package org.apache.hadoop.security.ssl;

import com.google.common.base.Supplier;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.concurrent.TimeoutException;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/security/ssl/TestReloadingX509TrustManager.class */
public class TestReloadingX509TrustManager {
    private static final String BASEDIR = GenericTestUtils.getTempPath(TestReloadingX509TrustManager.class.getSimpleName());
    private X509Certificate cert1;
    private X509Certificate cert2;
    private final GenericTestUtils.LogCapturer reloaderLog = GenericTestUtils.LogCapturer.captureLogs(ReloadingX509TrustManager.LOG);

    @BeforeClass
    public static void setUp() throws Exception {
        File file = new File(BASEDIR);
        FileUtil.fullyDelete(file);
        file.mkdirs();
    }

    @Test(expected = IOException.class)
    public void testLoadMissingTrustStore() throws Exception {
        ReloadingX509TrustManager reloadingX509TrustManager = new ReloadingX509TrustManager("jks", BASEDIR + "/testmissing.jks", "password", 10L);
        try {
            reloadingX509TrustManager.init();
        } finally {
            reloadingX509TrustManager.destroy();
        }
    }

    @Test(expected = IOException.class)
    public void testLoadCorruptTrustStore() throws Exception {
        String str = BASEDIR + "/testcorrupt.jks";
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        fileOutputStream.write(1);
        fileOutputStream.close();
        ReloadingX509TrustManager reloadingX509TrustManager = new ReloadingX509TrustManager("jks", str, "password", 10L);
        try {
            reloadingX509TrustManager.init();
            reloadingX509TrustManager.destroy();
        } catch (Throwable th) {
            reloadingX509TrustManager.destroy();
            throw th;
        }
    }

    @Test(timeout = 30000)
    public void testReload() throws Exception {
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        this.cert1 = KeyStoreTestUtil.generateCertificate("CN=Cert1", generateKeyPair, 30, "SHA1withRSA");
        this.cert2 = KeyStoreTestUtil.generateCertificate("CN=Cert2", generateKeyPair, 30, "SHA1withRSA");
        String str = BASEDIR + "/testreload.jks";
        KeyStoreTestUtil.createTrustStore(str, "password", "cert1", this.cert1);
        final ReloadingX509TrustManager reloadingX509TrustManager = new ReloadingX509TrustManager("jks", str, "password", 10L);
        try {
            reloadingX509TrustManager.init();
            Assert.assertEquals(1L, reloadingX509TrustManager.getAcceptedIssuers().length);
            Thread.sleep(reloadingX509TrustManager.getReloadInterval() + 1000);
            HashMap hashMap = new HashMap();
            hashMap.put("cert1", this.cert1);
            hashMap.put("cert2", this.cert2);
            KeyStoreTestUtil.createTrustStore(str, "password", hashMap);
            GenericTestUtils.waitFor(new Supplier<Boolean>() { // from class: org.apache.hadoop.security.ssl.TestReloadingX509TrustManager.1
                /* renamed from: get, reason: merged with bridge method [inline-methods] */
                public Boolean m892get() {
                    return Boolean.valueOf(reloadingX509TrustManager.getAcceptedIssuers().length == 2);
                }
            }, (int) reloadingX509TrustManager.getReloadInterval(), 10000);
            reloadingX509TrustManager.destroy();
        } catch (Throwable th) {
            reloadingX509TrustManager.destroy();
            throw th;
        }
    }

    @Test(timeout = 30000)
    public void testReloadMissingTrustStore() throws Exception {
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        this.cert1 = KeyStoreTestUtil.generateCertificate("CN=Cert1", generateKeyPair, 30, "SHA1withRSA");
        this.cert2 = KeyStoreTestUtil.generateCertificate("CN=Cert2", generateKeyPair, 30, "SHA1withRSA");
        String str = BASEDIR + "/testmissing.jks";
        KeyStoreTestUtil.createTrustStore(str, "password", "cert1", this.cert1);
        ReloadingX509TrustManager reloadingX509TrustManager = new ReloadingX509TrustManager("jks", str, "password", 10L);
        try {
            reloadingX509TrustManager.init();
            Assert.assertEquals(1L, reloadingX509TrustManager.getAcceptedIssuers().length);
            X509Certificate x509Certificate = reloadingX509TrustManager.getAcceptedIssuers()[0];
            Assert.assertFalse(this.reloaderLog.getOutput().contains("Could not load truststore (keep using existing one) : "));
            new File(str).delete();
            waitForFailedReloadAtLeastOnce((int) reloadingX509TrustManager.getReloadInterval());
            Assert.assertEquals(1L, reloadingX509TrustManager.getAcceptedIssuers().length);
            Assert.assertEquals(x509Certificate, reloadingX509TrustManager.getAcceptedIssuers()[0]);
            this.reloaderLog.stopCapturing();
            reloadingX509TrustManager.destroy();
        } catch (Throwable th) {
            this.reloaderLog.stopCapturing();
            reloadingX509TrustManager.destroy();
            throw th;
        }
    }

    @Test(timeout = 30000)
    public void testReloadCorruptTrustStore() throws Exception {
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        this.cert1 = KeyStoreTestUtil.generateCertificate("CN=Cert1", generateKeyPair, 30, "SHA1withRSA");
        this.cert2 = KeyStoreTestUtil.generateCertificate("CN=Cert2", generateKeyPair, 30, "SHA1withRSA");
        String str = BASEDIR + "/testcorrupt.jks";
        KeyStoreTestUtil.createTrustStore(str, "password", "cert1", this.cert1);
        ReloadingX509TrustManager reloadingX509TrustManager = new ReloadingX509TrustManager("jks", str, "password", 10L);
        try {
            reloadingX509TrustManager.init();
            Assert.assertEquals(1L, reloadingX509TrustManager.getAcceptedIssuers().length);
            X509Certificate x509Certificate = reloadingX509TrustManager.getAcceptedIssuers()[0];
            Thread.sleep(reloadingX509TrustManager.getReloadInterval() + 1000);
            Assert.assertFalse(this.reloaderLog.getOutput().contains("Could not load truststore (keep using existing one) : "));
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            fileOutputStream.write(1);
            fileOutputStream.close();
            waitForFailedReloadAtLeastOnce((int) reloadingX509TrustManager.getReloadInterval());
            Assert.assertEquals(1L, reloadingX509TrustManager.getAcceptedIssuers().length);
            Assert.assertEquals(x509Certificate, reloadingX509TrustManager.getAcceptedIssuers()[0]);
            this.reloaderLog.stopCapturing();
            reloadingX509TrustManager.destroy();
        } catch (Throwable th) {
            this.reloaderLog.stopCapturing();
            reloadingX509TrustManager.destroy();
            throw th;
        }
    }

    private void waitForFailedReloadAtLeastOnce(int i) throws InterruptedException, TimeoutException {
        GenericTestUtils.waitFor(new Supplier<Boolean>() { // from class: org.apache.hadoop.security.ssl.TestReloadingX509TrustManager.2
            /* renamed from: get, reason: merged with bridge method [inline-methods] */
            public Boolean m893get() {
                return Boolean.valueOf(TestReloadingX509TrustManager.this.reloaderLog.getOutput().contains("Could not load truststore (keep using existing one) : "));
            }
        }, i, 10000);
    }

    @Test
    public void testNoPassword() throws Exception {
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        this.cert1 = KeyStoreTestUtil.generateCertificate("CN=Cert1", generateKeyPair, 30, "SHA1withRSA");
        this.cert2 = KeyStoreTestUtil.generateCertificate("CN=Cert2", generateKeyPair, 30, "SHA1withRSA");
        String str = BASEDIR + "/testreload.jks";
        KeyStoreTestUtil.createTrustStore(str, "password", "cert1", this.cert1);
        ReloadingX509TrustManager reloadingX509TrustManager = new ReloadingX509TrustManager("jks", str, (String) null, 10L);
        try {
            reloadingX509TrustManager.init();
            Assert.assertEquals(1L, reloadingX509TrustManager.getAcceptedIssuers().length);
            reloadingX509TrustManager.destroy();
        } catch (Throwable th) {
            reloadingX509TrustManager.destroy();
            throw th;
        }
    }
}
