package org.apache.hadoop.hdds.security.x509.certificate.utils;

import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.nio.file.Path;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.LocalDateTime;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/certificate/utils/TestCertificateCodec.class */
public class TestCertificateCodec {
    private static final String COMPONENT = "test";
    private SecurityConfig securityConfig;

    @BeforeEach
    public void init(@TempDir Path path) {
        OzoneConfiguration ozoneConfiguration = new OzoneConfiguration();
        ozoneConfiguration.set("ozone.metadata.dirs", path.toString());
        this.securityConfig = new SecurityConfig(ozoneConfiguration);
    }

    @Test
    public void testGetPEMEncodedString() throws NoSuchProviderException, NoSuchAlgorithmException, IOException, SCMSecurityException, CertificateException {
        X509CertificateHolder generateTestCert = generateTestCert();
        String pEMEncodedString = CertificateCodec.getPEMEncodedString(generateTestCert);
        Assertions.assertTrue(pEMEncodedString.startsWith("-----BEGIN CERTIFICATE-----"));
        Assertions.assertTrue(pEMEncodedString.endsWith("-----END CERTIFICATE-----\n"));
        X509CertificateHolder certificateHolder = CertificateCodec.getCertificateHolder(CertificateCodec.getX509Certificate(pEMEncodedString));
        Assertions.assertEquals(generateTestCert, certificateHolder);
        Assertions.assertEquals(CertificateCodec.getX509Certificate(generateTestCert), CertificateCodec.getX509Certificate(certificateHolder));
    }

    @Test
    public void testGetPemEncodedStringFromCertPath() throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CertificateException {
        X509CertificateHolder generateTestCert = generateTestCert();
        X509CertificateHolder generateTestCert2 = generateTestCert();
        X509Certificate x509Certificate = CertificateCodec.getX509Certificate(generateTestCert);
        X509Certificate x509Certificate2 = CertificateCodec.getX509Certificate(generateTestCert2);
        CertPath certPathFromPemEncodedString = CertificateCodec.getCertPathFromPemEncodedString(CertificateCodec.getPEMEncodedString(new CertificateFactory().engineGenerateCertPath(ImmutableList.of(x509Certificate, x509Certificate2))));
        Assertions.assertEquals(x509Certificate, certPathFromPemEncodedString.getCertificates().get(0));
        Assertions.assertEquals(x509Certificate2, certPathFromPemEncodedString.getCertificates().get(1));
    }

    @Test
    public void testPrependCertificateToCertPath() throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CertificateException {
        CertificateCodec certificateCodec = new CertificateCodec(this.securityConfig, COMPONENT);
        X509CertificateHolder generateTestCert = generateTestCert();
        X509CertificateHolder generateTestCert2 = generateTestCert();
        X509Certificate x509Certificate = CertificateCodec.getX509Certificate(generateTestCert);
        X509Certificate x509Certificate2 = CertificateCodec.getX509Certificate(generateTestCert2);
        certificateCodec.writeCertificate(generateTestCert);
        CertPath prependCertToCertPath = certificateCodec.prependCertToCertPath(generateTestCert2, certificateCodec.getCertPath());
        Assertions.assertEquals(x509Certificate2, prependCertToCertPath.getCertificates().get(0));
        Assertions.assertEquals(x509Certificate, prependCertToCertPath.getCertificates().get(1));
    }

    @Test
    public void testWriteCertificate(@TempDir Path path) throws NoSuchProviderException, NoSuchAlgorithmException, IOException, SCMSecurityException, CertificateException {
        X509CertificateHolder generateTestCert = generateTestCert();
        CertificateCodec certificateCodec = new CertificateCodec(this.securityConfig, COMPONENT);
        certificateCodec.writeCertificate(path, "pemcertificate.crt", CertificateCodec.getPEMEncodedString(generateTestCert));
        X509CertificateHolder targetCertHolder = certificateCodec.getTargetCertHolder(path, "pemcertificate.crt");
        Assertions.assertNotNull(targetCertHolder);
        Assertions.assertEquals(generateTestCert.getSerialNumber(), targetCertHolder.getSerialNumber());
    }

    @Test
    public void testWriteCertificateDefault() throws IOException, SCMSecurityException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException {
        X509CertificateHolder generateTestCert = generateTestCert();
        CertificateCodec certificateCodec = new CertificateCodec(this.securityConfig, COMPONENT);
        certificateCodec.writeCertificate(generateTestCert);
        X509CertificateHolder targetCertHolder = certificateCodec.getTargetCertHolder();
        Assertions.assertNotNull(targetCertHolder);
        Assertions.assertEquals(generateTestCert.getSerialNumber(), targetCertHolder.getSerialNumber());
    }

    @Test
    public void writeCertificate2() throws IOException, SCMSecurityException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException {
        X509CertificateHolder generateTestCert = generateTestCert();
        CertificateCodec certificateCodec = new CertificateCodec(this.securityConfig, "ca");
        certificateCodec.writeCertificate(generateTestCert, "newcert.crt");
        certificateCodec.writeCertificate(generateTestCert, "newcert.crt");
        Assertions.assertNotNull(certificateCodec.getTargetCertHolder(certificateCodec.getLocation(), "newcert.crt"));
    }

    @Test
    public void testMultipleCertReadWrite() throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CertificateException {
        X509CertificateHolder generateTestCert = generateTestCert();
        X509CertificateHolder generateTestCert2 = generateTestCert();
        Assertions.assertNotEquals(generateTestCert, generateTestCert2);
        CertPath engineGenerateCertPath = new CertificateFactory().engineGenerateCertPath(ImmutableList.of(CertificateCodec.getX509Certificate(generateTestCert2)));
        CertificateCodec certificateCodec = new CertificateCodec(this.securityConfig, "ca");
        certificateCodec.writeCertificate("newcert.crt", CertificateCodec.getPEMEncodedString(certificateCodec.prependCertToCertPath(generateTestCert, engineGenerateCertPath)));
        CertPath certPath = certificateCodec.getCertPath("newcert.crt");
        Certificate certificate = certPath.getCertificates().get(0);
        Certificate certificate2 = certPath.getCertificates().get(1);
        Assertions.assertEquals(CertificateCodec.getCertificateHolder((X509Certificate) certificate), generateTestCert);
        Assertions.assertEquals(CertificateCodec.getCertificateHolder((X509Certificate) certificate2), generateTestCert2);
    }

    private X509CertificateHolder generateTestCert() throws IOException, NoSuchProviderException, NoSuchAlgorithmException {
        HDDSKeyGenerator hDDSKeyGenerator = new HDDSKeyGenerator(this.securityConfig);
        LocalDateTime now = LocalDateTime.now();
        return SelfSignedCertificate.newBuilder().setSubject(RandomStringUtils.randomAlphabetic(4)).setClusterID(RandomStringUtils.randomAlphabetic(4)).setScmID(RandomStringUtils.randomAlphabetic(4)).setBeginDate(now).setEndDate(now.plusDays(1L)).setConfiguration(this.securityConfig).setKey(hDDSKeyGenerator.generateKey()).makeCA().build();
    }
}
