package com.android.org.conscrypt.javax.net.ssl;

import com.android.org.conscrypt.Conscrypt;
import com.android.org.conscrypt.TestUtils;
import com.android.org.conscrypt.java.security.TestKeyStore;
import com.android.org.conscrypt.javax.net.ssl.TestSSLContext;
import com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair;
import com.android.org.conscrypt.testing.FailingSniMatcher;
import com.android.org.conscrypt.tlswire.TlsTester;
import com.android.org.conscrypt.tlswire.handshake.AlpnHelloExtension;
import com.android.org.conscrypt.tlswire.handshake.HandshakeMessage;
import com.android.org.conscrypt.tlswire.handshake.ServerNameHelloExtension;
import com.android.org.conscrypt.tlswire.record.TlsRecord;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.nio.ByteBuffer;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Random;
import java.util.concurrent.Callable;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:com/android/org/conscrypt/javax/net/ssl/SSLEngineVersionCompatibilityTest.class */
public class SSLEngineVersionCompatibilityTest {
    private final String clientVersion;
    private final String serverVersion;
    private final int NUM_STRESS_ITERATIONS = 1000;
    private static final ByteBuffer EMPTY_BUFFER = ByteBuffer.allocate(0);

    /* renamed from: com.android.org.conscrypt.javax.net.ssl.SSLEngineVersionCompatibilityTest$1ThrowingTrustManager, reason: invalid class name */
    /* loaded from: input_file:com/android/org/conscrypt/javax/net/ssl/SSLEngineVersionCompatibilityTest$1ThrowingTrustManager.class */
    class C1ThrowingTrustManager implements X509TrustManager {
        public boolean threw = false;
        final /* synthetic */ TestSSLContext val$referenceContext;

        C1ThrowingTrustManager(TestSSLContext testSSLContext) {
            this.val$referenceContext = testSSLContext;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.threw = true;
            throw new CertificateException("Nope!");
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.val$referenceContext.clientTrustManager.getAcceptedIssuers();
        }
    }

    @Parameterized.Parameters(name = "{index}: {0} client, {1} server")
    public static Iterable<Object[]> data() {
        return TestUtils.isClassAvailable("javax.net.ssl.X509ExtendedTrustManager") ? Arrays.asList(new Object[]{"TLSv1.2", "TLSv1.2"}, new Object[]{"TLSv1.2", "TLSv1.3"}, new Object[]{"TLSv1.3", "TLSv1.2"}, new Object[]{"TLSv1.3", "TLSv1.3"}) : Arrays.asList(new Object[]{"TLSv1.2", "TLSv1.2"});
    }

    public SSLEngineVersionCompatibilityTest(String str, String str2) {
        this.clientVersion = str;
        this.serverVersion = str2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void assertSendsCorrectly(byte[] bArr, SSLEngine sSLEngine, SSLEngine sSLEngine2, boolean z) throws SSLException {
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        ByteBuffer allocate = ByteBuffer.allocate(sSLEngine.getSession().getPacketBufferSize());
        SSLEngineResult wrap2 = sSLEngine.wrap(wrap, allocate);
        allocate.flip();
        String cipherSuite = sSLEngine.getSession().getCipherSuite();
        Assert.assertEquals(cipherSuite, bArr.length, wrap2.bytesConsumed());
        Assert.assertEquals(cipherSuite, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, wrap2.getHandshakeStatus());
        ByteBuffer allocate2 = ByteBuffer.allocate(sSLEngine2.getSession().getApplicationBufferSize());
        int i = 0;
        while (allocate2.position() != wrap.limit()) {
            Assert.assertEquals(cipherSuite, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, sSLEngine2.unwrap(allocate, allocate2).getHandshakeStatus());
            if (z && i == 0) {
                Assert.assertEquals(cipherSuite, 1L, r0.bytesProduced());
            }
            i++;
        }
        allocate2.flip();
        byte[] bArr2 = new byte[allocate2.remaining()];
        allocate2.get(bArr2);
        Assert.assertEquals(cipherSuite, Arrays.toString(bArr), Arrays.toString(bArr2));
        if (z) {
            Assert.assertEquals(cipherSuite, 2L, i);
        } else {
            Assert.assertEquals(cipherSuite, 1L, i);
            assertSendsCorrectlyWhenSplit(bArr, sSLEngine, sSLEngine2);
        }
    }

    private static void assertSendsCorrectlyWhenSplit(byte[] bArr, SSLEngine sSLEngine, SSLEngine sSLEngine2) throws SSLException {
        int length = bArr.length;
        ByteBuffer[] byteBufferArr = {ByteBuffer.wrap(bArr, 0, length / 3), ByteBuffer.wrap(bArr, length / 3, length / 3), ByteBuffer.wrap(bArr, 2 * (length / 3), length - (2 * (length / 3)))};
        ByteBuffer allocate = ByteBuffer.allocate(sSLEngine.getSession().getPacketBufferSize());
        SSLEngineResult wrap = sSLEngine.wrap(byteBufferArr, allocate);
        allocate.flip();
        String cipherSuite = sSLEngine.getSession().getCipherSuite();
        Assert.assertEquals(cipherSuite, bArr.length, wrap.bytesConsumed());
        Assert.assertEquals(cipherSuite, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, wrap.getHandshakeStatus());
        ByteBuffer allocate2 = ByteBuffer.allocate(sSLEngine2.getSession().getApplicationBufferSize());
        while (allocate2.position() != bArr.length) {
            Assert.assertEquals(cipherSuite, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, sSLEngine2.unwrap(allocate, allocate2).getHandshakeStatus());
        }
        allocate2.flip();
        byte[] bArr2 = new byte[allocate2.remaining()];
        allocate2.get(bArr2);
        Assert.assertEquals(cipherSuite, Arrays.toString(bArr), Arrays.toString(bArr2));
    }

    @Test
    public void test_SSLEngine_beginHandshake() throws Exception {
        TestSSLContext build = TestSSLContext.newBuilder().clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).build();
        try {
            build.clientContext.createSSLEngine().beginHandshake();
            Assert.fail();
        } catch (IllegalStateException e) {
        }
        build.close();
        TestSSLEnginePair create = TestSSLEnginePair.create();
        assertConnected(create);
        create.close();
    }

    @Test
    public void test_SSLEngine_beginHandshake_noKeyStore() throws Exception {
        SSLContext sSLContext = SSLContext.getInstance(this.clientVersion);
        sSLContext.init(null, null, null);
        SSLContext sSLContext2 = SSLContext.getInstance(this.serverVersion);
        sSLContext2.init(null, null, null);
        TestSSLContext build = TestSSLContext.newBuilder().useDefaults(false).clientContext(sSLContext).serverContext(sSLContext2).build();
        SSLEngine[] sSLEngineArr = null;
        try {
            sSLEngineArr = TestSSLEnginePair.connect(build, null);
            Assert.fail();
            if (sSLEngineArr != null) {
                TestSSLEnginePair.close(sSLEngineArr);
            }
        } catch (SSLHandshakeException e) {
            if (sSLEngineArr != null) {
                TestSSLEnginePair.close(sSLEngineArr);
            }
        } catch (Throwable th) {
            if (sSLEngineArr != null) {
                TestSSLEnginePair.close(sSLEngineArr);
            }
            throw th;
        }
        build.close();
    }

    @Test
    public void test_SSLEngine_beginHandshake_noClientCertificate() throws Exception {
        TestSSLContext build = TestSSLContext.newBuilder().clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).build();
        SSLEngine[] connect = TestSSLEnginePair.connect(build, null);
        assertConnected(connect[0], connect[1]);
        build.close();
        TestSSLEnginePair.close(connect);
    }

    @Test
    public void test_SSLEngine_clientAuth() throws Exception {
        TestSSLContext build = TestSSLContext.newBuilder().clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).build();
        SSLEngine createSSLEngine = build.clientContext.createSSLEngine();
        Assert.assertFalse(createSSLEngine.getWantClientAuth());
        Assert.assertFalse(createSSLEngine.getNeedClientAuth());
        createSSLEngine.setWantClientAuth(true);
        Assert.assertTrue(createSSLEngine.getWantClientAuth());
        Assert.assertFalse(createSSLEngine.getNeedClientAuth());
        createSSLEngine.setNeedClientAuth(true);
        Assert.assertFalse(createSSLEngine.getWantClientAuth());
        Assert.assertTrue(createSSLEngine.getNeedClientAuth());
        createSSLEngine.setWantClientAuth(true);
        Assert.assertTrue(createSSLEngine.getWantClientAuth());
        Assert.assertFalse(createSSLEngine.getNeedClientAuth());
        TestSSLContext build2 = new TestSSLContext.Builder().client(TestKeyStore.getClientCertificate()).server(TestKeyStore.getServer()).clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).build();
        TestSSLEnginePair create = TestSSLEnginePair.create(build2, new TestSSLEnginePair.Hooks() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineVersionCompatibilityTest.1
            @Override // com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair.Hooks
            void beforeBeginHandshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
                sSLEngine2.setWantClientAuth(true);
            }
        });
        assertConnected(create);
        Assert.assertNotNull(create.client.getSession().getLocalCertificates());
        TestKeyStore.assertChainLength(create.client.getSession().getLocalCertificates());
        TestSSLContext.assertClientCertificateChain(build2.clientTrustManager, create.client.getSession().getLocalCertificates());
        build2.close();
        build.close();
        create.close();
    }

    @Test
    public void test_SSLEngine_clientAuthWantedNoClientCert() throws Exception {
        TestSSLContext build = new TestSSLContext.Builder().client(TestKeyStore.getClient()).server(TestKeyStore.getServer()).clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).build();
        TestSSLEnginePair create = TestSSLEnginePair.create(build, new TestSSLEnginePair.Hooks() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineVersionCompatibilityTest.2
            @Override // com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair.Hooks
            void beforeBeginHandshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
                sSLEngine2.setWantClientAuth(true);
            }
        });
        assertConnected(create);
        build.close();
        create.close();
    }

    @Test
    public void test_SSLEngine_clientAuthNeededNoClientCert() throws Exception {
        TestSSLContext build = new TestSSLContext.Builder().client(TestKeyStore.getClient()).server(TestKeyStore.getServer()).clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).build();
        TestSSLEnginePair testSSLEnginePair = null;
        try {
            testSSLEnginePair = TestSSLEnginePair.create(build, new TestSSLEnginePair.Hooks() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineVersionCompatibilityTest.3
                @Override // com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair.Hooks
                void beforeBeginHandshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
                    sSLEngine2.setNeedClientAuth(true);
                }
            });
            Assert.fail();
            build.close();
            if (testSSLEnginePair != null) {
                testSSLEnginePair.close();
            }
        } catch (SSLException e) {
            build.close();
            if (testSSLEnginePair != null) {
                testSSLEnginePair.close();
            }
        } catch (Throwable th) {
            build.close();
            if (testSSLEnginePair != null) {
                testSSLEnginePair.close();
            }
            throw th;
        }
    }

    @Test
    public void test_SSLEngine_endpointVerification_Success() throws Exception {
        TestUtils.assumeSetEndpointIdentificationAlgorithmAvailable();
        HostnameVerifier defaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
        HttpsURLConnection.setDefaultHostnameVerifier(new TestHostnameVerifier());
        try {
            TestSSLContext build = TestSSLContext.newBuilder().clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).build();
            assertConnected(TestSSLEnginePair.create(build, new TestSSLEnginePair.Hooks() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineVersionCompatibilityTest.4
                @Override // com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair.Hooks
                void beforeBeginHandshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
                    SSLParameters sSLParameters = sSLEngine.getSSLParameters();
                    sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
                    sSLEngine.setSSLParameters(sSLParameters);
                }
            }));
            build.close();
            HttpsURLConnection.setDefaultHostnameVerifier(defaultHostnameVerifier);
        } catch (Throwable th) {
            HttpsURLConnection.setDefaultHostnameVerifier(defaultHostnameVerifier);
            throw th;
        }
    }

    @Test
    public void test_TestSSLEnginePair_create() throws Exception {
        TestSSLEnginePair create = TestSSLEnginePair.create(TestSSLContext.newBuilder().clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).build());
        Assert.assertNotNull(create.c);
        Assert.assertNotNull(create.server);
        Assert.assertNotNull(create.client);
        assertConnected(create);
        create.close();
    }

    @Test
    public void test_SSLEngine_Multiple_Thread_Success() throws Exception {
        final TestSSLEnginePair create = TestSSLEnginePair.create(TestSSLContext.newBuilder().clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).build());
        try {
            assertConnected(create);
            final CountDownLatch countDownLatch = new CountDownLatch(2);
            ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(2);
            Future submit = newFixedThreadPool.submit(new Callable<Void>() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineVersionCompatibilityTest.5
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Void call() throws Exception {
                    countDownLatch.countDown();
                    for (int i = 0; i < 1000; i++) {
                        SSLEngineVersionCompatibilityTest.assertSendsCorrectly("This is the client. Hello!".getBytes(TestUtils.UTF_8), create.client, create.server, false);
                    }
                    return null;
                }
            });
            Future submit2 = newFixedThreadPool.submit(new Callable<Void>() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineVersionCompatibilityTest.6
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Void call() throws Exception {
                    countDownLatch.countDown();
                    for (int i = 0; i < 1000; i++) {
                        SSLEngineVersionCompatibilityTest.assertSendsCorrectly("This is the server. Hi!".getBytes(TestUtils.UTF_8), create.server, create.client, false);
                    }
                    return null;
                }
            });
            newFixedThreadPool.shutdown();
            submit.get();
            submit2.get();
            create.close();
        } catch (Throwable th) {
            create.close();
            throw th;
        }
    }

    @Test
    public void test_SSLEngine_CloseOutbound() throws Exception {
        TestSSLEnginePair create = TestSSLEnginePair.create(TestSSLContext.newBuilder().clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).build());
        try {
            assertConnected(create);
            create.client.closeOutbound();
            ByteBuffer allocate = ByteBuffer.allocate(create.client.getSession().getPacketBufferSize());
            SSLEngineResult wrap = create.client.wrap(ByteBuffer.wrap(new byte[0]), allocate);
            Assert.assertEquals(SSLEngineResult.Status.CLOSED, wrap.getStatus());
            Assert.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, wrap.getHandshakeStatus());
            Assert.assertTrue(wrap.bytesProduced() > 0);
            allocate.flip();
            SSLEngineResult unwrap = create.server.unwrap(allocate, ByteBuffer.allocate(create.server.getSession().getApplicationBufferSize()));
            Assert.assertEquals(SSLEngineResult.Status.CLOSED, unwrap.getStatus());
            Assert.assertEquals(SSLEngineResult.HandshakeStatus.NEED_WRAP, unwrap.getHandshakeStatus());
            ByteBuffer allocate2 = ByteBuffer.allocate(create.server.getSession().getPacketBufferSize());
            SSLEngineResult wrap2 = create.server.wrap(ByteBuffer.wrap(new byte[0]), allocate2);
            Assert.assertEquals(SSLEngineResult.Status.CLOSED, wrap2.getStatus());
            Assert.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, wrap2.getHandshakeStatus());
            Assert.assertTrue(wrap2.bytesProduced() > 0);
            allocate2.flip();
            SSLEngineResult unwrap2 = create.client.unwrap(allocate2, ByteBuffer.allocate(create.client.getSession().getApplicationBufferSize()));
            Assert.assertEquals(SSLEngineResult.Status.CLOSED, unwrap2.getStatus());
            Assert.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, unwrap2.getHandshakeStatus());
            Assert.assertTrue(create.client.isInboundDone() && create.client.isOutboundDone());
            Assert.assertTrue(create.server.isInboundDone() && create.server.isOutboundDone());
            create.close();
        } catch (Throwable th) {
            create.close();
            throw th;
        }
    }

    @Test
    public void test_SSLEngine_Closed() throws Exception {
        TestSSLEnginePair create = TestSSLEnginePair.create(TestSSLContext.newBuilder().clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).build());
        create.close();
        ByteBuffer allocate = ByteBuffer.allocate(create.client.getSession().getPacketBufferSize());
        Assert.assertEquals(SSLEngineResult.Status.CLOSED, create.client.wrap(ByteBuffer.wrap(new byte[]{1}), allocate).getStatus());
        Assert.assertEquals(0L, r0.bytesConsumed());
        Assert.assertNotEquals(0L, r0.bytesProduced());
        Assert.assertEquals(SSLEngineResult.Status.CLOSED, create.client.unwrap(ByteBuffer.wrap(new byte[]{1}), allocate).getStatus());
        Assert.assertEquals(0L, r0.bytesConsumed());
        Assert.assertEquals(0L, r0.bytesProduced());
    }

    @Test
    public void test_SSLEngine_ClientHello_record_size() throws Exception {
        SSLContext sSLContext = SSLContext.getInstance(this.clientVersion);
        sSLContext.init(null, null, null);
        SSLEngine createSSLEngine = sSLContext.createSSLEngine();
        createSSLEngine.setUseClientMode(true);
        Conscrypt.setHostname(createSSLEngine, "sslenginetest.androidcts.google.com");
        Conscrypt.setUseSessionTickets(createSSLEngine, true);
        TlsRecord parseRecord = TlsTester.parseRecord(getFirstChunk(createSSLEngine));
        Assert.assertEquals("TLS record type", 22L, parseRecord.type);
        Assert.assertEquals("HandshakeMessage type", 1L, HandshakeMessage.read(new DataInputStream(new ByteArrayInputStream(parseRecord.fragment))).type);
        int length = parseRecord.fragment.length;
        if (length < 256 || length > 511) {
            return;
        }
        Assert.fail("Fragment containing ClientHello is of dangerous length: " + length + " bytes");
    }

    @Test
    public void test_SSLEngine_ClientHello_SNI() throws Exception {
        SSLContext sSLContext = SSLContext.getInstance(this.clientVersion);
        sSLContext.init(null, null, null);
        SSLEngine createSSLEngine = sSLContext.createSSLEngine();
        createSSLEngine.setUseClientMode(true);
        Conscrypt.setHostname(createSSLEngine, "sslenginetest.androidcts.google.com");
        ServerNameHelloExtension serverNameHelloExtension = (ServerNameHelloExtension) TlsTester.parseClientHello(getFirstChunk(createSSLEngine)).findExtensionByType(0);
        Assert.assertNotNull(serverNameHelloExtension);
        Assert.assertEquals(Arrays.asList("sslenginetest.androidcts.google.com"), serverNameHelloExtension.hostnames);
    }

    @Test
    public void test_SSLEngine_ClientHello_ALPN() throws Exception {
        String[] strArr = {"h2", "http/1.1"};
        SSLContext sSLContext = SSLContext.getInstance(this.clientVersion);
        sSLContext.init(null, null, null);
        SSLEngine createSSLEngine = sSLContext.createSSLEngine();
        createSSLEngine.setUseClientMode(true);
        Conscrypt.setApplicationProtocols(createSSLEngine, strArr);
        AlpnHelloExtension alpnHelloExtension = (AlpnHelloExtension) TlsTester.parseClientHello(getFirstChunk(createSSLEngine)).findExtensionByType(16);
        Assert.assertNotNull(alpnHelloExtension);
        Assert.assertEquals(Arrays.asList(strArr), alpnHelloExtension.protocols);
    }

    private static byte[] getFirstChunk(SSLEngine sSLEngine) throws SSLException {
        ByteBuffer allocate = ByteBuffer.allocate(65536);
        sSLEngine.wrap(EMPTY_BUFFER, allocate);
        allocate.flip();
        byte[] bArr = new byte[allocate.limit()];
        allocate.get(bArr);
        return bArr;
    }

    @Test
    public void test_SSLEngine_TlsUnique() throws Exception {
        assumeTlsV1_2Connection();
        TestSSLEnginePair create = TestSSLEnginePair.create(TestSSLContext.newBuilder().clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).build(), new TestSSLEnginePair.Hooks() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineVersionCompatibilityTest.7
            @Override // com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair.Hooks
            void beforeBeginHandshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
                Assert.assertNull(Conscrypt.getTlsUnique(sSLEngine));
                Assert.assertNull(Conscrypt.getTlsUnique(sSLEngine2));
            }
        });
        try {
            assertConnected(create);
            byte[] tlsUnique = Conscrypt.getTlsUnique(create.client);
            byte[] tlsUnique2 = Conscrypt.getTlsUnique(create.server);
            Assert.assertNotNull(tlsUnique);
            Assert.assertNotNull(tlsUnique2);
            Assert.assertArrayEquals(tlsUnique, tlsUnique2);
            create.close();
        } catch (Throwable th) {
            create.close();
            throw th;
        }
    }

    @Test
    public void test_SSLEngine_EKM() throws Exception {
        TestSSLEnginePair create = TestSSLEnginePair.create(TestSSLContext.newBuilder().clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).build(), new TestSSLEnginePair.Hooks() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineVersionCompatibilityTest.8
            @Override // com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair.Hooks
            void beforeBeginHandshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
                try {
                    Assert.assertNull(Conscrypt.exportKeyingMaterial(sSLEngine, "FOO", (byte[]) null, 20));
                    Assert.assertNull(Conscrypt.exportKeyingMaterial(sSLEngine2, "FOO", (byte[]) null, 20));
                } catch (SSLException e) {
                    throw new RuntimeException(e);
                }
            }
        });
        try {
            assertConnected(create);
            byte[] exportKeyingMaterial = Conscrypt.exportKeyingMaterial(create.client, "FOO", (byte[]) null, 20);
            byte[] exportKeyingMaterial2 = Conscrypt.exportKeyingMaterial(create.server, "FOO", (byte[]) null, 20);
            Assert.assertNotNull(exportKeyingMaterial);
            Assert.assertNotNull(exportKeyingMaterial2);
            Assert.assertEquals(20L, exportKeyingMaterial.length);
            Assert.assertEquals(20L, exportKeyingMaterial2.length);
            Assert.assertArrayEquals(exportKeyingMaterial, exportKeyingMaterial2);
            byte[] exportKeyingMaterial3 = Conscrypt.exportKeyingMaterial(create.client, "FOO", new byte[0], 20);
            byte[] exportKeyingMaterial4 = Conscrypt.exportKeyingMaterial(create.server, "FOO", new byte[0], 20);
            Assert.assertNotNull(exportKeyingMaterial3);
            Assert.assertNotNull(exportKeyingMaterial4);
            Assert.assertEquals(20L, exportKeyingMaterial3.length);
            Assert.assertEquals(20L, exportKeyingMaterial4.length);
            Assert.assertArrayEquals(exportKeyingMaterial3, exportKeyingMaterial4);
            if ("TLSv1.2".equals(negotiatedVersion())) {
                Assert.assertFalse(Arrays.equals(exportKeyingMaterial, exportKeyingMaterial3));
            } else {
                Assert.assertTrue(Arrays.equals(exportKeyingMaterial, exportKeyingMaterial3));
            }
        } finally {
            create.close();
        }
    }

    @Test
    public void test_SSLEngine_Exception() throws Exception {
        boolean handshakeStep;
        C1ThrowingTrustManager c1ThrowingTrustManager = new C1ThrowingTrustManager(TestSSLContext.create());
        TestSSLContext build = TestSSLContext.newBuilder().clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).clientTrustManager(c1ThrowingTrustManager).build();
        SSLSession session = build.clientContext.createSSLEngine().getSession();
        int packetBufferSize = session.getPacketBufferSize();
        ByteBuffer allocate = ByteBuffer.allocate(packetBufferSize);
        ByteBuffer allocate2 = ByteBuffer.allocate(packetBufferSize);
        ByteBuffer allocate3 = ByteBuffer.allocate(session.getApplicationBufferSize());
        SSLEngine createSSLEngine = build.clientContext.createSSLEngine(build.host.getHostName(), build.port);
        SSLEngine createSSLEngine2 = build.serverContext.createSSLEngine();
        createSSLEngine.setUseClientMode(true);
        createSSLEngine2.setUseClientMode(false);
        createSSLEngine.beginHandshake();
        createSSLEngine2.beginHandshake();
        do {
            try {
                boolean z = createSSLEngine.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
                boolean z2 = createSSLEngine2.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
                if (z && z2) {
                    break;
                }
                handshakeStep = TestSSLEnginePair.handshakeStep(createSSLEngine, allocate, allocate2, allocate3, new boolean[1]) | TestSSLEnginePair.handshakeStep(createSSLEngine2, allocate2, allocate, allocate3, new boolean[1]);
                Assert.assertFalse(c1ThrowingTrustManager.threw);
            } catch (SSLHandshakeException e) {
                Assert.assertTrue(e.getCause() instanceof CertificateException);
            }
        } while (handshakeStep);
        Assert.fail();
        Assert.assertTrue(c1ThrowingTrustManager.threw);
    }

    @Test
    public void sniHandlerFailureResultsInHandshakeError() throws Exception {
        TestUtils.assumeJava8();
        try {
            TestSSLEnginePair.create(TestSSLContext.newBuilder().clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).build(), new TestSSLEnginePair.Hooks() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineVersionCompatibilityTest.9
                @Override // com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair.Hooks
                void beforeBeginHandshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
                    Conscrypt.setHostname(sSLEngine, "any.host");
                    SSLParameters sSLParameters = sSLEngine2.getSSLParameters();
                    sSLParameters.setSNIMatchers(Collections.singleton(FailingSniMatcher.create()));
                    sSLEngine2.setSSLParameters(sSLParameters);
                }
            });
            Assert.fail();
        } catch (SSLHandshakeException e) {
            Assert.assertEquals("SNI match failed: any.host", e.getMessage());
        }
    }

    @Test
    public void sniHandlerIsCalledAfterHandshakeAndBeforeServerCert() throws Exception {
        TestUtils.assumeJava8();
        final AtomicReference atomicReference = new AtomicReference();
        final AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        Assert.assertEquals(Collections.singletonList(new SNIHostName("sni.con-scry.pt")), ((ExtendedSSLSession) TestSSLEnginePair.create(TestSSLContext.newBuilder().clientProtocol(this.clientVersion).serverProtocol(this.serverVersion).server(addServerCertListener(new Runnable() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineVersionCompatibilityTest.11
            @Override // java.lang.Runnable
            public void run() {
                Assert.assertEquals("cert is loaded after sni", "sni.con-scry.pt", atomicReference.get());
                atomicBoolean.set(true);
            }
        })).build(), new TestSSLEnginePair.Hooks() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineVersionCompatibilityTest.10
            @Override // com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair.Hooks
            void beforeBeginHandshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
                Conscrypt.setHostname(sSLEngine, "sni.con-scry.pt");
                SSLParameters sSLParameters = sSLEngine2.getSSLParameters();
                sSLParameters.setSNIMatchers(Collections.singleton(new SNIMatcher(0) { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineVersionCompatibilityTest.10.1
                    @Override // javax.net.ssl.SNIMatcher
                    public boolean matches(SNIServerName sNIServerName) {
                        atomicReference.set(((SNIHostName) sNIServerName).getAsciiName());
                        return true;
                    }
                }));
                sSLEngine2.setSSLParameters(sSLParameters);
            }
        }).server.getSession()).getRequestedServerNames());
        Assert.assertEquals("sni.con-scry.pt", atomicReference.get());
        Assert.assertTrue(atomicBoolean.get());
    }

    private ByteBuffer[] splitDataIntoBuffers(byte[] bArr, int i) {
        ByteBuffer[] byteBufferArr = new ByteBuffer[((bArr.length - 1) / i) + 1];
        int i2 = 0;
        int i3 = 0;
        while (i3 < bArr.length) {
            byteBufferArr[i2] = ByteBuffer.allocate(i);
            byteBufferArr[i2].put(bArr, i3, Math.min(bArr.length - i3, i));
            byteBufferArr[i2].flip();
            i3 += i;
            i2++;
        }
        return byteBufferArr;
    }

    private void sendAppDataInMultipleBuffers(SSLEngine sSLEngine, SSLEngine sSLEngine2, int i, int i2) throws SSLException {
        byte[] bArr = new byte[i];
        new Random(System.currentTimeMillis()).nextBytes(bArr);
        ByteBuffer[] splitDataIntoBuffers = splitDataIntoBuffers(bArr, i2);
        int length = splitDataIntoBuffers.length;
        ByteBuffer allocateDirect = ByteBuffer.allocateDirect(sSLEngine.getSession().getPacketBufferSize());
        SSLEngineResult wrap = sSLEngine.wrap(EMPTY_BUFFER, allocateDirect);
        Assert.assertEquals(SSLEngineResult.Status.OK, wrap.getStatus());
        Assert.assertEquals(SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, wrap.getHandshakeStatus());
        Assert.assertEquals(0L, wrap.bytesConsumed());
        Assert.assertEquals(0L, wrap.bytesProduced());
        Assert.assertEquals(SSLEngineResult.Status.BUFFER_UNDERFLOW, sSLEngine2.unwrap(EMPTY_BUFFER, allocateDirect).getStatus());
        Assert.assertEquals(0L, r0.bytesConsumed());
        Assert.assertEquals(0L, r0.bytesProduced());
        int i3 = 0;
        int i4 = 0;
        ByteBuffer allocate = ByteBuffer.allocate(i);
        while (i3 < i) {
            String format = String.format("sendData: dataSize=%d, bufSize=%d", Integer.valueOf(i), Integer.valueOf(i2));
            allocateDirect.clear();
            SSLEngineResult wrap2 = sSLEngine.wrap(splitDataIntoBuffers, 0, length, allocateDirect);
            Assert.assertEquals(format, SSLEngineResult.Status.OK, wrap2.getStatus());
            i3 += wrap2.bytesConsumed();
            allocateDirect.flip();
            SSLEngineResult unwrap = sSLEngine2.unwrap(allocateDirect, allocate);
            Assert.assertEquals(format, SSLEngineResult.Status.OK, unwrap.getStatus());
            i4 += unwrap.bytesProduced();
        }
        Assert.assertEquals(i, i3);
        Assert.assertEquals(i, i4);
        allocate.flip();
        Assert.assertArrayEquals(bArr, allocate.array());
    }

    @Test
    public void multipleBuffersOfDifferentSizes() throws Exception {
        TestSSLEnginePair create = TestSSLEnginePair.create();
        int applicationBufferSize = create.client.getSession().getApplicationBufferSize();
        int[] iArr = {12, 512, 555, 1500, 8192, applicationBufferSize, 5 * applicationBufferSize};
        int[] iArr2 = {53, 512, 8192, applicationBufferSize, applicationBufferSize - 53, applicationBufferSize + 53, 5 * applicationBufferSize};
        for (int i : iArr) {
            for (int i2 : iArr2) {
                sendAppDataInMultipleBuffers(create.client, create.server, i, i2);
                sendAppDataInMultipleBuffers(create.server, create.client, i, i2);
                sendAppDataInMultipleBuffers(create.client, create.server, i, i2);
                sendAppDataInMultipleBuffers(create.server, create.client, i, i2);
            }
        }
    }

    private TestKeyStore addServerCertListener(final Runnable runnable) {
        TestKeyStore copy = TestKeyStore.getServer().copy();
        copy.keyManagers[0] = new ForwardingX509ExtendedKeyManager((X509ExtendedKeyManager) copy.keyManagers[0]) { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineVersionCompatibilityTest.12
            @Override // com.android.org.conscrypt.javax.net.ssl.ForwardingX509ExtendedKeyManager, javax.net.ssl.X509ExtendedKeyManager
            public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
                runnable.run();
                return super.chooseEngineServerAlias(str, principalArr, sSLEngine);
            }
        };
        return copy;
    }

    private void assertConnected(TestSSLEnginePair testSSLEnginePair) {
        assertConnected(testSSLEnginePair.client, testSSLEnginePair.server);
    }

    private void assertConnected(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
        Assert.assertTrue(connected(sSLEngine, sSLEngine2));
    }

    private boolean connected(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
        return (sSLEngine.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING || sSLEngine2.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING || sSLEngine.getSession() == null || sSLEngine2.getSession() == null || sSLEngine.isInboundDone() || sSLEngine2.isInboundDone() || sSLEngine.isOutboundDone() || sSLEngine2.isOutboundDone()) ? false : true;
    }

    private void assumeTlsV1_2Connection() {
        Assume.assumeTrue("TLSv1.2".equals(negotiatedVersion()));
    }

    private String negotiatedVersion() {
        return (this.clientVersion.equals("TLSv1.3") && this.serverVersion.equals("TLSv1.3")) ? "TLSv1.3" : "TLSv1.2";
    }
}
