package org.apache.hadoop.ozone;

import java.io.File;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.concurrent.Callable;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient;
import org.apache.hadoop.hdds.security.x509.certificate.client.DNCertificateClient;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec;
import org.apache.hadoop.hdds.security.x509.keys.KeyCodec;
import org.apache.hadoop.ozone.TestHddsDatanodeService;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.test.LambdaTestUtils;
import org.apache.hadoop.util.ServicePlugin;
import org.bouncycastle.cert.X509CertificateHolder;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/ozone/TestHddsSecureDatanodeInit.class */
public class TestHddsSecureDatanodeInit {
    private static File testDir;
    private static OzoneConfiguration conf;
    private static HddsDatanodeService service;
    private static String[] args = new String[0];
    private static PrivateKey privateKey;
    private static PublicKey publicKey;
    private static GenericTestUtils.LogCapturer dnLogs;
    private static CertificateClient client;
    private static SecurityConfig securityConfig;
    private static KeyCodec keyCodec;
    private static CertificateCodec certCodec;
    private static X509CertificateHolder certHolder;

    @BeforeClass
    public static void setUp() throws Exception {
        testDir = GenericTestUtils.getRandomizedTestDir();
        conf = new OzoneConfiguration();
        conf.setBoolean("ozone.enabled", true);
        conf.set("ozone.metadata.dirs", testDir.getPath());
        conf.set("dfs.datanode.data.dir", testDir + "/disk1");
        conf.setBoolean("ozone.security.enabled", true);
        conf.setClass("hdds.datanode.plugins", TestHddsDatanodeService.MockService.class, ServicePlugin.class);
        securityConfig = new SecurityConfig(conf);
        service = HddsDatanodeService.createHddsDatanodeService(args, conf);
        dnLogs = GenericTestUtils.LogCapturer.captureLogs(HddsDatanodeService.getLogger());
        callQuietly(() -> {
            service.start((Object) null);
            return null;
        });
        callQuietly(() -> {
            service.initializeCertificateClient(conf);
            return null;
        });
        certCodec = new CertificateCodec(securityConfig);
        keyCodec = new KeyCodec(securityConfig);
        dnLogs.clearOutput();
        privateKey = service.getCertificateClient().getPrivateKey();
        publicKey = service.getCertificateClient().getPublicKey();
        certHolder = new X509CertificateHolder(KeyStoreTestUtil.generateCertificate("CN=Test", new KeyPair(publicKey, privateKey), 10, securityConfig.getSignatureAlgo()).getEncoded());
    }

    @AfterClass
    public static void tearDown() {
        FileUtil.fullyDelete(testDir);
    }

    @Before
    public void setUpDNCertClient() {
        FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation().toString(), securityConfig.getPrivateKeyFileName()).toFile());
        FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation().toString(), securityConfig.getPublicKeyFileName()).toFile());
        FileUtils.deleteQuietly(Paths.get(securityConfig.getCertificateLocation().toString(), securityConfig.getCertificateFileName()).toFile());
        dnLogs.clearOutput();
        client = new DNCertificateClient(securityConfig, certHolder.getSerialNumber().toString());
        service.setCertificateClient(client);
    }

    @Test
    public void testSecureDnStartupCase0() throws Exception {
        LambdaTestUtils.intercept(Exception.class, "", () -> {
            service.initializeCertificateClient(conf);
        });
        Assert.assertNotNull(client.getPrivateKey());
        Assert.assertNotNull(client.getPublicKey());
        Assert.assertNull(client.getCertificate());
        Assert.assertTrue(dnLogs.getOutput().contains("Init response: GETCERT"));
    }

    @Test
    public void testSecureDnStartupCase1() throws Exception {
        certCodec.writeCertificate(certHolder);
        LambdaTestUtils.intercept(RuntimeException.class, "DN security initialization failed", () -> {
            service.initializeCertificateClient(conf);
        });
        Assert.assertNull(client.getPrivateKey());
        Assert.assertNull(client.getPublicKey());
        Assert.assertNotNull(client.getCertificate());
        Assert.assertTrue(dnLogs.getOutput().contains("Init response: FAILURE"));
    }

    @Test
    public void testSecureDnStartupCase2() throws Exception {
        keyCodec.writePublicKey(publicKey);
        LambdaTestUtils.intercept(RuntimeException.class, "DN security initialization failed", () -> {
            service.initializeCertificateClient(conf);
        });
        Assert.assertNull(client.getPrivateKey());
        Assert.assertNotNull(client.getPublicKey());
        Assert.assertNull(client.getCertificate());
        Assert.assertTrue(dnLogs.getOutput().contains("Init response: FAILURE"));
    }

    @Test
    public void testSecureDnStartupCase3() throws Exception {
        keyCodec.writePublicKey(publicKey);
        certCodec.writeCertificate(certHolder);
        LambdaTestUtils.intercept(RuntimeException.class, "DN security initialization failed", () -> {
            service.initializeCertificateClient(conf);
        });
        Assert.assertNull(client.getPrivateKey());
        Assert.assertNotNull(client.getPublicKey());
        Assert.assertNotNull(client.getCertificate());
        Assert.assertTrue(dnLogs.getOutput().contains("Init response: FAILURE"));
    }

    @Test
    public void testSecureDnStartupCase4() throws Exception {
        keyCodec.writePrivateKey(privateKey);
        LambdaTestUtils.intercept(RuntimeException.class, " DN security initialization failed", () -> {
            service.initializeCertificateClient(conf);
        });
        Assert.assertNotNull(client.getPrivateKey());
        Assert.assertNull(client.getPublicKey());
        Assert.assertNull(client.getCertificate());
        Assert.assertTrue(dnLogs.getOutput().contains("Init response: FAILURE"));
        dnLogs.clearOutput();
    }

    @Test
    public void testSecureDnStartupCase5() throws Exception {
        certCodec.writeCertificate(certHolder);
        keyCodec.writePrivateKey(privateKey);
        service.initializeCertificateClient(conf);
        Assert.assertNotNull(client.getPrivateKey());
        Assert.assertNotNull(client.getPublicKey());
        Assert.assertNotNull(client.getCertificate());
        Assert.assertTrue(dnLogs.getOutput().contains("Init response: SUCCESS"));
    }

    @Test
    public void testSecureDnStartupCase6() throws Exception {
        keyCodec.writePublicKey(publicKey);
        keyCodec.writePrivateKey(privateKey);
        LambdaTestUtils.intercept(Exception.class, "", () -> {
            service.initializeCertificateClient(conf);
        });
        Assert.assertNotNull(client.getPrivateKey());
        Assert.assertNotNull(client.getPublicKey());
        Assert.assertNull(client.getCertificate());
        Assert.assertTrue(dnLogs.getOutput().contains("Init response: GETCERT"));
    }

    @Test
    public void testSecureDnStartupCase7() throws Exception {
        keyCodec.writePublicKey(publicKey);
        keyCodec.writePrivateKey(privateKey);
        certCodec.writeCertificate(certHolder);
        service.initializeCertificateClient(conf);
        Assert.assertNotNull(client.getPrivateKey());
        Assert.assertNotNull(client.getPublicKey());
        Assert.assertNotNull(client.getCertificate());
        Assert.assertTrue(dnLogs.getOutput().contains("Init response: SUCCESS"));
    }

    public static void callQuietly(Callable callable) {
        try {
            callable.call();
        } catch (Throwable th) {
        }
    }

    @Test
    public void testGetCSR() throws Exception {
        keyCodec.writePublicKey(publicKey);
        keyCodec.writePrivateKey(privateKey);
        service.setCertificateClient(client);
        Assert.assertNotNull(service.getCSR(conf));
        Assert.assertNotNull(service.getCSR(conf));
        Assert.assertNotNull(service.getCSR(conf));
        Assert.assertNotNull(service.getCSR(conf));
    }
}
