package org.apache.hadoop.hdds.security.x509.certificate.client;

import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.LocalDateTime;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeoutException;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec;
import org.apache.hadoop.hdds.security.x509.certificate.utils.SelfSignedCertificate;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.ozone.test.GenericTestUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/certificate/client/TestRootCaRotationPoller.class */
public class TestRootCaRotationPoller {
    private SecurityConfig secConf;
    private GenericTestUtils.LogCapturer logCapturer;

    @Mock
    private SCMSecurityProtocolClientSideTranslatorPB scmSecurityClient;

    @BeforeEach
    public void setup() {
        MockitoAnnotations.openMocks(this);
        OzoneConfiguration ozoneConfiguration = new OzoneConfiguration();
        ozoneConfiguration.set("hdds.x509.rootca.certificate.polling.interval", "PT1s");
        this.secConf = new SecurityConfig(ozoneConfiguration);
        this.logCapturer = GenericTestUtils.LogCapturer.captureLogs(LoggerFactory.getLogger(RootCaRotationPoller.class));
    }

    @Test
    public void testPollerDoesNotInvokeRootCaProcessor() throws Exception {
        X509Certificate generateX509Cert = generateX509Cert(LocalDateTime.now(), Duration.ofSeconds(50L));
        HashSet hashSet = new HashSet();
        hashSet.add(generateX509Cert);
        ArrayList arrayList = new ArrayList();
        arrayList.add(CertificateCodec.getPEMEncodedString(generateX509Cert));
        RootCaRotationPoller rootCaRotationPoller = new RootCaRotationPoller(this.secConf, hashSet, this.scmSecurityClient, "");
        Mockito.when(this.scmSecurityClient.getAllRootCaCertificates()).thenReturn(arrayList);
        CompletableFuture completableFuture = new CompletableFuture();
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        rootCaRotationPoller.addRootCARotationProcessor(list -> {
            atomicBoolean.set(true);
            completableFuture.complete(null);
            return completableFuture;
        });
        rootCaRotationPoller.pollRootCas();
        Assertions.assertThrows(TimeoutException.class, () -> {
            atomicBoolean.getClass();
            GenericTestUtils.waitFor(atomicBoolean::get, 50, 5000);
        });
    }

    @Test
    public void testPollerInvokesRootCaProcessors() throws Exception {
        X509Certificate generateX509Cert = generateX509Cert(LocalDateTime.now(), Duration.ofSeconds(50L));
        X509Certificate generateX509Cert2 = generateX509Cert(LocalDateTime.now(), Duration.ofSeconds(50L));
        HashSet hashSet = new HashSet();
        hashSet.add(generateX509Cert);
        ArrayList arrayList = new ArrayList();
        arrayList.add(CertificateCodec.getPEMEncodedString(generateX509Cert));
        arrayList.add(CertificateCodec.getPEMEncodedString(generateX509Cert2));
        RootCaRotationPoller rootCaRotationPoller = new RootCaRotationPoller(this.secConf, hashSet, this.scmSecurityClient, "");
        Mockito.when(this.scmSecurityClient.getAllRootCaCertificates()).thenReturn(arrayList);
        CompletableFuture completableFuture = new CompletableFuture();
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        rootCaRotationPoller.addRootCARotationProcessor(list -> {
            atomicBoolean.set(true);
            completableFuture.complete(null);
            return completableFuture;
        });
        rootCaRotationPoller.pollRootCas();
        completableFuture.join();
        Assertions.assertTrue(atomicBoolean.get());
    }

    @Test
    public void testPollerRetriesAfterFailure() throws Exception {
        X509Certificate generateX509Cert = generateX509Cert(LocalDateTime.now(), Duration.ofSeconds(50L));
        X509Certificate generateX509Cert2 = generateX509Cert(LocalDateTime.now(), Duration.ofSeconds(50L));
        HashSet hashSet = new HashSet();
        hashSet.add(generateX509Cert);
        ArrayList arrayList = new ArrayList();
        arrayList.add(CertificateCodec.getPEMEncodedString(generateX509Cert));
        arrayList.add(CertificateCodec.getPEMEncodedString(generateX509Cert2));
        RootCaRotationPoller rootCaRotationPoller = new RootCaRotationPoller(this.secConf, hashSet, this.scmSecurityClient, "");
        Mockito.when(this.scmSecurityClient.getAllRootCaCertificates()).thenReturn(arrayList);
        CompletableFuture completableFuture = new CompletableFuture();
        AtomicInteger atomicInteger = new AtomicInteger(1);
        rootCaRotationPoller.addRootCARotationProcessor(list -> {
            if (atomicInteger.getAndIncrement() < 2) {
                rootCaRotationPoller.setCertificateRenewalError();
            }
            Assertions.assertEquals(list.size(), 2);
            completableFuture.complete(null);
            return completableFuture;
        });
        rootCaRotationPoller.pollRootCas();
        completableFuture.join();
        Assertions.assertTrue(this.logCapturer.getOutput().contains("There was a caught exception when trying to sign the certificate"));
        rootCaRotationPoller.pollRootCas();
        Assertions.assertTrue(this.logCapturer.getOutput().contains("Certificate processing was successful."));
    }

    private X509Certificate generateX509Cert(LocalDateTime localDateTime, Duration duration) throws Exception {
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        LocalDateTime now = localDateTime == null ? LocalDateTime.now() : localDateTime;
        return new JcaX509CertificateConverter().getCertificate(SelfSignedCertificate.newBuilder().setBeginDate(now).setEndDate(now.plus((TemporalAmount) duration)).setClusterID("cluster").setKey(generateKeyPair).setSubject("localhost").setConfiguration(this.secConf).setScmID("test").build());
    }
}
