package com.cloudera.cmf.command;

import com.cloudera.api.model.ApiHostCertInfo;
import com.cloudera.cmf.command.GenerateCmcaCommand;
import com.cloudera.cmf.command.flow.CmdWorkCtx;
import com.cloudera.cmf.command.flow.WorkOutput;
import com.cloudera.cmf.command.flow.WorkOutputType;
import com.cloudera.cmf.model.DbCommand;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.service.TestUtils;
import com.cloudera.cmf.service.scm.ScmHandler;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.enterprise.TempFileUtils;
import com.cloudera.server.cmf.AbstractBaseTest;
import com.cloudera.server.cmf.BaseTest;
import com.cloudera.server.web.common.I18n;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.nio.file.Path;
import java.util.Iterator;
import java.util.List;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/cloudera/cmf/command/GenerateCmcaCmdWorkTest.class */
public class GenerateCmcaCmdWorkTest extends BaseTest {
    private static final String KEYSTORE_TYPE_ARG = "--override keystore_type=jks";

    @After
    public void cleanupTest() {
        cleanDatabase();
    }

    private GenerateCmcaCmdArgs getTestArgs() {
        SshCmdArgs sshCmdArgs = new SshCmdArgs();
        sshCmdArgs.setSshPort(22);
        sshCmdArgs.setUserName("username");
        sshCmdArgs.setPassword("password");
        sshCmdArgs.setPassphrase("passphrase");
        sshCmdArgs.setPrivateKey("privatekey");
        return new GenerateCmcaCmdArgs(sshCmdArgs, false, true, (String) null, (String) null, (String) null, (String) null, (String) null, (String) null, (String) null, (List) null, false);
    }

    private GenerateCmcaCmdArgs getFullCustomCATestArgs() {
        GenerateCmcaCmdArgs testArgs = getTestArgs();
        testArgs.setCustomCA(true);
        testArgs.setCmHostCert("host-cert.pem");
        testArgs.setCmHostKey("host-key.pem");
        testArgs.setCaCert("ca-cert.pem");
        testArgs.setKeystorePasswd("keystore.pw");
        testArgs.setTruststorePasswd("truststore.pw");
        ApiHostCertInfo apiHostCertInfo = new ApiHostCertInfo();
        apiHostCertInfo.setHostname("hostname2");
        apiHostCertInfo.setCertificate("host2-cert.pem");
        apiHostCertInfo.setKey("host2-key.pem");
        ApiHostCertInfo apiHostCertInfo2 = new ApiHostCertInfo();
        apiHostCertInfo2.setHostname("hostname3");
        apiHostCertInfo2.setCertificate("host3-cert.pem");
        apiHostCertInfo2.setKey("host3-key.pem");
        testArgs.setHostCerts(ImmutableList.of(apiHostCertInfo, apiHostCertInfo2));
        return testArgs;
    }

    @Test
    public void testConfigureCm() {
        final GenerateCmcaCmdWork generateCmcaCmdWork = new GenerateCmcaCmdWork(getTestArgs());
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.command.GenerateCmcaCmdWorkTest.1
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                generateCmcaCmdWork.configureCm("setsettings WEB_TLS true\nsetsettings AUTO_TLS_TYPE ALL", CmdWorkCtx.of((DbCommand) null, GenerateCmcaCmdWorkTest.sdp, cmfEntityManager));
                Assert.assertTrue(((Boolean) ScmHandler.getScmConfigValue(ScmParams.WEB_TLS, cmfEntityManager.getScmConfigProvider())).booleanValue());
                Assert.assertEquals(ScmParams.AutoTLSServicesType.ALL, ScmHandler.getScmConfigValue(ScmParams.AUTO_TLS_SERVICES, cmfEntityManager.getScmConfigProvider()));
            }
        });
    }

    @Test(expected = IllegalArgumentException.class)
    public void testConfigureCmFailure() {
        final GenerateCmcaCmdWork generateCmcaCmdWork = new GenerateCmcaCmdWork(getTestArgs());
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.command.GenerateCmcaCmdWorkTest.2
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                generateCmcaCmdWork.configureCm("setsettings WEB_TLS true\nnotsetsettings AUTO_TLS_TYPE ALL", CmdWorkCtx.of(CommandUtils.createCommand("GenerateCMCACommand"), GenerateCmcaCmdWorkTest.sdp, cmfEntityManager));
            }
        });
    }

    @Test
    public void testDoWork() {
        final MockCertmanagerRunner mockCertmanagerRunner = new MockCertmanagerRunner();
        mockCertmanagerRunner.setOverrideOutput("setsettings WEB_TLS true\nsetsettings AUTO_TLS_TYPE ALL");
        final GenerateCmcaCmdWork generateCmcaCmdWork = new GenerateCmcaCmdWork(getTestArgs()) { // from class: com.cloudera.cmf.command.GenerateCmcaCmdWorkTest.3
            public CertmanagerRunner createCertmanager() {
                return mockCertmanagerRunner;
            }
        };
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.command.GenerateCmcaCmdWorkTest.4
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                Assert.assertEquals(WorkOutputType.SUCCESS, generateCmcaCmdWork.doWork(CmdWorkCtx.of((DbCommand) null, GenerateCmcaCmdWorkTest.sdp, cmfEntityManager)).getType());
                Assert.assertTrue(((Boolean) ScmHandler.getScmConfigValue(ScmParams.WEB_TLS, cmfEntityManager.getScmConfigProvider())).booleanValue());
                Assert.assertEquals(ScmHandler.getScmConfigValue(ScmParams.AUTO_TLS_SERVICES, cmfEntityManager.getScmConfigProvider()), ScmParams.AutoTLSServicesType.ALL);
                Assert.assertNotNull(cmfEntityManager.findCertificate("__root__"));
            }
        });
    }

    @Test
    public void testDoWorkWithLocation() throws IOException {
        final MockCertmanagerRunner mockCertmanagerRunner = new MockCertmanagerRunner();
        mockCertmanagerRunner.setOverrideOutput("setsettings WEB_TLS true\nsetsettings AUTO_TLS_TYPE ALL");
        GenerateCmcaCmdArgs testArgs = getTestArgs();
        Path createTempDir = TempFileUtils.createTempDir("GenerateCmcaCmdWorkTest");
        try {
            testArgs.setLocation(createTempDir.toAbsolutePath().toString());
            final GenerateCmcaCmdWork generateCmcaCmdWork = new GenerateCmcaCmdWork(testArgs) { // from class: com.cloudera.cmf.command.GenerateCmcaCmdWorkTest.5
                public CertmanagerRunner createCertmanager() {
                    return mockCertmanagerRunner;
                }
            };
            runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.command.GenerateCmcaCmdWorkTest.6
                @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
                public void run(CmfEntityManager cmfEntityManager) {
                    Assert.assertEquals(WorkOutputType.SUCCESS, generateCmcaCmdWork.doWork(CmdWorkCtx.of((DbCommand) null, GenerateCmcaCmdWorkTest.sdp, cmfEntityManager)).getType());
                    Assert.assertTrue(((Boolean) ScmHandler.getScmConfigValue(ScmParams.WEB_TLS, cmfEntityManager.getScmConfigProvider())).booleanValue());
                    Assert.assertEquals(ScmHandler.getScmConfigValue(ScmParams.AUTO_TLS_SERVICES, cmfEntityManager.getScmConfigProvider()), ScmParams.AutoTLSServicesType.ALL);
                    Assert.assertNull(cmfEntityManager.findCertificate("__root__"));
                }
            });
            TempFileUtils.deleteDirAndSwallowException(createTempDir);
        } catch (Throwable th) {
            TempFileUtils.deleteDirAndSwallowException(createTempDir);
            throw th;
        }
    }

    @Test
    public void testDoWorkFailure() {
        final MockCertmanagerRunner mockCertmanagerRunner = new MockCertmanagerRunner();
        mockCertmanagerRunner.setOverrideOutput("setsettings WEB_TLS true\nnotsetsettings AUTO_TLS_TYPE ALL");
        final GenerateCmcaCmdWork generateCmcaCmdWork = new GenerateCmcaCmdWork(getTestArgs()) { // from class: com.cloudera.cmf.command.GenerateCmcaCmdWorkTest.7
            public CertmanagerRunner createCertmanager() {
                return mockCertmanagerRunner;
            }
        };
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.command.GenerateCmcaCmdWorkTest.8
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                WorkOutput doWork = generateCmcaCmdWork.doWork(CmdWorkCtx.of(CommandUtils.createCommand("GenerateCMCACommand"), GenerateCmcaCmdWorkTest.sdp, cmfEntityManager));
                Assert.assertEquals(WorkOutputType.FAILURE, doWork.getType());
                Assert.assertTrue(doWork.getMessage().toString().contains("notsetsettings"));
            }
        });
    }

    private List<String> getCmcaProgramArgs(GenerateCmcaCmdArgs generateCmcaCmdArgs) {
        final MockCertmanagerRunner mockCertmanagerRunner = new MockCertmanagerRunner();
        mockCertmanagerRunner.setOverrideOutput("setsettings WEB_TLS true\nsetsettings AUTO_TLS_TYPE ALL");
        final GenerateCmcaCmdWork generateCmcaCmdWork = new GenerateCmcaCmdWork(generateCmcaCmdArgs) { // from class: com.cloudera.cmf.command.GenerateCmcaCmdWorkTest.9
            public CertmanagerRunner createCertmanager() {
                return mockCertmanagerRunner;
            }
        };
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.command.GenerateCmcaCmdWorkTest.10
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                generateCmcaCmdWork.doWork(CmdWorkCtx.of((DbCommand) null, GenerateCmcaCmdWorkTest.sdp, cmfEntityManager));
            }
        });
        return mockCertmanagerRunner.getActualArgs();
    }

    @Test
    public void testCmcaProgramArgs() {
        Assert.assertEquals(ImmutableList.of("setup --rotate --configure-services --skip-cm-init --override keystore_type=jks"), getCmcaProgramArgs(getTestArgs()));
    }

    @Test
    public void testCmcaProgramArgsTrustedCaCerts() {
        GenerateCmcaCmdArgs testArgs = getTestArgs();
        testArgs.setTrustedCaCerts("ca-certs.pem");
        Assert.assertEquals(ImmutableList.of(String.format("setup --rotate --configure-services --skip-cm-init %s --trusted-ca-certs ca-certs.pem", KEYSTORE_TYPE_ARG)), getCmcaProgramArgs(testArgs));
    }

    @Test
    public void testCmcaProgramArgsCustomCA() {
        GenerateCmcaCmdArgs testArgs = getTestArgs();
        testArgs.setCustomCA(true);
        testArgs.setCmHostCert("host-cert.pem");
        testArgs.setCmHostKey("host-key.pem");
        testArgs.setCaCert("ca-cert.pem");
        testArgs.setKeystorePasswd("keystore.pw");
        testArgs.setTruststorePasswd("truststore.pw");
        Assert.assertEquals(ImmutableList.of("setup_custom_certdir --host-cert host-cert.pem --host-key host-key.pem --ca-cert ca-cert.pem --keystore-pw-file keystore.pw --truststore-pw-file truststore.pw --configure-services --skip-cm-init --override keystore_type=jks"), getCmcaProgramArgs(testArgs));
    }

    @Test
    public void testCmcaProgramArgsCustomCATrustedCaCerts() {
        GenerateCmcaCmdArgs testArgs = getTestArgs();
        testArgs.setCustomCA(true);
        testArgs.setCmHostCert("host-cert.pem");
        testArgs.setCmHostKey("host-key.pem");
        testArgs.setCaCert("ca-cert.pem");
        testArgs.setKeystorePasswd("keystore.pw");
        testArgs.setTruststorePasswd("truststore.pw");
        testArgs.setTrustedCaCerts("ca-certs.pem");
        Assert.assertEquals(ImmutableList.of(String.format("setup_custom_certdir --host-cert host-cert.pem --host-key host-key.pem --ca-cert ca-cert.pem --keystore-pw-file keystore.pw --truststore-pw-file truststore.pw --configure-services --skip-cm-init %s --trusted-ca-certs ca-certs.pem", KEYSTORE_TYPE_ARG)), getCmcaProgramArgs(testArgs));
    }

    @Test
    public void testCmcaProgramArgsCustomCATrustedCaCertsTempFiles() {
        GenerateCmcaCmdArgs testArgs = getTestArgs();
        testArgs.setCustomCA(true);
        testArgs.setInterpretAsFilenames(false);
        testArgs.setCmHostCert("*FAIL*");
        testArgs.setCmHostKey("*FAIL*");
        testArgs.setCaCert("*FAIL*");
        testArgs.setKeystorePasswd("*FAIL*");
        testArgs.setTruststorePasswd("*FAIL*");
        testArgs.setTrustedCaCerts("*FAIL*");
        List<String> cmcaProgramArgs = getCmcaProgramArgs(testArgs);
        Assert.assertEquals(1L, cmcaProgramArgs.size());
        String str = cmcaProgramArgs.get(0);
        Assert.assertTrue(str.contains("setup_custom_certdir"));
        Assert.assertTrue(str.contains("--host-cert"));
        Assert.assertTrue(str.contains("--host-key"));
        Assert.assertTrue(str.contains("--ca-cert"));
        Assert.assertTrue(str.contains("--keystore-pw-file"));
        Assert.assertTrue(str.contains("--truststore-pw-file"));
        Assert.assertTrue(str.contains("--trusted-ca-certs"));
        Assert.assertFalse(str.contains("*FAIL*"));
    }

    @Test
    public void testCmcaProgramArgsCustomCAMissingArgs() {
        GenerateCmcaCmdArgs testArgs = getTestArgs();
        testArgs.setCustomCA(true);
        final GenerateCmcaCmdWork generateCmcaCmdWork = new GenerateCmcaCmdWork(testArgs);
        runInRollbackTransaction(new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.cmf.command.GenerateCmcaCmdWorkTest.11
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                WorkOutput doWork = generateCmcaCmdWork.doWork(CmdWorkCtx.of(CommandUtils.createCommand("GenerateCMCACommand"), GenerateCmcaCmdWorkTest.sdp, cmfEntityManager));
                Assert.assertEquals(WorkOutputType.FAILURE, doWork.getType());
                Assert.assertEquals(I18n.t(GenerateCmcaCommand.I18nKeys.NO_CUSTOM_CERTS), I18n.t(doWork.getMessage()));
            }
        });
    }

    @Test
    public void testImportAdditionalCerts() {
        Assert.assertEquals(ImmutableList.of("setup_custom_certdir --host-cert host-cert.pem --host-key host-key.pem --ca-cert ca-cert.pem --keystore-pw-file keystore.pw --truststore-pw-file truststore.pw --configure-services --skip-cm-init --override keystore_type=jks", "add_custom_cert --host-cert host2-cert.pem --host-key host2-key.pem hostname2 --output=-", "add_custom_cert --host-cert host3-cert.pem --host-key host3-key.pem hostname3 --output=-"), getCmcaProgramArgs(getFullCustomCATestArgs()));
    }

    @Test
    public void testImportAdditionalCertsTempFiles() {
        GenerateCmcaCmdArgs fullCustomCATestArgs = getFullCustomCATestArgs();
        fullCustomCATestArgs.setInterpretAsFilenames(false);
        fullCustomCATestArgs.setCmHostCert("*FAIL*");
        fullCustomCATestArgs.setCmHostKey("*FAIL*");
        fullCustomCATestArgs.setCaCert("*FAIL*");
        fullCustomCATestArgs.setKeystorePasswd("*FAIL*");
        fullCustomCATestArgs.setTruststorePasswd("*FAIL*");
        fullCustomCATestArgs.setTrustedCaCerts("*FAIL*");
        ((ApiHostCertInfo) fullCustomCATestArgs.getHostCerts().get(0)).setKey("*FAIL*");
        ((ApiHostCertInfo) fullCustomCATestArgs.getHostCerts().get(0)).setCertificate("*FAIL*");
        ((ApiHostCertInfo) fullCustomCATestArgs.getHostCerts().get(1)).setKey("*FAIL*");
        ((ApiHostCertInfo) fullCustomCATestArgs.getHostCerts().get(1)).setCertificate("*FAIL*");
        List<String> cmcaProgramArgs = getCmcaProgramArgs(fullCustomCATestArgs);
        Assert.assertEquals(3L, cmcaProgramArgs.size());
        String str = cmcaProgramArgs.get(0);
        Assert.assertTrue(str.contains("setup_custom_certdir"));
        Assert.assertTrue(str.contains("--host-cert"));
        Assert.assertTrue(str.contains("--host-key"));
        Assert.assertTrue(str.contains("--ca-cert"));
        Assert.assertTrue(str.contains("--keystore-pw-file"));
        Assert.assertTrue(str.contains("--truststore-pw-file"));
        Assert.assertTrue(str.contains("--trusted-ca-certs"));
        for (int i = 1; i <= 2; i++) {
            String str2 = cmcaProgramArgs.get(i);
            Assert.assertTrue(str2.contains("add_custom_cert"));
            Assert.assertTrue(str2.contains("--host-cert"));
            Assert.assertTrue(str2.contains("--host-key"));
            Assert.assertTrue(str2.contains("hostname" + (i + 1)));
        }
        Iterator<String> it = cmcaProgramArgs.iterator();
        while (it.hasNext()) {
            Assert.assertFalse(it.next().contains("*FAIL*"));
        }
    }

    @Test
    public void testCmcaProgramArgsKeystoreType() {
        TestUtils.interpretCli(sdp, ImmutableList.of("setsettings KEYSTORE_TYPE bcfks"));
        Assert.assertEquals(ImmutableList.of("setup --rotate --configure-services --skip-cm-init --override keystore_type=bcfks"), getCmcaProgramArgs(getTestArgs()));
    }
}
