package org.apache.hadoop.fs.s3a;

import java.io.IOException;
import java.util.concurrent.Callable;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.ProviderUtils;
import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.hadoop.test.LambdaTestUtils;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.junit.rules.Timeout;

/* loaded from: input_file:test-classes/org/apache/hadoop/fs/s3a/TestSSEConfiguration.class */
public class TestSSEConfiguration extends Assert {

    @Rule
    public Timeout testTimeout = new Timeout(600000);

    @Rule
    public final TemporaryFolder tempDir = new TemporaryFolder();

    @Test
    public void testSSECNoKey() throws Throwable {
        assertExceptionTextEquals(S3AUtils.SSE_C_NO_KEY_ERROR, S3AEncryptionMethods.SSE_C.getMethod(), null);
    }

    @Test
    public void testSSECBlankKey() throws Throwable {
        assertExceptionTextEquals(S3AUtils.SSE_C_NO_KEY_ERROR, S3AEncryptionMethods.SSE_C.getMethod(), "");
    }

    @Test
    public void testSSECGoodKey() throws Throwable {
        assertEquals(S3AEncryptionMethods.SSE_C, getAlgorithm(S3AEncryptionMethods.SSE_C, "sseckey"));
    }

    @Test
    public void testKMSGoodKey() throws Throwable {
        assertEquals(S3AEncryptionMethods.SSE_KMS, getAlgorithm(S3AEncryptionMethods.SSE_KMS, "kmskey"));
    }

    @Test
    public void testKMSGoodOldOptionName() throws Throwable {
        Configuration configuration = new Configuration(false);
        configuration.set(Constants.SERVER_SIDE_ENCRYPTION_ALGORITHM, S3AEncryptionMethods.SSE_KMS.getMethod());
        configuration.set("fs.s3a.server-side-encryption-key", "kmskeyID");
        assertEquals("kmskeyID", S3AUtils.getServerSideEncryptionKey(configuration));
        assertEquals(S3AEncryptionMethods.SSE_KMS, S3AUtils.getEncryptionAlgorithm(configuration));
    }

    @Test
    public void testAESKeySet() throws Throwable {
        assertExceptionTextEquals(S3AUtils.SSE_S3_WITH_KEY_ERROR, S3AEncryptionMethods.SSE_S3.getMethod(), "setkey");
    }

    @Test
    public void testSSEEmptyKey() throws Throwable {
        assertEquals("", S3AUtils.getServerSideEncryptionKey(buildConf(S3AEncryptionMethods.SSE_C.getMethod(), "")));
    }

    @Test
    public void testSSEKeyNull() throws Throwable {
        final Configuration buildConf = buildConf(S3AEncryptionMethods.SSE_C.getMethod(), null);
        assertNull("", S3AUtils.getServerSideEncryptionKey(buildConf));
        LambdaTestUtils.intercept(IOException.class, S3AUtils.SSE_C_NO_KEY_ERROR, new Callable<S3AEncryptionMethods>() { // from class: org.apache.hadoop.fs.s3a.TestSSEConfiguration.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public S3AEncryptionMethods call() throws Exception {
                return S3AUtils.getEncryptionAlgorithm(buildConf);
            }
        });
    }

    @Test
    public void testSSEKeyFromCredentialProvider() throws Exception {
        Configuration configuration = new Configuration();
        addFileProvider(configuration);
        provisionSSEKey(configuration, Constants.SERVER_SIDE_ENCRYPTION_KEY, "provisioned");
        configuration.set(Constants.SERVER_SIDE_ENCRYPTION_KEY, "keyInConfObject");
        String serverSideEncryptionKey = S3AUtils.getServerSideEncryptionKey(configuration);
        assertNotNull("Proxy password should not retrun null.", serverSideEncryptionKey);
        assertEquals("Proxy password override did NOT work.", "provisioned", serverSideEncryptionKey);
    }

    @Test
    public void testOldKeyFromCredentialProvider() throws Exception {
        Configuration configuration = new Configuration();
        addFileProvider(configuration);
        provisionSSEKey(configuration, "fs.s3a.server-side-encryption-key", "provisioned");
        String serverSideEncryptionKey = S3AUtils.getServerSideEncryptionKey(configuration);
        assertNotNull("Proxy password should not retrun null.", serverSideEncryptionKey);
        assertEquals("Proxy password override did NOT work.", "provisioned", serverSideEncryptionKey);
    }

    private void addFileProvider(Configuration configuration) throws Exception {
        configuration.set("hadoop.security.credential.provider.path", ProviderUtils.nestURIForLocalJavaKeyStoreProvider(this.tempDir.newFile("test.jks").toURI()).toString());
    }

    void provisionSSEKey(Configuration configuration, String str, String str2) throws Exception {
        CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(configuration).get(0);
        credentialProvider.createCredentialEntry(str, str2.toCharArray());
        credentialProvider.flush();
    }

    public void assertExceptionTextEquals(String str, final String str2, final String str3) throws Exception {
        LambdaTestUtils.intercept(IOException.class, str, new Callable<S3AEncryptionMethods>() { // from class: org.apache.hadoop.fs.s3a.TestSSEConfiguration.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public S3AEncryptionMethods call() throws Exception {
                return TestSSEConfiguration.this.getAlgorithm(str2, str3);
            }
        });
    }

    private S3AEncryptionMethods getAlgorithm(S3AEncryptionMethods s3AEncryptionMethods, String str) throws IOException {
        return getAlgorithm(s3AEncryptionMethods.getMethod(), str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public S3AEncryptionMethods getAlgorithm(String str, String str2) throws IOException {
        return S3AUtils.getEncryptionAlgorithm(buildConf(str, str2));
    }

    private Configuration buildConf(String str, String str2) {
        Configuration configuration = new Configuration(false);
        if (str != null) {
            configuration.set(Constants.SERVER_SIDE_ENCRYPTION_ALGORITHM, str);
        } else {
            configuration.unset(Constants.SERVER_SIDE_ENCRYPTION_ALGORITHM);
        }
        if (str2 != null) {
            configuration.set(Constants.SERVER_SIDE_ENCRYPTION_KEY, str2);
        } else {
            configuration.unset(Constants.SERVER_SIDE_ENCRYPTION_KEY);
        }
        return configuration;
    }
}
