package org.apache.hadoop.hdds.datanode.metadata;

import java.io.File;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificate.authority.CRLApprover;
import org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultCRLApprover;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec;
import org.apache.hadoop.hdds.security.x509.crl.CRLInfo;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.ozone.test.GenericTestUtils;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/hdds/datanode/metadata/TestDatanodeCRLStoreImpl.class */
public class TestDatanodeCRLStoreImpl {
    private File testDir;
    private OzoneConfiguration conf;
    private DatanodeCRLStore dnCRLStore;
    private KeyPair keyPair;
    private CRLApprover crlApprover;
    private SecurityConfig securityConfig;

    @Before
    public void setUp() throws Exception {
        this.testDir = GenericTestUtils.getRandomizedTestDir();
        this.conf = new OzoneConfiguration();
        this.conf.set("ozone.metadata.dirs", this.testDir.getPath());
        this.dnCRLStore = new DatanodeCRLStoreImpl(this.conf);
        this.keyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        this.securityConfig = new SecurityConfig(this.conf);
    }

    @Before
    public void initCRLApprover() {
        this.crlApprover = new DefaultCRLApprover(this.securityConfig, this.keyPair.getPrivate());
    }

    @After
    public void tearDown() {
        FileUtil.fullyDelete(this.testDir);
    }

    @After
    public void destroyDbStore() throws Exception {
        if (this.dnCRLStore.getStore() != null) {
            this.dnCRLStore.getStore().close();
        }
    }

    @Test
    public void testCRLStore() throws Exception {
        Assert.assertNotNull(this.dnCRLStore.getStore());
        this.dnCRLStore.getCRLSequenceIdTable().put("CRL_SEQUENCE_ID", 5L);
        Date date = new Date();
        X509Certificate generateX509Cert = generateX509Cert();
        X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(new X509CertificateHolder(generateX509Cert().getEncoded()).getIssuer(), date);
        x509v2CRLBuilder.addCRLEntry(generateX509Cert.getSerialNumber(), date, CRLReason.lookup(9).getValue().intValue());
        this.dnCRLStore.getPendingCRLsTable().put(1L, new CRLInfo.Builder().setCrlSequenceID(1L).setCreationTimestamp(date.getTime()).setX509CRL(this.crlApprover.sign(x509v2CRLBuilder)).build());
        Assert.assertEquals(5L, this.dnCRLStore.getLatestCRLSequenceID().longValue());
        Assert.assertEquals(1L, this.dnCRLStore.getPendingCRLs().size());
        CRLInfo cRLInfo = (CRLInfo) this.dnCRLStore.getPendingCRLs().get(0);
        Assert.assertEquals(1L, cRLInfo.getCrlSequenceID());
        Assert.assertEquals(generateX509Cert.getSerialNumber(), cRLInfo.getX509CRL().getRevokedCertificates().iterator().next().getSerialNumber());
        this.dnCRLStore.stop();
        this.dnCRLStore = new DatanodeCRLStoreImpl(this.conf);
        Assert.assertEquals(5L, this.dnCRLStore.getLatestCRLSequenceID().longValue());
        Assert.assertEquals(1L, this.dnCRLStore.getPendingCRLs().size());
        this.dnCRLStore.stop();
    }

    private X509Certificate generateX509Cert() throws Exception {
        return CertificateCodec.getX509Certificate(CertificateCodec.getPEMEncodedString(KeyStoreTestUtil.generateCertificate("CN=Test", this.keyPair, 30, "SHA256withRSA")));
    }
}
