package org.apache.hadoop.hdds.security.x509.certificate.client;

import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.UUID;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec;
import org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator;
import org.apache.hadoop.hdds.security.x509.keys.KeyCodec;
import org.apache.hadoop.ozone.OzoneSecurityUtil;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.ozone.test.GenericTestUtils;
import org.bouncycastle.cert.X509CertificateHolder;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/certificate/client/TestCertificateClientInit.class */
public class TestCertificateClientInit {
    private KeyPair keyPair;
    private String certSerialId = "3284792342234";
    private CertificateClient dnCertificateClient;
    private CertificateClient omCertificateClient;
    private HDDSKeyGenerator keyGenerator;
    private Path metaDirPath;
    private SecurityConfig securityConfig;
    private KeyCodec dnKeyCodec;
    private KeyCodec omKeyCodec;
    private X509Certificate x509Certificate;
    private static final String DN_COMPONENT = "dn";
    private static final String OM_COMPONENT = "om";

    @Parameterized.Parameter
    public boolean pvtKeyPresent;

    @Parameterized.Parameter(1)
    public boolean pubKeyPresent;

    @Parameterized.Parameter(2)
    public boolean certPresent;

    @Parameterized.Parameter(3)
    public CertificateClient.InitResponse expectedResult;

    @Parameterized.Parameters
    public static Collection<Object[]> initData() {
        return Arrays.asList(new Object[]{false, false, false, CertificateClient.InitResponse.GETCERT}, new Object[]{false, false, true, CertificateClient.InitResponse.FAILURE}, new Object[]{false, true, false, CertificateClient.InitResponse.FAILURE}, new Object[]{true, false, false, CertificateClient.InitResponse.FAILURE}, new Object[]{false, true, true, CertificateClient.InitResponse.FAILURE}, new Object[]{true, true, false, CertificateClient.InitResponse.GETCERT}, new Object[]{true, false, true, CertificateClient.InitResponse.SUCCESS}, new Object[]{true, true, true, CertificateClient.InitResponse.SUCCESS});
    }

    @Before
    public void setUp() throws Exception {
        OzoneConfiguration ozoneConfiguration = new OzoneConfiguration();
        this.metaDirPath = Paths.get(GenericTestUtils.getTempPath(UUID.randomUUID().toString()), "test");
        ozoneConfiguration.set("hdds.metadata.dir", this.metaDirPath.toString());
        this.securityConfig = new SecurityConfig(ozoneConfiguration);
        this.keyGenerator = new HDDSKeyGenerator(this.securityConfig);
        this.keyPair = this.keyGenerator.generateKey();
        this.x509Certificate = getX509Certificate();
        this.certSerialId = this.x509Certificate.getSerialNumber().toString();
        this.dnCertificateClient = new DNCertificateClient(this.securityConfig, this.certSerialId);
        this.omCertificateClient = new OMCertificateClient(this.securityConfig, this.certSerialId);
        this.dnKeyCodec = new KeyCodec(this.securityConfig, DN_COMPONENT);
        this.omKeyCodec = new KeyCodec(this.securityConfig, OM_COMPONENT);
        Files.createDirectories(this.securityConfig.getKeyLocation(DN_COMPONENT), new FileAttribute[0]);
        Files.createDirectories(this.securityConfig.getKeyLocation(OM_COMPONENT), new FileAttribute[0]);
    }

    @After
    public void tearDown() {
        this.dnCertificateClient = null;
        this.omCertificateClient = null;
        FileUtils.deleteQuietly(this.metaDirPath.toFile());
    }

    @Test
    public void testInitDatanode() throws Exception {
        if (this.pvtKeyPresent) {
            this.dnKeyCodec.writePrivateKey(this.keyPair.getPrivate());
        } else {
            FileUtils.deleteQuietly(Paths.get(this.securityConfig.getKeyLocation(DN_COMPONENT).toString(), this.securityConfig.getPrivateKeyFileName()).toFile());
        }
        if (!this.pubKeyPresent) {
            FileUtils.deleteQuietly(Paths.get(this.securityConfig.getKeyLocation(DN_COMPONENT).toString(), this.securityConfig.getPublicKeyFileName()).toFile());
        } else if (this.dnCertificateClient.getPublicKey() == null) {
            this.dnKeyCodec.writePublicKey(this.keyPair.getPublic());
        }
        if (this.certPresent) {
            new CertificateCodec(this.securityConfig, DN_COMPONENT).writeCertificate(new X509CertificateHolder(this.x509Certificate.getEncoded()));
        } else {
            FileUtils.deleteQuietly(Paths.get(this.securityConfig.getKeyLocation(DN_COMPONENT).toString(), this.securityConfig.getCertificateFileName()).toFile());
        }
        CertificateClient.InitResponse init = this.dnCertificateClient.init();
        Assert.assertTrue(init.equals(this.expectedResult));
        if (init.equals(CertificateClient.InitResponse.FAILURE)) {
            return;
        }
        Assert.assertTrue(OzoneSecurityUtil.checkIfFileExist(this.securityConfig.getKeyLocation(DN_COMPONENT), this.securityConfig.getPrivateKeyFileName()));
        Assert.assertTrue(OzoneSecurityUtil.checkIfFileExist(this.securityConfig.getKeyLocation(DN_COMPONENT), this.securityConfig.getPublicKeyFileName()));
    }

    @Test
    public void testInitOzoneManager() throws Exception {
        if (this.pvtKeyPresent) {
            this.omKeyCodec.writePrivateKey(this.keyPair.getPrivate());
        } else {
            FileUtils.deleteQuietly(Paths.get(this.securityConfig.getKeyLocation(OM_COMPONENT).toString(), this.securityConfig.getPrivateKeyFileName()).toFile());
        }
        if (!this.pubKeyPresent) {
            FileUtils.deleteQuietly(Paths.get(this.securityConfig.getKeyLocation(OM_COMPONENT).toString(), this.securityConfig.getPublicKeyFileName()).toFile());
        } else if (this.omCertificateClient.getPublicKey() == null) {
            this.omKeyCodec.writePublicKey(this.keyPair.getPublic());
        }
        if (this.certPresent) {
            new CertificateCodec(this.securityConfig, OM_COMPONENT).writeCertificate(new X509CertificateHolder(this.x509Certificate.getEncoded()));
        } else {
            FileUtils.deleteQuietly(Paths.get(this.securityConfig.getKeyLocation(OM_COMPONENT).toString(), this.securityConfig.getCertificateFileName()).toFile());
        }
        CertificateClient.InitResponse init = this.omCertificateClient.init();
        if (this.pvtKeyPresent && this.pubKeyPresent && !this.certPresent) {
            Assert.assertTrue(init.equals(CertificateClient.InitResponse.RECOVER));
        } else {
            Assert.assertTrue(init.equals(this.expectedResult));
        }
        if (init.equals(CertificateClient.InitResponse.FAILURE)) {
            return;
        }
        Assert.assertTrue(OzoneSecurityUtil.checkIfFileExist(this.securityConfig.getKeyLocation(OM_COMPONENT), this.securityConfig.getPrivateKeyFileName()));
        Assert.assertTrue(OzoneSecurityUtil.checkIfFileExist(this.securityConfig.getKeyLocation(OM_COMPONENT), this.securityConfig.getPublicKeyFileName()));
    }

    private X509Certificate getX509Certificate() throws Exception {
        return KeyStoreTestUtil.generateCertificate("CN=Test", this.keyPair, 10, this.securityConfig.getSignatureAlgo());
    }
}
