package org.apache.hadoop.yarn.server.webproxy;

import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashSet;
import java.util.Random;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;

/* loaded from: input_file:org/apache/hadoop/yarn/server/webproxy/TestProxyCA.class */
public class TestProxyCA {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/yarn/server/webproxy/TestProxyCA$CertKeyPair.class */
    public static class CertKeyPair {
        private X509Certificate cert;
        private KeyPair keyPair;

        public CertKeyPair(X509Certificate x509Certificate, KeyPair keyPair) {
            this.cert = x509Certificate;
            this.keyPair = keyPair;
        }

        public X509Certificate getCert() {
            return this.cert;
        }

        public KeyPair getKeyPair() {
            return this.keyPair;
        }
    }

    @Test
    public void testInit() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        Assert.assertNull(proxyCA.getCaCert());
        Assert.assertNull(proxyCA.getCaKeyPair());
        Assert.assertNull(proxyCA.getX509KeyManager());
        Assert.assertNull(proxyCA.getHostnameVerifier());
        proxyCA.init();
        Assert.assertNotNull(proxyCA.getCaCert());
        Assert.assertNotNull(proxyCA.getCaKeyPair());
        Assert.assertNotNull(proxyCA.getX509KeyManager());
        Assert.assertNotNull(proxyCA.getHostnameVerifier());
    }

    @Test
    public void testInit2Null() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        Assert.assertNull(proxyCA.getCaCert());
        Assert.assertNull(proxyCA.getCaKeyPair());
        Assert.assertNull(proxyCA.getX509KeyManager());
        Assert.assertNull(proxyCA.getHostnameVerifier());
        proxyCA.init((X509Certificate) null, (PrivateKey) null);
        Assert.assertNotNull(proxyCA.getCaCert());
        Assert.assertNotNull(proxyCA.getCaKeyPair());
        Assert.assertNotNull(proxyCA.getX509KeyManager());
        Assert.assertNotNull(proxyCA.getHostnameVerifier());
    }

    @Test
    public void testInit2Mismatch() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        Assert.assertNull(proxyCA.getCaCert());
        Assert.assertNull(proxyCA.getCaKeyPair());
        Assert.assertNull(proxyCA.getX509KeyManager());
        Assert.assertNull(proxyCA.getHostnameVerifier());
        CertKeyPair createCertAndKeyPair = createCertAndKeyPair();
        CertKeyPair createCertAndKeyPair2 = createCertAndKeyPair();
        Assert.assertNotEquals(createCertAndKeyPair.getCert(), createCertAndKeyPair2.getCert());
        Assert.assertNotEquals(createCertAndKeyPair.getKeyPair().getPrivate(), createCertAndKeyPair2.getKeyPair().getPrivate());
        Assert.assertNotEquals(createCertAndKeyPair.getKeyPair().getPublic(), createCertAndKeyPair2.getKeyPair().getPublic());
        proxyCA.init(createCertAndKeyPair.getCert(), createCertAndKeyPair2.getKeyPair().getPrivate());
        Assert.assertNotNull(proxyCA.getCaCert());
        Assert.assertNotNull(proxyCA.getCaKeyPair());
        Assert.assertNotNull(proxyCA.getX509KeyManager());
        Assert.assertNotNull(proxyCA.getHostnameVerifier());
        Assert.assertNotEquals(proxyCA.getCaCert(), createCertAndKeyPair.getCert());
        Assert.assertNotEquals(proxyCA.getCaKeyPair().getPrivate(), createCertAndKeyPair2.getKeyPair().getPrivate());
        Assert.assertNotEquals(proxyCA.getCaKeyPair().getPublic(), createCertAndKeyPair2.getKeyPair().getPublic());
    }

    @Test
    public void testInit2Invalid() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        Assert.assertNull(proxyCA.getCaCert());
        Assert.assertNull(proxyCA.getCaKeyPair());
        Assert.assertNull(proxyCA.getX509KeyManager());
        Assert.assertNull(proxyCA.getHostnameVerifier());
        try {
            proxyCA.init((X509Certificate) Mockito.mock(X509Certificate.class), (PrivateKey) Mockito.mock(PrivateKey.class));
            Assert.fail("Expected InvalidKeyException");
        } catch (InvalidKeyException e) {
        }
    }

    @Test
    public void testInit2() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        Assert.assertNull(proxyCA.getCaCert());
        Assert.assertNull(proxyCA.getCaKeyPair());
        Assert.assertNull(proxyCA.getX509KeyManager());
        Assert.assertNull(proxyCA.getHostnameVerifier());
        CertKeyPair createCertAndKeyPair = createCertAndKeyPair();
        proxyCA.init(createCertAndKeyPair.getCert(), createCertAndKeyPair.getKeyPair().getPrivate());
        Assert.assertEquals(createCertAndKeyPair.getCert(), proxyCA.getCaCert());
        Assert.assertEquals(createCertAndKeyPair.getKeyPair().getPrivate(), proxyCA.getCaKeyPair().getPrivate());
        Assert.assertEquals(createCertAndKeyPair.getKeyPair().getPublic(), proxyCA.getCaKeyPair().getPublic());
        Assert.assertNotNull(proxyCA.getX509KeyManager());
        Assert.assertNotNull(proxyCA.getHostnameVerifier());
    }

    @Test
    public void testCreateChildKeyStore() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        ApplicationId newInstance = ApplicationId.newInstance(System.currentTimeMillis(), 1);
        KeyStore bytesToKeyStore = KeyStoreTestUtil.bytesToKeyStore(proxyCA.createChildKeyStore(newInstance, "password"), "password");
        Assert.assertEquals(1L, bytesToKeyStore.size());
        Certificate[] certificateChain = bytesToKeyStore.getCertificateChain("server");
        Assert.assertEquals(2L, certificateChain.length);
        X509Certificate x509Certificate = (X509Certificate) certificateChain[1];
        X509Certificate x509Certificate2 = (X509Certificate) certificateChain[0];
        Assert.assertEquals(x509Certificate.getSubjectX500Principal().toString(), x509Certificate2.getIssuerDN().toString());
        Assert.assertEquals(new X500Principal("CN=" + newInstance), x509Certificate2.getSubjectX500Principal());
        Assert.assertFalse("Found multiple fields in X500 Principal, when there should have only been one: " + x509Certificate2.getSubjectX500Principal(), x509Certificate2.getSubjectX500Principal().toString().contains(","));
        Assert.assertEquals("SHA512withRSA", x509Certificate2.getSigAlgName());
        Assert.assertEquals(x509Certificate2.getNotBefore(), x509Certificate2.getNotAfter());
        Assert.assertTrue("Expected certificate to be expired but was not: " + x509Certificate2.getNotAfter(), x509Certificate2.getNotAfter().before(new Date()));
        Assert.assertEquals(new X500Principal("CN=" + newInstance).toString(), x509Certificate2.getSubjectDN().toString());
        Assert.assertEquals("RSA", bytesToKeyStore.getKey("server", "password".toCharArray()).getAlgorithm());
        Assert.assertEquals(-1L, x509Certificate2.getBasicConstraints());
        PublicKey publicKey = x509Certificate.getPublicKey();
        x509Certificate2.verify(publicKey);
        checkCACert(x509Certificate);
        Assert.assertEquals(proxyCA.getCaCert(), x509Certificate);
        x509Certificate.verify(publicKey);
        PrivateKey privateKey = proxyCA.getX509KeyManager().getPrivateKey(null);
        checkPrivatePublicKeys(privateKey, publicKey);
        Assert.assertEquals(proxyCA.getCaKeyPair().getPublic(), publicKey);
        Assert.assertEquals(proxyCA.getCaKeyPair().getPrivate(), privateKey);
    }

    @Test
    public void testGetChildTrustStore() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        KeyStore bytesToKeyStore = KeyStoreTestUtil.bytesToKeyStore(proxyCA.getChildTrustStore("password"), "password");
        Assert.assertEquals(1L, bytesToKeyStore.size());
        X509Certificate x509Certificate = (X509Certificate) bytesToKeyStore.getCertificate("client");
        checkCACert(x509Certificate);
        Assert.assertEquals(proxyCA.getCaCert(), x509Certificate);
        PublicKey publicKey = x509Certificate.getPublicKey();
        x509Certificate.verify(publicKey);
        PrivateKey privateKey = proxyCA.getX509KeyManager().getPrivateKey(null);
        checkPrivatePublicKeys(privateKey, publicKey);
        Assert.assertEquals(proxyCA.getCaKeyPair().getPublic(), publicKey);
        Assert.assertEquals(proxyCA.getCaKeyPair().getPrivate(), privateKey);
    }

    @Test
    public void testGenerateKeyStorePassword() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        HashSet hashSet = new HashSet();
        for (int i = 0; i < 5; i++) {
            String generateKeyStorePassword = proxyCA.generateKeyStorePassword();
            Assert.assertEquals(16L, generateKeyStorePassword.length());
            char[] charArray = generateKeyStorePassword.toCharArray();
            int length = charArray.length;
            for (int i2 = 0; i2 < length; i2++) {
                char c = charArray[i2];
                Assert.assertFalse("Found character '" + c + "' in password '" + generateKeyStorePassword + "' which is outside of the expected range", c < ' ');
                Assert.assertFalse("Found character '" + c + "' in password '" + generateKeyStorePassword + "' which is outside of the expected range", c > 'z');
            }
            Assert.assertFalse("Password " + generateKeyStorePassword + " was generated twice, which is _extremely_ unlikely and shouldn't practically happen: " + hashSet, hashSet.contains(generateKeyStorePassword));
            hashSet.add(generateKeyStorePassword);
        }
    }

    @Test
    public void testCreateTrustManagerDefaultTrustManager() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        X509TrustManager x509TrustManager = (X509TrustManager) Mockito.mock(X509TrustManager.class);
        proxyCA.setDefaultTrustManager(x509TrustManager);
        X509TrustManager createTrustManager = proxyCA.createTrustManager(ApplicationId.newInstance(System.currentTimeMillis(), 1));
        Mockito.when(x509TrustManager.getAcceptedIssuers()).thenReturn(new X509Certificate[]{KeyStoreTestUtil.generateCertificate("CN=foo", KeyStoreTestUtil.generateKeyPair("RSA"), 30, "SHA1withRSA")});
        Assert.assertArrayEquals(x509TrustManager.getAcceptedIssuers(), createTrustManager.getAcceptedIssuers());
        createTrustManager.checkClientTrusted(null, null);
    }

    @Test
    public void testCreateTrustManagerYarnCert() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        X509TrustManager x509TrustManager = (X509TrustManager) Mockito.mock(X509TrustManager.class);
        proxyCA.setDefaultTrustManager(x509TrustManager);
        ApplicationId newInstance = ApplicationId.newInstance(System.currentTimeMillis(), 1);
        X509TrustManager createTrustManager = proxyCA.createTrustManager(newInstance);
        X509Certificate[] castCertificateArrayToX509CertificateArray = castCertificateArrayToX509CertificateArray(KeyStoreTestUtil.bytesToKeyStore(proxyCA.createChildKeyStore(newInstance, "password"), "password").getCertificateChain("server"));
        createTrustManager.checkServerTrusted(castCertificateArrayToX509CertificateArray, "RSA");
        ((X509TrustManager) Mockito.verify(x509TrustManager, Mockito.times(0))).checkServerTrusted(castCertificateArrayToX509CertificateArray, "RSA");
    }

    @Test
    public void testCreateTrustManagerWrongApp() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        proxyCA.setDefaultTrustManager((X509TrustManager) Mockito.mock(X509TrustManager.class));
        ApplicationId newInstance = ApplicationId.newInstance(System.currentTimeMillis(), 1);
        ApplicationId newInstance2 = ApplicationId.newInstance(System.currentTimeMillis(), 2);
        try {
            proxyCA.createTrustManager(newInstance).checkServerTrusted(castCertificateArrayToX509CertificateArray(KeyStoreTestUtil.bytesToKeyStore(proxyCA.createChildKeyStore(newInstance2, "password"), "password").getCertificateChain("server")), "RSA");
            Assert.fail("Should have thrown a CertificateException, but did not");
        } catch (CertificateException e) {
            Assert.assertEquals("Expected to find Subject X500 Principal with CN=" + newInstance + " but found CN=" + newInstance2, e.getMessage());
        }
    }

    @Test
    public void testCreateTrustManagerWrongRM() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        X509TrustManager x509TrustManager = (X509TrustManager) Mockito.mock(X509TrustManager.class);
        proxyCA.setDefaultTrustManager(x509TrustManager);
        ApplicationId newInstance = ApplicationId.newInstance(System.currentTimeMillis(), 1);
        X509TrustManager createTrustManager = proxyCA.createTrustManager(newInstance);
        ProxyCA proxyCA2 = new ProxyCA();
        proxyCA2.init();
        X509Certificate[] castCertificateArrayToX509CertificateArray = castCertificateArrayToX509CertificateArray(KeyStoreTestUtil.bytesToKeyStore(proxyCA2.createChildKeyStore(newInstance, "password"), "password").getCertificateChain("server"));
        ((X509TrustManager) Mockito.verify(x509TrustManager, Mockito.times(0))).checkServerTrusted(castCertificateArrayToX509CertificateArray, "RSA");
        createTrustManager.checkServerTrusted(castCertificateArrayToX509CertificateArray, "RSA");
        ((X509TrustManager) Mockito.verify(x509TrustManager, Mockito.times(1))).checkServerTrusted(castCertificateArrayToX509CertificateArray, "RSA");
    }

    @Test
    public void testCreateTrustManagerRealCert() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        X509TrustManager x509TrustManager = (X509TrustManager) Mockito.mock(X509TrustManager.class);
        proxyCA.setDefaultTrustManager(x509TrustManager);
        X509TrustManager createTrustManager = proxyCA.createTrustManager(ApplicationId.newInstance(System.currentTimeMillis(), 1));
        X509Certificate[] x509CertificateArr = {KeyStoreTestUtil.generateCertificate("CN=foo.com", KeyStoreTestUtil.generateKeyPair("RSA"), 30, "SHA1withRSA")};
        ((X509TrustManager) Mockito.verify(x509TrustManager, Mockito.times(0))).checkServerTrusted(x509CertificateArr, "RSA");
        createTrustManager.checkServerTrusted(x509CertificateArr, "RSA");
        ((X509TrustManager) Mockito.verify(x509TrustManager, Mockito.times(1))).checkServerTrusted(x509CertificateArr, "RSA");
        X509Certificate[] x509CertificateArr2 = {KeyStoreTestUtil.generateCertificate("CN=foo.com", KeyStoreTestUtil.generateKeyPair("RSA"), 30, "SHA1withRSA"), KeyStoreTestUtil.generateCertificate("CN=foo.com", KeyStoreTestUtil.generateKeyPair("RSA"), 30, "SHA1withRSA")};
        ((X509TrustManager) Mockito.verify(x509TrustManager, Mockito.times(0))).checkServerTrusted(x509CertificateArr2, "RSA");
        createTrustManager.checkServerTrusted(x509CertificateArr2, "RSA");
        ((X509TrustManager) Mockito.verify(x509TrustManager, Mockito.times(1))).checkServerTrusted(x509CertificateArr2, "RSA");
    }

    @Test
    public void testCreateTrustManagerExceptions() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        X509TrustManager x509TrustManager = (X509TrustManager) Mockito.mock(X509TrustManager.class);
        proxyCA.setDefaultTrustManager(x509TrustManager);
        ApplicationId newInstance = ApplicationId.newInstance(System.currentTimeMillis(), 1);
        X509TrustManager createTrustManager = proxyCA.createTrustManager(newInstance);
        for (Exception exc : new Exception[]{new CertificateException(), new NoSuchAlgorithmException(), new InvalidKeyException(), new SignatureException(), new NoSuchProviderException()}) {
            X509Certificate[] castCertificateArrayToX509CertificateArray = castCertificateArrayToX509CertificateArray(KeyStoreTestUtil.bytesToKeyStore(proxyCA.createChildKeyStore(newInstance, "password"), "password").getCertificateChain("server"));
            castCertificateArrayToX509CertificateArray[0] = (X509Certificate) Mockito.spy(castCertificateArrayToX509CertificateArray[0]);
            ((X509Certificate) Mockito.doThrow(exc).when(castCertificateArrayToX509CertificateArray[0])).verify((PublicKey) Mockito.any());
            ((X509TrustManager) Mockito.verify(x509TrustManager, Mockito.times(0))).checkServerTrusted(castCertificateArrayToX509CertificateArray, "RSA");
            createTrustManager.checkServerTrusted(castCertificateArrayToX509CertificateArray, "RSA");
            ((X509TrustManager) Mockito.verify(x509TrustManager, Mockito.times(1))).checkServerTrusted(castCertificateArrayToX509CertificateArray, "RSA");
        }
    }

    @Test
    public void testCreateKeyManager() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        X509KeyManager x509KeyManager = proxyCA.getX509KeyManager();
        Assert.assertArrayEquals(new String[]{"client"}, x509KeyManager.getClientAliases(null, null));
        Assert.assertEquals("client", x509KeyManager.chooseClientAlias(null, null, null));
        Assert.assertNull(x509KeyManager.getServerAliases(null, null));
        Assert.assertNull(x509KeyManager.chooseServerAlias(null, null, null));
        KeyStore bytesToKeyStore = KeyStoreTestUtil.bytesToKeyStore(proxyCA.getChildTrustStore("password"), "password");
        Assert.assertEquals(1L, bytesToKeyStore.size());
        X509Certificate x509Certificate = (X509Certificate) bytesToKeyStore.getCertificate("client");
        Assert.assertArrayEquals(new X509Certificate[]{x509Certificate}, x509KeyManager.getCertificateChain(null));
        Assert.assertEquals(proxyCA.getCaCert(), x509Certificate);
        PrivateKey privateKey = x509KeyManager.getPrivateKey(null);
        PublicKey publicKey = x509Certificate.getPublicKey();
        checkPrivatePublicKeys(privateKey, publicKey);
        Assert.assertEquals(proxyCA.getCaKeyPair().getPublic(), publicKey);
        Assert.assertEquals(proxyCA.getCaKeyPair().getPrivate(), privateKey);
    }

    @Test
    public void testCreateHostnameVerifier() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        HostnameVerifier hostnameVerifier = proxyCA.getHostnameVerifier();
        SSLSession sSLSession = (SSLSession) Mockito.mock(SSLSession.class);
        Mockito.when(sSLSession.getPeerCertificates()).thenReturn(KeyStoreTestUtil.bytesToKeyStore(proxyCA.createChildKeyStore(ApplicationId.newInstance(System.currentTimeMillis(), 1), "password"), "password").getCertificateChain("server"));
        Assert.assertTrue(hostnameVerifier.verify("foo", sSLSession));
    }

    @Test
    public void testCreateHostnameVerifierSSLPeerUnverifiedException() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        HostnameVerifier hostnameVerifier = proxyCA.getHostnameVerifier();
        SSLSession sSLSession = (SSLSession) Mockito.mock(SSLSession.class);
        Mockito.when(sSLSession.getPeerCertificates()).thenThrow(new Throwable[]{new SSLPeerUnverifiedException("")});
        Assert.assertFalse(hostnameVerifier.verify("foo", sSLSession));
    }

    @Test
    public void testCreateHostnameVerifierWrongRM() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        HostnameVerifier hostnameVerifier = proxyCA.getHostnameVerifier();
        SSLSession sSLSession = (SSLSession) Mockito.mock(SSLSession.class);
        ProxyCA proxyCA2 = new ProxyCA();
        proxyCA2.init();
        Mockito.when(sSLSession.getPeerCertificates()).thenReturn(KeyStoreTestUtil.bytesToKeyStore(proxyCA2.createChildKeyStore(ApplicationId.newInstance(System.currentTimeMillis(), 1), "password"), "password").getCertificateChain("server"));
        Assert.assertFalse(hostnameVerifier.verify("foo", sSLSession));
    }

    @Test
    public void testCreateHostnameVerifierExceptions() throws Exception {
        final ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        HostnameVerifier hostnameVerifier = proxyCA.getHostnameVerifier();
        for (final Exception exc : new Exception[]{new CertificateException(), new NoSuchAlgorithmException(), new InvalidKeyException(), new SignatureException(), new NoSuchProviderException()}) {
            SSLSession sSLSession = (SSLSession) Mockito.mock(SSLSession.class);
            Mockito.when(sSLSession.getPeerCertificates()).thenAnswer(new Answer<Certificate[]>() { // from class: org.apache.hadoop.yarn.server.webproxy.TestProxyCA.1
                /* renamed from: answer, reason: merged with bridge method [inline-methods] */
                public Certificate[] m1answer(InvocationOnMock invocationOnMock) throws Throwable {
                    Certificate[] certificateChain = KeyStoreTestUtil.bytesToKeyStore(proxyCA.createChildKeyStore(ApplicationId.newInstance(System.currentTimeMillis(), 1), "password"), "password").getCertificateChain("server");
                    Certificate certificate = (Certificate) Mockito.spy(certificateChain[0]);
                    certificateChain[0] = certificate;
                    ((Certificate) Mockito.doThrow(exc).when(certificate)).verify((PublicKey) Mockito.any());
                    return certificateChain;
                }
            });
            Assert.assertFalse(hostnameVerifier.verify("foo", sSLSession));
        }
    }

    @Test
    public void testCreateHostnameVerifierRealCert() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        HostnameVerifier hostnameVerifier = proxyCA.getHostnameVerifier();
        SSLSession sSLSession = (SSLSession) Mockito.mock(SSLSession.class);
        Mockito.when(sSLSession.getPeerCertificates()).thenAnswer(new Answer<Certificate[]>() { // from class: org.apache.hadoop.yarn.server.webproxy.TestProxyCA.2
            /* renamed from: answer, reason: merged with bridge method [inline-methods] */
            public Certificate[] m2answer(InvocationOnMock invocationOnMock) throws Throwable {
                return new Certificate[]{KeyStoreTestUtil.generateCertificate("CN=foo.com", KeyStoreTestUtil.generateKeyPair("RSA"), 30, "SHA1withRSA")};
            }
        });
        Assert.assertTrue(hostnameVerifier.verify("foo.com", sSLSession));
    }

    @Test
    public void testCreateHostnameVerifierRealCertBad() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        HostnameVerifier hostnameVerifier = proxyCA.getHostnameVerifier();
        SSLSession sSLSession = (SSLSession) Mockito.mock(SSLSession.class);
        Mockito.when(sSLSession.getPeerCertificates()).thenAnswer(new Answer<Certificate[]>() { // from class: org.apache.hadoop.yarn.server.webproxy.TestProxyCA.3
            /* renamed from: answer, reason: merged with bridge method [inline-methods] */
            public Certificate[] m3answer(InvocationOnMock invocationOnMock) throws Throwable {
                return new Certificate[]{KeyStoreTestUtil.generateCertificate("CN=foo.com", KeyStoreTestUtil.generateKeyPair("RSA"), 30, "SHA1withRSA")};
            }
        });
        Assert.assertFalse(hostnameVerifier.verify("bar.com", sSLSession));
    }

    private void checkCACert(X509Certificate x509Certificate) {
        Assert.assertEquals(x509Certificate.getSubjectX500Principal().toString(), x509Certificate.getIssuerDN().toString());
        Assert.assertEquals(x509Certificate.getSubjectX500Principal().toString(), x509Certificate.getSubjectDN().toString());
        Assert.assertTrue("Expected CA certificate X500 Principal to start with 'OU=YARN-', but did not: " + x509Certificate.getSubjectX500Principal(), x509Certificate.getSubjectX500Principal().toString().startsWith("OU=YARN-"));
        Assert.assertFalse("Found multiple fields in X500 Principal, when there should have only been one: " + x509Certificate.getSubjectX500Principal(), x509Certificate.getSubjectX500Principal().toString().contains(","));
        Assert.assertEquals("SHA512withRSA", x509Certificate.getSigAlgName());
        Assert.assertEquals(new GregorianCalendar(2037, 11, 31).getTime(), x509Certificate.getNotAfter());
        Assert.assertTrue("Expected certificate to have started but was not: " + x509Certificate.getNotBefore(), x509Certificate.getNotBefore().before(new Date()));
        Assert.assertEquals(0L, x509Certificate.getBasicConstraints());
    }

    private void checkPrivatePublicKeys(PrivateKey privateKey, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        byte[] bArr = new byte[2000];
        new Random().nextBytes(bArr);
        Signature signature = Signature.getInstance("SHA512withRSA");
        signature.initSign(privateKey);
        signature.update(bArr);
        byte[] sign = signature.sign();
        Signature signature2 = Signature.getInstance("SHA512withRSA");
        signature2.initVerify(publicKey);
        signature2.update(bArr);
        Assert.assertTrue(signature2.verify(sign));
    }

    private X509Certificate[] castCertificateArrayToX509CertificateArray(Certificate[] certificateArr) {
        return (X509Certificate[]) Arrays.copyOf(certificateArr, certificateArr.length, X509Certificate[].class);
    }

    private CertKeyPair createCertAndKeyPair() throws Exception {
        ProxyCA proxyCA = new ProxyCA();
        proxyCA.init();
        return new CertKeyPair(proxyCA.getCaCert(), proxyCA.getCaKeyPair());
    }
}
