package org.apache.hadoop.ozone.security;

import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumSet;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.RandomUtils;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.util.Time;
import org.apache.ozone.test.GenericTestUtils;
import org.junit.After;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/security/TestOzoneManagerBlockToken.class */
public class TestOzoneManagerBlockToken {
    private static final Logger LOG = LoggerFactory.getLogger(TestOzoneManagerBlockToken.class);
    private static final String BASEDIR = GenericTestUtils.getTempPath(TestOzoneManagerBlockToken.class.getSimpleName());
    private static final String KEYSTORES_DIR = new File(BASEDIR).getAbsolutePath();
    private static long expiryTime;
    private static KeyPair keyPair;
    private static X509Certificate cert;
    private static final long MAX_LEN = 1000;

    @BeforeClass
    public static void setUp() throws Exception {
        File file = new File(BASEDIR);
        FileUtil.fullyDelete(file);
        file.mkdirs();
        expiryTime = Time.monotonicNow() + 86400;
        keyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        cert = KeyStoreTestUtil.generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA");
    }

    @After
    public void cleanUp() {
    }

    @Test
    public void testSignToken() throws GeneralSecurityException, IOException {
        String absolutePath = new File(KEYSTORES_DIR, "keystore.jks").getAbsolutePath();
        String absolutePath2 = new File(KEYSTORES_DIR, "truststore.jks").getAbsolutePath();
        KeyStoreTestUtil.createKeyStore(absolutePath, "keyStorePass", "keyPass", "OzoneMaster", keyPair.getPrivate(), cert);
        KeyStoreTestUtil.createTrustStore(absolutePath2, "trustPass", Collections.singletonMap("server", cert));
        PrivateKey privateKey = keyPair.getPrivate();
        OzoneBlockTokenIdentifier ozoneBlockTokenIdentifier = new OzoneBlockTokenIdentifier("testUser", "84940", EnumSet.allOf(HddsProtos.BlockTokenSecretProto.AccessModeProto.class), expiryTime, cert.getSerialNumber().toString(), MAX_LEN);
        LOG.info("{} is {}", ozoneBlockTokenIdentifier, verifyTokenAsymmetric(ozoneBlockTokenIdentifier, signTokenAsymmetric(ozoneBlockTokenIdentifier, privateKey), cert) ? "valid." : "invalid.");
        OzoneBlockTokenIdentifier ozoneBlockTokenIdentifier2 = new OzoneBlockTokenIdentifier("", "", EnumSet.allOf(HddsProtos.BlockTokenSecretProto.AccessModeProto.class), expiryTime, cert.getSerialNumber().toString(), MAX_LEN);
        LOG.info("Unsigned token {} is {}", ozoneBlockTokenIdentifier2, Boolean.valueOf(verifyTokenAsymmetric(ozoneBlockTokenIdentifier2, RandomUtils.nextBytes(128), cert)));
    }

    public byte[] signTokenAsymmetric(OzoneBlockTokenIdentifier ozoneBlockTokenIdentifier, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(ozoneBlockTokenIdentifier.getBytes());
        return signature.sign();
    }

    public boolean verifyTokenAsymmetric(OzoneBlockTokenIdentifier ozoneBlockTokenIdentifier, byte[] bArr, Certificate certificate) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(certificate);
        signature.update(ozoneBlockTokenIdentifier.getBytes());
        return signature.verify(bArr);
    }

    private byte[] signTokenSymmetric(OzoneBlockTokenIdentifier ozoneBlockTokenIdentifier, Mac mac, SecretKey secretKey) {
        try {
            mac.init(secretKey);
            return mac.doFinal(ozoneBlockTokenIdentifier.getBytes());
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException("Invalid key to HMAC computation", e);
        }
    }

    OzoneBlockTokenIdentifier generateTestToken() {
        return new OzoneBlockTokenIdentifier(RandomStringUtils.randomAlphabetic(6), RandomStringUtils.randomAlphabetic(5), EnumSet.allOf(HddsProtos.BlockTokenSecretProto.AccessModeProto.class), expiryTime, cert.getSerialNumber().toString(), MAX_LEN);
    }

    @Test
    public void testAsymmetricTokenPerf() throws NoSuchAlgorithmException, CertificateEncodingException, NoSuchProviderException, InvalidKeyException, SignatureException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (int i = 0; i < 1000; i++) {
            arrayList.add(generateTestToken());
        }
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=OzoneMaster", generateKeyPair, 30, "SHA256withRSA");
        long monotonicNowNanos = Time.monotonicNowNanos();
        for (int i2 = 0; i2 < 1000; i2++) {
            arrayList2.add(signTokenAsymmetric((OzoneBlockTokenIdentifier) arrayList.get(i2), generateKeyPair.getPrivate()));
        }
        LOG.info("Average token sign time with HmacSha256(RSA/1024 key) is {} ns", Long.valueOf((Time.monotonicNowNanos() - monotonicNowNanos) / MAX_LEN));
        long monotonicNowNanos2 = Time.monotonicNowNanos();
        for (int i3 = 0; i3 < 1000; i3++) {
            verifyTokenAsymmetric((OzoneBlockTokenIdentifier) arrayList.get(i3), (byte[]) arrayList2.get(i3), generateCertificate);
        }
        LOG.info("Average token verify time with HmacSha256(RSA/1024 key) is {} ns", Long.valueOf((Time.monotonicNowNanos() - monotonicNowNanos2) / MAX_LEN));
    }

    @Test
    public void testSymmetricTokenPerf() {
        testSymmetricTokenPerfHelper("HmacSHA1", 64);
        testSymmetricTokenPerfHelper("HmacSHA256", 1024);
    }

    public void testSymmetricTokenPerfHelper(String str, int i) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (int i2 = 0; i2 < 1000; i2++) {
            arrayList.add(generateTestToken());
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str);
            keyGenerator.init(i);
            try {
                Mac mac = Mac.getInstance(str);
                SecretKey generateKey = keyGenerator.generateKey();
                long monotonicNowNanos = Time.monotonicNowNanos();
                for (int i3 = 0; i3 < 1000; i3++) {
                    arrayList2.add(signTokenSymmetric((OzoneBlockTokenIdentifier) arrayList.get(i3), mac, generateKey));
                }
                LOG.info("Average token sign time with {}({} symmetric key) is {} ns", new Object[]{str, Integer.valueOf(i), Long.valueOf((Time.monotonicNowNanos() - monotonicNowNanos) / MAX_LEN)});
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalArgumentException("Can't find " + str + " algorithm.");
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalArgumentException("Can't find " + str + " algorithm.");
        }
    }
}
