package org.apache.hadoop.hbase.rest;

import java.io.File;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Optional;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.http.ssl.KeyStoreTestUtil;
import org.apache.hadoop.hbase.rest.client.Client;
import org.apache.hadoop.hbase.rest.client.Cluster;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.testclassification.RestTests;
import org.apache.http.client.ClientProtocolException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({RestTests.class, MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/rest/TestRESTServerSSL.class */
public class TestRESTServerSSL {
    private static final String KEY_STORE_PASSWORD = "myKSPassword";
    private static final String TRUST_STORE_PASSWORD = "myTSPassword";
    private static Client sslClient;
    private static File keyDir;
    private Configuration conf;

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestRESTServerSSL.class);
    private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
    private static final HBaseRESTTestingUtility REST_TEST_UTIL = new HBaseRESTTestingUtility();

    @BeforeClass
    public static void beforeClass() throws Exception {
        keyDir = initKeystoreDir();
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=localhost, O=server", generateKeyPair, 30, "SHA1withRSA");
        generateTrustStore("jks", generateCertificate);
        generateTrustStore("jceks", generateCertificate);
        generateTrustStore("pkcs12", generateCertificate);
        generateKeyStore("jks", generateKeyPair, generateCertificate);
        generateKeyStore("jceks", generateKeyPair, generateCertificate);
        generateKeyStore("pkcs12", generateKeyPair, generateCertificate);
        TEST_UTIL.startMiniCluster();
    }

    @AfterClass
    public static void afterClass() throws Exception {
        TEST_UTIL.shutdownMiniCluster();
    }

    @Before
    public void beforeEachTest() {
        this.conf = new Configuration(TEST_UTIL.getConfiguration());
        this.conf.set("hbase.rest.ssl.enabled", "true");
        this.conf.set("hbase.rest.ssl.keystore.keypassword", KEY_STORE_PASSWORD);
        this.conf.set("hbase.rest.ssl.keystore.password", KEY_STORE_PASSWORD);
        this.conf.set("hbase.rest.ssl.truststore.password", TRUST_STORE_PASSWORD);
    }

    @After
    public void tearDownAfterTest() {
        REST_TEST_UTIL.shutdownServletContainer();
    }

    @Test
    public void testSslConnection() throws Exception {
        startRESTServerWithDefaultKeystoreType();
        Assert.assertEquals(200L, sslClient.get("/version", "text/plain").getCode());
    }

    @Test(expected = ClientProtocolException.class)
    public void testNonSslClientDenied() throws Exception {
        startRESTServerWithDefaultKeystoreType();
        new Client(new Cluster().add("localhost", REST_TEST_UTIL.getServletPort()), false).get("/version");
    }

    @Test
    public void testSslConnectionUsingKeystoreFormatJKS() throws Exception {
        startRESTServer("jks");
        Assert.assertEquals(200L, sslClient.get("/version", "text/plain").getCode());
    }

    @Test
    public void testSslConnectionUsingKeystoreFormatJCEKS() throws Exception {
        startRESTServer("jceks");
        Assert.assertEquals(200L, sslClient.get("/version", "text/plain").getCode());
    }

    @Test
    public void testSslConnectionUsingKeystoreFormatPKCS12() throws Exception {
        startRESTServer("pkcs12");
        Assert.assertEquals(200L, sslClient.get("/version", "text/plain").getCode());
    }

    private static File initKeystoreDir() {
        File file = new File(TEST_UTIL.getDataTestDir().toString(), TestRESTServerSSL.class.getSimpleName() + "_keys");
        file.mkdirs();
        return file;
    }

    private static void generateKeyStore(String str, KeyPair keyPair, X509Certificate x509Certificate) throws Exception {
        KeyStoreTestUtil.createKeyStore(getKeystoreFilePath(str), KEY_STORE_PASSWORD, KEY_STORE_PASSWORD, "serverKS", keyPair.getPrivate(), x509Certificate, str);
    }

    private static void generateTrustStore(String str, X509Certificate x509Certificate) throws Exception {
        KeyStoreTestUtil.createTrustStore(getTruststoreFilePath(str), TRUST_STORE_PASSWORD, "serverTS", x509Certificate, str);
    }

    private static String getKeystoreFilePath(String str) {
        return String.format("%s/serverKS.%s", keyDir.getAbsolutePath(), str);
    }

    private static String getTruststoreFilePath(String str) {
        return String.format("%s/serverTS.%s", keyDir.getAbsolutePath(), str);
    }

    private void startRESTServerWithDefaultKeystoreType() throws Exception {
        this.conf.set("hbase.rest.ssl.keystore.store", getKeystoreFilePath("jks"));
        this.conf.set("hbase.rest.ssl.truststore.store", getTruststoreFilePath("jks"));
        REST_TEST_UTIL.startServletContainer(this.conf);
        sslClient = new Client(new Cluster().add("localhost", REST_TEST_UTIL.getServletPort()), getTruststoreFilePath("jks"), Optional.of(TRUST_STORE_PASSWORD), Optional.empty());
    }

    private void startRESTServer(String str) throws Exception {
        this.conf.set("hbase.rest.ssl.keystore.type", str);
        this.conf.set("hbase.rest.ssl.keystore.store", getKeystoreFilePath(str));
        this.conf.set("hbase.rest.ssl.truststore.store", getTruststoreFilePath(str));
        this.conf.set("hbase.rest.ssl.truststore.type", str);
        REST_TEST_UTIL.startServletContainer(this.conf);
        sslClient = new Client(new Cluster().add("localhost", REST_TEST_UTIL.getServletPort()), getTruststoreFilePath(str), Optional.of(TRUST_STORE_PASSWORD), Optional.of(str));
    }
}
