package org.apache.ambari.server.checks;

import com.google.inject.AbstractModule;
import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.Module;
import com.google.inject.Provider;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Predicate;
import javax.persistence.EntityManager;
import org.apache.ambari.server.actionmanager.ActionDBAccessor;
import org.apache.ambari.server.actionmanager.ActionDBAccessorImpl;
import org.apache.ambari.server.actionmanager.ActionManager;
import org.apache.ambari.server.actionmanager.HostRoleCommandFactory;
import org.apache.ambari.server.actionmanager.HostRoleCommandFactoryImpl;
import org.apache.ambari.server.actionmanager.StageFactory;
import org.apache.ambari.server.api.services.AmbariMetaInfo;
import org.apache.ambari.server.audit.AuditLogger;
import org.apache.ambari.server.controller.AbstractRootServiceResponseFactory;
import org.apache.ambari.server.controller.AmbariCustomCommandExecutionHelper;
import org.apache.ambari.server.controller.AmbariManagementController;
import org.apache.ambari.server.controller.KerberosHelper;
import org.apache.ambari.server.controller.PrereqCheckRequest;
import org.apache.ambari.server.controller.RootServiceResponseFactory;
import org.apache.ambari.server.hooks.HookService;
import org.apache.ambari.server.hooks.users.UserHookService;
import org.apache.ambari.server.metadata.CachedRoleCommandOrderProvider;
import org.apache.ambari.server.metadata.RoleCommandOrderProvider;
import org.apache.ambari.server.orm.DBAccessor;
import org.apache.ambari.server.orm.dao.ArtifactDAO;
import org.apache.ambari.server.orm.dao.HostRoleCommandDAO;
import org.apache.ambari.server.orm.entities.RepositoryVersionEntity;
import org.apache.ambari.server.scheduler.ExecutionScheduler;
import org.apache.ambari.server.scheduler.ExecutionSchedulerImpl;
import org.apache.ambari.server.security.SecurityHelper;
import org.apache.ambari.server.security.credential.Credential;
import org.apache.ambari.server.security.encryption.CredentialStoreService;
import org.apache.ambari.server.security.encryption.CredentialStoreType;
import org.apache.ambari.server.stack.StackManagerFactory;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.Config;
import org.apache.ambari.server.state.ConfigHelper;
import org.apache.ambari.server.state.DesiredConfig;
import org.apache.ambari.server.state.SecurityType;
import org.apache.ambari.server.state.ServiceComponentHostFactory;
import org.apache.ambari.server.state.StackId;
import org.apache.ambari.server.state.UpgradeHelper;
import org.apache.ambari.server.state.stack.OsFamily;
import org.apache.ambari.server.state.stack.PrereqCheckStatus;
import org.apache.ambari.server.state.stack.PrerequisiteCheck;
import org.apache.ambari.server.state.stack.UpgradePack;
import org.apache.ambari.server.state.stack.upgrade.Direction;
import org.apache.ambari.server.state.stack.upgrade.UpgradeType;
import org.apache.ambari.server.testutils.PartialNiceMockBinder;
import org.apache.ambari.server.topology.PersistedState;
import org.apache.ambari.server.topology.PersistedStateImpl;
import org.easymock.EasyMock;
import org.easymock.EasyMockRunner;
import org.easymock.EasyMockSupport;
import org.easymock.Mock;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.security.crypto.password.PasswordEncoder;

@RunWith(EasyMockRunner.class)
/* loaded from: input_file:org/apache/ambari/server/checks/KerberosAdminPersistedCredentialCheckTest.class */
public class KerberosAdminPersistedCredentialCheckTest extends EasyMockSupport {

    @Mock
    private UpgradeHelper upgradeHelper;

    @Test
    public void testMissingCredentialStoreKerberosEnabledManagingIdentities() throws Exception {
        PrerequisiteCheck executeCheck = executeCheck(true, true, false, false);
        Assert.assertEquals(PrereqCheckStatus.FAIL, executeCheck.getStatus());
        Assert.assertTrue(executeCheck.getFailReason().startsWith("Ambari's credential store has not been configured."));
    }

    @Test
    public void testMissingCredentialStoreKerberosEnabledNotManagingIdentities() throws Exception {
        Assert.assertEquals(PrereqCheckStatus.PASS, executeCheck(true, false, false, false).getStatus());
    }

    @Test
    public void testMissingCredentialStoreKerberosNotEnabled() throws Exception {
        Assert.assertEquals(PrereqCheckStatus.PASS, executeCheck(false, false, false, false).getStatus());
    }

    @Test
    public void testMissingCredentialKerberosEnabledManagingIdentities() throws Exception {
        PrerequisiteCheck executeCheck = executeCheck(true, true, true, false);
        Assert.assertEquals(PrereqCheckStatus.FAIL, executeCheck.getStatus());
        Assert.assertTrue(executeCheck.getFailReason().startsWith("The KDC administrator credential has not been stored in the persisted credential store."));
    }

    @Test
    public void testMissingCredentialKerberosEnabledNotManagingIdentities() throws Exception {
        Assert.assertEquals(PrereqCheckStatus.PASS, executeCheck(true, false, true, false).getStatus());
    }

    @Test
    public void testMissingCredentialKerberosNotEnabled() throws Exception {
        Assert.assertEquals(PrereqCheckStatus.PASS, executeCheck(false, true, true, false).getStatus());
    }

    @Test
    public void testCredentialsSetKerberosNotEnabled() throws Exception {
        Assert.assertEquals(PrereqCheckStatus.PASS, executeCheck(false, false, true, true).getStatus());
    }

    @Test
    public void testCredentialsSetKerberosEnabledNotManagingIdentities() throws Exception {
        Assert.assertEquals(PrereqCheckStatus.PASS, executeCheck(true, false, true, true).getStatus());
    }

    @Test
    public void testCredentialsSetKerberosEnabledManagingIdentities() throws Exception {
        Assert.assertEquals(PrereqCheckStatus.PASS, executeCheck(true, true, true, true).getStatus());
    }

    private PrerequisiteCheck executeCheck(boolean z, boolean z2, boolean z3, boolean z4) throws Exception {
        HashMap hashMap = new HashMap();
        UpgradePack.PrerequisiteCheckConfig prerequisiteCheckConfig = (UpgradePack.PrerequisiteCheckConfig) createMock(UpgradePack.PrerequisiteCheckConfig.class);
        EasyMock.expect(prerequisiteCheckConfig.getCheckProperties(KerberosAdminPersistedCredentialCheck.class.getName())).andReturn(hashMap).anyTimes();
        PrerequisiteCheck prerequisiteCheck = new PrerequisiteCheck((CheckDescription) null, (String) null);
        PrereqCheckRequest prereqCheckRequest = new PrereqCheckRequest("c1");
        prereqCheckRequest.setTargetRepositoryVersion(new RepositoryVersionEntity());
        prereqCheckRequest.setPrerequisiteCheckConfig(prerequisiteCheckConfig);
        EasyMock.expect(this.upgradeHelper.suggestUpgradePack((String) EasyMock.eq("c1"), (StackId) EasyMock.anyObject(), (StackId) EasyMock.anyObject(), (Direction) EasyMock.eq(Direction.UPGRADE), (UpgradeType) EasyMock.eq(UpgradeType.ROLLING), (String) EasyMock.anyObject())).andReturn(upgradePackWithRegenKeytab()).anyTimes();
        DesiredConfig desiredConfig = (DesiredConfig) createMock(DesiredConfig.class);
        EasyMock.expect(desiredConfig.getTag()).andReturn("tag").anyTimes();
        Map singletonMap = Collections.singletonMap("kerberos-env", desiredConfig);
        Config config = (Config) createMock(Config.class);
        EasyMock.expect(config.getProperties()).andReturn(Collections.singletonMap("manage_identities", z2 ? "true" : "false")).anyTimes();
        Cluster cluster = (Cluster) createMock(Cluster.class);
        EasyMock.expect(cluster.getSecurityType()).andReturn(z ? SecurityType.KERBEROS : SecurityType.NONE).anyTimes();
        EasyMock.expect(cluster.getDesiredConfigs()).andReturn(singletonMap).anyTimes();
        EasyMock.expect(cluster.getConfig("kerberos-env", "tag")).andReturn(config).anyTimes();
        Clusters clusters = (Clusters) createMock(Clusters.class);
        EasyMock.expect(clusters.getCluster("c1")).andReturn(cluster).anyTimes();
        Credential credential = (Credential) createMock(Credential.class);
        Injector injector = getInjector();
        CredentialStoreService credentialStoreService = (CredentialStoreService) injector.getInstance(CredentialStoreService.class);
        EasyMock.expect(Boolean.valueOf(credentialStoreService.isInitialized(CredentialStoreType.PERSISTED))).andReturn(Boolean.valueOf(z3)).anyTimes();
        EasyMock.expect(credentialStoreService.getCredential("c1", "kdc.admin.credential", CredentialStoreType.PERSISTED)).andReturn(z4 ? credential : null).anyTimes();
        Provider provider = () -> {
            return clusters;
        };
        replayAll();
        ((AmbariMetaInfo) injector.getInstance(AmbariMetaInfo.class)).init();
        KerberosAdminPersistedCredentialCheck kerberosAdminPersistedCredentialCheck = new KerberosAdminPersistedCredentialCheck();
        injector.injectMembers(kerberosAdminPersistedCredentialCheck);
        kerberosAdminPersistedCredentialCheck.clustersProvider = provider;
        kerberosAdminPersistedCredentialCheck.perform(prerequisiteCheck, prereqCheckRequest);
        verifyAll();
        return prerequisiteCheck;
    }

    private UpgradePack upgradePackWithRegenKeytab() {
        UpgradePack upgradePack = (UpgradePack) createMock(UpgradePack.class);
        EasyMock.expect(Boolean.valueOf(upgradePack.anyGroupTaskMatch((Predicate) EasyMock.anyObject()))).andReturn(true).anyTimes();
        return upgradePack;
    }

    Injector getInjector() {
        return Guice.createInjector(new Module[]{new AbstractModule() { // from class: org.apache.ambari.server.checks.KerberosAdminPersistedCredentialCheckTest.1
            protected void configure() {
                PartialNiceMockBinder.newBuilder().addLdapBindings().addActionDBAccessorConfigsBindings().addFactoriesInstallBinding().build().configure(binder());
                bind(ExecutionScheduler.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(ExecutionSchedulerImpl.class));
                bind(EntityManager.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(EntityManager.class));
                bind(DBAccessor.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(DBAccessor.class));
                bind(OsFamily.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(OsFamily.class));
                bind(HostRoleCommandDAO.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(HostRoleCommandDAO.class));
                bind(HostRoleCommandFactory.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(HostRoleCommandFactoryImpl.class));
                bind(ActionDBAccessor.class).to(ActionDBAccessorImpl.class);
                bind(AbstractRootServiceResponseFactory.class).to(RootServiceResponseFactory.class);
                bind(ServiceComponentHostFactory.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(ServiceComponentHostFactory.class));
                bind(PasswordEncoder.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(PasswordEncoder.class));
                bind(HookService.class).to(UserHookService.class);
                bind(PersistedState.class).to(PersistedStateImpl.class);
                bind(SecurityHelper.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(SecurityHelper.class));
                bind(AmbariCustomCommandExecutionHelper.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(AmbariCustomCommandExecutionHelper.class));
                bind(AmbariManagementController.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(AmbariManagementController.class));
                bind(AmbariMetaInfo.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(AmbariMetaInfo.class));
                bind(ActionManager.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(ActionManager.class));
                bind(StageFactory.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(StageFactory.class));
                bind(Clusters.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(Clusters.class));
                bind(ConfigHelper.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(ConfigHelper.class));
                bind(StackManagerFactory.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(StackManagerFactory.class));
                bind(AuditLogger.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(AuditLogger.class));
                bind(ArtifactDAO.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(ArtifactDAO.class));
                bind(RoleCommandOrderProvider.class).to(CachedRoleCommandOrderProvider.class);
                bind(UpgradeHelper.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.upgradeHelper);
                bind(KerberosHelper.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createNiceMock(KerberosHelper.class));
                bind(CredentialStoreService.class).toInstance(KerberosAdminPersistedCredentialCheckTest.this.createMock(CredentialStoreService.class));
            }
        }});
    }
}
