package org.apache.drill.exec.rpc.user.security;

import com.typesafe.config.ConfigValueFactory;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import java.io.File;
import java.io.FileOutputStream;
import java.net.InetAddress;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Properties;
import junit.framework.TestCase;
import org.apache.drill.common.config.DrillConfig;
import org.apache.drill.test.BaseTestQuery;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;

/* loaded from: input_file:org/apache/drill/exec/rpc/user/security/TestUserBitSSL.class */
public class TestUserBitSSL extends BaseTestQuery {
    private static DrillConfig newConfig;
    private static Properties initProps;
    private static ClassLoader classLoader;
    private static String ksPath;
    private static String tsPath;
    private static String emptyTSPath;
    private static String unknownKsPath;

    @BeforeClass
    public static void setupTest() throws Exception {
        classLoader = TestUserBitSSL.class.getClassLoader();
        ksPath = new File(classLoader.getResource("ssl/keystore.ks").getFile()).getAbsolutePath();
        unknownKsPath = new File(classLoader.getResource("ssl/unknownkeystore.ks").getFile()).getAbsolutePath();
        tsPath = new File(classLoader.getResource("ssl/truststore.ks").getFile()).getAbsolutePath();
        emptyTSPath = new File(classLoader.getResource("ssl/emptytruststore.ks").getFile()).getAbsolutePath();
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.ssl.useHadoopConfig", ConfigValueFactory.fromAnyRef(false)).withValue("drill.exec.security.user.encryption.ssl.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.ssl.keyStoreType", ConfigValueFactory.fromAnyRef("JKS")).withValue("drill.exec.ssl.keyStorePath", ConfigValueFactory.fromAnyRef(ksPath)).withValue("drill.exec.ssl.keyStorePassword", ConfigValueFactory.fromAnyRef("drill123")).withValue("drill.exec.ssl.keyPassword", ConfigValueFactory.fromAnyRef("drill123")).withValue("drill.exec.ssl.trustStoreType", ConfigValueFactory.fromAnyRef("JKS")).withValue("drill.exec.ssl.trustStorePath", ConfigValueFactory.fromAnyRef(tsPath)).withValue("drill.exec.ssl.trustStorePassword", ConfigValueFactory.fromAnyRef("drill123")).withValue("drill.exec.ssl.protocol", ConfigValueFactory.fromAnyRef("TLSv1.3")));
        initProps = new Properties();
        initProps.setProperty("enableTLS", "true");
        initProps.setProperty("trustStorePath", tsPath);
        initProps.setProperty("trustStorePassword", "drill123");
        initProps.setProperty("disableHostVerification", "true");
        updateTestCluster(1, newConfig, initProps);
    }

    @AfterClass
    public static void cleanTest() throws Exception {
        updateTestCluster(1, new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties())));
    }

    @Test
    public void testSSLConnection() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("enableTLS", "true");
        properties.setProperty("trustStorePath", tsPath);
        properties.setProperty("trustStorePassword", "drill123");
        properties.setProperty("disableHostVerification", "true");
        try {
            updateClient(properties);
        } catch (Exception e) {
            TestCase.fail("SSL Connection failed with exception [" + e.getMessage() + "]");
        }
    }

    @Test
    public void testSSLConnectionWithKeystore() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("enableTLS", "true");
        properties.setProperty("trustStorePath", ksPath);
        properties.setProperty("trustStorePassword", "drill123");
        properties.setProperty("disableHostVerification", "true");
        try {
            updateClient(properties);
        } catch (Exception e) {
            TestCase.fail("SSL Connection failed with exception [" + e.getMessage() + "]");
        }
    }

    @Test
    public void testSSLConnectionFailBadTrustStore() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("enableTLS", "true");
        properties.setProperty("trustStorePath", "");
        properties.setProperty("trustStorePassword", "drill123");
        properties.setProperty("disableHostVerification", "true");
        boolean z = false;
        try {
            updateClient(properties);
        } catch (Exception e) {
            z = true;
        }
        Assert.assertEquals(Boolean.valueOf(z), true);
    }

    @Test
    public void testSSLConnectionFailBadPassword() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("enableTLS", "true");
        properties.setProperty("trustStorePath", tsPath);
        properties.setProperty("trustStorePassword", "bad_password");
        properties.setProperty("disableHostVerification", "true");
        boolean z = false;
        try {
            updateClient(properties);
        } catch (Exception e) {
            z = true;
        }
        Assert.assertEquals(Boolean.valueOf(z), true);
    }

    @Test
    public void testSSLConnectionFailEmptyTrustStore() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("enableTLS", "true");
        properties.setProperty("trustStorePath", emptyTSPath);
        properties.setProperty("trustStorePassword", "drill123");
        properties.setProperty("disableHostVerification", "true");
        boolean z = false;
        try {
            updateClient(properties);
        } catch (Exception e) {
            z = true;
        }
        Assert.assertEquals(Boolean.valueOf(z), true);
    }

    @Test
    public void testSSLQuery() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("enableTLS", "true");
        properties.setProperty("trustStorePath", tsPath);
        properties.setProperty("trustStorePassword", "drill123");
        properties.setProperty("disableHostVerification", "true");
        try {
            updateClient(properties);
        } catch (Exception e) {
            TestCase.fail("SSL Connection failed with exception [" + e.getMessage() + "]");
        }
        test("SELECT * FROM cp.`region.json`");
    }

    @Test
    @Ignore("This test fails in some cases where the host name may be set up inconsistently.")
    public void testClientConfigHostnameVerification() {
        FileOutputStream fileOutputStream;
        try {
            SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate(InetAddress.getLocalHost().getHostName());
            File createTempFile = File.createTempFile("drillTestTrustStore", ".ks");
            createTempFile.deleteOnExit();
            String absolutePath = createTempFile.getAbsolutePath();
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, "test_password".toCharArray());
            keyStore.setCertificateEntry("drillTest", selfSignedCertificate.cert());
            try {
                fileOutputStream = new FileOutputStream(createTempFile);
                try {
                    keyStore.store(fileOutputStream, "test_password".toCharArray());
                    fileOutputStream.close();
                } finally {
                }
            } catch (Exception e) {
                TestCase.fail(e.getMessage());
            }
            File createTempFile2 = File.createTempFile("drillTestKeyStore", ".ks");
            createTempFile2.deleteOnExit();
            String absolutePath2 = createTempFile2.getAbsolutePath();
            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore2.load(null, "test_password".toCharArray());
            keyStore2.setKeyEntry("drillTest", selfSignedCertificate.key(), "test_password".toCharArray(), new Certificate[]{selfSignedCertificate.cert()});
            try {
                fileOutputStream = new FileOutputStream(createTempFile2);
                try {
                    keyStore2.store(fileOutputStream, "test_password".toCharArray());
                    fileOutputStream.close();
                } finally {
                }
            } catch (Exception e2) {
                TestCase.fail(e2.getMessage());
            }
            Properties properties = new Properties();
            properties.setProperty("enableTLS", "true");
            properties.setProperty("trustStorePath", absolutePath);
            properties.setProperty("trustStorePassword", "test_password");
            properties.setProperty("disableHostVerification", "false");
            updateTestCluster(1, new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.encryption.ssl.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.ssl.keyStoreType", ConfigValueFactory.fromAnyRef("JKS")).withValue("drill.exec.ssl.keyStorePath", ConfigValueFactory.fromAnyRef(absolutePath2)).withValue("drill.exec.ssl.keyStorePassword", ConfigValueFactory.fromAnyRef("test_password")).withValue("drill.exec.ssl.protocol", ConfigValueFactory.fromAnyRef("TLSv1.3"))), properties);
        } catch (Exception e3) {
            TestCase.fail(e3.getMessage());
        }
        updateTestCluster(1, newConfig, initProps);
    }

    @Test
    public void testClientConfigHostNameVerificationFail() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("enableTLS", "true");
        properties.setProperty("trustStorePath", tsPath);
        properties.setProperty("trustStorePassword", "password");
        properties.setProperty("disableHostVerification", "false");
        boolean z = false;
        try {
            updateClient(properties);
        } catch (Exception e) {
            z = true;
        }
        Assert.assertEquals(Boolean.valueOf(z), true);
    }

    @Test
    public void testClientConfigCertificateVerification() {
        boolean z = false;
        try {
            Properties properties = new Properties();
            properties.setProperty("enableTLS", "true");
            properties.setProperty("trustStorePath", tsPath);
            properties.setProperty("trustStorePassword", "drill123");
            properties.setProperty("disableHostVerification", "true");
            updateTestCluster(1, new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.encryption.ssl.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.ssl.keyStoreType", ConfigValueFactory.fromAnyRef("JKS")).withValue("drill.exec.ssl.keyStorePath", ConfigValueFactory.fromAnyRef(unknownKsPath)).withValue("drill.exec.ssl.keyStorePassword", ConfigValueFactory.fromAnyRef("drill123")).withValue("drill.exec.ssl.protocol", ConfigValueFactory.fromAnyRef("TLSv1.3"))), properties);
        } catch (Exception e) {
            z = true;
        }
        updateTestCluster(1, newConfig, initProps);
        Assert.assertEquals(Boolean.valueOf(z), true);
    }

    @Test
    public void testClientConfigNoCertificateVerification() {
        try {
            Properties properties = new Properties();
            properties.setProperty("enableTLS", "true");
            properties.setProperty("trustStorePath", tsPath);
            properties.setProperty("trustStorePassword", "drill123");
            properties.setProperty("disableHostVerification", "true");
            properties.setProperty("disableCertificateVerification", "true");
            updateTestCluster(1, new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.encryption.ssl.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.ssl.keyStoreType", ConfigValueFactory.fromAnyRef("JKS")).withValue("drill.exec.ssl.keyStorePath", ConfigValueFactory.fromAnyRef(unknownKsPath)).withValue("drill.exec.ssl.keyStorePassword", ConfigValueFactory.fromAnyRef("drill123")).withValue("drill.exec.ssl.protocol", ConfigValueFactory.fromAnyRef("TLSv1.3"))), properties);
        } catch (Exception e) {
            TestCase.fail(e.getMessage());
        }
        updateTestCluster(1, newConfig, initProps);
    }
}
