package org.apache.hadoop.hdds.security.x509.keys;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Set;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.test.LambdaTestUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/keys/TestKeyCodec.class */
public class TestKeyCodec {

    @Rule
    public TemporaryFolder temporaryFolder = new TemporaryFolder();
    private OzoneConfiguration configuration;
    private HDDSKeyGenerator keyGenerator;
    private String prefix;

    @Before
    public void init() throws IOException {
        this.configuration = new OzoneConfiguration();
        this.prefix = this.temporaryFolder.newFolder().toString();
        this.configuration.set("hdds.metadata.dir", this.prefix);
        this.keyGenerator = new HDDSKeyGenerator(this.configuration);
    }

    @Test
    public void testWriteKey() throws NoSuchProviderException, NoSuchAlgorithmException, IOException, InvalidKeySpecException {
        KeyPair generateKey = this.keyGenerator.generateKey();
        KeyCodec keyCodec = new KeyCodec(this.configuration);
        keyCodec.writeKey(generateKey);
        Path keyLocation = keyCodec.getSecurityConfig().getKeyLocation();
        Assert.assertTrue(keyLocation.toFile().exists());
        Assert.assertTrue(keyLocation.toString().startsWith(this.prefix));
        Path path = Paths.get(keyLocation.toString(), keyCodec.getSecurityConfig().getPrivateKeyFileName());
        Assert.assertTrue(path.toFile().exists());
        Path path2 = Paths.get(keyLocation.toString(), keyCodec.getSecurityConfig().getPublicKeyFileName());
        Assert.assertTrue(path2.toFile().exists());
        String str = new String(Files.readAllBytes(path), StandardCharsets.UTF_8);
        Assert.assertTrue(str.contains("PRIVATE KEY"));
        String str2 = new String(Files.readAllBytes(path2), StandardCharsets.UTF_8);
        Assert.assertTrue(str2.contains("PUBLIC KEY"));
        KeyFactory keyFactory = KeyFactory.getInstance(keyCodec.getSecurityConfig().getKeyAlgo());
        Assert.assertNotNull("Private Key should not be null", keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(str.replace("-----BEGIN PRIVATE KEY-----\n", "").replace("-----END PRIVATE KEY-----", "")))));
        Assert.assertNotNull("Public Key should not be null", keyFactory.generatePublic(new X509EncodedKeySpec(Base64.decodeBase64(str2.replace("-----BEGIN PUBLIC KEY-----\n", "").replace("-----END PUBLIC KEY-----", "")))));
        Set permissionSet = keyCodec.getPermissionSet();
        Files.getPosixFilePermissions(path, new LinkOption[0]).removeAll(permissionSet);
        Assert.assertEquals(0L, r0.size());
        Files.getPosixFilePermissions(path2, new LinkOption[0]).removeAll(permissionSet);
        Assert.assertEquals(0L, r0.size());
        Files.getPosixFilePermissions(keyLocation, new LinkOption[0]).removeAll(permissionSet);
        Assert.assertEquals(0L, r0.size());
    }

    @Test
    public void testReWriteKey() throws Exception {
        KeyPair generateKey = this.keyGenerator.generateKey();
        KeyCodec keyCodec = new KeyCodec(this.configuration);
        SecurityConfig securityConfig = keyCodec.getSecurityConfig();
        keyCodec.writeKey(generateKey);
        LambdaTestUtils.intercept(IOException.class, "Private Key file already exists.", () -> {
            keyCodec.writeKey(generateKey);
        });
        FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation().toString() + "/" + securityConfig.getPrivateKeyFileName(), new String[0]).toFile());
        LambdaTestUtils.intercept(IOException.class, "Public Key file already exists.", () -> {
            keyCodec.writeKey(generateKey);
        });
        FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation().toString() + "/" + securityConfig.getPublicKeyFileName(), new String[0]).toFile());
        keyCodec.writeKey(generateKey);
        keyCodec.writeKey(generateKey, true);
    }

    @Test
    public void testWriteKeyInNonPosixFS() throws Exception {
        KeyPair generateKey = this.keyGenerator.generateKey();
        KeyCodec keyCodec = new KeyCodec(this.configuration);
        keyCodec.setIsPosixFileSystem(() -> {
            return false;
        });
        LambdaTestUtils.intercept(IOException.class, "Unsupported File System for pem file.", () -> {
            keyCodec.writeKey(generateKey);
        });
    }

    @Test
    public void testReadWritePublicKeywithoutArgs() throws NoSuchProviderException, NoSuchAlgorithmException, IOException, InvalidKeySpecException {
        KeyPair generateKey = this.keyGenerator.generateKey();
        KeyCodec keyCodec = new KeyCodec(this.configuration);
        keyCodec.writeKey(generateKey);
        Assert.assertNotNull(keyCodec.readPublicKey());
    }
}
