Mark CT tests as NonCts

These tests use the internal API of certificate transparency. There is
no compatibility guarantee.

Bug: 357803810
Bug: 357460797
Test: atest
Change-Id: Ide07eca800ecdaa6aa344b5b58d4988bf0bc1e88
diff --git a/common/src/test/java/org/conscrypt/ct/SerializationTest.java b/common/src/test/java/org/conscrypt/ct/SerializationTest.java
index a4c71ce..2d4a112 100644
--- a/common/src/test/java/org/conscrypt/ct/SerializationTest.java
+++ b/common/src/test/java/org/conscrypt/ct/SerializationTest.java
@@ -20,16 +20,20 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import java.io.ByteArrayOutputStream;
-import java.util.Arrays;
+import libcore.test.annotation.NonCts;
+import libcore.test.reasons.NonCtsReasons;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
+import java.io.ByteArrayOutputStream;
+import java.util.Arrays;
+
 @RunWith(JUnit4.class)
 public class SerializationTest {
-
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_decode_SignedCertificateTimestamp() throws Exception {
         byte[] in = new byte[] {
             0x00,                            // version
@@ -59,6 +63,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_decode_invalid_SignedCertificateTimestamp() throws Exception {
         byte[] sct = new byte[] {
             0x00,                            // version
@@ -92,6 +97,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_decode_DigitallySigned() throws Exception {
         byte[] in = new byte[] {
             0x04, 0x03,            // hash & signature algorithm
@@ -106,6 +112,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_decode_invalid_DigitallySigned() throws Exception {
         try {
             DigitallySigned.decode(new byte[] {
@@ -143,6 +150,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_encode_CertificateEntry_X509Certificate() throws Exception {
         // Use a dummy certificate. It doesn't matter, CertificateEntry doesn't care about the contents.
         CertificateEntry entry = CertificateEntry.createForX509Certificate(new byte[] { 0x12, 0x34, 0x56, 0x78 });
@@ -157,6 +165,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_encode_CertificateEntry_PreCertificate() throws Exception {
         // Use a dummy certificate and issuer key hash. It doesn't matter,
         // CertificateEntry doesn't care about the contents.
@@ -176,6 +185,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_readDEROctetString() throws Exception {
         byte[] in, expected;
 
@@ -222,4 +232,3 @@
         assertEquals(Arrays.toString(expected), Arrays.toString(actual));
     }
 }
-
diff --git a/common/src/test/java/org/conscrypt/ct/VerifierTest.java b/common/src/test/java/org/conscrypt/ct/VerifierTest.java
index 984dc27..18cc64b 100644
--- a/common/src/test/java/org/conscrypt/ct/VerifierTest.java
+++ b/common/src/test/java/org/conscrypt/ct/VerifierTest.java
@@ -20,8 +20,9 @@
 import static org.conscrypt.TestUtils.readTestFile;
 import static org.junit.Assert.assertEquals;
 
-import java.security.PublicKey;
-import java.util.Arrays;
+import libcore.test.annotation.NonCts;
+import libcore.test.reasons.NonCtsReasons;
+
 import org.conscrypt.OpenSSLX509Certificate;
 import org.conscrypt.TestUtils;
 import org.junit.Before;
@@ -29,6 +30,9 @@
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
+import java.security.PublicKey;
+import java.util.Arrays;
+
 @RunWith(JUnit4.class)
 public class VerifierTest {
     private OpenSSLX509Certificate ca;
@@ -67,6 +71,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withOCSPResponse() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
@@ -78,6 +83,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withTLSExtension() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
@@ -89,6 +95,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withEmbeddedExtension() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {certEmbedded, ca};
 
@@ -98,6 +105,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withoutTimestamp() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
@@ -107,6 +115,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withInvalidSignature() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
@@ -121,6 +130,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withUnknownLog() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
@@ -134,6 +144,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withInvalidEncoding() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
@@ -147,6 +158,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withInvalidOCSPResponse() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
@@ -160,6 +172,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withMultipleTimestamps() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
diff --git a/platform/src/test/java/org/conscrypt/ct/LogStoreImplTest.java b/platform/src/test/java/org/conscrypt/ct/LogStoreImplTest.java
index c595df4..af3a2a1 100644
--- a/platform/src/test/java/org/conscrypt/ct/LogStoreImplTest.java
+++ b/platform/src/test/java/org/conscrypt/ct/LogStoreImplTest.java
@@ -19,6 +19,13 @@
 import static java.nio.charset.StandardCharsets.US_ASCII;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
+import libcore.test.annotation.NonCts;
+import libcore.test.reasons.NonCtsReasons;
+
+import junit.framework.TestCase;
+
+import org.conscrypt.OpenSSLKey;
+
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.FileNotFoundException;
@@ -29,10 +36,9 @@
 import java.io.PrintWriter;
 import java.security.PublicKey;
 import java.util.Base64;
-import junit.framework.TestCase;
-import org.conscrypt.OpenSSLKey;
 
 public class LogStoreImplTest extends TestCase {
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_loadLogList() throws Exception {
         // clang-format off
         String content = "" +
diff --git a/platform/src/test/java/org/conscrypt/ct/PolicyImplTest.java b/platform/src/test/java/org/conscrypt/ct/PolicyImplTest.java
index 7696beb..8c4e33e 100644
--- a/platform/src/test/java/org/conscrypt/ct/PolicyImplTest.java
+++ b/platform/src/test/java/org/conscrypt/ct/PolicyImplTest.java
@@ -18,6 +18,9 @@
 
 import static org.junit.Assert.assertEquals;
 
+import libcore.test.annotation.NonCts;
+import libcore.test.reasons.NonCtsReasons;
+
 import org.conscrypt.java.security.cert.FakeX509Certificate;
 import org.junit.Assume;
 import org.junit.BeforeClass;
@@ -106,6 +109,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void emptyVerificationResult() throws Exception {
         Policy p = new PolicyImpl();
         VerificationResult result = new VerificationResult();
@@ -116,6 +120,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void validVerificationResult() throws Exception {
         Policy p = new PolicyImpl();
 
@@ -139,6 +144,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void validWithRetiredVerificationResult() throws Exception {
         Policy p = new PolicyImpl();
 
@@ -162,6 +168,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void invalidOneSctVerificationResult() throws Exception {
         Policy p = new PolicyImpl();
 
@@ -179,6 +186,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void invalidTwoSctsVerificationResult() throws Exception {
         Policy p = new PolicyImpl();
 
@@ -202,6 +210,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void invalidTwoSctsSameOperatorVerificationResult() throws Exception {
         Policy p = new PolicyImpl();
 
diff --git a/repackaged/common/src/test/java/com/android/org/conscrypt/ct/SerializationTest.java b/repackaged/common/src/test/java/com/android/org/conscrypt/ct/SerializationTest.java
index 7dabf84..8c40636 100644
--- a/repackaged/common/src/test/java/com/android/org/conscrypt/ct/SerializationTest.java
+++ b/repackaged/common/src/test/java/com/android/org/conscrypt/ct/SerializationTest.java
@@ -21,19 +21,23 @@
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-import java.io.ByteArrayOutputStream;
-import java.util.Arrays;
+import libcore.test.annotation.NonCts;
+import libcore.test.reasons.NonCtsReasons;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
+import java.io.ByteArrayOutputStream;
+import java.util.Arrays;
+
 /**
  * @hide This class is not part of the Android public SDK API
  */
 @RunWith(JUnit4.class)
 public class SerializationTest {
-
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_decode_SignedCertificateTimestamp() throws Exception {
         byte[] in = new byte[] {
             0x00,                            // version
@@ -63,6 +67,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_decode_invalid_SignedCertificateTimestamp() throws Exception {
         byte[] sct = new byte[] {
             0x00,                            // version
@@ -96,6 +101,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_decode_DigitallySigned() throws Exception {
         byte[] in = new byte[] {
             0x04, 0x03,            // hash & signature algorithm
@@ -110,6 +116,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_decode_invalid_DigitallySigned() throws Exception {
         try {
             DigitallySigned.decode(new byte[] {
@@ -147,6 +154,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_encode_CertificateEntry_X509Certificate() throws Exception {
         // Use a dummy certificate. It doesn't matter, CertificateEntry doesn't care about the contents.
         CertificateEntry entry = CertificateEntry.createForX509Certificate(new byte[] { 0x12, 0x34, 0x56, 0x78 });
@@ -161,6 +169,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_encode_CertificateEntry_PreCertificate() throws Exception {
         // Use a dummy certificate and issuer key hash. It doesn't matter,
         // CertificateEntry doesn't care about the contents.
@@ -180,6 +189,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_readDEROctetString() throws Exception {
         byte[] in, expected;
 
@@ -226,4 +236,3 @@
         assertEquals(Arrays.toString(expected), Arrays.toString(actual));
     }
 }
-
diff --git a/repackaged/common/src/test/java/com/android/org/conscrypt/ct/VerifierTest.java b/repackaged/common/src/test/java/com/android/org/conscrypt/ct/VerifierTest.java
index 66dd14f..5e317ec 100644
--- a/repackaged/common/src/test/java/com/android/org/conscrypt/ct/VerifierTest.java
+++ b/repackaged/common/src/test/java/com/android/org/conscrypt/ct/VerifierTest.java
@@ -19,17 +19,23 @@
 
 import static com.android.org.conscrypt.TestUtils.openTestFile;
 import static com.android.org.conscrypt.TestUtils.readTestFile;
+
 import static org.junit.Assert.assertEquals;
 
-import java.security.PublicKey;
-import java.util.Arrays;
 import com.android.org.conscrypt.OpenSSLX509Certificate;
 import com.android.org.conscrypt.TestUtils;
+
+import libcore.test.annotation.NonCts;
+import libcore.test.reasons.NonCtsReasons;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
+import java.security.PublicKey;
+import java.util.Arrays;
+
 /**
  * @hide This class is not part of the Android public SDK API
  */
@@ -71,6 +77,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withOCSPResponse() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
@@ -82,6 +89,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withTLSExtension() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
@@ -93,6 +101,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withEmbeddedExtension() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {certEmbedded, ca};
 
@@ -102,6 +111,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withoutTimestamp() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
@@ -111,6 +121,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withInvalidSignature() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
@@ -125,6 +136,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withUnknownLog() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
@@ -138,6 +150,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withInvalidEncoding() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
@@ -151,6 +164,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withInvalidOCSPResponse() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
@@ -164,6 +178,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_verifySignedCertificateTimestamps_withMultipleTimestamps() throws Exception {
         OpenSSLX509Certificate[] chain = new OpenSSLX509Certificate[] {cert, ca};
 
diff --git a/repackaged/platform/src/test/java/com/android/org/conscrypt/ct/LogStoreImplTest.java b/repackaged/platform/src/test/java/com/android/org/conscrypt/ct/LogStoreImplTest.java
index b03ddcd..58d6b02 100644
--- a/repackaged/platform/src/test/java/com/android/org/conscrypt/ct/LogStoreImplTest.java
+++ b/repackaged/platform/src/test/java/com/android/org/conscrypt/ct/LogStoreImplTest.java
@@ -20,6 +20,13 @@
 import static java.nio.charset.StandardCharsets.US_ASCII;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
+import com.android.org.conscrypt.OpenSSLKey;
+
+import libcore.test.annotation.NonCts;
+import libcore.test.reasons.NonCtsReasons;
+
+import junit.framework.TestCase;
+
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.FileNotFoundException;
@@ -30,13 +37,12 @@
 import java.io.PrintWriter;
 import java.security.PublicKey;
 import java.util.Base64;
-import junit.framework.TestCase;
-import com.android.org.conscrypt.OpenSSLKey;
 
 /**
  * @hide This class is not part of the Android public SDK API
  */
 public class LogStoreImplTest extends TestCase {
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void test_loadLogList() throws Exception {
         // clang-format off
         String content = "" +
diff --git a/repackaged/platform/src/test/java/com/android/org/conscrypt/ct/PolicyImplTest.java b/repackaged/platform/src/test/java/com/android/org/conscrypt/ct/PolicyImplTest.java
index 638dc9e..6ad28e2 100644
--- a/repackaged/platform/src/test/java/com/android/org/conscrypt/ct/PolicyImplTest.java
+++ b/repackaged/platform/src/test/java/com/android/org/conscrypt/ct/PolicyImplTest.java
@@ -21,6 +21,9 @@
 
 import com.android.org.conscrypt.java.security.cert.FakeX509Certificate;
 
+import libcore.test.annotation.NonCts;
+import libcore.test.reasons.NonCtsReasons;
+
 import org.junit.Assume;
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -111,6 +114,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void emptyVerificationResult() throws Exception {
         Policy p = new PolicyImpl();
         VerificationResult result = new VerificationResult();
@@ -121,6 +125,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void validVerificationResult() throws Exception {
         Policy p = new PolicyImpl();
 
@@ -144,6 +149,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void validWithRetiredVerificationResult() throws Exception {
         Policy p = new PolicyImpl();
 
@@ -167,6 +173,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void invalidOneSctVerificationResult() throws Exception {
         Policy p = new PolicyImpl();
 
@@ -184,6 +191,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void invalidTwoSctsVerificationResult() throws Exception {
         Policy p = new PolicyImpl();
 
@@ -207,6 +215,7 @@
     }
 
     @Test
+    @NonCts(reason = NonCtsReasons.INTERNAL_APIS)
     public void invalidTwoSctsSameOperatorVerificationResult() throws Exception {
         Policy p = new PolicyImpl();