package org.apache.hadoop.security.ssl;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Objects;
import java.util.Timer;
import java.util.concurrent.TimeoutException;
import java.util.function.Consumer;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.thirdparty.com.google.common.base.Supplier;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.101-eep-910-tests.jar:org/apache/hadoop/security/ssl/TestReloadingX509KeyManager.class */
public class TestReloadingX509KeyManager {
    private static final String BASEDIR = GenericTestUtils.getTempPath(TestReloadingX509TrustManager.class.getSimpleName());
    private final GenericTestUtils.LogCapturer reloaderLog = GenericTestUtils.LogCapturer.captureLogs(FileMonitoringTimerTask.LOG);

    @BeforeClass
    public static void setUp() throws Exception {
        File file = new File(BASEDIR);
        FileUtil.fullyDelete(file);
        file.mkdirs();
    }

    @Test(expected = IOException.class)
    public void testLoadMissingKeyStore() throws Exception {
        new ReloadingX509KeystoreManager("jks", BASEDIR + "/testmissing.jks", "password", "password");
    }

    @Test(expected = IOException.class)
    public void testLoadCorruptKeyStore() throws Exception {
        String str = BASEDIR + "/testcorrupt.jks";
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        fileOutputStream.write(1);
        fileOutputStream.close();
        new ReloadingX509KeystoreManager("jks", str, "password", "password");
    }

    @Test(timeout = 3000000)
    public void testReload() throws Exception {
        final KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=localhost, O=server", generateKeyPair, 30, "SHA1withRSA");
        String str = BASEDIR + "/testreload.jks";
        KeyStoreTestUtil.createKeyStore(str, "password", "cert1", generateKeyPair.getPrivate(), generateCertificate);
        Timer timer = new Timer(FileBasedKeyStoresFactory.SSL_MONITORING_THREAD_NAME, true);
        final ReloadingX509KeystoreManager reloadingX509KeystoreManager = new ReloadingX509KeystoreManager("jks", str, "password", "password");
        try {
            Path path = Paths.get(str, new String[0]);
            Objects.requireNonNull(reloadingX509KeystoreManager);
            timer.schedule(new FileMonitoringTimerTask(path, (Consumer<Path>) reloadingX509KeystoreManager::loadFrom, (Consumer<Throwable>) null), 10L, 10L);
            Assert.assertEquals(generateKeyPair.getPrivate(), reloadingX509KeystoreManager.getPrivateKey("cert1"));
            Thread.sleep(10 + 1000);
            KeyPair generateKeyPair2 = KeyStoreTestUtil.generateKeyPair("RSA");
            KeyStoreTestUtil.createKeyStore(str, "password", "cert1", generateKeyPair2.getPrivate(), KeyStoreTestUtil.generateCertificate("CN=localhost, O=server", generateKeyPair2, 30, "SHA1withRSA"));
            GenericTestUtils.waitFor(new Supplier<Boolean>() { // from class: org.apache.hadoop.security.ssl.TestReloadingX509KeyManager.1
                @Override // org.apache.hadoop.thirdparty.com.google.common.base.Supplier, java.util.function.Supplier
                public Boolean get() {
                    return Boolean.valueOf(reloadingX509KeystoreManager.getPrivateKey("cert1").equals(generateKeyPair.getPrivate()));
                }
            }, (int) 10, 100000L);
            timer.cancel();
        } catch (Throwable th) {
            timer.cancel();
            throw th;
        }
    }

    @Test(timeout = 30000)
    public void testReloadMissingTrustStore() throws Exception {
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=Cert1", generateKeyPair, 30, "SHA1withRSA");
        String str = BASEDIR + "/testmissing.jks";
        KeyStoreTestUtil.createKeyStore(str, "password", "cert1", generateKeyPair.getPrivate(), generateCertificate);
        Timer timer = new Timer(FileBasedKeyStoresFactory.SSL_MONITORING_THREAD_NAME, true);
        ReloadingX509KeystoreManager reloadingX509KeystoreManager = new ReloadingX509KeystoreManager("jks", str, "password", "password");
        try {
            Path path = Paths.get(str, new String[0]);
            Objects.requireNonNull(reloadingX509KeystoreManager);
            timer.schedule(new FileMonitoringTimerTask(path, (Consumer<Path>) reloadingX509KeystoreManager::loadFrom, (Consumer<Throwable>) null), 10L, 10L);
            Assert.assertEquals(generateKeyPair.getPrivate(), reloadingX509KeystoreManager.getPrivateKey("cert1"));
            Assert.assertFalse(this.reloaderLog.getOutput().contains("Could not process file change : "));
            Thread.sleep(10 + 1000);
            new File(str).delete();
            Thread.sleep(10 + 1000);
            waitForFailedReloadAtLeastOnce((int) 10);
            Assert.assertEquals(generateKeyPair.getPrivate(), reloadingX509KeystoreManager.getPrivateKey("cert1"));
            this.reloaderLog.stopCapturing();
            timer.cancel();
        } catch (Throwable th) {
            this.reloaderLog.stopCapturing();
            timer.cancel();
            throw th;
        }
    }

    @Test(timeout = 30000)
    public void testReloadCorruptTrustStore() throws Exception {
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=Cert1", generateKeyPair, 30, "SHA1withRSA");
        String str = BASEDIR + "/testmissing.jks";
        KeyStoreTestUtil.createKeyStore(str, "password", "cert1", generateKeyPair.getPrivate(), generateCertificate);
        Timer timer = new Timer(FileBasedKeyStoresFactory.SSL_MONITORING_THREAD_NAME, true);
        ReloadingX509KeystoreManager reloadingX509KeystoreManager = new ReloadingX509KeystoreManager("jks", str, "password", "password");
        try {
            Path path = Paths.get(str, new String[0]);
            Objects.requireNonNull(reloadingX509KeystoreManager);
            timer.schedule(new FileMonitoringTimerTask(path, (Consumer<Path>) reloadingX509KeystoreManager::loadFrom, (Consumer<Throwable>) null), 10L, 10L);
            Assert.assertEquals(generateKeyPair.getPrivate(), reloadingX509KeystoreManager.getPrivateKey("cert1"));
            Thread.sleep(10 + 1000);
            Assert.assertFalse(this.reloaderLog.getOutput().contains("Could not process file change : "));
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            fileOutputStream.write(1);
            fileOutputStream.close();
            waitForFailedReloadAtLeastOnce((int) 10);
            Assert.assertEquals(generateKeyPair.getPrivate(), reloadingX509KeystoreManager.getPrivateKey("cert1"));
            this.reloaderLog.stopCapturing();
            timer.cancel();
        } catch (Throwable th) {
            this.reloaderLog.stopCapturing();
            timer.cancel();
            throw th;
        }
    }

    private void waitForFailedReloadAtLeastOnce(int i) throws InterruptedException, TimeoutException {
        GenericTestUtils.waitFor(new Supplier<Boolean>() { // from class: org.apache.hadoop.security.ssl.TestReloadingX509KeyManager.2
            @Override // org.apache.hadoop.thirdparty.com.google.common.base.Supplier, java.util.function.Supplier
            public Boolean get() {
                return Boolean.valueOf(TestReloadingX509KeyManager.this.reloaderLog.getOutput().contains("Could not process file change : "));
            }
        }, i, 10000L);
    }
}
