package com.android.org.conscrypt;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import javax.net.ssl.X509TrustManager;
import junit.framework.TestCase;

/* loaded from: input_file:com/android/org/conscrypt/CertBlocklistTest.class */
public class CertBlocklistTest extends TestCase {
    private static final String BLOCKLIST_CA = "test_blocklist_ca.pem";
    private static final String BLOCKLIST_CA2 = "test_blocklist_ca2.pem";
    private static final String BLOCKLISTED_CHAIN = "blocklist_test_chain.pem";
    private static final String BLOCKLIST_FALLBACK_VALID_CA = "blocklist_test_valid_ca.pem";
    private static final String BLOCKLISTED_VALID_CHAIN = "blocklist_test_valid_chain.pem";

    public void testBlocklistedPublicKey() throws Exception {
        assertTrue(CertBlocklistImpl.getDefault().isPublicKeyBlockListed(loadCertificate(BLOCKLIST_CA).getPublicKey()));
    }

    public void testBlocklistedPublicKeySHA256() throws Exception {
        assertTrue(CertBlocklistImpl.getDefault().isPublicKeyBlockListed(loadCertificate(BLOCKLIST_CA2).getPublicKey()));
    }

    public void testBlocklistedCaUntrusted() throws Exception {
        X509Certificate loadCertificate = loadCertificate(BLOCKLIST_CA);
        assertUntrusted(new X509Certificate[]{loadCertificate}, getTrustManager(loadCertificate));
    }

    public void testBlocklistedRootOfTrust() throws Exception {
        assertUntrusted(loadCertificates(BLOCKLISTED_CHAIN), getTrustManager(loadCertificate(BLOCKLIST_CA)));
    }

    public void testBlocklistedIntermediateFallback() throws Exception {
        X509Certificate[] loadCertificates = loadCertificates(BLOCKLISTED_VALID_CHAIN);
        X509Certificate loadCertificate = loadCertificate(BLOCKLIST_CA);
        assertTrusted(loadCertificates, getTrustManager(loadCertificate, loadCertificate(BLOCKLIST_FALLBACK_VALID_CA)));
        assertUntrusted(loadCertificates, getTrustManager(loadCertificate));
    }

    private static X509Certificate loadCertificate(String str) throws Exception {
        return loadCertificates(str)[0];
    }

    private static X509Certificate[] loadCertificates(String str) throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream openTestFile = TestUtils.openTestFile(str);
        try {
            Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(openTestFile);
            openTestFile.close();
            X509Certificate[] x509CertificateArr = new X509Certificate[generateCertificates.size()];
            int i = 0;
            Iterator<? extends Certificate> it = generateCertificates.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                x509CertificateArr[i2] = (X509Certificate) it.next();
            }
            if (openTestFile != null) {
                openTestFile.close();
            }
            return x509CertificateArr;
        } catch (Throwable th) {
            if (openTestFile != null) {
                try {
                    openTestFile.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static TrustManagerImpl getTrustManager(X509Certificate... x509CertificateArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        int i = 0;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            int i2 = i;
            i++;
            keyStore.setCertificateEntry(String.valueOf(i2), x509Certificate);
        }
        return new TrustManagerImpl(keyStore);
    }

    private static void assertTrusted(X509Certificate[] x509CertificateArr, X509TrustManager x509TrustManager) throws Exception {
        x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
    }

    private static void assertUntrusted(X509Certificate[] x509CertificateArr, X509TrustManager x509TrustManager) {
        try {
            x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
            fail();
        } catch (CertificateException e) {
        }
    }
}
