package com.cloudera.cmf.service.csd.components;

import com.cloudera.cmf.ProductState;
import com.cloudera.cmf.command.datacollection.UtilizationReportArchiverTest;
import com.cloudera.cmf.model.DbConfigContainer;
import com.cloudera.cmf.model.DbHost;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbRoleConfigGroup;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.ServiceHandler;
import com.cloudera.cmf.service.TestUtils;
import com.cloudera.cmf.service.config.BooleanParamSpec;
import com.cloudera.cmf.service.config.MetricsSourceConfigEvaluatorTest;
import com.cloudera.cmf.service.config.StringEnumParamSpec;
import com.cloudera.cmf.service.config.URIParamSpec;
import com.cloudera.cmf.service.kms.KmsConnector;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.cmf.version.Release;
import com.cloudera.csd.BundleData;
import com.cloudera.csd.CsdBundle;
import com.cloudera.csd.CsdTestUtils;
import com.cloudera.csd.descriptors.KerberosPrincipalDescriptor;
import com.cloudera.csd.descriptors.ProvidesKms;
import com.cloudera.csd.descriptors.RoleDescriptor;
import com.cloudera.csd.descriptors.RunAs;
import com.cloudera.csd.descriptors.RunnerDescriptor;
import com.cloudera.csd.descriptors.ServiceDependency;
import com.cloudera.csd.descriptors.ServiceDescriptor;
import com.cloudera.csd.descriptors.SslServerDescriptor;
import com.cloudera.csd.descriptors.TopologyDescriptor;
import com.cloudera.csd.descriptors.parameters.Parameter;
import com.cloudera.csd.descriptors.parameters.PortNumberParameter;
import com.cloudera.csd.descriptors.parameters.StringEnumParameter;
import com.cloudera.csd.descriptors.parameters.URIParameter;
import com.cloudera.server.cmf.AbstractBaseTest;
import com.cloudera.server.cmf.BaseTest;
import com.cloudera.server.cmf.MockTestCluster;
import com.cloudera.server.web.common.I18n;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Map;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:com/cloudera/cmf/service/csd/components/ProvidesKmsTest.class */
public class ProvidesKmsTest extends BaseTest {
    private static final String SVC_TYPE = "KMS_TEST_SVC";
    private static final String ROLE_TYPE = "KMS_TEST_ROLE";
    private static final String PORT_NAME = "kms_port_name";
    private static final String AUTH_TYPE_NAME = "kms_auth_type";
    private static final String SSL_PORT_NAME = "kms_ssl_port_name";
    private static final String LOAD_BALANCER_NAME = "kms_load_balancer_name";
    private static final String LOAD_BALANCER_HOST = "load_balancer_host";
    private static final String LOAD_BALANCER_URL = "http://load_balancer_host:555/some/suffix";
    private static final String EXPECTED_LOAD_BALANCER_URI = "kms://http@load_balancer_host:555/some/suffix";
    private static final String LOAD_BALANCER_PRINCIPAL_KEY = "LOAD_BALANCER";
    private static final boolean CREATE_SECOND_KMS = true;
    private static final boolean CONFIGURE_LOAD_BALANCER = true;
    private CsdBundle bundle;
    private ServiceDescriptor serviceDesc;
    private RoleDescriptor kmsRoleDesc;
    private DynamicServiceHandler handler;
    private static final Long DEFAULT_PORT = 42L;
    private static final Long DEFAULT_SSL_PORT = 72L;
    private static final String EXPECTED_ZK_LOAD_BALANCER_URI = "kms://http@host1;host2:" + DEFAULT_PORT + "/kms";
    private static final String EXPECTED_SECURE_ZK_LOAD_BALANCER_URI = "kms://https@host1;host2:" + DEFAULT_SSL_PORT + "/kms";
    private static final String DEFAULT_REALM = (String) ScmParams.SECURITY_REALM.getDefaultValueNoVersion();

    @Before
    public void setupCluster() {
        this.serviceDesc = (ServiceDescriptor) Mockito.mock(ServiceDescriptor.class);
        Mockito.when(this.serviceDesc.getName()).thenReturn(SVC_TYPE);
        Mockito.when(this.serviceDesc.getLabel()).thenReturn("KMS Test Service");
        Mockito.when(this.serviceDesc.getVersion()).thenReturn("1");
        Mockito.when(this.serviceDesc.getMaxInstances()).thenReturn(1);
        Mockito.when(this.serviceDesc.getLicenseFeature()).thenReturn("KEYTRUSTEE");
        ServiceDependency serviceDependency = (ServiceDependency) Mockito.mock(ServiceDependency.class);
        Mockito.when(serviceDependency.getName()).thenReturn(MockTestCluster.ZK_ST);
        Mockito.when(Boolean.valueOf(serviceDependency.isRequired())).thenReturn(false);
        Mockito.when(this.serviceDesc.getServiceDependencies()).thenReturn(ImmutableList.of(serviceDependency));
        RunAs runAs = (RunAs) Mockito.mock(RunAs.class);
        Mockito.when(runAs.getUser()).thenReturn("kms");
        Mockito.when(runAs.getGroup()).thenReturn("kms");
        Mockito.when(this.serviceDesc.getRunAs()).thenReturn(runAs);
        Parameter parameter = (Parameter) Mockito.mock(URIParameter.class);
        Mockito.when(parameter.getName()).thenReturn(LOAD_BALANCER_NAME);
        Mockito.when(parameter.getLabel()).thenReturn("KMS Load Balancer");
        Mockito.when(parameter.getDescription()).thenReturn("Full URL for KMS Load Balancer.");
        Mockito.when(parameter.getDefault()).thenReturn(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER);
        StringEnumParameter stringEnumParameter = (StringEnumParameter) Mockito.mock(StringEnumParameter.class);
        Mockito.when(stringEnumParameter.getName()).thenReturn(AUTH_TYPE_NAME);
        Mockito.when(stringEnumParameter.getLabel()).thenReturn("KMS Authorization Type");
        Mockito.when(stringEnumParameter.getDescription()).thenReturn("Type of KMS Auth");
        Mockito.when(Boolean.valueOf(stringEnumParameter.isRequired())).thenReturn(true);
        Mockito.when(stringEnumParameter.getValidValues()).thenReturn(ImmutableSet.of("Simple", "Kerberos"));
        Mockito.when(stringEnumParameter.getDefault()).thenReturn("Simple");
        Mockito.when(this.serviceDesc.getParameters()).thenReturn(ImmutableList.of(parameter, stringEnumParameter));
        Mockito.when(this.serviceDesc.getKerberos()).thenReturn("${kms_auth_type}");
        this.kmsRoleDesc = (RoleDescriptor) Mockito.mock(RoleDescriptor.class);
        Mockito.when(this.kmsRoleDesc.getName()).thenReturn(ROLE_TYPE);
        Mockito.when(this.kmsRoleDesc.getLabel()).thenReturn("KMS Test Role");
        Mockito.when(this.kmsRoleDesc.getPluralLabel()).thenReturn("KMS Test Roles");
        RunnerDescriptor runnerDescriptor = (RunnerDescriptor) Mockito.mock(RunnerDescriptor.class);
        Mockito.when(runnerDescriptor.getProgram()).thenReturn("kms.sh");
        Mockito.when(this.kmsRoleDesc.getStartRunner()).thenReturn(runnerDescriptor);
        Parameter parameter2 = (Parameter) Mockito.mock(PortNumberParameter.class);
        Mockito.when(parameter2.getName()).thenReturn(PORT_NAME);
        Mockito.when(parameter2.getLabel()).thenReturn("KMS Port");
        Mockito.when(parameter2.getDescription()).thenReturn("KMS Port number");
        Mockito.when(parameter2.getDefault()).thenReturn(DEFAULT_PORT);
        Parameter parameter3 = (Parameter) Mockito.mock(PortNumberParameter.class);
        Mockito.when(parameter3.getName()).thenReturn(SSL_PORT_NAME);
        Mockito.when(parameter3.getLabel()).thenReturn("KMS SSL Port");
        Mockito.when(parameter3.getDescription()).thenReturn("KMS SSL Port number");
        Mockito.when(parameter3.getDefault()).thenReturn(DEFAULT_SSL_PORT);
        Mockito.when(this.kmsRoleDesc.getParameters()).thenReturn(ImmutableList.of(parameter2, parameter3));
        KerberosPrincipalDescriptor kerberosPrincipalDescriptor = (KerberosPrincipalDescriptor) Mockito.mock(KerberosPrincipalDescriptor.class);
        Mockito.when(kerberosPrincipalDescriptor.getName()).thenReturn("HTTP");
        Mockito.when(kerberosPrincipalDescriptor.getPrimary()).thenReturn("HTTP");
        Mockito.when(kerberosPrincipalDescriptor.getInstance()).thenReturn("${host}");
        Mockito.when(this.kmsRoleDesc.getKerberosPrincipals()).thenReturn(ImmutableList.of(kerberosPrincipalDescriptor));
        Mockito.when(this.serviceDesc.getRoles()).thenReturn(ImmutableList.of(this.kmsRoleDesc));
        ProvidesKms providesKms = (ProvidesKms) Mockito.mock(ProvidesKms.class);
        Mockito.when(providesKms.getRoleName()).thenReturn(ROLE_TYPE);
        Mockito.when(providesKms.getInsecureUrl()).thenReturn("http://${host}:${kms_port_name}/kms");
        Mockito.when(this.serviceDesc.getProvidesKms()).thenReturn(providesKms);
        this.bundle = (CsdBundle) Mockito.mock(CsdBundle.class);
        Mockito.when(Boolean.valueOf(this.bundle.isValidBundle())).thenReturn(true);
        Mockito.when(Long.valueOf(this.bundle.getGeneration())).thenReturn(1L);
        Mockito.when(this.bundle.getServiceType()).thenReturn(SVC_TYPE);
        Mockito.when(this.bundle.getServiceDescriptor()).thenReturn(this.serviceDesc);
        Mockito.when(this.bundle.getData()).thenReturn((BundleData) Mockito.mock(BundleData.class));
    }

    private void registerLoadBalancerParam() {
        Mockito.when(this.serviceDesc.getProvidesKms().getLoadBalancerUrl()).thenReturn("${kms_load_balancer_name}");
        KerberosPrincipalDescriptor kerberosPrincipalDescriptor = (KerberosPrincipalDescriptor) Mockito.mock(KerberosPrincipalDescriptor.class);
        Mockito.when(kerberosPrincipalDescriptor.getName()).thenReturn(LOAD_BALANCER_PRINCIPAL_KEY);
        Mockito.when(kerberosPrincipalDescriptor.getPrimary()).thenReturn("HTTP");
        Mockito.when(kerberosPrincipalDescriptor.getInstance()).thenReturn("${kms_load_balancer_name}");
        RoleDescriptor roleDescriptor = (RoleDescriptor) this.serviceDesc.getRoles().get(0);
        ArrayList newArrayList = Lists.newArrayList(roleDescriptor.getKerberosPrincipals());
        newArrayList.add(kerberosPrincipalDescriptor);
        Mockito.when(roleDescriptor.getKerberosPrincipals()).thenReturn(ImmutableList.copyOf(newArrayList));
    }

    private void registerSslParams() {
        Mockito.when(this.serviceDesc.getProvidesKms().getSecureUrl()).thenReturn("https://${host}:${kms_ssl_port_name}/kms");
        SslServerDescriptor.JksSslServerDescriptor jksSslServerDescriptor = (SslServerDescriptor.JksSslServerDescriptor) Mockito.mock(SslServerDescriptor.JksSslServerDescriptor.class);
        Mockito.when(jksSslServerDescriptor.getKeyIdentifier()).thenReturn("kms");
        Mockito.when(this.kmsRoleDesc.getSslServer()).thenReturn(jksSslServerDescriptor);
    }

    private void setMaxInstanceCount(Integer num) {
        RoleDescriptor roleDescriptor = (RoleDescriptor) this.serviceDesc.getRoles().get(0);
        TopologyDescriptor topologyDescriptor = (TopologyDescriptor) Mockito.mock(TopologyDescriptor.class);
        Mockito.when(topologyDescriptor.getMaxInstances()).thenReturn(num);
        Mockito.when(roleDescriptor.getTopology()).thenReturn(topologyDescriptor);
    }

    private void createHandlerAndService(boolean z, boolean z2) {
        createHandlerAndService(CdhReleases.CDH5_5_0, z, z2);
    }

    private void createHandlerAndService(final Release release, final boolean z, final boolean z2) {
        this.handler = CsdTestUtils.getServiceHandlerForVersion(CsdTestUtils.createServiceHandlerFactory(sdp).createServiceHandlers(this.bundle), release.major());
        Preconditions.checkNotNull(this.handler);
        shr.add(this.handler);
        runInTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.csd.components.ProvidesKmsTest.1
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                try {
                    DbService createService = ProvidesKmsTest.om.createService(cmfEntityManager, ProvidesKmsTest.om.createCluster(cmfEntityManager, UtilizationReportArchiverTest.CLUSTER_NAME1, release), "kmsSvc1", ProvidesKmsTest.this.serviceDesc.getName());
                    ProvidesKmsTest.om.createNamedRole(cmfEntityManager, "kmsRole1", createService.getName(), "host1", "host1", ProvidesKmsTest.ROLE_TYPE, true);
                    if (z) {
                        ProvidesKmsTest.om.createNamedRole(cmfEntityManager, "kmsRole2", createService.getName(), "host2", "host2", ProvidesKmsTest.ROLE_TYPE, true);
                    }
                    if (z2) {
                        URIParamSpec param = ProvidesKmsTest.this.handler.getConfigSpec().getParam(ProvidesKmsTest.LOAD_BALANCER_NAME);
                        Assert.assertNotNull(param);
                        ProvidesKmsTest.om.setConfig(cmfEntityManager, param, ProvidesKmsTest.LOAD_BALANCER_URL, createService, (DbRole) null, (DbRoleConfigGroup) null, (DbConfigContainer) null, (DbHost) null);
                    }
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        });
    }

    private void enableKerberos() {
        runInTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.csd.components.ProvidesKmsTest.2
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                try {
                    DbService findServiceByName = cmfEntityManager.findServiceByName("kmsSvc1");
                    StringEnumParamSpec param = ProvidesKmsTest.this.handler.getConfigSpec().getParam(ProvidesKmsTest.AUTH_TYPE_NAME);
                    Assert.assertNotNull(param);
                    ProvidesKmsTest.om.setConfig(cmfEntityManager, param, "Kerberos", findServiceByName, (DbRole) null, (DbRoleConfigGroup) null, (DbConfigContainer) null, (DbHost) null);
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        });
    }

    private void enableSsl() {
        runInTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.csd.components.ProvidesKmsTest.3
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                try {
                    DbRole findRoleByName = cmfEntityManager.findRoleByName("kmsRole1");
                    BooleanParamSpec param = ProvidesKmsTest.this.handler.getRoleHandler(ProvidesKmsTest.ROLE_TYPE).getConfigSpec().getParam("ssl_enabled");
                    Assert.assertNotNull(param);
                    ProvidesKmsTest.om.setConfig(cmfEntityManager, param, true, findRoleByName.getService(), (DbRole) null, findRoleByName.getRoleConfigGroup(), (DbConfigContainer) null, (DbHost) null);
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        });
    }

    private void addZk() {
        TestUtils.interpretCli(sdp, ImmutableList.of(TestUtils.createServiceString("zk1", MockTestCluster.ZK_ST, UtilizationReportArchiverTest.CLUSTER_NAME1), TestUtils.createConfigString("zookeeper_service", "zk1", "kmsSvc1", null)));
    }

    @After
    public void clear() {
        cleanDatabase();
        if (this.handler != null) {
            shr.remove(this.handler);
        }
    }

    @Test
    public void testConfigSetValidation() {
        setMaxInstanceCount(1);
        SslServerDescriptor sslServerDescriptor = (SslServerDescriptor) Mockito.mock(SslServerDescriptor.class);
        ProvidesKms providesKms = (ProvidesKms) Mockito.mock(ProvidesKms.class);
        Mockito.when(providesKms.getLoadBalancerUrl()).thenReturn("http://fixed_url");
        Mockito.when(this.serviceDesc.getProvidesKms()).thenReturn(providesKms);
        ProvidesFactory.validateProvidesKms(this.serviceDesc.getProvidesKms(), this.serviceDesc.getRoles());
        ProvidesKms providesKms2 = (ProvidesKms) Mockito.mock(ProvidesKms.class);
        Mockito.when(providesKms2.getRoleName()).thenReturn(ROLE_TYPE);
        Mockito.when(providesKms2.getInsecureUrl()).thenReturn("http://fixed_url");
        Mockito.when(this.serviceDesc.getProvidesKms()).thenReturn(providesKms2);
        ProvidesFactory.validateProvidesKms(this.serviceDesc.getProvidesKms(), this.serviceDesc.getRoles());
        ProvidesKms providesKms3 = (ProvidesKms) Mockito.mock(ProvidesKms.class);
        Mockito.when(providesKms3.getRoleName()).thenReturn(ROLE_TYPE);
        Mockito.when(providesKms3.getSecureUrl()).thenReturn("https://fixed_url");
        Mockito.when(this.serviceDesc.getProvidesKms()).thenReturn(providesKms3);
        Mockito.when(this.kmsRoleDesc.getSslServer()).thenReturn(sslServerDescriptor);
        ProvidesFactory.validateProvidesKms(this.serviceDesc.getProvidesKms(), this.serviceDesc.getRoles());
        ProvidesKms providesKms4 = (ProvidesKms) Mockito.mock(ProvidesKms.class);
        Mockito.when(providesKms4.getInsecureUrl()).thenReturn("http://fixed_url");
        Mockito.when(providesKms4.getSecureUrl()).thenReturn("https://fixed_url");
        Mockito.when(this.serviceDesc.getProvidesKms()).thenReturn(providesKms4);
        try {
            ProvidesFactory.validateProvidesKms(this.serviceDesc.getProvidesKms(), this.serviceDesc.getRoles());
            Assert.fail("expected validation error");
        } catch (RuntimeException e) {
            if (!e.getMessage().contains("information to construct the KMS URL")) {
                throw e;
            }
        }
    }

    @Test
    public void testMaxInstanceCountValidation() {
        try {
            ProvidesFactory.validateProvidesKms(this.serviceDesc.getProvidesKms(), this.serviceDesc.getRoles());
            Assert.fail("expected validation error");
        } catch (RuntimeException e) {
            if (!e.getMessage().contains("topology with maxInstances")) {
                throw e;
            }
        }
        setMaxInstanceCount(1);
        ProvidesFactory.validateProvidesKms(this.serviceDesc.getProvidesKms(), this.serviceDesc.getRoles());
        setMaxInstanceCount(2);
        try {
            ProvidesFactory.validateProvidesKms(this.serviceDesc.getProvidesKms(), this.serviceDesc.getRoles());
            Assert.fail("expected validation error");
        } catch (RuntimeException e2) {
            if (!e2.getMessage().contains("topology with maxInstances")) {
                throw e2;
            }
        }
        setMaxInstanceCount(null);
        try {
            ProvidesFactory.validateProvidesKms(this.serviceDesc.getProvidesKms(), this.serviceDesc.getRoles());
            Assert.fail("expected validation error");
        } catch (RuntimeException e3) {
            if (!e3.getMessage().contains("topology with maxInstances")) {
                throw e3;
            }
        }
        registerLoadBalancerParam();
        ProvidesFactory.validateProvidesKms(this.serviceDesc.getProvidesKms(), this.serviceDesc.getRoles());
    }

    @Test
    public void testSslCoRegistrationValidation() {
        setMaxInstanceCount(1);
        ProvidesKms providesKms = (ProvidesKms) Mockito.mock(ProvidesKms.class);
        Mockito.when(providesKms.getRoleName()).thenReturn(ROLE_TYPE);
        Mockito.when(providesKms.getInsecureUrl()).thenReturn("http://fixed_url");
        Mockito.when(providesKms.getSecureUrl()).thenReturn("https://fixed_url");
        Mockito.when(this.serviceDesc.getProvidesKms()).thenReturn(providesKms);
        try {
            ProvidesFactory.validateProvidesKms(this.serviceDesc.getProvidesKms(), this.serviceDesc.getRoles());
            Assert.fail("expected validation error");
        } catch (RuntimeException e) {
            if (!e.getMessage().contains("role is missing sslServer")) {
                throw e;
            }
        }
        SslServerDescriptor sslServerDescriptor = (SslServerDescriptor) Mockito.mock(SslServerDescriptor.class);
        ProvidesKms providesKms2 = (ProvidesKms) Mockito.mock(ProvidesKms.class);
        Mockito.when(providesKms2.getRoleName()).thenReturn(ROLE_TYPE);
        Mockito.when(providesKms2.getInsecureUrl()).thenReturn("http://fixed_url");
        Mockito.when(this.serviceDesc.getProvidesKms()).thenReturn(providesKms2);
        Mockito.when(this.kmsRoleDesc.getSslServer()).thenReturn(sslServerDescriptor);
        try {
            ProvidesFactory.validateProvidesKms(this.serviceDesc.getProvidesKms(), this.serviceDesc.getRoles());
            Assert.fail("expected validation error");
        } catch (RuntimeException e2) {
            if (!e2.getMessage().contains("has no secureUrl")) {
                throw e2;
            }
        }
        ProvidesKms providesKms3 = (ProvidesKms) Mockito.mock(ProvidesKms.class);
        Mockito.when(providesKms3.getRoleName()).thenReturn(ROLE_TYPE);
        Mockito.when(providesKms3.getInsecureUrl()).thenReturn("http://fixed_url");
        Mockito.when(providesKms3.getSecureUrl()).thenReturn("https://fixed_url");
        Mockito.when(this.serviceDesc.getProvidesKms()).thenReturn(providesKms3);
        ProvidesFactory.validateProvidesKms(this.serviceDesc.getProvidesKms(), this.serviceDesc.getRoles());
    }

    @Test
    public void testFeature() {
        setMaxInstanceCount(1);
        createHandlerAndService(false, false);
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.csd.components.ProvidesKmsTest.4
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                Assert.assertEquals(ProductState.Feature.KEYTRUSTEE, ProvidesKmsTest.shr.get((DbService) Iterables.getOnlyElement(cmfEntityManager.findServicesByType(ProvidesKmsTest.SVC_TYPE))).getRoleHandler(ProvidesKmsTest.ROLE_TYPE).getFeature());
            }
        });
    }

    @Test
    public void testBasicKms() throws URISyntaxException {
        setMaxInstanceCount(1);
        createHandlerAndService(false, false);
        checkUriAndReqCredsAndPrincipal(new URI("kms://http@host1:" + DEFAULT_PORT.toString() + "/kms"), false, ImmutableMap.of("HTTP", "HTTP/host1@" + DEFAULT_REALM));
    }

    @Test
    public void testKerberosSslKms() throws URISyntaxException {
        setMaxInstanceCount(1);
        registerSslParams();
        createHandlerAndService(false, false);
        enableKerberos();
        enableSsl();
        checkUriAndReqCredsAndPrincipal(new URI("kms://https@host1:" + DEFAULT_SSL_PORT.toString() + "/kms"), true, ImmutableMap.of("HTTP", "HTTP/host1@" + DEFAULT_REALM));
    }

    @Test
    public void testMultipleKmsNoLoadBalancerConfigured() {
        registerLoadBalancerParam();
        createHandlerAndService(true, false);
        try {
            checkUriAndReqCredsAndPrincipal(null, false, null);
            Assert.fail("expected exception");
        } catch (RuntimeException e) {
            if (!e.getMessage().contains(I18n.t("message.csd.providesKms.mustSpecifyLoadBalancer"))) {
                throw e;
            }
        }
    }

    @Test
    public void testMultipleKmsNoLoadBalancerConfiguredOldCdh() {
        registerLoadBalancerParam();
        createHandlerAndService(CdhReleases.CDH5_3_0, true, false);
        addZk();
        try {
            checkUriAndReqCredsAndPrincipal(null, false, null);
            Assert.fail("expected exception");
        } catch (RuntimeException e) {
            if (!e.getMessage().contains(I18n.t("message.csd.providesKms.mustSpecifyLoadBalancer"))) {
                throw e;
            }
        }
    }

    @Test
    public void testMultipleKmsUseAutoLoadbalancer() throws URISyntaxException {
        registerLoadBalancerParam();
        registerSslParams();
        createHandlerAndService(true, false);
        addZk();
        checkUriAndReqCredsAndPrincipal(new URI(EXPECTED_ZK_LOAD_BALANCER_URI), false, ImmutableMap.of("HTTP", "HTTP/host1@" + DEFAULT_REALM, LOAD_BALANCER_PRINCIPAL_KEY, "HTTP@" + DEFAULT_REALM));
        enableSsl();
        checkUriAndReqCredsAndPrincipal(new URI(EXPECTED_SECURE_ZK_LOAD_BALANCER_URI), false, ImmutableMap.of("HTTP", "HTTP/host1@" + DEFAULT_REALM, LOAD_BALANCER_PRINCIPAL_KEY, "HTTP@" + DEFAULT_REALM));
    }

    @Test
    public void testKerberosMultipleKms() throws URISyntaxException {
        registerLoadBalancerParam();
        createHandlerAndService(true, true);
        enableKerberos();
        checkUriAndReqCredsAndPrincipal(new URI(EXPECTED_LOAD_BALANCER_URI), true, ImmutableMap.of("HTTP", "HTTP/host1@" + DEFAULT_REALM, LOAD_BALANCER_PRINCIPAL_KEY, "HTTP/load_balancer_host@" + DEFAULT_REALM));
    }

    @Test
    public void testSslMultipleKms() throws URISyntaxException {
        registerLoadBalancerParam();
        registerSslParams();
        createHandlerAndService(true, true);
        checkUriAndReqCredsAndPrincipal(new URI(EXPECTED_LOAD_BALANCER_URI), false, ImmutableMap.of("HTTP", "HTTP/host1@" + DEFAULT_REALM, LOAD_BALANCER_PRINCIPAL_KEY, "HTTP/load_balancer_host@" + DEFAULT_REALM));
    }

    private void checkUriAndReqCredsAndPrincipal(final URI uri, final boolean z, final Map<String, String> map) {
        runInTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.service.csd.components.ProvidesKmsTest.5
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                try {
                    DbRole findRoleByName = cmfEntityManager.findRoleByName("kmsRole1");
                    ServiceHandler serviceHandler = ProvidesKmsTest.shr.get(findRoleByName.getService());
                    Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(serviceHandler.requiresCredentials(cmfEntityManager, findRoleByName.getService())));
                    Assert.assertEquals(uri, serviceHandler.createConnector(KmsConnector.CONNECTOR_TYPE, findRoleByName.getService()).getUri());
                    Assert.assertEquals(map, ProvidesKmsTest.shr.getRoleHandler(findRoleByName).getRequiredPrincipals(findRoleByName, (String) null));
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        });
    }
}
