package org.apache.hadoop.hdds.security.symmetric;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.time.temporal.TemporalUnit;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Stream;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import org.mockito.ArgumentCaptor;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/hdds/security/symmetric/TestSecretKeyManager.class */
public class TestSecretKeyManager {
    private static final Duration VALIDITY_DURATION = Duration.ofDays(3);
    private static final Duration ROTATION_DURATION = Duration.ofDays(1);
    private static final String ALGORITHM = "HmacSHA256";
    private SecretKeyStore mockedKeyStore;

    @BeforeEach
    private void setup() {
        this.mockedKeyStore = (SecretKeyStore) Mockito.mock(SecretKeyStore.class);
    }

    public static Stream<Arguments> loadSecretKeysTestCases() throws Exception {
        ManagedSecretKey generateKey = generateKey(Instant.now());
        ManagedSecretKey generateKey2 = generateKey(Instant.now().minus(1L, (TemporalUnit) ChronoUnit.DAYS));
        ManagedSecretKey generateKey3 = generateKey(Instant.now().minus(2L, (TemporalUnit) ChronoUnit.DAYS));
        ManagedSecretKey generateKey4 = generateKey(Instant.now().minus(3L, (TemporalUnit) ChronoUnit.DAYS));
        ManagedSecretKey generateKey5 = generateKey(Instant.now().minus(4L, (TemporalUnit) ChronoUnit.DAYS));
        return Stream.of((Object[]) new Arguments[]{Arguments.of(new Object[]{ImmutableList.of(), null, null}), Arguments.of(new Object[]{Lists.newArrayList(new ManagedSecretKey[]{generateKey, generateKey2, generateKey3}), generateKey, Lists.newArrayList(new ManagedSecretKey[]{generateKey, generateKey2, generateKey3})}), Arguments.of(new Object[]{Lists.newArrayList(new ManagedSecretKey[]{generateKey2, generateKey3, generateKey4}), generateKey2, Lists.newArrayList(new ManagedSecretKey[]{generateKey2, generateKey3})}), Arguments.of(new Object[]{Lists.newArrayList(new ManagedSecretKey[]{generateKey3, generateKey4, generateKey5}), generateKey3, Lists.newArrayList(new ManagedSecretKey[]{generateKey3})}), Arguments.of(new Object[]{Lists.newArrayList(new ManagedSecretKey[]{generateKey4, generateKey5, generateKey(Instant.now().minus(5L, (TemporalUnit) ChronoUnit.DAYS))}), null, null})});
    }

    @MethodSource({"loadSecretKeysTestCases"})
    @ParameterizedTest
    public void testLoadSecretKeys(List<ManagedSecretKey> list, ManagedSecretKey managedSecretKey, List<ManagedSecretKey> list2) throws Exception {
        SecretKeyStateImpl secretKeyStateImpl = new SecretKeyStateImpl(this.mockedKeyStore);
        SecretKeyManager secretKeyManager = new SecretKeyManager(secretKeyStateImpl, this.mockedKeyStore, ROTATION_DURATION, VALIDITY_DURATION, ALGORITHM);
        Mockito.when(this.mockedKeyStore.load()).thenReturn(list);
        secretKeyManager.checkAndInitialize();
        if (managedSecretKey != null) {
            Assertions.assertEquals(secretKeyStateImpl.getCurrentKey(), managedSecretKey);
            assertSameKeys(list2, secretKeyStateImpl.getSortedKeys());
        } else {
            Assertions.assertFalse(list.contains(secretKeyStateImpl.getCurrentKey()));
            Assertions.assertEquals(1, secretKeyStateImpl.getSortedKeys().size());
            Assertions.assertTrue(secretKeyStateImpl.getSortedKeys().contains(secretKeyStateImpl.getCurrentKey()));
        }
    }

    private static void assertSameKeys(Collection<ManagedSecretKey> collection, Collection<ManagedSecretKey> collection2) {
        Assertions.assertEquals(collection.size(), collection2.size());
        Iterator<ManagedSecretKey> it = collection.iterator();
        while (it.hasNext()) {
            Assertions.assertTrue(collection2.contains(it.next()));
        }
    }

    public static Stream<Arguments> rotationTestCases() throws Exception {
        ManagedSecretKey generateKey = generateKey(Instant.now());
        ManagedSecretKey generateKey2 = generateKey(Instant.now().minus(1L, (TemporalUnit) ChronoUnit.DAYS));
        ManagedSecretKey generateKey3 = generateKey(Instant.now().minus(2L, (TemporalUnit) ChronoUnit.DAYS));
        ManagedSecretKey generateKey4 = generateKey(Instant.now().minus(3L, (TemporalUnit) ChronoUnit.DAYS));
        return Stream.of((Object[]) new Arguments[]{Arguments.of(new Object[]{Lists.newArrayList(new ManagedSecretKey[]{generateKey, generateKey2, generateKey3}), false, null}), Arguments.of(new Object[]{Lists.newArrayList(new ManagedSecretKey[]{generateKey2, generateKey3, generateKey4}), true, Lists.newArrayList(new ManagedSecretKey[]{generateKey2, generateKey3})}), Arguments.of(new Object[]{Lists.newArrayList(new ManagedSecretKey[]{generateKey3, generateKey4, generateKey(Instant.now().minus(4L, (TemporalUnit) ChronoUnit.DAYS))}), true, Lists.newArrayList(new ManagedSecretKey[]{generateKey3})})});
    }

    @MethodSource({"rotationTestCases"})
    @ParameterizedTest
    public void testRotate(List<ManagedSecretKey> list, boolean z, List<ManagedSecretKey> list2) throws Exception {
        SecretKeyStateImpl secretKeyStateImpl = new SecretKeyStateImpl(this.mockedKeyStore);
        SecretKeyManager secretKeyManager = new SecretKeyManager(secretKeyStateImpl, this.mockedKeyStore, ROTATION_DURATION, VALIDITY_DURATION, ALGORITHM);
        secretKeyStateImpl.updateKeys(list);
        ManagedSecretKey currentKey = secretKeyStateImpl.getCurrentKey();
        Mockito.reset(new SecretKeyStore[]{this.mockedKeyStore});
        Assertions.assertEquals(Boolean.valueOf(z), Boolean.valueOf(secretKeyManager.checkAndRotate(false)));
        if (!z) {
            Assertions.assertEquals(currentKey, secretKeyStateImpl.getCurrentKey());
            assertSameKeys(list, secretKeyStateImpl.getSortedKeys());
            return;
        }
        ManagedSecretKey currentKey2 = secretKeyStateImpl.getCurrentKey();
        Assertions.assertNotEquals(currentKey, currentKey2);
        Assertions.assertFalse(list.contains(currentKey2));
        list2.add(currentKey2);
        assertSameKeys(list2, secretKeyStateImpl.getSortedKeys());
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Collection.class);
        ((SecretKeyStore) Mockito.verify(this.mockedKeyStore)).save((Collection) forClass.capture());
        assertSameKeys(list2, (Collection) forClass.getValue());
        Assertions.assertEquals(ALGORITHM, currentKey2.getSecretKey().getAlgorithm());
        Assertions.assertEquals(0L, Duration.between(currentKey2.getCreationTime(), Instant.now()).toMinutes());
        Assertions.assertEquals(0L, Duration.between(currentKey2.getExpiryTime(), Instant.now().plus((TemporalAmount) VALIDITY_DURATION)).toMinutes());
    }

    private static ManagedSecretKey generateKey(Instant instant) throws Exception {
        return SecretKeyTestUtil.generateKey(ALGORITHM, instant, VALIDITY_DURATION);
    }
}
