package libcore.java.security.cert;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import junit.framework.TestCase;
import libcore.java.security.TestKeyStore;

/* loaded from: input_file:libcore/java/security/cert/X509CertSelectorTest.class */
public final class X509CertSelectorTest extends TestCase {
    public void testMatchIpv4SubjectAlternativeName() throws Exception {
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.addSubjectAlternativeName(7, "127.0.0.1");
        assertTrue(x509CertSelector.match(newCertWithSubjectAltNameIpAddress(new byte[]{Byte.MAX_VALUE, 0, 0, 1})));
        assertFalse(x509CertSelector.match(newCertWithSubjectAltNameIpAddress(new byte[]{Byte.MAX_VALUE, 0, 0, 2})));
    }

    public void testMatchIpv4MappedSubjectAlternativeName() throws Exception {
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.addSubjectAlternativeName(7, "::ffff:127.0.0.1");
        assertTrue(x509CertSelector.match(newCertWithSubjectAltNameIpAddress(new byte[]{Byte.MAX_VALUE, 0, 0, 1})));
        assertFalse(x509CertSelector.match(newCertWithSubjectAltNameIpAddress(new byte[]{Byte.MAX_VALUE, 0, 0, 2})));
    }

    public void testMatchIpv6SubjectAlternativeName() throws Exception {
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setMatchAllSubjectAltNames(false);
        x509CertSelector.addSubjectAlternativeName(7, "::1");
        assertTrue(x509CertSelector.match(newCertWithSubjectAltNameIpAddress(new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1})));
        assertFalse(x509CertSelector.match(newCertWithSubjectAltNameIpAddress(new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2})));
    }

    public void testMatchMaskedIpv4NameConstraint() throws Exception {
        byte[] bArr = {-64, -88, 0, 1};
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.addPathToName(7, "127.0.0.1");
        assertTrue(x509CertSelector.match(newCertWithNameConstraint(new byte[]{Byte.MAX_VALUE, 0, 0, 1, -1, -1, -1, -1}, bArr)));
        assertFalse(x509CertSelector.match(newCertWithNameConstraint(new byte[]{Byte.MAX_VALUE, 0, 0, 2, -1, -1, -1, -1}, bArr)));
        assertFalse(x509CertSelector.match(newCertWithNameConstraint(new byte[]{Byte.MAX_VALUE, 0, 0, 0, -1, -1, -1, -1}, bArr)));
        assertTrue(x509CertSelector.match(newCertWithNameConstraint(new byte[]{Byte.MAX_VALUE, 0, 0, 0, -1, -1, -1, 0}, bArr)));
    }

    public void testMatchMaskedIpv6NameConstraint() throws Exception {
        byte[] bArr = {0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0};
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.addPathToName(7, "1::1");
        assertTrue(x509CertSelector.match(newCertWithNameConstraint(new byte[]{0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1}, bArr)));
        assertFalse(x509CertSelector.match(newCertWithNameConstraint(new byte[]{0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1}, bArr)));
        assertFalse(x509CertSelector.match(newCertWithNameConstraint(new byte[]{0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1}, bArr)));
        assertTrue(x509CertSelector.match(newCertWithNameConstraint(new byte[]{0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0}, bArr)));
    }

    public void testMatchMalformedSubjectAlternativeName() throws Exception {
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.addSubjectAlternativeName(7, "1::x");
            fail();
        } catch (IOException e) {
        }
        try {
            x509CertSelector.addSubjectAlternativeName(7, "127.0.0.x");
            fail();
        } catch (IOException e2) {
        }
    }

    private X509Certificate newCertWithSubjectAltNameIpAddress(byte[] bArr) throws Exception {
        return bouncycastleToJava(new TestKeyStore.Builder().addSubjectAltNameIpAddress(bArr).build().getRootCertificate("RSA"));
    }

    private X509Certificate newCertWithNameConstraint(byte[] bArr, byte[] bArr2) throws Exception {
        return bouncycastleToJava(new TestKeyStore.Builder().addNameConstraint(true, bArr).addNameConstraint(false, bArr2).ca(true).build().getRootCertificate("RSA"));
    }

    private X509Certificate bouncycastleToJava(Certificate certificate) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));
    }
}
