package net.corda.nodeapi.internal.crypto;

import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.concurrent.ThreadsKt;
import kotlin.jvm.JvmField;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Ref;
import kotlin.test.AssertionsKt;
import net.corda.core.crypto.CryptoUtils;
import net.corda.core.utilities.KotlinUtilsKt;
import net.corda.core.utilities.Try;
import net.corda.nodeapi.internal.config.CertificateStore;
import net.corda.nodeapi.internal.protonwrapper.netty.SSLHelperKt;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.ThrowableAssert;
import org.jetbrains.annotations.NotNull;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.slf4j.Logger;

/* compiled from: TlsDiffAlgorithmsTest.kt */
@RunWith(Parameterized.class)
@Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��<\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\u0011\n��\n\u0002\u0010\u000b\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0002\b\u0007\u0018�� \u00142\u00020\u0001:\u0001\u0014B+\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0003\u0012\f\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00030\u0006\u0012\u0006\u0010\u0007\u001a\u00020\b¢\u0006\u0002\u0010\tJ\u0018\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0010H\u0002J\b\u0010\u0012\u001a\u00020\u0013H\u0007R\u0016\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00030\u0006X\u0082\u0004¢\u0006\u0004\n\u0002\u0010\nR\u000e\u0010\u0004\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n��R\u0010\u0010\u000b\u001a\u00020\f8\u0006X\u0087\u0004¢\u0006\u0002\n��¨\u0006\u0015"}, d2 = {"Lnet/corda/nodeapi/internal/crypto/TlsDiffAlgorithmsTest;", "", "serverAlgo", "", "clientAlgo", "cipherSuites", "", "shouldFail", "", "(Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;Z)V", "[Ljava/lang/String;", "tempFolder", "Lorg/junit/rules/TemporaryFolder;", "createSslContext", "Ljavax/net/ssl/SSLContext;", "keyStore", "Lnet/corda/nodeapi/internal/config/CertificateStore;", "trustStore", "testClientServerTlsExchange", "", "Companion", "node-api"})
/* loaded from: input_file:net/corda/nodeapi/internal/crypto/TlsDiffAlgorithmsTest.class */
public final class TlsDiffAlgorithmsTest {

    @JvmField
    @Rule
    @NotNull
    public final TemporaryFolder tempFolder;
    private final String serverAlgo;
    private final String clientAlgo;
    private final String[] cipherSuites;
    private final boolean shouldFail;
    public static final Companion Companion = new Companion(null);
    private static final String[] CIPHER_SUITES_ALL = {"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"};
    private static final String[] CIPHER_SUITES_JUST_RSA = {"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"};
    private static final String[] CIPHER_SUITES_JUST_EC = {"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"};
    private static final Logger logger = KotlinUtilsKt.contextLogger(Companion);

    /* compiled from: TlsDiffAlgorithmsTest.kt */
    @Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��(\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u0011\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0010 \n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0014\u0010\u000b\u001a\u000e\u0012\n\u0012\b\u0012\u0004\u0012\u00020\r0\u00040\fH\u0007R\u0016\u0010\u0003\u001a\b\u0012\u0004\u0012\u00020\u00050\u0004X\u0082\u0004¢\u0006\u0004\n\u0002\u0010\u0006R\u0016\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\u00050\u0004X\u0082\u0004¢\u0006\u0004\n\u0002\u0010\u0006R\u0016\u0010\b\u001a\b\u0012\u0004\u0012\u00020\u00050\u0004X\u0082\u0004¢\u0006\u0004\n\u0002\u0010\u0006R\u000e\u0010\t\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n��¨\u0006\u000e"}, d2 = {"Lnet/corda/nodeapi/internal/crypto/TlsDiffAlgorithmsTest$Companion;", "", "()V", "CIPHER_SUITES_ALL", "", "", "[Ljava/lang/String;", "CIPHER_SUITES_JUST_EC", "CIPHER_SUITES_JUST_RSA", "logger", "Lorg/slf4j/Logger;", "data", "", "Ljava/io/Serializable;", "node-api"})
    /* loaded from: input_file:net/corda/nodeapi/internal/crypto/TlsDiffAlgorithmsTest$Companion.class */
    public static final class Companion {
        /* JADX WARN: Multi-variable type inference failed */
        @JvmStatic
        @Parameterized.Parameters(name = "ServerAlgo: {0}, ClientAlgo: {1}, Should fail: {3}")
        @NotNull
        public final List<Serializable[]> data() {
            return CollectionsKt.listOf(new Serializable[]{new Serializable[]{"ec", "ec", (Serializable) TlsDiffAlgorithmsTest.CIPHER_SUITES_ALL, (Serializable) false}, new Serializable[]{"rsa", "rsa", (Serializable) TlsDiffAlgorithmsTest.CIPHER_SUITES_ALL, (Serializable) false}, new Serializable[]{"ec", "rsa", (Serializable) TlsDiffAlgorithmsTest.CIPHER_SUITES_ALL, (Serializable) false}, new Serializable[]{"rsa", "ec", (Serializable) TlsDiffAlgorithmsTest.CIPHER_SUITES_ALL, (Serializable) false}, new Serializable[]{"ec", "ec", (Serializable) TlsDiffAlgorithmsTest.CIPHER_SUITES_JUST_RSA, (Serializable) true}, new Serializable[]{"rsa", "rsa", (Serializable) TlsDiffAlgorithmsTest.CIPHER_SUITES_JUST_RSA, (Serializable) false}, new Serializable[]{"ec", "rsa", (Serializable) TlsDiffAlgorithmsTest.CIPHER_SUITES_JUST_RSA, (Serializable) true}, new Serializable[]{"rsa", "ec", (Serializable) TlsDiffAlgorithmsTest.CIPHER_SUITES_JUST_RSA, (Serializable) false}, new Serializable[]{"ec", "ec", (Serializable) TlsDiffAlgorithmsTest.CIPHER_SUITES_JUST_EC, (Serializable) false}, new Serializable[]{"rsa", "rsa", (Serializable) TlsDiffAlgorithmsTest.CIPHER_SUITES_JUST_EC, (Serializable) true}, new Serializable[]{"ec", "rsa", (Serializable) TlsDiffAlgorithmsTest.CIPHER_SUITES_JUST_EC, (Serializable) false}, new Serializable[]{"rsa", "ec", (Serializable) TlsDiffAlgorithmsTest.CIPHER_SUITES_JUST_EC, (Serializable) true}});
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @Test(timeout = 300000)
    public final void testClientServerTlsExchange() {
        Try failure;
        logger.info("Testing: ServerAlgo: " + this.serverAlgo + ", ClientAlgo: " + this.clientAlgo + ", Suites: " + ArraysKt.toList(this.cipherSuites) + ", Should fail: " + this.shouldFail);
        CertificateStore fromResource$default = CertificateStore.Companion.fromResource$default(CertificateStore.Companion, "net/corda/nodeapi/internal/crypto/keystores/trust.jks", "trustpass", "trustpass", (ClassLoader) null, 8, (Object) null);
        X509Certificate certificate = fromResource$default.getValue().getCertificate("root");
        CertificateStore fromResource$default2 = CertificateStore.Companion.fromResource$default(CertificateStore.Companion, "net/corda/nodeapi/internal/crypto/keystores/float_" + this.serverAlgo + ".jks", "floatpass", "floatpass", (ClassLoader) null, 8, (Object) null);
        CertificateAndKeyPair certificateAndKeyPair = fromResource$default2.getValue().getCertificateAndKeyPair("floatcert", "floatpass");
        CertificateStore fromResource$default3 = CertificateStore.Companion.fromResource$default(CertificateStore.Companion, "net/corda/nodeapi/internal/crypto/keystores/bridge_" + this.clientAlgo + ".jks", "bridgepass", "bridgepass", (ClassLoader) null, 8, (Object) null);
        SSLServerSocketFactory serverSocketFactory = createSslContext(fromResource$default2, fromResource$default).getServerSocketFactory();
        SSLSocketFactory socketFactory = createSslContext(fromResource$default3, fromResource$default).getSocketFactory();
        ServerSocket createServerSocket = serverSocketFactory.createServerSocket(0);
        if (createServerSocket == null) {
            throw new TypeCastException("null cannot be cast to non-null type javax.net.ssl.SSLServerSocket");
        }
        final SSLServerSocket sSLServerSocket = (SSLServerSocket) createServerSocket;
        SSLParameters sSLParameters = new SSLParameters(this.cipherSuites, new String[]{"TLSv1.2"});
        sSLParameters.setWantClientAuth(true);
        sSLParameters.setNeedClientAuth(true);
        sSLParameters.setEndpointIdentificationAlgorithm((String) null);
        sSLServerSocket.setSSLParameters(sSLParameters);
        sSLServerSocket.setUseClientMode(false);
        Socket createSocket = socketFactory.createSocket();
        if (createSocket == null) {
            throw new TypeCastException("null cannot be cast to non-null type javax.net.ssl.SSLSocket");
        }
        SSLSocket sSLSocket = (SSLSocket) createSocket;
        SSLParameters sSLParameters2 = new SSLParameters(this.cipherSuites, new String[]{"TLSv1.2"});
        sSLParameters2.setEndpointIdentificationAlgorithm((String) null);
        sSLSocket.setSSLParameters(sSLParameters2);
        sSLSocket.setUseClientMode(true);
        sSLSocket.bind(new InetSocketAddress(InetAddress.getLocalHost(), 0));
        final Object obj = new Object();
        final Ref.BooleanRef booleanRef = new Ref.BooleanRef();
        booleanRef.element = false;
        final Ref.BooleanRef booleanRef2 = new Ref.BooleanRef();
        booleanRef2.element = false;
        final String str = "Hello World";
        Thread thread$default = ThreadsKt.thread$default(false, false, (ClassLoader) null, (String) null, 0, new Function0<Unit>() { // from class: net.corda.nodeapi.internal.crypto.TlsDiffAlgorithmsTest$testClientServerTlsExchange$serverThread$1
            public /* bridge */ /* synthetic */ Object invoke() {
                m31invoke();
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final void m31invoke() {
                try {
                    Socket accept = sSLServerSocket.accept();
                    Intrinsics.checkExpressionValueIsNotNull(accept, "sslServerSocket");
                    AssertionsKt.assertTrue$default(accept.isConnected(), (String) null, 2, (Object) null);
                    AssertionsKt.assertEquals$default(str, new DataInputStream(accept.getInputStream()).readUTF(), (String) null, 4, (Object) null);
                    synchronized (obj) {
                        booleanRef.element = true;
                        obj.notifyAll();
                        Unit unit = Unit.INSTANCE;
                    }
                    accept.close();
                } catch (Exception e) {
                    booleanRef2.element = true;
                }
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        }, 31, (Object) null);
        sSLSocket.connect(new InetSocketAddress(InetAddress.getLocalHost(), sSLServerSocket.getLocalPort()));
        AssertionsKt.assertTrue$default(sSLSocket.isConnected(), (String) null, 2, (Object) null);
        Try.Companion companion = Try.Companion;
        try {
            SSLSession session = sSLSocket.getSession();
            Intrinsics.checkExpressionValueIsNotNull(session, "clientSocket.session");
            Certificate[] peerCertificates = session.getPeerCertificates();
            Intrinsics.checkExpressionValueIsNotNull(peerCertificates, "clientSocket.session.peerCertificates");
            failure = (Try) new Try.Success(X509UtilitiesKt.getX509(peerCertificates));
        } catch (Throwable th) {
            failure = new Try.Failure(th);
        }
        final Try r0 = failure;
        AssertionsKt.assertEquals$default(Boolean.valueOf(!this.shouldFail), Boolean.valueOf(r0.isSuccess()), (String) null, 4, (Object) null);
        if (!(r0 instanceof Try.Success)) {
            if (r0 instanceof Try.Failure) {
                Assertions.assertThatThrownBy(new ThrowableAssert.ThrowingCallable() { // from class: net.corda.nodeapi.internal.crypto.TlsDiffAlgorithmsTest$testClientServerTlsExchange$4
                    public final void call() {
                        r0.getOrThrow();
                    }
                }).isInstanceOf(SSLPeerUnverifiedException.class);
                sSLSocket.close();
                sSLServerSocket.close();
                thread$default.interrupt();
                return;
            }
            return;
        }
        List list = (List) r0.getOrThrow();
        AssertionsKt.assertEquals$default(certificateAndKeyPair.getCertificate().getSubjectX500Principal(), ((X509Certificate) list.get(0)).getSubjectX500Principal(), (String) null, 4, (Object) null);
        X509Utilities.INSTANCE.validateCertificateChain(certificate, list);
        new DataOutputStream(sSLSocket.getOutputStream()).writeUTF("Hello World");
        int i = 0;
        synchronized (obj) {
            while (!booleanRef.element) {
                i++;
                if (i > 10) {
                    throw new IOException("Timed out waiting for server to complete");
                }
                obj.wait(1000L);
            }
            Unit unit = Unit.INSTANCE;
        }
        sSLSocket.close();
        thread$default.join(1000L);
        AssertionsKt.assertFalse$default((String) null, new Function0<Boolean>() { // from class: net.corda.nodeapi.internal.crypto.TlsDiffAlgorithmsTest$testClientServerTlsExchange$3
            public /* bridge */ /* synthetic */ Object invoke() {
                return Boolean.valueOf(m30invoke());
            }

            /* renamed from: invoke, reason: collision with other method in class */
            public final boolean m30invoke() {
                return booleanRef2.element;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        }, 1, (Object) null);
        sSLServerSocket.close();
        AssertionsKt.assertTrue$default(booleanRef.element, (String) null, 2, (Object) null);
    }

    private final SSLContext createSslContext(CertificateStore certificateStore, CertificateStore certificateStore2) {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        Intrinsics.checkExpressionValueIsNotNull(keyManagerFactory, "keyManagerFactory");
        SSLHelperKt.init(keyManagerFactory, certificateStore);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        Intrinsics.checkExpressionValueIsNotNull(trustManagerFactory, "trustMgrFactory");
        SSLHelperKt.init(trustManagerFactory, certificateStore2);
        sSLContext.init(keyManagers, trustManagerFactory.getTrustManagers(), CryptoUtils.newSecureRandom());
        Intrinsics.checkExpressionValueIsNotNull(sSLContext, "SSLContext.getInstance(\"…SecureRandom())\n        }");
        return sSLContext;
    }

    public TlsDiffAlgorithmsTest(@NotNull String str, @NotNull String str2, @NotNull String[] strArr, boolean z) {
        Intrinsics.checkParameterIsNotNull(str, "serverAlgo");
        Intrinsics.checkParameterIsNotNull(str2, "clientAlgo");
        Intrinsics.checkParameterIsNotNull(strArr, "cipherSuites");
        this.serverAlgo = str;
        this.clientAlgo = str2;
        this.cipherSuites = strArr;
        this.shouldFail = z;
        this.tempFolder = new TemporaryFolder();
    }

    @JvmStatic
    @Parameterized.Parameters(name = "ServerAlgo: {0}, ClientAlgo: {1}, Should fail: {3}")
    @NotNull
    public static final List<Serializable[]> data() {
        return Companion.data();
    }
}
