package org.apache.hadoop.hdds.scm.ha;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.Socket;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Random;
import javax.net.ssl.KeyManager;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.scm.metadata.SCMMetadataStore;
import org.apache.hadoop.hdds.scm.server.StorageContainerManager;
import org.apache.hadoop.hdds.security.ssl.KeyStoresFactory;
import org.apache.hadoop.hdds.security.x509.CertificateTestUtils;
import org.apache.hadoop.hdds.security.x509.certificate.client.SCMCertificateClient;
import org.apache.hadoop.hdds.utils.TransactionInfo;
import org.apache.hadoop.hdds.utils.db.DBCheckpoint;
import org.apache.hadoop.hdds.utils.db.DBStore;
import org.apache.hadoop.hdds.utils.db.Table;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/hdds/scm/ha/TestInterSCMGrpcProtocolService.class */
public class TestInterSCMGrpcProtocolService {
    private static final String CP_FILE_NAME = "cpFile";
    private static final String CP_CONTENTS = "Hello world!";
    private X509Certificate serviceCert;
    private X509Certificate clientCert;
    private X509KeyManager serverKeyManager;
    private X509TrustManager serverTrustManager;
    private X509KeyManager clientKeyManager;
    private X509TrustManager clientTrustManager;

    @TempDir
    private Path temp;

    @Test
    public void testMTLSOnInterScmGrpcProtocolServiceAccess() throws Exception {
        int nextInt = new Random().nextInt(1000) + 45000;
        OzoneConfiguration ozoneConfiguration = setupConfiguration(nextInt);
        SCMCertificateClient sCMCertificateClient = setupCertificateClientForMTLS(ozoneConfiguration);
        InterSCMGrpcProtocolService interSCMGrpcProtocolService = new InterSCMGrpcProtocolService(ozoneConfiguration, scmWith(sCMCertificateClient));
        interSCMGrpcProtocolService.start();
        InterSCMGrpcClient interSCMGrpcClient = new InterSCMGrpcClient("localhost", nextInt, ozoneConfiguration, sCMCertificateClient);
        Path path = (Path) interSCMGrpcClient.download(Files.createTempFile(this.temp, CP_FILE_NAME, "", new FileAttribute[0])).get();
        verifyServiceUsedItsCertAndValidatedClientCert();
        verifyClientUsedItsCertAndValidatedServerCert();
        verifyDownloadedCheckPoint(path);
        interSCMGrpcClient.close();
        interSCMGrpcProtocolService.stop();
    }

    private void verifyServiceUsedItsCertAndValidatedClientCert() throws CertificateException {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(X509Certificate[].class);
        ((X509KeyManager) Mockito.verify(this.serverKeyManager, Mockito.times(1))).getCertificateChain((String) ArgumentMatchers.any());
        ((X509TrustManager) Mockito.verify(this.serverTrustManager, Mockito.never())).checkServerTrusted((X509Certificate[]) ArgumentMatchers.any(), (String) ArgumentMatchers.any());
        ((X509TrustManager) Mockito.verify(this.serverTrustManager, Mockito.times(1))).checkClientTrusted((X509Certificate[]) forClass.capture(), (String) ArgumentMatchers.any());
        MatcherAssert.assertThat(Integer.valueOf(((X509Certificate[]) forClass.getValue()).length), CoreMatchers.is(1));
        MatcherAssert.assertThat(((X509Certificate[]) forClass.getValue())[0], CoreMatchers.is(this.clientCert));
    }

    private void verifyClientUsedItsCertAndValidatedServerCert() throws CertificateException {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(X509Certificate[].class);
        ((X509KeyManager) Mockito.verify(this.clientKeyManager, Mockito.times(1))).getCertificateChain((String) ArgumentMatchers.any());
        ((X509TrustManager) Mockito.verify(this.clientTrustManager, Mockito.times(1))).checkServerTrusted((X509Certificate[]) forClass.capture(), (String) ArgumentMatchers.any());
        ((X509TrustManager) Mockito.verify(this.clientTrustManager, Mockito.never())).checkClientTrusted((X509Certificate[]) ArgumentMatchers.any(), (String) ArgumentMatchers.any());
        MatcherAssert.assertThat(Integer.valueOf(((X509Certificate[]) forClass.getValue()).length), CoreMatchers.is(1));
        MatcherAssert.assertThat(((X509Certificate[]) forClass.getValue())[0], CoreMatchers.is(this.serviceCert));
    }

    private void verifyDownloadedCheckPoint(Path path) throws IOException {
        TarArchiveInputStream tarArchiveInputStream = new TarArchiveInputStream(Files.newInputStream(path, new OpenOption[0]));
        Throwable th = null;
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader((InputStream) tarArchiveInputStream, StandardCharsets.UTF_8));
            Throwable th2 = null;
            try {
                try {
                    MatcherAssert.assertThat(tarArchiveInputStream.getNextTarEntry().getName(), CoreMatchers.is(CP_FILE_NAME));
                    MatcherAssert.assertThat(bufferedReader.readLine(), CoreMatchers.is(CP_CONTENTS));
                    if (bufferedReader != null) {
                        if (0 != 0) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    if (tarArchiveInputStream != null) {
                        if (0 == 0) {
                            tarArchiveInputStream.close();
                            return;
                        }
                        try {
                            tarArchiveInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (bufferedReader != null) {
                    if (th2 != null) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (tarArchiveInputStream != null) {
                if (0 != 0) {
                    try {
                        tarArchiveInputStream.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    tarArchiveInputStream.close();
                }
            }
            throw th8;
        }
    }

    private StorageContainerManager scmWith(SCMCertificateClient sCMCertificateClient) throws IOException {
        StorageContainerManager storageContainerManager = (StorageContainerManager) Mockito.mock(StorageContainerManager.class);
        Mockito.when(storageContainerManager.getScmCertificateClient()).thenReturn(sCMCertificateClient);
        Mockito.when(storageContainerManager.getScmMetadataStore()).thenReturn(metadataStore());
        Mockito.when(storageContainerManager.getScmHAManager()).thenReturn(scmHAManager());
        Mockito.when(storageContainerManager.getClusterId()).thenReturn("clusterId");
        return storageContainerManager;
    }

    private SCMHAManager scmHAManager() {
        SCMHAManager sCMHAManager = (SCMHAManager) Mockito.mock(SCMHAManager.class);
        ((SCMHAManager) Mockito.doReturn(Mockito.mock(SCMHADBTransactionBuffer.class)).when(sCMHAManager)).asSCMHADBTransactionBuffer();
        return sCMHAManager;
    }

    private SCMMetadataStore metadataStore() throws IOException {
        SCMMetadataStore sCMMetadataStore = (SCMMetadataStore) Mockito.mock(SCMMetadataStore.class);
        Mockito.when(sCMMetadataStore.getStore()).thenReturn(dbStore());
        return sCMMetadataStore;
    }

    private DBStore dbStore() throws IOException {
        DBStore dBStore = (DBStore) Mockito.mock(DBStore.class);
        ((DBStore) Mockito.doReturn(trInfoTable()).when(dBStore)).getTable((String) ArgumentMatchers.any(), (Class) ArgumentMatchers.any(), (Class) ArgumentMatchers.any());
        ((DBStore) Mockito.doReturn(checkPoint()).when(dBStore)).getCheckpoint(ArgumentMatchers.anyBoolean());
        return dBStore;
    }

    private DBCheckpoint checkPoint() throws IOException {
        Path createTempDirectory = Files.createTempDirectory(this.temp, "cpDir", new FileAttribute[0]);
        Files.write(Paths.get(createTempDirectory.toString(), CP_FILE_NAME), CP_CONTENTS.getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
        DBCheckpoint dBCheckpoint = (DBCheckpoint) Mockito.mock(DBCheckpoint.class);
        Mockito.when(dBCheckpoint.getCheckpointLocation()).thenReturn(createTempDirectory);
        return dBCheckpoint;
    }

    private Table<String, TransactionInfo> trInfoTable() throws IOException {
        Table<String, TransactionInfo> table = (Table) Mockito.mock(Table.class);
        ((Table) Mockito.doReturn(Mockito.mock(TransactionInfo.class)).when(table)).get(ArgumentMatchers.any());
        return table;
    }

    private SCMCertificateClient setupCertificateClientForMTLS(OzoneConfiguration ozoneConfiguration) throws Exception {
        KeyPair aKeyPair = CertificateTestUtils.aKeyPair(ozoneConfiguration);
        KeyPair aKeyPair2 = CertificateTestUtils.aKeyPair(ozoneConfiguration);
        this.serviceCert = CertificateTestUtils.createSelfSignedCert(aKeyPair, "service");
        this.clientCert = CertificateTestUtils.createSelfSignedCert(aKeyPair2, "client");
        this.serverKeyManager = aKeyManagerWith(aKeyPair, this.serviceCert);
        this.serverTrustManager = aTrustManagerThatTrusts(this.clientCert);
        KeyStoresFactory aKeyStoresFactoryWith = aKeyStoresFactoryWith(this.serverKeyManager, this.serverTrustManager);
        this.clientKeyManager = aKeyManagerWith(aKeyPair2, this.clientCert);
        this.clientTrustManager = aTrustManagerThatTrusts(this.serviceCert);
        KeyStoresFactory aKeyStoresFactoryWith2 = aKeyStoresFactoryWith(this.clientKeyManager, this.clientTrustManager);
        SCMCertificateClient sCMCertificateClient = (SCMCertificateClient) Mockito.mock(SCMCertificateClient.class);
        ((SCMCertificateClient) Mockito.doReturn(aKeyStoresFactoryWith).when(sCMCertificateClient)).getServerKeyStoresFactory();
        ((SCMCertificateClient) Mockito.doReturn(aKeyStoresFactoryWith2).when(sCMCertificateClient)).getClientKeyStoresFactory();
        return sCMCertificateClient;
    }

    private KeyStoresFactory aKeyStoresFactoryWith(X509KeyManager x509KeyManager, X509TrustManager x509TrustManager) {
        KeyStoresFactory keyStoresFactory = (KeyStoresFactory) Mockito.mock(KeyStoresFactory.class);
        ((KeyStoresFactory) Mockito.doReturn(new KeyManager[]{x509KeyManager}).when(keyStoresFactory)).getKeyManagers();
        ((KeyStoresFactory) Mockito.doReturn(new TrustManager[]{x509TrustManager}).when(keyStoresFactory)).getTrustManagers();
        return keyStoresFactory;
    }

    private X509TrustManager aTrustManagerThatTrusts(X509Certificate x509Certificate) throws CertificateException {
        X509TrustManager x509TrustManager = (X509TrustManager) Mockito.mock(X509TrustManager.class);
        ((X509TrustManager) Mockito.doNothing().when(x509TrustManager)).checkServerTrusted((X509Certificate[]) ArgumentMatchers.any(), (String) ArgumentMatchers.any());
        ((X509TrustManager) Mockito.doNothing().when(x509TrustManager)).checkClientTrusted((X509Certificate[]) ArgumentMatchers.any(), (String) ArgumentMatchers.any());
        ((X509TrustManager) Mockito.doReturn(new X509Certificate[]{x509Certificate}).when(x509TrustManager)).getAcceptedIssuers();
        return x509TrustManager;
    }

    private X509KeyManager aKeyManagerWith(KeyPair keyPair, X509Certificate x509Certificate) {
        X509KeyManager x509KeyManager = (X509KeyManager) Mockito.mock(X509KeyManager.class);
        ((X509KeyManager) Mockito.doReturn("server").when(x509KeyManager)).chooseServerAlias((String) ArgumentMatchers.any(), (Principal[]) ArgumentMatchers.any(), (Socket) ArgumentMatchers.any());
        ((X509KeyManager) Mockito.doReturn("client").when(x509KeyManager)).chooseClientAlias((String[]) ArgumentMatchers.any(), (Principal[]) ArgumentMatchers.any(), (Socket) ArgumentMatchers.any());
        ((X509KeyManager) Mockito.doReturn(new String[]{"server"}).when(x509KeyManager)).getServerAliases((String) ArgumentMatchers.any(), (Principal[]) ArgumentMatchers.any());
        ((X509KeyManager) Mockito.doReturn(new String[]{"client"}).when(x509KeyManager)).getClientAliases((String) ArgumentMatchers.any(), (Principal[]) ArgumentMatchers.any());
        ((X509KeyManager) Mockito.doReturn(new X509Certificate[]{x509Certificate}).when(x509KeyManager)).getCertificateChain((String) ArgumentMatchers.any());
        ((X509KeyManager) Mockito.doReturn(keyPair.getPrivate()).when(x509KeyManager)).getPrivateKey((String) ArgumentMatchers.any());
        return x509KeyManager;
    }

    private OzoneConfiguration setupConfiguration(int i) {
        OzoneConfiguration ozoneConfiguration = new OzoneConfiguration();
        ozoneConfiguration.setInt("ozone.scm.grpc.port", i);
        ozoneConfiguration.setBoolean("ozone.security.enabled", true);
        ozoneConfiguration.setBoolean("hdds.grpc.tls.enabled", true);
        return ozoneConfiguration;
    }
}
