package net.corda.nodeapi.internal.revocation;

import java.io.File;
import java.net.URI;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TypeCastException;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.io.FilesKt;
import kotlin.jvm.JvmField;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.test.AssertionsKt;
import net.corda.core.crypto.Crypto;
import net.corda.nodeapi.internal.config.CertificateStore;
import net.corda.nodeapi.internal.crypto.CertificateAndKeyPair;
import net.corda.nodeapi.internal.crypto.CertificateType;
import net.corda.nodeapi.internal.crypto.X509KeyStore;
import net.corda.nodeapi.internal.crypto.X509Utilities;
import net.corda.nodeapi.internal.protonwrapper.netty.CrlSource;
import net.corda.nodeapi.internal.protonwrapper.netty.RevocationConfig;
import net.corda.nodeapi.internal.protonwrapper.netty.RevocationConfigImpl;
import net.corda.nodeapi.internal.protonwrapper.netty.SSLHelperKt;
import net.corda.testing.core.TestUtils;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.jetbrains.annotations.NotNull;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

/* compiled from: RevocationTest.kt */
@RunWith(Parameterized.class)
@Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��R\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n\u0002\b\u0010\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n\u0002\b\u0004\b\u0007\u0018�� 42\u00020\u0001:\u00014B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J!\u0010\u001d\u001a\u00020\u001e2\u0012\u0010\u001f\u001a\n\u0012\u0006\b\u0001\u0012\u00020\u00030\u0006\"\u00020\u0003H\u0002¢\u0006\u0002\u0010 J\b\u0010!\u001a\u00020\u001eH\u0007J\b\u0010\"\u001a\u00020\u001eH\u0002J\b\u0010#\u001a\u00020\u001eH\u0007J\b\u0010$\u001a\u00020\u001eH\u0007J\b\u0010%\u001a\u00020\u001eH\u0007J\b\u0010&\u001a\u00020\u001eH\u0007J\b\u0010'\u001a\u00020\u001eH\u0007J\b\u0010(\u001a\u00020\u001eH\u0007J\b\u0010)\u001a\u00020\u001eH\u0007J\b\u0010*\u001a\u00020\u001eH\u0007J\b\u0010+\u001a\u00020\u001eH\u0007J=\u0010,\u001a\u00020\u001e*\u00020\u000b2\u0006\u0010-\u001a\u00020\u00072\u0006\u0010.\u001a\u00020/2\u0006\u00100\u001a\u0002012\u0012\u00102\u001a\n\u0012\u0006\b\u0001\u0012\u00020\u00070\u0006\"\u00020\u0007H\u0002¢\u0006\u0002\u00103R\u001a\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00070\u00068BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\b\u0010\tR\u000e\u0010\n\u001a\u00020\u000bX\u0082.¢\u0006\u0002\n��R\u000e\u0010\f\u001a\u00020\u0007X\u0082.¢\u0006\u0002\n��R\u000e\u0010\r\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u000f\u001a\u00020\u0007X\u0082.¢\u0006\u0002\n��R\u000e\u0010\u0010\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0011\u001a\u00020\u000bX\u0082.¢\u0006\u0002\n��R\u000e\u0010\u0012\u001a\u00020\u0007X\u0082.¢\u0006\u0002\n��R\u000e\u0010\u0013\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��R\u0010\u0010\u0014\u001a\u00020\u00158\u0006X\u0087\u0004¢\u0006\u0002\n��R\u000e\u0010\u0016\u001a\u00020\u000bX\u0082.¢\u0006\u0002\n��R\u000e\u0010\u0017\u001a\u00020\u0007X\u0082.¢\u0006\u0002\n��R\u000e\u0010\u0018\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0019\u001a\u00020\u0007X\u0082.¢\u0006\u0002\n��R\u000e\u0010\u001a\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u001b\u001a\u00020\u001cX\u0082.¢\u0006\u0002\n��¨\u00065"}, d2 = {"Lnet/corda/nodeapi/internal/revocation/RevocationTest;", "", "revocationMode", "Lnet/corda/nodeapi/internal/protonwrapper/netty/RevocationConfig$Mode;", "(Lnet/corda/nodeapi/internal/protonwrapper/netty/RevocationConfig$Mode;)V", "chain", "", "Ljava/security/cert/X509Certificate;", "getChain", "()[Ljava/security/cert/X509Certificate;", "doormanCRL", "Ljava/io/File;", "doormanCert", "doormanKeyPair", "Ljava/security/KeyPair;", "nodeCACert", "nodeCAKeyPair", "rootCRL", "rootCert", "rootKeyPair", "tempFolder", "Lorg/junit/rules/TemporaryFolder;", "tlsCRL", "tlsCRLIssuerCert", "tlsCRLIssuerKeyPair", "tlsCert", "tlsKeyPair", "trustManager", "Ljavax/net/ssl/X509TrustManager;", "assertFailsFor", "", "modes", "([Lnet/corda/nodeapi/internal/protonwrapper/netty/RevocationConfig$Mode;)V", "before", "doRevocationCheck", "hard fail with invalid CRL issuer in TLS certificate", "hard fail with unavailable CRL in TLS certificate", "hard fail with unavailable CRL in node CA certificate", "hard fail without CRL issuer in TLS certificate", "ok with empty CRLs", "ok with other certificate in TLS CRL", "ok with other certificate in doorman CRL", "soft fail with revoked TLS certificate", "soft fail with revoked node CA certificate", "writeCRL", "certificate", "privateKey", "Ljava/security/PrivateKey;", "indirect", "", "revoked", "(Ljava/io/File;Ljava/security/cert/X509Certificate;Ljava/security/PrivateKey;Z[Ljava/security/cert/X509Certificate;)V", "Companion", "node-api"})
/* loaded from: input_file:net/corda/nodeapi/internal/revocation/RevocationTest.class */
public final class RevocationTest {

    @JvmField
    @Rule
    @NotNull
    public final TemporaryFolder tempFolder;
    private File rootCRL;
    private File doormanCRL;
    private File tlsCRL;
    private X509TrustManager trustManager;
    private final KeyPair rootKeyPair;
    private final KeyPair tlsCRLIssuerKeyPair;
    private final KeyPair doormanKeyPair;
    private final KeyPair nodeCAKeyPair;
    private final KeyPair tlsKeyPair;
    private X509Certificate rootCert;
    private X509Certificate tlsCRLIssuerCert;
    private X509Certificate doormanCert;
    private X509Certificate nodeCACert;
    private X509Certificate tlsCert;
    private final RevocationConfig.Mode revocationMode;
    public static final Companion Companion = new Companion(null);

    /* compiled from: RevocationTest.kt */
    @Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��\u0016\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u000e\u0010\u0003\u001a\b\u0012\u0004\u0012\u00020\u00050\u0004H\u0007¨\u0006\u0006"}, d2 = {"Lnet/corda/nodeapi/internal/revocation/RevocationTest$Companion;", "", "()V", "data", "", "Lnet/corda/nodeapi/internal/protonwrapper/netty/RevocationConfig$Mode;", "node-api"})
    /* loaded from: input_file:net/corda/nodeapi/internal/revocation/RevocationTest$Companion.class */
    public static final class Companion {
        @JvmStatic
        @Parameterized.Parameters(name = "revocationMode = {0}")
        @NotNull
        public final List<RevocationConfig.Mode> data() {
            return CollectionsKt.listOf(new RevocationConfig.Mode[]{RevocationConfig.Mode.OFF, RevocationConfig.Mode.SOFT_FAIL, RevocationConfig.Mode.HARD_FAIL});
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    private final X509Certificate[] getChain() {
        X509Certificate[] x509CertificateArr = new X509Certificate[4];
        X509Certificate x509Certificate = this.tlsCert;
        if (x509Certificate == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCert");
        }
        x509CertificateArr[0] = x509Certificate;
        X509Certificate x509Certificate2 = this.nodeCACert;
        if (x509Certificate2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("nodeCACert");
        }
        x509CertificateArr[1] = x509Certificate2;
        X509Certificate x509Certificate3 = this.doormanCert;
        if (x509Certificate3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("doormanCert");
        }
        x509CertificateArr[2] = x509Certificate3;
        X509Certificate x509Certificate4 = this.rootCert;
        if (x509Certificate4 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("rootCert");
        }
        x509CertificateArr[3] = x509Certificate4;
        return x509CertificateArr;
    }

    @Before
    public final void before() {
        File newFile = this.tempFolder.newFile("root.crl");
        Intrinsics.checkExpressionValueIsNotNull(newFile, "tempFolder.newFile(\"root.crl\")");
        this.rootCRL = newFile;
        File newFile2 = this.tempFolder.newFile("doorman.crl");
        Intrinsics.checkExpressionValueIsNotNull(newFile2, "tempFolder.newFile(\"doorman.crl\")");
        this.doormanCRL = newFile2;
        File newFile3 = this.tempFolder.newFile("tls.crl");
        Intrinsics.checkExpressionValueIsNotNull(newFile3, "tempFolder.newFile(\"tls.crl\")");
        this.tlsCRL = newFile3;
        this.rootCert = X509Utilities.createSelfSignedCACertificate$default(new X500Principal("CN=root"), this.rootKeyPair, (Pair) null, 4, (Object) null);
        this.tlsCRLIssuerCert = X509Utilities.createSelfSignedCACertificate$default(new X500Principal("CN=issuer"), this.tlsCRLIssuerKeyPair, (Pair) null, 4, (Object) null);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        X509Certificate x509Certificate = this.tlsCRLIssuerCert;
        if (x509Certificate == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCRLIssuerCert");
        }
        keyStore.setCertificateEntry("cordatlscrlsigner", x509Certificate);
        X509Certificate x509Certificate2 = this.rootCert;
        if (x509Certificate2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("rootCert");
        }
        keyStore.setCertificateEntry("cordarootca", x509Certificate2);
        CertificateStore.Companion companion = CertificateStore.Companion;
        Intrinsics.checkExpressionValueIsNotNull(keyStore, "trustStore");
        TrustManager[] trustManagers = SSLHelperKt.trustManagerFactoryWithRevocation(companion.of(new X509KeyStore(keyStore, "pass"), "pass", "pass"), new RevocationConfigImpl(this.revocationMode, (CrlSource) null, 2, (DefaultConstructorMarker) null), new CertDistPointCrlSource(0L, (Duration) null, (Duration) null, (Duration) null, 15, (DefaultConstructorMarker) null)).getTrustManagers();
        Intrinsics.checkExpressionValueIsNotNull(trustManagers, "trustManagerFactory.trustManagers");
        Object single = ArraysKt.single(trustManagers);
        if (single == null) {
            throw new TypeCastException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        }
        this.trustManager = (X509TrustManager) single;
        CertificateType certificateType = CertificateType.INTERMEDIATE_CA;
        X509Certificate x509Certificate3 = this.rootCert;
        if (x509Certificate3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("rootCert");
        }
        KeyPair keyPair = this.rootKeyPair;
        X500Principal x500Principal = new X500Principal("CN=doorman");
        PublicKey publicKey = this.doormanKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "doormanKeyPair.public");
        File file = this.rootCRL;
        if (file == null) {
            Intrinsics.throwUninitializedPropertyAccessException("rootCRL");
        }
        this.doormanCert = X509Utilities.createCertificate$default(certificateType, x509Certificate3, keyPair, x500Principal, publicKey, (Pair) null, (NameConstraints) null, file.toURI().toString(), (X500Name) null, 352, (Object) null);
        CertificateType certificateType2 = CertificateType.NODE_CA;
        X509Certificate x509Certificate4 = this.doormanCert;
        if (x509Certificate4 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("doormanCert");
        }
        KeyPair keyPair2 = this.doormanKeyPair;
        X500Principal x500Principal2 = new X500Principal("CN=node");
        PublicKey publicKey2 = this.nodeCAKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey2, "nodeCAKeyPair.public");
        File file2 = this.doormanCRL;
        if (file2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("doormanCRL");
        }
        this.nodeCACert = X509Utilities.createCertificate$default(certificateType2, x509Certificate4, keyPair2, x500Principal2, publicKey2, (Pair) null, (NameConstraints) null, file2.toURI().toString(), (X500Name) null, 352, (Object) null);
        CertificateType certificateType3 = CertificateType.TLS;
        X509Certificate x509Certificate5 = this.nodeCACert;
        if (x509Certificate5 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("nodeCACert");
        }
        KeyPair keyPair3 = this.nodeCAKeyPair;
        X500Principal x500Principal3 = new X500Principal("CN=tls");
        PublicKey publicKey3 = this.tlsKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey3, "tlsKeyPair.public");
        File file3 = this.tlsCRL;
        if (file3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCRL");
        }
        String uri = file3.toURI().toString();
        X509Certificate x509Certificate6 = this.tlsCRLIssuerCert;
        if (x509Certificate6 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCRLIssuerCert");
        }
        X500Principal issuerX500Principal = x509Certificate6.getIssuerX500Principal();
        Intrinsics.checkExpressionValueIsNotNull(issuerX500Principal, "tlsCRLIssuerCert.issuerX500Principal");
        this.tlsCert = X509Utilities.createCertificate$default(certificateType3, x509Certificate5, keyPair3, x500Principal3, publicKey3, (Pair) null, (NameConstraints) null, uri, X500Name.getInstance(issuerX500Principal.getEncoded()), 96, (Object) null);
        File file4 = this.rootCRL;
        if (file4 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("rootCRL");
        }
        X509Certificate x509Certificate7 = this.rootCert;
        if (x509Certificate7 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("rootCert");
        }
        PrivateKey privateKey = this.rootKeyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "rootKeyPair.private");
        writeCRL(file4, x509Certificate7, privateKey, false, new X509Certificate[0]);
        File file5 = this.doormanCRL;
        if (file5 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("doormanCRL");
        }
        X509Certificate x509Certificate8 = this.doormanCert;
        if (x509Certificate8 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("doormanCert");
        }
        PrivateKey privateKey2 = this.doormanKeyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey2, "doormanKeyPair.private");
        writeCRL(file5, x509Certificate8, privateKey2, false, new X509Certificate[0]);
        File file6 = this.tlsCRL;
        if (file6 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCRL");
        }
        X509Certificate x509Certificate9 = this.tlsCRLIssuerCert;
        if (x509Certificate9 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCRLIssuerCert");
        }
        PrivateKey privateKey3 = this.tlsCRLIssuerKeyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey3, "tlsCRLIssuerKeyPair.private");
        writeCRL(file6, x509Certificate9, privateKey3, true, new X509Certificate[0]);
    }

    private final void writeCRL(@NotNull File file, X509Certificate x509Certificate, PrivateKey privateKey, boolean z, X509Certificate... x509CertificateArr) {
        byte[] encoded = TestUtils.createCRL$default(new CertificateAndKeyPair(x509Certificate, new KeyPair(x509Certificate.getPublicKey(), privateKey)), ArraysKt.asList(x509CertificateArr), (URI) null, (Instant) null, (Instant) null, z, (Instant) null, 0, (String) null, 476, (Object) null).getEncoded();
        Intrinsics.checkExpressionValueIsNotNull(encoded, "crl.encoded");
        FilesKt.writeBytes(file, encoded);
    }

    private final void assertFailsFor(RevocationConfig.Mode... modeArr) {
        if (ArraysKt.contains(modeArr, this.revocationMode)) {
            AssertionsKt.assertFailsWith(Reflection.getOrCreateKotlinClass(CertificateException.class), new RevocationTest$assertFailsFor$1(this));
        } else {
            doRevocationCheck();
        }
    }

    @Test(timeout = 300000)
    /* renamed from: ok with empty CRLs, reason: not valid java name */
    public final void m188okwithemptyCRLs() {
        doRevocationCheck();
    }

    @Test(timeout = 300000)
    /* renamed from: soft fail with revoked TLS certificate, reason: not valid java name */
    public final void m189softfailwithrevokedTLScertificate() {
        File file = this.tlsCRL;
        if (file == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCRL");
        }
        X509Certificate x509Certificate = this.tlsCRLIssuerCert;
        if (x509Certificate == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCRLIssuerCert");
        }
        PrivateKey privateKey = this.tlsCRLIssuerKeyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "tlsCRLIssuerKeyPair.private");
        X509Certificate[] x509CertificateArr = new X509Certificate[1];
        X509Certificate x509Certificate2 = this.tlsCert;
        if (x509Certificate2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCert");
        }
        x509CertificateArr[0] = x509Certificate2;
        writeCRL(file, x509Certificate, privateKey, true, x509CertificateArr);
        assertFailsFor(RevocationConfig.Mode.SOFT_FAIL, RevocationConfig.Mode.HARD_FAIL);
    }

    @Test(timeout = 300000)
    /* renamed from: hard fail with unavailable CRL in TLS certificate, reason: not valid java name */
    public final void m190hardfailwithunavailableCRLinTLScertificate() {
        CertificateType certificateType = CertificateType.TLS;
        X509Certificate x509Certificate = this.nodeCACert;
        if (x509Certificate == null) {
            Intrinsics.throwUninitializedPropertyAccessException("nodeCACert");
        }
        KeyPair keyPair = this.nodeCAKeyPair;
        X500Principal x500Principal = new X500Principal("CN=tls");
        PublicKey publicKey = this.tlsKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "tlsKeyPair.public");
        X509Certificate x509Certificate2 = this.tlsCRLIssuerCert;
        if (x509Certificate2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCRLIssuerCert");
        }
        X500Principal issuerX500Principal = x509Certificate2.getIssuerX500Principal();
        Intrinsics.checkExpressionValueIsNotNull(issuerX500Principal, "tlsCRLIssuerCert.issuerX500Principal");
        this.tlsCert = X509Utilities.createCertificate$default(certificateType, x509Certificate, keyPair, x500Principal, publicKey, (Pair) null, (NameConstraints) null, "http://unknown-host:10000/certificate-revocation-list/tls", X500Name.getInstance(issuerX500Principal.getEncoded()), 96, (Object) null);
        assertFailsFor(RevocationConfig.Mode.HARD_FAIL);
    }

    @Test(timeout = 300000)
    /* renamed from: hard fail with invalid CRL issuer in TLS certificate, reason: not valid java name */
    public final void m191hardfailwithinvalidCRLissuerinTLScertificate() {
        CertificateType certificateType = CertificateType.TLS;
        X509Certificate x509Certificate = this.nodeCACert;
        if (x509Certificate == null) {
            Intrinsics.throwUninitializedPropertyAccessException("nodeCACert");
        }
        KeyPair keyPair = this.nodeCAKeyPair;
        X500Principal x500Principal = new X500Principal("CN=tls");
        PublicKey publicKey = this.tlsKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "tlsKeyPair.public");
        File file = this.tlsCRL;
        if (file == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCRL");
        }
        this.tlsCert = X509Utilities.createCertificate$default(certificateType, x509Certificate, keyPair, x500Principal, publicKey, (Pair) null, (NameConstraints) null, file.toURI().toString(), new X500Name("CN=unknown"), 96, (Object) null);
        assertFailsFor(RevocationConfig.Mode.HARD_FAIL);
    }

    @Test(timeout = 300000)
    /* renamed from: hard fail without CRL issuer in TLS certificate, reason: not valid java name */
    public final void m192hardfailwithoutCRLissuerinTLScertificate() {
        CertificateType certificateType = CertificateType.TLS;
        X509Certificate x509Certificate = this.nodeCACert;
        if (x509Certificate == null) {
            Intrinsics.throwUninitializedPropertyAccessException("nodeCACert");
        }
        KeyPair keyPair = this.nodeCAKeyPair;
        X500Principal x500Principal = new X500Principal("CN=tls");
        PublicKey publicKey = this.tlsKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "tlsKeyPair.public");
        File file = this.tlsCRL;
        if (file == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCRL");
        }
        this.tlsCert = X509Utilities.createCertificate$default(certificateType, x509Certificate, keyPair, x500Principal, publicKey, (Pair) null, (NameConstraints) null, file.toURI().toString(), (X500Name) null, 352, (Object) null);
        assertFailsFor(RevocationConfig.Mode.HARD_FAIL);
    }

    @Test(timeout = 300000)
    /* renamed from: ok with other certificate in TLS CRL, reason: not valid java name */
    public final void m193okwithothercertificateinTLSCRL() {
        KeyPair generateKeyPair = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256);
        CertificateType certificateType = CertificateType.TLS;
        X509Certificate x509Certificate = this.nodeCACert;
        if (x509Certificate == null) {
            Intrinsics.throwUninitializedPropertyAccessException("nodeCACert");
        }
        KeyPair keyPair = this.nodeCAKeyPair;
        X500Principal x500Principal = new X500Principal("CN=other");
        PublicKey publicKey = generateKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "otherKeyPair.public");
        File file = this.tlsCRL;
        if (file == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCRL");
        }
        String uri = file.toURI().toString();
        X509Certificate x509Certificate2 = this.tlsCRLIssuerCert;
        if (x509Certificate2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCRLIssuerCert");
        }
        X500Principal issuerX500Principal = x509Certificate2.getIssuerX500Principal();
        Intrinsics.checkExpressionValueIsNotNull(issuerX500Principal, "tlsCRLIssuerCert.issuerX500Principal");
        X509Certificate createCertificate$default = X509Utilities.createCertificate$default(certificateType, x509Certificate, keyPair, x500Principal, publicKey, (Pair) null, (NameConstraints) null, uri, X500Name.getInstance(issuerX500Principal.getEncoded()), 96, (Object) null);
        File file2 = this.tlsCRL;
        if (file2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCRL");
        }
        X509Certificate x509Certificate3 = this.tlsCRLIssuerCert;
        if (x509Certificate3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("tlsCRLIssuerCert");
        }
        PrivateKey privateKey = this.tlsCRLIssuerKeyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "tlsCRLIssuerKeyPair.private");
        writeCRL(file2, x509Certificate3, privateKey, true, createCertificate$default);
        doRevocationCheck();
    }

    @Test(timeout = 300000)
    /* renamed from: soft fail with revoked node CA certificate, reason: not valid java name */
    public final void m194softfailwithrevokednodeCAcertificate() {
        File file = this.doormanCRL;
        if (file == null) {
            Intrinsics.throwUninitializedPropertyAccessException("doormanCRL");
        }
        X509Certificate x509Certificate = this.doormanCert;
        if (x509Certificate == null) {
            Intrinsics.throwUninitializedPropertyAccessException("doormanCert");
        }
        PrivateKey privateKey = this.doormanKeyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "doormanKeyPair.private");
        X509Certificate[] x509CertificateArr = new X509Certificate[1];
        X509Certificate x509Certificate2 = this.nodeCACert;
        if (x509Certificate2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("nodeCACert");
        }
        x509CertificateArr[0] = x509Certificate2;
        writeCRL(file, x509Certificate, privateKey, false, x509CertificateArr);
        assertFailsFor(RevocationConfig.Mode.SOFT_FAIL, RevocationConfig.Mode.HARD_FAIL);
    }

    @Test(timeout = 300000)
    /* renamed from: hard fail with unavailable CRL in node CA certificate, reason: not valid java name */
    public final void m195hardfailwithunavailableCRLinnodeCAcertificate() {
        CertificateType certificateType = CertificateType.NODE_CA;
        X509Certificate x509Certificate = this.doormanCert;
        if (x509Certificate == null) {
            Intrinsics.throwUninitializedPropertyAccessException("doormanCert");
        }
        KeyPair keyPair = this.doormanKeyPair;
        X500Principal x500Principal = new X500Principal("CN=node");
        PublicKey publicKey = this.nodeCAKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "nodeCAKeyPair.public");
        this.nodeCACert = X509Utilities.createCertificate$default(certificateType, x509Certificate, keyPair, x500Principal, publicKey, (Pair) null, (NameConstraints) null, "http://unknown-host:10000/certificate-revocation-list/doorman", (X500Name) null, 352, (Object) null);
        assertFailsFor(RevocationConfig.Mode.HARD_FAIL);
    }

    @Test(timeout = 300000)
    /* renamed from: ok with other certificate in doorman CRL, reason: not valid java name */
    public final void m196okwithothercertificateindoormanCRL() {
        KeyPair generateKeyPair = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256);
        CertificateType certificateType = CertificateType.NODE_CA;
        X509Certificate x509Certificate = this.doormanCert;
        if (x509Certificate == null) {
            Intrinsics.throwUninitializedPropertyAccessException("doormanCert");
        }
        KeyPair keyPair = this.doormanKeyPair;
        X500Principal x500Principal = new X500Principal("CN=other");
        PublicKey publicKey = generateKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "otherKeyPair.public");
        File file = this.doormanCRL;
        if (file == null) {
            Intrinsics.throwUninitializedPropertyAccessException("doormanCRL");
        }
        X509Certificate createCertificate$default = X509Utilities.createCertificate$default(certificateType, x509Certificate, keyPair, x500Principal, publicKey, (Pair) null, (NameConstraints) null, file.toURI().toString(), (X500Name) null, 352, (Object) null);
        File file2 = this.doormanCRL;
        if (file2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("doormanCRL");
        }
        X509Certificate x509Certificate2 = this.doormanCert;
        if (x509Certificate2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("doormanCert");
        }
        PrivateKey privateKey = this.doormanKeyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "doormanKeyPair.private");
        writeCRL(file2, x509Certificate2, privateKey, false, createCertificate$default);
        doRevocationCheck();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void doRevocationCheck() {
        X509TrustManager x509TrustManager = this.trustManager;
        if (x509TrustManager == null) {
            Intrinsics.throwUninitializedPropertyAccessException("trustManager");
        }
        x509TrustManager.checkClientTrusted(getChain(), "ECDHE_ECDSA");
    }

    public RevocationTest(@NotNull RevocationConfig.Mode mode) {
        Intrinsics.checkParameterIsNotNull(mode, "revocationMode");
        this.revocationMode = mode;
        this.tempFolder = new TemporaryFolder();
        this.rootKeyPair = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256);
        this.tlsCRLIssuerKeyPair = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256);
        this.doormanKeyPair = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256);
        this.nodeCAKeyPair = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256);
        this.tlsKeyPair = Crypto.generateKeyPair(Crypto.ECDSA_SECP256R1_SHA256);
    }

    @JvmStatic
    @Parameterized.Parameters(name = "revocationMode = {0}")
    @NotNull
    public static final List<RevocationConfig.Mode> data() {
        return Companion.data();
    }
}
