package org.apache.ambari.server.security;

import com.google.inject.AbstractModule;
import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.Module;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Method;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.util.Collections;
import java.util.HashMap;
import junit.framework.Assert;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.state.stack.OsFamily;
import org.easymock.EasyMock;
import org.easymock.EasyMockSupport;
import org.easymock.IAnswer;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;

/* loaded from: input_file:org/apache/ambari/server/security/CertificateManagerTest.class */
public class CertificateManagerTest extends EasyMockSupport {

    @Rule
    public TemporaryFolder folder = new TemporaryFolder();

    @Test
    public void testSignAgentCrt() throws Exception {
        Injector injector = getInjector();
        File newFolder = this.folder.newFolder();
        HashMap hashMap = new HashMap();
        hashMap.put(Configuration.SRVR_KSTR_DIR.getKey(), newFolder.getAbsolutePath());
        hashMap.put(Configuration.SRVR_CRT_PASS.getKey(), "server_cert_pass");
        hashMap.put(Configuration.SRVR_CRT_NAME.getKey(), "server_cert_name");
        hashMap.put(Configuration.SRVR_KEY_NAME.getKey(), "server_key_name");
        hashMap.put(Configuration.PASSPHRASE.getKey(), "passphrase");
        Configuration configuration = (Configuration) injector.getInstance(Configuration.class);
        EasyMock.expect(Boolean.valueOf(configuration.validateAgentHostnames())).andReturn(true).once();
        EasyMock.expect(configuration.getConfigsMap()).andReturn(hashMap).anyTimes();
        Method declaredMethod = CertificateManager.class.getDeclaredMethod("runCommand", String.class);
        final File file = new File(newFolder, String.format("%s.crt", "host1.example.com"));
        String format = String.format("openssl ca -config %s/ca.config -in %s/%s.csr -out %s -batch -passin pass:%s -keyfile %s/%s -cert %s/%s", newFolder.getAbsolutePath(), newFolder.getAbsolutePath(), "host1.example.com", file.getAbsolutePath(), hashMap.get(Configuration.SRVR_CRT_PASS.getKey()), newFolder.getAbsolutePath(), hashMap.get(Configuration.SRVR_KEY_NAME.getKey()), newFolder.getAbsolutePath(), hashMap.get(Configuration.SRVR_CRT_NAME.getKey()));
        CertificateManager certificateManager = (CertificateManager) createMockBuilder(CertificateManager.class).addMockedMethod(declaredMethod).createMock();
        EasyMock.expect(Integer.valueOf(certificateManager.runCommand(format))).andAnswer(new IAnswer<Integer>() { // from class: org.apache.ambari.server.security.CertificateManagerTest.1
            /* renamed from: answer, reason: merged with bridge method [inline-methods] */
            public Integer m227answer() throws Throwable {
                return Integer.valueOf(file.createNewFile() ? 0 : 1);
            }
        }).once();
        injector.injectMembers(certificateManager);
        replayAll();
        SignCertResponse signAgentCrt = certificateManager.signAgentCrt("host1.example.com", "crtContent", "passphrase");
        verifyAll();
        Assert.assertEquals("OK", signAgentCrt.getResult());
    }

    @Test
    public void testSignAgentCrtInvalidHostname() throws Exception {
        Injector injector = getInjector();
        EasyMock.expect(Boolean.valueOf(((Configuration) injector.getInstance(Configuration.class)).validateAgentHostnames())).andReturn(true).once();
        replayAll();
        CertificateManager certificateManager = new CertificateManager();
        injector.injectMembers(certificateManager);
        SignCertResponse signAgentCrt = certificateManager.signAgentCrt("hostname; echo \"hello\" > /tmp/hello.txt;", "crtContent", "passphrase");
        verifyAll();
        Assert.assertEquals("ERROR", signAgentCrt.getResult());
        Assert.assertEquals("The agent hostname is not a valid hostname", signAgentCrt.getMessage());
    }

    @Test
    public void testSignAgentCrtBadPassphrase() throws Exception {
        Injector injector = getInjector();
        Configuration configuration = (Configuration) injector.getInstance(Configuration.class);
        EasyMock.expect(Boolean.valueOf(configuration.validateAgentHostnames())).andReturn(true).once();
        EasyMock.expect(configuration.getConfigsMap()).andReturn(Collections.singletonMap(Configuration.PASSPHRASE.getKey(), "some_passphrase")).once();
        replayAll();
        CertificateManager certificateManager = new CertificateManager();
        injector.injectMembers(certificateManager);
        SignCertResponse signAgentCrt = certificateManager.signAgentCrt("host1.example.com", "crtContent", "passphrase");
        verifyAll();
        Assert.assertEquals("ERROR", signAgentCrt.getResult());
        Assert.assertEquals("Incorrect passphrase from the agent", signAgentCrt.getMessage());
    }

    @Test
    public void testSignAgentCrtInvalidHostnameIgnoreBadPassphrase() throws Exception {
        Injector injector = getInjector();
        Configuration configuration = (Configuration) injector.getInstance(Configuration.class);
        EasyMock.expect(Boolean.valueOf(configuration.validateAgentHostnames())).andReturn(false).once();
        EasyMock.expect(configuration.getConfigsMap()).andReturn(Collections.singletonMap(Configuration.PASSPHRASE.getKey(), "some_passphrase")).once();
        replayAll();
        CertificateManager certificateManager = new CertificateManager();
        injector.injectMembers(certificateManager);
        SignCertResponse signAgentCrt = certificateManager.signAgentCrt("hostname; echo \"hello\" > /tmp/hello.txt;", "crtContent", "passphrase");
        verifyAll();
        Assert.assertEquals("ERROR", signAgentCrt.getResult());
        Assert.assertEquals("Incorrect passphrase from the agent", signAgentCrt.getMessage());
    }

    @Test
    public void testGetCACertificateChain() throws IOException {
        Injector injector = getInjector();
        File newFolder = this.folder.newFolder();
        Configuration configuration = (Configuration) injector.getInstance(Configuration.class);
        EasyMock.expect(configuration.getProperty(Configuration.SRVR_KSTR_DIR)).andReturn(newFolder.getAbsolutePath()).anyTimes();
        EasyMock.expect(configuration.getProperty(Configuration.SRVR_CRT_NAME)).andReturn("myca.crt").anyTimes();
        EasyMock.expect(configuration.getProperty(Configuration.SRVR_CRT_CHAIN_NAME)).andReturn("myca_chain.pem").anyTimes();
        File file = new File(newFolder, "myca.crt");
        File file2 = new File(newFolder, "myca_chain.pem");
        CertificateManager certificateManager = new CertificateManager();
        injector.injectMembers(certificateManager);
        replayAll();
        Files.write(file.toPath(), Collections.singleton(file.getAbsolutePath()), new OpenOption[0]);
        Assert.assertEquals(file.getAbsolutePath(), certificateManager.getCACertificateChainContent().trim());
        Files.write(file2.toPath(), Collections.singleton(file2.getAbsolutePath()), new OpenOption[0]);
        Assert.assertEquals(file2.getAbsolutePath(), certificateManager.getCACertificateChainContent().trim());
        verifyAll();
    }

    private Injector getInjector() {
        return Guice.createInjector(new Module[]{new AbstractModule() { // from class: org.apache.ambari.server.security.CertificateManagerTest.2
            protected void configure() {
                bind(OsFamily.class).toInstance(CertificateManagerTest.this.createNiceMock(OsFamily.class));
                bind(Configuration.class).toInstance(CertificateManagerTest.this.createMock(Configuration.class));
            }
        }});
    }
}
