package com.android.org.conscrypt.javax.net.ssl;

import com.android.org.conscrypt.Conscrypt;
import com.android.org.conscrypt.java.security.StandardNames;
import com.android.org.conscrypt.java.security.TestKeyStore;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
import tests.util.ServiceTester;

@RunWith(JUnit4.class)
/* loaded from: input_file:com/android/org/conscrypt/javax/net/ssl/TrustManagerFactoryTest.class */
public class TrustManagerFactoryTest {
    private static final String[] KEY_TYPES = {"RSA", "DSA", "EC", "EC_RSA"};
    private static TestKeyStore TEST_KEY_STORE;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/org/conscrypt/javax/net/ssl/TrustManagerFactoryTest$UselessManagerFactoryParameters.class */
    public static class UselessManagerFactoryParameters implements ManagerFactoryParameters {
        private UselessManagerFactoryParameters() {
        }
    }

    private static TestKeyStore getTestKeyStore() throws Exception {
        if (TEST_KEY_STORE == null) {
            TEST_KEY_STORE = new TestKeyStore.Builder().keyAlgorithms(KEY_TYPES).aliasPrefix("rsa-dsa-ec").build();
        }
        return TEST_KEY_STORE;
    }

    private static boolean supportsManagerFactoryParameters(TrustManagerFactory trustManagerFactory) {
        return StandardNames.IS_RI && trustManagerFactory.getAlgorithm().equals(StandardNames.TRUST_MANAGER_FACTORY_DEFAULT) && !Conscrypt.isConscrypt(trustManagerFactory.getProvider());
    }

    @Test
    public void test_TrustManagerFactory_getDefaultAlgorithm() throws Exception {
        String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        Assert.assertEquals(StandardNames.TRUST_MANAGER_FACTORY_DEFAULT, defaultAlgorithm);
        test_TrustManagerFactory(TrustManagerFactory.getInstance(defaultAlgorithm));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void test_TrustManagerFactory(TrustManagerFactory trustManagerFactory) throws Exception {
        Assert.assertNotNull(trustManagerFactory);
        Assert.assertNotNull(trustManagerFactory.getAlgorithm());
        Assert.assertNotNull(trustManagerFactory.getProvider());
        try {
            trustManagerFactory.getTrustManagers();
            Assert.fail();
        } catch (IllegalStateException e) {
        }
        try {
            trustManagerFactory.init((ManagerFactoryParameters) null);
            Assert.fail();
        } catch (InvalidAlgorithmParameterException e2) {
        }
        try {
            trustManagerFactory.init(new UselessManagerFactoryParameters());
            Assert.fail();
        } catch (InvalidAlgorithmParameterException e3) {
        }
        try {
            trustManagerFactory.init(new CertPathTrustManagerParameters(new PKIXParameters(getTestKeyStore().keyStore)));
            Assert.fail();
        } catch (InvalidAlgorithmParameterException e4) {
        }
        CertPathTrustManagerParameters certPathTrustManagerParameters = new CertPathTrustManagerParameters(new PKIXBuilderParameters(getTestKeyStore().keyStore, new X509CertSelector()));
        if (supportsManagerFactoryParameters(trustManagerFactory)) {
            trustManagerFactory.init(certPathTrustManagerParameters);
            test_TrustManagerFactory_getTrustManagers(trustManagerFactory);
        } else {
            try {
                trustManagerFactory.init(certPathTrustManagerParameters);
                Assert.fail();
            } catch (InvalidAlgorithmParameterException e5) {
            }
        }
        trustManagerFactory.init((KeyStore) null);
        test_TrustManagerFactory_getTrustManagers(trustManagerFactory);
        trustManagerFactory.init(getTestKeyStore().keyStore);
        test_TrustManagerFactory_getTrustManagers(trustManagerFactory);
    }

    private void test_TrustManagerFactory_getTrustManagers(TrustManagerFactory trustManagerFactory) throws Exception {
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        Assert.assertNotNull(trustManagers);
        Assert.assertTrue(trustManagers.length > 0);
        for (TrustManager trustManager : trustManagers) {
            Assert.assertNotNull(trustManager);
            if (trustManager instanceof X509TrustManager) {
                test_X509TrustManager(trustManagerFactory.getProvider(), (X509TrustManager) trustManager);
            }
        }
    }

    private void test_X509TrustManager(Provider provider, X509TrustManager x509TrustManager) throws Exception {
        for (String str : KEY_TYPES) {
            X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
            Assert.assertNotNull(acceptedIssuers);
            Assert.assertTrue(acceptedIssuers.length > 1);
            Assert.assertNotSame(acceptedIssuers, x509TrustManager.getAcceptedIssuers());
            boolean z = acceptedIssuers.length > ((!StandardNames.IS_RI || Conscrypt.isConscrypt(provider)) ? 2 : 1) * KEY_TYPES.length;
            X509Certificate[] x509CertificateArr = (X509Certificate[]) getTestKeyStore().getPrivateKey(TestKeyStore.keyAlgorithm(str), TestKeyStore.signatureAlgorithm(str)).getCertificateChain();
            if (z) {
                try {
                    x509TrustManager.checkClientTrusted(x509CertificateArr, str);
                    Assert.fail();
                } catch (CertificateException e) {
                }
                try {
                    x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                    Assert.fail();
                } catch (CertificateException e2) {
                }
            } else {
                x509TrustManager.checkClientTrusted(x509CertificateArr, str);
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
            }
        }
    }

    @Test
    public void test_TrustManagerFactory_getInstance() throws Exception {
        ServiceTester.test("TrustManagerFactory").run(new ServiceTester.Test() { // from class: com.android.org.conscrypt.javax.net.ssl.TrustManagerFactoryTest.1
            @Override // tests.util.ServiceTester.Test
            public void test(Provider provider, String str) throws Exception {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
                Assert.assertEquals(str, trustManagerFactory.getAlgorithm());
                TrustManagerFactoryTest.this.test_TrustManagerFactory(trustManagerFactory);
                TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(str, provider);
                Assert.assertEquals(str, trustManagerFactory2.getAlgorithm());
                Assert.assertEquals(provider, trustManagerFactory2.getProvider());
                TrustManagerFactoryTest.this.test_TrustManagerFactory(trustManagerFactory2);
                TrustManagerFactory trustManagerFactory3 = TrustManagerFactory.getInstance(str, provider.getName());
                Assert.assertEquals(str, trustManagerFactory3.getAlgorithm());
                Assert.assertEquals(provider, trustManagerFactory3.getProvider());
                TrustManagerFactoryTest.this.test_TrustManagerFactory(trustManagerFactory3);
            }
        });
    }

    @Test
    public void test_TrustManagerFactory_intermediate() throws Exception {
        final X509Certificate[] x509CertificateArr = (X509Certificate[]) TestKeyStore.getServer().getPrivateKey("RSA", "RSA").getCertificateChain();
        Assert.assertEquals(3L, x509CertificateArr.length);
        final KeyStore createKeyStore = TestKeyStore.createKeyStore();
        createKeyStore.setCertificateEntry("alias", x509CertificateArr[1]);
        ServiceTester.test("TrustManagerFactory").run(new ServiceTester.Test() { // from class: com.android.org.conscrypt.javax.net.ssl.TrustManagerFactoryTest.2
            @Override // tests.util.ServiceTester.Test
            public void test(Provider provider, String str) throws Exception {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
                trustManagerFactory.init(createKeyStore);
                for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                    if (trustManager instanceof X509TrustManager) {
                        X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                        x509TrustManager.checkClientTrusted(x509CertificateArr, "RSA");
                        x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
                    }
                }
            }
        });
    }

    @Test
    public void test_TrustManagerFactory_keyOnly() throws Exception {
        KeyStore createKeyStore = TestKeyStore.createKeyStore();
        KeyStore.PrivateKeyEntry privateKey = getTestKeyStore().getPrivateKey("RSA", "RSA");
        createKeyStore.setKeyEntry("key", privateKey.getPrivateKey(), "pw".toCharArray(), privateKey.getCertificateChain());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(createKeyStore);
        ((X509TrustManager) trustManagerFactory.getTrustManagers()[0]).checkServerTrusted((X509Certificate[]) privateKey.getCertificateChain(), "RSA");
    }

    @Test
    public void test_TrustManagerFactory_extendedKeyUsage() throws Exception {
        test_TrustManagerFactory_extendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage, false, true, true);
        test_TrustManagerFactory_extendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage, true, true, true);
        test_TrustManagerFactory_extendedKeyUsage(KeyPurposeId.id_kp_clientAuth, false, true, false);
        test_TrustManagerFactory_extendedKeyUsage(KeyPurposeId.id_kp_clientAuth, true, true, false);
        test_TrustManagerFactory_extendedKeyUsage(KeyPurposeId.id_kp_serverAuth, false, false, true);
        test_TrustManagerFactory_extendedKeyUsage(KeyPurposeId.id_kp_serverAuth, true, false, true);
        test_TrustManagerFactory_extendedKeyUsage(KeyPurposeId.id_kp_codeSigning, false, false, false);
        test_TrustManagerFactory_extendedKeyUsage(KeyPurposeId.id_kp_codeSigning, true, false, false);
    }

    private void test_TrustManagerFactory_extendedKeyUsage(KeyPurposeId keyPurposeId, boolean z, boolean z2, boolean z3) throws Exception {
        TestKeyStore intermediateCa = TestKeyStore.getIntermediateCa();
        X509Certificate[] x509CertificateArr = (X509Certificate[]) new TestKeyStore.Builder().keyAlgorithms("RSA").aliasPrefix("criticalCodeSigning").signer(intermediateCa.getPrivateKey("RSA", "RSA")).rootCa(intermediateCa.getRootCertificate("RSA")).addExtendedKeyUsage(keyPurposeId, z).build().getPrivateKey("RSA", "RSA").getCertificateChain();
        X509TrustManager x509TrustManager = (X509TrustManager) TestKeyStore.getRootCa().trustManagers[0];
        try {
            x509TrustManager.checkClientTrusted(x509CertificateArr, "RSA");
            Assert.assertTrue(z2);
        } catch (Exception e) {
            Assert.assertFalse(z2);
        }
        try {
            x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
            Assert.assertTrue(z3);
        } catch (Exception e2) {
            Assert.assertFalse(z3);
        }
    }
}
