package com.cloudera.cmf.rules;

import com.cloudera.cmf.model.DbCluster;
import com.cloudera.cmf.model.DbConfig;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbRoleConfigGroup;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.rules.RulesEngine;
import com.cloudera.cmf.service.ConnectorContext;
import com.cloudera.cmf.service.ServiceHandler;
import com.cloudera.cmf.service.ServiceHandlerRegistry;
import com.cloudera.cmf.service.config.ConfigEvaluatorHelpers;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.core.CoreSettingsParams;
import com.cloudera.cmf.service.hdfs.DfsConnector;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.cmf.version.Release;
import com.cloudera.server.cmf.MockTestCluster;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import java.util.List;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:com/cloudera/cmf/rules/KmsRulesTest.class */
public class KmsRulesTest extends RulesBaseTest {
    private static final Release CDH5_RELEASE = CdhReleases.CDH5_5_0;
    private static final Release CDH7_RELEASE = CdhReleases.LATEST_CDH7_RELEASE;
    private ServiceHandlerRegistry shr;
    private DbCluster cluster = null;
    private DbService hdfs = null;
    private ServiceHandler hdfsSh = null;
    private DbService zk1 = null;
    private DbService zk2 = null;
    private ServiceHandler zkSh = null;
    private DbService kmsSvc = null;
    private DbRoleConfigGroup kmsRoleGroup = null;
    private DbRole kmsRole = null;
    private DbService ktKmsSvc = null;
    private DbRoleConfigGroup ktKmsRoleGroup = null;
    private DbRole ktKmsRole = null;
    private DbService rangerKms = null;
    private DbService rangerKmsKts = null;
    private CmfEntityManager cmfEm = null;
    private List<Object> facts = null;

    @Before
    public void setupKmsMocks() {
        this.shr = (ServiceHandlerRegistry) Mockito.mock(ServiceHandlerRegistry.class);
        this.cluster = (DbCluster) Mockito.mock(DbCluster.class);
        this.hdfs = mockService(this.cluster, "HDFS", CDH5_RELEASE);
        this.hdfsSh = (ServiceHandler) Mockito.mock(ServiceHandler.class);
        Mockito.when(this.shr.get(this.hdfs)).thenReturn(this.hdfsSh);
        Mockito.when(Boolean.valueOf(this.hdfsSh.supportsConnectorType(DfsConnector.TYPE, ConnectorContext.of(this.hdfs)))).thenReturn(true);
        Mockito.when(this.hdfsSh.createConnector(DfsConnector.TYPE, this.hdfs)).thenReturn((DfsConnector) Mockito.mock(DfsConnector.class));
        this.zkSh = (ServiceHandler) Mockito.mock(ServiceHandler.class);
        this.zk1 = mockService(this.cluster, MockTestCluster.ZK_ST, CDH5_RELEASE);
        Mockito.when(this.shr.get(this.zk1)).thenReturn(this.zkSh);
        this.zk2 = mockService(this.cluster, MockTestCluster.ZK_ST, CDH5_RELEASE);
        Mockito.when(this.shr.get(this.zk2)).thenReturn(this.zkSh);
        this.kmsSvc = mockService(this.cluster, "KMS", CDH5_RELEASE);
        this.kmsRoleGroup = mockGroup(this.kmsSvc, "KMS", CDH5_RELEASE);
        this.kmsRole = mockRole(this.kmsSvc, this.kmsRoleGroup, CDH5_RELEASE);
        this.ktKmsSvc = mockService(this.cluster, "KEYTRUSTEE", CDH5_RELEASE);
        this.ktKmsRoleGroup = mockGroup(this.ktKmsSvc, "KMS_KEYTRUSTEE", CDH5_RELEASE);
        this.ktKmsRole = mockRole(this.ktKmsSvc, this.ktKmsRoleGroup, CDH5_RELEASE);
        ServiceHandler serviceHandler = (ServiceHandler) Mockito.mock(ServiceHandler.class);
        Mockito.when(this.shr.get(this.ktKmsSvc)).thenReturn(serviceHandler);
        ParamSpec paramSpec = (ParamSpec) Mockito.mock(ParamSpec.class);
        Mockito.when(serviceHandler.getConfigChangesForKerberos(this.ktKmsSvc)).thenReturn(ImmutableMap.of(paramSpec, "kerberos"));
        Mockito.when(paramSpec.getTemplateName()).thenReturn("hadoop_kms_authentication_type");
        this.rangerKms = mockService(this.cluster, MockTestCluster.RANGERKMS_ST, CDH7_RELEASE);
        this.rangerKmsKts = mockService(this.cluster, MockTestCluster.RANGERKMSKTS_ST, CDH7_RELEASE);
        this.cmfEm = (CmfEntityManager) Mockito.mock(CmfEntityManager.class);
        CmfEntityManager.setCurrentCmfEntityManager(this.cmfEm);
        this.facts = Lists.newArrayList(new Object[]{this.cluster, this.hdfs, this.zk1, this.zk2, this.kmsSvc, this.kmsRole, this.ktKmsSvc, this.ktKmsRole, this.rangerKms, this.rangerKmsKts});
    }

    private void turnOnDfsSsl() {
        Mockito.when(Boolean.valueOf(ConfigEvaluatorHelpers.getCurrentOrDependencyConnector(this.shr, this.hdfs, DfsConnector.TYPE).isSslEnabled())).thenReturn(true);
    }

    @After
    public void cleanupMocks() {
        CmfEntityManager.setCurrentCmfEntityManager((CmfEntityManager) null);
    }

    private Object[] getFacts(Object... objArr) {
        return ImmutableList.builder().addAll(this.facts).add(objArr).build().toArray();
    }

    @Test
    public void testKtKmsKerberos() {
        Mockito.when(Boolean.valueOf(this.hdfsSh.requiresCredentials(this.cmfEm, this.hdfs))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.zkSh.requiresCredentials(this.cmfEm, this.zk1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.zkSh.requiresCredentials(this.cmfEm, this.zk2))).thenReturn(true);
        assertResultsStrict(ImmutableList.of(RulesEngine.AgendaGroup.CONFIGURATION), this.shr, ImmutableSet.of(new DbConfig(this.ktKmsSvc, "hadoop_kms_authentication_signer_secret_provider_zookeeper_auth_type", "sasl"), new DbConfig(this.ktKmsSvc, "hadoop_kms_authentication_type", "kerberos")), getFacts(new ServiceConfiguration(this.ktKmsSvc)));
    }

    @Test
    public void testKtKmsKerberosOneZkNotKerberized() {
        Mockito.when(Boolean.valueOf(this.hdfsSh.requiresCredentials(this.cmfEm, this.hdfs))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.zkSh.requiresCredentials(this.cmfEm, this.zk1))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.zkSh.requiresCredentials(this.cmfEm, this.zk2))).thenReturn(false);
        assertResultsStrict(ImmutableList.of(RulesEngine.AgendaGroup.CONFIGURATION), this.shr, ImmutableSet.of(new DbConfig(this.ktKmsSvc, "hadoop_kms_authentication_type", "kerberos")), getFacts(new ServiceConfiguration(this.ktKmsSvc)));
    }

    @Test
    public void testKtKmsKerberosNoZkKerberized() {
        Mockito.when(Boolean.valueOf(this.hdfsSh.requiresCredentials(this.cmfEm, this.hdfs))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.zkSh.requiresCredentials(this.cmfEm, this.zk1))).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.zkSh.requiresCredentials(this.cmfEm, this.zk2))).thenReturn(false);
        assertResultsStrict(ImmutableList.of(RulesEngine.AgendaGroup.CONFIGURATION), this.shr, ImmutableSet.of(new DbConfig(this.ktKmsSvc, "hadoop_kms_authentication_type", "kerberos")), getFacts(new ServiceConfiguration(this.ktKmsSvc)));
    }

    @Test
    public void testKmsSsl() {
        turnOnDfsSsl();
        assertResultsStrict(ImmutableList.of(RulesEngine.AgendaGroup.CONFIGURATION), this.shr, ImmutableSet.of(new DbConfig(this.kmsSvc, this.kmsRoleGroup, "ssl_enabled", "true")), getFacts(new ServiceConfiguration(this.kmsSvc)));
    }

    @Test
    public void testKtKmsSsl() {
        turnOnDfsSsl();
        assertResultsStrict(ImmutableList.of(RulesEngine.AgendaGroup.CONFIGURATION), this.shr, ImmutableSet.of(new DbConfig(this.ktKmsSvc, this.ktKmsRoleGroup, "ssl_enabled", "true")), getFacts(new ServiceConfiguration(this.ktKmsSvc)));
    }

    @Test
    public void testHdfsRangerKmsDependency() {
        Mockito.when(this.rangerKms.getName()).thenReturn("ranger_kms1");
        assertResultsStrict(ImmutableList.of(RulesEngine.AgendaGroup.CONFIGURATION), this.shr, ImmutableSet.of(new DbConfig(this.hdfs, CoreSettingsParams.KMS_CONNECTOR.getTemplateName(), this.rangerKms.getName())), getFacts(new ServiceConfiguration(this.rangerKms)));
    }

    @Test
    public void testHdfsRangerKmsKtsDependency() {
        Mockito.when(this.rangerKmsKts.getName()).thenReturn("ranger_kms_kts1");
        assertResultsStrict(ImmutableList.of(RulesEngine.AgendaGroup.CONFIGURATION), this.shr, ImmutableSet.of(new DbConfig(this.hdfs, CoreSettingsParams.KMS_CONNECTOR.getTemplateName(), this.rangerKmsKts.getName())), getFacts(new ServiceConfiguration(this.rangerKmsKts)));
    }
}
