package com.android.org.conscrypt.javax.net.ssl;

import com.android.org.conscrypt.TestUtils;
import com.android.org.conscrypt.java.security.StandardNames;
import com.android.org.conscrypt.java.security.TestKeyStore;
import com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair;
import java.io.IOException;
import java.net.Socket;
import java.nio.ByteBuffer;
import java.nio.ReadOnlyBufferException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;

@RunWith(JUnit4.class)
/* loaded from: input_file:com/android/org/conscrypt/javax/net/ssl/SSLEngineTest.class */
public class SSLEngineTest {
    @Test
    public void test_SSLEngine_defaultConfiguration() throws Exception {
        SSLConfigurationAsserts.assertSSLEngineDefaultConfiguration(TestSSLContext.create().clientContext.createSSLEngine());
    }

    @Test
    public void test_SSLEngine_getSupportedCipherSuites_returnsCopies() throws Exception {
        TestSSLContext create = TestSSLContext.create();
        SSLEngine createSSLEngine = create.clientContext.createSSLEngine();
        Assert.assertNotSame(createSSLEngine.getSupportedCipherSuites(), createSSLEngine.getSupportedCipherSuites());
        create.close();
    }

    @Test
    public void test_SSLEngine_getSupportedCipherSuites_connect() throws Exception {
        TestKeyStore build = new TestKeyStore.Builder().keyAlgorithms("RSA", "DSA", "EC", "EC_RSA").aliasPrefix("rsa-dsa-ec").ca(true).build();
        test_SSLEngine_getSupportedCipherSuites_connect(build, false);
        test_SSLEngine_getSupportedCipherSuites_connect(build, true);
    }

    @Test
    public void test_SSLEngine_underflowsOnEmptyBuffersDuringHandshake() throws Exception {
        SSLEngine createSSLEngine = SSLContext.getDefault().createSSLEngine();
        createSSLEngine.setUseClientMode(false);
        ByteBuffer allocate = ByteBuffer.allocate(1024);
        allocate.flip();
        ByteBuffer allocate2 = ByteBuffer.allocate(1024);
        createSSLEngine.beginHandshake();
        Assert.assertEquals(SSLEngineResult.HandshakeStatus.NEED_UNWRAP, createSSLEngine.getHandshakeStatus());
        SSLEngineResult unwrap = createSSLEngine.unwrap(allocate, allocate2);
        Assert.assertEquals(SSLEngineResult.Status.BUFFER_UNDERFLOW, unwrap.getStatus());
        Assert.assertEquals(SSLEngineResult.HandshakeStatus.NEED_UNWRAP, unwrap.getHandshakeStatus());
    }

    @Test
    public void test_SSLEngine_underflowsOnEmptyBuffersAfterHandshake() throws Exception {
        TestSSLEnginePair create = TestSSLEnginePair.create();
        ByteBuffer allocate = ByteBuffer.allocate(1024);
        allocate.flip();
        Assert.assertEquals(SSLEngineResult.Status.BUFFER_UNDERFLOW, create.client.unwrap(allocate, ByteBuffer.allocate(1024)).getStatus());
    }

    @Test
    public void test_SSLEngine_wrap_overflowOnEmptyOutputBuffer() throws Exception {
        TestSSLEnginePair create = TestSSLEnginePair.create();
        ByteBuffer allocate = ByteBuffer.allocate(10);
        ByteBuffer allocate2 = ByteBuffer.allocate(1024);
        allocate2.flip();
        Assert.assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, create.client.wrap(allocate, allocate2).getStatus());
    }

    @Test
    public void test_SSLEngine_unwrap_overflowOnEmptyOutputBuffer() throws Exception {
        TestSSLEnginePair create = TestSSLEnginePair.create();
        ByteBuffer allocate = ByteBuffer.allocate(10);
        ByteBuffer allocate2 = ByteBuffer.allocate(1024);
        Assert.assertEquals(SSLEngineResult.Status.OK, create.client.wrap(allocate, allocate2).getStatus());
        allocate2.flip();
        ByteBuffer allocate3 = ByteBuffer.allocate(1024);
        allocate3.flip();
        Assert.assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, create.server.unwrap(allocate2, allocate3).getStatus());
    }

    private void test_SSLEngine_getSupportedCipherSuites_connect(TestKeyStore testKeyStore, boolean z) throws Exception {
        KeyManager conscryptPSKKeyManager = PSKKeyManagerProxy.getConscryptPSKKeyManager(new PSKKeyManagerProxy() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineTest.1
            @Override // com.android.org.conscrypt.javax.net.ssl.PSKKeyManagerProxy
            protected SecretKey getKey(String str, String str2, SSLEngine sSLEngine) {
                return new SecretKeySpec("Just an arbitrary key".getBytes(TestUtils.UTF_8), "RAW");
            }
        });
        TestSSLContext build = TestSSLContext.newBuilder().client(testKeyStore).server(testKeyStore).clientProtocol("TLSv1.2").serverProtocol("TLSv1.2").additionalClientKeyManagers(new KeyManager[]{conscryptPSKKeyManager}).additionalServerKeyManagers(new KeyManager[]{conscryptPSKKeyManager}).build();
        RandomPrivateKeyX509ExtendedKeyManager randomPrivateKeyX509ExtendedKeyManager = null;
        KeyManager[] keyManagerArr = build.serverKeyManagers;
        int length = keyManagerArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            KeyManager keyManager = keyManagerArr[i];
            if (keyManager instanceof X509ExtendedKeyManager) {
                randomPrivateKeyX509ExtendedKeyManager = new RandomPrivateKeyX509ExtendedKeyManager((X509ExtendedKeyManager) keyManager);
                break;
            }
            i++;
        }
        if (randomPrivateKeyX509ExtendedKeyManager == null) {
            Assert.fail("No X509ExtendedKeyManager in c.serverKeyManagers");
        }
        int i2 = -1;
        int i3 = 0;
        while (true) {
            if (i3 >= testKeyStore.keyManagers.length) {
                break;
            }
            if (testKeyStore.keyManagers[i3] instanceof X509ExtendedKeyManager) {
                i2 = i3;
                break;
            }
            i3++;
        }
        if (i2 == -1) {
            Assert.fail("No X509ExtendedKeyManager in testKeyStore.keyManagers");
        }
        KeyManager keyManager2 = testKeyStore.keyManagers[i2];
        testKeyStore.keyManagers[i2] = randomPrivateKeyX509ExtendedKeyManager;
        TestSSLContext create = TestSSLContext.create(testKeyStore, testKeyStore);
        testKeyStore.keyManagers[i2] = keyManager2;
        StringBuilder sb = new StringBuilder();
        for (String str : build.clientContext.createSSLEngine().getSupportedCipherSuites()) {
            try {
                if (!StandardNames.IS_RI || !"TLSv1.2".equals(build.clientContext.getProtocol()) || !StandardNames.CIPHER_SUITES_OBSOLETE_TLS12.contains(str)) {
                    if (!str.equals(StandardNames.CIPHER_SUITE_SECURE_RENEGOTIATION) && !str.equals(StandardNames.CIPHER_SUITE_FALLBACK)) {
                        if (!StandardNames.CIPHER_SUITES_TLS13.contains(str)) {
                            final String[] strArr = z ? new String[]{str, StandardNames.CIPHER_SUITE_SECURE_RENEGOTIATION} : new String[]{str};
                            TestSSLEnginePair testSSLEnginePair = null;
                            try {
                                testSSLEnginePair = TestSSLEnginePair.create(build, new TestSSLEnginePair.Hooks() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineTest.2
                                    @Override // com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair.Hooks
                                    void beforeBeginHandshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
                                        sSLEngine.setEnabledCipherSuites(strArr);
                                        sSLEngine2.setEnabledCipherSuites(strArr);
                                    }
                                });
                                assertConnected(testSSLEnginePair);
                                boolean z2 = "TLS".equalsIgnoreCase(build.clientContext.getProtocol()) && str.contains("_CBC_");
                                assertSendsCorrectly("This is the client. Hello!".getBytes(TestUtils.UTF_8), testSSLEnginePair.client, testSSLEnginePair.server, z2);
                                assertSendsCorrectly("This is the server. Hi!".getBytes(TestUtils.UTF_8), testSSLEnginePair.server, testSSLEnginePair.client, z2);
                                if (testSSLEnginePair != null) {
                                    testSSLEnginePair.close();
                                }
                                boolean z3 = true;
                                if (str.contains("_anon_")) {
                                    z3 = false;
                                } else if (str.startsWith("TLS_PSK_") || str.startsWith("TLS_ECDHE_PSK_")) {
                                    z3 = false;
                                }
                                if (z3) {
                                    TestSSLEnginePair testSSLEnginePair2 = null;
                                    try {
                                        try {
                                            testSSLEnginePair2 = TestSSLEnginePair.create(create, new TestSSLEnginePair.Hooks() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineTest.3
                                                @Override // com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair.Hooks
                                                void beforeBeginHandshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
                                                    sSLEngine.setEnabledCipherSuites(strArr);
                                                    sSLEngine2.setEnabledCipherSuites(strArr);
                                                }
                                            });
                                            assertNotConnected(testSSLEnginePair2);
                                            if (testSSLEnginePair2 != null) {
                                                testSSLEnginePair2.close();
                                            }
                                        } catch (IOException e) {
                                            if (testSSLEnginePair2 != null) {
                                                testSSLEnginePair2.close();
                                            }
                                        }
                                    } finally {
                                    }
                                }
                            } finally {
                            }
                        }
                    }
                }
            } catch (Exception e2) {
                String str2 = "Problem trying to connect cipher suite " + str;
                System.out.println(str2);
                e2.printStackTrace();
                sb.append(str2);
                sb.append('\n');
            }
        }
        build.close();
        if (sb.length() > 0) {
            throw new Exception("One or more problems in test_SSLEngine_getSupportedCipherSuites_connect:\n" + ((Object) sb));
        }
    }

    private static void assertSendsCorrectly(byte[] bArr, SSLEngine sSLEngine, SSLEngine sSLEngine2, boolean z) throws SSLException {
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        ByteBuffer allocate = ByteBuffer.allocate(sSLEngine.getSession().getPacketBufferSize());
        SSLEngineResult wrap2 = sSLEngine.wrap(wrap, allocate);
        allocate.flip();
        String cipherSuite = sSLEngine.getSession().getCipherSuite();
        Assert.assertEquals(cipherSuite, bArr.length, wrap2.bytesConsumed());
        Assert.assertEquals(cipherSuite, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, wrap2.getHandshakeStatus());
        ByteBuffer allocate2 = ByteBuffer.allocate(sSLEngine2.getSession().getApplicationBufferSize());
        int i = 0;
        while (allocate2.position() != wrap.limit()) {
            Assert.assertEquals(cipherSuite, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, sSLEngine2.unwrap(allocate, allocate2).getHandshakeStatus());
            if (z && i == 0) {
                Assert.assertEquals(cipherSuite, 1L, r0.bytesProduced());
            }
            i++;
        }
        allocate2.flip();
        byte[] bArr2 = new byte[allocate2.remaining()];
        allocate2.get(bArr2);
        Assert.assertEquals(cipherSuite, Arrays.toString(bArr), Arrays.toString(bArr2));
        if (z) {
            Assert.assertEquals(cipherSuite, 2L, i);
        } else {
            Assert.assertEquals(cipherSuite, 1L, i);
            assertSendsCorrectlyWhenSplit(bArr, sSLEngine, sSLEngine2);
        }
    }

    private static void assertSendsCorrectlyWhenSplit(byte[] bArr, SSLEngine sSLEngine, SSLEngine sSLEngine2) throws SSLException {
        int length = bArr.length;
        ByteBuffer[] byteBufferArr = {ByteBuffer.wrap(bArr, 0, length / 3), ByteBuffer.wrap(bArr, length / 3, length / 3), ByteBuffer.wrap(bArr, 2 * (length / 3), length - (2 * (length / 3)))};
        ByteBuffer allocate = ByteBuffer.allocate(sSLEngine.getSession().getPacketBufferSize());
        SSLEngineResult wrap = sSLEngine.wrap(byteBufferArr, allocate);
        allocate.flip();
        String cipherSuite = sSLEngine.getSession().getCipherSuite();
        Assert.assertEquals(cipherSuite, bArr.length, wrap.bytesConsumed());
        Assert.assertEquals(cipherSuite, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, wrap.getHandshakeStatus());
        ByteBuffer allocate2 = ByteBuffer.allocate(sSLEngine2.getSession().getApplicationBufferSize());
        while (allocate2.position() != bArr.length) {
            Assert.assertEquals(cipherSuite, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, sSLEngine2.unwrap(allocate, allocate2).getHandshakeStatus());
        }
        allocate2.flip();
        byte[] bArr2 = new byte[allocate2.remaining()];
        allocate2.get(bArr2);
        Assert.assertEquals(cipherSuite, Arrays.toString(bArr), Arrays.toString(bArr2));
    }

    @Test
    public void test_SSLEngine_getEnabledCipherSuites_returnsCopies() throws Exception {
        TestSSLContext create = TestSSLContext.create();
        SSLEngine createSSLEngine = create.clientContext.createSSLEngine();
        Assert.assertNotSame(createSSLEngine.getEnabledCipherSuites(), createSSLEngine.getEnabledCipherSuites());
        create.close();
    }

    @Test
    public void test_SSLEngine_setEnabledCipherSuites_storesCopy() throws Exception {
        SSLEngine createSSLEngine = TestSSLContext.create().clientContext.createSSLEngine();
        String[] strArr = {createSSLEngine.getEnabledCipherSuites()[0]};
        String str = strArr[0];
        createSSLEngine.setEnabledCipherSuites(strArr);
        strArr[0] = "Modified after having been set";
        Assert.assertEquals(str, createSSLEngine.getEnabledCipherSuites()[0]);
    }

    @Test
    public void test_SSLEngine_setEnabledCipherSuites_TLS12() throws Exception {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, null, null);
        SSLEngine createSSLEngine = sSLContext.createSSLEngine();
        try {
            createSSLEngine.setEnabledCipherSuites(null);
            Assert.fail();
        } catch (IllegalArgumentException e) {
        }
        try {
            createSSLEngine.setEnabledCipherSuites(new String[1]);
            Assert.fail();
        } catch (IllegalArgumentException e2) {
        }
        try {
            createSSLEngine.setEnabledCipherSuites(new String[]{"Bogus"});
            Assert.fail();
        } catch (IllegalArgumentException e3) {
        }
        createSSLEngine.setEnabledCipherSuites(new String[0]);
        createSSLEngine.setEnabledCipherSuites(createSSLEngine.getEnabledCipherSuites());
        createSSLEngine.setEnabledCipherSuites(createSSLEngine.getSupportedCipherSuites());
        String[] strArr = {TestUtils.pickArbitraryNonTls13Suite(createSSLEngine.getSupportedCipherSuites())};
        createSSLEngine.setEnabledCipherSuites(strArr);
        Assert.assertEquals(Arrays.asList(strArr), Arrays.asList(createSSLEngine.getEnabledCipherSuites()));
    }

    @Test
    public void test_SSLEngine_setEnabledCipherSuites_TLS13() throws Exception {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.3");
        sSLContext.init(null, null, null);
        SSLEngine createSSLEngine = sSLContext.createSSLEngine();
        Assert.assertTrue(new HashSet(Arrays.asList(createSSLEngine.getEnabledCipherSuites())).containsAll(StandardNames.CIPHER_SUITES_TLS13));
        createSSLEngine.setEnabledCipherSuites(new String[0]);
        Assert.assertTrue(new HashSet(Arrays.asList(createSSLEngine.getEnabledCipherSuites())).containsAll(StandardNames.CIPHER_SUITES_TLS13));
        createSSLEngine.setEnabledCipherSuites(new String[]{TestUtils.pickArbitraryNonTls13Suite(createSSLEngine.getSupportedCipherSuites())});
        Assert.assertTrue(new HashSet(Arrays.asList(createSSLEngine.getEnabledCipherSuites())).containsAll(StandardNames.CIPHER_SUITES_TLS13));
        createSSLEngine.setEnabledProtocols(new String[]{"TLSv1.2"});
        Assert.assertFalse(new HashSet(Arrays.asList(createSSLEngine.getEnabledCipherSuites())).containsAll(StandardNames.CIPHER_SUITES_TLS13));
    }

    @Test
    public void test_SSLEngine_getSupportedProtocols_returnsCopies() throws Exception {
        TestSSLContext create = TestSSLContext.create();
        SSLEngine createSSLEngine = create.clientContext.createSSLEngine();
        Assert.assertNotSame(createSSLEngine.getSupportedProtocols(), createSSLEngine.getSupportedProtocols());
        create.close();
    }

    @Test
    public void test_SSLEngine_getEnabledProtocols_returnsCopies() throws Exception {
        TestSSLContext create = TestSSLContext.create();
        SSLEngine createSSLEngine = create.clientContext.createSSLEngine();
        Assert.assertNotSame(createSSLEngine.getEnabledProtocols(), createSSLEngine.getEnabledProtocols());
        create.close();
    }

    @Test
    public void test_SSLEngine_setEnabledProtocols_storesCopy() throws Exception {
        SSLEngine createSSLEngine = TestSSLContext.create().clientContext.createSSLEngine();
        String[] strArr = {createSSLEngine.getEnabledProtocols()[0]};
        String str = strArr[0];
        createSSLEngine.setEnabledProtocols(strArr);
        strArr[0] = "Modified after having been set";
        Assert.assertEquals(str, createSSLEngine.getEnabledProtocols()[0]);
    }

    @Test
    public void test_SSLEngine_setEnabledProtocols() throws Exception {
        TestSSLContext create = TestSSLContext.create();
        SSLEngine createSSLEngine = create.clientContext.createSSLEngine();
        try {
            createSSLEngine.setEnabledProtocols(null);
            Assert.fail();
        } catch (IllegalArgumentException e) {
        }
        try {
            createSSLEngine.setEnabledProtocols(new String[1]);
            Assert.fail();
        } catch (IllegalArgumentException e2) {
        }
        try {
            createSSLEngine.setEnabledProtocols(new String[]{"Bogus"});
            Assert.fail();
        } catch (IllegalArgumentException e3) {
        }
        createSSLEngine.setEnabledProtocols(new String[0]);
        createSSLEngine.setEnabledProtocols(createSSLEngine.getEnabledProtocols());
        createSSLEngine.setEnabledProtocols(createSSLEngine.getSupportedProtocols());
        for (String str : createSSLEngine.getSupportedProtocols()) {
            if ("SSLv2Hello".equals(str)) {
                try {
                    createSSLEngine.setEnabledProtocols(new String[]{str});
                    Assert.fail("Should fail when SSLv2Hello is set by itself");
                } catch (IllegalArgumentException e4) {
                }
            } else {
                String[] strArr = {str};
                createSSLEngine.setEnabledProtocols(strArr);
                Assert.assertEquals(Arrays.deepToString(strArr), Arrays.deepToString(createSSLEngine.getEnabledProtocols()));
            }
        }
        create.close();
    }

    @Test
    public void test_SSLEngine_getSession() throws Exception {
        TestSSLContext create = TestSSLContext.create();
        SSLSession session = create.clientContext.createSSLEngine().getSession();
        Assert.assertNotNull(session);
        Assert.assertFalse(session.isValid());
        create.close();
    }

    @Test
    public void test_SSLEngine_beginHandshake_redundantCalls() throws Exception {
        TestSSLContext create = TestSSLContext.create();
        SSLEngine createSSLEngine = create.clientContext.createSSLEngine(create.host.getHostName(), create.port);
        createSSLEngine.setUseClientMode(true);
        createSSLEngine.beginHandshake();
        createSSLEngine.beginHandshake();
        create.close();
    }

    @Test
    public void test_SSLEngine_getHandshakeSession_duringHandshake_client() throws Exception {
        final TestSSLContext create = TestSSLContext.create();
        final SSLEngine createSSLEngine = create.clientContext.createSSLEngine();
        final AtomicInteger atomicInteger = new AtomicInteger(0);
        TestSSLEnginePair.create(TestSSLContext.newBuilder().clientTrustManager(new X509ExtendedTrustManager() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineTest.4
            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
                throw new CertificateException("Shouldn't be called");
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
                throw new CertificateException("Shouldn't be called");
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                throw new CertificateException("Shouldn't be called");
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                try {
                    SSLSession handshakeSession = sSLEngine.getHandshakeSession();
                    Assert.assertNotNull(handshakeSession);
                    Assert.assertEquals(create.host.getHostName(), handshakeSession.getPeerHost());
                    String cipherSuite = handshakeSession.getCipherSuite();
                    Assert.assertTrue("Handshake session has invalid cipher suite: " + (cipherSuite == null ? "(null)" : cipherSuite), Arrays.asList(createSSLEngine.getEnabledCipherSuites()).contains(cipherSuite));
                    atomicInteger.incrementAndGet();
                } catch (Exception e) {
                    throw new CertificateException("Something broke", e);
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                throw new CertificateException("Shouldn't be called");
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                throw new CertificateException("Shouldn't be called");
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }).build()).close();
        Assert.assertEquals(1L, atomicInteger.get());
    }

    @Test
    public void test_SSLEngine_getHandshakeSession_duringHandshake_server() throws Exception {
        final TestSSLContext create = TestSSLContext.create();
        final SSLEngine createSSLEngine = create.clientContext.createSSLEngine();
        final AtomicInteger atomicInteger = new AtomicInteger(0);
        TestSSLEnginePair.create(TestSSLContext.newBuilder().client(TestKeyStore.getClientCertificate()).serverTrustManager(new X509ExtendedTrustManager() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineTest.5
            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
                throw new CertificateException("Shouldn't be called");
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
                throw new CertificateException("Shouldn't be called");
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                try {
                    SSLSession handshakeSession = sSLEngine.getHandshakeSession();
                    Assert.assertNotNull(handshakeSession);
                    String cipherSuite = handshakeSession.getCipherSuite();
                    Assert.assertTrue("Handshake session has invalid cipher suite: " + (cipherSuite == null ? "(null)" : cipherSuite), Arrays.asList(createSSLEngine.getEnabledCipherSuites()).contains(cipherSuite));
                    Assert.assertNotNull(handshakeSession.getLocalCertificates());
                    Assert.assertEquals("CN=localhost", ((X509Certificate) handshakeSession.getLocalCertificates()[0]).getSubjectDN().getName());
                    Assert.assertEquals("CN=Test Intermediate Certificate Authority", ((X509Certificate) handshakeSession.getLocalCertificates()[0]).getIssuerDN().getName());
                    atomicInteger.incrementAndGet();
                } catch (Exception e) {
                    throw new CertificateException("Something broke", e);
                }
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                throw new CertificateException("Shouldn't be called");
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                throw new CertificateException("Shouldn't be called");
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                throw new CertificateException("Shouldn't be called");
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return create.serverTrustManager.getAcceptedIssuers();
            }
        }).build(), new TestSSLEnginePair.Hooks() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineTest.6
            @Override // com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair.Hooks
            void beforeBeginHandshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
                sSLEngine2.setNeedClientAuth(true);
            }
        }).close();
        Assert.assertEquals(1L, atomicInteger.get());
    }

    @Test
    public void test_SSLEngine_getUseClientMode() throws Exception {
        TestSSLContext create = TestSSLContext.create();
        Assert.assertFalse(create.clientContext.createSSLEngine().getUseClientMode());
        Assert.assertFalse(create.clientContext.createSSLEngine(null, -1).getUseClientMode());
        create.close();
    }

    @Test
    public void test_SSLEngine_setUseClientMode() throws Exception {
        boolean[] zArr = new boolean[2];
        TestSSLEnginePair test_SSLEngine_setUseClientMode = test_SSLEngine_setUseClientMode(true, false, zArr);
        assertConnected(test_SSLEngine_setUseClientMode);
        Assert.assertTrue(zArr[0]);
        Assert.assertTrue(zArr[1]);
        test_SSLEngine_setUseClientMode.close();
        boolean[] zArr2 = new boolean[2];
        TestSSLEnginePair test_SSLEngine_setUseClientMode2 = test_SSLEngine_setUseClientMode(false, true, zArr2);
        assertConnected(test_SSLEngine_setUseClientMode2);
        Assert.assertTrue(zArr2[0]);
        Assert.assertTrue(zArr2[1]);
        test_SSLEngine_setUseClientMode2.close();
        TestSSLEnginePair testSSLEnginePair = null;
        try {
            testSSLEnginePair = test_SSLEngine_setUseClientMode(true, true, null);
            assertNotConnected(testSSLEnginePair);
            if (testSSLEnginePair != null) {
                testSSLEnginePair.close();
            }
        } catch (SSLHandshakeException e) {
            if (testSSLEnginePair != null) {
                testSSLEnginePair.close();
            }
        } catch (Throwable th) {
            if (testSSLEnginePair != null) {
                testSSLEnginePair.close();
            }
            throw th;
        }
        TestSSLEnginePair test_SSLEngine_setUseClientMode3 = test_SSLEngine_setUseClientMode(false, false, null);
        assertNotConnected(test_SSLEngine_setUseClientMode3);
        test_SSLEngine_setUseClientMode3.close();
    }

    @Test
    public void test_SSLEngine_setUseClientMode_afterHandshake() throws Exception {
        TestSSLEnginePair create = TestSSLEnginePair.create();
        try {
            create.server.setUseClientMode(false);
            Assert.fail();
        } catch (IllegalArgumentException e) {
        }
        try {
            create.client.setUseClientMode(false);
            Assert.fail();
        } catch (IllegalArgumentException e2) {
        }
        create.close();
    }

    private TestSSLEnginePair test_SSLEngine_setUseClientMode(final boolean z, final boolean z2, boolean[] zArr) throws Exception {
        return TestSSLEnginePair.create((z || !z2) ? TestSSLContext.create() : TestSSLContext.create(TestKeyStore.getServer(), TestKeyStore.getClient()), new TestSSLEnginePair.Hooks() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineTest.7
            @Override // com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair.Hooks
            void beforeBeginHandshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
                sSLEngine.setUseClientMode(z);
                sSLEngine2.setUseClientMode(z2);
            }
        }, zArr);
    }

    @Test
    public void test_SSLEngine_getEnableSessionCreation() throws Exception {
        TestSSLContext create = TestSSLContext.create();
        SSLEngine createSSLEngine = create.clientContext.createSSLEngine();
        Assert.assertTrue(createSSLEngine.getEnableSessionCreation());
        create.close();
        TestSSLEnginePair.close(new SSLEngine[]{createSSLEngine});
    }

    @Test
    public void test_SSLEngine_setEnableSessionCreation_server() throws Exception {
        TestSSLEnginePair testSSLEnginePair = null;
        try {
            testSSLEnginePair = TestSSLEnginePair.create(new TestSSLEnginePair.Hooks() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineTest.8
                @Override // com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair.Hooks
                void beforeBeginHandshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
                    sSLEngine2.setEnableSessionCreation(false);
                }
            });
            assertNotConnected(testSSLEnginePair);
            if (testSSLEnginePair != null) {
                testSSLEnginePair.close();
            }
        } catch (SSLException e) {
            if (testSSLEnginePair != null) {
                testSSLEnginePair.close();
            }
        } catch (Throwable th) {
            if (testSSLEnginePair != null) {
                testSSLEnginePair.close();
            }
            throw th;
        }
    }

    @Test
    public void test_SSLEngine_setEnableSessionCreation_client() throws Exception {
        TestSSLEnginePair testSSLEnginePair = null;
        try {
            testSSLEnginePair = TestSSLEnginePair.create(new TestSSLEnginePair.Hooks() { // from class: com.android.org.conscrypt.javax.net.ssl.SSLEngineTest.9
                @Override // com.android.org.conscrypt.javax.net.ssl.TestSSLEnginePair.Hooks
                void beforeBeginHandshake(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
                    sSLEngine.setEnableSessionCreation(false);
                }
            });
            Assert.fail();
            if (testSSLEnginePair != null) {
                testSSLEnginePair.close();
            }
        } catch (SSLException e) {
            if (testSSLEnginePair != null) {
                testSSLEnginePair.close();
            }
        } catch (Throwable th) {
            if (testSSLEnginePair != null) {
                testSSLEnginePair.close();
            }
            throw th;
        }
    }

    @Test
    public void test_SSLEngine_getSSLParameters() throws Exception {
        TestSSLContext create = TestSSLContext.create();
        SSLEngine createSSLEngine = create.clientContext.createSSLEngine();
        SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
        Assert.assertNotNull(sSLParameters);
        String[] cipherSuites = sSLParameters.getCipherSuites();
        Assert.assertNotSame(cipherSuites, createSSLEngine.getEnabledCipherSuites());
        Assert.assertEquals(Arrays.asList(cipherSuites), Arrays.asList(createSSLEngine.getEnabledCipherSuites()));
        String[] protocols = sSLParameters.getProtocols();
        Assert.assertNotSame(protocols, createSSLEngine.getEnabledProtocols());
        Assert.assertEquals(Arrays.asList(protocols), Arrays.asList(createSSLEngine.getEnabledProtocols()));
        Assert.assertEquals(Boolean.valueOf(sSLParameters.getWantClientAuth()), Boolean.valueOf(createSSLEngine.getWantClientAuth()));
        Assert.assertEquals(Boolean.valueOf(sSLParameters.getNeedClientAuth()), Boolean.valueOf(createSSLEngine.getNeedClientAuth()));
        create.close();
    }

    @Test
    public void test_SSLEngine_setSSLParameters() throws Exception {
        TestSSLContext create = TestSSLContext.create();
        SSLEngine createSSLEngine = create.clientContext.createSSLEngine();
        String[] enabledCipherSuites = createSSLEngine.getEnabledCipherSuites();
        String[] enabledProtocols = createSSLEngine.getEnabledProtocols();
        String[] supportedCipherSuites = createSSLEngine.getSupportedCipherSuites();
        String[] supportedProtocols = createSSLEngine.getSupportedProtocols();
        createSSLEngine.setSSLParameters(new SSLParameters());
        Assert.assertEquals(Arrays.asList(enabledCipherSuites), Arrays.asList(createSSLEngine.getEnabledCipherSuites()));
        Assert.assertEquals(Arrays.asList(enabledProtocols), Arrays.asList(createSSLEngine.getEnabledProtocols()));
        createSSLEngine.setSSLParameters(new SSLParameters(supportedCipherSuites, supportedProtocols));
        Assert.assertEquals(Arrays.asList(supportedCipherSuites), Arrays.asList(createSSLEngine.getEnabledCipherSuites()));
        Assert.assertEquals(Arrays.asList(supportedProtocols), Arrays.asList(createSSLEngine.getEnabledProtocols()));
        SSLParameters sSLParameters = new SSLParameters();
        sSLParameters.setNeedClientAuth(true);
        Assert.assertFalse(createSSLEngine.getNeedClientAuth());
        Assert.assertFalse(createSSLEngine.getWantClientAuth());
        createSSLEngine.setSSLParameters(sSLParameters);
        Assert.assertTrue(createSSLEngine.getNeedClientAuth());
        Assert.assertFalse(createSSLEngine.getWantClientAuth());
        sSLParameters.setWantClientAuth(true);
        Assert.assertTrue(createSSLEngine.getNeedClientAuth());
        Assert.assertFalse(createSSLEngine.getWantClientAuth());
        createSSLEngine.setSSLParameters(sSLParameters);
        Assert.assertFalse(createSSLEngine.getNeedClientAuth());
        Assert.assertTrue(createSSLEngine.getWantClientAuth());
        sSLParameters.setWantClientAuth(false);
        Assert.assertFalse(createSSLEngine.getNeedClientAuth());
        Assert.assertTrue(createSSLEngine.getWantClientAuth());
        createSSLEngine.setSSLParameters(sSLParameters);
        Assert.assertFalse(createSSLEngine.getNeedClientAuth());
        Assert.assertFalse(createSSLEngine.getWantClientAuth());
        create.close();
    }

    @Test
    public void wrapPreconditions() throws Exception {
        ByteBuffer allocate = ByteBuffer.allocate(10);
        ByteBuffer[] byteBufferArr = {allocate, allocate, allocate};
        ByteBuffer[] byteBufferArr2 = {allocate, allocate, null, allocate};
        try {
            newUnconnectedEngine().wrap(allocate, allocate);
            Assert.fail();
        } catch (IllegalStateException e) {
        }
        try {
            newUnconnectedEngine().wrap(byteBufferArr, allocate);
            Assert.fail();
        } catch (IllegalStateException e2) {
        }
        try {
            newUnconnectedEngine().wrap(byteBufferArr, 0, 1, allocate);
            Assert.fail();
        } catch (IllegalStateException e3) {
        }
        try {
            newConnectedEngine().wrap(allocate, allocate.asReadOnlyBuffer());
            Assert.fail();
        } catch (ReadOnlyBufferException e4) {
        }
        try {
            newConnectedEngine().wrap(byteBufferArr, allocate.asReadOnlyBuffer());
            Assert.fail();
        } catch (ReadOnlyBufferException e5) {
        }
        try {
            newConnectedEngine().wrap(byteBufferArr, 0, 1, allocate.asReadOnlyBuffer());
            Assert.fail();
        } catch (ReadOnlyBufferException e6) {
        }
        try {
            newConnectedEngine().wrap(allocate, (ByteBuffer) null);
            Assert.fail();
        } catch (IllegalArgumentException e7) {
        }
        try {
            newConnectedEngine().wrap(byteBufferArr, (ByteBuffer) null);
            Assert.fail();
        } catch (IllegalArgumentException e8) {
        }
        try {
            newConnectedEngine().wrap(byteBufferArr, 0, 1, null);
            Assert.fail();
        } catch (IllegalArgumentException e9) {
        }
        try {
            newConnectedEngine().wrap((ByteBuffer) null, allocate);
            Assert.fail();
        } catch (IllegalArgumentException e10) {
        }
        try {
            newConnectedEngine().wrap((ByteBuffer[]) null, allocate);
            Assert.fail();
        } catch (IllegalArgumentException e11) {
        }
        try {
            newConnectedEngine().wrap(null, 0, 1, allocate);
            Assert.fail();
        } catch (IllegalArgumentException e12) {
        }
        try {
            newConnectedEngine().wrap(byteBufferArr2, allocate);
            Assert.fail();
        } catch (IllegalArgumentException e13) {
        }
        try {
            newConnectedEngine().wrap(byteBufferArr2, 0, byteBufferArr2.length, allocate);
            Assert.fail();
        } catch (IllegalArgumentException e14) {
        }
        try {
            newConnectedEngine().wrap(byteBufferArr, 0, 7, allocate);
            Assert.fail();
        } catch (IndexOutOfBoundsException e15) {
        }
    }

    @Test
    public void bufferArrayOffsets() throws Exception {
        TestSSLEnginePair create = TestSSLEnginePair.create();
        ByteBuffer allocate = ByteBuffer.allocate(600);
        for (TestUtils.BufferType bufferType : TestUtils.BufferType.values()) {
            ByteBuffer[] newRandomBuffers = bufferType.newRandomBuffers(100, 100, 100, 100, 100);
            for (int i = 0; i < newRandomBuffers.length; i++) {
                for (int i2 = 1; i2 < newRandomBuffers.length - i; i2++) {
                    for (ByteBuffer byteBuffer : newRandomBuffers) {
                        if (byteBuffer.remaining() == 0) {
                            byteBuffer.flip();
                        }
                        Assert.assertEquals(100, byteBuffer.remaining());
                    }
                    byte[] copyDataFromBuffers = copyDataFromBuffers(newRandomBuffers, i, i2);
                    byte[] bArr = new byte[copyDataFromBuffers.length];
                    ByteBuffer wrap = ByteBuffer.wrap(bArr);
                    allocate.clear();
                    create.client.wrap(newRandomBuffers, i, i2, allocate);
                    allocate.flip();
                    create.server.unwrap(allocate, wrap);
                    Assert.assertArrayEquals(copyDataFromBuffers, bArr);
                }
            }
        }
    }

    private byte[] copyDataFromBuffers(ByteBuffer[] byteBufferArr, int i, int i2) {
        int i3 = 0;
        for (int i4 = i; i4 < i + i2; i4++) {
            i3 += byteBufferArr[i4].remaining();
        }
        byte[] bArr = new byte[i3];
        int i5 = 0;
        for (int i6 = i; i6 < i + i2; i6++) {
            ByteBuffer byteBuffer = byteBufferArr[i6];
            int remaining = byteBuffer.remaining();
            byteBuffer.get(bArr, i5, remaining);
            byteBuffer.flip();
            i5 += remaining;
        }
        return bArr;
    }

    private SSLEngine newUnconnectedEngine() {
        return TestSSLContext.create().clientContext.createSSLEngine();
    }

    private SSLEngine newConnectedEngine() throws Exception {
        TestSSLEnginePair create = TestSSLEnginePair.create();
        assertConnected(create);
        return create.client;
    }

    private void assertConnected(TestSSLEnginePair testSSLEnginePair) {
        assertConnected(testSSLEnginePair.client, testSSLEnginePair.server);
    }

    private void assertNotConnected(TestSSLEnginePair testSSLEnginePair) {
        assertNotConnected(testSSLEnginePair.client, testSSLEnginePair.server);
    }

    private void assertConnected(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
        Assert.assertTrue(connected(sSLEngine, sSLEngine2));
    }

    private void assertNotConnected(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
        Assert.assertFalse(connected(sSLEngine, sSLEngine2));
    }

    private boolean connected(SSLEngine sSLEngine, SSLEngine sSLEngine2) {
        return (sSLEngine.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING || sSLEngine2.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING || sSLEngine.getSession() == null || sSLEngine2.getSession() == null || sSLEngine.isInboundDone() || sSLEngine2.isInboundDone() || sSLEngine.isOutboundDone() || sSLEngine2.isOutboundDone()) ? false : true;
    }
}
