package org.apache.hadoop.hbase.io.crypto.tls;

import java.security.Security;
import java.util.Arrays;
import java.util.Collections;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.exceptions.KeyManagerException;
import org.apache.hadoop.hbase.exceptions.SSLContextException;
import org.apache.hadoop.hbase.exceptions.TrustManagerException;
import org.apache.hadoop.hbase.io.crypto.tls.X509Util;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.hbase.testclassification.SmallTests;
import org.apache.hbase.thirdparty.io.netty.buffer.ByteBufAllocator;
import org.apache.hbase.thirdparty.io.netty.handler.ssl.SslContext;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.mockito.Mockito;

@RunWith(Parameterized.class)
@Category({SecurityTests.class, SmallTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/io/crypto/tls/TestX509Util.class */
public class TestX509Util extends AbstractTestX509Parameterized {

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestX509Util.class);
    private static final char[] EMPTY_CHAR_ARRAY = new char[0];

    @Test
    public void testCreateSSLContextWithClientAuthDefault() throws Exception {
        Assert.assertTrue(X509Util.createSslContextForServer(conf).newEngine((ByteBufAllocator) Mockito.mock(ByteBufAllocator.class)).getNeedClientAuth());
    }

    @Test
    public void testCreateSSLContextWithClientAuthNEED() throws Exception {
        conf.set(X509Util.HBASE_SERVER_NETTY_TLS_CLIENT_AUTH_MODE, X509Util.ClientAuth.NEED.name());
        Assert.assertTrue(X509Util.createSslContextForServer(conf).newEngine((ByteBufAllocator) Mockito.mock(ByteBufAllocator.class)).getNeedClientAuth());
    }

    @Test
    public void testCreateSSLContextWithClientAuthWANT() throws Exception {
        conf.set(X509Util.HBASE_SERVER_NETTY_TLS_CLIENT_AUTH_MODE, X509Util.ClientAuth.WANT.name());
        Assert.assertTrue(X509Util.createSslContextForServer(conf).newEngine((ByteBufAllocator) Mockito.mock(ByteBufAllocator.class)).getWantClientAuth());
    }

    @Test
    public void testCreateSSLContextWithClientAuthNONE() throws Exception {
        conf.set(X509Util.HBASE_SERVER_NETTY_TLS_CLIENT_AUTH_MODE, X509Util.ClientAuth.NONE.name());
        SslContext createSslContextForServer = X509Util.createSslContextForServer(conf);
        ByteBufAllocator byteBufAllocator = (ByteBufAllocator) Mockito.mock(ByteBufAllocator.class);
        Assert.assertFalse(createSslContextForServer.newEngine(byteBufAllocator).getNeedClientAuth());
        Assert.assertFalse(createSslContextForServer.newEngine(byteBufAllocator).getWantClientAuth());
    }

    @Test
    public void testCreateSSLContextWithoutCustomProtocol() throws Exception {
        Assert.assertArrayEquals(new String[]{"TLSv1.2"}, X509Util.createSslContextForClient(conf).newEngine((ByteBufAllocator) Mockito.mock(ByteBufAllocator.class)).getEnabledProtocols());
    }

    @Test
    public void testCreateSSLContextWithCustomProtocol() throws Exception {
        conf.set(X509Util.TLS_CONFIG_PROTOCOL, "TLSv1.1");
        ByteBufAllocator byteBufAllocator = (ByteBufAllocator) Mockito.mock(ByteBufAllocator.class);
        Assert.assertEquals(Collections.singletonList("TLSv1.1"), Arrays.asList(X509Util.createSslContextForServer(conf).newEngine(byteBufAllocator).getEnabledProtocols()));
    }

    @Test(expected = SSLContextException.class)
    public void testCreateSSLContextWithoutKeyStoreLocationServer() throws Exception {
        conf.unset(X509Util.TLS_CONFIG_KEYSTORE_LOCATION);
        X509Util.createSslContextForServer(conf);
    }

    @Test
    public void testCreateSSLContextWithoutKeyStoreLocationClient() throws Exception {
        conf.unset(X509Util.TLS_CONFIG_KEYSTORE_LOCATION);
        X509Util.createSslContextForClient(conf);
    }

    @Test
    public void testCreateSSLContextWithoutTrustStoreLocationClient() throws Exception {
        conf.unset(X509Util.TLS_CONFIG_TRUSTSTORE_LOCATION);
        X509Util.createSslContextForClient(conf);
    }

    @Test
    public void testCreateSSLContextWithoutTrustStoreLocationServer() throws Exception {
        conf.unset(X509Util.TLS_CONFIG_TRUSTSTORE_LOCATION);
        X509Util.createSslContextForServer(conf);
    }

    @Test
    public void testCRLEnabled() throws Exception {
        conf.setBoolean(X509Util.TLS_CONFIG_CLR, true);
        X509Util.createSslContextForServer(conf);
        Assert.assertTrue(Boolean.valueOf(System.getProperty("com.sun.net.ssl.checkRevocation")).booleanValue());
        Assert.assertTrue(Boolean.valueOf(System.getProperty("com.sun.security.enableCRLDP")).booleanValue());
        Assert.assertFalse(Boolean.valueOf(Security.getProperty("ocsp.enable")).booleanValue());
    }

    @Test
    public void testCRLDisabled() throws Exception {
        X509Util.createSslContextForServer(conf);
        Assert.assertFalse(Boolean.valueOf(System.getProperty("com.sun.net.ssl.checkRevocation")).booleanValue());
        Assert.assertFalse(Boolean.valueOf(System.getProperty("com.sun.security.enableCRLDP")).booleanValue());
        Assert.assertFalse(Boolean.valueOf(Security.getProperty("ocsp.enable")).booleanValue());
    }

    @Test
    public void testLoadPEMKeyStore() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), this.x509TestContext.getKeyStorePassword(), KeyStoreFileType.PEM.getPropertyValue());
    }

    @Test
    public void testLoadPEMKeyStoreNullPassword() throws Exception {
        Assume.assumeThat(this.x509TestContext.getKeyStorePassword(), Matchers.equalTo(EMPTY_CHAR_ARRAY));
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), null, KeyStoreFileType.PEM.getPropertyValue());
    }

    @Test
    public void testLoadPEMKeyStoreAutodetectStoreFileType() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), this.x509TestContext.getKeyStorePassword(), null);
    }

    @Test(expected = KeyManagerException.class)
    public void testLoadPEMKeyStoreWithWrongPassword() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), "wrong password".toCharArray(), KeyStoreFileType.PEM.getPropertyValue());
    }

    @Test
    public void testLoadPEMTrustStore() throws Exception {
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), this.x509TestContext.getTrustStorePassword(), KeyStoreFileType.PEM.getPropertyValue(), false, false, true, true);
    }

    @Test
    public void testLoadPEMTrustStoreNullPassword() throws Exception {
        Assume.assumeThat(this.x509TestContext.getTrustStorePassword(), Matchers.equalTo(EMPTY_CHAR_ARRAY));
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), null, KeyStoreFileType.PEM.getPropertyValue(), false, false, true, true);
    }

    @Test
    public void testLoadPEMTrustStoreAutodetectStoreFileType() throws Exception {
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), this.x509TestContext.getTrustStorePassword(), null, false, false, true, true);
    }

    @Test
    public void testLoadJKSKeyStore() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), this.x509TestContext.getKeyStorePassword(), KeyStoreFileType.JKS.getPropertyValue());
    }

    @Test
    public void testLoadJKSKeyStoreNullPassword() throws Exception {
        Assume.assumeThat(this.x509TestContext.getKeyStorePassword(), Matchers.equalTo(EMPTY_CHAR_ARRAY));
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), null, KeyStoreFileType.JKS.getPropertyValue());
    }

    @Test
    public void testLoadJKSKeyStoreAutodetectStoreFileType() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), this.x509TestContext.getKeyStorePassword(), null);
    }

    @Test
    public void testLoadJKSKeyStoreWithWrongPassword() {
        Assert.assertThrows(KeyManagerException.class, () -> {
            X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), "wrong password".toCharArray(), KeyStoreFileType.JKS.getPropertyValue());
        });
    }

    @Test
    public void testLoadJKSTrustStore() throws Exception {
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), this.x509TestContext.getTrustStorePassword(), KeyStoreFileType.JKS.getPropertyValue(), true, true, true, true);
    }

    @Test
    public void testLoadJKSTrustStoreNullPassword() throws Exception {
        Assume.assumeThat(this.x509TestContext.getTrustStorePassword(), Matchers.equalTo(EMPTY_CHAR_ARRAY));
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), null, KeyStoreFileType.JKS.getPropertyValue(), false, false, true, true);
    }

    @Test
    public void testLoadJKSTrustStoreAutodetectStoreFileType() throws Exception {
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), this.x509TestContext.getTrustStorePassword(), null, true, true, true, true);
    }

    @Test
    public void testLoadJKSTrustStoreWithWrongPassword() {
        Assert.assertThrows(TrustManagerException.class, () -> {
            X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), "wrong password".toCharArray(), KeyStoreFileType.JKS.getPropertyValue(), true, true, true, true);
        });
    }

    @Test
    public void testLoadPKCS12KeyStore() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), this.x509TestContext.getKeyStorePassword(), KeyStoreFileType.PKCS12.getPropertyValue());
    }

    @Test
    public void testLoadPKCS12KeyStoreNullPassword() throws Exception {
        Assume.assumeThat(this.x509TestContext.getKeyStorePassword(), Matchers.equalTo(EMPTY_CHAR_ARRAY));
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), null, KeyStoreFileType.PKCS12.getPropertyValue());
    }

    @Test
    public void testLoadPKCS12KeyStoreAutodetectStoreFileType() throws Exception {
        X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), this.x509TestContext.getKeyStorePassword(), null);
    }

    @Test
    public void testLoadPKCS12KeyStoreWithWrongPassword() {
        Assert.assertThrows(KeyManagerException.class, () -> {
            X509Util.createKeyManager(this.x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), "wrong password".toCharArray(), KeyStoreFileType.PKCS12.getPropertyValue());
        });
    }

    @Test
    public void testLoadPKCS12TrustStore() throws Exception {
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), this.x509TestContext.getTrustStorePassword(), KeyStoreFileType.PKCS12.getPropertyValue(), true, true, true, true);
    }

    @Test
    public void testLoadPKCS12TrustStoreNullPassword() throws Exception {
        Assume.assumeThat(this.x509TestContext.getTrustStorePassword(), Matchers.equalTo(EMPTY_CHAR_ARRAY));
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), null, KeyStoreFileType.PKCS12.getPropertyValue(), false, false, true, true);
    }

    @Test
    public void testLoadPKCS12TrustStoreAutodetectStoreFileType() throws Exception {
        X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), this.x509TestContext.getTrustStorePassword(), null, true, true, true, true);
    }

    @Test
    public void testLoadPKCS12TrustStoreWithWrongPassword() {
        Assert.assertThrows(TrustManagerException.class, () -> {
            X509Util.createTrustManager(this.x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(), "wrong password".toCharArray(), KeyStoreFileType.PKCS12.getPropertyValue(), true, true, true, true);
        });
    }

    @Test
    public void testGetDefaultCipherSuitesJava8() {
        MatcherAssert.assertThat(X509Util.getDefaultCipherSuitesForJavaVersion("1.8")[0], Matchers.containsString("CBC"));
    }

    @Test
    public void testGetDefaultCipherSuitesJava9() {
        Assert.assertEquals(X509Util.getDefaultCipherSuitesForJavaVersion("9")[0], "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
    }

    @Test
    public void testGetDefaultCipherSuitesJava10() {
        Assert.assertEquals(X509Util.getDefaultCipherSuitesForJavaVersion("10")[0], "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
    }

    @Test
    public void testGetDefaultCipherSuitesJava11() {
        MatcherAssert.assertThat(X509Util.getDefaultCipherSuitesForJavaVersion("11")[0], Matchers.containsString("TLS_AES_128_GCM"));
    }

    @Test
    public void testGetDefaultCipherSuitesUnknownVersion() {
        MatcherAssert.assertThat(X509Util.getDefaultCipherSuitesForJavaVersion("notaversion")[0], Matchers.containsString("CBC"));
    }

    @Test
    public void testGetDefaultCipherSuitesNullVersion() {
        Assert.assertThrows(NullPointerException.class, () -> {
            X509Util.getDefaultCipherSuitesForJavaVersion(null);
        });
    }
}
