package org.apache.hadoop.security;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.NetworkInterface;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ipc.ProtocolSignature;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.ipc.TestRpcBase;
import org.apache.hadoop.ipc.VersionedProtocol;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.DefaultImpersonationProvider;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenInfo;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/security/TestDoAsEffectiveUser.class */
public class TestDoAsEffectiveUser {
    private static final String REAL_USER_NAME = "realUser1@HADOOP.APACHE.ORG";
    private static final String REAL_USER_SHORT_NAME = "realUser1";
    private static final String PROXY_USER_NAME = "proxyUser";
    private static final String ADDRESS = "0.0.0.0";
    private TestProtocol proxy;
    private static final String GROUP1_NAME = "group1";
    private static final String GROUP2_NAME = "group2";
    private static final String[] GROUP_NAMES = {GROUP1_NAME, GROUP2_NAME};
    private static final Configuration masterConf = new Configuration();
    public static final Logger LOG = LoggerFactory.getLogger(TestDoAsEffectiveUser.class);

    /* loaded from: input_file:org/apache/hadoop/security/TestDoAsEffectiveUser$TestImpl.class */
    public class TestImpl implements TestProtocol {
        public TestImpl() {
        }

        @Override // org.apache.hadoop.security.TestDoAsEffectiveUser.TestProtocol
        public String aMethod() throws IOException {
            return UserGroupInformation.getCurrentUser().toString();
        }

        @Override // org.apache.hadoop.security.TestDoAsEffectiveUser.TestProtocol
        public String getServerRemoteUser() throws IOException {
            return Server.getRemoteUser().toString();
        }

        public long getProtocolVersion(String str, long j) throws IOException {
            return 1L;
        }

        public ProtocolSignature getProtocolSignature(String str, long j, int i) throws IOException {
            return new ProtocolSignature(1L, (int[]) null);
        }
    }

    @TokenInfo(TestRpcBase.TestTokenSelector.class)
    /* loaded from: input_file:org/apache/hadoop/security/TestDoAsEffectiveUser$TestProtocol.class */
    public interface TestProtocol extends VersionedProtocol {
        public static final long versionID = 1;

        String aMethod() throws IOException;

        String getServerRemoteUser() throws IOException;
    }

    @Before
    public void setMasterConf() throws IOException {
        UserGroupInformation.setConfiguration(masterConf);
        refreshConf(masterConf);
    }

    private void configureSuperUserIPAddresses(Configuration configuration, String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        Enumeration<NetworkInterface> networkInterfaces = NetworkInterface.getNetworkInterfaces();
        while (networkInterfaces.hasMoreElements()) {
            Enumeration<InetAddress> inetAddresses = networkInterfaces.nextElement().getInetAddresses();
            while (inetAddresses.hasMoreElements()) {
                arrayList.add(inetAddresses.nextElement().getHostAddress());
            }
        }
        StringBuilder sb = new StringBuilder();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            sb.append((String) it.next());
            sb.append(',');
        }
        sb.append("127.0.1.1,");
        sb.append(InetAddress.getLocalHost().getCanonicalHostName());
        LOG.info("Local Ip addresses: " + sb.toString());
        configuration.setStrings(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(str), new String[]{sb.toString()});
    }

    @Test
    public void testCreateProxyUser() throws Exception {
        Assert.assertEquals("proxyUser (auth:PROXY) via realUser1@HADOOP.APACHE.ORG (auth:SIMPLE)", ((UserGroupInformation) UserGroupInformation.createProxyUser(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME)).doAs(new PrivilegedExceptionAction<UserGroupInformation>() { // from class: org.apache.hadoop.security.TestDoAsEffectiveUser.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public UserGroupInformation run() throws IOException {
                return UserGroupInformation.getCurrentUser();
            }
        })).toString());
    }

    private void checkRemoteUgi(final Server server, final UserGroupInformation userGroupInformation, final Configuration configuration) throws Exception {
        userGroupInformation.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.security.TestDoAsEffectiveUser.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws IOException {
                TestDoAsEffectiveUser.this.proxy = (TestProtocol) RPC.getProxy(TestProtocol.class, 1L, NetUtils.getConnectAddress(server), configuration);
                Assert.assertEquals(userGroupInformation.toString(), TestDoAsEffectiveUser.this.proxy.aMethod());
                Assert.assertEquals(userGroupInformation.toString(), TestDoAsEffectiveUser.this.proxy.getServerRemoteUser());
                return null;
            }
        });
    }

    @Test(timeout = 4000)
    public void testRealUserSetup() throws IOException {
        Configuration configuration = new Configuration();
        configuration.setStrings(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_SHORT_NAME), new String[]{GROUP1_NAME});
        configureSuperUserIPAddresses(configuration, REAL_USER_SHORT_NAME);
        RPC.Server build = new RPC.Builder(configuration).setProtocol(TestProtocol.class).setInstance(new TestImpl()).setBindAddress(ADDRESS).setPort(0).setNumHandlers(5).setVerbose(true).build();
        refreshConf(configuration);
        try {
            try {
                build.start();
                UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(REAL_USER_NAME);
                checkRemoteUgi(build, createRemoteUser, configuration);
                checkRemoteUgi(build, UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, createRemoteUser, GROUP_NAMES), configuration);
                build.stop();
                if (this.proxy != null) {
                    RPC.stopProxy(this.proxy);
                }
            } catch (Exception e) {
                e.printStackTrace();
                Assert.fail();
                build.stop();
                if (this.proxy != null) {
                    RPC.stopProxy(this.proxy);
                }
            }
        } catch (Throwable th) {
            build.stop();
            if (this.proxy != null) {
                RPC.stopProxy(this.proxy);
            }
            throw th;
        }
    }

    @Test(timeout = 4000)
    public void testRealUserAuthorizationSuccess() throws IOException {
        Configuration configuration = new Configuration();
        configureSuperUserIPAddresses(configuration, REAL_USER_SHORT_NAME);
        configuration.setStrings(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_SHORT_NAME), new String[]{GROUP1_NAME});
        RPC.Server build = new RPC.Builder(configuration).setProtocol(TestProtocol.class).setInstance(new TestImpl()).setBindAddress(ADDRESS).setPort(0).setNumHandlers(2).setVerbose(false).build();
        refreshConf(configuration);
        try {
            try {
                build.start();
                UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(REAL_USER_NAME);
                checkRemoteUgi(build, createRemoteUser, configuration);
                checkRemoteUgi(build, UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, createRemoteUser, GROUP_NAMES), configuration);
                build.stop();
                if (this.proxy != null) {
                    RPC.stopProxy(this.proxy);
                }
            } catch (Exception e) {
                e.printStackTrace();
                Assert.fail();
                build.stop();
                if (this.proxy != null) {
                    RPC.stopProxy(this.proxy);
                }
            }
        } catch (Throwable th) {
            build.stop();
            if (this.proxy != null) {
                RPC.stopProxy(this.proxy);
            }
            throw th;
        }
    }

    @Test
    public void testRealUserIPAuthorizationFailure() throws IOException {
        final Configuration configuration = new Configuration();
        configuration.setStrings(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(REAL_USER_SHORT_NAME), new String[]{"20.20.20.20"});
        configuration.setStrings(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_SHORT_NAME), new String[]{GROUP1_NAME});
        RPC.Server build = new RPC.Builder(configuration).setProtocol(TestProtocol.class).setInstance(new TestImpl()).setBindAddress(ADDRESS).setPort(0).setNumHandlers(2).setVerbose(false).build();
        refreshConf(configuration);
        try {
            try {
                build.start();
                final InetSocketAddress connectAddress = NetUtils.getConnectAddress(build);
                Assert.fail("The RPC must have failed " + ((String) UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES).doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hadoop.security.TestDoAsEffectiveUser.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public String run() throws IOException {
                        TestDoAsEffectiveUser.this.proxy = (TestProtocol) RPC.getProxy(TestProtocol.class, 1L, connectAddress, configuration);
                        return TestDoAsEffectiveUser.this.proxy.aMethod();
                    }
                })));
                build.stop();
                if (this.proxy != null) {
                    RPC.stopProxy(this.proxy);
                }
            } catch (Exception e) {
                e.printStackTrace();
                build.stop();
                if (this.proxy != null) {
                    RPC.stopProxy(this.proxy);
                }
            }
        } catch (Throwable th) {
            build.stop();
            if (this.proxy != null) {
                RPC.stopProxy(this.proxy);
            }
            throw th;
        }
    }

    @Test
    public void testRealUserIPNotSpecified() throws IOException {
        final Configuration configuration = new Configuration();
        configuration.setStrings(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_SHORT_NAME), new String[]{GROUP1_NAME});
        RPC.Server build = new RPC.Builder(configuration).setProtocol(TestProtocol.class).setInstance(new TestImpl()).setBindAddress(ADDRESS).setPort(0).setNumHandlers(2).setVerbose(false).build();
        refreshConf(configuration);
        try {
            try {
                build.start();
                final InetSocketAddress connectAddress = NetUtils.getConnectAddress(build);
                Assert.fail("The RPC must have failed " + ((String) UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES).doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hadoop.security.TestDoAsEffectiveUser.4
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public String run() throws IOException {
                        TestDoAsEffectiveUser.this.proxy = (TestProtocol) RPC.getProxy(TestProtocol.class, 1L, connectAddress, configuration);
                        return TestDoAsEffectiveUser.this.proxy.aMethod();
                    }
                })));
                build.stop();
                if (this.proxy != null) {
                    RPC.stopProxy(this.proxy);
                }
            } catch (Exception e) {
                e.printStackTrace();
                build.stop();
                if (this.proxy != null) {
                    RPC.stopProxy(this.proxy);
                }
            }
        } catch (Throwable th) {
            build.stop();
            if (this.proxy != null) {
                RPC.stopProxy(this.proxy);
            }
            throw th;
        }
    }

    @Test
    public void testRealUserGroupNotSpecified() throws IOException {
        final Configuration configuration = new Configuration();
        configureSuperUserIPAddresses(configuration, REAL_USER_SHORT_NAME);
        RPC.Server build = new RPC.Builder(configuration).setProtocol(TestProtocol.class).setInstance(new TestImpl()).setBindAddress(ADDRESS).setPort(0).setNumHandlers(2).setVerbose(false).build();
        try {
            try {
                build.start();
                final InetSocketAddress connectAddress = NetUtils.getConnectAddress(build);
                Assert.fail("The RPC must have failed " + ((String) UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES).doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hadoop.security.TestDoAsEffectiveUser.5
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public String run() throws IOException {
                        TestDoAsEffectiveUser.this.proxy = (TestProtocol) RPC.getProxy(TestProtocol.class, 1L, connectAddress, configuration);
                        return TestDoAsEffectiveUser.this.proxy.aMethod();
                    }
                })));
                build.stop();
                if (this.proxy != null) {
                    RPC.stopProxy(this.proxy);
                }
            } catch (Exception e) {
                e.printStackTrace();
                build.stop();
                if (this.proxy != null) {
                    RPC.stopProxy(this.proxy);
                }
            }
        } catch (Throwable th) {
            build.stop();
            if (this.proxy != null) {
                RPC.stopProxy(this.proxy);
            }
            throw th;
        }
    }

    @Test
    public void testRealUserGroupAuthorizationFailure() throws IOException {
        final Configuration configuration = new Configuration();
        configureSuperUserIPAddresses(configuration, REAL_USER_SHORT_NAME);
        configuration.setStrings(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_SHORT_NAME), new String[]{"group3"});
        RPC.Server build = new RPC.Builder(configuration).setProtocol(TestProtocol.class).setInstance(new TestImpl()).setBindAddress(ADDRESS).setPort(0).setNumHandlers(2).setVerbose(false).build();
        refreshConf(configuration);
        try {
            try {
                build.start();
                final InetSocketAddress connectAddress = NetUtils.getConnectAddress(build);
                Assert.fail("The RPC must have failed " + ((String) UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES).doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hadoop.security.TestDoAsEffectiveUser.6
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public String run() throws IOException {
                        TestDoAsEffectiveUser.this.proxy = (TestProtocol) RPC.getProxy(TestProtocol.class, 1L, connectAddress, configuration);
                        return TestDoAsEffectiveUser.this.proxy.aMethod();
                    }
                })));
                build.stop();
                if (this.proxy != null) {
                    RPC.stopProxy(this.proxy);
                }
            } catch (Exception e) {
                e.printStackTrace();
                build.stop();
                if (this.proxy != null) {
                    RPC.stopProxy(this.proxy);
                }
            }
        } catch (Throwable th) {
            build.stop();
            if (this.proxy != null) {
                RPC.stopProxy(this.proxy);
            }
            throw th;
        }
    }

    @Test
    public void testProxyWithToken() throws Exception {
        final Configuration configuration = new Configuration(masterConf);
        TestRpcBase.TestTokenSecretManager testTokenSecretManager = new TestRpcBase.TestTokenSecretManager();
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
        UserGroupInformation.setConfiguration(configuration);
        final RPC.Server build = new RPC.Builder(configuration).setProtocol(TestProtocol.class).setInstance(new TestImpl()).setBindAddress(ADDRESS).setPort(0).setNumHandlers(5).setVerbose(true).setSecretManager(testTokenSecretManager).build();
        build.start();
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(REAL_USER_NAME);
        final InetSocketAddress connectAddress = NetUtils.getConnectAddress(build);
        Token token = new Token(new TestRpcBase.TestTokenIdentifier(new Text(createRemoteUser.getUserName()), new Text("SomeSuperUser")), testTokenSecretManager);
        SecurityUtil.setTokenService(token, connectAddress);
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, createRemoteUser, GROUP_NAMES);
        createProxyUserForTesting.addToken(token);
        refreshConf(configuration);
        Assert.assertEquals("realUser1@HADOOP.APACHE.ORG (auth:TOKEN) via SomeSuperUser (auth:SIMPLE)", (String) createProxyUserForTesting.doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hadoop.security.TestDoAsEffectiveUser.7
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public String run() throws Exception {
                try {
                    try {
                        TestDoAsEffectiveUser.this.proxy = (TestProtocol) RPC.getProxy(TestProtocol.class, 1L, connectAddress, configuration);
                        String aMethod = TestDoAsEffectiveUser.this.proxy.aMethod();
                        build.stop();
                        if (TestDoAsEffectiveUser.this.proxy != null) {
                            RPC.stopProxy(TestDoAsEffectiveUser.this.proxy);
                        }
                        return aMethod;
                    } catch (Exception e) {
                        e.printStackTrace();
                        throw e;
                    }
                } catch (Throwable th) {
                    build.stop();
                    if (TestDoAsEffectiveUser.this.proxy != null) {
                        RPC.stopProxy(TestDoAsEffectiveUser.this.proxy);
                    }
                    throw th;
                }
            }
        }));
    }

    @Test
    public void testTokenBySuperUser() throws Exception {
        TestRpcBase.TestTokenSecretManager testTokenSecretManager = new TestRpcBase.TestTokenSecretManager();
        final Configuration configuration = new Configuration(masterConf);
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
        UserGroupInformation.setConfiguration(configuration);
        final RPC.Server build = new RPC.Builder(configuration).setProtocol(TestProtocol.class).setInstance(new TestImpl()).setBindAddress(ADDRESS).setPort(0).setNumHandlers(5).setVerbose(true).setSecretManager(testTokenSecretManager).build();
        build.start();
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting(REAL_USER_NAME, GROUP_NAMES);
        refreshConf(configuration);
        final InetSocketAddress connectAddress = NetUtils.getConnectAddress(build);
        Token token = new Token(new TestRpcBase.TestTokenIdentifier(new Text(createUserForTesting.getUserName()), new Text("SomeSuperUser")), testTokenSecretManager);
        SecurityUtil.setTokenService(token, connectAddress);
        createUserForTesting.addToken(token);
        String str = (String) createUserForTesting.doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hadoop.security.TestDoAsEffectiveUser.8
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public String run() throws Exception {
                try {
                    try {
                        TestDoAsEffectiveUser.this.proxy = (TestProtocol) RPC.getProxy(TestProtocol.class, 1L, connectAddress, configuration);
                        String aMethod = TestDoAsEffectiveUser.this.proxy.aMethod();
                        build.stop();
                        if (TestDoAsEffectiveUser.this.proxy != null) {
                            RPC.stopProxy(TestDoAsEffectiveUser.this.proxy);
                        }
                        return aMethod;
                    } catch (Exception e) {
                        e.printStackTrace();
                        throw e;
                    }
                } catch (Throwable th) {
                    build.stop();
                    if (TestDoAsEffectiveUser.this.proxy != null) {
                        RPC.stopProxy(TestDoAsEffectiveUser.this.proxy);
                    }
                    throw th;
                }
            }
        });
        Assert.assertEquals(str + "!=realUser1@HADOOP.APACHE.ORG (auth:TOKEN) via SomeSuperUser (auth:SIMPLE)", "realUser1@HADOOP.APACHE.ORG (auth:TOKEN) via SomeSuperUser (auth:SIMPLE)", str);
    }

    private void refreshConf(Configuration configuration) throws IOException {
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
    }

    static {
        masterConf.set("hadoop.security.auth_to_local", "RULE:[2:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//RULE:[1:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//DEFAULT");
    }
}
