package com.android.org.conscrypt.ct;

import com.android.org.conscrypt.OpenSSLX509Certificate;
import com.android.org.conscrypt.TestUtils;
import com.android.org.conscrypt.ct.SignedCertificateTimestamp;
import com.android.org.conscrypt.ct.VerifiedSCT;
import java.util.Arrays;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;

@RunWith(JUnit4.class)
/* loaded from: input_file:com/android/org/conscrypt/ct/CTVerifierTest.class */
public class CTVerifierTest {
    private OpenSSLX509Certificate ca;
    private OpenSSLX509Certificate cert;
    private OpenSSLX509Certificate certEmbedded;
    private CTVerifier ctVerifier;

    @Before
    public void setUp() throws Exception {
        this.ca = OpenSSLX509Certificate.fromX509PemInputStream(TestUtils.openTestFile("ca-cert.pem"));
        this.cert = OpenSSLX509Certificate.fromX509PemInputStream(TestUtils.openTestFile("cert.pem"));
        this.certEmbedded = OpenSSLX509Certificate.fromX509PemInputStream(TestUtils.openTestFile("cert-ct-embedded.pem"));
        final CTLogInfo cTLogInfo = new CTLogInfo(TestUtils.readPublicKeyPemFile("ct-server-key-public.pem"), "Test Log", "foo");
        this.ctVerifier = new CTVerifier(new CTLogStore() { // from class: com.android.org.conscrypt.ct.CTVerifierTest.1
            public CTLogInfo getKnownLog(byte[] bArr) {
                if (Arrays.equals(bArr, cTLogInfo.getID())) {
                    return cTLogInfo;
                }
                return null;
            }
        });
    }

    @Test
    public void test_verifySignedCertificateTimestamps_withOCSPResponse() throws Exception {
        CTVerificationResult verifySignedCertificateTimestamps = this.ctVerifier.verifySignedCertificateTimestamps(new OpenSSLX509Certificate[]{this.cert, this.ca}, (byte[]) null, TestUtils.readTestFile("ocsp-response.der"));
        Assert.assertEquals(1L, verifySignedCertificateTimestamps.getValidSCTs().size());
        Assert.assertEquals(0L, verifySignedCertificateTimestamps.getInvalidSCTs().size());
    }

    @Test
    public void test_verifySignedCertificateTimestamps_withTLSExtension() throws Exception {
        CTVerificationResult verifySignedCertificateTimestamps = this.ctVerifier.verifySignedCertificateTimestamps(new OpenSSLX509Certificate[]{this.cert, this.ca}, TestUtils.readTestFile("ct-signed-timestamp-list"), (byte[]) null);
        Assert.assertEquals(1L, verifySignedCertificateTimestamps.getValidSCTs().size());
        Assert.assertEquals(0L, verifySignedCertificateTimestamps.getInvalidSCTs().size());
    }

    @Test
    public void test_verifySignedCertificateTimestamps_withEmbeddedExtension() throws Exception {
        CTVerificationResult verifySignedCertificateTimestamps = this.ctVerifier.verifySignedCertificateTimestamps(new OpenSSLX509Certificate[]{this.certEmbedded, this.ca}, (byte[]) null, (byte[]) null);
        Assert.assertEquals(1L, verifySignedCertificateTimestamps.getValidSCTs().size());
        Assert.assertEquals(0L, verifySignedCertificateTimestamps.getInvalidSCTs().size());
    }

    @Test
    public void test_verifySignedCertificateTimestamps_withoutTimestamp() throws Exception {
        CTVerificationResult verifySignedCertificateTimestamps = this.ctVerifier.verifySignedCertificateTimestamps(new OpenSSLX509Certificate[]{this.cert, this.ca}, (byte[]) null, (byte[]) null);
        Assert.assertEquals(0L, verifySignedCertificateTimestamps.getValidSCTs().size());
        Assert.assertEquals(0L, verifySignedCertificateTimestamps.getInvalidSCTs().size());
    }

    @Test
    public void test_verifySignedCertificateTimestamps_withInvalidSignature() throws Exception {
        CTVerificationResult verifySignedCertificateTimestamps = this.ctVerifier.verifySignedCertificateTimestamps(new OpenSSLX509Certificate[]{this.cert, this.ca}, TestUtils.readTestFile("ct-signed-timestamp-list-invalid"), (byte[]) null);
        Assert.assertEquals(0L, verifySignedCertificateTimestamps.getValidSCTs().size());
        Assert.assertEquals(1L, verifySignedCertificateTimestamps.getInvalidSCTs().size());
        Assert.assertEquals(VerifiedSCT.Status.INVALID_SIGNATURE, ((VerifiedSCT) verifySignedCertificateTimestamps.getInvalidSCTs().get(0)).status);
    }

    @Test
    public void test_verifySignedCertificateTimestamps_withUnknownLog() throws Exception {
        CTVerificationResult verifySignedCertificateTimestamps = this.ctVerifier.verifySignedCertificateTimestamps(new OpenSSLX509Certificate[]{this.cert, this.ca}, TestUtils.readTestFile("ct-signed-timestamp-list-unknown"), (byte[]) null);
        Assert.assertEquals(0L, verifySignedCertificateTimestamps.getValidSCTs().size());
        Assert.assertEquals(1L, verifySignedCertificateTimestamps.getInvalidSCTs().size());
        Assert.assertEquals(VerifiedSCT.Status.UNKNOWN_LOG, ((VerifiedSCT) verifySignedCertificateTimestamps.getInvalidSCTs().get(0)).status);
    }

    @Test
    public void test_verifySignedCertificateTimestamps_withInvalidEncoding() throws Exception {
        CTVerificationResult verifySignedCertificateTimestamps = this.ctVerifier.verifySignedCertificateTimestamps(new OpenSSLX509Certificate[]{this.cert, this.ca}, new byte[]{1, 2, 3, 4}, (byte[]) null);
        Assert.assertEquals(0L, verifySignedCertificateTimestamps.getValidSCTs().size());
        Assert.assertEquals(0L, verifySignedCertificateTimestamps.getInvalidSCTs().size());
    }

    @Test
    public void test_verifySignedCertificateTimestamps_withInvalidOCSPResponse() throws Exception {
        CTVerificationResult verifySignedCertificateTimestamps = this.ctVerifier.verifySignedCertificateTimestamps(new OpenSSLX509Certificate[]{this.cert, this.ca}, (byte[]) null, new byte[]{1, 2, 3, 4});
        Assert.assertEquals(0L, verifySignedCertificateTimestamps.getValidSCTs().size());
        Assert.assertEquals(0L, verifySignedCertificateTimestamps.getInvalidSCTs().size());
    }

    @Test
    public void test_verifySignedCertificateTimestamps_withMultipleTimestamps() throws Exception {
        CTVerificationResult verifySignedCertificateTimestamps = this.ctVerifier.verifySignedCertificateTimestamps(new OpenSSLX509Certificate[]{this.cert, this.ca}, TestUtils.readTestFile("ct-signed-timestamp-list-invalid"), TestUtils.readTestFile("ocsp-response.der"));
        Assert.assertEquals(1L, verifySignedCertificateTimestamps.getValidSCTs().size());
        Assert.assertEquals(1L, verifySignedCertificateTimestamps.getInvalidSCTs().size());
        Assert.assertEquals(SignedCertificateTimestamp.Origin.OCSP_RESPONSE, ((VerifiedSCT) verifySignedCertificateTimestamps.getValidSCTs().get(0)).sct.getOrigin());
        Assert.assertEquals(SignedCertificateTimestamp.Origin.TLS_EXTENSION, ((VerifiedSCT) verifySignedCertificateTimestamps.getInvalidSCTs().get(0)).sct.getOrigin());
    }
}
