package org.apache.hadoop.ozone.security;

import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.RandomUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.security.ssl.TestSSLFactory;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.util.Time;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/security/TestOzoneTokenIdentifier.class */
public class TestOzoneTokenIdentifier {
    private static final Logger LOG = LoggerFactory.getLogger(TestOzoneTokenIdentifier.class);
    private static final String BASEDIR = GenericTestUtils.getTempPath(TestOzoneTokenIdentifier.class.getSimpleName());
    private static final String KEYSTORES_DIR = new File(BASEDIR).getAbsolutePath();
    private static File base;
    private static String sslConfsDir;
    private static final String EXCLUDE_CIPHERS = "TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,  \nSSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,  SSL_RSA_EXPORT_WITH_RC4_40_MD5,\t \nSSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5";

    @BeforeClass
    public static void setUp() throws Exception {
        base = new File(BASEDIR);
        FileUtil.fullyDelete(base);
        base.mkdirs();
    }

    private Configuration createConfiguration(boolean z, boolean z2) throws Exception {
        Configuration configuration = new Configuration();
        KeyStoreTestUtil.setupSSLConfig(KEYSTORES_DIR, sslConfsDir, configuration, z, z2, EXCLUDE_CIPHERS);
        sslConfsDir = KeyStoreTestUtil.getClasspathDir(TestSSLFactory.class);
        return configuration;
    }

    @AfterClass
    public static void cleanUp() throws Exception {
        FileUtil.fullyDelete(base);
        KeyStoreTestUtil.cleanupSSLConfig(KEYSTORES_DIR, sslConfsDir);
    }

    @Test
    public void testSignToken() throws GeneralSecurityException, IOException {
        String absolutePath = new File(KEYSTORES_DIR, "keystore.jks").getAbsolutePath();
        String absolutePath2 = new File(KEYSTORES_DIR, "truststore.jks").getAbsolutePath();
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=OzoneMaster", generateKeyPair, 30, "SHA256withRSA");
        KeyStoreTestUtil.createKeyStore(absolutePath, "keyStorePass", "keyPass", "OzoneMaster", generateKeyPair.getPrivate(), generateCertificate);
        KeyStoreTestUtil.createTrustStore(absolutePath2, "trustPass", Collections.singletonMap("server", generateCertificate));
        PrivateKey privateKey = generateKeyPair.getPrivate();
        OzoneTokenIdentifier ozoneTokenIdentifier = new OzoneTokenIdentifier();
        ozoneTokenIdentifier.setOmCertSerialId("123");
        LOG.info("{} is {}", ozoneTokenIdentifier, verifyTokenAsymmetric(ozoneTokenIdentifier, signTokenAsymmetric(ozoneTokenIdentifier, privateKey), generateCertificate) ? "valid." : "invalid.");
        OzoneTokenIdentifier ozoneTokenIdentifier2 = new OzoneTokenIdentifier(new Text("oozie"), new Text("rm"), new Text("client"));
        ozoneTokenIdentifier2.setOmCertSerialId("123");
        LOG.info("Unsigned token {} is {}", ozoneTokenIdentifier2, Boolean.valueOf(verifyTokenAsymmetric(ozoneTokenIdentifier2, RandomUtils.nextBytes(128), generateCertificate)));
    }

    public byte[] signTokenAsymmetric(OzoneTokenIdentifier ozoneTokenIdentifier, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(ozoneTokenIdentifier.getBytes());
        return signature.sign();
    }

    public boolean verifyTokenAsymmetric(OzoneTokenIdentifier ozoneTokenIdentifier, byte[] bArr, Certificate certificate) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(certificate);
        signature.update(ozoneTokenIdentifier.getBytes());
        return signature.verify(bArr);
    }

    private byte[] signTokenSymmetric(OzoneTokenIdentifier ozoneTokenIdentifier, Mac mac, SecretKey secretKey) {
        try {
            mac.init(secretKey);
            return mac.doFinal(ozoneTokenIdentifier.getBytes());
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException("Invalid key to HMAC computation", e);
        }
    }

    OzoneTokenIdentifier generateTestToken() {
        OzoneTokenIdentifier ozoneTokenIdentifier = new OzoneTokenIdentifier(new Text(RandomStringUtils.randomAlphabetic(6)), new Text(RandomStringUtils.randomAlphabetic(5)), new Text(RandomStringUtils.randomAlphabetic(4)));
        ozoneTokenIdentifier.setOmCertSerialId("123");
        return ozoneTokenIdentifier;
    }

    @Test
    public void testAsymmetricTokenPerf() throws NoSuchAlgorithmException, CertificateEncodingException, NoSuchProviderException, InvalidKeyException, SignatureException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (int i = 0; i < 1000; i++) {
            arrayList.add(generateTestToken());
        }
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=OzoneMaster", generateKeyPair, 30, "SHA256withRSA");
        long monotonicNowNanos = Time.monotonicNowNanos();
        for (int i2 = 0; i2 < 1000; i2++) {
            arrayList2.add(signTokenAsymmetric((OzoneTokenIdentifier) arrayList.get(i2), generateKeyPair.getPrivate()));
        }
        LOG.info("Average token sign time with HmacSha256(RSA/1024 key) is {} ns", Long.valueOf((Time.monotonicNowNanos() - monotonicNowNanos) / 1000));
        long monotonicNowNanos2 = Time.monotonicNowNanos();
        for (int i3 = 0; i3 < 1000; i3++) {
            verifyTokenAsymmetric((OzoneTokenIdentifier) arrayList.get(i3), (byte[]) arrayList2.get(i3), generateCertificate);
        }
        LOG.info("Average token verify time with HmacSha256(RSA/1024 key) is {} ns", Long.valueOf((Time.monotonicNowNanos() - monotonicNowNanos2) / 1000));
    }

    @Test
    public void testSymmetricTokenPerf() {
        testSymmetricTokenPerfHelper("HmacSHA1", 64);
        testSymmetricTokenPerfHelper("HmacSHA256", 1024);
    }

    public void testSymmetricTokenPerfHelper(String str, int i) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (int i2 = 0; i2 < 1000; i2++) {
            arrayList.add(generateTestToken());
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str);
            keyGenerator.init(i);
            try {
                Mac mac = Mac.getInstance(str);
                SecretKey generateKey = keyGenerator.generateKey();
                long monotonicNowNanos = Time.monotonicNowNanos();
                for (int i3 = 0; i3 < 1000; i3++) {
                    arrayList2.add(signTokenSymmetric((OzoneTokenIdentifier) arrayList.get(i3), mac, generateKey));
                }
                LOG.info("Average token sign time with {}({} symmetric key) is {} ns", new Object[]{str, Integer.valueOf(i), Long.valueOf((Time.monotonicNowNanos() - monotonicNowNanos) / 1000)});
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalArgumentException("Can't find " + str + " algorithm.");
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalArgumentException("Can't find " + str + " algorithm.");
        }
    }

    @Test
    public void testReadWriteInProtobuf() throws IOException {
        OzoneTokenIdentifier identifierInst = getIdentifierInst();
        File file = new File(BASEDIR + "/tokenFile");
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        identifierInst.write(new DataOutputStream(fileOutputStream));
        fileOutputStream.close();
        DataInputStream dataInputStream = new DataInputStream(new FileInputStream(file));
        OzoneTokenIdentifier ozoneTokenIdentifier = new OzoneTokenIdentifier();
        ozoneTokenIdentifier.readFields(dataInputStream);
        Assert.assertEquals(identifierInst, ozoneTokenIdentifier);
    }

    public OzoneTokenIdentifier getIdentifierInst() {
        OzoneTokenIdentifier ozoneTokenIdentifier = new OzoneTokenIdentifier();
        ozoneTokenIdentifier.setOwner(new Text("User1"));
        ozoneTokenIdentifier.setRenewer(new Text("yarn"));
        ozoneTokenIdentifier.setIssueDate(Time.now());
        ozoneTokenIdentifier.setMaxDate(Time.now() + 5000);
        ozoneTokenIdentifier.setSequenceNumber(1);
        ozoneTokenIdentifier.setOmCertSerialId("123");
        return ozoneTokenIdentifier;
    }
}
