"net"
	"runtime"
	"strconv"
	"strings"
	"sync/atomic"
	"testing"
	"time"

	"github.com/minio/minio-go/v7/pkg/set"
)

var serverPort uint32 = 60000

var getCert = func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
	certificate, err := getTLSCert()
	if err != nil {
		return nil, err
	}
	return &certificate, nil
}

func getTLSCert() (tls.Certificate, error) {

		if s.DisableALPN {
			nextProtos = nil
		}
		config := &tls.Config{
			Certificates: []tls.Certificate{cert},
			NextProtos:   nextProtos,
			GetConfigForClient: func(info *tls.ClientHelloInfo) (*tls.Config, error) {
				// There isn't a way to pass through all ALPNs presented by the client down to the
				// HTTP server to return in the response. However, for debugging, we can at least log

pkg compress/lzw, type Reader struct
pkg compress/lzw, type Writer struct
pkg crypto/tls, method (*CertificateRequestInfo) Context() context.Context
pkg crypto/tls, method (*ClientHelloInfo) Context() context.Context
pkg crypto/tls, method (*Conn) HandshakeContext(context.Context) error
pkg database/sql, method (*NullByte) Scan(interface{}) error
pkg database/sql, method (*NullInt16) Scan(interface{}) error

	const value = "value"
	ctx := context.WithValue(context.Background(), key, value)
	config := testConfig.Clone()
	config.MinVersion = VersionTLS13
	calls := 0
	config.GetConfigForClient = func(info *ClientHelloInfo) (*Config, error) {
		calls++
		got, _ := info.Context().Value(key).(string)
		if got != value {
			t.Errorf("GetConfigForClient context key %q has value %q, want %q", key, got, value)
		}
		return nil, nil

	if len(hs.clientHello.supportedSignatureAlgorithms) == 0 {
		return c.sendAlert(alertMissingExtension)
	}

	certificate, err := c.config.getCertificate(clientHelloInfo(hs.ctx, c, hs.clientHello))
	if err != nil {
		if err == errNoCertificates {
			c.sendAlert(alertUnrecognizedName)
		} else {
			c.sendAlert(alertInternalError)
		}
		return err
	}

		{"Client", Func, 0},
		{"ClientAuthType", Type, 0},
		{"ClientHelloInfo", Type, 4},
		{"ClientHelloInfo.CipherSuites", Field, 4},
		{"ClientHelloInfo.Conn", Field, 8},
		{"ClientHelloInfo.ServerName", Field, 4},
		{"ClientHelloInfo.SignatureSchemes", Field, 8},
		{"ClientHelloInfo.SupportedCurves", Field, 4},
		{"ClientHelloInfo.SupportedPoints", Field, 4},
		{"ClientHelloInfo.SupportedProtos", Field, 8},

}

// getIstiodCertificate returns the istiod certificate, used in GetCertificate hook.
func (s *Server) getIstiodCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error) {
	s.certMu.RLock()
	defer s.certMu.RUnlock()
	if s.istiodCert != nil {
		return s.istiodCert, nil
	}
	return nil, fmt.Errorf("cert not initialized")
}

		})
	}
}

func testTLS13OnlyClientHelloCipherSuite(t *testing.T, ciphers []uint16) {
	serverConfig := &Config{
		Certificates: testConfig.Certificates,
		GetConfigForClient: func(chi *ClientHelloInfo) (*Config, error) {
			if len(chi.CipherSuites) != len(defaultCipherSuitesTLS13NoAES) {
				t.Errorf("only TLS 1.3 suites should be advertised, got=%x", chi.CipherSuites)
			} else {

	cert, err := tls.X509KeyPair(testcert.LocalhostCert, testcert.LocalhostKey)
	if err != nil {
		t.Fatal(err)
	}
	testAutomaticHTTP2_ListenAndServe(t, &tls.Config{
		GetCertificate: func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
			return &cert, nil
		},
	})
}

func TestAutomaticHTTP2_ListenAndServe_GetConfigForClient(t *testing.T) {

				return nil, fmt.Errorf("failed to initialize file based certificate manager: %w", err)
			}
		}

		if klet.serverCertificateManager != nil {
			kubeDeps.TLSOptions.Config.GetCertificate = func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
				cert := klet.serverCertificateManager.Current()
				if cert == nil {
					return nil, fmt.Errorf("no serving certificate available for the kubelet")
				}
				return cert, nil