEquals(sslInitializer.getPendingHandshakes(), 0);
            Assert.assertEquals(sslInitializer.getHandshakesStarted(), 2L);
            Assert.assertEquals(sslInitializer.getHandshakesSuccessful(), 2L);
            Assert.assertEquals(sslInitializer.getHandshakesFailed(), 0L);
        });
    }

    @Test(enabled = false)
    public void testLegacyClientTLS() throws Throwable {
        SSLEngineFactoryImpl.Config config = new SSLEngineFactoryImpl.Config();
        configure(config);
        config.setUseInsecureLegacyTlsProtocolBecauseOfBrokenPeersUsingAncientJdk(true);
        SSLEngineFactoryImpl sSLEngineFactoryImpl = new SSLEngineFactoryImpl(config);
        SslInitializer sslInitializer = new SslInitializer(newSSLEngineFactory(), true, (ChannelHandler) null);
        SslClientInitializer sslClientInitializer = new SslClientInitializer(sSLEngineFactoryImpl);
        CompletableFuture completableFuture = new CompletableFuture();
        CompletableFuture completableFuture2 = new CompletableFuture();
        simpleTest(new NioEventLoopGroup(), NioServerSocketChannel.class, NioSocketChannel.class, new InetSocketAddress(0), sslInitializer, sslClientInitializer, LOREM_IPSUM, 1, channelHandlerContext -> {
            SslHandler sslHandler = channelHandlerContext.pipeline().get(SslHandler.class);
            completableFuture.complete(sslHandler.engine().getSession().getProtocol());
            completableFuture2.complete(sslHandler.engine().getSession().getCipherSuite());
        }, channelHandlerContext2 -> {
        });
        Assert.assertTrue(completableFuture.isDone());
        Assert.assertEquals((String) completableFuture.getNow(null), "TLSv1");
        Assert.assertEquals((String) completableFuture2.getNow(null), "TLS_RSA_WITH_AES_128_CBC_SHA");
    }

    @Test(enabled = false)
    public void testLegacyServerTLS() throws Throwable {
        SSLEngineFactoryImpl.Config config = new SSLEngineFactoryImpl.Config();
        configure(config);
        config.setUseInsecureLegacyTlsProtocolBecauseOfBrokenPeersUsingAncientJdk(true);
        SslInitializer sslInitializer = new SslInitializer(new SSLEngineFactoryImpl(config), true, (ChannelHandler) null);
        SslClientInitializer sslClientInitializer = new SslClientInitializer(newSSLEngineFactory());
        CompletableFuture completableFuture = new CompletableFuture();
        CompletableFuture completableFuture2 = new CompletableFuture();
        simpleTest(new NioEventLoopGroup(), NioServerSocketChannel.class, NioSocketChannel.class, new InetSocketAddress(0), sslInitializer, sslClientInitializer, LOREM_IPSUM, 1, channelHandlerContext -> {
            SslHandler sslHandler = channelHandlerContext.pipeline().get(SslHandler.class);
            completableFuture.complete(sslHandler.engine().getSession().getProtocol());
            completableFuture2.complete(sslHandler.engine().getSession().getCipherSuite());
        }, channelHandlerContext2 -> {
        });
        Assert.assertTrue(completableFuture.isDone());
        Assert.assertEquals((String) completableFuture.get(), "TLSv1");
        Assert.assertEquals((String) completableFuture2.getNow(null), "TLS_RSA_WITH_AES_128_CBC_SHA");
    }

    @Test
    public void testIsNoSslHandshake() {
        Assert.assertTrue(SslInitializer.isNoSslHandshake(SslInitializer.NO_SSL_HANDSHAKE.cause()));
        Assert.assertFalse(SslInitializer.isNoSslHandshake(ExceptionUtil.withoutStackTrace(new SSLHandshakeException("No SSL"))));
    }
}
