package org.apache.hadoop.hdds.security.x509.certificate.utils;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.time.LocalDateTime;
import java.util.Date;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.crl.CRLCodec;
import org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/certificate/utils/TestCRLCodec.class */
public class TestCRLCodec {
    private static final String COMPONENT = "test";
    private SecurityConfig securityConfig;
    private X509CertificateHolder x509CertificateHolder;
    private KeyPair keyPair;
    private static final String TMP_CERT_FILE_NAME = "pemcertificate.crt";
    private File basePath;
    private static final String TMP_CRL_ENTRY = "-----BEGIN X509 CRL-----\nMIIBijB0AgEBMA0GCSqGSIb3DQEBCwUAMC0xDTALBgNVBAMMBHdxVG0xDTALBgNV\nBAsMBGVFY2gxDTALBgNVBAoMBHJpc1UXDTIwMDExNzE4NTcyMFowIjAgAgEBFw0y\nMDAxMTcxODU3MjBaMAwwCgYDVR0VBAMKAQIwDQYJKoZIhvcNAQELBQADggEBACRI\ni/nFK2/5rsNWAsYjT/Byhq6shQy+EjdvSzs2cezHbO2TKXnIhlHbvTp5JO/ClaGm\nyfdwH6OjQbujcjceSKGSDQwNm98/JsryUh17IWcKJa9dlqFSUCy7GTZaXK6a3nH8\nSNhcqzrR69lLc4vJZAy0FkmBCnjbdUX8I92ZHfNQNJaC4JQ8JFtjfzZCcQR9KZxw\nbVue37JByiTxmxoiiMZf3MpOccuWKsZzIr9Tiw9G9inPS8lxRXODruDtMTpR8NPB\nKL0Yg+JEV48v2GJ5kSObuawCD2uDDNpHDd6q2m1z6J69z5IYpWb8OHEyQT7J4u+b\ntPiRCAUQLW9BACm17xc=\n-----END X509 CRL-----\n";

    @BeforeEach
    public void init(@TempDir Path path) throws NoSuchProviderException, NoSuchAlgorithmException, IOException, CertificateException, OperatorCreationException {
        OzoneConfiguration ozoneConfiguration = new OzoneConfiguration();
        ozoneConfiguration.set("ozone.metadata.dirs", path.toString());
        this.securityConfig = new SecurityConfig(ozoneConfiguration);
        writeTempCert();
        this.x509CertificateHolder = readTempCert();
    }

    @Test
    public void testWriteCRL() throws IOException, OperatorCreationException {
        X500Name issuer = this.x509CertificateHolder.getIssuer();
        Date date = new Date();
        X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(issuer, date);
        x509v2CRLBuilder.addCRLEntry(this.x509CertificateHolder.getSerialNumber(), date, 2);
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(this.securityConfig.getSignatureAlgo());
        jcaContentSignerBuilder.setProvider(this.securityConfig.getProvider());
        X509CRLHolder build = x509v2CRLBuilder.build(jcaContentSignerBuilder.build(this.keyPair.getPrivate()));
        CRLCodec cRLCodec = new CRLCodec(this.securityConfig);
        cRLCodec.writeCRL(build, this.securityConfig.getCrlName(), true);
        Assertions.assertNotNull(build.getRevokedCertificate(BigInteger.ONE));
        File file = Paths.get(cRLCodec.getLocation().toString(), this.securityConfig.getCrlName()).toFile();
        Assertions.assertTrue(file.exists());
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(file), StandardCharsets.UTF_8));
        Throwable th = null;
        try {
            try {
                Assertions.assertEquals("-----BEGIN X509 CRL-----", bufferedReader.readLine());
                String str = null;
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    } else {
                        str = readLine;
                    }
                }
                Assertions.assertEquals("-----END X509 CRL-----", str);
                if (bufferedReader != null) {
                    if (0 == 0) {
                        bufferedReader.close();
                        return;
                    }
                    try {
                        bufferedReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (bufferedReader != null) {
                if (th != null) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    bufferedReader.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testWriteCRLX509() throws IOException, OperatorCreationException, CertificateException, CRLException {
        X500Name issuer = this.x509CertificateHolder.getIssuer();
        Date date = new Date();
        new X509v2CRLBuilder(issuer, date).addCRLEntry(this.x509CertificateHolder.getSerialNumber(), date, 2);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(TMP_CRL_ENTRY.getBytes(StandardCharsets.UTF_8));
        Throwable th = null;
        try {
            try {
                X509CRL x509crl = (X509CRL) CertificateCodec.getCertFactory().engineGenerateCRL(byteArrayInputStream);
                CRLCodec cRLCodec = new CRLCodec(this.securityConfig);
                cRLCodec.writeCRL(x509crl);
                Assertions.assertTrue(Paths.get(cRLCodec.getLocation().toString(), this.securityConfig.getCrlName()).toFile().exists());
                if (byteArrayInputStream != null) {
                    if (0 == 0) {
                        byteArrayInputStream.close();
                        return;
                    }
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (byteArrayInputStream != null) {
                if (th != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testGetX509CRL() throws IOException, OperatorCreationException, CertificateException, CRLException {
        X500Name issuer = this.x509CertificateHolder.getIssuer();
        Date date = new Date();
        X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(issuer, date);
        x509v2CRLBuilder.addCRLEntry(this.x509CertificateHolder.getSerialNumber(), date, 2);
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(this.securityConfig.getSignatureAlgo());
        jcaContentSignerBuilder.setProvider(this.securityConfig.getProvider());
        X509CRLHolder build = x509v2CRLBuilder.build(jcaContentSignerBuilder.build(this.keyPair.getPrivate()));
        new CRLCodec(this.securityConfig).writeCRL(build, this.securityConfig.getCrlName(), true);
        Assertions.assertNotNull(build.getRevokedCertificate(BigInteger.ONE));
        String pEMEncodedString = CRLCodec.getPEMEncodedString(build);
        Assertions.assertNotNull(pEMEncodedString);
        Assertions.assertTrue(pEMEncodedString.contains("-----BEGIN X509 CRL-----"));
        Assertions.assertTrue(pEMEncodedString.contains("-----END X509 CRL-----"));
    }

    @Test
    public void testGetX509CRLFromCRLHolder() throws IOException, OperatorCreationException, CertificateException, CRLException {
        X500Name issuer = this.x509CertificateHolder.getIssuer();
        Date date = new Date();
        X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(issuer, date);
        x509v2CRLBuilder.addCRLEntry(this.x509CertificateHolder.getSerialNumber(), date, 2);
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(this.securityConfig.getSignatureAlgo());
        jcaContentSignerBuilder.setProvider(this.securityConfig.getProvider());
        X509CRLHolder build = x509v2CRLBuilder.build(jcaContentSignerBuilder.build(this.keyPair.getPrivate()));
        new CRLCodec(this.securityConfig);
        Assertions.assertNotNull(CRLCodec.getX509CRL(build));
    }

    private void writeTempCert() throws NoSuchProviderException, NoSuchAlgorithmException, IOException {
        this.keyPair = new HDDSKeyGenerator(this.securityConfig).generateKey();
        LocalDateTime now = LocalDateTime.now();
        X509CertificateHolder build = SelfSignedCertificate.newBuilder().setSubject(RandomStringUtils.randomAlphabetic(4)).setClusterID(RandomStringUtils.randomAlphabetic(4)).setScmID(RandomStringUtils.randomAlphabetic(4)).setBeginDate(now).setEndDate(now.plusDays(1L)).setConfiguration(this.securityConfig).setKey(this.keyPair).makeCA().build();
        CertificateCodec certificateCodec = new CertificateCodec(this.securityConfig, COMPONENT);
        String pEMEncodedString = CertificateCodec.getPEMEncodedString(build);
        this.basePath = new File(String.valueOf(this.securityConfig.getCertificateLocation("scm")));
        if (!this.basePath.exists()) {
            Assertions.assertTrue(this.basePath.mkdirs());
        }
        certificateCodec.writeCertificate(this.basePath.toPath(), TMP_CERT_FILE_NAME, pEMEncodedString);
    }

    private X509CertificateHolder readTempCert() throws IOException, CertificateException {
        X509CertificateHolder targetCertHolder = new CertificateCodec(this.securityConfig, COMPONENT).getTargetCertHolder(this.basePath.toPath(), TMP_CERT_FILE_NAME);
        Assertions.assertNotNull(targetCertHolder);
        return targetCertHolder;
    }
}
