package com.android.tools.lint.checks;

import com.android.tools.lint.detector.api.Detector;
import java.time.LocalDate;
import java.time.format.DateTimeFormatter;

/* loaded from: input_file:com/android/tools/lint/checks/NetworkSecurityConfigDetectorTest.class */
public class NetworkSecurityConfigDetectorTest extends AbstractCheckTest {
    @Override // com.android.tools.lint.checks.infrastructure.LintDetectorTest
    /* renamed from: getDetector */
    protected Detector mo755getDetector() {
        return new NetworkSecurityConfigDetector();
    }

    public void testInvalidElementAndMissingDomain() {
        lint().files(xml("res/xml/network_config.xml", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<network-security-config>\n     <!-- Invalid element as child. -->\n     <include domain=\"file\"/>\n     <!-- Invalid base-config with nested domain-config element -->\n     <base-config>\n         <domain-config>\n             <domain>android.com</domain>\n         </domain-config>\n     </base-config>\n     <!-- Invalid domain-config without domain child element -->\n     <domain-config>\n     </domain-config>\n</network-security-config>")).run().expect("res/xml/network_config.xml:4: Error: Unexpected element <include> [NetworkSecurityConfig]\n     <include domain=\"file\"/>\n      ~~~~~~~\nres/xml/network_config.xml:7: Error: Nested <domain-config> elements are not allowed in base-config [NetworkSecurityConfig]\n         <domain-config>\n          ~~~~~~~~~~~~~\nres/xml/network_config.xml:12: Error: No <domain> elements in <domain-config> [NetworkSecurityConfig]\n     <domain-config>\n      ~~~~~~~~~~~~~\n3 errors, 0 warnings");
    }

    public void testTrustAnchors() {
        lint().files(xml("res/xml/network_config.xml", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<network-security-config>\n    <domain-config>\n        <domain includeSubdomains=\"false\">example.com</domain>\n        <trust-anchors>\n            <!-- Invalid attribute only system, user or @resource allowed -->\n            <certificates src=\"raw/extras\"/>\n            <!-- Missing src attribute src attr -->\n            <certificates/>\n            <!-- valid src attr -->\n            <certificates src=\"user\"/>\n        </trust-anchors>\n    </domain-config>\n</network-security-config>")).run().expect("res/xml/network_config.xml:7: Error: Unknown certificates src attribute. Expecting system, user or an @resource value [NetworkSecurityConfig]\n            <certificates src=\"raw/extras\"/>\n                               ~~~~~~~~~~\nres/xml/network_config.xml:9: Error: Missing src attribute [NetworkSecurityConfig]\n            <certificates/>\n             ~~~~~~~~~~~~\n2 errors, 0 warnings\n").expectFixDiffs("Fix for res/xml/network_config.xml line 9: Set src:\n@@ -14 +14\n-             <certificates />\n+             <certificates src=\"[TODO]|\" />");
    }

    public void testInsecureBaseConfiguration() {
        lint().files(xml("res/xml/network_config.xml", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<network-security-config>\n    <base-config cleartextTrafficPermitted=\"true\">\n    </base-config>\n</network-security-config>")).run().expect("res/xml/network_config.xml:3: Warning: Insecure Base Configuration [InsecureBaseConfiguration]\n    <base-config cleartextTrafficPermitted=\"true\">\n                                            ~~~~\n0 errors, 1 warnings\n").expectFixDiffs("Fix for res/xml/network_config.xml line 3: Replace with false:\n@@ -3 +3\n-     <base-config cleartextTrafficPermitted=\"true\">\n+     <base-config cleartextTrafficPermitted=\"false\">");
    }

    public void testAllowsUserCertificates() {
        lint().files(xml("res/xml/network_config.xml", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<network-security-config>\n    <base-config>\n        <trust-anchors>\n            <certificates src=\"system\"/>\n            <certificates src=\"user\"/>\n        </trust-anchors>\n    </base-config>\n</network-security-config>")).run().expect("res/xml/network_config.xml:6: Warning: The Network Security Configuration allows the use of user certificates in the release version of your app [AcceptsUserCertificates]\n            <certificates src=\"user\"/>\n            ~~~~~~~~~~~~~~~~~~~~~~~~~~\n0 errors, 1 warnings\n");
    }

    public void testAllowsUserCertificatesOnlyWhenDebuggable() {
        lint().files(xml("res/xml/network_config.xml", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<network-security-config>\n    <base-config>\n        <debug-overriodes>\n            <trust-anchors>\n                <certificates src=\"system\"/>\n                <certificates src=\"user\"/>\n            </trust-anchors>\n        </debug-overriodes>\n    </base-config>\n</network-security-config>")).run().expectClean();
    }

    public void testPinSetElement() {
        String format = LocalDate.now().plusDays(5L).format(DateTimeFormatter.ISO_LOCAL_DATE);
        lint().files(xml("res/xml/network_config.xml", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<network-security-config>\n    <domain-config>\n        <domain includeSubdomains=\"true\">example.com</domain>\n        <!-- pin-set is expiring soon -->\n        <pin-set expiration=\"" + format + "\">\n            <!-- Invalid digest algorithm-->\n            <pin digest=\"SHA-1\">7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=</pin>\n            <!-- Invalid SHA-256 digest length -->\n            <pin digest=\"SHA-256\">aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d</pin>\n        </pin-set>\n    </domain-config>\n</network-security-config>")).run().expect(String.format("res/xml/network_config.xml:6: Warning: pin-set is expiring soon [PinSetExpiry]\n        <pin-set expiration=\"%1$s\">\n                             ~~~~~~~~~~\nres/xml/network_config.xml:8: Error: Invalid digest algorithm. Supported digests: SHA-256 [NetworkSecurityConfig]\n            <pin digest=\"SHA-1\">7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=</pin>\n                         ~~~~~\nres/xml/network_config.xml:10: Error: Decoded digest length 30 does not match expected length for SHA-256 of 32 [NetworkSecurityConfig]\n            <pin digest=\"SHA-256\">aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d</pin>\n                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n2 errors, 1 warnings\n", format)).expectFixDiffs("\nFix for res/xml/network_config.xml line 7: Set digest to \"SHA-256\":\n@@ -8 +8\n-             <pin digest=\"SHA-1\">7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=</pin>\n+             <pin digest=\"SHA-256\">7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=</pin>\n");
    }

    public void testMissingBackupPin() {
        lint().files(xml("res/xml/network_config.xml", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<network-security-config>\n    <domain-config>\n        <domain includeSubdomains=\"true\">www.example.com</domain>\n        <pin-set>\n            <!-- no backup pin declared -->\n            <pin digest=\"SHA-256\">7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=</pin>\n        </pin-set>\n    </domain-config>\n</network-security-config>")).run().expect("res/xml/network_config.xml:5: Warning: A backup <pin> declaration is highly recommended [MissingBackupPin]\n        <pin-set>\n         ~~~~~~~\n0 errors, 1 warnings");
    }

    public void testInvalidMultiplePinSetElements() {
        lint().files(xml("res/xml/network_config.xml", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<network-security-config>\n    <domain-config>\n        <domain includeSubdomains=\"true\">example.com</domain>\n        <pin-set>\n            <pin digest=\"SHA-256\">7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=</pin>\n            <pin digest=\"SHA-256\">fwza0LRMXouZHRC8Ei+4PyuldPDcf3UKgO/04cDM1oE=</pin>\n        </pin-set>\n        <!-- Multiple pin-set elements are not allowed -->\n        <pin-set>\n            <pin digest=\"SHA-256\">fwza0LRMXouZHRC8Ei+4PyuldPDcf3UKgO/04cDM1oE=</pin>\n        </pin-set>\n    </domain-config>\n</network-security-config>")).run().expect("res/xml/network_config.xml:10: Error: Multiple <pin-set> elements are not allowed [NetworkSecurityConfig]\n        <pin-set>\n         ~~~~~~~\n    res/xml/network_config.xml:5: Already declared here\n        <pin-set>\n         ~~~~~~~\n1 errors, 0 warnings");
    }

    public void testNestedDomainConfigsWithDuplicateDomains() {
        lint().files(xml("res/xml/network_config.xml", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<network-security-config>\n    <domain-config>\n        <domain includeSubdomains=\"true\">www.example.com</domain>\n        <!-- Duplicate domain registration case insensitive -->\n        <domain includeSubdomains=\"true\">www.Example.com</domain>\n        <pin-set>\n            <pin digest=\"SHA-256\">7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=</pin>\n            <pin digest=\"SHA-256\">fwza0LRMXouZHRC8Ei+4PyuldPDcf3UKgO/04cDM1oE=</pin>\n        </pin-set>\n        <domain-config>\n            <!-- Nested domain-config with duplicate domain name -->\n            <domain includeSubdomains=\"true\">www.example.com</domain>\n        </domain-config>\n    </domain-config>\n</network-security-config>")).run().expect("res/xml/network_config.xml:6: Error: Duplicate domain names are not allowed [NetworkSecurityConfig]\n        <domain includeSubdomains=\"true\">www.Example.com</domain>\n                                         ~~~~~~~~~~~~~~~\n    res/xml/network_config.xml:4: Already declared here\n        <domain includeSubdomains=\"true\">www.example.com</domain>\n                                         ~~~~~~~~~~~~~~~\nres/xml/network_config.xml:13: Error: Duplicate domain names are not allowed [NetworkSecurityConfig]\n            <domain includeSubdomains=\"true\">www.example.com</domain>\n                                             ~~~~~~~~~~~~~~~\n    res/xml/network_config.xml:4: Already declared here\n        <domain includeSubdomains=\"true\">www.example.com</domain>\n                                         ~~~~~~~~~~~~~~~\n2 errors, 0 warnings\n");
    }

    public void testTrustAnchorsWithValidCAResource() {
        lint().files(source("res/raw/debug_cas", "-----BEGIN CERTIFICATE-----\n7vQMfXdGsRrXNGRGnX+vWDZ3/zWI0joDtCkNnqEpVn..HoX\n-----END CERTIFICATE-----"), xml("res/xml/network_config.xml", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<network-security-config>\n    <debug-overrides cleartextTrafficPermitted=\"true\">\n        <trust-anchors>\n            <certificates src=\"@raw/debug_cas\"/>\n        </trust-anchors>\n    </debug-overrides>\n</network-security-config>")).incremental("res/xml/network_config.xml").run().expectClean();
    }

    public void testTyposInBaseTags() {
        lint().files(xml("res/xml/network_config.xml", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<network-security-config>\n     <include domain=\"file\"/>\n     <base-cnofig>\n     </base-cnofig>\n     <domain-config invalidattr=\"true\" clearTxtTrafficPermitted=\"true\">\n        <domain includeSubdomain='true'>android.com</domain>\n        <trustAnchor>\n            <certificates src=\"@raw/debug_cas\"/>\n        </trustAnchor>\n     </domain-config>\n     <domain-config>\n        <domain includeSubdomains='true'>www.example.com</domain>\n        <trust-anchors>\n            <ceritficates src=\"@raw/debug_cas\"/>\n        </trust-anchors>\n     </domain-config>\n     <domain-config>\n        <domain includeSubdomains='true'>foo.example.com</domain>\n        <trust-anchors>\n            <certificates source=\"@raw/debug_cas\"/>\n        </trust-anchors>\n        <pin-set>\n            <pin dgest=\"SHA-256\">7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=</pin>\n            <pln digest=\"SHA-256\">fwza0LRMXouZHRC8Ei+4PyuldPDcf3UKgO/04cDM1oE=</pln>\n        </pin-set>\n     </domain-config>\n     <!-- Unexpected element -->\n     <test-overrides>\n     </test-overrides>\n     <!-- spelling error -->\n     <debug-ovrrides></debug-ovrrides>\n</network-security-config>")).run().expect("res/xml/network_config.xml:3: Error: Unexpected element <include> [NetworkSecurityConfig]\n     <include domain=\"file\"/>\n      ~~~~~~~\nres/xml/network_config.xml:4: Error: Misspelled tag <base-cnofig>: Did you mean base-config? [NetworkSecurityConfig]\n     <base-cnofig>\n      ~~~~~~~~~~~\nres/xml/network_config.xml:6: Error: Misspelled attribute clearTxtTrafficPermitted: Did you mean cleartextTrafficPermitted? [NetworkSecurityConfig]\n     <domain-config invalidattr=\"true\" clearTxtTrafficPermitted=\"true\">\n                                       ~~~~~~~~~~~~~~~~~~~~~~~~\nres/xml/network_config.xml:7: Error: Misspelled attribute includeSubdomain: Did you mean includeSubdomains? [NetworkSecurityConfig]\n        <domain includeSubdomain='true'>android.com</domain>\n                ~~~~~~~~~~~~~~~~\nres/xml/network_config.xml:8: Error: Misspelled tag <trustAnchor>: Did you mean trust-anchors? [NetworkSecurityConfig]\n        <trustAnchor>\n         ~~~~~~~~~~~\nres/xml/network_config.xml:15: Error: Misspelled tag <ceritficates>: Did you mean certificates? [NetworkSecurityConfig]\n            <ceritficates src=\"@raw/debug_cas\"/>\n             ~~~~~~~~~~~~\nres/xml/network_config.xml:21: Error: Misspelled attribute source: Did you mean src? [NetworkSecurityConfig]\n            <certificates source=\"@raw/debug_cas\"/>\n                          ~~~~~~\nres/xml/network_config.xml:24: Error: Misspelled attribute dgest: Did you mean digest? [NetworkSecurityConfig]\n            <pin dgest=\"SHA-256\">7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=</pin>\n                 ~~~~~\nres/xml/network_config.xml:25: Error: Misspelled tag <pln>: Did you mean pin? [NetworkSecurityConfig]\n            <pln digest=\"SHA-256\">fwza0LRMXouZHRC8Ei+4PyuldPDcf3UKgO/04cDM1oE=</pln>\n             ~~~\nres/xml/network_config.xml:29: Error: Unexpected element <test-overrides> [NetworkSecurityConfig]\n     <test-overrides>\n      ~~~~~~~~~~~~~~\nres/xml/network_config.xml:32: Error: Misspelled tag <debug-ovrrides>: Did you mean debug-overrides? [NetworkSecurityConfig]\n     <debug-ovrrides></debug-ovrrides>\n      ~~~~~~~~~~~~~~\n11 errors, 0 warnings").expectFixDiffs("Fix for res/xml/network_config.xml line 4: Replace with `<base-config>`:\n@@ -4 +4\n-      <base-cnofig>\n-      </base-cnofig>\n+      <base-config>\n+      </base-config>\nFix for res/xml/network_config.xml line 6: Replace with `cleartextTrafficPermitted`:\n@@ -10 +10\n-         clearTxtTrafficPermitted=\"true\"\n+         cleartextTrafficPermitted=\"true\"\nFix for res/xml/network_config.xml line 7: Replace with `includeSubdomains`:\n@@ -12 +12\n-         <domain includeSubdomain=\"true\" >\n+         <domain includeSubdomains=\"true\" >\nFix for res/xml/network_config.xml line 8: Replace with `<trust-anchors>`:\n@@ -8 +8\n-         <trustAnchor>\n+         <trust-anchors>\n@@ -10 +10\n-         </trustAnchor>\n+         </trust-anchors>\nFix for res/xml/network_config.xml line 15: Replace with `<certificates>`:\n@@ -15 +15\n-             <ceritficates src=\"@raw/debug_cas\"/>\n+             <certificates src=\"@raw/debug_cas\"/>\nFix for res/xml/network_config.xml line 21: Replace with `src`:\n@@ -35 +35\n-             <certificates source=\"@raw/debug_cas\" />\n+             <certificates src=\"@raw/debug_cas\" />\nFix for res/xml/network_config.xml line 24: Replace with `digest`:\n@@ -39 +39\n-             <pin dgest=\"SHA-256\" >\n+             <pin digest=\"SHA-256\" >\nFix for res/xml/network_config.xml line 25: Replace with `<pin>`:\n@@ -25 +25\n-             <pln digest=\"SHA-256\">fwza0LRMXouZHRC8Ei+4PyuldPDcf3UKgO/04cDM1oE=</pln>\n+             <pin digest=\"SHA-256\">fwza0LRMXouZHRC8Ei+4PyuldPDcf3UKgO/04cDM1oE=</pin>\nFix for res/xml/network_config.xml line 32: Replace with `<debug-overrides>`:\n@@ -32 +32\n-      <debug-ovrrides></debug-ovrrides>\n+      <debug-overrides></debug-overrides>");
    }

    public void testConfigDuplicatesMessage() {
        lint().files(xml("res/xml/network_config_debug.xml", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<network-security-config>\n    <debug-overrides>\n        <trust-anchors>\n            <certificates src=\"@raw/debug_cas\"/>\n        </trust-anchors>\n    </debug-overrides>\n</network-security-config>"), source("res/raw/debug_cas", "-----BEGIN CERTIFICATE-----\n7vQMfXdGsRrXNGRGnX+vWDZ3/zWI0joDtCkNnqEpVn..HoX\n-----END CERTIFICATE-----"), xml("res/xml/network_config.xml", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<network-security-config>\n    <base-config>\n    </base-config>\n    <base-config>\n    </base-config>\n    <debug-overrides>\n        <trust-anchors>\n            <certificates src=\"@raw/debug_cas\"/>\n        </trust-anchors>\n    </debug-overrides>\n    <debug-overrides>\n    </debug-overrides>\n</network-security-config>")).run().expect("res/xml/network_config.xml:5: Error: Expecting at most 1 <base-config> [NetworkSecurityConfig]\n    <base-config>\n     ~~~~~~~~~~~\n    res/xml/network_config.xml:3: Already declared here\n    <base-config>\n    ^\nres/xml/network_config.xml:12: Error: Expecting at most 1 <debug-overrides> [NetworkSecurityConfig]\n    <debug-overrides>\n     ~~~~~~~~~~~~~~~\n    res/xml/network_config.xml:7: Already declared here\n    <debug-overrides>\n    ^\nres/xml/network_config_debug.xml:3: Error: Expecting at most 1 <debug-overrides> [NetworkSecurityConfig]\n    <debug-overrides>\n     ~~~~~~~~~~~~~~~\n    res/xml/network_config.xml:7: Already declared here\n    <debug-overrides>\n    ^\n3 errors, 0 warnings\n");
    }
}
