package com.squareup.okhttp.internal.tls;

import com.squareup.okhttp.internal.HeldCertificate;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/squareup/okhttp/internal/tls/CertificateChainCleanerTest.class */
public final class CertificateChainCleanerTest {
    @Test
    public void normalizeSingleSelfSignedCertificate() throws Exception {
        HeldCertificate build = new HeldCertificate.Builder().serialNumber("1").build();
        Assert.assertEquals(list(build), new CertificateChainCleaner(new RealTrustRootIndex(new X509Certificate[]{build.certificate})).clean(list(build)));
    }

    @Test
    public void normalizeUnknownSelfSignedCertificate() throws Exception {
        try {
            new CertificateChainCleaner(new RealTrustRootIndex(new X509Certificate[0])).clean(list(new HeldCertificate.Builder().serialNumber("1").build()));
            Assert.fail();
        } catch (SSLPeerUnverifiedException e) {
        }
    }

    @Test
    public void orderedChainOfCertificatesWithRoot() throws Exception {
        HeldCertificate build = new HeldCertificate.Builder().serialNumber("1").build();
        HeldCertificate build2 = new HeldCertificate.Builder().serialNumber("2").issuedBy(build).build();
        HeldCertificate build3 = new HeldCertificate.Builder().serialNumber("3").issuedBy(build2).build();
        Assert.assertEquals(list(build3, build2, build), new CertificateChainCleaner(new RealTrustRootIndex(new X509Certificate[]{build.certificate})).clean(list(build3, build2, build)));
    }

    @Test
    public void orderedChainOfCertificatesWithoutRoot() throws Exception {
        HeldCertificate build = new HeldCertificate.Builder().serialNumber("1").build();
        HeldCertificate build2 = new HeldCertificate.Builder().serialNumber("2").issuedBy(build).build();
        HeldCertificate build3 = new HeldCertificate.Builder().serialNumber("3").issuedBy(build2).build();
        Assert.assertEquals(list(build3, build2, build), new CertificateChainCleaner(new RealTrustRootIndex(new X509Certificate[]{build.certificate})).clean(list(build3, build2)));
    }

    @Test
    public void unorderedChainOfCertificatesWithRoot() throws Exception {
        HeldCertificate build = new HeldCertificate.Builder().serialNumber("1").build();
        HeldCertificate build2 = new HeldCertificate.Builder().serialNumber("2").issuedBy(build).build();
        HeldCertificate build3 = new HeldCertificate.Builder().serialNumber("3").issuedBy(build2).build();
        HeldCertificate build4 = new HeldCertificate.Builder().serialNumber("4").issuedBy(build3).build();
        Assert.assertEquals(list(build4, build3, build2, build), new CertificateChainCleaner(new RealTrustRootIndex(new X509Certificate[]{build.certificate})).clean(list(build4, build2, build, build3)));
    }

    @Test
    public void unorderedChainOfCertificatesWithoutRoot() throws Exception {
        HeldCertificate build = new HeldCertificate.Builder().serialNumber("1").build();
        HeldCertificate build2 = new HeldCertificate.Builder().serialNumber("2").issuedBy(build).build();
        HeldCertificate build3 = new HeldCertificate.Builder().serialNumber("3").issuedBy(build2).build();
        HeldCertificate build4 = new HeldCertificate.Builder().serialNumber("4").issuedBy(build3).build();
        Assert.assertEquals(list(build4, build3, build2, build), new CertificateChainCleaner(new RealTrustRootIndex(new X509Certificate[]{build.certificate})).clean(list(build4, build2, build3)));
    }

    @Test
    public void unrelatedCertificatesAreOmitted() throws Exception {
        HeldCertificate build = new HeldCertificate.Builder().serialNumber("1").build();
        HeldCertificate build2 = new HeldCertificate.Builder().serialNumber("2").issuedBy(build).build();
        HeldCertificate build3 = new HeldCertificate.Builder().serialNumber("3").issuedBy(build2).build();
        HeldCertificate build4 = new HeldCertificate.Builder().serialNumber("4").build();
        Assert.assertEquals(list(build3, build2, build), new CertificateChainCleaner(new RealTrustRootIndex(new X509Certificate[]{build.certificate})).clean(list(build3, build4, build2, build)));
    }

    @Test
    public void chainGoesAllTheWayToSelfSignedRoot() throws Exception {
        HeldCertificate build = new HeldCertificate.Builder().serialNumber("1").build();
        HeldCertificate build2 = new HeldCertificate.Builder().serialNumber("2").issuedBy(build).build();
        HeldCertificate build3 = new HeldCertificate.Builder().serialNumber("3").issuedBy(build2).build();
        HeldCertificate build4 = new HeldCertificate.Builder().serialNumber("4").issuedBy(build3).build();
        CertificateChainCleaner certificateChainCleaner = new CertificateChainCleaner(new RealTrustRootIndex(new X509Certificate[]{build.certificate, build2.certificate}));
        Assert.assertEquals(list(build4, build3, build2, build), certificateChainCleaner.clean(list(build4, build3)));
        Assert.assertEquals(list(build4, build3, build2, build), certificateChainCleaner.clean(list(build4, build3, build2)));
        Assert.assertEquals(list(build4, build3, build2, build), certificateChainCleaner.clean(list(build4, build3, build2, build)));
    }

    @Test
    public void trustedRootNotSelfSigned() throws Exception {
        HeldCertificate build = new HeldCertificate.Builder().issuedBy(new HeldCertificate.Builder().serialNumber("1").build()).serialNumber("2").build();
        HeldCertificate build2 = new HeldCertificate.Builder().issuedBy(build).serialNumber("3").build();
        HeldCertificate build3 = new HeldCertificate.Builder().issuedBy(build2).serialNumber("4").build();
        CertificateChainCleaner certificateChainCleaner = new CertificateChainCleaner(new RealTrustRootIndex(new X509Certificate[]{build.certificate}));
        Assert.assertEquals(list(build3, build2, build), certificateChainCleaner.clean(list(build3, build2)));
        Assert.assertEquals(list(build3, build2, build), certificateChainCleaner.clean(list(build3, build2, build)));
    }

    @Test
    public void chainMaxLength() throws Exception {
        List<HeldCertificate> chainOfLength = chainOfLength(10);
        ArrayList arrayList = new ArrayList();
        Iterator<HeldCertificate> it = chainOfLength.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().certificate);
        }
        CertificateChainCleaner certificateChainCleaner = new CertificateChainCleaner(new RealTrustRootIndex(new X509Certificate[]{chainOfLength.get(chainOfLength.size() - 1).certificate}));
        Assert.assertEquals(arrayList, certificateChainCleaner.clean(arrayList));
        Assert.assertEquals(arrayList, certificateChainCleaner.clean(arrayList.subList(0, 9)));
    }

    @Test
    public void chainTooLong() throws Exception {
        List<HeldCertificate> chainOfLength = chainOfLength(11);
        ArrayList arrayList = new ArrayList();
        Iterator<HeldCertificate> it = chainOfLength.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().certificate);
        }
        try {
            new CertificateChainCleaner(new RealTrustRootIndex(new X509Certificate[]{chainOfLength.get(chainOfLength.size() - 1).certificate})).clean(arrayList);
            Assert.fail();
        } catch (SSLPeerUnverifiedException e) {
        }
    }

    private List<HeldCertificate> chainOfLength(int i) throws GeneralSecurityException {
        ArrayList arrayList = new ArrayList();
        for (int i2 = 1; i2 <= i; i2++) {
            arrayList.add(0, new HeldCertificate.Builder().issuedBy(!arrayList.isEmpty() ? (HeldCertificate) arrayList.get(0) : null).serialNumber(Integer.toString(i2)).build());
        }
        return arrayList;
    }

    private List<Certificate> list(HeldCertificate... heldCertificateArr) {
        ArrayList arrayList = new ArrayList();
        for (HeldCertificate heldCertificate : heldCertificateArr) {
            arrayList.add(heldCertificate.certificate);
        }
        return arrayList;
    }
}
