package org.apache.flink.kinesis.shaded.io.netty.handler.ssl;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/flink/kinesis/shaded/io/netty/handler/ssl/SslContextTrustManagerTest.class */
public class SslContextTrustManagerTest {
    @Test
    public void testUsingAllCAs() throws Exception {
        runTests(new String[]{"tm_test_ca_1a.pem", "tm_test_ca_1b.pem", "tm_test_ca_2.pem"}, new String[]{"tm_test_eec_1.pem", "tm_test_eec_2.pem", "tm_test_eec_3.pem"}, new boolean[]{true, true, true});
    }

    @Test
    public void testUsingAllCAsWithDuplicates() throws Exception {
        runTests(new String[]{"tm_test_ca_1a.pem", "tm_test_ca_1b.pem", "tm_test_ca_2.pem", "tm_test_ca_2.pem"}, new String[]{"tm_test_eec_1.pem", "tm_test_eec_2.pem", "tm_test_eec_3.pem"}, new boolean[]{true, true, true});
    }

    @Test
    public void testUsingCAsOneAandB() throws Exception {
        runTests(new String[]{"tm_test_ca_1a.pem", "tm_test_ca_1b.pem"}, new String[]{"tm_test_eec_1.pem", "tm_test_eec_2.pem", "tm_test_eec_3.pem"}, new boolean[]{true, true, false});
    }

    @Test
    public void testUsingCAsOneAandTwo() throws Exception {
        runTests(new String[]{"tm_test_ca_1a.pem", "tm_test_ca_2.pem"}, new String[]{"tm_test_eec_1.pem", "tm_test_eec_2.pem", "tm_test_eec_3.pem"}, new boolean[]{true, false, true});
    }

    private static void runTests(String[] strArr, String[] strArr2, boolean[] zArr) throws Exception {
        X509TrustManager trustManager = getTrustManager(strArr);
        X509Certificate[] loadCertCollection = Java8SslTestUtils.loadCertCollection(strArr2);
        for (int i = 0; i < strArr2.length; i++) {
            X509Certificate x509Certificate = loadCertCollection[i];
            Assertions.assertNotNull(x509Certificate, "Cannot use cert " + strArr2[i]);
            try {
                trustManager.checkServerTrusted(new X509Certificate[]{x509Certificate}, "RSA");
                if (!zArr[i]) {
                    Assertions.fail(String.format("Certificate %s was expected not to be valid when using CAs %s, but its verification passed.", strArr2[i], Arrays.asList(strArr)));
                }
            } catch (CertificateException e) {
                if (zArr[i]) {
                    Assertions.fail(String.format("Certificate %s was expected to be valid when using CAs %s, but its verification failed.", strArr2[i], Arrays.asList(strArr)));
                }
            }
        }
    }

    private static X509TrustManager getTrustManager(String[] strArr) throws Exception {
        for (TrustManager trustManager : SslContext.buildTrustManagerFactory(Java8SslTestUtils.loadCertCollection(strArr), (TrustManagerFactory) null, (String) null).getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new Exception("Unable to find any X509TrustManager from this factory.");
    }
}
