package org.apache.hadoop.hdds.security.x509.certificates;

import java.io.IOException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Iterator;
import java.util.UUID;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest;
import org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator;
import org.apache.hadoop.hdds.security.x509.keys.SecurityUtil;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCSException;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/certificates/TestCertificateSignRequest.class */
public class TestCertificateSignRequest {
    private static OzoneConfiguration conf = new OzoneConfiguration();

    @Rule
    public TemporaryFolder temporaryFolder = new TemporaryFolder();
    private SecurityConfig securityConfig;

    @Before
    public void init() throws IOException {
        conf.set("ozone.metadata.dirs", this.temporaryFolder.newFolder().toString());
        this.securityConfig = new SecurityConfig(conf);
    }

    @Test
    public void testGenerateCSR() throws NoSuchProviderException, NoSuchAlgorithmException, SCMSecurityException, OperatorCreationException, PKCSException {
        String uuid = UUID.randomUUID().toString();
        String uuid2 = UUID.randomUUID().toString();
        KeyPair generateKey = new HDDSKeyGenerator(this.securityConfig.getConfiguration()).generateKey();
        PKCS10CertificationRequest build = new CertificateSignRequest.Builder().setSubject("DN001").setScmID(uuid2).setClusterID(uuid).setKey(generateKey).setConfiguration(conf).build();
        Assert.assertEquals(build.getSubject().toString(), String.format(SecurityUtil.getDistinguishedNameFormat(), "DN001", uuid2, uuid));
        Assert.assertEquals(build.getSubjectPublicKeyInfo(), SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(generateKey.getPublic().getEncoded())));
        Assert.assertEquals(1L, build.getAttributes().length);
        Extensions pkcs9Extensions = SecurityUtil.getPkcs9Extensions(build);
        Assert.assertEquals(true, Boolean.valueOf(pkcs9Extensions.getExtension(Extension.keyUsage).isCritical()));
        Assert.assertEquals((Object) null, pkcs9Extensions.getExtension(Extension.subjectAlternativeName));
        Assert.assertEquals(true, Boolean.valueOf(build.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(this.securityConfig.getProvider()).build(build.getSubjectPublicKeyInfo()))));
    }

    @Test
    public void testGenerateCSRwithSan() throws NoSuchProviderException, NoSuchAlgorithmException, SCMSecurityException, OperatorCreationException, PKCSException {
        String uuid = UUID.randomUUID().toString();
        String uuid2 = UUID.randomUUID().toString();
        KeyPair generateKey = new HDDSKeyGenerator(this.securityConfig.getConfiguration()).generateKey();
        CertificateSignRequest.Builder configuration = new CertificateSignRequest.Builder().setSubject("DN001").setScmID(uuid2).setClusterID(uuid).setKey(generateKey).setConfiguration(conf);
        configuration.addIpAddress("192.168.1.1");
        configuration.addIpAddress("192.168.2.1");
        configuration.addServiceName("OzoneMarketingCluster003");
        configuration.addDnsName("dn1.abc.com");
        PKCS10CertificationRequest build = configuration.build();
        Assert.assertEquals(build.getSubject().toString(), String.format(SecurityUtil.getDistinguishedNameFormat(), "DN001", uuid2, uuid));
        Assert.assertEquals(build.getSubjectPublicKeyInfo(), SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(generateKey.getPublic().getEncoded())));
        Assert.assertEquals(1L, build.getAttributes().length);
        Extensions pkcs9Extensions = SecurityUtil.getPkcs9Extensions(build);
        Assert.assertEquals(true, Boolean.valueOf(pkcs9Extensions.getExtension(Extension.keyUsage).isCritical()));
        verifyServiceId(pkcs9Extensions);
        Assert.assertEquals(true, Boolean.valueOf(build.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(this.securityConfig.getProvider()).build(build.getSubjectPublicKeyInfo()))));
    }

    @Test
    public void testGenerateCSRWithInvalidParams() throws NoSuchProviderException, NoSuchAlgorithmException, SCMSecurityException {
        String uuid = UUID.randomUUID().toString();
        String uuid2 = UUID.randomUUID().toString();
        KeyPair generateKey = new HDDSKeyGenerator(this.securityConfig.getConfiguration()).generateKey();
        CertificateSignRequest.Builder configuration = new CertificateSignRequest.Builder().setSubject("DN001").setScmID(uuid2).setClusterID(uuid).setKey(generateKey).setConfiguration(conf);
        try {
            configuration.setKey((KeyPair) null);
            configuration.build();
            Assert.fail("Null Key should have failed.");
        } catch (IllegalArgumentException | NullPointerException e) {
            configuration.setKey(generateKey);
        }
        try {
            configuration.setSubject((String) null);
            configuration.build();
            Assert.fail("Null/Blank Subject should have thrown.");
        } catch (IllegalArgumentException e2) {
            configuration.setSubject("DN001");
        }
        try {
            configuration.setSubject("");
            configuration.build();
            Assert.fail("Null/Blank Subject should have thrown.");
        } catch (IllegalArgumentException e3) {
            configuration.setSubject("DN001");
        }
        try {
            configuration.addIpAddress("255.255.255.*");
            configuration.build();
            Assert.fail("Invalid ip address");
        } catch (IllegalArgumentException e4) {
        }
        PKCS10CertificationRequest build = configuration.build();
        Assert.assertEquals(build.getSubject().toString(), String.format(SecurityUtil.getDistinguishedNameFormat(), "DN001", uuid2, uuid));
        Assert.assertEquals(build.getSubjectPublicKeyInfo(), SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(generateKey.getPublic().getEncoded())));
        Assert.assertEquals(1L, build.getAttributes().length);
    }

    @Test
    public void testCsrSerialization() throws NoSuchProviderException, NoSuchAlgorithmException, SCMSecurityException, IOException {
        String uuid = UUID.randomUUID().toString();
        String uuid2 = UUID.randomUUID().toString();
        PKCS10CertificationRequest build = new CertificateSignRequest.Builder().setSubject("DN001").setScmID(uuid2).setClusterID(uuid).setKey(new HDDSKeyGenerator(this.securityConfig.getConfiguration()).generateKey()).setConfiguration(conf).build();
        Assert.assertEquals(build, new PKCS10CertificationRequest(build.getEncoded()));
    }

    private void verifyServiceId(Extensions extensions) {
        GeneralName[] names = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames();
        for (int i = 0; i < names.length; i++) {
            if (names[i].getTagNo() == 0) {
                Iterator it = names[i].getName().iterator();
                while (it.hasNext()) {
                    Object next = it.next();
                    if (next instanceof ASN1ObjectIdentifier) {
                        Assert.assertEquals(next.toString(), "2.16.840.1.113730.3.1.34");
                    }
                    if (next instanceof DERTaggedObject) {
                        Assert.assertEquals(((DERTaggedObject) next).getObject().toString(), "OzoneMarketingCluster003");
                    }
                }
            }
        }
    }
}
