package com.cloudera.cmf.service.scm;

import com.cloudera.server.cmf.MockBaseTest;
import java.io.IOException;
import org.cloudera.log4j.redactor.StringRedactor;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:com/cloudera/cmf/service/scm/RedactionPolicyTest.class */
public class RedactionPolicyTest extends MockBaseTest {
    private StringRedactor diagRedactor;
    private StringRedactor hdfsRedactor;

    @Before
    public void setupRedactor() {
        try {
            this.diagRedactor = StringRedactor.createFromJsonString("{\n  \"version\": 1,\n  \"rules\": [\n    {\n      \"description\": \"Redact passwords from json files\",\n      \"caseSensitive\": false,\n      \"trigger\": \"password\",\n      \"search\": \"\\\"password\\\"[ ]*:[ ]*\\\"[^\\\"]+\\\"\",\n      \"replace\": \"\\\"password\\\": \\\"BUNDLE-REDACTED\\\"\"\n    },\n    {\n      \"description\": \"Redact password= and password:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"password\",\n      \"search\": \"password[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"password=BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact passwd= and passwd:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"passwd\",\n      \"search\": \"passwd[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"passwd=BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact pass= and pass:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"pass\",\n      \"search\": \"pass[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"pass=BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact PASSWORD,\",\n      \"caseSensitive\": false,\n      \"trigger\": \"PASSWORD,\",\n      \"search\": \"PASSWORD,[^\\\"\\\\\\\\]+\",\n      \"replace\": \"PASSWORD, BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact key= and key:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"key\",\n      \"search\": \"key[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"key=BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact secret= and secret:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"secret\",\n      \"search\": \"secret[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"secret=BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact credential= and credential:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"credential\",\n      \"search\": \"credential[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"credential=BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact token= and token:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"token\",\n      \"search\": \"token[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"token=BUNDLE-REDACTED\"\n    },\n    {\n      \"description\": \"Redact keyid= and keyid:\",\n      \"caseSensitive\": false,\n      \"trigger\": \"keyid\",\n      \"search\": \"keyid[:=][^ \\\"\\\\\\\\]+\",\n      \"replace\": \"keyid=BUNDLE-REDACTED\"\n    }\n  ]\n}\n");
            try {
                this.hdfsRedactor = StringRedactor.createFromJsonString("{\n  \"version\": 1,\n  \"rules\": [\n    {\n      \"description\": \"Redact passwords from json files\",\n      \"trigger\": \"password\",\n      \"search\": \"\\\"password\\\"[ ]*:[ ]*\\\"[^\\\"]+\\\"\",\n      \"caseSensitive\": false,\n      \"replace\": \"\\\"password\\\": \\\"LOG-REDACTED\\\"\"\n    },\n    {\n      \"description\": \"Redact password= and password:\",\n      \"trigger\": \"password\",\n      \"search\": \"password[:=][^ \\\"\\\\\\\\]+\",\n      \"caseSensitive\": false,\n      \"replace\": \"password=LOG-REDACTED\"\n    },\n    {\n      \"description\": \"Redact passwd= and passwd:\",\n      \"trigger\": \"passwd\",\n      \"search\": \"passwd[:=][^ \\\"\\\\\\\\]+\",\n      \"caseSensitive\": false,\n      \"replace\": \"passwd=LOG-REDACTED\"\n    },\n    {\n      \"description\": \"Redact pass= and pass:\",\n      \"trigger\": \"pass\",\n      \"search\": \"pass[:=][^ \\\"\\\\\\\\]+\",\n      \"caseSensitive\": false,\n      \"replace\": \"pass=LOG-REDACTED\"\n    },\n    {\n      \"description\": \"Redact PASSWORD,\",\n      \"trigger\": \"PASSWORD,\",\n      \"search\": \"PASSWORD,[^\\\"\\\\\\\\]+\",\n      \"caseSensitive\": false,\n      \"replace\": \"PASSWORD, LOG-REDACTED\"\n    },\n    {\n      \"description\": \"Redact secret= and secret:\",\n      \"trigger\": \"secret\",\n      \"search\": \"secret[:=][^ \\\"\\\\\\\\]+\",\n      \"caseSensitive\": false,\n      \"replace\": \"secret=LOG-REDACTED\"\n    },\n    {\n      \"description\": \"Credit Card numbers (with separator)\",\n      \"search\": \"\\\\d{4}[^\\\\w:]\\\\d{4}[^\\\\w:]\\\\d{4}[^\\\\w:]\\\\d{4}\",\n      \"caseSensitive\": true,\n      \"replace\": \"XXXX-XXXX-XXXX-XXXX\"\n    },\n    {\n      \"description\": \"Social Security numbers (with separator)\",\n      \"search\": \"\\\\d{3}[^\\\\w:]\\\\d{2}[^\\\\w:]\\\\d{4}\",\n      \"caseSensitive\": true,\n      \"replace\": \"XXX-XX-XXXX\"\n    }\n  ]\n}");
            } catch (IOException e) {
                throw new RuntimeException("Failed to load HDFS log and query redaction policy", e);
            }
        } catch (IOException e2) {
            throw new RuntimeException("Failed to load diag bundle redaction policy", e2);
        }
    }

    @Test
    public void testDiagRedactionPolicy() {
        assertDiagRedactedString("\"password\": \"foobar\"", "\"password\": \"BUNDLE-REDACTED\"");
        assertDiagRedactedString("password:foobar", "password=BUNDLE-REDACTED");
        assertDiagRedactedString("password=foobar", "password=BUNDLE-REDACTED");
        assertDiagRedactedString("passwd:foobar", "passwd=BUNDLE-REDACTED");
        assertDiagRedactedString("passwd=foobar", "passwd=BUNDLE-REDACTED");
        assertDiagRedactedString("pass:foobar", "pass=BUNDLE-REDACTED");
        assertDiagRedactedString("pass=foobar", "pass=BUNDLE-REDACTED");
        assertDiagRedactedString("PASSWORD, foobar", "PASSWORD, BUNDLE-REDACTED");
        assertDiagRedactedString("key:foobar", "key=BUNDLE-REDACTED");
        assertDiagRedactedString("key=foobar", "key=BUNDLE-REDACTED");
        assertDiagRedactedString("secret:foobar", "secret=BUNDLE-REDACTED");
        assertDiagRedactedString("secret=foobar", "secret=BUNDLE-REDACTED");
        assertDiagRedactedString("token:foobar", "token=BUNDLE-REDACTED");
        assertDiagRedactedString("token=foobar", "token=BUNDLE-REDACTED");
        assertDiagRedactedString("credential:foobar", "credential=BUNDLE-REDACTED");
        assertDiagRedactedString("credential=foobar", "credential=BUNDLE-REDACTED");
        assertDiagRedactedString("keyid:foobar", "keyid=BUNDLE-REDACTED");
        assertDiagRedactedString("keyid=foobar", "keyid=BUNDLE-REDACTED");
    }

    @Test
    public void testHDFSRedactionPolicy() {
        assertHDFSRedactedString("\"password\": \"foobar\"", "\"password\": \"LOG-REDACTED\"");
        assertHDFSRedactedString("password:foobar", "password=LOG-REDACTED");
        assertHDFSRedactedString("password=foobar", "password=LOG-REDACTED");
        assertHDFSRedactedString("passwd:foobar", "passwd=LOG-REDACTED");
        assertHDFSRedactedString("passwd=foobar", "passwd=LOG-REDACTED");
        assertHDFSRedactedString("pass:foobar", "pass=LOG-REDACTED");
        assertHDFSRedactedString("pass=foobar", "pass=LOG-REDACTED");
        assertHDFSRedactedString("PASSWORD, foobar", "PASSWORD, LOG-REDACTED");
        assertHDFSRedactedString("secret:foobar", "secret=LOG-REDACTED");
        assertHDFSRedactedString("secret=foobar", "secret=LOG-REDACTED");
        assertHDFSRedactedString("1234 5678 9012 3456", "XXXX-XXXX-XXXX-XXXX");
        assertHDFSRedactedString("123-45-6789", "XXX-XX-XXXX");
        assertHDFSRedactedString("10.17.123.12:12345", "10.17.123.12:12345");
        assertHDFSRedactedString("1234.5678.9012:3456", "1234.5678.9012:3456");
    }

    private void assertRedactedString(StringRedactor stringRedactor, String str, String str2) {
        Assert.assertEquals(str2, stringRedactor.redact(str));
    }

    private void assertDiagRedactedString(String str, String str2) {
        assertRedactedString(this.diagRedactor, str, str2);
    }

    private void assertHDFSRedactedString(String str, String str2) {
        assertRedactedString(this.hdfsRedactor, str, str2);
    }
}
