package org.apache.hadoop.hdds.security.ssl;

import java.util.ArrayList;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import javax.net.ssl.SSLException;
import org.apache.hadoop.hdds.client.RatisReplicationConfig;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.protocol.DatanodeDetails;
import org.apache.hadoop.hdds.protocol.datanode.proto.ContainerProtos;
import org.apache.hadoop.hdds.protocol.datanode.proto.XceiverClientProtocolServiceGrpc;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.scm.pipeline.Pipeline;
import org.apache.hadoop.hdds.scm.pipeline.PipelineID;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.ssl.KeyStoresFactory;
import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClientTestImpl;
import org.apache.hadoop.ozone.container.ContainerTestHelper;
import org.apache.ratis.thirdparty.io.grpc.Channel;
import org.apache.ratis.thirdparty.io.grpc.ManagedChannel;
import org.apache.ratis.thirdparty.io.grpc.Server;
import org.apache.ratis.thirdparty.io.grpc.netty.GrpcSslContexts;
import org.apache.ratis.thirdparty.io.grpc.netty.NettyChannelBuilder;
import org.apache.ratis.thirdparty.io.grpc.netty.NettyServerBuilder;
import org.apache.ratis.thirdparty.io.grpc.stub.StreamObserver;
import org.apache.ratis.thirdparty.io.netty.handler.ssl.ClientAuth;
import org.apache.ratis.thirdparty.io.netty.handler.ssl.SslContextBuilder;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;

/* loaded from: input_file:org/apache/hadoop/hdds/security/ssl/TestPemFileBasedKeyStoresFactory.class */
public class TestPemFileBasedKeyStoresFactory {
    private CertificateClientTestImpl caClient;
    private SecurityConfig secConf;
    private static final int RELOAD_INTERVAL = 2000;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/hdds/security/ssl/TestPemFileBasedKeyStoresFactory$GrpcService.class */
    public static class GrpcService extends XceiverClientProtocolServiceGrpc.XceiverClientProtocolServiceImplBase {
        private GrpcService() {
        }

        public StreamObserver<ContainerProtos.ContainerCommandRequestProto> send(final StreamObserver<ContainerProtos.ContainerCommandResponseProto> streamObserver) {
            return new StreamObserver<ContainerProtos.ContainerCommandRequestProto>() { // from class: org.apache.hadoop.hdds.security.ssl.TestPemFileBasedKeyStoresFactory.GrpcService.1
                public void onNext(ContainerProtos.ContainerCommandRequestProto containerCommandRequestProto) {
                    streamObserver.onNext(ContainerProtos.ContainerCommandResponseProto.newBuilder().setCmdType(ContainerProtos.Type.CreateContainer).setResult(ContainerProtos.Result.SUCCESS).build());
                }

                public void onError(Throwable th) {
                }

                public void onCompleted() {
                    streamObserver.onCompleted();
                }
            };
        }
    }

    @BeforeEach
    public void setup() throws Exception {
        OzoneConfiguration ozoneConfiguration = new OzoneConfiguration();
        this.caClient = new CertificateClientTestImpl(ozoneConfiguration);
        this.secConf = new SecurityConfig(ozoneConfiguration);
    }

    @ValueSource(booleans = {true, false})
    @ParameterizedTest
    public void testInit(boolean z) throws Exception {
        PemFileBasedKeyStoresFactory pemFileBasedKeyStoresFactory = new PemFileBasedKeyStoresFactory(this.secConf, this.caClient);
        try {
            pemFileBasedKeyStoresFactory.init(KeyStoresFactory.Mode.CLIENT, z);
            Assertions.assertEquals(Boolean.valueOf(z), Boolean.valueOf(pemFileBasedKeyStoresFactory.getKeyManagers()[0] instanceof ReloadingX509KeyManager));
            Assertions.assertTrue(pemFileBasedKeyStoresFactory.getTrustManagers()[0] instanceof ReloadingX509TrustManager);
            pemFileBasedKeyStoresFactory.destroy();
            try {
                pemFileBasedKeyStoresFactory.init(KeyStoresFactory.Mode.SERVER, z);
                Assertions.assertTrue(pemFileBasedKeyStoresFactory.getKeyManagers()[0] instanceof ReloadingX509KeyManager);
                Assertions.assertTrue(pemFileBasedKeyStoresFactory.getTrustManagers()[0] instanceof ReloadingX509TrustManager);
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testConnectionWithCertReload() throws Exception {
        KeyStoresFactory keyStoresFactory = null;
        KeyStoresFactory keyStoresFactory2 = null;
        Server server = null;
        Channel channel = null;
        try {
            keyStoresFactory = new PemFileBasedKeyStoresFactory(this.secConf, this.caClient);
            keyStoresFactory.init(KeyStoresFactory.Mode.SERVER, true);
            server = setupServer(keyStoresFactory);
            server.start();
            keyStoresFactory2 = new PemFileBasedKeyStoresFactory(this.secConf, this.caClient);
            keyStoresFactory2.init(KeyStoresFactory.Mode.CLIENT, true);
            channel = setupClient(keyStoresFactory2, server.getPort());
            XceiverClientProtocolServiceGrpc.XceiverClientProtocolServiceStub newStub = XceiverClientProtocolServiceGrpc.newStub(channel);
            Assertions.assertEquals(ContainerProtos.Result.SUCCESS, sendRequest(newStub).getResult());
            this.caClient.renewKey();
            Thread.sleep(2000L);
            Assertions.assertEquals(ContainerProtos.Result.SUCCESS, sendRequest(newStub).getResult());
            if (channel != null) {
                channel.shutdownNow();
            }
            if (server != null) {
                server.shutdownNow();
            }
            if (keyStoresFactory2 != null) {
                keyStoresFactory2.destroy();
            }
            if (keyStoresFactory != null) {
                keyStoresFactory.destroy();
            }
        } catch (Throwable th) {
            if (channel != null) {
                channel.shutdownNow();
            }
            if (server != null) {
                server.shutdownNow();
            }
            if (keyStoresFactory2 != null) {
                keyStoresFactory2.destroy();
            }
            if (keyStoresFactory != null) {
                keyStoresFactory.destroy();
            }
            throw th;
        }
    }

    private ContainerProtos.ContainerCommandResponseProto sendRequest(XceiverClientProtocolServiceGrpc.XceiverClientProtocolServiceStub xceiverClientProtocolServiceStub) throws Exception {
        DatanodeDetails build = DatanodeDetails.newBuilder().setUuid(UUID.randomUUID()).build();
        ArrayList arrayList = new ArrayList();
        arrayList.add(build);
        ContainerProtos.ContainerCommandRequestProto createContainerRequest = ContainerTestHelper.getCreateContainerRequest(0L, Pipeline.newBuilder().setId(PipelineID.randomId()).setReplicationConfig(RatisReplicationConfig.getInstance(HddsProtos.ReplicationFactor.ONE)).setState(Pipeline.PipelineState.OPEN).setNodes(arrayList).build());
        final CompletableFuture completableFuture = new CompletableFuture();
        StreamObserver send = xceiverClientProtocolServiceStub.send(new StreamObserver<ContainerProtos.ContainerCommandResponseProto>() { // from class: org.apache.hadoop.hdds.security.ssl.TestPemFileBasedKeyStoresFactory.1
            public void onNext(ContainerProtos.ContainerCommandResponseProto containerCommandResponseProto) {
                completableFuture.complete(containerCommandResponseProto);
            }

            public void onError(Throwable th) {
            }

            public void onCompleted() {
            }
        });
        send.onNext(createContainerRequest);
        send.onCompleted();
        return (ContainerProtos.ContainerCommandResponseProto) completableFuture.get();
    }

    private ManagedChannel setupClient(KeyStoresFactory keyStoresFactory, int i) throws SSLException {
        NettyChannelBuilder forAddress = NettyChannelBuilder.forAddress("localhost", i);
        SslContextBuilder forClient = GrpcSslContexts.forClient();
        forClient.trustManager(keyStoresFactory.getTrustManagers()[0]);
        forClient.keyManager(keyStoresFactory.getKeyManagers()[0]);
        forAddress.useTransportSecurity().sslContext(forClient.build());
        return forAddress.build();
    }

    private Server setupServer(KeyStoresFactory keyStoresFactory) throws SSLException {
        NettyServerBuilder addService = NettyServerBuilder.forPort(0).addService(new GrpcService());
        SslContextBuilder forServer = SslContextBuilder.forServer(keyStoresFactory.getKeyManagers()[0]);
        forServer.clientAuth(ClientAuth.REQUIRE);
        forServer.trustManager(keyStoresFactory.getTrustManagers()[0]);
        addService.sslContext(GrpcSslContexts.configure(forServer, this.secConf.getGrpcSslProvider()).build());
        return addService.build();
    }
}
