package org.wildfly.security.ssl;

import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.SocketException;
import java.net.URI;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.Principal;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.Locale;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.MiscPEMGenerator;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.io.pem.PemWriter;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.client.AuthenticationContext;
import org.wildfly.security.auth.client.AuthenticationContextConfigurationClient;
import org.wildfly.security.auth.realm.KeyStoreBackedSecurityRealm;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
import org.wildfly.security.permission.PermissionVerifier;
import org.wildfly.security.ssl.test.util.CAGenerationTool;
import org.wildfly.security.x500.GeneralName;
import org.wildfly.security.x500.cert.AccessDescription;
import org.wildfly.security.x500.cert.AuthorityInformationAccessExtension;
import org.wildfly.security.x500.cert.ExtendedKeyUsageExtension;
import org.wildfly.security.x500.cert.X509CertificateExtension;
import org.wildfly.security.x500.principal.X500AttributePrincipalDecoder;

/* loaded from: input_file:org/wildfly/security/ssl/SSLAuthenticationTest.class */
public class SSLAuthenticationTest {
    private static final int OCSP_PORT = 4854;
    private final int TESTING_PORT = 18201;
    private static X509Certificate ocspResponderCertificate;
    private static final boolean IS_IBM = System.getProperty("java.vendor").contains("IBM");
    private static final char[] PASSWORD = "Elytron".toCharArray();
    private static final String CA_CRL_LOCATION = "./target/test-classes/ca/crl";
    private static final File WORKING_DIR_CACRL = new File(CA_CRL_LOCATION);
    private static final String ICA_CRL_LOCATION = "./target/test-classes/ica/crl";
    private static final File WORKING_DIR_ICACRL = new File(ICA_CRL_LOCATION);
    private static final String JKS_LOCATION = "./target/test-classes/jks";
    private static final File SHORTWINGED_FILE = new File(JKS_LOCATION, "shortwinged.keystore");
    private static final File CA_BLANK_PEM_CRL = new File(WORKING_DIR_CACRL, "blank.pem");
    private static final File ICA_BLANK_PEM_CRL = new File(WORKING_DIR_ICACRL, "blank.pem");
    private static final File BLANK_BLANK_PEM_CRL = new File(WORKING_DIR_ICACRL, "blank-blank.pem");
    private static final File FIREFLY_REVOKED_PEM_CRL = new File(WORKING_DIR_CACRL, "firefly-revoked.pem");
    private static final File ICA_REVOKED_PEM_CRL = new File(WORKING_DIR_CACRL, "ica-revoked.pem");
    private static final File ROVE_REVOKED_PEM_CRL = new File(WORKING_DIR_ICACRL, "rove-revoked.pem");
    private static CAGenerationTool caGenerationTool = null;
    private static TestingOcspServer ocspServer = null;

    private static X509ExtendedKeyManager getKeyManager(String str) throws Exception {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(IS_IBM ? "IbmX509" : "SunX509");
        keyManagerFactory.init(createKeyStore(str), PASSWORD);
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509ExtendedKeyManager) {
                return (X509ExtendedKeyManager) keyManager;
            }
        }
        throw new IllegalStateException("Unable to obtain X509ExtendedKeyManager.");
    }

    private static TrustManagerFactory getTrustManagerFactory() throws Exception {
        return TrustManagerFactory.getInstance("PKIX");
    }

    private static X509TrustManager getCATrustManager() throws Exception {
        TrustManagerFactory trustManagerFactory = getTrustManagerFactory();
        trustManagerFactory.init(createKeyStore("/jks/ca.truststore"));
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("Unable to obtain X509TrustManager.");
    }

    private static KeyStore createKeyStore() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        return keyStore;
    }

    private static KeyStore createKeyStore(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("jks");
        InputStream resourceAsStream = SSLAuthenticationTest.class.getResourceAsStream(str);
        try {
            keyStore.load(resourceAsStream, PASSWORD);
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static void createTemporaryKeyStoreFile(KeyStore keyStore, File file, char[] cArr) throws Exception {
        if (!file.exists()) {
            file.createNewFile();
        }
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            keyStore.store(fileOutputStream, cArr);
            fileOutputStream.close();
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static SecurityDomain getKeyStoreBackedSecurityDomain(String str) throws Exception {
        return SecurityDomain.builder().addRealm("KeystoreRealm", new KeyStoreBackedSecurityRealm(createKeyStore(str))).build().setDefaultRealmName("KeystoreRealm").setPrincipalDecoder(new X500AttributePrincipalDecoder("2.5.4.3", 1)).setPreRealmRewriter(str2 -> {
            return str2.toLowerCase(Locale.ENGLISH);
        }).setPermissionMapper((permissionMappable, roles) -> {
            return PermissionVerifier.ALL;
        }).build();
    }

    @BeforeClass
    public static void beforeTest() throws Exception {
        WORKING_DIR_CACRL.mkdirs();
        WORKING_DIR_ICACRL.mkdirs();
        caGenerationTool = CAGenerationTool.builder().setBaseDir(JKS_LOCATION).setRequestIdentities(CAGenerationTool.Identity.values()).build();
        Security.addProvider(new BouncyCastleProvider());
        ocspResponderCertificate = caGenerationTool.createIdentity("ocspResponder", new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=OcspResponder"), "ocsp-responder.keystore", CAGenerationTool.Identity.CA, new X509CertificateExtension[]{new ExtendedKeyUsageExtension(false, Collections.singletonList("1.3.6.1.5.5.7.3.9"))});
        X509Certificate createIdentity = caGenerationTool.createIdentity("checked", new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedGood"), "ocsp-checked-good.keystore", CAGenerationTool.Identity.INTERMEDIATE, new X509CertificateExtension[]{new AuthorityInformationAccessExtension(Collections.singletonList(new AccessDescription("1.3.6.1.5.5.7.48.1", new GeneralName.URIName("http://localhost:4854/ocsp"))))});
        X509Certificate createIdentity2 = caGenerationTool.createIdentity("checked", new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedRevoked"), "ocsp-checked-revoked.keystore", CAGenerationTool.Identity.CA, new X509CertificateExtension[]{new AuthorityInformationAccessExtension(Collections.singletonList(new AccessDescription("1.3.6.1.5.5.7.48.1", new GeneralName.URIName("http://localhost:4854/ocsp"))))});
        X509Certificate createIdentity3 = caGenerationTool.createIdentity("checked", new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=ocspCheckedUnknown"), "ocsp-checked-unknown.keystore", CAGenerationTool.Identity.CA, new X509CertificateExtension[]{new AuthorityInformationAccessExtension(Collections.singletonList(new AccessDescription("1.3.6.1.5.5.7.48.1", new GeneralName.URIName("http://localhost:4854/ocsp"))))});
        KeyStore createKeyStore = createKeyStore("/jks/beetles.keystore");
        createKeyStore.setCertificateEntry("ocspResponder", ocspResponderCertificate);
        createKeyStore.setCertificateEntry("ocspCheckedGood", createIdentity);
        createKeyStore.setCertificateEntry("ocspCheckedRevoked", createIdentity2);
        createKeyStore.setCertificateEntry("ocspCheckedUnknown", createIdentity3);
        createTemporaryKeyStoreFile(createKeyStore, new File(JKS_LOCATION, "beetles.keystore"), PASSWORD);
        KeyStore createKeyStore2 = createKeyStore();
        createKeyStore2.setCertificateEntry("rove", caGenerationTool.getCertificate(CAGenerationTool.Identity.ROVE));
        createTemporaryKeyStoreFile(createKeyStore2, SHORTWINGED_FILE, PASSWORD);
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(1, 1);
        Date time2 = calendar.getTime();
        calendar.add(1, -1);
        calendar.add(13, -30);
        Date time3 = calendar.getTime();
        X509CRLHolder build = new X509v2CRLBuilder(convertSunStyleToBCStyle(caGenerationTool.getCertificate(CAGenerationTool.Identity.CA).getSubjectDN()), time).setNextUpdate(time2).build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(caGenerationTool.getPrivateKey(CAGenerationTool.Identity.CA)));
        X509CRLHolder build2 = new X509v2CRLBuilder(convertSunStyleToBCStyle(caGenerationTool.getCertificate(CAGenerationTool.Identity.INTERMEDIATE).getSubjectDN()), time).setNextUpdate(time2).build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(caGenerationTool.getPrivateKey(CAGenerationTool.Identity.INTERMEDIATE)));
        X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(convertSunStyleToBCStyle(caGenerationTool.getCertificate(CAGenerationTool.Identity.CA).getSubjectDN()), time);
        x509v2CRLBuilder.addCRLEntry(caGenerationTool.getCertificate(CAGenerationTool.Identity.FIREFLY).getSerialNumber(), time3, 0);
        X509CRLHolder build3 = x509v2CRLBuilder.setNextUpdate(time2).build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(caGenerationTool.getPrivateKey(CAGenerationTool.Identity.CA)));
        X509v2CRLBuilder x509v2CRLBuilder2 = new X509v2CRLBuilder(convertSunStyleToBCStyle(caGenerationTool.getCertificate(CAGenerationTool.Identity.CA).getSubjectDN()), time);
        x509v2CRLBuilder2.addCRLEntry(caGenerationTool.getCertificate(CAGenerationTool.Identity.INTERMEDIATE).getSerialNumber(), time3, 0);
        X509CRLHolder build4 = x509v2CRLBuilder2.setNextUpdate(time2).build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(caGenerationTool.getPrivateKey(CAGenerationTool.Identity.CA)));
        X509CRLHolder build5 = new X509v2CRLBuilder(convertSunStyleToBCStyle(caGenerationTool.getCertificate(CAGenerationTool.Identity.INTERMEDIATE).getSubjectDN()), time).setNextUpdate(time2).build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(caGenerationTool.getPrivateKey(CAGenerationTool.Identity.INTERMEDIATE)));
        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(new FileOutputStream(CA_BLANK_PEM_CRL)));
        PemWriter pemWriter2 = new PemWriter(new OutputStreamWriter(new FileOutputStream(ICA_BLANK_PEM_CRL)));
        PemWriter pemWriter3 = new PemWriter(new OutputStreamWriter(new FileOutputStream(BLANK_BLANK_PEM_CRL)));
        PemWriter pemWriter4 = new PemWriter(new OutputStreamWriter(new FileOutputStream(FIREFLY_REVOKED_PEM_CRL)));
        PemWriter pemWriter5 = new PemWriter(new OutputStreamWriter(new FileOutputStream(ICA_REVOKED_PEM_CRL)));
        PemWriter pemWriter6 = new PemWriter(new OutputStreamWriter(new FileOutputStream(ROVE_REVOKED_PEM_CRL)));
        pemWriter.writeObject(new MiscPEMGenerator(build));
        pemWriter2.writeObject(new MiscPEMGenerator(build2));
        pemWriter3.writeObject(new MiscPEMGenerator(build2));
        pemWriter3.writeObject(new MiscPEMGenerator(build));
        pemWriter4.writeObject(new MiscPEMGenerator(build3));
        pemWriter5.writeObject(new MiscPEMGenerator(build4));
        pemWriter6.writeObject(new MiscPEMGenerator(build5));
        pemWriter6.writeObject(new MiscPEMGenerator(build2));
        pemWriter6.writeObject(new MiscPEMGenerator(build));
        pemWriter.close();
        pemWriter2.close();
        pemWriter3.close();
        pemWriter4.close();
        pemWriter5.close();
        pemWriter6.close();
        ocspServer = new TestingOcspServer(OCSP_PORT);
        ocspServer.createIssuer(1, caGenerationTool.getCertificate(CAGenerationTool.Identity.CA));
        ocspServer.createIssuer(2, caGenerationTool.getCertificate(CAGenerationTool.Identity.INTERMEDIATE));
        ocspServer.createCertificate(1, 1, caGenerationTool.getCertificate(CAGenerationTool.Identity.INTERMEDIATE));
        ocspServer.createCertificate(2, 2, createIdentity);
        ocspServer.createCertificate(3, 1, createIdentity2);
        ocspServer.revokeCertificate(3, 4);
        ocspServer.start();
    }

    private static X500Name convertSunStyleToBCStyle(Principal principal) {
        String name = principal.getName();
        String[] split = name.split(", ");
        StringBuilder sb = new StringBuilder(name.length());
        sb.append(split[split.length - 1]);
        for (int length = split.length - 2; length >= 0; length--) {
            sb.append(',');
            sb.append(split[length]);
        }
        return new X500Name(sb.toString());
    }

    @AfterClass
    public static void afterTest() throws Exception {
        if (ocspServer != null) {
            ocspServer.stop();
        }
        SHORTWINGED_FILE.delete();
        CA_BLANK_PEM_CRL.delete();
        ICA_BLANK_PEM_CRL.delete();
        BLANK_BLANK_PEM_CRL.delete();
        FIREFLY_REVOKED_PEM_CRL.delete();
        ICA_REVOKED_PEM_CRL.delete();
        ROVE_REVOKED_PEM_CRL.delete();
        WORKING_DIR_CACRL.delete();
        WORKING_DIR_ICACRL.delete();
        caGenerationTool.close();
        Security.removeProvider(new BouncyCastleProvider().getName());
    }

    @Test
    public void testOneWay() throws Throwable {
        performConnectionTest((SSLContext) new SSLContextBuilder().setKeyManager(getKeyManager("/jks/firefly.keystore")).build().create(), "protocol://test-one-way.org", true, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Firefly", null, true);
    }

    @Test
    public void testCrlBlank() throws Throwable {
        performConnectionTest((SSLContext) new SSLContextBuilder().setKeyManager(getKeyManager("/jks/firefly.keystore")).build().create(), "protocol://test-one-way-crl.org", true, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Firefly", null, true);
    }

    @Test
    public void testServerRevoked() throws Throwable {
        performConnectionTest((SSLContext) new SSLContextBuilder().setKeyManager(getKeyManager("/jks/firefly.keystore")).build().create(), "protocol://test-one-way-firefly-revoked.org", false, null, null, true);
    }

    @Test
    public void testServerIcaRevoked() throws Throwable {
        performConnectionTest((SSLContext) new SSLContextBuilder().setKeyManager(getKeyManager("/jks/rove.keystore")).build().create(), "protocol://test-one-way-ica-revoked.org", false, null, null, true);
    }

    @Test
    public void testCRLMaxCertPathSucceeds() throws Throwable {
        performConnectionTest((SSLContext) new SSLContextBuilder().setKeyManager(getKeyManager("/jks/rove.keystore")).build().create(), "protocol://test-one-way-max-cert-path.org", true, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Rove", null, true);
    }

    @Test
    public void testCRLMaxCertPathFails() throws Throwable {
        performConnectionTest((SSLContext) new SSLContextBuilder().setKeyManager(getKeyManager("/jks/rove.keystore")).build().create(), "protocol://test-one-way-max-cert-path-failure.org", false, null, null, true);
    }

    @Test
    public void testTwoWay() throws Throwable {
        performConnectionTest((SSLContext) new SSLContextBuilder().setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")).setKeyManager(getKeyManager("/jks/scarab.keystore")).setTrustManager(getCATrustManager()).setNeedClientAuth(true).build().create(), "protocol://test-two-way.org", true, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Scarab", "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Ladybird", false);
    }

    @Test
    public void testTwoWayIca() throws Throwable {
        performConnectionTest((SSLContext) new SSLContextBuilder().setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/shortwinged.keystore")).setKeyManager(getKeyManager("/jks/scarab.keystore")).setTrustManager(getCATrustManager()).setNeedClientAuth(true).build().create(), "protocol://test-two-way-ica.org", true, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Scarab", "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Rove", false);
    }

    @Test
    public void testAcceptedIssuersConfiguredWithCRL() throws Throwable {
        Assert.assertTrue(X509RevocationTrustManager.builder().setTrustManagerFactory(getTrustManagerFactory()).setTrustStore(createKeyStore("/jks/ca.truststore")).setCrlStream(new FileInputStream("./target/test-classes/ica/crl/blank-blank.pem")).setPreferCrls(true).setNoFallback(true).build().getAcceptedIssuers().length > 0);
    }

    @Test
    public void testOcspGood() throws Throwable {
        performConnectionTest((SSLContext) new SSLContextBuilder().setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")).setKeyManager(getKeyManager("/jks/scarab.keystore")).setTrustManager(X509RevocationTrustManager.builder().setTrustManagerFactory(getTrustManagerFactory()).setTrustStore(createKeyStore("/jks/ca.truststore")).setOcspResponderCert(ocspResponderCertificate).build()).setNeedClientAuth(true).build().create(), "protocol://test-two-way-ocsp-good.org", true, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Scarab", "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=ocspCheckedGood", false);
    }

    @Test
    public void testOcspMaxCertPathNeg1() throws Throwable {
        ocspMaxCertPathCommon(-1, false);
    }

    @Test
    public void testOcspMaxCertPath0() throws Throwable {
        ocspMaxCertPathCommon(0, false);
    }

    @Test
    public void testOcspMaxCertPathTooLong() throws Throwable {
        ocspMaxCertPathCommon(1, false);
    }

    @Test
    public void testOcspMaxCertPathOkay() throws Throwable {
        ocspMaxCertPathCommon(2, true);
    }

    private void ocspMaxCertPathCommon(int i, boolean z) throws Throwable {
        performConnectionTest((SSLContext) new SSLContextBuilder().setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore")).setKeyManager(getKeyManager("/jks/scarab.keystore")).setTrustManager(X509RevocationTrustManager.builder().setTrustManagerFactory(getTrustManagerFactory()).setTrustStore(createKeyStore("/jks/ca.truststore")).setOcspResponderCert(ocspResponderCertificate).setMaxCertPath(i).build()).setNeedClientAuth(true).build().create(), "protocol://test-two-way-ocsp-good.org", z, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Scarab", "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=ocspCheckedGood", false);
    }

    @Test
    public void testClientSideOcsp() throws Throwable {
        SSLContext sSLContext = (SSLContext) new SSLContextBuilder().setKeyManager(getKeyManager("/jks/ocsp-checked-good.keystore")).build().create();
        SSLContext sSLContext2 = (SSLContext) new SSLContextBuilder().setKeyManager(getKeyManager("/jks/ocsp-checked-revoked.keystore")).build().create();
        SSLContext sSLContext3 = (SSLContext) new SSLContextBuilder().setTrustManager(X509RevocationTrustManager.builder().setTrustManagerFactory(getTrustManagerFactory()).setTrustStore(createKeyStore("/jks/ca.truststore")).setOcspResponderCert(ocspResponderCertificate).build()).setClientMode(true).build().create();
        testCommunication(sSLContext, sSLContext3, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=ocspCheckedGood", null, true);
        try {
            testCommunication(sSLContext2, sSLContext3, null, null, true);
            org.junit.Assert.fail("Expected SSLHandshakeException not thrown");
        } catch (SSLHandshakeException e) {
        }
    }

    private void performConnectionTest(SSLContext sSLContext, String str, boolean z, String str2, String str3, boolean z2) throws Throwable {
        System.setProperty("wildfly.config.url", SSLAuthenticationTest.class.getResource("wildfly-ssl-test-config-v1_1.xml").toExternalForm());
        AccessController.doPrivileged(() -> {
            return Integer.valueOf(Security.insertProviderAt(WildFlyElytronPasswordProvider.getInstance(), 1));
        });
        try {
            try {
                testCommunication(sSLContext, ((AuthenticationContextConfigurationClient) AccessController.doPrivileged(AuthenticationContextConfigurationClient.ACTION)).getSSLContext(URI.create(str), AuthenticationContext.getContextManager().get()), str2, str3, z2);
                if (!z) {
                    org.junit.Assert.fail("Expected SSLHandshakeException not thrown");
                }
                System.clearProperty("wildfly.config.url");
                Security.removeProvider(WildFlyElytronPasswordProvider.getInstance().getName());
            } catch (SocketException | SSLHandshakeException e) {
                if (z) {
                    throw new IllegalStateException("Unexpected SSLHandshakeException", e);
                }
                System.clearProperty("wildfly.config.url");
                Security.removeProvider(WildFlyElytronPasswordProvider.getInstance().getName());
            } catch (SSLException e2) {
                if (z) {
                    throw new IllegalStateException("Unexpected SSLException", e2);
                }
                if (e2.getCause() instanceof SocketException) {
                }
                System.clearProperty("wildfly.config.url");
                Security.removeProvider(WildFlyElytronPasswordProvider.getInstance().getName());
            }
        } catch (Throwable th) {
            System.clearProperty("wildfly.config.url");
            Security.removeProvider(WildFlyElytronPasswordProvider.getInstance().getName());
            throw th;
        }
    }

    private void testCommunication(SSLContext sSLContext, SSLContext sSLContext2, String str, String str2, boolean z) throws Throwable {
        ServerSocket createServerSocket = sSLContext.getServerSocketFactory().createServerSocket();
        createServerSocket.bind(new InetSocketAddress("localhost", 18201));
        SSLSocket sSLSocket = (SSLSocket) sSLContext2.getSocketFactory().createSocket("localhost", 18201);
        SSLSocket sSLSocket2 = (SSLSocket) createServerSocket.accept();
        Future submit = Executors.newSingleThreadExecutor().submit(() -> {
            try {
                byte[] bArr = new byte[2];
                sSLSocket2.getInputStream().read(bArr);
                sSLSocket2.getOutputStream().write(new byte[]{86, 120});
                if (str2 != null) {
                    org.junit.Assert.assertEquals(str2, sSLSocket2.getSession().getPeerPrincipal().getName());
                }
                SecurityIdentity securityIdentity = (SecurityIdentity) sSLSocket2.getSession().getValue("org.wildfly.security.ssl.identity");
                if (z) {
                    org.junit.Assert.assertNull(securityIdentity);
                } else {
                    org.junit.Assert.assertNotNull(securityIdentity);
                }
                return bArr;
            } catch (Exception e) {
                throw new RuntimeException("Server exception", e);
            }
        });
        Future submit2 = Executors.newSingleThreadExecutor().submit(() -> {
            try {
                byte[] bArr = new byte[2];
                sSLSocket.getOutputStream().write(new byte[]{18, 52});
                sSLSocket.getInputStream().read(bArr);
                if (str != null) {
                    org.junit.Assert.assertEquals(str, sSLSocket.getSession().getPeerPrincipal().getName());
                }
                if (z) {
                    org.junit.Assert.assertFalse(sSLSocket.getSession().getProtocol().equals("TLSv1.3"));
                } else {
                    org.junit.Assert.assertFalse(sSLSocket2.getSession().getProtocol().equals("TLSv1.3"));
                    org.junit.Assert.assertFalse(sSLSocket.getSession().getProtocol().equals("TLSv1.3"));
                }
                return bArr;
            } catch (Exception e) {
                throw new RuntimeException("Client exception", e);
            }
        });
        try {
            try {
                org.junit.Assert.assertArrayEquals(new byte[]{18, 52}, (byte[]) submit.get());
                org.junit.Assert.assertArrayEquals(new byte[]{86, 120}, (byte[]) submit2.get());
                safeClose(sSLSocket2);
                safeClose(sSLSocket);
                safeClose(createServerSocket);
            } catch (ExecutionException e) {
                if (e.getCause() != null && (e.getCause() instanceof RuntimeException) && e.getCause().getCause() != null) {
                    throw e.getCause().getCause();
                }
                throw e;
            }
        } catch (Throwable th) {
            safeClose(sSLSocket2);
            safeClose(sSLSocket);
            safeClose(createServerSocket);
            throw th;
        }
    }

    private void safeClose(Closeable closeable) {
        try {
            closeable.close();
        } catch (Exception e) {
        }
    }
}
