package com.android.org.conscrypt;

import com.android.org.conscrypt.java.security.TestKeyStore;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Random;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:com/android/org/conscrypt/TrustedCertificateStoreTest.class */
public class TrustedCertificateStoreTest {
    private static final Random tempFileRandom = new Random();
    private static File dirTest;
    private static File dirSystem;
    private static File dirAdded;
    private static File dirDeleted;
    private static X509Certificate CA1;
    private static X509Certificate CA2;
    private static KeyStore.PrivateKeyEntry PRIVATE;
    private static X509Certificate[] CHAIN;
    private static X509Certificate CA3_WITH_CA1_SUBJECT;
    private static String ALIAS_SYSTEM_CA1;
    private static String ALIAS_SYSTEM_CA2;
    private static String ALIAS_USER_CA1;
    private static String ALIAS_USER_CA2;
    private static String ALIAS_SYSTEM_CHAIN0;
    private static String ALIAS_SYSTEM_CHAIN1;
    private static String ALIAS_SYSTEM_CHAIN2;
    private static String ALIAS_USER_CHAIN0;
    private static String ALIAS_USER_CHAIN1;
    private static String ALIAS_USER_CHAIN2;
    private static String ALIAS_SYSTEM_CA3;
    private static String ALIAS_SYSTEM_CA3_COLLISION;
    private static String ALIAS_USER_CA3;
    private static String ALIAS_USER_CA3_COLLISION;
    private static X509Certificate CERTLOOP_EE;
    private static X509Certificate CERTLOOP_CA1;
    private static X509Certificate CERTLOOP_CA2;
    private static String ALIAS_USER_CERTLOOP_EE;
    private static String ALIAS_USER_CERTLOOP_CA1;
    private static String ALIAS_USER_CERTLOOP_CA2;
    private static X509Certificate MULTIPLE_ISSUERS_CA1;
    private static X509Certificate MULTIPLE_ISSUERS_CA1_CROSS;
    private static X509Certificate MULTIPLE_ISSUERS_CA2;
    private static X509Certificate MULTIPLE_ISSUERS_EE;
    private static String ALIAS_MULTIPLE_ISSUERS_CA1;
    private static String ALIAS_MULTIPLE_ISSUERS_CA1_CROSS;
    private static String ALIAS_MULTIPLE_ISSUERS_CA2;
    private static String ALIAS_MULTIPLE_ISSUERS_EE;

    @Parameterized.Parameter
    public String mApexCertsEnabled;
    private TrustedCertificateStore store;

    private static X509Certificate getCa1() {
        initCerts();
        return CA1;
    }

    private static X509Certificate getCa2() {
        initCerts();
        return CA2;
    }

    private static KeyStore.PrivateKeyEntry getPrivate() {
        initCerts();
        return PRIVATE;
    }

    private static X509Certificate[] getChain() {
        initCerts();
        return CHAIN;
    }

    private static X509Certificate getCa3WithCa1Subject() {
        initCerts();
        return CA3_WITH_CA1_SUBJECT;
    }

    private static String getAliasSystemCa1() {
        initCerts();
        return ALIAS_SYSTEM_CA1;
    }

    private static String getAliasSystemCa2() {
        initCerts();
        return ALIAS_SYSTEM_CA2;
    }

    private static String getAliasUserCa1() {
        initCerts();
        return ALIAS_USER_CA1;
    }

    private static String getAliasUserCa2() {
        initCerts();
        return ALIAS_USER_CA2;
    }

    private static String getAliasSystemChain0() {
        initCerts();
        return ALIAS_SYSTEM_CHAIN0;
    }

    private static String getAliasSystemChain1() {
        initCerts();
        return ALIAS_SYSTEM_CHAIN1;
    }

    private static String getAliasSystemChain2() {
        initCerts();
        return ALIAS_SYSTEM_CHAIN2;
    }

    private static String getAliasUserChain0() {
        initCerts();
        return ALIAS_USER_CHAIN0;
    }

    private static String getAliasUserChain1() {
        initCerts();
        return ALIAS_USER_CHAIN1;
    }

    private static String getAliasUserChain2() {
        initCerts();
        return ALIAS_USER_CHAIN2;
    }

    private static String getAliasSystemCa3() {
        initCerts();
        return ALIAS_SYSTEM_CA3;
    }

    private static String getAliasSystemCa3Collision() {
        initCerts();
        return ALIAS_SYSTEM_CA3_COLLISION;
    }

    private static String getAliasUserCa3() {
        initCerts();
        return ALIAS_USER_CA3;
    }

    private static String getAliasUserCa3Collision() {
        initCerts();
        return ALIAS_USER_CA3_COLLISION;
    }

    private static X509Certificate getCertLoopEe() {
        initCerts();
        return CERTLOOP_EE;
    }

    private static X509Certificate getCertLoopCa1() {
        initCerts();
        return CERTLOOP_CA1;
    }

    private static X509Certificate getCertLoopCa2() {
        initCerts();
        return CERTLOOP_CA2;
    }

    private static String getAliasCertLoopEe() {
        initCerts();
        return ALIAS_USER_CERTLOOP_EE;
    }

    private static String getAliasCertLoopCa1() {
        initCerts();
        return ALIAS_USER_CERTLOOP_CA1;
    }

    private static String getAliasCertLoopCa2() {
        initCerts();
        return ALIAS_USER_CERTLOOP_CA2;
    }

    private static String getAliasMultipleIssuersCa1() {
        initCerts();
        return ALIAS_MULTIPLE_ISSUERS_CA1;
    }

    private static String getAliasMultipleIssuersCa2() {
        initCerts();
        return ALIAS_MULTIPLE_ISSUERS_CA2;
    }

    private static String getAliasMultipleIssuersCa1Cross() {
        initCerts();
        return ALIAS_MULTIPLE_ISSUERS_CA1_CROSS;
    }

    private static String getAliasMultipleIssuersEe() {
        initCerts();
        return ALIAS_MULTIPLE_ISSUERS_EE;
    }

    private static X509Certificate getMultipleIssuersCa1() {
        initCerts();
        return MULTIPLE_ISSUERS_CA1;
    }

    private static X509Certificate getMultipleIssuersCa2() {
        initCerts();
        return MULTIPLE_ISSUERS_CA2;
    }

    private static X509Certificate getMultipleIssuersCa1Cross() {
        initCerts();
        return MULTIPLE_ISSUERS_CA1_CROSS;
    }

    private static X509Certificate getMultipleIssuersEe() {
        initCerts();
        return MULTIPLE_ISSUERS_EE;
    }

    private static synchronized void initCerts() {
        if (CA1 != null) {
            return;
        }
        try {
            CA1 = TestKeyStore.getClient().getRootCertificate("RSA");
            CA2 = TestKeyStore.getClientCA2().getRootCertificate("RSA");
            PRIVATE = TestKeyStore.getServer().getPrivateKey("RSA", "RSA");
            CHAIN = (X509Certificate[]) PRIVATE.getCertificateChain();
            CA3_WITH_CA1_SUBJECT = new TestKeyStore.Builder().aliasPrefix("unused").subject(CA1.getSubjectX500Principal()).ca(true).build().getRootCertificate("RSA");
            ALIAS_SYSTEM_CA1 = alias(false, CA1, 0);
            ALIAS_SYSTEM_CA2 = alias(false, CA2, 0);
            ALIAS_USER_CA1 = alias(true, CA1, 0);
            ALIAS_USER_CA2 = alias(true, CA2, 0);
            ALIAS_SYSTEM_CHAIN0 = alias(false, getChain()[0], 0);
            ALIAS_SYSTEM_CHAIN1 = alias(false, getChain()[1], 0);
            ALIAS_SYSTEM_CHAIN2 = alias(false, getChain()[2], 0);
            ALIAS_USER_CHAIN0 = alias(true, getChain()[0], 0);
            ALIAS_USER_CHAIN1 = alias(true, getChain()[1], 0);
            ALIAS_USER_CHAIN2 = alias(true, getChain()[2], 0);
            ALIAS_SYSTEM_CA3 = alias(false, CA3_WITH_CA1_SUBJECT, 0);
            ALIAS_SYSTEM_CA3_COLLISION = alias(false, CA3_WITH_CA1_SUBJECT, 1);
            ALIAS_USER_CA3 = alias(true, CA3_WITH_CA1_SUBJECT, 0);
            ALIAS_USER_CA3_COLLISION = alias(true, CA3_WITH_CA1_SUBJECT, 1);
            TestKeyStore build = new TestKeyStore.Builder().keyAlgorithms("RSA").aliasPrefix("certloop-ca1").subject("CN=certloop-ca1").ca(true).build();
            Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) build.getEntryByAlias("certloop-ca1-public-RSA")).getTrustedCertificate();
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) build.getEntryByAlias("certloop-ca1-private-RSA");
            TestKeyStore build2 = new TestKeyStore.Builder().keyAlgorithms("RSA").aliasPrefix("certloop-ca2").subject("CN=certloop-ca2").rootCa(trustedCertificate).signer(privateKeyEntry).ca(true).build();
            CERTLOOP_CA2 = (X509Certificate) ((KeyStore.TrustedCertificateEntry) build2.getEntryByAlias("certloop-ca2-public-RSA")).getTrustedCertificate();
            ALIAS_USER_CERTLOOP_CA2 = alias(true, CERTLOOP_CA2, 0);
            CERTLOOP_CA1 = (X509Certificate) ((KeyStore.TrustedCertificateEntry) new TestKeyStore.Builder().keyAlgorithms("RSA").aliasPrefix("certloop-ca1").subject("CN=certloop-ca1").privateEntry(privateKeyEntry).rootCa(CERTLOOP_CA2).signer((KeyStore.PrivateKeyEntry) build2.getEntryByAlias("certloop-ca2-private-RSA")).ca(true).build().getEntryByAlias("certloop-ca1-public-RSA")).getTrustedCertificate();
            ALIAS_USER_CERTLOOP_CA1 = alias(true, CERTLOOP_CA1, 0);
            CERTLOOP_EE = (X509Certificate) ((KeyStore.TrustedCertificateEntry) new TestKeyStore.Builder().keyAlgorithms("RSA").aliasPrefix("certloop-ee").subject("CN=certloop-ee").rootCa(CERTLOOP_CA1).signer(privateKeyEntry).build().getEntryByAlias("certloop-ee-public-RSA")).getTrustedCertificate();
            ALIAS_USER_CERTLOOP_EE = alias(true, CERTLOOP_EE, 0);
            TestKeyStore build3 = new TestKeyStore.Builder().keyAlgorithms("RSA").aliasPrefix("multiple-issuers-ca1").subject("CN=multiple-issuers-ca1").ca(true).build();
            MULTIPLE_ISSUERS_CA1 = (X509Certificate) ((KeyStore.TrustedCertificateEntry) build3.getEntryByAlias("multiple-issuers-ca1-public-RSA")).getTrustedCertificate();
            ALIAS_MULTIPLE_ISSUERS_CA1 = alias(false, MULTIPLE_ISSUERS_CA1, 0);
            KeyStore.PrivateKeyEntry privateKeyEntry2 = (KeyStore.PrivateKeyEntry) build3.getEntryByAlias("multiple-issuers-ca1-private-RSA");
            TestKeyStore build4 = new TestKeyStore.Builder().keyAlgorithms("RSA").aliasPrefix("multiple-issuers-ca2").subject("CN=multiple-issuers-ca2").ca(true).build();
            MULTIPLE_ISSUERS_CA2 = (X509Certificate) ((KeyStore.TrustedCertificateEntry) build4.getEntryByAlias("multiple-issuers-ca2-public-RSA")).getTrustedCertificate();
            ALIAS_MULTIPLE_ISSUERS_CA2 = alias(false, MULTIPLE_ISSUERS_CA2, 0);
            MULTIPLE_ISSUERS_CA1_CROSS = (X509Certificate) ((KeyStore.TrustedCertificateEntry) new TestKeyStore.Builder().keyAlgorithms("RSA").aliasPrefix("multiple-issuers-ca1").subject("CN=multiple-issuers-ca1").privateEntry(privateKeyEntry2).rootCa(MULTIPLE_ISSUERS_CA2).signer((KeyStore.PrivateKeyEntry) build4.getEntryByAlias("multiple-issuers-ca2-private-RSA")).ca(true).build().getEntryByAlias("multiple-issuers-ca1-public-RSA")).getTrustedCertificate();
            ALIAS_MULTIPLE_ISSUERS_CA1_CROSS = alias(false, MULTIPLE_ISSUERS_CA1_CROSS, 1);
            MULTIPLE_ISSUERS_EE = (X509Certificate) ((KeyStore.TrustedCertificateEntry) new TestKeyStore.Builder().keyAlgorithms("RSA").aliasPrefix("multiple-issuers-ee").subject("CN=multiple-issuers-ee").rootCa(MULTIPLE_ISSUERS_CA1).signer(privateKeyEntry2).build().getEntryByAlias("multiple-issuers-ee-public-RSA")).getTrustedCertificate();
            ALIAS_MULTIPLE_ISSUERS_EE = alias(false, MULTIPLE_ISSUERS_EE, 0);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Parameterized.Parameters(name = "{0}")
    public static Object[] data() {
        return new Object[]{"true", "false"};
    }

    @Before
    public void setUp() throws Exception {
        dirTest = Files.createTempDirectory("cert-store-test", new FileAttribute[0]).toFile();
        dirSystem = new File(dirTest, "system");
        dirAdded = new File(dirTest, "added");
        dirDeleted = new File(dirTest, "removed");
        setupStore();
    }

    private void setupStore() {
        dirSystem.mkdirs();
        cleanStore();
        createStore();
    }

    private void createStore() {
        System.setProperty("system.certs.enabled", this.mApexCertsEnabled);
        this.store = new TrustedCertificateStore(dirSystem, dirAdded, dirDeleted);
    }

    @After
    public void tearDown() {
        cleanStore();
    }

    private void cleanStore() {
        for (File file : new File[]{dirSystem, dirAdded, dirDeleted, dirTest}) {
            File[] listFiles = file.listFiles();
            if (listFiles != null) {
                for (File file2 : listFiles) {
                    Assert.assertTrue("Should delete " + file2.getPath(), file2.delete());
                }
            }
        }
        this.store = null;
    }

    private void resetStore() {
        cleanStore();
        setupStore();
    }

    @Test
    public void testEmptyDirectories() throws Exception {
        assertEmpty();
    }

    @Test
    public void testOneSystemOneDeleted() throws Exception {
        install(getCa1(), getAliasSystemCa1());
        this.store.deleteCertificateEntry(getAliasSystemCa1());
        assertEmpty();
        assertDeleted(getCa1(), getAliasSystemCa1());
    }

    @Test
    public void testTwoSystemTwoDeleted() throws Exception {
        install(getCa1(), getAliasSystemCa1());
        this.store.deleteCertificateEntry(getAliasSystemCa1());
        install(getCa2(), getAliasSystemCa2());
        this.store.deleteCertificateEntry(getAliasSystemCa2());
        assertEmpty();
        assertDeleted(getCa1(), getAliasSystemCa1());
        assertDeleted(getCa2(), getAliasSystemCa2());
    }

    @Test
    public void testPartialFileIsIgnored() throws Exception {
        File file = file(getAliasSystemCa1());
        file.getParentFile().mkdirs();
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        fileOutputStream.write(0);
        fileOutputStream.close();
        Assert.assertTrue(file.exists());
        assertEmpty();
        Assert.assertTrue(file.exists());
    }

    private void assertEmpty() throws Exception {
        try {
            this.store.getCertificate((String) null);
            Assert.fail();
        } catch (NullPointerException e) {
        }
        Assert.assertNull(this.store.getCertificate(""));
        try {
            this.store.getCreationDate((String) null);
            Assert.fail();
        } catch (NullPointerException e2) {
        }
        Assert.assertNull(this.store.getCreationDate(""));
        Set aliases = this.store.aliases();
        Assert.assertNotNull(aliases);
        Assert.assertTrue(aliases.isEmpty());
        assertAliases(new String[0]);
        Set userAliases = this.store.userAliases();
        Assert.assertNotNull(userAliases);
        Assert.assertTrue(userAliases.isEmpty());
        try {
            this.store.containsAlias((String) null);
            Assert.fail();
        } catch (NullPointerException e3) {
        }
        Assert.assertFalse(this.store.containsAlias(""));
        Assert.assertNull(this.store.getCertificateAlias((Certificate) null));
        Assert.assertNull(this.store.getCertificateAlias(getCa1()));
        try {
            this.store.getTrustAnchor((X509Certificate) null);
            Assert.fail();
        } catch (NullPointerException e4) {
        }
        Assert.assertNull(this.store.getTrustAnchor(getCa1()));
        try {
            this.store.findIssuer((X509Certificate) null);
            Assert.fail();
        } catch (NullPointerException e5) {
        }
        Assert.assertNull(this.store.findIssuer(getCa1()));
        try {
            this.store.installCertificate((X509Certificate) null);
            Assert.fail();
        } catch (NullPointerException e6) {
        }
        this.store.deleteCertificateEntry((String) null);
        this.store.deleteCertificateEntry("");
        String[] list = dirAdded.list();
        Assert.assertTrue(list == null || list.length == 0);
    }

    @Test
    public void testTwoSystem() throws Exception {
        testTwo(getCa1(), getAliasSystemCa1(), getCa2(), getAliasSystemCa2());
    }

    @Test
    public void testTwoUser() throws Exception {
        testTwo(getCa1(), getAliasUserCa1(), getCa2(), getAliasUserCa2());
    }

    @Test
    public void testOneSystemOneUser() throws Exception {
        testTwo(getCa1(), getAliasSystemCa1(), getCa2(), getAliasUserCa2());
    }

    @Test
    public void testTwoSystemSameSubject() throws Exception {
        testTwo(getCa1(), getAliasSystemCa1(), getCa3WithCa1Subject(), getAliasSystemCa3Collision());
    }

    @Test
    public void testTwoUserSameSubject() throws Exception {
        testTwo(getCa1(), getAliasUserCa1(), getCa3WithCa1Subject(), getAliasUserCa3Collision());
        this.store.deleteCertificateEntry(getAliasUserCa1());
        assertDeleted(getCa1(), getAliasUserCa1());
        assertTombstone(getAliasUserCa1());
        assertRootCa(getCa3WithCa1Subject(), getAliasUserCa3Collision());
        assertAliases(getAliasUserCa3Collision());
        this.store.deleteCertificateEntry(getAliasUserCa3Collision());
        assertDeleted(getCa3WithCa1Subject(), getAliasUserCa3Collision());
        assertNoTombstone(getAliasUserCa3Collision());
        assertNoTombstone(getAliasUserCa1());
        assertEmpty();
    }

    @Test
    public void testOneSystemOneUserSameSubject() throws Exception {
        testTwo(getCa1(), getAliasSystemCa1(), getCa3WithCa1Subject(), getAliasUserCa3());
        testTwo(getCa1(), getAliasUserCa1(), getCa3WithCa1Subject(), getAliasSystemCa3());
    }

    private void testTwo(X509Certificate x509Certificate, String str, X509Certificate x509Certificate2, String str2) {
        install(x509Certificate, str);
        install(x509Certificate2, str2);
        assertRootCa(x509Certificate, str);
        assertRootCa(x509Certificate2, str2);
        assertAliases(str, str2);
    }

    @Test
    public void testOneSystemOneUserOneDeleted() throws Exception {
        install(getCa1(), getAliasSystemCa1());
        this.store.installCertificate(getCa2());
        this.store.deleteCertificateEntry(getAliasSystemCa1());
        assertDeleted(getCa1(), getAliasSystemCa1());
        assertRootCa(getCa2(), getAliasUserCa2());
        assertAliases(getAliasUserCa2());
    }

    @Test
    public void testOneSystemOneUserOneDeletedSameSubject() throws Exception {
        install(getCa1(), getAliasSystemCa1());
        this.store.installCertificate(getCa3WithCa1Subject());
        this.store.deleteCertificateEntry(getAliasSystemCa1());
        assertDeleted(getCa1(), getAliasSystemCa1());
        assertRootCa(getCa3WithCa1Subject(), getAliasUserCa3());
        assertAliases(getAliasUserCa3());
    }

    @Test
    public void testUserMaskingSystem() throws Exception {
        install(getCa1(), getAliasSystemCa1());
        install(getCa1(), getAliasUserCa1());
        assertMasked(getCa1(), getAliasSystemCa1());
        assertRootCa(getCa1(), getAliasUserCa1());
        assertAliases(getAliasSystemCa1(), getAliasUserCa1());
    }

    @Test
    public void testChain() throws Exception {
        testChain(getAliasSystemChain1(), getAliasSystemChain2());
        testChain(getAliasSystemChain1(), getAliasUserChain2());
        testChain(getAliasUserChain1(), getAliasSystemCa1());
        testChain(getAliasUserChain1(), getAliasUserChain2());
    }

    private void testChain(String str, String str2) throws Exception {
        install(getChain()[1], str);
        install(getChain()[2], str2);
        assertIntermediateCa(getChain()[1], str);
        assertRootCa(getChain()[2], str2);
        assertAliases(str, str2);
        Assert.assertEquals(getChain()[2], this.store.findIssuer(getChain()[1]));
        Assert.assertEquals(getChain()[1], this.store.findIssuer(getChain()[0]));
        X509Certificate[] chain = getChain();
        List certificateChain = this.store.getCertificateChain(chain[0]);
        Assert.assertEquals("Generated CA list should be same length", chain.length, certificateChain.size());
        for (int i = 0; i < chain.length; i++) {
            Assert.assertEquals("Chain value should be the same for position " + i, chain[i], certificateChain.get(i));
        }
        resetStore();
    }

    @Test
    public void testMissingSystemDirectory() throws Exception {
        cleanStore();
        createStore();
        assertEmpty();
    }

    @Test
    public void testWithExistingUserDirectories() throws Exception {
        dirAdded.mkdirs();
        dirDeleted.mkdirs();
        install(getCa1(), getAliasSystemCa1());
        assertRootCa(getCa1(), getAliasSystemCa1());
        assertAliases(getAliasSystemCa1());
    }

    @Test
    public void testIsTrustAnchorWithReissuedgetCa() throws Exception {
        PublicKey publicKey = getPrivate().getCertificate().getPublicKey();
        PrivateKey privateKey = getPrivate().getPrivateKey();
        X509Certificate createCa = TestKeyStore.createCa(publicKey, privateKey, "CN=CA4");
        Thread.sleep(1000L);
        X509Certificate createCa2 = TestKeyStore.createCa(publicKey, privateKey, "CN=CA4");
        Assert.assertFalse(createCa.equals(createCa2));
        String alias = alias(false, createCa, 0);
        install(createCa, alias);
        assertRootCa(createCa, alias);
        Assert.assertEquals(createCa, this.store.getTrustAnchor(createCa2));
        Assert.assertEquals(createCa, this.store.findIssuer(createCa2));
        resetStore();
        String alias2 = alias(true, createCa, 0);
        this.store.installCertificate(createCa);
        assertRootCa(createCa, alias2);
        Assert.assertNotNull(this.store.getTrustAnchor(createCa2));
        Assert.assertEquals(createCa, this.store.findIssuer(createCa2));
        resetStore();
    }

    @Test
    public void testInstallEmpty() throws Exception {
        this.store.installCertificate(getCa1());
        assertRootCa(getCa1(), getAliasUserCa1());
        assertAliases(getAliasUserCa1());
        this.store.installCertificate(getCa1());
        assertRootCa(getCa1(), getAliasUserCa1());
        assertAliases(getAliasUserCa1());
    }

    @Test
    public void testInstallEmptySystemExists() throws Exception {
        install(getCa1(), getAliasSystemCa1());
        assertRootCa(getCa1(), getAliasSystemCa1());
        assertAliases(getAliasSystemCa1());
        this.store.installCertificate(getCa1());
        assertRootCa(getCa1(), getAliasSystemCa1());
        assertAliases(getAliasSystemCa1());
    }

    @Test
    public void testInstallEmptyDeletedSystemExists() throws Exception {
        install(getCa1(), getAliasSystemCa1());
        this.store.deleteCertificateEntry(getAliasSystemCa1());
        assertEmpty();
        assertDeleted(getCa1(), getAliasSystemCa1());
        this.store.installCertificate(getCa1());
        assertRootCa(getCa1(), getAliasSystemCa1());
        assertAliases(getAliasSystemCa1());
    }

    @Test
    public void testDeleteEmpty() throws Exception {
        this.store.deleteCertificateEntry(getAliasSystemCa1());
        assertEmpty();
        assertDeleted(getCa1(), getAliasSystemCa1());
    }

    @Test
    public void testDeleteUser() throws Exception {
        this.store.installCertificate(getCa1());
        assertRootCa(getCa1(), getAliasUserCa1());
        assertAliases(getAliasUserCa1());
        this.store.deleteCertificateEntry(getAliasUserCa1());
        assertEmpty();
        assertDeleted(getCa1(), getAliasUserCa1());
        assertNoTombstone(getAliasUserCa1());
    }

    @Test
    public void testDeleteSystem() throws Exception {
        install(getCa1(), getAliasSystemCa1());
        assertRootCa(getCa1(), getAliasSystemCa1());
        assertAliases(getAliasSystemCa1());
        this.store.deleteCertificateEntry(getAliasSystemCa1());
        assertEmpty();
        assertDeleted(getCa1(), getAliasSystemCa1());
        this.store.deleteCertificateEntry(getAliasSystemCa1());
        assertEmpty();
        assertDeleted(getCa1(), getAliasSystemCa1());
    }

    @Test
    public void testGetLoopedCert() throws Exception {
        install(getCertLoopEe(), getAliasCertLoopEe());
        install(getCertLoopCa1(), getAliasCertLoopCa1());
        install(getCertLoopCa2(), getAliasCertLoopCa2());
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        Future submit = newSingleThreadExecutor.submit(new Callable<List<X509Certificate>>() { // from class: com.android.org.conscrypt.TrustedCertificateStoreTest.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public List<X509Certificate> call() throws Exception {
                return TrustedCertificateStoreTest.this.store.getCertificateChain(TrustedCertificateStoreTest.access$000());
            }
        });
        newSingleThreadExecutor.shutdown();
        try {
            List list = (List) submit.get(10L, TimeUnit.SECONDS);
            Assert.assertEquals(3L, list.size());
            Assert.assertEquals(getCertLoopEe(), list.get(0));
            Assert.assertEquals(getCertLoopCa1(), list.get(1));
            Assert.assertEquals(getCertLoopCa2(), list.get(2));
        } catch (TimeoutException e) {
            Assert.fail("Could not finish building chain; possibly confused by loops");
        }
    }

    @Test
    public void testIsUserAddedCertificate() throws Exception {
        Assert.assertFalse(this.store.isUserAddedCertificate(getCa1()));
        Assert.assertFalse(this.store.isUserAddedCertificate(getCa2()));
        install(getCa1(), getAliasSystemCa1());
        Assert.assertFalse(this.store.isUserAddedCertificate(getCa1()));
        Assert.assertFalse(this.store.isUserAddedCertificate(getCa2()));
        install(getCa1(), getAliasUserCa1());
        Assert.assertTrue(this.store.isUserAddedCertificate(getCa1()));
        Assert.assertFalse(this.store.isUserAddedCertificate(getCa2()));
        install(getCa2(), getAliasUserCa2());
        Assert.assertTrue(this.store.isUserAddedCertificate(getCa1()));
        Assert.assertTrue(this.store.isUserAddedCertificate(getCa2()));
        this.store.deleteCertificateEntry(getAliasUserCa1());
        Assert.assertFalse(this.store.isUserAddedCertificate(getCa1()));
        Assert.assertTrue(this.store.isUserAddedCertificate(getCa2()));
        this.store.deleteCertificateEntry(getAliasUserCa2());
        Assert.assertFalse(this.store.isUserAddedCertificate(getCa1()));
        Assert.assertFalse(this.store.isUserAddedCertificate(getCa2()));
    }

    @Test
    public void testSystemCaCertsUseCorrectFileNames() throws Exception {
        useCorrectFileNamesTest(new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts"));
    }

    @Test
    public void testSystemCaCertsUseCorrectFileNamesUpdatable() throws Exception {
        useCorrectFileNamesTest(new File("/apex/com.android.conscrypt/cacerts"));
    }

    private void useCorrectFileNamesTest(File file) throws Exception {
        TrustedCertificateStore trustedCertificateStore = new TrustedCertificateStore(file.getAbsoluteFile());
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Assert.assertTrue(file.exists());
        int i = 0;
        for (File file2 : listFilesNoNull(file)) {
            if (file2.isFile()) {
                i++;
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(readFully(file2)));
                Assert.assertEquals("Updatable certificate stored in the wrong file", trustedCertificateStore.getCertificateFile(file, x509Certificate).getAbsolutePath(), file2.getAbsolutePath());
                Assert.assertNotNull("Issuer certificate not found for updatable certificate " + file2, trustedCertificateStore.findIssuer(x509Certificate));
                Assert.assertNotNull("Trust anchor not found for updatable certificate " + file2, trustedCertificateStore.getTrustAnchor(x509Certificate));
            }
        }
        Assert.assertTrue(i > 0);
        int i2 = 0;
        for (String str : trustedCertificateStore.aliases()) {
            if (TrustedCertificateStore.isSystem(str)) {
                i2++;
                File certificateFile = trustedCertificateStore.getCertificateFile(file, (X509Certificate) trustedCertificateStore.getCertificate(str));
                if (!certificateFile.isFile()) {
                    Assert.fail("Missing certificate file for alias " + str + ": " + certificateFile.getAbsolutePath());
                }
            }
        }
        Assert.assertEquals("Number of system cert files and aliases doesn't match", i, i2);
    }

    @Test
    public void testMultipleIssuers() throws Exception {
        install(getMultipleIssuersCa1(), getAliasMultipleIssuersCa1());
        Set findAllIssuers = this.store.findAllIssuers(getMultipleIssuersEe());
        Assert.assertEquals("Unexpected number of issuers found", 1L, findAllIssuers.size());
        Assert.assertTrue("findAllIssuers does not contain expected issuer", findAllIssuers.contains(getMultipleIssuersCa1()));
        install(getMultipleIssuersCa1Cross(), getAliasMultipleIssuersCa1Cross());
        Set findAllIssuers2 = this.store.findAllIssuers(getMultipleIssuersEe());
        Assert.assertEquals("findAllIssuers did not return all issuers", 2L, findAllIssuers2.size());
        Assert.assertTrue("findAllIssuers does not contain CA1", findAllIssuers2.contains(getMultipleIssuersCa1()));
        Assert.assertTrue("findAllIssuers does not contain CA1 signed by CA2", findAllIssuers2.contains(getMultipleIssuersCa1Cross()));
    }

    private static File[] listFilesNoNull(File file) {
        File[] listFiles = file.listFiles();
        return listFiles != null ? listFiles : new File[0];
    }

    private static byte[] readFully(File file) throws IOException {
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(file);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[16384];
            while (true) {
                int read = fileInputStream.read(bArr);
                if (read == -1) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            return byteArray;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private void assertRootCa(X509Certificate x509Certificate, String str) {
        assertIntermediateCa(x509Certificate, str);
        Assert.assertEquals(x509Certificate, this.store.findIssuer(x509Certificate));
    }

    private void assertTrusted(X509Certificate x509Certificate, String str) {
        Assert.assertEquals(x509Certificate, this.store.getCertificate(str));
        Assert.assertEquals(file(str).lastModified(), this.store.getCreationDate(str).getTime());
        Assert.assertTrue(this.store.containsAlias(str));
        Assert.assertEquals(x509Certificate, this.store.getTrustAnchor(x509Certificate));
    }

    private void assertIntermediateCa(X509Certificate x509Certificate, String str) {
        assertTrusted(x509Certificate, str);
        Assert.assertEquals(str, this.store.getCertificateAlias(x509Certificate));
    }

    private void assertMasked(X509Certificate x509Certificate, String str) {
        assertTrusted(x509Certificate, str);
        Assert.assertFalse(str.equals(this.store.getCertificateAlias(x509Certificate)));
    }

    private void assertDeleted(X509Certificate x509Certificate, String str) {
        Assert.assertNull(this.store.getCertificate(str));
        Assert.assertFalse(this.store.containsAlias(str));
        Assert.assertNull(this.store.getCertificateAlias(x509Certificate));
        Assert.assertNull(this.store.getTrustAnchor(x509Certificate));
        Assert.assertEquals(Boolean.valueOf(this.store.allSystemAliases().contains(str)), Boolean.valueOf(this.store.getCertificate(str, true) != null));
    }

    private void assertTombstone(String str) {
        Assert.assertTrue(TrustedCertificateStore.isUser(str));
        File file = file(str);
        Assert.assertTrue(file.exists());
        Assert.assertEquals(0L, file.length());
    }

    private void assertNoTombstone(String str) {
        Assert.assertTrue(TrustedCertificateStore.isUser(str));
        Assert.assertFalse(file(str).exists());
    }

    private void assertAliases(String... strArr) {
        HashSet hashSet = new HashSet(Arrays.asList(strArr));
        HashSet hashSet2 = new HashSet();
        for (String str : this.store.aliases()) {
            boolean isSystem = TrustedCertificateStore.isSystem(str);
            boolean isUser = TrustedCertificateStore.isUser(str);
            if (!isSystem && !isUser) {
                throw new AssertionError(str);
            }
            Assert.assertEquals(Boolean.valueOf(isSystem), Boolean.valueOf(this.store.allSystemAliases().contains(str)));
            Assert.assertEquals(Boolean.valueOf(isUser), Boolean.valueOf(this.store.userAliases().contains(str)));
            hashSet2.add(str);
        }
        Assert.assertEquals(hashSet, hashSet2);
    }

    private static String alias(boolean z, X509Certificate x509Certificate, int i) {
        return (z ? "user:" : "system:") + Hex.intToHexString(NativeCrypto.X509_NAME_hash_old(x509Certificate.getSubjectX500Principal()), 8) + '.' + i;
    }

    private void install(X509Certificate x509Certificate, String str) {
        try {
            File file = file(str);
            file.getParentFile().mkdirs();
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write(x509Certificate.getEncoded());
            fileOutputStream.close();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private File file(String str) {
        File file;
        if (TrustedCertificateStore.isSystem(str)) {
            file = dirSystem;
        } else {
            if (!TrustedCertificateStore.isUser(str)) {
                throw new IllegalArgumentException(str);
            }
            file = dirAdded;
        }
        int lastIndexOf = str.lastIndexOf(":");
        if (lastIndexOf == -1) {
            throw new IllegalArgumentException(str);
        }
        return new File(file, str.substring(lastIndexOf + 1));
    }

    static /* synthetic */ X509Certificate access$000() {
        return getCertLoopEe();
    }
}
