package org.apache.hadoop.crypto.key;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
import java.util.UUID;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.kms.KMSRESTConstants;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.metrics2.sink.ganglia.AbstractGangliaSink;
import org.apache.hadoop.security.ProviderUtils;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.tools.TestCommandShell;
import org.apache.hadoop.util.FindClass;
import org.apache.hadoop.yarn.client.cli.YarnCLI;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/hadoop-common-3.3.5.200-eep-921-tests.jar:org/apache/hadoop/crypto/key/TestKeyShell.class
 */
/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.200-eep-921-v202312190334-tests.jar:org/apache/hadoop/crypto/key/TestKeyShell.class */
public class TestKeyShell {
    private final ByteArrayOutputStream outContent = new ByteArrayOutputStream();
    private final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
    private PrintStream initialStdOut;
    private PrintStream initialStdErr;
    private String jceksProvider;

    @Before
    public void setup() throws Exception {
        this.outContent.reset();
        this.errContent.reset();
        File testDir = GenericTestUtils.getTestDir(UUID.randomUUID().toString());
        if (!testDir.mkdirs()) {
            throw new IOException("Unable to create " + testDir);
        }
        this.jceksProvider = "jceks://file" + new Path(testDir.toString(), "keystore.jceks").toUri();
        this.initialStdOut = System.out;
        this.initialStdErr = System.err;
        System.setOut(new PrintStream(this.outContent));
        System.setErr(new PrintStream(this.errContent));
    }

    @After
    public void cleanUp() throws Exception {
        System.setOut(this.initialStdOut);
        System.setErr(this.initialStdErr);
    }

    private void deleteKey(KeyShell keyShell, String str) throws Exception {
        this.outContent.reset();
        Assert.assertEquals(0L, keyShell.run(new String[]{"delete", str, "-f", "-provider", this.jceksProvider}));
        Assert.assertTrue(this.outContent.toString().contains(str + " has been successfully deleted."));
    }

    private String listKeys(KeyShell keyShell, boolean z) throws Exception {
        this.outContent.reset();
        Assert.assertEquals(0L, keyShell.run(z ? new String[]{YarnCLI.LIST_CMD, "-metadata", "-provider", this.jceksProvider} : new String[]{YarnCLI.LIST_CMD, "-provider", this.jceksProvider}));
        return this.outContent.toString();
    }

    @Test
    public void testKeySuccessfulKeyLifecycle() throws Exception {
        KeyShell keyShell = new KeyShell();
        keyShell.setConf(new Configuration());
        this.outContent.reset();
        Assert.assertEquals(0L, keyShell.run(new String[]{FindClass.A_CREATE, "key1", "-provider", this.jceksProvider}));
        Assert.assertTrue(this.outContent.toString().contains("key1 has been successfully created"));
        Assert.assertTrue(this.outContent.toString().contains(ProviderUtils.NO_PASSWORD_WARN));
        Assert.assertTrue(this.outContent.toString().contains(ProviderUtils.NO_PASSWORD_INSTRUCTIONS_DOC));
        Assert.assertTrue(this.outContent.toString().contains(ProviderUtils.NO_PASSWORD_CONT));
        Assert.assertTrue(listKeys(keyShell, false).contains("key1"));
        String listKeys = listKeys(keyShell, true);
        Assert.assertTrue(listKeys.contains("key1"));
        Assert.assertTrue(listKeys.contains(KMSRESTConstants.DESCRIPTION_FIELD));
        Assert.assertTrue(listKeys.contains("created"));
        this.outContent.reset();
        Assert.assertEquals(0L, keyShell.run(new String[]{"roll", "key1", "-provider", this.jceksProvider}));
        Assert.assertTrue(this.outContent.toString().contains("key1 has been successfully rolled."));
        this.outContent.reset();
        Assert.assertEquals(0L, keyShell.run(new String[]{"invalidateCache", "key1", "-provider", this.jceksProvider}));
        Assert.assertTrue(this.outContent.toString().contains("key1 has been successfully invalidated."));
        deleteKey(keyShell, "key1");
        String listKeys2 = listKeys(keyShell, false);
        Assert.assertFalse(listKeys2, listKeys2.contains("key1"));
    }

    @Test
    public void testKeySuccessfulCreationWithDescription() throws Exception {
        this.outContent.reset();
        String[] strArr = {FindClass.A_CREATE, "key1", "-provider", this.jceksProvider, "-description", "someDescription"};
        KeyShell keyShell = new KeyShell();
        keyShell.setConf(new Configuration());
        Assert.assertEquals(0L, keyShell.run(strArr));
        Assert.assertTrue(this.outContent.toString().contains("key1 has been successfully created"));
        String listKeys = listKeys(keyShell, true);
        Assert.assertTrue(listKeys.contains(KMSRESTConstants.DESCRIPTION_FIELD));
        Assert.assertTrue(listKeys.contains("someDescription"));
    }

    @Test
    public void testInvalidKeySize() throws Exception {
        String[] strArr = {FindClass.A_CREATE, "key1", "-size", "56", "-provider", this.jceksProvider};
        new KeyShell().setConf(new Configuration());
        Assert.assertEquals(1L, r0.run(strArr));
        Assert.assertTrue(this.outContent.toString().contains("key1 has not been created."));
    }

    @Test
    public void testInvalidCipher() throws Exception {
        String[] strArr = {FindClass.A_CREATE, "key1", "-cipher", "LJM", "-provider", this.jceksProvider};
        new KeyShell().setConf(new Configuration());
        Assert.assertEquals(1L, r0.run(strArr));
        Assert.assertTrue(this.outContent.toString().contains("key1 has not been created."));
    }

    @Test
    public void testInvalidProvider() throws Exception {
        String[] strArr = {FindClass.A_CREATE, "key1", "-cipher", "AES", "-provider", "sdff://file/tmp/keystore.jceks"};
        new KeyShell().setConf(new Configuration());
        Assert.assertEquals(1L, r0.run(strArr));
        Assert.assertTrue(this.outContent.toString().contains("There are no valid (non-transient) providers configured.\nNo action has been taken. Use the -provider option to specify\na provider. If you want to use a transient provider then you\nMUST use the -provider argument."));
    }

    @Test
    public void testTransientProviderWarning() throws Exception {
        String[] strArr = {FindClass.A_CREATE, "key1", "-cipher", "AES", "-provider", "user:///"};
        new KeyShell().setConf(new Configuration());
        Assert.assertEquals(0L, r0.run(strArr));
        Assert.assertTrue(this.outContent.toString().contains("WARNING: you are modifying a transient provider."));
    }

    @Test
    public void testTransientProviderOnlyConfig() throws Exception {
        String[] strArr = {FindClass.A_CREATE, "key1"};
        KeyShell keyShell = new KeyShell();
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.key.provider.path", "user:///");
        keyShell.setConf(configuration);
        Assert.assertEquals(1L, keyShell.run(strArr));
        Assert.assertTrue(this.outContent.toString().contains("There are no valid (non-transient) providers configured.\nNo action has been taken. Use the -provider option to specify\na provider. If you want to use a transient provider then you\nMUST use the -provider argument."));
    }

    @Test
    public void testStrict() throws Exception {
        this.outContent.reset();
        new KeyShell().setConf(new Configuration());
        Assert.assertEquals(1L, r0.run(new String[]{FindClass.A_CREATE, TestCommandShell.Example.HELLO, "-provider", this.jceksProvider, "-strict"}));
        Assert.assertTrue(this.outContent.toString().contains(ProviderUtils.NO_PASSWORD_ERROR));
        Assert.assertTrue(this.outContent.toString().contains(ProviderUtils.NO_PASSWORD_INSTRUCTIONS_DOC));
    }

    @Test
    public void testFullCipher() throws Exception {
        String[] strArr = {FindClass.A_CREATE, "key1", "-cipher", "AES/CBC/pkcs5Padding", "-provider", this.jceksProvider};
        KeyShell keyShell = new KeyShell();
        keyShell.setConf(new Configuration());
        Assert.assertEquals(0L, keyShell.run(strArr));
        Assert.assertTrue(this.outContent.toString().contains("key1 has been successfully created"));
        deleteKey(keyShell, "key1");
    }

    @Test
    public void testAttributes() throws Exception {
        KeyShell keyShell = new KeyShell();
        keyShell.setConf(new Configuration());
        Assert.assertEquals(0L, keyShell.run(new String[]{FindClass.A_CREATE, "keyattr1", "-provider", this.jceksProvider, "-attr", "foo=bar"}));
        Assert.assertTrue(this.outContent.toString().contains("keyattr1 has been successfully created"));
        String listKeys = listKeys(keyShell, true);
        Assert.assertTrue(listKeys.contains("keyattr1"));
        Assert.assertTrue(listKeys.contains("attributes: [foo=bar]"));
        this.outContent.reset();
        String[] strArr = {FindClass.A_CREATE, "keyattr2", "-provider", this.jceksProvider, "-attr", "=bar"};
        Assert.assertEquals(1L, keyShell.run(strArr));
        this.outContent.reset();
        strArr[5] = "foo";
        Assert.assertEquals(1L, keyShell.run(strArr));
        this.outContent.reset();
        strArr[5] = AbstractGangliaSink.EQUAL;
        Assert.assertEquals(1L, keyShell.run(strArr));
        this.outContent.reset();
        strArr[5] = "a=b=c";
        Assert.assertEquals(0L, keyShell.run(strArr));
        String listKeys2 = listKeys(keyShell, true);
        Assert.assertTrue(listKeys2.contains("keyattr2"));
        Assert.assertTrue(listKeys2.contains("attributes: [a=b=c]"));
        this.outContent.reset();
        Assert.assertEquals(0L, keyShell.run(new String[]{FindClass.A_CREATE, "keyattr3", "-provider", this.jceksProvider, "-attr", "foo = bar", "-attr", " glarch =baz  ", "-attr", "abc=def"}));
        String listKeys3 = listKeys(keyShell, true);
        Assert.assertTrue(listKeys3.contains("keyattr3"));
        Assert.assertTrue(listKeys3.contains("[foo=bar]"));
        Assert.assertTrue(listKeys3.contains("[glarch=baz]"));
        Assert.assertTrue(listKeys3.contains("[abc=def]"));
        this.outContent.reset();
        Assert.assertEquals(1L, keyShell.run(new String[]{FindClass.A_CREATE, "keyattr4", "-provider", this.jceksProvider, "-attr", "foo=bar", "-attr", "foo=glarch"}));
        deleteKey(keyShell, "keyattr1");
        deleteKey(keyShell, "keyattr2");
        deleteKey(keyShell, "keyattr3");
    }
}
