package org.apache.spark.network.crypto;

import com.google.common.collect.ImmutableMap;
import com.google.crypto.tink.subtle.Hex;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.FileRegion;
import java.nio.ByteBuffer;
import java.nio.channels.WritableByteChannel;
import java.security.GeneralSecurityException;
import java.util.Random;
import org.apache.spark.network.crypto.TransportCipher;
import org.apache.spark.network.util.ByteArrayWritableChannel;
import org.apache.spark.network.util.MapConfigProvider;
import org.apache.spark.network.util.TransportConf;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;

/* loaded from: input_file:org/apache/spark/network/crypto/AuthEngineSuite.class */
public class AuthEngineSuite {
    private static final String clientPrivate = "efe6b68b3fce92158e3637f6ef9d937e75558928dd4b401de04b43d300a73186";
    private static final String clientChallengeHex = "fb00000005617070496400000010890b6e960f48e998777267a7e4e623220000003c48ad7dc7ec9466da93bda9f11488dc9404050e02c661d87d67c782444944c6e369b27e0a416c30845a2d9e64271511ca98b41d65f8c426e18ff380f6";
    private static final String serverResponseHex = "fb00000005617070496400000010708451c9dd2792c97c1ca66e6df449ef0000003c64fe899ecdaf458d4e25e9d5c5a380b8e6d1a184692fac065ed84f8592c18e9629f9c636809dca2ffc041f20346eb53db7873808ecad08b46b5ee3ff";
    private static final String sharedKey = "31963f15a320d5c90333f7ecf5cf3a31c7eaf151de07fef8494663a9f47cfd31";
    private static final String inputIv = "fc6a5dc8b90a9dad8f54f08b51a59ed2";
    private static final String outputIv = "a72709baf00785cad6329ce09f631f71";
    private static TransportConf conf;

    @BeforeClass
    public static void setUp() {
        conf = new TransportConf("rpc", MapConfigProvider.EMPTY);
    }

    @Test
    public void testAuthEngine() throws Exception {
        AuthEngine authEngine = new AuthEngine("appId", "secret", conf);
        try {
            AuthEngine authEngine2 = new AuthEngine("appId", "secret", conf);
            try {
                AuthMessage challenge = authEngine.challenge();
                authEngine.deriveSessionCipher(challenge, authEngine2.response(challenge));
                TransportCipher sessionCipher = authEngine2.sessionCipher();
                TransportCipher sessionCipher2 = authEngine.sessionCipher();
                Assert.assertArrayEquals(sessionCipher.getInputIv(), sessionCipher2.getOutputIv());
                Assert.assertArrayEquals(sessionCipher.getOutputIv(), sessionCipher2.getInputIv());
                Assert.assertEquals(sessionCipher.getKey(), sessionCipher2.getKey());
                authEngine2.close();
                authEngine.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                authEngine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test(expected = IllegalArgumentException.class)
    public void testCorruptChallengeAppId() throws Exception {
        AuthEngine authEngine = new AuthEngine("appId", "secret", conf);
        try {
            AuthEngine authEngine2 = new AuthEngine("appId", "secret", conf);
            try {
                AuthMessage challenge = authEngine.challenge();
                authEngine2.response(new AuthMessage("junk", challenge.salt, challenge.ciphertext));
                authEngine2.close();
                authEngine.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                authEngine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test(expected = GeneralSecurityException.class)
    public void testCorruptChallengeSalt() throws Exception {
        AuthEngine authEngine = new AuthEngine("appId", "secret", conf);
        try {
            AuthEngine authEngine2 = new AuthEngine("appId", "secret", conf);
            try {
                AuthMessage challenge = authEngine.challenge();
                byte[] bArr = challenge.salt;
                bArr[0] = (byte) (bArr[0] ^ 1);
                authEngine2.response(challenge);
                authEngine2.close();
                authEngine.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                authEngine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test(expected = GeneralSecurityException.class)
    public void testCorruptChallengeCiphertext() throws Exception {
        AuthEngine authEngine = new AuthEngine("appId", "secret", conf);
        try {
            AuthEngine authEngine2 = new AuthEngine("appId", "secret", conf);
            try {
                AuthMessage challenge = authEngine.challenge();
                byte[] bArr = challenge.ciphertext;
                bArr[0] = (byte) (bArr[0] ^ 1);
                authEngine2.response(challenge);
                authEngine2.close();
                authEngine.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                authEngine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test(expected = IllegalArgumentException.class)
    public void testCorruptResponseAppId() throws Exception {
        AuthEngine authEngine = new AuthEngine("appId", "secret", conf);
        try {
            AuthEngine authEngine2 = new AuthEngine("appId", "secret", conf);
            try {
                AuthMessage challenge = authEngine.challenge();
                AuthMessage response = authEngine2.response(challenge);
                authEngine.deriveSessionCipher(challenge, new AuthMessage("junk", response.salt, response.ciphertext));
                authEngine2.close();
                authEngine.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                authEngine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test(expected = GeneralSecurityException.class)
    public void testCorruptResponseSalt() throws Exception {
        AuthEngine authEngine = new AuthEngine("appId", "secret", conf);
        try {
            AuthEngine authEngine2 = new AuthEngine("appId", "secret", conf);
            try {
                AuthMessage challenge = authEngine.challenge();
                AuthMessage response = authEngine2.response(challenge);
                byte[] bArr = response.salt;
                bArr[0] = (byte) (bArr[0] ^ 1);
                authEngine.deriveSessionCipher(challenge, response);
                authEngine2.close();
                authEngine.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                authEngine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test(expected = GeneralSecurityException.class)
    public void testCorruptServerCiphertext() throws Exception {
        AuthEngine authEngine = new AuthEngine("appId", "secret", conf);
        try {
            AuthEngine authEngine2 = new AuthEngine("appId", "secret", conf);
            try {
                AuthMessage challenge = authEngine.challenge();
                AuthMessage response = authEngine2.response(challenge);
                byte[] bArr = response.ciphertext;
                bArr[0] = (byte) (bArr[0] ^ 1);
                authEngine.deriveSessionCipher(challenge, response);
                authEngine2.close();
                authEngine.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                authEngine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void testFixedChallenge() throws Exception {
        AuthEngine authEngine = new AuthEngine("appId", "secret", conf);
        try {
            authEngine.response(AuthMessage.decodeMessage(ByteBuffer.wrap(Hex.decode(clientChallengeHex))));
            authEngine.close();
        } catch (Throwable th) {
            try {
                authEngine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void testFixedChallengeResponse() throws Exception {
        AuthEngine authEngine = new AuthEngine("appId", "secret", conf);
        try {
            authEngine.setClientPrivateKey(Hex.decode(clientPrivate));
            authEngine.deriveSessionCipher(AuthMessage.decodeMessage(ByteBuffer.wrap(Hex.decode(clientChallengeHex))), AuthMessage.decodeMessage(ByteBuffer.wrap(Hex.decode(serverResponseHex))));
            TransportCipher sessionCipher = authEngine.sessionCipher();
            Assert.assertEquals(Hex.encode(sessionCipher.getKey().getEncoded()), sharedKey);
            Assert.assertEquals(Hex.encode(sessionCipher.getInputIv()), inputIv);
            Assert.assertEquals(Hex.encode(sessionCipher.getOutputIv()), outputIv);
            authEngine.close();
        } catch (Throwable th) {
            try {
                authEngine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test(expected = GeneralSecurityException.class)
    public void testMismatchedSecret() throws Exception {
        AuthEngine authEngine = new AuthEngine("appId", "secret", conf);
        try {
            AuthEngine authEngine2 = new AuthEngine("appId", "different_secret", conf);
            try {
                authEngine2.response(authEngine.challenge());
                authEngine2.close();
                authEngine.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                authEngine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test(expected = AssertionError.class)
    public void testBadKeySize() throws Exception {
        AuthEngine authEngine = new AuthEngine("appId", "secret", new TransportConf("rpc", new MapConfigProvider(ImmutableMap.of("spark.network.crypto.keyLength", "42"))));
        try {
            authEngine.challenge();
            Assert.fail("Should have failed to create challenge message.");
            authEngine.close();
            authEngine.close();
        } catch (Throwable th) {
            try {
                authEngine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void testEncryptedMessage() throws Exception {
        AuthEngine authEngine = new AuthEngine("appId", "secret", conf);
        try {
            AuthEngine authEngine2 = new AuthEngine("appId", "secret", conf);
            try {
                AuthMessage challenge = authEngine.challenge();
                authEngine.deriveSessionCipher(challenge, authEngine2.response(challenge));
                TransportCipher.EncryptionHandler encryptionHandler = new TransportCipher.EncryptionHandler(authEngine2.sessionCipher());
                byte[] bArr = new byte[32769];
                new Random().nextBytes(bArr);
                ByteBuf wrappedBuffer = Unpooled.wrappedBuffer(bArr);
                ByteArrayWritableChannel byteArrayWritableChannel = new ByteArrayWritableChannel(bArr.length);
                TransportCipher.EncryptedMessage createEncryptedMessage = encryptionHandler.createEncryptedMessage(wrappedBuffer);
                while (createEncryptedMessage.transferred() < createEncryptedMessage.count()) {
                    createEncryptedMessage.transferTo(byteArrayWritableChannel, createEncryptedMessage.transferred());
                }
                Assert.assertEquals(bArr.length, byteArrayWritableChannel.length());
                authEngine2.close();
                authEngine.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                authEngine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void testEncryptedMessageWhenTransferringZeroBytes() throws Exception {
        AuthEngine authEngine = new AuthEngine("appId", "secret", conf);
        try {
            AuthEngine authEngine2 = new AuthEngine("appId", "secret", conf);
            try {
                AuthMessage challenge = authEngine.challenge();
                authEngine.deriveSessionCipher(challenge, authEngine2.response(challenge));
                TransportCipher.EncryptionHandler encryptionHandler = new TransportCipher.EncryptionHandler(authEngine2.sessionCipher());
                final int i = 4;
                FileRegion fileRegion = (FileRegion) Mockito.mock(FileRegion.class);
                Mockito.when(Long.valueOf(fileRegion.count())).thenReturn(Long.valueOf(4));
                Mockito.when(Long.valueOf(fileRegion.transferTo((WritableByteChannel) Mockito.any(), Mockito.anyLong()))).thenAnswer(new Answer<Long>() { // from class: org.apache.spark.network.crypto.AuthEngineSuite.1
                    private boolean firstTime = true;

                    /* renamed from: answer, reason: merged with bridge method [inline-methods] */
                    public Long m10answer(InvocationOnMock invocationOnMock) throws Throwable {
                        if (this.firstTime) {
                            this.firstTime = false;
                            return 0L;
                        }
                        ((WritableByteChannel) invocationOnMock.getArgument(0)).write(ByteBuffer.wrap(new byte[i]));
                        return Long.valueOf(i);
                    }
                });
                TransportCipher.EncryptedMessage createEncryptedMessage = encryptionHandler.createEncryptedMessage(fileRegion);
                ByteArrayWritableChannel byteArrayWritableChannel = new ByteArrayWritableChannel(4);
                Assert.assertEquals(0L, createEncryptedMessage.transferTo(byteArrayWritableChannel, createEncryptedMessage.transferred()));
                Assert.assertEquals(4, createEncryptedMessage.transferTo(byteArrayWritableChannel, createEncryptedMessage.transferred()));
                Assert.assertEquals(createEncryptedMessage.transferred(), createEncryptedMessage.count());
                Assert.assertEquals(4L, byteArrayWritableChannel.length());
                authEngine2.close();
                authEngine.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                authEngine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
