package org.apache.hadoop.security.ssl;

import java.io.File;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Collections;
import javax.net.ssl.HttpsURLConnection;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.hadoop.security.ssl.SSLFactory;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:lib/hadoop-common-2.7.0-mapr-1803-r1-tests.jar:org/apache/hadoop/security/ssl/TestSSLFactory.class */
public class TestSSLFactory {
    private static final String BASEDIR = System.getProperty("test.build.dir", "target/test-dir") + "/" + TestSSLFactory.class.getSimpleName();
    private static final String KEYSTORES_DIR = new File(BASEDIR).getAbsolutePath();
    private String sslConfsDir;

    @BeforeClass
    public static void setUp() throws Exception {
        File file = new File(BASEDIR);
        FileUtil.fullyDelete(file);
        file.mkdirs();
    }

    private Configuration createConfiguration(boolean z, boolean z2) throws Exception {
        Configuration configuration = new Configuration();
        KeyStoreTestUtil.setupSSLConfig(KEYSTORES_DIR, this.sslConfsDir, configuration, z, z2);
        return configuration;
    }

    @Before
    @After
    public void cleanUp() throws Exception {
        this.sslConfsDir = KeyStoreTestUtil.getClasspathDir(TestSSLFactory.class);
        KeyStoreTestUtil.cleanupSSLConfig(KEYSTORES_DIR, this.sslConfsDir);
    }

    @Test(expected = IllegalStateException.class)
    public void clientMode() throws Exception {
        SSLFactory sSLFactory = new SSLFactory(SSLFactory.Mode.CLIENT, createConfiguration(false, true));
        try {
            sSLFactory.init();
            Assert.assertNotNull(sSLFactory.createSSLSocketFactory());
            Assert.assertNotNull(sSLFactory.getHostnameVerifier());
            sSLFactory.createSSLServerSocketFactory();
            sSLFactory.destroy();
        } catch (Throwable th) {
            sSLFactory.destroy();
            throw th;
        }
    }

    private void serverMode(boolean z, boolean z2) throws Exception {
        SSLFactory sSLFactory = new SSLFactory(SSLFactory.Mode.SERVER, createConfiguration(z, true));
        try {
            sSLFactory.init();
            Assert.assertNotNull(sSLFactory.createSSLServerSocketFactory());
            Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(sSLFactory.isClientCertRequired()));
            if (z2) {
                sSLFactory.createSSLSocketFactory();
            } else {
                sSLFactory.getHostnameVerifier();
            }
        } finally {
            sSLFactory.destroy();
        }
    }

    @Test(expected = IllegalStateException.class)
    public void serverModeWithoutClientCertsSocket() throws Exception {
        serverMode(false, true);
    }

    @Test(expected = IllegalStateException.class)
    public void serverModeWithClientCertsSocket() throws Exception {
        serverMode(true, true);
    }

    @Test(expected = IllegalStateException.class)
    public void serverModeWithoutClientCertsVerifier() throws Exception {
        serverMode(false, false);
    }

    @Test(expected = IllegalStateException.class)
    public void serverModeWithClientCertsVerifier() throws Exception {
        serverMode(true, false);
    }

    @Test
    public void validHostnameVerifier() throws Exception {
        Configuration createConfiguration = createConfiguration(false, true);
        createConfiguration.unset(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY);
        SSLFactory sSLFactory = new SSLFactory(SSLFactory.Mode.CLIENT, createConfiguration);
        sSLFactory.init();
        Assert.assertEquals("DEFAULT", sSLFactory.getHostnameVerifier().toString());
        sSLFactory.destroy();
        createConfiguration.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "ALLOW_ALL");
        SSLFactory sSLFactory2 = new SSLFactory(SSLFactory.Mode.CLIENT, createConfiguration);
        sSLFactory2.init();
        Assert.assertEquals("ALLOW_ALL", sSLFactory2.getHostnameVerifier().toString());
        sSLFactory2.destroy();
        createConfiguration.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "DEFAULT_AND_LOCALHOST");
        SSLFactory sSLFactory3 = new SSLFactory(SSLFactory.Mode.CLIENT, createConfiguration);
        sSLFactory3.init();
        Assert.assertEquals("DEFAULT_AND_LOCALHOST", sSLFactory3.getHostnameVerifier().toString());
        sSLFactory3.destroy();
        createConfiguration.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "STRICT");
        SSLFactory sSLFactory4 = new SSLFactory(SSLFactory.Mode.CLIENT, createConfiguration);
        sSLFactory4.init();
        Assert.assertEquals("STRICT", sSLFactory4.getHostnameVerifier().toString());
        sSLFactory4.destroy();
        createConfiguration.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "STRICT_IE6");
        SSLFactory sSLFactory5 = new SSLFactory(SSLFactory.Mode.CLIENT, createConfiguration);
        sSLFactory5.init();
        Assert.assertEquals("STRICT_IE6", sSLFactory5.getHostnameVerifier().toString());
        sSLFactory5.destroy();
    }

    @Test(expected = GeneralSecurityException.class)
    public void invalidHostnameVerifier() throws Exception {
        Configuration createConfiguration = createConfiguration(false, true);
        createConfiguration.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "foo");
        SSLFactory sSLFactory = new SSLFactory(SSLFactory.Mode.CLIENT, createConfiguration);
        try {
            sSLFactory.init();
            sSLFactory.destroy();
        } catch (Throwable th) {
            sSLFactory.destroy();
            throw th;
        }
    }

    @Test
    public void testConnectionConfigurator() throws Exception {
        Configuration createConfiguration = createConfiguration(false, true);
        createConfiguration.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "STRICT_IE6");
        SSLFactory sSLFactory = new SSLFactory(SSLFactory.Mode.CLIENT, createConfiguration);
        try {
            sSLFactory.init();
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL("https://foo").openConnection();
            Assert.assertNotSame("STRICT_IE6", httpsURLConnection.getHostnameVerifier().toString());
            sSLFactory.configure(httpsURLConnection);
            Assert.assertEquals("STRICT_IE6", httpsURLConnection.getHostnameVerifier().toString());
            sSLFactory.destroy();
        } catch (Throwable th) {
            sSLFactory.destroy();
            throw th;
        }
    }

    @Test
    public void testServerDifferentPasswordAndKeyPassword() throws Exception {
        checkSSLFactoryInitWithPasswords(SSLFactory.Mode.SERVER, "password", "keyPassword", "password", "keyPassword");
    }

    @Test
    public void testServerKeyPasswordDefaultsToPassword() throws Exception {
        checkSSLFactoryInitWithPasswords(SSLFactory.Mode.SERVER, "password", "password", "password", null);
    }

    @Test
    public void testClientDifferentPasswordAndKeyPassword() throws Exception {
        checkSSLFactoryInitWithPasswords(SSLFactory.Mode.CLIENT, "password", "keyPassword", "password", "keyPassword");
    }

    @Test
    public void testClientKeyPasswordDefaultsToPassword() throws Exception {
        checkSSLFactoryInitWithPasswords(SSLFactory.Mode.CLIENT, "password", "password", "password", null);
    }

    @Test
    public void testServerCredProviderPasswords() throws Exception {
        KeyStoreTestUtil.provisionPasswordsToCredentialProvider();
        checkSSLFactoryInitWithPasswords(SSLFactory.Mode.SERVER, "storepass", "keypass", null, null, true);
    }

    private void checkSSLFactoryInitWithPasswords(SSLFactory.Mode mode, String str, String str2, String str3, String str4) throws Exception {
        checkSSLFactoryInitWithPasswords(mode, str, str2, str3, str4, false);
    }

    private void checkSSLFactoryInitWithPasswords(SSLFactory.Mode mode, String str, String str2, String str3, String str4, boolean z) throws Exception {
        String str5;
        Configuration createClientSSLConfig;
        String absolutePath = new File(KEYSTORES_DIR, "keystore.jks").getAbsolutePath();
        String absolutePath2 = new File(KEYSTORES_DIR, "truststore.jks").getAbsolutePath();
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=Test", generateKeyPair, 30, "SHA1withRSA");
        KeyStoreTestUtil.createKeyStore(absolutePath, str, str2, "Test", generateKeyPair.getPrivate(), generateCertificate);
        KeyStoreTestUtil.createTrustStore(absolutePath2, "trustP", Collections.singletonMap("server", generateCertificate));
        if (z) {
            str3 = null;
            str4 = null;
        }
        if (mode == SSLFactory.Mode.SERVER) {
            str5 = "ssl-server.xml";
            createClientSSLConfig = KeyStoreTestUtil.createServerSSLConfig(absolutePath, str3, str4, absolutePath2);
            if (z) {
                createClientSSLConfig.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, "jceks://file" + new Path(new File(System.getProperty("test.build.data", "target/test-dir")).toString(), "test.jks").toUri());
            }
        } else {
            str5 = "ssl-client.xml";
            createClientSSLConfig = KeyStoreTestUtil.createClientSSLConfig(absolutePath, str3, str4, absolutePath2);
        }
        KeyStoreTestUtil.saveConfig(new File(this.sslConfsDir, str5), createClientSSLConfig);
        Configuration configuration = new Configuration();
        configuration.setBoolean(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY, true);
        SSLFactory sSLFactory = new SSLFactory(mode, configuration);
        try {
            sSLFactory.init();
            sSLFactory.destroy();
        } catch (Throwable th) {
            sSLFactory.destroy();
            throw th;
        }
    }

    @Test
    public void testNoClientCertsInitialization() throws Exception {
        Configuration createConfiguration = createConfiguration(false, true);
        createConfiguration.unset(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY);
        SSLFactory sSLFactory = new SSLFactory(SSLFactory.Mode.CLIENT, createConfiguration);
        try {
            sSLFactory.init();
            sSLFactory.destroy();
        } catch (Throwable th) {
            sSLFactory.destroy();
            throw th;
        }
    }

    @Test
    public void testNoTrustStore() throws Exception {
        Configuration createConfiguration = createConfiguration(false, false);
        createConfiguration.unset(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY);
        SSLFactory sSLFactory = new SSLFactory(SSLFactory.Mode.SERVER, createConfiguration);
        try {
            sSLFactory.init();
            sSLFactory.destroy();
        } catch (Throwable th) {
            sSLFactory.destroy();
            throw th;
        }
    }
}
