package org.apache.hadoop.hdds.security.x509.certificates;

import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.sql.Date;
import java.time.LocalDate;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.UUID;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificates.utils.SelfSignedCertificate;
import org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/certificates/TestRootCertificate.class */
public class TestRootCertificate {
    private static OzoneConfiguration conf = new OzoneConfiguration();

    @Rule
    public TemporaryFolder temporaryFolder = new TemporaryFolder();
    private SecurityConfig securityConfig;

    @Before
    public void init() throws IOException {
        conf.set("ozone.metadata.dirs", this.temporaryFolder.newFolder().toString());
        this.securityConfig = new SecurityConfig(conf);
    }

    @Test
    public void testAllFieldsAreExpected() throws SCMSecurityException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, SignatureException, InvalidKeyException, IOException {
        LocalDate now = LocalDate.now();
        LocalDate plus = now.plus(365L, (TemporalUnit) ChronoUnit.DAYS);
        String uuid = UUID.randomUUID().toString();
        String uuid2 = UUID.randomUUID().toString();
        KeyPair generateKey = new HDDSKeyGenerator(this.securityConfig.getConfiguration()).generateKey();
        X509CertificateHolder build = SelfSignedCertificate.newBuilder().setBeginDate(now).setEndDate(plus).setClusterID(uuid).setScmID(uuid2).setSubject("testRootCert").setKey(generateKey).setConfiguration(conf).build();
        Assert.assertEquals(build.getIssuer(), build.getSubject());
        Assert.assertFalse(build.getNotBefore().before(Date.valueOf(now.minus(1L, (TemporalUnit) ChronoUnit.DAYS))));
        Assert.assertFalse(build.getNotAfter().after(Date.valueOf(plus.plus(1L, (TemporalUnit) ChronoUnit.DAYS))));
        String format = String.format(SelfSignedCertificate.getNameFormat(), "testRootCert", uuid2, uuid);
        Assert.assertEquals(build.getIssuer().toString(), format);
        Assert.assertEquals(build.getSubject().toString(), format);
        Assert.assertNull(build.getExtension(Extension.basicConstraints));
        new JcaX509CertificateConverter().getCertificate(build).verify(generateKey.getPublic());
    }

    @Test
    public void testCACert() throws SCMSecurityException, NoSuchProviderException, NoSuchAlgorithmException, IOException {
        LocalDate now = LocalDate.now();
        LocalDate plus = now.plus(365L, (TemporalUnit) ChronoUnit.DAYS);
        String uuid = UUID.randomUUID().toString();
        String uuid2 = UUID.randomUUID().toString();
        X509CertificateHolder build = SelfSignedCertificate.newBuilder().setBeginDate(now).setEndDate(plus).setClusterID(uuid).setScmID(uuid2).setSubject("testRootCert").setKey(new HDDSKeyGenerator(this.securityConfig.getConfiguration()).generateKey()).setConfiguration(conf).makeCA().build();
        Extension extension = build.getExtension(Extension.basicConstraints);
        Assert.assertNotNull(extension);
        Assert.assertTrue(extension.isCritical());
        Assert.assertEquals(build.getSerialNumber(), BigInteger.ONE);
    }

    @Test
    public void testInvalidParamFails() throws SCMSecurityException, NoSuchProviderException, NoSuchAlgorithmException, IOException {
        LocalDate now = LocalDate.now();
        LocalDate plus = now.plus(365L, (TemporalUnit) ChronoUnit.DAYS);
        String uuid = UUID.randomUUID().toString();
        String uuid2 = UUID.randomUUID().toString();
        HDDSKeyGenerator hDDSKeyGenerator = new HDDSKeyGenerator(this.securityConfig.getConfiguration());
        KeyPair generateKey = hDDSKeyGenerator.generateKey();
        SelfSignedCertificate.Builder makeCA = SelfSignedCertificate.newBuilder().setBeginDate(now).setEndDate(plus).setClusterID(uuid).setScmID(uuid2).setSubject("testRootCert").setConfiguration(conf).setKey(generateKey).makeCA();
        try {
            makeCA.setKey((KeyPair) null);
            makeCA.build();
            Assert.fail("Null Key should have failed.");
        } catch (IllegalArgumentException | NullPointerException e) {
            makeCA.setKey(generateKey);
        }
        try {
            makeCA.setSubject("");
            makeCA.build();
            Assert.fail("Null/Blank Subject should have thrown.");
        } catch (IllegalArgumentException e2) {
            makeCA.setSubject("testRootCert");
        }
        try {
            makeCA.setScmID((String) null);
            makeCA.build();
            Assert.fail("Null/Blank SCM ID should have thrown.");
        } catch (IllegalArgumentException e3) {
            makeCA.setScmID(uuid2);
        }
        try {
            makeCA.setClusterID((String) null);
            makeCA.build();
            Assert.fail("Null/Blank Cluster ID should have thrown.");
        } catch (IllegalArgumentException e4) {
            makeCA.setClusterID(uuid);
        }
        try {
            makeCA.setBeginDate(plus);
            makeCA.setEndDate(now);
            makeCA.build();
            Assert.fail("Illegal dates should have thrown.");
        } catch (IllegalArgumentException e5) {
            makeCA.setBeginDate(now);
            makeCA.setEndDate(plus);
        }
        try {
            KeyPair keyPair = new KeyPair(hDDSKeyGenerator.generateKey().getPublic(), generateKey.getPrivate());
            makeCA.setKey(keyPair);
            new JcaX509CertificateConverter().getCertificate(makeCA.build()).verify(keyPair.getPublic());
            Assert.fail("Invalid Key, should have thrown.");
        } catch (SCMSecurityException | InvalidKeyException | SignatureException | CertificateException e6) {
            makeCA.setKey(generateKey);
        }
        Assert.assertNotNull(makeCA.build());
    }
}
