package org.apache.hadoop.util.curator;

import java.io.File;
import java.util.ArrayList;
import java.util.HashMap;
import org.apache.curator.test.InstanceSpec;
import org.apache.curator.test.TestingServer;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileContext;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.util.curator.ZKCuratorManager;
import org.apache.zookeeper.ClientCnxnSocketNetty;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.common.ClientX509Util;
import org.apache.zookeeper.server.NettyServerCnxnFactory;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/hadoop/util/curator/TestSecureZKCuratorManager.class */
public class TestSecureZKCuratorManager {
    public static final boolean DELETE_DATA_DIRECTORY_ON_CLOSE = true;
    private TestingServer server;
    private ZKCuratorManager curator;
    private Configuration hadoopConf;
    static final int SECURE_CLIENT_PORT = 2281;
    static final int JUTE_MAXBUFFER = 400000000;
    static final File ZK_DATA_DIR = new File("testZkSSLClientConnectionDataDir");
    private static final int SERVER_ID = 1;
    private static final int TICK_TIME = 100;
    private static final int MAX_CLIENT_CNXNS = 10;
    public static final int ELECTION_PORT = -1;
    public static final int QUORUM_PORT = -1;

    @BeforeEach
    public void setup() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("secureClientPort", String.valueOf(SECURE_CLIENT_PORT));
        hashMap.put("audit.enable", true);
        this.hadoopConf = setUpSecureConfig();
        this.server = new TestingServer(new InstanceSpec(ZK_DATA_DIR, SECURE_CLIENT_PORT, -1, -1, true, 1, 100, 10, hashMap), true);
        String connectString = this.server.getConnectString();
        this.curator = new ZKCuratorManager(this.hadoopConf);
        this.curator.start(new ArrayList(), true, connectString);
    }

    public static Configuration setUpSecureConfig() {
        return setUpSecureConfig(new Configuration(), "src/test/java/org/apache/hadoop/util/curator/resources/data");
    }

    public static Configuration setUpSecureConfig(Configuration configuration, String str) {
        System.setProperty("zookeeper.serverCnxnFactory", NettyServerCnxnFactory.class.getCanonicalName());
        System.setProperty("zookeeper.ssl.keyStore.location", str + "keystore.jks");
        System.setProperty("zookeeper.ssl.keyStore.password", "password");
        System.setProperty("zookeeper.ssl.trustStore.location", str + "truststore.jks");
        System.setProperty("zookeeper.ssl.trustStore.password", "password");
        System.setProperty("zookeeper.request.timeout", "12345");
        System.setProperty("jute.maxbuffer", String.valueOf(JUTE_MAXBUFFER));
        System.setProperty("javax.net.debug", "ssl");
        System.setProperty("zookeeper.authProvider.x509", "org.apache.zookeeper.server.auth.X509AuthenticationProvider");
        configuration.set("hadoop.zk.ssl.keystore.location", str + "/ssl/keystore.jks");
        configuration.set("hadoop.zk.ssl.keystore.password", "password");
        configuration.set("hadoop.zk.ssl.truststore.location", str + "/ssl/truststore.jks");
        configuration.set("hadoop.zk.ssl.truststore.password", "password");
        return configuration;
    }

    @AfterEach
    public void teardown() throws Exception {
        this.curator.close();
        if (this.server != null) {
            this.server.close();
            this.server = null;
        }
    }

    @Test
    public void testSecureZKConfiguration() throws Exception {
        FileContext.LOG.info("Entered to the testSecureZKConfiguration test case.");
        validateSSLConfiguration(this.hadoopConf.get("hadoop.zk.ssl.keystore.location"), this.hadoopConf.get("hadoop.zk.ssl.keystore.password"), this.hadoopConf.get("hadoop.zk.ssl.truststore.location"), this.hadoopConf.get("hadoop.zk.ssl.truststore.password"), new ZKCuratorManager.HadoopZookeeperFactory((String) null, (String) null, (String) null, true, new SecurityUtil.TruststoreKeystore(this.hadoopConf)).newZooKeeper(this.server.getConnectString(), 1000, (Watcher) null, false));
    }

    private void validateSSLConfiguration(String str, String str2, String str3, String str4, ZooKeeper zooKeeper) {
        ClientX509Util clientX509Util = new ClientX509Util();
        try {
            Assertions.assertEquals(str, zooKeeper.getClientConfig().getProperty(clientX509Util.getSslKeystoreLocationProperty()), "Validate that expected clientConfig is set in ZK config");
            Assertions.assertEquals(str2, zooKeeper.getClientConfig().getProperty(clientX509Util.getSslKeystorePasswdProperty()), "Validate that expected clientConfig is set in ZK config");
            Assertions.assertEquals(str3, zooKeeper.getClientConfig().getProperty(clientX509Util.getSslTruststoreLocationProperty()), "Validate that expected clientConfig is set in ZK config");
            Assertions.assertEquals(str4, zooKeeper.getClientConfig().getProperty(clientX509Util.getSslTruststorePasswdProperty()), "Validate that expected clientConfig is set in ZK config");
            clientX509Util.close();
            Assertions.assertEquals(Boolean.TRUE.toString(), zooKeeper.getClientConfig().getProperty("zookeeper.client.secure"), "Validate that expected clientConfig is set in ZK config");
            Assertions.assertEquals(ClientCnxnSocketNetty.class.getCanonicalName(), zooKeeper.getClientConfig().getProperty("zookeeper.clientCnxnSocket"), "Validate that expected clientConfig is set in ZK config");
        } catch (Throwable th) {
            try {
                clientX509Util.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void testTruststoreKeystoreConfiguration() {
        FileContext.LOG.info("Entered to the testTruststoreKeystoreConfiguration test case.");
        Configuration configuration = new Configuration();
        SecurityUtil.TruststoreKeystore truststoreKeystore = new SecurityUtil.TruststoreKeystore(configuration);
        Assertions.assertEquals("", truststoreKeystore.getKeystoreLocation(), "Validate that null value is converted to empty string.");
        Assertions.assertEquals("", truststoreKeystore.getKeystorePassword(), "Validate that null value is converted to empty string.");
        Assertions.assertEquals("", truststoreKeystore.getTruststoreLocation(), "Validate that null value is converted to empty string.");
        Assertions.assertEquals("", truststoreKeystore.getTruststorePassword(), "Validate that null value is converted to empty string.");
        configuration.set("hadoop.zk.ssl.keystore.location", "/keystore.jks");
        configuration.set("hadoop.zk.ssl.keystore.password", "keystorePassword");
        configuration.set("hadoop.zk.ssl.truststore.location", "/truststore.jks");
        configuration.set("hadoop.zk.ssl.truststore.password", "truststorePassword");
        SecurityUtil.TruststoreKeystore truststoreKeystore2 = new SecurityUtil.TruststoreKeystore(configuration);
        Assertions.assertEquals("/keystore.jks", truststoreKeystore2.getKeystoreLocation(), "Validate that non-null value kept intact.");
        Assertions.assertEquals("keystorePassword", truststoreKeystore2.getKeystorePassword(), "Validate that null value is converted to empty string.");
        Assertions.assertEquals("/truststore.jks", truststoreKeystore2.getTruststoreLocation(), "Validate that null value is converted to empty string.");
        Assertions.assertEquals("truststorePassword", truststoreKeystore2.getTruststorePassword(), "Validate that null value is converted to empty string.");
    }
}
