package org.apache.hadoop.ozone.om;

import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.UUID;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient;
import org.apache.hadoop.hdds.security.x509.certificate.client.OMCertificateClient;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec;
import org.apache.hadoop.hdds.security.x509.keys.KeyCodec;
import org.apache.hadoop.ozone.MiniOzoneCluster;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.test.LambdaTestUtils;
import org.bouncycastle.cert.X509CertificateHolder;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.Timeout;

/* loaded from: input_file:org/apache/hadoop/ozone/om/TestSecureOzoneManager.class */
public class TestSecureOzoneManager {
    private static final String COMPONENT = "om";
    private OzoneConfiguration conf;
    private String clusterId;
    private String scmId;
    private String omId;
    private Path metaDir;
    private MiniOzoneCluster cluster = null;

    @Rule
    public Timeout timeout = Timeout.seconds(25);

    @Before
    public void init() throws Exception {
        this.conf = new OzoneConfiguration();
        this.clusterId = UUID.randomUUID().toString();
        this.scmId = UUID.randomUUID().toString();
        this.omId = UUID.randomUUID().toString();
        this.conf.setBoolean("ozone.acl.enabled", true);
        this.conf.setBoolean("ozone.security.enabled", true);
        this.conf.setInt("ozone.open.key.expire.threshold", 2);
        this.conf.set("hadoop.security.authentication", UserGroupInformation.AuthenticationMethod.KERBEROS.toString());
        this.conf.setInt("ipc.client.connect.max.retries", 2);
        this.conf.set("ozone.scm.names", "localhost");
        this.metaDir = Paths.get(GenericTestUtils.getTempPath(UUID.randomUUID().toString()), "om-meta");
        this.conf.set("ozone.metadata.dirs", this.metaDir.toString());
        OzoneManager.setTestSecureOmFlag(true);
    }

    @After
    public void shutdown() {
        if (this.cluster != null) {
            this.cluster.shutdown();
        }
        FileUtils.deleteQuietly(this.metaDir.toFile());
    }

    @Test
    public void testSecureOmInitFailures() throws Exception {
        GenericTestUtils.LogCapturer captureLogs = GenericTestUtils.LogCapturer.captureLogs(OzoneManager.getLogger());
        OMStorage oMStorage = new OMStorage(this.conf);
        oMStorage.setClusterId(this.clusterId);
        oMStorage.setScmId(this.scmId);
        oMStorage.setOmId(this.omId);
        captureLogs.clearOutput();
        SecurityConfig securityConfig = new SecurityConfig(this.conf);
        OMCertificateClient oMCertificateClient = new OMCertificateClient(securityConfig, oMStorage.getOmCertSerialId());
        Assert.assertEquals(CertificateClient.InitResponse.GETCERT, oMCertificateClient.init());
        PrivateKey privateKey = oMCertificateClient.getPrivateKey();
        PublicKey publicKey = oMCertificateClient.getPublicKey();
        Assert.assertNotNull(oMCertificateClient.getPrivateKey());
        Assert.assertNotNull(oMCertificateClient.getPublicKey());
        Assert.assertNull(oMCertificateClient.getCertificate());
        OMCertificateClient oMCertificateClient2 = new OMCertificateClient(securityConfig, oMStorage.getOmCertSerialId());
        Assert.assertEquals(CertificateClient.InitResponse.RECOVER, oMCertificateClient2.init());
        Assert.assertNotNull(oMCertificateClient2.getPrivateKey());
        Assert.assertNotNull(oMCertificateClient2.getPublicKey());
        Assert.assertNull(oMCertificateClient2.getCertificate());
        OMCertificateClient oMCertificateClient3 = new OMCertificateClient(securityConfig);
        FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(COMPONENT).toString(), securityConfig.getPublicKeyFileName()).toFile());
        Assert.assertEquals(CertificateClient.InitResponse.FAILURE, oMCertificateClient3.init());
        Assert.assertNotNull(oMCertificateClient3.getPrivateKey());
        Assert.assertNull(oMCertificateClient3.getPublicKey());
        Assert.assertNull(oMCertificateClient3.getCertificate());
        OMCertificateClient oMCertificateClient4 = new OMCertificateClient(securityConfig);
        KeyCodec keyCodec = new KeyCodec(securityConfig, COMPONENT);
        keyCodec.writePublicKey(publicKey);
        FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(COMPONENT).toString(), securityConfig.getPrivateKeyFileName()).toFile());
        Assert.assertEquals(CertificateClient.InitResponse.FAILURE, oMCertificateClient4.init());
        Assert.assertNull(oMCertificateClient4.getPrivateKey());
        Assert.assertNotNull(oMCertificateClient4.getPublicKey());
        Assert.assertNull(oMCertificateClient4.getCertificate());
        FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(COMPONENT).toString(), securityConfig.getPublicKeyFileName()).toFile());
        CertificateCodec certificateCodec = new CertificateCodec(securityConfig, COMPONENT);
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=Test", new KeyPair(publicKey, privateKey), 10, securityConfig.getSignatureAlgo());
        certificateCodec.writeCertificate(new X509CertificateHolder(generateCertificate.getEncoded()));
        OMCertificateClient oMCertificateClient5 = new OMCertificateClient(securityConfig, generateCertificate.getSerialNumber().toString());
        oMStorage.setOmCertSerialId(generateCertificate.getSerialNumber().toString());
        Assert.assertEquals(CertificateClient.InitResponse.FAILURE, oMCertificateClient5.init());
        Assert.assertNull(oMCertificateClient5.getPrivateKey());
        Assert.assertNull(oMCertificateClient5.getPublicKey());
        Assert.assertNotNull(oMCertificateClient5.getCertificate());
        OMCertificateClient oMCertificateClient6 = new OMCertificateClient(securityConfig, generateCertificate.getSerialNumber().toString());
        FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(COMPONENT).toString(), securityConfig.getPublicKeyFileName()).toFile());
        keyCodec.writePrivateKey(privateKey);
        Assert.assertEquals(CertificateClient.InitResponse.SUCCESS, oMCertificateClient6.init());
        Assert.assertNotNull(oMCertificateClient6.getPrivateKey());
        Assert.assertNotNull(oMCertificateClient6.getPublicKey());
        Assert.assertNotNull(oMCertificateClient6.getCertificate());
        OMCertificateClient oMCertificateClient7 = new OMCertificateClient(securityConfig, generateCertificate.getSerialNumber().toString());
        Assert.assertEquals(CertificateClient.InitResponse.SUCCESS, oMCertificateClient7.init());
        Assert.assertNotNull(oMCertificateClient7.getPrivateKey());
        Assert.assertNotNull(oMCertificateClient7.getPublicKey());
        Assert.assertNotNull(oMCertificateClient7.getCertificate());
    }

    @Test
    public void testSecureOmInitFailure() throws Exception {
        OzoneConfiguration ozoneConfiguration = new OzoneConfiguration(this.conf);
        OMStorage oMStorage = new OMStorage(ozoneConfiguration);
        oMStorage.setClusterId(this.clusterId);
        oMStorage.setScmId(this.scmId);
        oMStorage.setOmId(this.omId);
        ozoneConfiguration.set("ozone.om.address", "om-unknown");
        LambdaTestUtils.intercept(RuntimeException.class, "Can't get SCM signed certificate", () -> {
            OzoneManager.initializeSecurity(ozoneConfiguration, oMStorage);
        });
    }
}
