package org.apache.hadoop.crypto.key;

import java.net.URI;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
import org.apache.hadoop.crypto.key.UserProvider;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-common-2.6.2-tests.jar:org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.class
  input_file:hadoop-common-2.6.2/share/hadoop/common/hadoop-common-2.6.2-tests.jar:org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.class
 */
/* loaded from: input_file:test-classes/org/apache/hadoop/crypto/key/TestKeyProviderCryptoExtension.class */
public class TestKeyProviderCryptoExtension {
    private static final String CIPHER = "AES";
    private static final String ENCRYPTION_KEY_NAME = "fooKey";
    private static Configuration conf;
    private static KeyProvider kp;
    private static KeyProviderCryptoExtension kpExt;
    private static KeyProvider.Options options;
    private static KeyProvider.KeyVersion encryptionKey;

    @BeforeClass
    public static void setup() throws Exception {
        conf = new Configuration();
        kp = new UserProvider.Factory().createProvider(new URI("user:///"), conf);
        kpExt = KeyProviderCryptoExtension.createKeyProviderCryptoExtension(kp);
        options = new KeyProvider.Options(conf);
        options.setCipher(CIPHER);
        options.setBitLength(128);
        encryptionKey = kp.createKey(ENCRYPTION_KEY_NAME, SecureRandom.getSeed(16), options);
    }

    @Test
    public void testGenerateEncryptedKey() throws Exception {
        KeyProviderCryptoExtension.EncryptedKeyVersion generateEncryptedKey = kpExt.generateEncryptedKey(encryptionKey.getName());
        Assert.assertEquals("Version name of EEK should be EEK", KeyProviderCryptoExtension.EEK, generateEncryptedKey.getEncryptedKeyVersion().getVersionName());
        Assert.assertEquals("Name of EEK should be encryption key name", ENCRYPTION_KEY_NAME, generateEncryptedKey.getEncryptionKeyName());
        Assert.assertNotNull("Expected encrypted key material", generateEncryptedKey.getEncryptedKeyVersion().getMaterial());
        Assert.assertEquals("Length of encryption key material and EEK material should be the same", encryptionKey.getMaterial().length, generateEncryptedKey.getEncryptedKeyVersion().getMaterial().length);
        KeyProvider.KeyVersion decryptEncryptedKey = kpExt.decryptEncryptedKey(generateEncryptedKey);
        Assert.assertEquals(KeyProviderCryptoExtension.EK, decryptEncryptedKey.getVersionName());
        Assert.assertEquals(encryptionKey.getMaterial().length, decryptEncryptedKey.getMaterial().length);
        if (Arrays.equals(decryptEncryptedKey.getMaterial(), encryptionKey.getMaterial())) {
            Assert.fail("Encrypted key material should not equal encryption key material");
        }
        if (Arrays.equals(generateEncryptedKey.getEncryptedKeyVersion().getMaterial(), encryptionKey.getMaterial())) {
            Assert.fail("Encrypted key material should not equal decrypted key material");
        }
        Assert.assertArrayEquals(decryptEncryptedKey.getMaterial(), kpExt.decryptEncryptedKey(generateEncryptedKey).getMaterial());
        KeyProviderCryptoExtension.EncryptedKeyVersion generateEncryptedKey2 = kpExt.generateEncryptedKey(encryptionKey.getName());
        if (Arrays.equals(decryptEncryptedKey.getMaterial(), kpExt.decryptEncryptedKey(generateEncryptedKey2).getMaterial())) {
            Assert.fail("Generated EEKs should have different material!");
        }
        if (Arrays.equals(generateEncryptedKey.getEncryptedKeyIv(), generateEncryptedKey2.getEncryptedKeyIv())) {
            Assert.fail("Generated EEKs should have different IVs!");
        }
    }

    @Test
    public void testEncryptDecrypt() throws Exception {
        KeyProviderCryptoExtension.EncryptedKeyVersion generateEncryptedKey = kpExt.generateEncryptedKey(encryptionKey.getName());
        byte[] encryptedKeyIv = generateEncryptedKey.getEncryptedKeyIv();
        byte[] material = generateEncryptedKey.getEncryptedKeyVersion().getMaterial();
        Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
        cipher.init(2, new SecretKeySpec(encryptionKey.getMaterial(), CIPHER), new IvParameterSpec(KeyProviderCryptoExtension.EncryptedKeyVersion.deriveIV(encryptedKeyIv)));
        Assert.assertArrayEquals("Wrong key material from decryptEncryptedKey", cipher.doFinal(material), kpExt.decryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion.createForDecryption(generateEncryptedKey.getEncryptionKeyName(), generateEncryptedKey.getEncryptionKeyVersionName(), generateEncryptedKey.getEncryptedKeyIv(), generateEncryptedKey.getEncryptedKeyVersion().getMaterial())).getMaterial());
    }
}
