package org.apache.hadoop.crypto.key;

import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.util.List;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.FileSystemTestHelper;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.ProviderUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-common-2.6.4-tests.jar:org/apache/hadoop/crypto/key/TestKeyProviderFactory.class
  input_file:hadoop-common-2.6.4/share/hadoop/common/hadoop-common-2.6.4-tests.jar:org/apache/hadoop/crypto/key/TestKeyProviderFactory.class
 */
/* loaded from: input_file:test-classes/org/apache/hadoop/crypto/key/TestKeyProviderFactory.class */
public class TestKeyProviderFactory {
    private FileSystemTestHelper fsHelper;
    private File testRootDir;

    @Before
    public void setup() {
        this.fsHelper = new FileSystemTestHelper();
        this.testRootDir = new File(this.fsHelper.getTestRootDir()).getAbsoluteFile();
    }

    @Test
    public void testFactory() throws Exception {
        Configuration configuration = new Configuration();
        String str = "jceks://file" + new Path(this.testRootDir.toString(), "test.jks").toUri().toString();
        configuration.set(KeyProviderFactory.KEY_PROVIDER_PATH, "user:///," + str);
        List<KeyProvider> providers = KeyProviderFactory.getProviders(configuration);
        Assert.assertEquals(2L, providers.size());
        Assert.assertEquals(UserProvider.class, providers.get(0).getClass());
        Assert.assertEquals(JavaKeyStoreProvider.class, providers.get(1).getClass());
        Assert.assertEquals("user:///", providers.get(0).toString());
        Assert.assertEquals(str, providers.get(1).toString());
    }

    @Test
    public void testFactoryErrors() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(KeyProviderFactory.KEY_PROVIDER_PATH, "unknown:///");
        try {
            KeyProviderFactory.getProviders(configuration);
            Assert.assertTrue("should throw!", false);
        } catch (IOException e) {
            Assert.assertEquals("No KeyProviderFactory for unknown:/// in hadoop.security.key.provider.path", e.getMessage());
        }
    }

    @Test
    public void testUriErrors() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(KeyProviderFactory.KEY_PROVIDER_PATH, "unkn@own:/x/y");
        try {
            KeyProviderFactory.getProviders(configuration);
            Assert.assertTrue("should throw!", false);
        } catch (IOException e) {
            Assert.assertEquals("Bad configuration of hadoop.security.key.provider.path at unkn@own:/x/y", e.getMessage());
        }
    }

    static void checkSpecificProvider(Configuration configuration, String str) throws Exception {
        KeyProvider keyProvider = KeyProviderFactory.getProviders(configuration).get(0);
        byte[] bArr = new byte[16];
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[16];
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = (byte) i;
            bArr2[i] = (byte) (i * 2);
            bArr3[i] = (byte) (i * 3);
        }
        Assert.assertEquals((Object) null, keyProvider.getKeyVersion("no-such-key"));
        Assert.assertEquals((Object) null, keyProvider.getMetadata("key"));
        try {
            keyProvider.createKey("key3", bArr3, KeyProvider.options(configuration));
            Assert.assertEquals("AES/CTR/NoPadding", keyProvider.getMetadata("key3").getCipher());
            Assert.assertEquals(128L, r0.getBitLength());
            Assert.assertEquals(1L, r0.getVersions());
            Assert.assertArrayEquals(bArr3, keyProvider.getCurrentKey("key3").getMaterial());
            Assert.assertEquals("key3@0", keyProvider.getCurrentKey("key3").getVersionName());
            try {
                keyProvider.createKey("key3", bArr3, KeyProvider.options(configuration));
                Assert.assertTrue("should throw", false);
            } catch (IOException e) {
                Assert.assertEquals("Key key3 already exists in " + str, e.getMessage());
            }
            keyProvider.deleteKey("key3");
            try {
                keyProvider.deleteKey("key3");
                Assert.assertTrue("should throw", false);
            } catch (IOException e2) {
                Assert.assertEquals("Key key3 does not exist in " + str, e2.getMessage());
            }
            keyProvider.createKey("key3", bArr3, KeyProvider.options(configuration));
            try {
                keyProvider.createKey("key4", bArr3, KeyProvider.options(configuration).setBitLength(8));
                Assert.assertTrue("should throw", false);
            } catch (IOException e3) {
                Assert.assertEquals("Wrong key length. Required 8, but got 128", e3.getMessage());
            }
            keyProvider.createKey("key4", new byte[]{1}, KeyProvider.options(configuration).setBitLength(8));
            keyProvider.rollNewVersion("key4", new byte[]{2});
            Assert.assertEquals(2L, keyProvider.getMetadata("key4").getVersions());
            Assert.assertArrayEquals(new byte[]{2}, keyProvider.getCurrentKey("key4").getMaterial());
            Assert.assertArrayEquals(new byte[]{1}, keyProvider.getKeyVersion("key4@0").getMaterial());
            Assert.assertEquals("key4@1", keyProvider.getCurrentKey("key4").getVersionName());
            try {
                keyProvider.rollNewVersion("key4", bArr);
                Assert.assertTrue("should throw", false);
            } catch (IOException e4) {
                Assert.assertEquals("Wrong key length. Required 8, but got 128", e4.getMessage());
            }
            try {
                keyProvider.rollNewVersion("no-such-key", bArr);
                Assert.assertTrue("should throw", false);
            } catch (IOException e5) {
                Assert.assertEquals("Key no-such-key not found", e5.getMessage());
            }
            keyProvider.flush();
            KeyProvider keyProvider2 = KeyProviderFactory.getProviders(configuration).get(0);
            Assert.assertArrayEquals(new byte[]{2}, keyProvider2.getCurrentKey("key4").getMaterial());
            Assert.assertArrayEquals(bArr3, keyProvider2.getCurrentKey("key3").getMaterial());
            Assert.assertEquals("key3@0", keyProvider2.getCurrentKey("key3").getVersionName());
            List<String> keys = keyProvider2.getKeys();
            Assert.assertTrue("Keys should have been returned.", keys.size() == 2);
            Assert.assertTrue("Returned Keys should have included key3.", keys.contains("key3"));
            Assert.assertTrue("Returned Keys should have included key4.", keys.contains("key4"));
            List<KeyProvider.KeyVersion> keyVersions = keyProvider2.getKeyVersions("key3");
            Assert.assertTrue("KeyVersions should have been returned for key3.", keyVersions.size() == 1);
            Assert.assertTrue("KeyVersions should have included key3@0.", keyVersions.get(0).getVersionName().equals("key3@0"));
            Assert.assertArrayEquals(bArr3, keyVersions.get(0).getMaterial());
        } catch (Exception e6) {
            e6.printStackTrace();
            throw e6;
        }
    }

    @Test
    public void testUserProvider() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(KeyProviderFactory.KEY_PROVIDER_PATH, "user:///");
        checkSpecificProvider(configuration, "user:///");
        Credentials credentials = UserGroupInformation.getCurrentUser().getCredentials();
        Assert.assertArrayEquals(new byte[]{1}, credentials.getSecretKey(new Text("key4@0")));
        Assert.assertArrayEquals(new byte[]{2}, credentials.getSecretKey(new Text("key4@1")));
    }

    @Test
    public void testJksProvider() throws Exception {
        Configuration configuration = new Configuration();
        String str = "jceks://file" + new Path(this.testRootDir.toString(), "test.jks").toUri();
        File file = new File(this.testRootDir, "test.jks");
        file.delete();
        configuration.set(KeyProviderFactory.KEY_PROVIDER_PATH, str);
        checkSpecificProvider(configuration, str);
        configuration.set(KeyProviderFactory.KEY_PROVIDER_PATH, str.replace("jceks", FailureInjectingJavaKeyStoreProvider.SCHEME_NAME));
        KeyProvider keyProvider = KeyProviderFactory.getProviders(configuration).get(0);
        FailureInjectingJavaKeyStoreProvider failureInjectingJavaKeyStoreProvider = (FailureInjectingJavaKeyStoreProvider) keyProvider;
        failureInjectingJavaKeyStoreProvider.setWriteFail(true);
        keyProvider.createKey("key5", new byte[]{1}, KeyProvider.options(configuration).setBitLength(8));
        Assert.assertNotNull(keyProvider.getCurrentKey("key5"));
        try {
            keyProvider.flush();
            Assert.fail("Should not succeed");
        } catch (Exception e) {
        }
        Assert.assertNull(keyProvider.getCurrentKey("key5"));
        failureInjectingJavaKeyStoreProvider.setWriteFail(false);
        failureInjectingJavaKeyStoreProvider.setBackupFail(true);
        keyProvider.createKey("key6", new byte[]{1}, KeyProvider.options(configuration).setBitLength(8));
        Assert.assertNotNull(keyProvider.getCurrentKey("key6"));
        try {
            keyProvider.flush();
            Assert.fail("Should not succeed");
        } catch (Exception e2) {
        }
        Assert.assertNull(keyProvider.getCurrentKey("key6"));
        configuration.set(KeyProviderFactory.KEY_PROVIDER_PATH, str.replace(FailureInjectingJavaKeyStoreProvider.SCHEME_NAME, "jceks"));
        Path unnestUri = ProviderUtils.unnestUri(new URI(str));
        FileSystem fileSystem = unnestUri.getFileSystem(configuration);
        Assert.assertTrue(fileSystem.getFileStatus(unnestUri).getPermission().toString().equals("rwx------"));
        Assert.assertTrue(file + " should exist", file.isFile());
        File file2 = new File(file.getPath() + "_OLD");
        file.renameTo(file2);
        file.delete();
        file.createNewFile();
        Assert.assertTrue(file2.exists());
        KeyProvider keyProvider2 = KeyProviderFactory.getProviders(configuration).get(0);
        Assert.assertTrue(file.exists());
        Assert.assertTrue(file2 + "should be deleted", !file2.exists());
        verifyAfterReload(file, keyProvider2);
        Assert.assertTrue(!file2.exists());
        File file3 = new File(file.getPath() + "_NEW");
        file3.createNewFile();
        try {
            keyProvider2 = KeyProviderFactory.getProviders(configuration).get(0);
            Assert.fail("_NEW and current file should not exist together !!");
            if (file3.exists()) {
                file3.delete();
            }
        } catch (Exception e3) {
            if (file3.exists()) {
                file3.delete();
            }
        } catch (Throwable th) {
            if (file3.exists()) {
                file3.delete();
            }
            throw th;
        }
        file.renameTo(file3);
        file.delete();
        try {
            keyProvider2 = KeyProviderFactory.getProviders(configuration).get(0);
            Assert.assertFalse(file3.exists());
            Assert.assertFalse(file2.exists());
        } catch (Exception e4) {
            Assert.fail("JKS should load from _NEW file !!");
        }
        verifyAfterReload(file, keyProvider2);
        file3.createNewFile();
        file.renameTo(file2);
        file.delete();
        try {
            try {
                keyProvider2 = KeyProviderFactory.getProviders(configuration).get(0);
                Assert.assertFalse(file3.exists());
                Assert.assertFalse(file2.exists());
                if (file3.exists()) {
                    file3.delete();
                }
            } catch (Throwable th2) {
                if (file3.exists()) {
                    file3.delete();
                }
                throw th2;
            }
        } catch (Exception e5) {
            Assert.fail("JKS should load from _OLD file !!");
            if (file3.exists()) {
                file3.delete();
            }
        }
        verifyAfterReload(file, keyProvider2);
        fileSystem.setPermission(unnestUri, new FsPermission("777"));
        checkPermissionRetention(configuration, str, unnestUri);
    }

    private void verifyAfterReload(File file, KeyProvider keyProvider) throws IOException {
        List<String> keys = keyProvider.getKeys();
        Assert.assertTrue(keys.contains("key4"));
        Assert.assertTrue(keys.contains("key3"));
        Assert.assertTrue(file.exists());
    }

    public void checkPermissionRetention(Configuration configuration, String str, Path path) throws Exception {
        KeyProvider keyProvider = KeyProviderFactory.getProviders(configuration).get(0);
        byte[] bArr = new byte[16];
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = (byte) i;
        }
        try {
            keyProvider.createKey("key5", bArr, KeyProvider.options(configuration));
            keyProvider.flush();
            Assert.assertArrayEquals(bArr, KeyProviderFactory.getProviders(configuration).get(0).getCurrentKey("key5").getMaterial());
            Assert.assertTrue("Permissions should have been retained from the preexisting keystore.", path.getFileSystem(configuration).getFileStatus(path).getPermission().toString().equals("rwxrwxrwx"));
        } catch (Exception e) {
            e.printStackTrace();
            throw e;
        }
    }

    @Test
    public void testJksProviderPasswordViaConfig() throws Exception {
        Configuration configuration = new Configuration();
        String str = "jceks://file" + new Path(this.testRootDir.toString(), "test.jks").toUri();
        new File(this.testRootDir, "test.jks").delete();
        try {
            configuration.set(KeyProviderFactory.KEY_PROVIDER_PATH, str);
            configuration.set(JavaKeyStoreProvider.KEYSTORE_PASSWORD_FILE_KEY, "javakeystoreprovider.password");
            KeyProvider keyProvider = KeyProviderFactory.getProviders(configuration).get(0);
            keyProvider.createKey("key3", new byte[16], KeyProvider.options(configuration));
            keyProvider.flush();
        } catch (Exception e) {
            Assert.fail("could not create keystore with password file");
        }
        Assert.assertNotNull(KeyProviderFactory.getProviders(configuration).get(0).getCurrentKey("key3"));
        try {
            configuration.set(JavaKeyStoreProvider.KEYSTORE_PASSWORD_FILE_KEY, "bar");
            KeyProviderFactory.getProviders(configuration).get(0);
            Assert.fail("using non existing password file, it should fail");
        } catch (IOException e2) {
        }
        try {
            configuration.set(JavaKeyStoreProvider.KEYSTORE_PASSWORD_FILE_KEY, "core-site.xml");
            KeyProviderFactory.getProviders(configuration).get(0);
            Assert.fail("using different password file, it should fail");
        } catch (IOException e3) {
        }
        try {
            configuration.unset(JavaKeyStoreProvider.KEYSTORE_PASSWORD_FILE_KEY);
            KeyProviderFactory.getProviders(configuration).get(0);
            Assert.fail("No password file property, env not set, it should fail");
        } catch (IOException e4) {
        }
    }

    @Test
    public void testGetProviderViaURI() throws Exception {
        Configuration configuration = new Configuration(false);
        KeyProvider keyProvider = KeyProviderFactory.get(new URI("jceks://file" + new Path(this.testRootDir.toString(), "test.jks").toUri()), configuration);
        Assert.assertNotNull(keyProvider);
        Assert.assertEquals(JavaKeyStoreProvider.class, keyProvider.getClass());
        Assert.assertNull(KeyProviderFactory.get(new URI("foo://bar"), configuration));
    }
}
