package org.apache.hadoop.security.ssl;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import org.apache.commons.io.FileUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;

/* loaded from: input_file:org/apache/hadoop/security/ssl/TestReloadingX509KeyManager.class */
public class TestReloadingX509KeyManager {
    private static final String BASE_DIR = GenericTestUtils.getTempPath(TestReloadingX509KeyManager.class.getSimpleName());
    private static final File baseDirFile = new File(BASE_DIR);
    private final Log LOG = LogFactory.getLog(TestReloadingX509KeyManager.class);
    private final String KEY_PAIR_ALGORITHM = "RSA";
    private final String CERTIFICATE_ALGORITHM = "SHA1withRSA";
    private final String KEYSTORE_PASSWORD = "password";

    @Rule
    public final ExpectedException rule = ExpectedException.none();

    @BeforeClass
    public static void setUp() throws IOException {
        FileUtils.deleteDirectory(baseDirFile);
        baseDirFile.mkdirs();
    }

    @Before
    public void beforeTest() {
        KeyManagersReloaderThreadPool.getInstance(true).clearListOfTasks();
    }

    @AfterClass
    public static void tearDown() throws IOException {
        FileUtils.deleteDirectory(baseDirFile);
    }

    @Test(timeout = 4000)
    public void testReload() throws Exception {
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=cert1", generateKeyPair, 2, "SHA1withRSA");
        String path = Paths.get(BASE_DIR, "testKeystore.jks").toString();
        KeyStoreTestUtil.createKeyStore(path, "password", "cert1", generateKeyPair.getPrivate(), generateCertificate);
        ReloadingX509KeyManager reloadingX509KeyManager = new ReloadingX509KeyManager("jks", path, "password", "password", 10L, TimeUnit.MILLISECONDS);
        try {
            reloadingX509KeyManager.init();
            TimeUnit reloadTimeUnit = reloadingX509KeyManager.getReloadTimeUnit();
            long reloadInterval = reloadingX509KeyManager.getReloadInterval();
            X509Certificate[] certificateChain = reloadingX509KeyManager.getCertificateChain("cert1");
            Assert.assertNotNull("Certificate chain should not be null for alias cert1", certificateChain);
            Assert.assertEquals("Certificate chain should be 1", 1L, certificateChain.length);
            Assert.assertEquals("DN for cert1 should be CN=cert1", generateCertificate.getSubjectDN().getName(), certificateChain[0].getSubjectDN().getName());
            reloadTimeUnit.sleep(reloadInterval);
            TimeUnit.SECONDS.sleep(1L);
            X509Certificate generateCertificate2 = KeyStoreTestUtil.generateCertificate("CN=cert2", generateKeyPair, 2, "SHA1withRSA");
            KeyStoreTestUtil.createKeyStore(path, "password", "cert2", generateKeyPair.getPrivate(), generateCertificate2);
            reloadTimeUnit.sleep(reloadInterval * 2);
            Assert.assertNull("Certificate chain for alias cert1 should be null", reloadingX509KeyManager.getCertificateChain("cert1"));
            X509Certificate[] certificateChain2 = reloadingX509KeyManager.getCertificateChain("cert2");
            Assert.assertNotNull("Certificate chain should not be null for alias cert2", certificateChain2);
            Assert.assertEquals("Certificate chain should be 1", 1L, certificateChain2.length);
            Assert.assertEquals("DN for cert2 should be CN=cert2", generateCertificate2.getSubjectDN().getName(), certificateChain2[0].getSubjectDN().getName());
            reloadingX509KeyManager.stop();
        } catch (Throwable th) {
            reloadingX509KeyManager.stop();
            throw th;
        }
    }

    @Test
    public void testLoadMissingKeyStore() throws Exception {
        String path = Paths.get(BASE_DIR, "testKeystore.jks").toString();
        this.rule.expect(IOException.class);
        ReloadingX509KeyManager reloadingX509KeyManager = new ReloadingX509KeyManager("jks", path, "", "", 10L, TimeUnit.MILLISECONDS);
        try {
            reloadingX509KeyManager.init();
        } finally {
            reloadingX509KeyManager.stop();
        }
    }

    @Test
    public void testLoadCorruptedKeyStore() throws Exception {
        String path = Paths.get(BASE_DIR, "corrupterTestKeystore.jks").toString();
        FileOutputStream fileOutputStream = new FileOutputStream(path);
        fileOutputStream.write("something".getBytes());
        fileOutputStream.close();
        this.rule.expect(IOException.class);
        this.rule.expectMessage("Invalid keystore format");
        ReloadingX509KeyManager reloadingX509KeyManager = new ReloadingX509KeyManager("jks", path, "", "", 10L, TimeUnit.MILLISECONDS);
        try {
            reloadingX509KeyManager.init();
            reloadingX509KeyManager.stop();
        } catch (Throwable th) {
            reloadingX509KeyManager.stop();
            throw th;
        }
    }

    @Test(timeout = 4000)
    public void testReloadMissingKeyStore() throws Exception {
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=cert", generateKeyPair, 2, "SHA1withRSA");
        String path = Paths.get(BASE_DIR, "testKeystore.jks").toString();
        KeyStoreTestUtil.createKeyStore(path, "password", "cert", generateKeyPair.getPrivate(), generateCertificate);
        ReloadingX509KeyManager reloadingX509KeyManager = new ReloadingX509KeyManager("jks", path, "password", "password", 10L, TimeUnit.MILLISECONDS);
        try {
            reloadingX509KeyManager.init();
            Assert.assertNotNull("Certificate chain should not be null for alias cert", reloadingX509KeyManager.getCertificateChain("cert"));
            FileUtils.forceDelete(new File(path));
            reloadingX509KeyManager.getReloadTimeUnit().sleep(reloadingX509KeyManager.getReloadInterval());
            TimeUnit.SECONDS.sleep(1L);
            Assert.assertFalse("Key manager should detect file does not exist", reloadingX509KeyManager.getFileExists().get());
            Assert.assertNotNull("Certificate chain should not be null for alias cert", reloadingX509KeyManager.getCertificateChain("cert"));
            reloadingX509KeyManager.stop();
        } catch (Throwable th) {
            reloadingX509KeyManager.stop();
            throw th;
        }
    }

    @Test(timeout = 4000)
    public void testReloadCorruptedKeyStore() throws Exception {
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=cert", generateKeyPair, 2, "SHA1withRSA");
        String path = Paths.get(BASE_DIR, "testKeystore.jks").toString();
        KeyStoreTestUtil.createKeyStore(path, "password", "cert", generateKeyPair.getPrivate(), generateCertificate);
        ReloadingX509KeyManager reloadingX509KeyManager = new ReloadingX509KeyManager("jks", path, "password", "password", 10L, TimeUnit.MILLISECONDS);
        try {
            reloadingX509KeyManager.init();
            Assert.assertNotNull("Certificate chain should not be null for alias cert", reloadingX509KeyManager.getCertificateChain("cert"));
            reloadingX509KeyManager.getReloadTimeUnit().sleep(reloadingX509KeyManager.getReloadInterval());
            TimeUnit.SECONDS.sleep(1L);
            FileOutputStream fileOutputStream = new FileOutputStream(path);
            fileOutputStream.write("something".getBytes());
            fileOutputStream.close();
            reloadingX509KeyManager.getReloadTimeUnit().sleep(reloadingX509KeyManager.getReloadInterval());
            TimeUnit.SECONDS.sleep(1L);
            X509Certificate[] certificateChain = reloadingX509KeyManager.getCertificateChain("cert");
            Assert.assertNotNull("Certificate chain should not be null for alias cert", certificateChain);
            Assert.assertEquals("DN for cert should be CN=cert", generateCertificate.getSubjectDN().getName(), certificateChain[0].getSubjectDN().getName());
            Iterator it = KeyManagersReloaderThreadPool.getInstance(true).getListOfTasks().iterator();
            while (it.hasNext()) {
                Assert.assertTrue(((ScheduledFuture) it.next()).isCancelled());
            }
            Assert.assertEquals(4L, reloadingX509KeyManager.getNumberOfFailures());
            reloadingX509KeyManager.stop();
        } catch (Throwable th) {
            reloadingX509KeyManager.stop();
            throw th;
        }
    }

    @Test
    public void testReloadWithPasswordfile() throws Exception {
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=cert1", generateKeyPair, 2, "SHA1withRSA");
        String path = Paths.get(BASE_DIR, "testKeystore.jks").toString();
        KeyStoreTestUtil.createKeyStore(path, "password", "cert1", generateKeyPair.getPrivate(), generateCertificate);
        String path2 = Paths.get(BASE_DIR, "password_file").toString();
        FileUtils.write(new File(path2), "password");
        ReloadingX509KeyManager reloadingX509KeyManager = new ReloadingX509KeyManager("jks", path, "wrong-password", path2, "wrong-password", 10L, TimeUnit.MILLISECONDS);
        try {
            reloadingX509KeyManager.init();
            TimeUnit reloadTimeUnit = reloadingX509KeyManager.getReloadTimeUnit();
            long reloadInterval = reloadingX509KeyManager.getReloadInterval();
            X509Certificate[] certificateChain = reloadingX509KeyManager.getCertificateChain("cert1");
            Assert.assertNotNull("Certificate chain should not be null for alias cert1", certificateChain);
            Assert.assertEquals("Certificate chain should be 1", 1L, certificateChain.length);
            Assert.assertEquals("DN for cert1 should be CN=cert1", generateCertificate.getSubjectDN().getName(), certificateChain[0].getSubjectDN().getName());
            reloadTimeUnit.sleep(reloadInterval);
            TimeUnit.SECONDS.sleep(1L);
            X509Certificate generateCertificate2 = KeyStoreTestUtil.generateCertificate("CN=cert2", generateKeyPair, 2, "SHA1withRSA");
            KeyStoreTestUtil.createKeyStore(path, "password1", "cert2", generateKeyPair.getPrivate(), generateCertificate2);
            FileUtils.write(new File(path2), "password1");
            reloadTimeUnit.sleep(reloadInterval * 2);
            Assert.assertNull("Certificate chain for alias cert1 should be null", reloadingX509KeyManager.getCertificateChain("cert1"));
            X509Certificate[] certificateChain2 = reloadingX509KeyManager.getCertificateChain("cert2");
            Assert.assertNotNull("Certificate chain should not be null for alias cert2", certificateChain2);
            Assert.assertEquals("Certificate chain should be 1", 1L, certificateChain2.length);
            Assert.assertEquals("DN for cert2 should be CN=cert2", generateCertificate2.getSubjectDN().getName(), certificateChain2[0].getSubjectDN().getName());
            reloadingX509KeyManager.stop();
        } catch (Throwable th) {
            reloadingX509KeyManager.stop();
            throw th;
        }
    }
}
