package com.squareup.okhttp;

import com.squareup.okhttp.CertificatePinner;
import com.squareup.okhttp.internal.HeldCertificate;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import javax.net.ssl.SSLPeerUnverifiedException;
import okio.ByteString;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/squareup/okhttp/CertificatePinnerTest.class */
public final class CertificatePinnerTest {
    static HeldCertificate certA1;
    static String certA1Pin;
    static ByteString certA1PinBase64;
    static HeldCertificate certB1;
    static String certB1Pin;
    static ByteString certB1PinBase64;
    static HeldCertificate certC1;
    static String certC1Pin;

    static ByteString pinToBase64(String str) {
        return ByteString.decodeBase64(str.substring("sha1/".length()));
    }

    @Test
    public void malformedPin() throws Exception {
        try {
            new CertificatePinner.Builder().add("example.com", new String[]{"md5/DmxUShsZuNiqPQsX2Oi9uv2sCnw="});
            Assert.fail();
        } catch (IllegalArgumentException e) {
        }
    }

    @Test
    public void malformedBase64() throws Exception {
        try {
            new CertificatePinner.Builder().add("example.com", new String[]{"sha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw*"});
            Assert.fail();
        } catch (IllegalArgumentException e) {
        }
    }

    @Test
    public void sameKeypairSamePin() throws Exception {
        String pin = CertificatePinner.pin(new HeldCertificate.Builder().keyPair(certA1.keyPair).serialNumber("101").build().certificate);
        String pin2 = CertificatePinner.pin(new HeldCertificate.Builder().keyPair(certB1.keyPair).serialNumber("201").build().certificate);
        Assert.assertTrue(certA1Pin.equals(pin));
        Assert.assertTrue(certB1Pin.equals(pin2));
        Assert.assertFalse(certA1Pin.equals(certB1Pin));
    }

    @Test
    public void successfulCheck() throws Exception {
        new CertificatePinner.Builder().add("example.com", new String[]{certA1Pin}).build().check("example.com", new Certificate[]{certA1.certificate});
    }

    @Test
    public void successfulMatchAcceptsAnyMatchingCertificate() throws Exception {
        new CertificatePinner.Builder().add("example.com", new String[]{certB1Pin}).build().check("example.com", new Certificate[]{certA1.certificate, certB1.certificate});
    }

    @Test
    public void unsuccessfulCheck() throws Exception {
        try {
            new CertificatePinner.Builder().add("example.com", new String[]{certA1Pin}).build().check("example.com", new Certificate[]{certB1.certificate});
            Assert.fail();
        } catch (SSLPeerUnverifiedException e) {
        }
    }

    @Test
    public void multipleCertificatesForOneHostname() throws Exception {
        CertificatePinner build = new CertificatePinner.Builder().add("example.com", new String[]{certA1Pin, certB1Pin}).build();
        build.check("example.com", new Certificate[]{certA1.certificate});
        build.check("example.com", new Certificate[]{certB1.certificate});
    }

    @Test
    public void multipleHostnamesForOneCertificate() throws Exception {
        CertificatePinner build = new CertificatePinner.Builder().add("example.com", new String[]{certA1Pin}).add("www.example.com", new String[]{certA1Pin}).build();
        build.check("example.com", new Certificate[]{certA1.certificate});
        build.check("www.example.com", new Certificate[]{certA1.certificate});
    }

    @Test
    public void absentHostnameMatches() throws Exception {
        new CertificatePinner.Builder().build().check("example.com", new Certificate[]{certA1.certificate});
    }

    @Test
    public void successfulCheckForWildcardHostname() throws Exception {
        new CertificatePinner.Builder().add("*.example.com", new String[]{certA1Pin}).build().check("a.example.com", new Certificate[]{certA1.certificate});
    }

    @Test
    public void successfulMatchAcceptsAnyMatchingCertificateForWildcardHostname() throws Exception {
        new CertificatePinner.Builder().add("*.example.com", new String[]{certB1Pin}).build().check("a.example.com", new Certificate[]{certA1.certificate, certB1.certificate});
    }

    @Test
    public void unsuccessfulCheckForWildcardHostname() throws Exception {
        try {
            new CertificatePinner.Builder().add("*.example.com", new String[]{certA1Pin}).build().check("a.example.com", new Certificate[]{certB1.certificate});
            Assert.fail();
        } catch (SSLPeerUnverifiedException e) {
        }
    }

    @Test
    public void multipleCertificatesForOneWildcardHostname() throws Exception {
        CertificatePinner build = new CertificatePinner.Builder().add("*.example.com", new String[]{certA1Pin, certB1Pin}).build();
        build.check("a.example.com", new Certificate[]{certA1.certificate});
        build.check("a.example.com", new Certificate[]{certB1.certificate});
    }

    @Test
    public void successfulCheckForOneHostnameWithWildcardAndDirectCertificate() throws Exception {
        CertificatePinner build = new CertificatePinner.Builder().add("*.example.com", new String[]{certA1Pin}).add("a.example.com", new String[]{certB1Pin}).build();
        build.check("a.example.com", new Certificate[]{certA1.certificate});
        build.check("a.example.com", new Certificate[]{certB1.certificate});
    }

    @Test
    public void unsuccessfulCheckForOneHostnameWithWildcardAndDirectCertificate() throws Exception {
        try {
            new CertificatePinner.Builder().add("*.example.com", new String[]{certA1Pin}).add("a.example.com", new String[]{certB1Pin}).build().check("a.example.com", new Certificate[]{certC1.certificate});
            Assert.fail();
        } catch (SSLPeerUnverifiedException e) {
        }
    }

    @Test
    public void successfulFindMatchingPins() {
        Assert.assertEquals(TestUtil.setOf(certA1PinBase64, certB1PinBase64), new CertificatePinner.Builder().add("first.com", new String[]{certA1Pin, certB1Pin}).add("second.com", new String[]{certC1Pin}).build().findMatchingPins("first.com"));
    }

    @Test
    public void successfulFindMatchingPinsForWildcardAndDirectCertificates() {
        Assert.assertEquals(TestUtil.setOf(certA1PinBase64, certB1PinBase64), new CertificatePinner.Builder().add("*.example.com", new String[]{certA1Pin}).add("a.example.com", new String[]{certB1Pin}).add("b.example.com", new String[]{certC1Pin}).build().findMatchingPins("a.example.com"));
    }

    @Test
    public void wildcardHostnameShouldNotMatchThroughDot() throws Exception {
        CertificatePinner build = new CertificatePinner.Builder().add("*.example.com", new String[]{certA1Pin}).build();
        Assert.assertNull(build.findMatchingPins("example.com"));
        Assert.assertNull(build.findMatchingPins("a.b.example.com"));
    }

    static {
        try {
            certA1 = new HeldCertificate.Builder().serialNumber("100").build();
            certA1Pin = CertificatePinner.pin(certA1.certificate);
            certA1PinBase64 = pinToBase64(certA1Pin);
            certB1 = new HeldCertificate.Builder().serialNumber("200").build();
            certB1Pin = CertificatePinner.pin(certB1.certificate);
            certB1PinBase64 = pinToBase64(certB1Pin);
            certC1 = new HeldCertificate.Builder().serialNumber("300").build();
            certC1Pin = CertificatePinner.pin(certC1.certificate);
        } catch (GeneralSecurityException e) {
            throw new AssertionError(e);
        }
    }
}
