package libcore.java.security.cert;

import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CRLReason;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import libcore.java.security.StandardNames;
import libcore.junit.junit3.TestCaseWithRules;
import libcore.junit.util.EnableDeprecatedBouncyCastleAlgorithmsRule;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.Rule;
import org.junit.rules.TestRule;
import sun.security.provider.X509Factory;
import tests.support.resource.Support_Resources;

/* loaded from: input_file:libcore/java/security/cert/X509CRLTest.class */
public class X509CRLTest extends TestCaseWithRules {

    @Rule
    public TestRule enableDeprecatedBCAlgorithmsRule = EnableDeprecatedBouncyCastleAlgorithmsRule.getInstance();
    private Provider[] mX509Providers;
    private static final String CERT_RSA = "x509/cert-rsa.der";
    private static final String CERT_DSA = "x509/cert-dsa.der";
    private static final String CERT_CRL_CA = "x509/cert-crl-ca.der";
    private static final String CRL_RSA = "x509/crl-rsa.der";
    private static final String CRL_RSA_DSA = "x509/crl-rsa-dsa.der";
    private static final String CRL_RSA_DSA_SIGOPT = "x509/crl-rsa-dsa-sigopt.der";
    private static final String CRL_UNSUPPORTED = "x509/crl-unsupported.der";
    private static final String CRL_RSA_DATES = "x509/crl-rsa-dates.txt";
    private static final String CRL_RSA_DSA_DATES = "x509/crl-rsa-dsa-dates.txt";
    private static final String CRL_RSA_SIG = "x509/crl-rsa-sig.der";
    private static final String CRL_RSA_TBS = "x509/crl-rsa-tbs.der";
    private static final String CRL_EMPTY = "x509/crl-empty.der";

    @Override // junit.framework.TestCase
    public void setUp() throws Exception {
        super.setUp();
        this.mX509Providers = Security.getProviders("CertificateFactory.X509");
    }

    private final X509Certificate getCertificate(CertificateFactory certificateFactory, String str) throws Exception {
        InputStream stream = Support_Resources.getStream(str);
        assertNotNull("File does not exist: " + str, stream);
        try {
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(stream);
            assertNotNull(x509Certificate);
            return x509Certificate;
        } finally {
            try {
                stream.close();
            } catch (IOException e) {
            }
        }
    }

    private final X509CRL getCRL(CertificateFactory certificateFactory, String str) throws Exception {
        InputStream stream = Support_Resources.getStream(str);
        assertNotNull("File does not exist: " + str, stream);
        try {
            X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(stream);
            assertNotNull(x509crl);
            return x509crl;
        } finally {
            try {
                stream.close();
            } catch (IOException e) {
            }
        }
    }

    private byte[] getResourceAsBytes(String str) throws Exception {
        InputStream stream = Support_Resources.getStream(str);
        try {
            DataInputStream dataInputStream = new DataInputStream(stream);
            byte[] bArr = new byte[stream.available()];
            dataInputStream.readFully(bArr);
            return bArr;
        } finally {
            try {
                stream.close();
            } catch (IOException e) {
            }
        }
    }

    private Map<String, Date> getCrlDates(String str) throws Exception {
        HashMap hashMap = new HashMap();
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("MMM dd HH:mm:ss yyyy zzz", Locale.US);
        InputStream stream = Support_Resources.getStream(str);
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(stream, StandardCharsets.UTF_8));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                int indexOf = readLine.indexOf(61);
                hashMap.put(readLine.substring(0, indexOf), simpleDateFormat.parse(readLine.substring(indexOf + 1)));
            }
            return hashMap;
        } finally {
            try {
                stream.close();
            } catch (IOException e) {
            }
        }
    }

    public void test_X509CRLImpl_verify() throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Factory.intern(getCRL(certificateFactory, CRL_RSA)).verify(getCertificate(certificateFactory, CERT_CRL_CA).getPublicKey(), certificateFactory.getProvider());
    }

    public void test_Provider() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintStream printStream = new PrintStream(byteArrayOutputStream);
        for (Provider provider : this.mX509Providers) {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", provider);
                isRevoked(certificateFactory);
                getType(certificateFactory);
                getEncoded(certificateFactory);
                getVersion(certificateFactory);
                hasUnsupportedCriticalExtension(certificateFactory);
                getSignature(certificateFactory);
                getTBSCertList(certificateFactory);
                getRevokedCertificates(certificateFactory);
                getThisUpdateNextUpdate(certificateFactory);
                getSigAlgName(certificateFactory);
                getSigAlgOID(certificateFactory);
                getSigAlgParams(certificateFactory);
                verify(certificateFactory);
                test_toString(certificateFactory);
                test_equals(certificateFactory);
            } catch (Throwable th) {
                printStream.append((CharSequence) ("Error encountered checking " + provider.getName() + "\n"));
                th.printStackTrace(printStream);
            }
        }
        printStream.flush();
        if (byteArrayOutputStream.size() > 0) {
            throw new Exception("Errors encountered:\n\n" + byteArrayOutputStream.toString() + "\n\n");
        }
    }

    private void verify(CertificateFactory certificateFactory) throws Exception {
        X509CRL crl = getCRL(certificateFactory, CRL_RSA);
        X509Certificate certificate = getCertificate(certificateFactory, CERT_CRL_CA);
        crl.verify(certificate.getPublicKey());
        try {
            crl.verify(certificate.getPublicKey(), certificateFactory.getProvider());
        } catch (UnsupportedOperationException e) {
            if (!certificateFactory.getProvider().getName().equals("AndroidOpenSSL")) {
                throw e;
            }
        }
        X509Certificate certificate2 = getCertificate(certificateFactory, CERT_DSA);
        try {
            crl.verify(certificate2.getPublicKey());
            fail("should not verify using incorrect key type");
        } catch (InvalidKeyException e2) {
        }
        try {
            crl.verify(certificate2.getPublicKey(), certificateFactory.getProvider());
            fail("should not verify using incorrect key type");
        } catch (UnsupportedOperationException e3) {
            if (!certificateFactory.getProvider().getName().equals("AndroidOpenSSL")) {
                throw e3;
            }
        } catch (InvalidKeyException e4) {
        }
    }

    private void getType(CertificateFactory certificateFactory) throws Exception {
        assertEquals("X.509", getCRL(certificateFactory, CRL_RSA).getType());
    }

    private void isRevoked(CertificateFactory certificateFactory) throws Exception {
        X509Certificate certificate = getCertificate(certificateFactory, CERT_RSA);
        X509Certificate certificate2 = getCertificate(certificateFactory, CERT_DSA);
        X509CRL crl = getCRL(certificateFactory, CRL_RSA);
        X509CRL crl2 = getCRL(certificateFactory, CRL_RSA_DSA);
        assertTrue(crl.isRevoked(certificate));
        assertFalse(crl.isRevoked(certificate2));
        assertTrue(crl2.isRevoked(certificate));
        assertTrue(crl2.isRevoked(certificate2));
        try {
            assertFalse(crl.isRevoked(null));
            if (BouncyCastleProvider.PROVIDER_NAME.equals(certificateFactory.getProvider().getName())) {
                fail("BouncyCastle throws on null input");
            }
        } catch (NullPointerException e) {
            if (BouncyCastleProvider.PROVIDER_NAME.equals(certificateFactory.getProvider().getName())) {
                return;
            }
            fail("Should not throw on null input");
        }
    }

    private void getThisUpdateNextUpdate(CertificateFactory certificateFactory) throws Exception {
        X509CRL crl = getCRL(certificateFactory, CRL_RSA);
        Map<String, Date> crlDates = getCrlDates(CRL_RSA_DATES);
        Date date = crlDates.get("lastUpdate");
        Date date2 = crlDates.get("nextUpdate");
        assertNotNull(date);
        assertNotNull(date2);
        assertDateEquals(date, crl.getThisUpdate());
        assertDateEquals(date2, crl.getNextUpdate());
        X509CRL crl2 = getCRL(certificateFactory, CRL_RSA_DSA);
        Map<String, Date> crlDates2 = getCrlDates(CRL_RSA_DSA_DATES);
        Date date3 = crlDates2.get("lastUpdate");
        Date date4 = crlDates2.get("nextUpdate");
        assertNotNull(date3);
        assertNotNull(date4);
        assertDateEquals(date3, crl2.getThisUpdate());
        assertDateEquals(date4, crl2.getNextUpdate());
    }

    private void getSigAlgName(CertificateFactory certificateFactory) throws Exception {
        getCRL(certificateFactory, CRL_RSA);
        assertEquals("SHA1WITHRSA", getCRL(certificateFactory, CRL_RSA).getSigAlgName().toUpperCase(Locale.ROOT));
    }

    private void getSigAlgOID(CertificateFactory certificateFactory) throws Exception {
        assertEquals("1.2.840.113549.1.1.5", getCRL(certificateFactory, CRL_RSA).getSigAlgOID());
    }

    private void getVersion(CertificateFactory certificateFactory) throws Exception {
        assertEquals(1, getCRL(certificateFactory, CRL_RSA).getVersion());
    }

    private void hasUnsupportedCriticalExtension(CertificateFactory certificateFactory) throws Exception {
        assertFalse(getCRL(certificateFactory, CRL_RSA).hasUnsupportedCriticalExtension());
        assertTrue(getCRL(certificateFactory, CRL_UNSUPPORTED).hasUnsupportedCriticalExtension());
    }

    private void getSignature(CertificateFactory certificateFactory) throws Exception {
        assertEquals(Arrays.toString(getResourceAsBytes(CRL_RSA_SIG)), Arrays.toString(getCRL(certificateFactory, CRL_RSA).getSignature()));
    }

    private void getTBSCertList(CertificateFactory certificateFactory) throws Exception {
        assertEquals(Arrays.toString(getResourceAsBytes(CRL_RSA_TBS)), Arrays.toString(getCRL(certificateFactory, CRL_RSA).getTBSCertList()));
    }

    private void getEncoded(CertificateFactory certificateFactory) throws Exception {
        assertEquals(Arrays.toString(getResourceAsBytes(CRL_RSA)), Arrays.toString(getCRL(certificateFactory, CRL_RSA).getEncoded()));
    }

    private static void assertDateEquals(Date date, Date date2) throws Exception {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("dd MMM yyyy HH:mm:ss");
        assertEquals(simpleDateFormat.format(date), simpleDateFormat.format(date2));
    }

    private static void assertDateSlightlyBefore(Date date, Date date2) throws Exception {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(13, -2);
        assertTrue(date2.after(calendar.getTime()));
        assertTrue(date2.before(date) || date2.equals(date));
    }

    private void assertRsaCrlEntry(CertificateFactory certificateFactory, X509CRLEntry x509CRLEntry) throws Exception {
        assertNotNull(x509CRLEntry);
        X509Certificate certificate = getCertificate(certificateFactory, CERT_RSA);
        Date date = getCrlDates(CRL_RSA_DSA_DATES).get("lastUpdate");
        assertEquals(certificate.getSerialNumber(), x509CRLEntry.getSerialNumber());
        assertDateSlightlyBefore(date, x509CRLEntry.getRevocationDate());
        assertNull(x509CRLEntry.getRevocationReason());
        assertNull(x509CRLEntry.getCertificateIssuer());
        assertFalse(x509CRLEntry.hasExtensions());
        assertNull(x509CRLEntry.getCriticalExtensionOIDs());
        assertNull(x509CRLEntry.getNonCriticalExtensionOIDs());
        assertNotNull(x509CRLEntry.toString());
    }

    private void assertDsaCrlEntry(CertificateFactory certificateFactory, X509CRLEntry x509CRLEntry) throws Exception {
        assertNotNull(x509CRLEntry);
        X509Certificate certificate = getCertificate(certificateFactory, CERT_DSA);
        Date date = getCrlDates(CRL_RSA_DSA_DATES).get("lastUpdate");
        assertEquals(certificate.getSerialNumber(), x509CRLEntry.getSerialNumber());
        assertDateSlightlyBefore(date, x509CRLEntry.getRevocationDate());
        assertEquals(CRLReason.CESSATION_OF_OPERATION, x509CRLEntry.getRevocationReason());
        assertNull(x509CRLEntry.getCertificateIssuer());
        assertTrue(x509CRLEntry.hasExtensions());
        assertNotNull(x509CRLEntry.getCriticalExtensionOIDs());
        assertEquals(0, x509CRLEntry.getCriticalExtensionOIDs().size());
        assertNotNull(x509CRLEntry.getNonCriticalExtensionOIDs());
        assertEquals(1, x509CRLEntry.getNonCriticalExtensionOIDs().size());
        assertTrue(Arrays.toString(x509CRLEntry.getNonCriticalExtensionOIDs().toArray()), x509CRLEntry.getNonCriticalExtensionOIDs().contains("2.5.29.21"));
        System.out.println(Arrays.toString(x509CRLEntry.getExtensionValue("2.5.29.21")));
        assertNotNull(x509CRLEntry.toString());
    }

    private void getRevokedCertificates(CertificateFactory certificateFactory) throws Exception {
        assertNull(getCRL(certificateFactory, CRL_EMPTY).getRevokedCertificates());
        X509CRL crl = getCRL(certificateFactory, CRL_RSA);
        X509Certificate certificate = getCertificate(certificateFactory, CERT_RSA);
        X509Certificate certificate2 = getCertificate(certificateFactory, CERT_DSA);
        Set<? extends X509CRLEntry> revokedCertificates = crl.getRevokedCertificates();
        assertEquals(1, revokedCertificates.size());
        for (X509CRLEntry x509CRLEntry : revokedCertificates) {
            assertRsaCrlEntry(certificateFactory, x509CRLEntry);
            assertRsaCrlEntry(certificateFactory, crl.getRevokedCertificate(x509CRLEntry.getSerialNumber()));
        }
        X509CRL crl2 = getCRL(certificateFactory, CRL_RSA_DSA);
        assertEquals(2, crl2.getRevokedCertificates().size());
        assertRsaCrlEntry(certificateFactory, crl2.getRevokedCertificate(certificate));
        assertRsaCrlEntry(certificateFactory, crl2.getRevokedCertificate(certificate.getSerialNumber()));
        assertDsaCrlEntry(certificateFactory, crl2.getRevokedCertificate(certificate2));
        assertDsaCrlEntry(certificateFactory, crl2.getRevokedCertificate(certificate2.getSerialNumber()));
    }

    private void getSigAlgParams(CertificateFactory certificateFactory) throws Exception {
        byte[] sigAlgParams = getCRL(certificateFactory, CRL_RSA).getSigAlgParams();
        if (StandardNames.IS_RI) {
            assertNull(certificateFactory.getProvider().getName(), sigAlgParams);
        } else {
            assertNotNull(certificateFactory.getProvider().getName(), sigAlgParams);
            assertEquals(certificateFactory.getProvider().getName(), Arrays.toString(new byte[]{5, 0}), Arrays.toString(sigAlgParams));
        }
        byte[] sigAlgParams2 = getCRL(certificateFactory, CRL_RSA_DSA_SIGOPT).getSigAlgParams();
        assertNotNull(certificateFactory.getProvider().getName(), sigAlgParams2);
        assertEquals(Arrays.toString(new byte[]{48, 5, -94, 3, 2, 1, 1}), Arrays.toString(sigAlgParams2));
    }

    private void test_toString(CertificateFactory certificateFactory) throws Exception {
        X509CRL crl = getCRL(certificateFactory, CRL_RSA);
        X509CRL crl2 = getCRL(certificateFactory, CRL_RSA);
        X509CRL crl3 = getCRL(certificateFactory, CRL_RSA_DSA);
        assertNotNull(crl);
        assertNotNull(crl3);
        assertEquals(crl.toString(), crl2.toString());
        assertFalse(crl.toString().equals(crl3.toString()));
    }

    private void test_equals(CertificateFactory certificateFactory) throws Exception {
        X509CRL crl = getCRL(certificateFactory, CRL_RSA);
        X509CRL crl2 = getCRL(certificateFactory, CRL_RSA);
        X509Certificate certificate = getCertificate(certificateFactory, CERT_RSA);
        X509CRL crl3 = getCRL(certificateFactory, CRL_RSA_DSA);
        assertEquals(crl, crl2);
        assertFalse(crl.equals(crl3));
        X509CRLEntry revokedCertificate = crl.getRevokedCertificate(certificate);
        assertNotNull(revokedCertificate);
        X509CRLEntry revokedCertificate2 = crl2.getRevokedCertificate(certificate);
        assertNotNull(revokedCertificate2);
        assertEquals(revokedCertificate, revokedCertificate2);
    }
}
