package org.apache.hadoop.http;

import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.util.function.Supplier;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.http.HttpServer2;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.security.ssl.SSLFactory;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.6-tests.jar:org/apache/hadoop/http/TestSSLHttpServerConfigs.class */
public class TestSSLHttpServerConfigs {
    private static final String BASEDIR = GenericTestUtils.getTempPath(TestSSLHttpServer.class.getSimpleName());
    private static Configuration conf;
    private static Configuration sslConf;
    private static String keystoreDir;
    private static String sslConfDir;
    private static final String SERVER_PWD = "serverP";
    private static final String CLIENT_PWD = "clientP";
    private static final String TRUST_STORE_PWD = "trustP";

    @Before
    public void start() throws Exception {
        TestSSLHttpServer.turnOnSSLDebugLogging();
        TestSSLHttpServer.storeHttpsCipherSuites();
        conf = new Configuration();
        conf.setInt(HttpServer2.HTTP_MAX_THREADS_KEY, 10);
        File file = new File(BASEDIR);
        FileUtil.fullyDelete(file);
        file.mkdirs();
        keystoreDir = new File(BASEDIR).getAbsolutePath();
        sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSSLHttpServer.class);
    }

    @After
    public void shutdown() throws Exception {
        FileUtil.fullyDelete(new File(BASEDIR));
        KeyStoreTestUtil.cleanupSSLConfig(keystoreDir, sslConfDir);
        TestSSLHttpServer.restoreHttpsCipherSuites();
        TestSSLHttpServer.restoreSSLDebugLogging();
    }

    private void setupKeyStores(String str, String str2, String str3) throws Exception {
        KeyStoreTestUtil.setupSSLConfig(keystoreDir, sslConfDir, conf, false, true, "TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, \nSSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,  SSL_RSA_EXPORT_WITH_RC4_40_MD5,\t \nSSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5 \t", str, str2, str3);
        sslConf = KeyStoreTestUtil.getSslConfig();
        sslConf.set(SSLFactory.SSL_ENABLED_PROTOCOLS_KEY, "TLSv1.2");
        conf.set(SSLFactory.SSL_ENABLED_PROTOCOLS_KEY, "TLSv1.2");
    }

    private HttpServer2 setupServer(String str, String str2, String str3) throws Exception {
        return new HttpServer2.Builder().setName("test").addEndpoint(new URI("https://localhost")).setConf(conf).keyPassword(str).keyStore(sslConf.get("ssl.server.keystore.location"), str2, sslConf.get(SSLFactory.SSL_SERVER_KEYSTORE_TYPE, "jks")).trustStore(sslConf.get("ssl.server.truststore.location"), str3, sslConf.get(SSLFactory.SSL_SERVER_TRUSTSTORE_TYPE, "jks")).excludeCiphers(sslConf.get(SSLFactory.SSL_SERVER_EXCLUDE_CIPHER_LIST)).build();
    }

    private void testServerStart(String str, String str2, String str3) throws Exception {
        final HttpServer2 httpServer2 = setupServer(str, str2, str3);
        try {
            httpServer2.start();
            GenericTestUtils.waitFor(new Supplier<Boolean>() { // from class: org.apache.hadoop.http.TestSSLHttpServerConfigs.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.function.Supplier
                public Boolean get() {
                    return Boolean.valueOf(httpServer2.isAlive());
                }
            }, 200L, 100000L);
            httpServer2.stop();
        } catch (Throwable th) {
            httpServer2.stop();
            throw th;
        }
    }

    @Test(timeout = 120000)
    public void testServerSetup() throws Exception {
        setupKeyStores("serverP", "clientP", "trustP");
        testServerStart("serverP", "serverP", "trustP");
    }

    @Test(timeout = 120000)
    public void testServerSetupWithoutTrustPassword() throws Exception {
        setupKeyStores("serverP", "clientP", "trustP");
        testServerStart("serverP", "serverP", null);
    }

    @Test(timeout = 120000)
    public void testServerSetupWithoutKeyStorePassword() throws Exception {
        setupKeyStores("serverP", "clientP", "trustP");
        testServerStart("serverP", null, null);
    }

    @Test(timeout = 120000)
    public void testServerSetupWithoutKeyStoreKeyPassword() throws Exception {
        setupKeyStores("serverP", "clientP", "trustP");
        testServerStart(null, "serverP", null);
    }

    @Test(timeout = 120000)
    public void testServerSetupWithNoKeyStorePassword() throws Exception {
        setupKeyStores("serverP", "clientP", "trustP");
        try {
            testServerStart(null, null, null);
            Assert.fail("Server should have failed to start without any KeyStore password.");
        } catch (IOException e) {
            GenericTestUtils.assertExceptionContains("Problem starting http server", e);
        }
    }

    @Test(timeout = 120000)
    public void testServerSetupWithWrongKeyStorePassword() throws Exception {
        setupKeyStores("serverP", "clientP", "trustP");
        try {
            testServerStart("serverP", "wrongPassword", null);
            Assert.fail("Server should have failed to start with wrong KeyStore password.");
        } catch (IOException e) {
            GenericTestUtils.assertExceptionContains("Keystore was tampered with, or password was incorrect", e);
        }
        try {
            testServerStart("wrongPassword", "serverP", null);
            Assert.fail("Server should have failed to start with wrong KeyStore password.");
        } catch (IOException e2) {
            GenericTestUtils.assertExceptionContains("Problem starting http server", e2);
            GenericTestUtils.assertExceptionContains("Cannot recover key", e2.getCause());
        }
    }

    @Test(timeout = 120000)
    public void testKeyStoreSetupWithoutTrustStorePassword() throws Exception {
        setupKeyStores("serverP", "clientP", "");
        testServerStart("serverP", "serverP", null);
        try {
            testServerStart("serverP", "serverP", "wrongPassword");
            Assert.fail("Server should have failed to start with wrong TrustStore password.");
        } catch (IOException e) {
            GenericTestUtils.assertExceptionContains("Keystore was tampered with, or password was incorrect", e);
        }
    }

    @Test(timeout = 120000)
    public void testKeyStoreSetupWithoutKeyStorePassword() throws Exception {
        setupKeyStores("serverP", "", "trustP");
        testServerStart("serverP", null, "trustP");
        try {
            testServerStart("serverP", "wrongPassword", "trustP");
            Assert.fail("Server should have failed to start with wrong KeyStore password.");
        } catch (IOException e) {
            GenericTestUtils.assertExceptionContains("Keystore was tampered with, or password was incorrect", e);
        }
    }

    @Test(timeout = 120000)
    public void testKeyStoreSetupWithoutPassword() throws Exception {
        setupKeyStores("", "", "");
        testServerStart("", null, null);
        testServerStart(null, "", null);
        try {
            testServerStart(null, null, null);
            Assert.fail("Server should have failed to start without KeyStore password.");
        } catch (IOException e) {
            GenericTestUtils.assertExceptionContains("Problem starting http server", e);
            GenericTestUtils.assertExceptionContains("Password must not be null", e.getCause());
        }
    }
}
