package org.apache.hadoop.hbase.security;

import java.io.File;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.Security;
import javax.net.ssl.SSLHandshakeException;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseCommonTestingUtility;
import org.apache.hadoop.hbase.Server;
import org.apache.hadoop.hbase.coprocessor.TestRegionCoprocessorHost;
import org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType;
import org.apache.hadoop.hbase.io.crypto.tls.X509KeyType;
import org.apache.hadoop.hbase.io.crypto.tls.X509TestContext;
import org.apache.hadoop.hbase.io.crypto.tls.X509TestContextProvider;
import org.apache.hadoop.hbase.ipc.FifoRpcScheduler;
import org.apache.hadoop.hbase.ipc.NettyRpcClient;
import org.apache.hadoop.hbase.ipc.NettyRpcServer;
import org.apache.hadoop.hbase.ipc.RpcClient;
import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.ipc.TestProtoBufRpc;
import org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl;
import org.apache.hadoop.hbase.master.procedure.MasterProcedureSchedulerPerformanceEvaluation;
import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestProtos;
import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestRpcServiceProtos;
import org.apache.hadoop.hbase.snapshot.SnapshotTestingUtils;
import org.apache.hadoop.hbase.util.MultiThreadedReader;
import org.apache.hbase.thirdparty.com.google.common.collect.Lists;
import org.apache.hbase.thirdparty.com.google.common.io.Closeables;
import org.apache.hbase.thirdparty.com.google.protobuf.RpcController;
import org.apache.hbase.thirdparty.com.google.protobuf.ServiceException;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runners.Parameterized;

/* loaded from: input_file:org/apache/hadoop/hbase/security/AbstractTestMutualTls.class */
public abstract class AbstractTestMutualTls {
    protected static HBaseCommonTestingUtility UTIL;
    protected static File DIR;
    protected static X509TestContextProvider PROVIDER;
    private X509TestContext x509TestContext;
    protected RpcServer rpcServer;
    protected RpcClient rpcClient;
    private TestRpcServiceProtos.TestProtobufRpcProto.BlockingInterface stub;

    @Parameterized.Parameter(MultiThreadedReader.DEFAULT_KEY_WINDOW)
    public X509KeyType caKeyType;

    @Parameterized.Parameter(1)
    public X509KeyType certKeyType;

    @Parameterized.Parameter(TestRegionCoprocessorHost.MIN_VERSIONS)
    public String keyPassword;

    @Parameterized.Parameter(3)
    public boolean expectSuccess;

    @Parameterized.Parameter(SnapshotTestingUtils.SnapshotMock.TEST_NUM_REGIONS)
    public boolean validateHostnames;

    @Parameterized.Parameter(MasterProcedureSchedulerPerformanceEvaluation.DEFAULT_NUM_TABLES)
    public CertConfig certConfig;

    /* loaded from: input_file:org/apache/hadoop/hbase/security/AbstractTestMutualTls$CertConfig.class */
    public enum CertConfig {
        NO_CLIENT_CERT,
        NON_VERIFIABLE_CERT,
        GOOD_CERT,
        VERIFIABLE_CERT_WITH_BAD_HOST
    }

    @BeforeClass
    public static void setUpBeforeClass() throws IOException {
        UTIL = new HBaseCommonTestingUtility();
        Security.addProvider(new BouncyCastleProvider());
        DIR = new File(UTIL.getDataTestDir(AbstractTestTlsRejectPlainText.class.getSimpleName()).toString()).getCanonicalFile();
        FileUtils.forceMkdir(DIR);
        Configuration configuration = UTIL.getConfiguration();
        configuration.setClass("hbase.rpc.client.impl", NettyRpcClient.class, RpcClient.class);
        configuration.setClass("hbase.rpc.server.impl", NettyRpcServer.class, RpcServer.class);
        configuration.setBoolean("hbase.server.netty.tls.enabled", true);
        configuration.setBoolean("hbase.server.netty.tls.supportplaintext", false);
        configuration.setBoolean("hbase.client.netty.tls.enabled", true);
        PROVIDER = new X509TestContextProvider(configuration, DIR);
    }

    @AfterClass
    public static void cleanUp() {
        Security.removeProvider("BC");
        UTIL.cleanupTestDir();
    }

    protected abstract void initialize(Configuration configuration, Configuration configuration2) throws IOException, GeneralSecurityException, OperatorCreationException;

    @Before
    public void setUp() throws Exception {
        this.x509TestContext = PROVIDER.get(this.caKeyType, this.certKeyType, this.keyPassword.toCharArray());
        this.x509TestContext.setConfigurations(KeyStoreFileType.JKS, KeyStoreFileType.JKS);
        Configuration configuration = new Configuration(UTIL.getConfiguration());
        Configuration configuration2 = new Configuration(UTIL.getConfiguration());
        initialize(configuration, configuration2);
        this.rpcServer = new NettyRpcServer((Server) null, "testRpcServer", Lists.newArrayList(new RpcServer.BlockingServiceAndInterface[]{new RpcServer.BlockingServiceAndInterface(TestProtobufRpcServiceImpl.SERVICE, (Class) null)}), new InetSocketAddress(TestProtoBufRpc.ADDRESS, 0), configuration, new FifoRpcScheduler(configuration, 1), true);
        this.rpcServer.start();
        this.rpcClient = new NettyRpcClient(configuration2);
        this.stub = TestProtobufRpcServiceImpl.newBlockingStub(this.rpcClient, this.rpcServer.getListenerAddress());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleCertConfig(Configuration configuration) throws GeneralSecurityException, IOException, OperatorCreationException {
        switch (this.certConfig.ordinal()) {
            case MultiThreadedReader.DEFAULT_KEY_WINDOW /* 0 */:
                configuration.set("hbase.rpc.tls.keystore.location", "");
                return;
            case 1:
                PROVIDER.get(this.caKeyType, this.certKeyType, "random value".toCharArray()).setKeystoreConfigurations(KeyStoreFileType.JKS, configuration);
                return;
            case TestRegionCoprocessorHost.MIN_VERSIONS /* 2 */:
            default:
                return;
            case 3:
                this.x509TestContext.cloneWithNewKeystoreCert(this.x509TestContext.newCert(new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.CN, MethodHandles.lookup().lookupClass().getCanonicalName() + " With Bad Host Test").build(), new String[]{"www.example.com"})).setKeystoreConfigurations(KeyStoreFileType.JKS, configuration);
                return;
        }
    }

    @After
    public void tearDown() throws IOException {
        if (this.rpcServer != null) {
            this.rpcServer.stop();
        }
        Closeables.close(this.rpcClient, true);
        this.x509TestContext.clearConfigurations();
        this.x509TestContext.getConf().unset("hbase.rpc.tls.ocsp");
        this.x509TestContext.getConf().unset("hbase.rpc.tls.clr");
        this.x509TestContext.getConf().unset("hbase.rpc.tls.protocol");
        System.clearProperty("com.sun.net.ssl.checkRevocation");
        System.clearProperty("com.sun.security.enableCRLDP");
        Security.setProperty("ocsp.enable", Boolean.FALSE.toString());
        Security.setProperty("com.sun.security.enableCRLDP", Boolean.FALSE.toString());
    }

    @Test
    public void testClientAuth() throws Exception {
        if (this.expectSuccess) {
            submitRequest();
        } else {
            MatcherAssert.assertThat(Assert.assertThrows(ServiceException.class, this::submitRequest).getCause(), Matchers.instanceOf(SSLHandshakeException.class));
        }
    }

    private void submitRequest() throws ServiceException {
        this.stub.echo((RpcController) null, TestProtos.EchoRequestProto.newBuilder().setMessage("hello world").build());
    }
}
