package com.cloudera.cmf.service.csd.components;

import com.cloudera.cmf.service.config.AutoConfigWizard;
import com.cloudera.cmf.service.config.ConfigSpec;
import com.cloudera.cmf.service.config.CsdMockBaseTest;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.PasswordParamSpec;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.cmf.version.Release;
import com.cloudera.csd.descriptors.CertificateFileFormat;
import com.cloudera.csd.descriptors.CsdParameterOptionality;
import com.cloudera.csd.descriptors.RoleExternalLink;
import com.cloudera.csd.descriptors.RunnerDescriptor;
import com.cloudera.csd.descriptors.SslClientDescriptor;
import com.cloudera.csd.descriptors.SslServerDescriptor;
import com.cloudera.enterprise.I18nKeyTestHelper;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.util.HashSet;
import java.util.Set;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:com/cloudera/cmf/service/csd/components/CsdSslTest.class */
public class CsdSslTest extends CsdMockBaseTest {
    private static final String MAIN_LINK_NAME = "MainLink";
    private static final String EXTRA_LINK_NAME = "ExtraLink";
    private static final String CUSTOM_KEYSTORE_PATH = "/custom/keystore/path.jks";
    private static final String CUSTOM_KEYSTORE_PASS = "secret_keystore_password";
    private static final String CUSTOM_PRIVATE_KEY_PATH = "/custom/privatekey/path.pem";
    private static final String CUSTOM_PRIVATE_KEY_PASS = "secret_private_key_password";
    private static final String CUSTOM_CERTIFICATE_PATH = "/custom/certificate/path.pem";
    private static final String CUSTOM_CA_CERTIFICATE_PATH = "/custom/cacertificate/path.pem";
    private static final String CUSTOM_KEYSTORE_KEY_PASS = "secret_keystore_key_password";
    private static final String CUSTOM_TRUSTSTORE_PATH = "/custom/truststore/path.jks";
    private static final String CUSTOM_TRUSTSTORE_PASS = "secret_truststore_password";
    private static final String CUSTOM_ENABLED_NAME = "custom.ssl.enabled";
    private static final String CUSTOM_KEYSTORE_LOCATION_NAME = "custom.keystore.location";
    private static final String CUSTOM_KEYSTORE_PASS_NAME = "custom.kestore.password";
    private static final String CUSTOM_KEYSTORE_KEYPASSWORD_NAME = "custom.keystore.keypassword";
    private static final String CUSTOM_PRIVATE_KEY_NAME = "custom.privatekey.location";
    private static final String CUSTOM_PRIVATE_KEY_PASS_NAME = "custom.privatekey.password";
    private static final String CUSTOM_CERTIFICATE_NAME = "custom.certificate.location";
    private static final String CUSTOM_CA_CERTIFICATE_NAME = "custom.cacertificate.location";
    private static final String CUSTOM_TRUSTSTORE_LOCATION_NAME = "custom.truststore.location";
    private static final String CUSTOM_TRUSTSTORE_PASS_NAME = "custom.truststore.password";
    private static final Set<String> JKS_SSL_SERVER_PARAM_NAMES = ImmutableSet.of("ssl_enabled", "ssl_server_keystore_location", "ssl_server_keystore_password", "ssl_server_keystore_keypassword");
    private static final Set<String> PEM_SSL_SERVER_PARAM_NAMES = ImmutableSet.of("ssl_enabled", "ssl_server_privatekey_location", "ssl_server_privatekey_password", "ssl_server_certificate_location", "ssl_server_ca_certificate_location");
    private static final Set<String> JKS_SSL_CLIENT_PARAM_NAMES = ImmutableSet.of("ssl_client_truststore_location", "ssl_client_truststore_password");
    private static final Set<String> PEM_SSL_CLIENT_PARAM_NAMES = ImmutableSet.of("ssl_client_truststore_location");
    private static final Set<String> JKS_SSL_PARAM_NAMES = Sets.union(JKS_SSL_SERVER_PARAM_NAMES, JKS_SSL_CLIENT_PARAM_NAMES);
    private static final Set<String> PEM_SSL_PARAM_NAMES = Sets.union(PEM_SSL_SERVER_PARAM_NAMES, PEM_SSL_CLIENT_PARAM_NAMES);
    private static final PasswordOption NONE = PasswordOption.NONE;
    private static final PasswordOption ALT = PasswordOption.ALT;
    private static final PasswordOption CRED = PasswordOption.CRED;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.cloudera.cmf.service.csd.components.CsdSslTest$1, reason: invalid class name */
    /* loaded from: input_file:com/cloudera/cmf/service/csd/components/CsdSslTest$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$cloudera$csd$descriptors$CertificateFileFormat;
        static final /* synthetic */ int[] $SwitchMap$com$cloudera$csd$descriptors$CsdParameterOptionality = new int[CsdParameterOptionality.values().length];

        static {
            try {
                $SwitchMap$com$cloudera$csd$descriptors$CsdParameterOptionality[CsdParameterOptionality.NOT_EXPOSED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$cloudera$csd$descriptors$CsdParameterOptionality[CsdParameterOptionality.REQUIRED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$cloudera$csd$descriptors$CsdParameterOptionality[CsdParameterOptionality.OPTIONAL.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$com$cloudera$csd$descriptors$CertificateFileFormat = new int[CertificateFileFormat.values().length];
            try {
                $SwitchMap$com$cloudera$csd$descriptors$CertificateFileFormat[CertificateFileFormat.JKS.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$cloudera$csd$descriptors$CertificateFileFormat[CertificateFileFormat.PEM.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/cloudera/cmf/service/csd/components/CsdSslTest$PasswordOption.class */
    public enum PasswordOption {
        NONE,
        ALT,
        CRED
    }

    @Override // com.cloudera.cmf.service.config.CsdMockBaseTest
    public void setupDescriptor() {
        super.setupDescriptor();
        Mockito.when(this.roleDesc.getExternalLink()).thenReturn(createSecureLink(MAIN_LINK_NAME));
        Mockito.when(this.roleDesc.getAdditionalExternalLinks()).thenReturn(ImmutableList.of(createInsecureLink(EXTRA_LINK_NAME)));
        RunnerDescriptor runnerDescriptor = (RunnerDescriptor) Mockito.mock(RunnerDescriptor.class);
        Mockito.when(runnerDescriptor.getProgram()).thenReturn("foo.sh");
        Mockito.when(this.roleDesc.getStartRunner()).thenReturn(runnerDescriptor);
    }

    private RoleExternalLink createInsecureLink(String str) {
        RoleExternalLink roleExternalLink = (RoleExternalLink) Mockito.mock(RoleExternalLink.class);
        Mockito.when(roleExternalLink.getLabel()).thenReturn(str);
        Mockito.when(roleExternalLink.getName()).thenReturn(str);
        Mockito.when(roleExternalLink.getUrl()).thenReturn("http://${host}:1234/" + str);
        return roleExternalLink;
    }

    private RoleExternalLink createSecureLink(String str) {
        RoleExternalLink createInsecureLink = createInsecureLink(str);
        Mockito.when(createInsecureLink.getSecureUrl()).thenReturn("https://${host}:1234" + str);
        return createInsecureLink;
    }

    private void registerSslServer(CertificateFileFormat certificateFileFormat, CsdParameterOptionality csdParameterOptionality, PasswordOption passwordOption, PasswordOption passwordOption2) {
        SslServerDescriptor.JksSslServerDescriptor jksSslServerDescriptor = null;
        switch (AnonymousClass1.$SwitchMap$com$cloudera$csd$descriptors$CertificateFileFormat[(null == certificateFileFormat ? CertificateFileFormat.JKS : certificateFileFormat).ordinal()]) {
            case 1:
                SslServerDescriptor.JksSslServerDescriptor jksSslServerDescriptor2 = (SslServerDescriptor.JksSslServerDescriptor) Mockito.mock(SslServerDescriptor.JksSslServerDescriptor.class);
                jksSslServerDescriptor = jksSslServerDescriptor2;
                Mockito.when(Boolean.valueOf(jksSslServerDescriptor2.isKeystorePasswordScriptBased())).thenReturn(Boolean.valueOf(PasswordOption.ALT == passwordOption));
                Mockito.when(Boolean.valueOf(jksSslServerDescriptor2.isKeystorePasswordCredentialProviderCompatible())).thenReturn(Boolean.valueOf(PasswordOption.CRED == passwordOption));
                Mockito.when(jksSslServerDescriptor2.getKeyIdentifier()).thenReturn("server_key_id");
                Mockito.when(jksSslServerDescriptor2.getKeyPasswordOptionality()).thenReturn(csdParameterOptionality);
                Mockito.when(Boolean.valueOf(jksSslServerDescriptor2.isKeystoreKeyPasswordScriptBased())).thenReturn(Boolean.valueOf(PasswordOption.ALT == passwordOption2));
                Mockito.when(Boolean.valueOf(jksSslServerDescriptor2.isKeystoreKeyPasswordCredentialProviderCompatible())).thenReturn(Boolean.valueOf(PasswordOption.CRED == passwordOption2));
                break;
            case 2:
                SslServerDescriptor.JksSslServerDescriptor jksSslServerDescriptor3 = (SslServerDescriptor.PemSslServerDescriptor) Mockito.mock(SslServerDescriptor.PemSslServerDescriptor.class);
                jksSslServerDescriptor = jksSslServerDescriptor3;
                Mockito.when(Boolean.valueOf(jksSslServerDescriptor3.isPrivateKeyPasswordScriptBased())).thenReturn(Boolean.valueOf(PasswordOption.ALT == passwordOption));
                Mockito.when(Boolean.valueOf(jksSslServerDescriptor3.isPrivateKeyPasswordCredentialProviderCompatible())).thenReturn(Boolean.valueOf(PasswordOption.CRED == passwordOption));
                break;
            default:
                Assert.fail("unsupported keystore format: " + certificateFileFormat);
                break;
        }
        Mockito.when(jksSslServerDescriptor.getKeystoreFormat()).thenReturn(certificateFileFormat);
        Mockito.when(this.roleDesc.getSslServer()).thenReturn(jksSslServerDescriptor);
    }

    private void customizeSslServerConfigNames(CertificateFileFormat certificateFileFormat, String str) {
        SslServerDescriptor.JksSslServerDescriptor sslServer = this.roleDesc.getSslServer();
        Mockito.when(sslServer.getEnabledConfigName()).thenReturn(CUSTOM_ENABLED_NAME);
        switch (AnonymousClass1.$SwitchMap$com$cloudera$csd$descriptors$CertificateFileFormat[(null == certificateFileFormat ? CertificateFileFormat.JKS : certificateFileFormat).ordinal()]) {
            case 1:
                SslServerDescriptor.JksSslServerDescriptor jksSslServerDescriptor = sslServer;
                Mockito.when(jksSslServerDescriptor.getKeystoreLocationConfigName()).thenReturn(CUSTOM_KEYSTORE_LOCATION_NAME);
                Mockito.when(jksSslServerDescriptor.getKeystorePasswordConfigName()).thenReturn(CUSTOM_KEYSTORE_PASS_NAME);
                if (null != str) {
                    Mockito.when(jksSslServerDescriptor.getKeystoreKeyPasswordConfigName()).thenReturn(str);
                    return;
                }
                return;
            case 2:
                SslServerDescriptor.PemSslServerDescriptor pemSslServerDescriptor = (SslServerDescriptor.PemSslServerDescriptor) sslServer;
                Mockito.when(pemSslServerDescriptor.getPrivateKeyLocationConfigName()).thenReturn(CUSTOM_PRIVATE_KEY_NAME);
                Mockito.when(pemSslServerDescriptor.getPrivateKeyPasswordConfigName()).thenReturn(CUSTOM_PRIVATE_KEY_PASS_NAME);
                Mockito.when(pemSslServerDescriptor.getCertificateLocationConfigName()).thenReturn(CUSTOM_CERTIFICATE_NAME);
                Mockito.when(pemSslServerDescriptor.getCaCertificateLocationConfigName()).thenReturn(CUSTOM_CA_CERTIFICATE_NAME);
                Assert.assertNull("Illegal usage. keyPassword does not apply to PEM", str);
                return;
            default:
                Assert.fail("unsupported format: " + certificateFileFormat);
                return;
        }
    }

    private void registerSslClient(CertificateFileFormat certificateFileFormat, PasswordOption passwordOption) {
        SslClientDescriptor.JksSslClientDescriptor jksSslClientDescriptor = null;
        switch (AnonymousClass1.$SwitchMap$com$cloudera$csd$descriptors$CertificateFileFormat[(null == certificateFileFormat ? CertificateFileFormat.JKS : certificateFileFormat).ordinal()]) {
            case 1:
                SslClientDescriptor.JksSslClientDescriptor jksSslClientDescriptor2 = (SslClientDescriptor.JksSslClientDescriptor) Mockito.mock(SslClientDescriptor.JksSslClientDescriptor.class);
                jksSslClientDescriptor = jksSslClientDescriptor2;
                Mockito.when(Boolean.valueOf(jksSslClientDescriptor2.isTruststorePasswordScriptBased())).thenReturn(Boolean.valueOf(ALT == passwordOption));
                Mockito.when(Boolean.valueOf(jksSslClientDescriptor2.isTruststorePasswordCredentialProviderCompatible())).thenReturn(Boolean.valueOf(CRED == passwordOption));
                break;
            case 2:
                jksSslClientDescriptor = (SslClientDescriptor.PemSslClientDescriptor) Mockito.mock(SslClientDescriptor.PemSslClientDescriptor.class);
                Assert.assertEquals("alt script does not apply to PEM", NONE, passwordOption);
                break;
            default:
                Assert.fail("unsupported truststore format: " + certificateFileFormat);
                break;
        }
        Mockito.when(this.roleDesc.getSslClient()).thenReturn(jksSslClientDescriptor);
        Mockito.when(jksSslClientDescriptor.getTruststoreFormat()).thenReturn(certificateFileFormat);
    }

    private void customizeSslClientConfigNames(String str, String str2) {
        SslClientDescriptor.JksSslClientDescriptor sslClient = this.roleDesc.getSslClient();
        Mockito.when(sslClient.getTruststoreLocationConfigName()).thenReturn(str);
        if (CertificateFileFormat.PEM.equals(sslClient.getTruststoreFormat())) {
            return;
        }
        Mockito.when(sslClient.getTruststorePasswordConfigName()).thenReturn(str2);
    }

    private void configureSslEnabled() {
        createConfig(this.role, (ParamSpec<ParamSpec>) getRoleParam(this.role, "ssl_enabled"), (ParamSpec) true);
    }

    private void configureJksSslServerPath() {
        createConfig(this.role, (ParamSpec<ParamSpec>) getRoleParam(this.role, "ssl_server_keystore_location"), (ParamSpec) CUSTOM_KEYSTORE_PATH);
    }

    private void configurePemSslServerPaths() {
        createConfig(this.role, (ParamSpec<ParamSpec>) getRoleParam(this.role, "ssl_server_privatekey_location"), (ParamSpec) CUSTOM_PRIVATE_KEY_PATH);
        createConfig(this.role, (ParamSpec<ParamSpec>) getRoleParam(this.role, "ssl_server_certificate_location"), (ParamSpec) CUSTOM_CERTIFICATE_PATH);
        createConfig(this.role, (ParamSpec<ParamSpec>) getRoleParam(this.role, "ssl_server_ca_certificate_location"), (ParamSpec) CUSTOM_CA_CERTIFICATE_PATH);
    }

    private void configureJksSslServerPassword() {
        createConfig(this.role, (ParamSpec<ParamSpec>) getRoleParam(this.role, "ssl_server_keystore_password"), (ParamSpec) CUSTOM_KEYSTORE_PASS);
    }

    private void configurePemSslServerPassword() {
        createConfig(this.role, (ParamSpec<ParamSpec>) getRoleParam(this.role, "ssl_server_privatekey_password"), (ParamSpec) CUSTOM_PRIVATE_KEY_PASS);
    }

    private void configureSslServerKeyPassword() {
        createConfig(this.role, (ParamSpec<ParamSpec>) getRoleParam(this.role, "ssl_server_keystore_keypassword"), (ParamSpec) CUSTOM_KEYSTORE_KEY_PASS);
    }

    private void configureSslClientPath() {
        createConfig(this.role, (ParamSpec<ParamSpec>) getRoleParam(this.role, "ssl_client_truststore_location"), (ParamSpec) CUSTOM_TRUSTSTORE_PATH);
    }

    private void configureSslClientPassword() {
        createConfig(this.role, (ParamSpec<ParamSpec>) getRoleParam(this.role, "ssl_client_truststore_password"), (ParamSpec) CUSTOM_TRUSTSTORE_PASS);
    }

    @Test
    public void testNoSslRegistered() throws Exception {
        setupClusterAndHandler(CdhReleases.CDH5_2_0);
        checkExpectedRoleSslParams(ImmutableSet.of());
        checkLinks(createInsecureLink(MAIN_LINK_NAME).getUrl(), createInsecureLink(EXTRA_LINK_NAME).getUrl());
    }

    @Test
    public void testNoSslConfigured() throws Exception {
        registerSslServer(null, CsdParameterOptionality.OPTIONAL, NONE, NONE);
        registerSslClient(null, NONE);
        setupClusterAndHandler(CdhReleases.CDH5_2_0);
        checkExpectedRoleSslParams(JKS_SSL_PARAM_NAMES);
        checkLinks(createInsecureLink(MAIN_LINK_NAME).getUrl(), createInsecureLink(EXTRA_LINK_NAME).getUrl());
    }

    @Test
    public void testAllSsl() throws Exception {
        registerSslServer(null, CsdParameterOptionality.REQUIRED, NONE, NONE);
        registerSslClient(null, NONE);
        setupClusterAndHandler(CdhReleases.CDH5_2_0);
        checkExpectedRoleSslParams(JKS_SSL_PARAM_NAMES);
        configureSslEnabled();
        configureJksSslServerPath();
        configureJksSslServerPassword();
        configureSslServerKeyPassword();
        configureSslClientPath();
        configureSslClientPassword();
        checkLinks(createSecureLink(MAIN_LINK_NAME).getSecureUrl(), createInsecureLink(EXTRA_LINK_NAME).getUrl());
    }

    @Test
    public void testSslServer() throws Exception {
        registerSslServer(CertificateFileFormat.JKS, null, NONE, NONE);
        setupClusterAndHandler(CdhReleases.CDH5_2_0);
        checkExpectedRoleSslParams(Sets.difference(JKS_SSL_SERVER_PARAM_NAMES, ImmutableSet.of("ssl_server_keystore_keypassword")));
        configureSslEnabled();
        configureJksSslServerPath();
        checkLinks(createSecureLink(MAIN_LINK_NAME).getSecureUrl(), createInsecureLink(EXTRA_LINK_NAME).getUrl());
    }

    @Test
    public void testSslServerWithPasswords() throws Exception {
        registerSslServer(null, CsdParameterOptionality.REQUIRED, NONE, NONE);
        setupClusterAndHandler(CdhReleases.CDH5_2_0);
        checkExpectedRoleSslParams(JKS_SSL_SERVER_PARAM_NAMES);
        configureSslEnabled();
        configureJksSslServerPath();
        configureJksSslServerPassword();
        configureSslServerKeyPassword();
        checkLinks(createSecureLink(MAIN_LINK_NAME).getSecureUrl(), createInsecureLink(EXTRA_LINK_NAME).getUrl());
    }

    @Test
    public void testSslClient() throws Exception {
        registerSslClient(CertificateFileFormat.JKS, ALT);
        setupClusterAndHandler(CdhReleases.CDH5_2_0);
        checkExpectedRoleSslParams(JKS_SSL_CLIENT_PARAM_NAMES);
        configureSslClientPath();
        configureSslClientPassword();
        checkLinks(createInsecureLink(MAIN_LINK_NAME).getUrl(), createInsecureLink(EXTRA_LINK_NAME).getUrl());
    }

    @Test
    public void testPemServerWithClient() throws Exception {
        registerSslServer(CertificateFileFormat.PEM, null, NONE, NONE);
        registerSslClient(CertificateFileFormat.PEM, NONE);
        setupClusterAndHandler(CdhReleases.CDH5_5_0);
        checkExpectedRoleSslParams(PEM_SSL_PARAM_NAMES);
        configureSslEnabled();
        configurePemSslServerPaths();
        configurePemSslServerPassword();
        configureSslClientPath();
        checkLinks(createSecureLink(MAIN_LINK_NAME).getSecureUrl(), createInsecureLink(EXTRA_LINK_NAME).getUrl());
    }

    @Test
    public void testPemServer() throws Exception {
        registerSslServer(CertificateFileFormat.PEM, null, NONE, NONE);
        setupClusterAndHandler(CdhReleases.CDH5_5_0);
        checkExpectedRoleSslParams(PEM_SSL_SERVER_PARAM_NAMES);
        configureSslEnabled();
        configurePemSslServerPaths();
        configurePemSslServerPassword();
        checkLinks(createSecureLink(MAIN_LINK_NAME).getSecureUrl(), createInsecureLink(EXTRA_LINK_NAME).getUrl());
    }

    @Test
    public void testJksAltScripts() throws Exception {
        checkPasswordOptions(CertificateFileFormat.JKS, ALT);
    }

    @Test
    public void testPemAltScripts() throws Exception {
        checkPasswordOptions(CertificateFileFormat.PEM, ALT);
    }

    @Test
    public void testJksCredentialProvider() throws Exception {
        checkPasswordOptions(CertificateFileFormat.JKS, CRED);
    }

    @Test
    public void testPemCredentialProvider() throws Exception {
        checkPasswordOptions(CertificateFileFormat.PEM, CRED);
    }

    @Test
    public void testEnabledOptionalityDefault() {
        checkEnabledOptionality(null);
    }

    @Test
    public void testEnabledOptionalityNotExposed() {
        checkEnabledOptionality(CsdParameterOptionality.NOT_EXPOSED);
    }

    @Test
    public void testEnabledOptionalityOptional() {
        checkEnabledOptionality(CsdParameterOptionality.OPTIONAL);
    }

    @Test
    public void testEnabledOptionalityRequired() {
        checkEnabledOptionality(CsdParameterOptionality.REQUIRED);
    }

    @Test
    public void testCustomDefaults() {
        Release release = CdhReleases.CDH5_5_0;
        registerSslServer(CertificateFileFormat.PEM, null, ALT, NONE);
        SslServerDescriptor.PemSslServerDescriptor sslServer = this.roleDesc.getSslServer();
        Mockito.when(sslServer.getPrivateKeyLocationDefault()).thenReturn(CUSTOM_PRIVATE_KEY_PATH);
        Mockito.when(sslServer.getCertificateLocationDefault()).thenReturn(CUSTOM_CERTIFICATE_PATH);
        Mockito.when(sslServer.getCaCertificateLocationDefault()).thenReturn(CUSTOM_CA_CERTIFICATE_PATH);
        registerSslClient(CertificateFileFormat.PEM, NONE);
        Mockito.when(this.roleDesc.getSslClient().getTruststoreLocationDefault()).thenReturn(CUSTOM_TRUSTSTORE_PATH);
        setupClusterAndHandler(release);
        Assert.assertEquals(CUSTOM_PRIVATE_KEY_PATH, getRoleParam(this.role, "ssl_server_privatekey_location").getDefaultValue(release));
        Assert.assertEquals(CUSTOM_CERTIFICATE_PATH, getRoleParam(this.role, "ssl_server_certificate_location").getDefaultValue(release));
        Assert.assertEquals(CUSTOM_CA_CERTIFICATE_PATH, getRoleParam(this.role, "ssl_server_ca_certificate_location").getDefaultValue(release));
        Assert.assertEquals(CUSTOM_TRUSTSTORE_PATH, getRoleParam(this.role, "ssl_client_truststore_location").getDefaultValue(release));
    }

    private void checkPasswordOptions(CertificateFileFormat certificateFileFormat, PasswordOption passwordOption) {
        Assert.assertNotEquals(NONE, passwordOption);
        registerSslServer(certificateFileFormat, CsdParameterOptionality.OPTIONAL, passwordOption, passwordOption);
        boolean z = CertificateFileFormat.PEM != certificateFileFormat;
        String str = !z ? null : CUSTOM_KEYSTORE_KEYPASSWORD_NAME;
        customizeSslServerConfigNames(certificateFileFormat, str);
        registerSslClient(certificateFileFormat, z ? passwordOption : NONE);
        customizeSslClientConfigNames(CUSTOM_TRUSTSTORE_LOCATION_NAME, CUSTOM_TRUSTSTORE_PASS_NAME);
        setupClusterAndHandler(CdhReleases.CDH5_5_0);
        Release cdhVersion = this.cluster.getCdhVersion();
        Assert.assertEquals(CUSTOM_ENABLED_NAME, getRoleParam(this.role, "ssl_enabled").getPropertyName(cdhVersion));
        Assert.assertEquals(CUSTOM_TRUSTSTORE_LOCATION_NAME, getRoleParam(this.role, "ssl_client_truststore_location").getPropertyName(cdhVersion));
        switch (AnonymousClass1.$SwitchMap$com$cloudera$csd$descriptors$CertificateFileFormat[(null == certificateFileFormat ? CertificateFileFormat.JKS : certificateFileFormat).ordinal()]) {
            case 1:
                checkPasswordOption("ssl_server_keystore_password", passwordOption);
                checkPasswordOption("ssl_server_keystore_keypassword", passwordOption);
                checkPasswordOption("ssl_client_truststore_password", passwordOption);
                Assert.assertEquals(CUSTOM_KEYSTORE_LOCATION_NAME, getRoleParam(this.role, "ssl_server_keystore_location").getPropertyName(cdhVersion));
                Assert.assertEquals(CUSTOM_KEYSTORE_PASS_NAME, getRoleParam(this.role, "ssl_server_keystore_password").getPropertyName(cdhVersion));
                if (null != str) {
                    Assert.assertEquals(str, getRoleParam(this.role, "ssl_server_keystore_keypassword").getPropertyName(cdhVersion));
                }
                Assert.assertEquals(CUSTOM_TRUSTSTORE_PASS_NAME, getRoleParam(this.role, "ssl_client_truststore_password").getPropertyName(cdhVersion));
                return;
            case 2:
                checkPasswordOption("ssl_server_privatekey_password", passwordOption);
                Assert.assertEquals(CUSTOM_PRIVATE_KEY_NAME, getRoleParam(this.role, "ssl_server_privatekey_location").getPropertyName(cdhVersion));
                Assert.assertEquals(CUSTOM_PRIVATE_KEY_PASS_NAME, getRoleParam(this.role, "ssl_server_privatekey_password").getPropertyName(cdhVersion));
                Assert.assertEquals(CUSTOM_CERTIFICATE_NAME, getRoleParam(this.role, "ssl_server_certificate_location").getPropertyName(cdhVersion));
                Assert.assertEquals(CUSTOM_CA_CERTIFICATE_NAME, getRoleParam(this.role, "ssl_server_ca_certificate_location").getPropertyName(cdhVersion));
                return;
            default:
                Assert.fail("unsupported format: " + certificateFileFormat);
                return;
        }
    }

    private void checkPasswordOption(String str, PasswordOption passwordOption) {
        PasswordParamSpec roleParam = getRoleParam(this.role, str);
        Assert.assertNotNull(roleParam);
        Assert.assertTrue(roleParam instanceof PasswordParamSpec);
        PasswordParamSpec passwordParamSpec = roleParam;
        if (ALT == passwordOption) {
            Assert.assertNotNull(passwordParamSpec.getAlternateScriptName(CdhReleases.CDH5_5_0));
        } else {
            Assert.assertNull(passwordParamSpec.getAlternateScriptName(CdhReleases.CDH5_5_0));
        }
        if (CRED == passwordOption) {
            Assert.assertTrue(passwordParamSpec.usesCredentialProvider(CdhReleases.CDH5_5_0));
        } else {
            Assert.assertFalse(passwordParamSpec.usesCredentialProvider(CdhReleases.CDH5_5_0));
        }
    }

    private void checkEnabledOptionality(CsdParameterOptionality csdParameterOptionality) {
        Release release = CdhReleases.CDH5_5_0;
        registerSslServer(CertificateFileFormat.PEM, null, NONE, NONE);
        Mockito.when(this.roleDesc.getSslServer().getEnabledOptionality()).thenReturn(csdParameterOptionality);
        setupClusterAndHandler(release);
        boolean z = false;
        ParamSpec roleParam = getRoleParam(this.role, "ssl_enabled");
        switch (AnonymousClass1.$SwitchMap$com$cloudera$csd$descriptors$CsdParameterOptionality[(null != csdParameterOptionality ? csdParameterOptionality : CsdParameterOptionality.OPTIONAL).ordinal()]) {
            case 1:
            case 2:
                Assert.assertNull(roleParam);
                z = true;
                break;
            case 3:
                Assert.assertNotNull(roleParam);
                Assert.assertFalse(((Boolean) roleParam.getDefaultValue(release)).booleanValue());
                z = false;
                break;
            default:
                Assert.fail("unsupported optionality: " + csdParameterOptionality);
                break;
        }
        if (z) {
            checkLinks(createSecureLink(MAIN_LINK_NAME).getSecureUrl(), createInsecureLink(EXTRA_LINK_NAME).getUrl());
        } else {
            checkLinks(createInsecureLink(MAIN_LINK_NAME).getUrl(), createInsecureLink(EXTRA_LINK_NAME).getUrl());
        }
    }

    private void checkExpectedRoleSslParams(Set<String> set) {
        HashSet newHashSet = Sets.newHashSet();
        ConfigSpec configSpec = shr.getRoleHandler(this.role).getConfigSpec();
        for (String str : set) {
            ParamSpec param = configSpec.getParam(str);
            if (null != param) {
                I18nKeyTestHelper.t((ParamSpec<?>) param);
                newHashSet.add(str);
                Assert.assertEquals("Parameter has wrong wizard: " + str, AutoConfigWizard.ADD_SERVICE_AND_EXPRESS, param.getAutoConfigWizard());
                Assert.assertNotNull("Default value is null, which will cause an interpolation error due to OPSAPS-22940, for param: " + str, param.getDefaultValue(this.cluster.getCdhVersion()));
            }
        }
        Assert.assertEquals(set, newHashSet);
    }

    private void checkLinks(String str, String str2) {
        Assert.assertEquals(ImmutableMap.of("status", str.replace("${host}", this.host1.getName()), EXTRA_LINK_NAME, str2.replace("${host}", this.host1.getName())), shr.getRoleHandler(this.role).getStatusLinks(this.role));
    }
}
