package com.android.org.conscrypt;

import com.android.org.conscrypt.java.security.TestKeyStore;
import com.android.org.conscrypt.javax.net.ssl.TestHostnameVerifier;
import java.io.IOException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509TrustManager;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;

@RunWith(JUnit4.class)
/* loaded from: input_file:com/android/org/conscrypt/TrustManagerImplTest.class */
public class TrustManagerImplTest {

    /* loaded from: input_file:com/android/org/conscrypt/TrustManagerImplTest$FakeSSLSession.class */
    private static class FakeSSLSession implements SSLSession {
        private final String hostname;
        private final X509Certificate[] peerCerts;

        FakeSSLSession(String str) {
            this.hostname = str;
            this.peerCerts = null;
        }

        FakeSSLSession(String str, X509Certificate[] x509CertificateArr) {
            this.hostname = str;
            this.peerCerts = (X509Certificate[]) x509CertificateArr.clone();
        }

        @Override // javax.net.ssl.SSLSession
        public int getApplicationBufferSize() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public String getCipherSuite() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public long getCreationTime() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public byte[] getId() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public long getLastAccessedTime() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public Certificate[] getLocalCertificates() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public Principal getLocalPrincipal() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public int getPacketBufferSize() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public javax.security.cert.X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
            if (this.peerCerts == null) {
                throw new SSLPeerUnverifiedException("Null peerCerts");
            }
            return (Certificate[]) this.peerCerts.clone();
        }

        @Override // javax.net.ssl.SSLSession
        public String getPeerHost() {
            return this.hostname;
        }

        @Override // javax.net.ssl.SSLSession
        public int getPeerPort() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public String getProtocol() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public SSLSessionContext getSessionContext() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public Object getValue(String str) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public String[] getValueNames() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public void invalidate() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public boolean isValid() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public void putValue(String str, Object obj) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSession
        public void removeValue(String str) {
            throw new UnsupportedOperationException();
        }
    }

    /* loaded from: input_file:com/android/org/conscrypt/TrustManagerImplTest$FakeSSLSocket.class */
    private static class FakeSSLSocket extends SSLSocket {
        private final SSLSession session;
        private final SSLParameters parameters;

        public FakeSSLSocket(SSLSession sSLSession, SSLParameters sSLParameters) {
            this.session = sSLSession;
            this.parameters = sSLParameters;
        }

        @Override // javax.net.ssl.SSLSocket
        public SSLParameters getSSLParameters() {
            return this.parameters;
        }

        @Override // javax.net.ssl.SSLSocket
        public String[] getSupportedCipherSuites() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public String[] getEnabledCipherSuites() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public void setEnabledCipherSuites(String[] strArr) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public String[] getSupportedProtocols() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public String[] getEnabledProtocols() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public void setEnabledProtocols(String[] strArr) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public SSLSession getSession() {
            return this.session;
        }

        @Override // javax.net.ssl.SSLSocket
        public SSLSession getHandshakeSession() {
            return this.session;
        }

        @Override // javax.net.ssl.SSLSocket
        public void addHandshakeCompletedListener(HandshakeCompletedListener handshakeCompletedListener) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public void removeHandshakeCompletedListener(HandshakeCompletedListener handshakeCompletedListener) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public void startHandshake() throws IOException {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public void setUseClientMode(boolean z) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public boolean getUseClientMode() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public void setNeedClientAuth(boolean z) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public boolean getNeedClientAuth() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public void setWantClientAuth(boolean z) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public boolean getWantClientAuth() {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public void setEnableSessionCreation(boolean z) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.SSLSocket
        public boolean getEnableSessionCreation() {
            throw new UnsupportedOperationException();
        }
    }

    @Test
    public void testLearnIntermediate() throws Exception {
        TestUtils.assumeExtendedTrustManagerAvailable();
        X509Certificate[] x509CertificateArr = (X509Certificate[]) TestKeyStore.getServer().getPrivateKey("RSA", "RSA").getCertificateChain();
        X509Certificate x509Certificate = x509CertificateArr[2];
        X509Certificate x509Certificate2 = x509CertificateArr[1];
        X509Certificate x509Certificate3 = x509CertificateArr[0];
        X509Certificate[] x509CertificateArr2 = {x509Certificate3, x509Certificate2};
        X509Certificate[] x509CertificateArr3 = {x509Certificate3};
        assertValid(x509CertificateArr, trustManager(x509Certificate));
        assertValid(x509CertificateArr2, trustManager(x509Certificate));
        assertInvalid(x509CertificateArr3, trustManager(x509Certificate));
        assertValid(x509CertificateArr, trustManager(x509Certificate2));
        assertValid(x509CertificateArr2, trustManager(x509Certificate2));
        assertValid(x509CertificateArr3, trustManager(x509Certificate2));
        assertValid(x509CertificateArr, trustManager(x509Certificate3));
        assertValid(x509CertificateArr2, trustManager(x509Certificate3));
        assertValid(x509CertificateArr3, trustManager(x509Certificate3));
        X509TrustManager trustManager = trustManager(x509Certificate);
        assertInvalid(x509CertificateArr3, trustManager);
        assertValid(x509CertificateArr2, trustManager);
        assertValid(x509CertificateArr3, trustManager);
    }

    @Test
    public void testDuplicateInChain() throws Exception {
        TestUtils.assumeExtendedTrustManagerAvailable();
        X509Certificate[] x509CertificateArr = (X509Certificate[]) TestKeyStore.getServer().getPrivateKey("RSA", "RSA").getCertificateChain();
        X509Certificate x509Certificate = x509CertificateArr[2];
        X509Certificate x509Certificate2 = x509CertificateArr[1];
        X509Certificate x509Certificate3 = x509CertificateArr[0];
        assertValid(new X509Certificate[]{x509Certificate3, x509Certificate2, x509Certificate3, x509Certificate2}, trustManager(x509Certificate));
    }

    @Test
    public void testGetFullChain() throws Exception {
        TestUtils.assumeExtendedTrustManagerAvailable();
        X509Certificate[] x509CertificateArr = (X509Certificate[]) TestKeyStore.getServer().getPrivateKey("RSA", "RSA").getCertificateChain();
        TrustManagerImpl trustManager = trustManager(x509CertificateArr[2]);
        X509Certificate x509Certificate = x509CertificateArr[1];
        X509Certificate x509Certificate2 = x509CertificateArr[0];
        X509Certificate[] x509CertificateArr2 = {x509Certificate2, x509Certificate};
        X509Certificate[] x509CertificateArr3 = {x509Certificate2};
        Assert.assertTrue(trustManager instanceof TrustManagerImpl);
        TrustManagerImpl trustManagerImpl = trustManager;
        Assert.assertEquals(Arrays.asList(x509CertificateArr), trustManagerImpl.checkServerTrusted(x509CertificateArr2, "RSA", new FakeSSLSession("purple.com")));
        Assert.assertEquals(Arrays.asList(x509CertificateArr), trustManagerImpl.checkServerTrusted(x509CertificateArr3, "RSA", new FakeSSLSession("purple.com")));
    }

    @Test
    public void testHttpsEndpointIdentification() throws Exception {
        TestUtils.assumeExtendedTrustManagerAvailable();
        X509Certificate[] x509CertificateArr = (X509Certificate[]) TestKeyStore.getServerHostname().getPrivateKey("RSA", "RSA").getCertificateChain();
        TrustManagerImpl trustManager = trustManager(x509CertificateArr[2]);
        try {
            SSLParameters sSLParameters = new SSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm(null);
            Assert.assertEquals(Arrays.asList(x509CertificateArr), trustManager.getTrustedChainForServer(x509CertificateArr, "RSA", new FakeSSLSocket(new FakeSSLSession("definitelywrong.nopenopenope", x509CertificateArr), sSLParameters)));
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            try {
                trustManager.getTrustedChainForServer(x509CertificateArr, "RSA", new FakeSSLSocket(new FakeSSLSession("definitelywrong.nopenopenope", x509CertificateArr), sSLParameters));
                Assert.fail();
            } catch (CertificateException e) {
            }
            Assert.assertEquals(Arrays.asList(x509CertificateArr), trustManager.getTrustedChainForServer(x509CertificateArr, "RSA", new FakeSSLSocket(new FakeSSLSession(TestKeyStore.CERT_HOSTNAME, x509CertificateArr), sSLParameters)));
            Conscrypt.setHostnameVerifier(trustManager, new ConscryptHostnameVerifier() { // from class: com.android.org.conscrypt.TrustManagerImplTest.1
                public boolean verify(X509Certificate[] x509CertificateArr2, String str, SSLSession sSLSession) {
                    return true;
                }
            });
            Assert.assertEquals(Arrays.asList(x509CertificateArr), trustManager.getTrustedChainForServer(x509CertificateArr, "RSA", new FakeSSLSocket(new FakeSSLSession("definitelywrong.nopenopenope", x509CertificateArr), sSLParameters)));
            Assert.assertEquals(Arrays.asList(x509CertificateArr), trustManager.getTrustedChainForServer(x509CertificateArr, "RSA", new FakeSSLSocket(new FakeSSLSession(TestKeyStore.CERT_HOSTNAME, x509CertificateArr), sSLParameters)));
            Conscrypt.setHostnameVerifier(trustManager, Conscrypt.wrapHostnameVerifier(new TestHostnameVerifier()));
            try {
                trustManager.getTrustedChainForServer(x509CertificateArr, "RSA", new FakeSSLSocket(new FakeSSLSession("definitelywrong.nopenopenope", x509CertificateArr), sSLParameters));
                Assert.fail();
            } catch (CertificateException e2) {
            }
            Assert.assertEquals(Arrays.asList(x509CertificateArr), trustManager.getTrustedChainForServer(x509CertificateArr, "RSA", new FakeSSLSocket(new FakeSSLSession(TestKeyStore.CERT_HOSTNAME, x509CertificateArr), sSLParameters)));
            Conscrypt.setHostnameVerifier(trustManager, (ConscryptHostnameVerifier) null);
            try {
                trustManager.getTrustedChainForServer(x509CertificateArr, "RSA", new FakeSSLSocket(new FakeSSLSession("definitelywrong.nopenopenope", x509CertificateArr), sSLParameters));
                Assert.fail();
            } catch (CertificateException e3) {
            }
            Assert.assertEquals(Arrays.asList(x509CertificateArr), trustManager.getTrustedChainForServer(x509CertificateArr, "RSA", new FakeSSLSocket(new FakeSSLSession(TestKeyStore.CERT_HOSTNAME, x509CertificateArr), sSLParameters)));
            Conscrypt.setDefaultHostnameVerifier((ConscryptHostnameVerifier) null);
        } catch (Throwable th) {
            Conscrypt.setDefaultHostnameVerifier((ConscryptHostnameVerifier) null);
            throw th;
        }
    }

    private X509TrustManager trustManager(X509Certificate x509Certificate) throws Exception {
        KeyStore createKeyStore = TestKeyStore.createKeyStore();
        createKeyStore.setCertificateEntry("alias", x509Certificate);
        return new TrustManagerImpl(createKeyStore);
    }

    private void assertValid(X509Certificate[] x509CertificateArr, X509TrustManager x509TrustManager) throws Exception {
        if (x509TrustManager instanceof TrustManagerImpl) {
            ((TrustManagerImpl) x509TrustManager).checkServerTrusted(x509CertificateArr, "RSA");
        }
        x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
    }

    private void assertInvalid(X509Certificate[] x509CertificateArr, X509TrustManager x509TrustManager) {
        try {
            x509TrustManager.checkClientTrusted(x509CertificateArr, "RSA");
            Assert.fail();
        } catch (CertificateException e) {
        }
        try {
            x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
            Assert.fail();
        } catch (CertificateException e2) {
        }
    }
}
