package org.apache.hadoop.security.ssl;

import io.hops.hadoop.shaded.org.apache.commons.io.FileUtils;
import io.hops.hadoop.shaded.org.apache.commons.math3.util.Pair;
import io.hops.hadoop.shaded.org.apache.zookeeper.common.X509Util;
import io.hops.security.HopsFileBasedKeyStoresFactory;
import io.hops.security.SuperuserKeystoresLoader;
import java.io.File;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.net.HopsSSLSocketFactory;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.After;
import org.junit.Rule;
import org.junit.rules.ExpectedException;
import org.junit.runners.Parameterized;

/* loaded from: input_file:org/apache/hadoop/security/ssl/HopsSSLTestUtils.class */
public class HopsSSLTestUtils {
    private String outDir;
    private Path serverKeyStore;
    private Path serverTrustStore;
    private Path c_clientKeyStore;
    private Path c_clientTrustStore;
    protected Path err_clientKeyStore;
    protected Path err_clientTrustStore;
    protected List<Path> filesToPurge;
    protected Configuration conf;
    protected Thread invoker;
    protected static final String KEY_ALG = "RSA";
    protected static final String SIGN_ALG = "SHA256withRSA";
    private final Log LOG = LogFactory.getLog(HopsSSLTestUtils.class);
    protected CERT_ERR error_mode = CERT_ERR.ERR_CN;
    protected String passwd = "123456";

    @Rule
    public final ExpectedException rule = ExpectedException.none();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/hadoop/security/ssl/HopsSSLTestUtils$CERT_ERR.class */
    public enum CERT_ERR {
        ERR_CN,
        NO_CA,
        NO_ERROR
    }

    @Parameterized.Parameters
    public static Collection parameters() {
        return Arrays.asList(new Object[]{CERT_ERR.ERR_CN}, new Object[]{CERT_ERR.NO_CA});
    }

    @After
    public void destroy() throws Exception {
        if (null != this.filesToPurge) {
            purgeFiles(this.filesToPurge);
        }
    }

    private void purgeFiles(List<Path> list) throws Exception {
        Iterator<Path> it = list.iterator();
        while (it.hasNext()) {
            File file = new File(it.next().toUri());
            if (file.exists()) {
                file.delete();
            }
        }
    }

    protected void setCryptoConfig(Configuration configuration, String str) throws Exception {
        configuration.set("hadoop.rpc.socket.factory.class.default", "org.apache.hadoop.net.HopsSSLSocketFactory");
        configuration.setBoolean("ipc.server.ssl.enabled", true);
        configuration.set("hadoop.ssl.enabled.protocols", "TLSv1.2,TLSv1.1");
        configuration.set("hadoop.ssl.hostname.verifier", "ALLOW_ALL");
        configuration.set("hadoop.proxyuser." + UserGroupInformation.getCurrentUser().getUserName(), "*");
        configuration.set("hadoop.ssl.keystores.factory.class", HopsFileBasedKeyStoresFactory.class.getCanonicalName());
        configuration.set("hops.tls.superuser-material-directory", str);
        configuration.set(HopsSSLSocketFactory.CryptoKeys.KEY_STORE_FILEPATH_KEY.getValue(), this.c_clientKeyStore.toString());
        configuration.set(HopsSSLSocketFactory.CryptoKeys.KEY_STORE_PASSWORD_KEY.getValue(), this.passwd);
        configuration.set(HopsSSLSocketFactory.CryptoKeys.KEY_PASSWORD_KEY.getValue(), this.passwd);
        configuration.set(HopsSSLSocketFactory.CryptoKeys.TRUST_STORE_FILEPATH_KEY.getValue(), this.c_clientTrustStore.toString());
        configuration.set(HopsSSLSocketFactory.CryptoKeys.TRUST_STORE_PASSWORD_KEY.getValue(), this.passwd);
        configuration.set(HopsSSLSocketFactory.CryptoKeys.SOCKET_ENABLED_PROTOCOL.getValue(), X509Util.DEFAULT_PROTOCOL);
    }

    protected void configureAndWriteSSLServer(Configuration configuration, String str) throws IOException {
        Configuration createServerSSLConfig = KeyStoreTestUtil.createServerSSLConfig(this.serverKeyStore.toString(), this.passwd, this.passwd, this.serverTrustStore.toString(), this.passwd, "");
        Path path = Paths.get(str, HopsSSLTestUtils.class.getSimpleName() + ".ssl-server.xml");
        this.filesToPurge.add(path);
        KeyStoreTestUtil.saveConfig(new File(path.toUri()), createServerSSLConfig);
        configuration.set("hadoop.ssl.server.conf", HopsSSLTestUtils.class.getSimpleName() + ".ssl-server.xml");
    }

    protected Pair<KeyPair, X509Certificate> generateCAMaterial(String str) throws GeneralSecurityException {
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair(KEY_ALG);
        return new Pair<>(generateKeyPair, KeyStoreTestUtil.generateCertificate(str, generateKeyPair, 42, SIGN_ALG, true));
    }

    protected List<Path> prepareCryptoMaterial(String str) throws Exception {
        return prepareCryptoMaterial(str, generateCAMaterial("CN=CARoot"));
    }

    protected List<Path> prepareCryptoMaterial(String str, Pair<KeyPair, X509Certificate> pair) throws Exception {
        ArrayList arrayList = new ArrayList();
        this.outDir = str;
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        SuperuserKeystoresLoader superuserKeystoresLoader = new SuperuserKeystoresLoader((Configuration) null);
        this.serverKeyStore = Paths.get(str, superuserKeystoresLoader.getSuperKeystoreFilename(currentUser.getUserName()));
        this.serverTrustStore = Paths.get(str, superuserKeystoresLoader.getSuperTruststoreFilename(currentUser.getUserName()));
        Path path = Paths.get(str, superuserKeystoresLoader.getSuperMaterialPasswdFilename(currentUser.getUserName()));
        FileUtils.writeStringToFile(path.toFile(), this.passwd);
        arrayList.add(this.serverKeyStore);
        arrayList.add(this.serverTrustStore);
        arrayList.add(path);
        KeyPair keyPair = (KeyPair) pair.getFirst();
        X509Certificate x509Certificate = (X509Certificate) pair.getSecond();
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair(KEY_ALG);
        KeyStoreTestUtil.createKeyStore(this.serverKeyStore.toString(), this.passwd, this.passwd, "server_alias", generateKeyPair.getPrivate(), KeyStoreTestUtil.generateSignedCertificate("CN=serverCrt", generateKeyPair, 42, SIGN_ALG, keyPair.getPrivate(), x509Certificate));
        KeyStoreTestUtil.createTrustStore(this.serverTrustStore.toString(), this.passwd, "CARoot", x509Certificate);
        KeyPair generateKeyPair2 = KeyStoreTestUtil.generateKeyPair(KEY_ALG);
        String str2 = "CN=" + UserGroupInformation.getCurrentUser().getUserName();
        X509Certificate generateSignedCertificate = KeyStoreTestUtil.generateSignedCertificate(str2, generateKeyPair2, 42, SIGN_ALG, keyPair.getPrivate(), x509Certificate);
        this.c_clientKeyStore = Paths.get(str, "c_client.keystore.jks");
        this.c_clientTrustStore = Paths.get(str, "c_client.truststore.jks");
        arrayList.add(this.c_clientKeyStore);
        arrayList.add(this.c_clientTrustStore);
        KeyStoreTestUtil.createKeyStore(this.c_clientKeyStore.toString(), this.passwd, this.passwd, "c_client_alias", generateKeyPair2.getPrivate(), generateSignedCertificate);
        KeyStoreTestUtil.createTrustStore(this.c_clientTrustStore.toString(), this.passwd, "CARoot", x509Certificate);
        if (this.error_mode.equals(CERT_ERR.NO_CA)) {
            this.LOG.info("no ca error mode");
            KeyPair generateKeyPair3 = KeyStoreTestUtil.generateKeyPair(KEY_ALG);
            X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate(str2, generateKeyPair3, 42, SIGN_ALG);
            this.err_clientKeyStore = Paths.get(str, "noCA_client.keystore.jks");
            this.err_clientTrustStore = Paths.get(str, "noCA_client.truststore.jks");
            arrayList.add(this.err_clientKeyStore);
            arrayList.add(this.err_clientTrustStore);
            KeyStoreTestUtil.createKeyStore(this.err_clientKeyStore.toString(), this.passwd, this.passwd, "noca_client_alias", generateKeyPair3.getPrivate(), generateCertificate);
            KeyStoreTestUtil.createTrustStore(this.err_clientTrustStore.toString(), this.passwd, "CARoot", x509Certificate);
        } else if (this.error_mode.equals(CERT_ERR.ERR_CN)) {
            this.LOG.info("wrong cn error mode");
            KeyPair generateKeyPair4 = KeyStoreTestUtil.generateKeyPair(KEY_ALG);
            X509Certificate generateSignedCertificate2 = KeyStoreTestUtil.generateSignedCertificate("CN=Phil Lynott", generateKeyPair4, 42, SIGN_ALG, keyPair.getPrivate(), x509Certificate);
            this.err_clientKeyStore = Paths.get(str, "errCN_client.keystore.jks");
            this.err_clientTrustStore = Paths.get(str, "errCN_client.truststore.jks");
            arrayList.add(this.err_clientKeyStore);
            arrayList.add(this.err_clientTrustStore);
            KeyStoreTestUtil.createKeyStore(this.err_clientKeyStore.toString(), this.passwd, this.passwd, "errcn_client_alias", generateKeyPair4.getPrivate(), generateSignedCertificate2);
            KeyStoreTestUtil.createTrustStore(this.err_clientTrustStore.toString(), this.passwd, "CARoot", x509Certificate);
        }
        return arrayList;
    }
}
