package org.apache.sqoop.repository;

import java.util.HashMap;
import java.util.Map;
import java.util.Random;
import org.apache.commons.codec.binary.Base64;
import org.apache.sqoop.common.MapContext;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.core.SqoopConfiguration;
import org.apache.sqoop.model.MMasterKey;
import org.mockito.ArgumentCaptor;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/sqoop/repository/TestMasterKeyManager.class */
public class TestMasterKeyManager {
    private MasterKeyManager masterKeyManager;
    private RepositoryManager repositoryManagerMock;
    private Repository jdbcRepoMock;
    private Map<String, String> configurationMap;
    private static final int HMAC_KEY_SIZE_BYTES = 32;
    private static final int CIPHER_KEY_SIZE_BYTES = 16;

    @BeforeMethod(alwaysRun = true)
    public void setUp() throws Exception {
        SqoopConfiguration sqoopConfiguration = (SqoopConfiguration) Mockito.mock(SqoopConfiguration.class);
        this.configurationMap = new HashMap();
        this.configurationMap.put("org.apache.sqoop.security.repo_encryption.enabled", String.valueOf(true));
        this.configurationMap.put("org.apache.sqoop.security.repo_encryption.password_generator", "echo youwillnevergetthis");
        this.configurationMap.put("org.apache.sqoop.security.repo_encryption.hmac_algorithm", "HmacSHA256");
        this.configurationMap.put("org.apache.sqoop.security.repo_encryption.cipher_algorithm", "AES");
        this.configurationMap.put("org.apache.sqoop.security.repo_encryption.cipher_key_size", String.valueOf(CIPHER_KEY_SIZE_BYTES));
        this.configurationMap.put("org.apache.sqoop.security.repo_encryption.initialization_vector_size", String.valueOf(CIPHER_KEY_SIZE_BYTES));
        this.configurationMap.put("org.apache.sqoop.security.repo_encryption.cipher_spec", "AES/CBC/PKCS5Padding");
        this.configurationMap.put("org.apache.sqoop.security.repo_encryption.pbkdf2_algorithm", "PBKDF2WithHmacSHA1");
        this.configurationMap.put("org.apache.sqoop.security.repo_encryption.pbkdf2_rounds", "4000");
        ((SqoopConfiguration) Mockito.doReturn(new MapContext(this.configurationMap)).when(sqoopConfiguration)).getContext();
        SqoopConfiguration.setInstance(sqoopConfiguration);
        this.repositoryManagerMock = (RepositoryManager) Mockito.mock(RepositoryManager.class);
        RepositoryManager.setInstance(this.repositoryManagerMock);
        this.jdbcRepoMock = (Repository) Mockito.mock(JdbcRepository.class);
        Mockito.when(this.jdbcRepoMock.getMasterKey((RepositoryTransaction) null)).thenReturn((Object) null);
        Mockito.when(this.repositoryManagerMock.getRepository()).thenReturn(this.jdbcRepoMock);
        this.masterKeyManager = MasterKeyManager.getInstance();
    }

    @AfterMethod(alwaysRun = true)
    public void tearDown() {
        this.masterKeyManager.destroy();
    }

    @Test(expectedExceptions = {SqoopException.class}, expectedExceptionsMessageRegExp = ".*No Master Key found")
    public void testInitializeWithoutKeyCreationWithoutExistingKey() {
        this.masterKeyManager.initialize(false);
    }

    @Test
    public void testInitializeWithoutKeyCreationWithExistingKey() {
        this.masterKeyManager.initialize();
        ArgumentCaptor forClass = ArgumentCaptor.forClass(MMasterKey.class);
        ((Repository) Mockito.verify(this.jdbcRepoMock, Mockito.times(1))).createMasterKey((MMasterKey) forClass.capture(), (RepositoryTransaction) Matchers.any(RepositoryTransaction.class));
        String generateRandomIv = this.masterKeyManager.generateRandomIv();
        String encryptWithMasterKey = this.masterKeyManager.encryptWithMasterKey("imasecret", generateRandomIv);
        this.masterKeyManager.destroy();
        this.jdbcRepoMock = (Repository) Mockito.mock(JdbcRepository.class);
        Mockito.when(this.jdbcRepoMock.getMasterKey((RepositoryTransaction) null)).thenReturn(forClass.getValue());
        Mockito.when(this.repositoryManagerMock.getRepository()).thenReturn(this.jdbcRepoMock);
        this.masterKeyManager.initialize();
        ((Repository) Mockito.verify(this.jdbcRepoMock, Mockito.times(1))).getMasterKey((RepositoryTransaction) null);
        Assert.assertEquals(this.masterKeyManager.decryptWithMasterKey(encryptWithMasterKey, generateRandomIv, this.masterKeyManager.generateHmacWithMasterHmacKey(encryptWithMasterKey)), "imasecret");
    }

    @Test
    public void testInitializeWithKeyCreationWithoutExistingKey() {
        this.masterKeyManager.initialize();
        ((Repository) Mockito.verify(this.jdbcRepoMock, Mockito.times(1))).createMasterKey((MMasterKey) Matchers.any(MMasterKey.class), (RepositoryTransaction) Matchers.any(RepositoryTransaction.class));
    }

    @Test(expectedExceptions = {SqoopException.class}, expectedExceptionsMessageRegExp = ".*HMAC validation failed for Master Key")
    public void testMasterKeyWithInvalidHmac() {
        this.jdbcRepoMock = (Repository) Mockito.mock(JdbcRepository.class);
        Mockito.when(this.jdbcRepoMock.getMasterKey((RepositoryTransaction) null)).thenReturn(new MMasterKey(Base64.encodeBase64String(generateRandomByteArray(CIPHER_KEY_SIZE_BYTES)), Base64.encodeBase64String(generateRandomByteArray(HMAC_KEY_SIZE_BYTES)), Base64.encodeBase64String(generateRandomByteArray(CIPHER_KEY_SIZE_BYTES)), Base64.encodeBase64String(generateRandomByteArray(CIPHER_KEY_SIZE_BYTES))));
        Mockito.when(this.repositoryManagerMock.getRepository()).thenReturn(this.jdbcRepoMock);
        this.masterKeyManager.initialize();
    }

    @Test(expectedExceptions = {SqoopException.class}, expectedExceptionsMessageRegExp = ".*No password or password generator set")
    public void testNoPasswordOrGenerator() {
        this.configurationMap.put("org.apache.sqoop.security.repo_encryption.password_generator", "");
        this.masterKeyManager.initialize();
    }

    @Test
    public void testEncryptAndDecryptWithMasterKey() {
        this.masterKeyManager.initialize();
        String generateRandomIv = this.masterKeyManager.generateRandomIv();
        String encryptWithMasterKey = this.masterKeyManager.encryptWithMasterKey("imasecret", generateRandomIv);
        Assert.assertEquals(this.masterKeyManager.decryptWithMasterKey(encryptWithMasterKey, generateRandomIv, this.masterKeyManager.generateHmacWithMasterHmacKey(encryptWithMasterKey)), "imasecret");
    }

    @Test(expectedExceptions = {SqoopException.class}, expectedExceptionsMessageRegExp = ".*HMAC validation failed for input")
    public void testEncryptAndDecryptWithMasterKeyWithInvalidHmac() {
        this.masterKeyManager.initialize();
        String generateRandomIv = this.masterKeyManager.generateRandomIv();
        this.masterKeyManager.decryptWithMasterKey(this.masterKeyManager.encryptWithMasterKey("imasecret", generateRandomIv), generateRandomIv, Base64.encodeBase64String(generateRandomByteArray(HMAC_KEY_SIZE_BYTES)));
    }

    @Test(expectedExceptions = {SqoopException.class}, expectedExceptionsMessageRegExp = ".*Invalid configuration.*org.apache.sqoop.security.repo_encryption.pbkdf2_algorithm")
    public void testMissingConfiguration() {
        this.configurationMap.put("org.apache.sqoop.security.repo_encryption.pbkdf2_algorithm", "");
        this.masterKeyManager.initialize();
    }

    private static byte[] generateRandomByteArray(int i) {
        byte[] bArr = new byte[i];
        new Random().nextBytes(bArr);
        return bArr;
    }
}
