package org.apache.hadoop.hbase.security;

import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.Security;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseCommonTestingUtility;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.ServerName;
import org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType;
import org.apache.hadoop.hbase.io.crypto.tls.X509KeyType;
import org.apache.hadoop.hbase.io.crypto.tls.X509TestContext;
import org.apache.hadoop.hbase.io.crypto.tls.X509TestContextProvider;
import org.apache.hadoop.hbase.ipc.FifoRpcScheduler;
import org.apache.hadoop.hbase.ipc.HBaseRpcControllerImpl;
import org.apache.hadoop.hbase.ipc.NettyRpcClient;
import org.apache.hadoop.hbase.ipc.NettyRpcServer;
import org.apache.hadoop.hbase.ipc.RpcScheduler;
import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.ipc.TestProtoBufRpc;
import org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl;
import org.apache.hadoop.hbase.net.Address;
import org.apache.hadoop.hbase.regionserver.HRegionServer;
import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestProtos;
import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestRpcServiceProtos;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.testclassification.RPCTests;
import org.apache.hadoop.hbase.util.MultiThreadedReader;
import org.apache.hadoop.hbase.util.NettyEventLoopGroupConfig;
import org.apache.hbase.thirdparty.com.google.common.collect.Lists;
import org.apache.hbase.thirdparty.com.google.protobuf.ServiceException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.mockito.Mockito;

@RunWith(Parameterized.class)
@Category({RPCTests.class, MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/TestNettyTLSIPCFileWatcher.class */
public class TestNettyTLSIPCFileWatcher {

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestNettyTLSIPCFileWatcher.class);
    private static final Configuration CONF = HBaseConfiguration.create();
    private static final HBaseCommonTestingUtility UTIL = new HBaseCommonTestingUtility(CONF);
    private static HRegionServer SERVER;
    private static X509TestContextProvider PROVIDER;
    private static NettyEventLoopGroupConfig EVENT_LOOP_GROUP_CONFIG;
    private X509TestContext x509TestContext;

    @Parameterized.Parameter(MultiThreadedReader.DEFAULT_KEY_WINDOW)
    public X509KeyType keyType;

    @Parameterized.Parameter(1)
    public KeyStoreFileType storeFileType;

    @Parameterized.Parameters(name = "{index}: keyType={0}, storeFileType={1}")
    public static List<Object[]> data() {
        ArrayList arrayList = new ArrayList();
        for (X509KeyType x509KeyType : X509KeyType.values()) {
            for (KeyStoreFileType keyStoreFileType : KeyStoreFileType.values()) {
                arrayList.add(new Object[]{x509KeyType, keyStoreFileType});
            }
        }
        return arrayList;
    }

    @BeforeClass
    public static void setUpBeforeClass() throws IOException {
        Security.addProvider(new BouncyCastleProvider());
        File canonicalFile = new File(UTIL.getDataTestDir(TestNettyTLSIPCFileWatcher.class.getSimpleName()).toString()).getCanonicalFile();
        FileUtils.forceMkdir(canonicalFile);
        CONF.setBoolean("hbase.server.netty.tls.enabled", true);
        PROVIDER = new X509TestContextProvider(CONF, canonicalFile);
        EVENT_LOOP_GROUP_CONFIG = new NettyEventLoopGroupConfig(CONF, TestNettyTLSIPCFileWatcher.class.getSimpleName());
        SERVER = (HRegionServer) Mockito.mock(HRegionServer.class);
        Mockito.when(SERVER.getEventLoopGroupConfig()).thenReturn(EVENT_LOOP_GROUP_CONFIG);
    }

    @AfterClass
    public static void tearDownAfterClass() throws InterruptedException {
        Security.removeProvider("BC");
        EVENT_LOOP_GROUP_CONFIG.group().shutdownGracefully().sync();
        UTIL.cleanupTestDir();
    }

    @Before
    public void setUp() throws IOException {
        this.x509TestContext = PROVIDER.get(this.keyType, this.keyType, "keyPa$$word".toCharArray());
        this.x509TestContext.setConfigurations(this.storeFileType, this.storeFileType);
        CONF.setBoolean("hbase.server.netty.tls.supportplaintext", false);
        CONF.setBoolean("hbase.client.netty.tls.enabled", true);
        CONF.setBoolean("hbase.rpc.tls.certReload", true);
    }

    @After
    public void tearDown() {
        this.x509TestContext.clearConfigurations();
        this.x509TestContext.getConf().unset("hbase.rpc.tls.ocsp");
        this.x509TestContext.getConf().unset("hbase.rpc.tls.clr");
        this.x509TestContext.getConf().unset("hbase.rpc.tls.protocol");
        System.clearProperty("com.sun.net.ssl.checkRevocation");
        System.clearProperty("com.sun.security.enableCRLDP");
        Security.setProperty("ocsp.enable", Boolean.FALSE.toString());
        Security.setProperty("com.sun.security.enableCRLDP", Boolean.FALSE.toString());
    }

    @Test
    public void testReplaceServerKeystore() throws IOException, ServiceException, GeneralSecurityException, OperatorCreationException {
        Throwable th;
        Configuration configuration = new Configuration(CONF);
        RpcServer createRpcServer = createRpcServer("testRpcServer", Lists.newArrayList(new RpcServer.BlockingServiceAndInterface[]{new RpcServer.BlockingServiceAndInterface(TestProtobufRpcServiceImpl.SERVICE, (Class) null)}), new InetSocketAddress(TestProtoBufRpc.ADDRESS, 0), CONF, new FifoRpcScheduler(CONF, 1));
        try {
            createRpcServer.start();
            NettyRpcClient nettyRpcClient = new NettyRpcClient(configuration);
            Throwable th2 = null;
            try {
                try {
                    TestRpcServiceProtos.TestProtobufRpcProto.BlockingInterface newBlockingStub = TestProtobufRpcServiceImpl.newBlockingStub(nettyRpcClient, createRpcServer.getListenerAddress());
                    HBaseRpcControllerImpl hBaseRpcControllerImpl = new HBaseRpcControllerImpl();
                    Assert.assertEquals("hello", newBlockingStub.echo(hBaseRpcControllerImpl, TestProtos.EchoRequestProto.newBuilder().setMessage("hello").build()).getMessage());
                    Assert.assertNull(hBaseRpcControllerImpl.cellScanner());
                    if (nettyRpcClient != null) {
                        if (0 != 0) {
                            try {
                                nettyRpcClient.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            nettyRpcClient.close();
                        }
                    }
                    this.x509TestContext.regenerateStores(this.keyType, this.keyType, this.storeFileType, this.storeFileType, new String[0]);
                    nettyRpcClient = new NettyRpcClient(configuration);
                    th = null;
                } finally {
                }
                try {
                    try {
                        TestRpcServiceProtos.TestProtobufRpcProto.BlockingInterface newBlockingStub2 = TestProtobufRpcServiceImpl.newBlockingStub(nettyRpcClient, createRpcServer.getListenerAddress());
                        HBaseRpcControllerImpl hBaseRpcControllerImpl2 = new HBaseRpcControllerImpl();
                        Assert.assertEquals("hello", newBlockingStub2.echo(hBaseRpcControllerImpl2, TestProtos.EchoRequestProto.newBuilder().setMessage("hello").build()).getMessage());
                        Assert.assertNull(hBaseRpcControllerImpl2.cellScanner());
                        if (nettyRpcClient != null) {
                            if (0 != 0) {
                                try {
                                    nettyRpcClient.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                nettyRpcClient.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            createRpcServer.stop();
        }
    }

    @Test
    public void testReplaceClientAndServerKeystore() throws GeneralSecurityException, IOException, OperatorCreationException, ServiceException {
        Configuration configuration = new Configuration(CONF);
        RpcServer createRpcServer = createRpcServer("testRpcServer", Lists.newArrayList(new RpcServer.BlockingServiceAndInterface[]{new RpcServer.BlockingServiceAndInterface(TestProtobufRpcServiceImpl.SERVICE, (Class) null)}), new InetSocketAddress(TestProtoBufRpc.ADDRESS, 0), CONF, new FifoRpcScheduler(CONF, 1));
        try {
            createRpcServer.start();
            NettyRpcClient nettyRpcClient = new NettyRpcClient(configuration);
            Throwable th = null;
            try {
                try {
                    TestRpcServiceProtos.TestProtobufRpcProto.BlockingInterface newBlockingStub = TestProtobufRpcServiceImpl.newBlockingStub(nettyRpcClient, createRpcServer.getListenerAddress());
                    HBaseRpcControllerImpl hBaseRpcControllerImpl = new HBaseRpcControllerImpl();
                    Assert.assertEquals("hello", newBlockingStub.echo(hBaseRpcControllerImpl, TestProtos.EchoRequestProto.newBuilder().setMessage("hello").build()).getMessage());
                    Assert.assertNull(hBaseRpcControllerImpl.cellScanner());
                    this.x509TestContext.regenerateStores(this.keyType, this.keyType, this.storeFileType, this.storeFileType, new String[0]);
                    nettyRpcClient.cancelConnections(ServerName.valueOf(Address.fromSocketAddress(createRpcServer.getListenerAddress()), 0L));
                    Assert.assertEquals("hello", newBlockingStub.echo(hBaseRpcControllerImpl, TestProtos.EchoRequestProto.newBuilder().setMessage("hello").build()).getMessage());
                    Assert.assertNull(hBaseRpcControllerImpl.cellScanner());
                    if (nettyRpcClient != null) {
                        if (0 != 0) {
                            try {
                                nettyRpcClient.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            nettyRpcClient.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            createRpcServer.stop();
        }
    }

    private RpcServer createRpcServer(String str, List<RpcServer.BlockingServiceAndInterface> list, InetSocketAddress inetSocketAddress, Configuration configuration, RpcScheduler rpcScheduler) throws IOException {
        return new NettyRpcServer(SERVER, str, list, inetSocketAddress, configuration, rpcScheduler, true);
    }
}
