package org.apache.ambari.server.state.kerberos;

import category.KerberosTest;
import com.google.gson.Gson;
import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import junit.framework.Assert;
import org.apache.ambari.server.AmbariException;
import org.apache.commons.collections.map.HashedMap;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({KerberosTest.class})
/* loaded from: input_file:org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.class */
public class KerberosDescriptorTest {
    private static final KerberosDescriptorFactory KERBEROS_DESCRIPTOR_FACTORY = new KerberosDescriptorFactory();
    private static final KerberosServiceDescriptorFactory KERBEROS_SERVICE_DESCRIPTOR_FACTORY = new KerberosServiceDescriptorFactory();
    private static final String JSON_VALUE = "{  \"properties\": {      \"realm\": \"${cluster-env/kerberos_domain}\",      \"keytab_dir\": \"/etc/security/keytabs\"    },  \"auth_to_local_properties\": [      generic.name.rules    ],  \"services\": [{  \"name\": \"SERVICE_NAME\",  \"preconfigure\": \"true\",  \"identities\": [{  \"name\": \"identity_1\",  \"principal\":{\"value\": \"service/_HOST@_REALM\",\"configuration\": \"service-site/service.component.kerberos.principal\",\"type\": \"service\",\"local_username\": \"localUser\"},  \"keytab\":{  \"file\": \"/etc/security/keytabs/${host}/subject.service.keytab\",  \"owner\": {      \"name\": \"subject\",      \"access\": \"rw\"  },  \"group\": {      \"name\": \"hadoop\",      \"access\": \"r\"  },  \"configuration\": \"service-site/service.component.keytab.file\"},  \"when\": {\"contains\" : [\"services\", \"HIVE\"]}}],  \"components\": [ {  \"name\": \"COMPONENT_NAME\",  \"identities\": [{  \"name\": \"identity_1\",  \"principal\":{\"value\": \"service/_HOST@_REALM\",\"configuration\": \"service-site/service.component.kerberos.principal\",\"type\": \"service\",\"local_username\": \"localUser\"},  \"keytab\":{  \"file\": \"/etc/security/keytabs/${host}/subject.service.keytab\",  \"owner\": {      \"name\": \"subject\",      \"access\": \"rw\"  },  \"group\": {      \"name\": \"hadoop\",      \"access\": \"r\"  },  \"configuration\": \"service-site/service.component.keytab.file\"},  \"when\": {\"contains\" : [\"services\", \"HIVE\"]}}],  \"configurations\": [    {      \"service-site\": {        \"service.component.property1\": \"value1\",        \"service.component.property2\": \"value2\"      }    }  ],  \"auth_to_local_properties\": [      component.name.rules1    ]}],  \"auth_to_local_properties\": [      service.name.rules1    ],  \"configurations\": [    {      \"service-site\": {        \"service.property1\": \"value1\",        \"service.property2\": \"value2\"      }    }  ]}    ]}";
    private static final String JSON_VALUE_IDENTITY_REFERENCES = "{  \"identities\": [    {      \"keytab\": {        \"file\": \"${keytab_dir}/spnego.service.keytab\"      },      \"name\": \"spnego\",      \"principal\": {        \"type\": \"service\",        \"value\": \"HTTP/_HOST@${realm}\"      }    }  ],  \"services\": [    {      \"identities\": [        {          \"name\": \"service1_spnego\",          \"reference\": \"/spnego\"        },        {          \"name\": \"service1_identity\"        }      ],      \"name\": \"SERVICE1\"    },    {      \"identities\": [        {          \"name\": \"/spnego\"        },        {          \"name\": \"service2_identity\"        }      ],      \"components\": [        {          \"identities\": [            {              \"name\": \"component1_identity\"            },            {              \"name\": \"service2_component1_service1_identity\",              \"reference\": \"/SERVICE1/service1_identity\"            },            {              \"name\": \"service2_component1_component1_identity\",              \"reference\": \"./component1_identity\"            },            {              \"name\": \"service2_component1_service2_identity\",              \"reference\": \"../service2_identity\"            }          ],          \"name\": \"COMPONENT21\"        },        {          \"identities\": [            {              \"name\": \"component2_identity\"            }          ],          \"name\": \"COMPONENT22\"        }      ],      \"name\": \"SERVICE2\"    }  ]}";
    private static final Map<String, Object> MAP_VALUE;

    private static void validateFromJSON(KerberosDescriptor kerberosDescriptor) {
        Assert.assertNotNull(kerberosDescriptor);
        Assert.assertTrue(kerberosDescriptor.isContainer());
        Map properties = kerberosDescriptor.getProperties();
        Assert.assertNotNull(properties);
        Assert.assertEquals(2, properties.size());
        Assert.assertEquals("${cluster-env/kerberos_domain}", (String) properties.get("realm"));
        Assert.assertEquals("/etc/security/keytabs", (String) properties.get("keytab_dir"));
        Set authToLocalProperties = kerberosDescriptor.getAuthToLocalProperties();
        Assert.assertNotNull(authToLocalProperties);
        Assert.assertEquals(1, authToLocalProperties.size());
        Assert.assertTrue(authToLocalProperties.contains("generic.name.rules"));
        Set allAuthToLocalProperties = kerberosDescriptor.getAllAuthToLocalProperties();
        Assert.assertNotNull(allAuthToLocalProperties);
        Assert.assertEquals(3, allAuthToLocalProperties.size());
        Assert.assertTrue(allAuthToLocalProperties.contains("component.name.rules1"));
        Assert.assertTrue(allAuthToLocalProperties.contains("generic.name.rules"));
        Assert.assertTrue(allAuthToLocalProperties.contains("service.name.rules1"));
        Map services = kerberosDescriptor.getServices();
        Assert.assertNotNull(services);
        Assert.assertEquals(1, services.size());
        Iterator it = services.values().iterator();
        while (it.hasNext()) {
            KerberosServiceDescriptorTest.validateFromJSON((KerberosServiceDescriptor) it.next());
        }
        Assert.assertNull(kerberosDescriptor.getConfigurations());
    }

    private static void validateFromMap(KerberosDescriptor kerberosDescriptor) throws AmbariException {
        Assert.assertNotNull(kerberosDescriptor);
        Assert.assertTrue(kerberosDescriptor.isContainer());
        Map properties = kerberosDescriptor.getProperties();
        Assert.assertNotNull(properties);
        Assert.assertEquals(2, properties.size());
        Assert.assertEquals("EXAMPLE.COM", (String) properties.get("realm"));
        Assert.assertEquals("Hello World", (String) properties.get("some.property"));
        Set authToLocalProperties = kerberosDescriptor.getAuthToLocalProperties();
        Assert.assertNotNull(authToLocalProperties);
        Assert.assertEquals(1, authToLocalProperties.size());
        Assert.assertEquals("global.name.rules", (String) authToLocalProperties.iterator().next());
        Map services = kerberosDescriptor.getServices();
        Assert.assertNotNull(services);
        Assert.assertEquals(1, services.size());
        for (KerberosServiceDescriptor kerberosServiceDescriptor : services.values()) {
            KerberosComponentDescriptor component = kerberosServiceDescriptor.getComponent("A_DIFFERENT_COMPONENT_NAME");
            Assert.assertNotNull(component);
            List identities = component.getIdentities(true, (Map) null);
            KerberosIdentityDescriptor kerberosIdentityDescriptor = null;
            Assert.assertNotNull(identities);
            Assert.assertEquals(3, identities.size());
            Iterator it = identities.iterator();
            while (true) {
                if (it.hasNext()) {
                    KerberosIdentityDescriptor kerberosIdentityDescriptor2 = (KerberosIdentityDescriptor) it.next();
                    if ("/shared".equals(kerberosIdentityDescriptor2.getReference())) {
                        kerberosIdentityDescriptor = kerberosIdentityDescriptor2;
                        break;
                    }
                }
            }
            Assert.assertNotNull(kerberosIdentityDescriptor);
            List identities2 = component.getIdentities(false, (Map) null);
            Assert.assertNotNull(identities2);
            Assert.assertEquals(3, identities2.size());
            KerberosIdentityDescriptor identity = component.getIdentity("shared_identity");
            Assert.assertNotNull(identity);
            KerberosIdentityDescriptor identity2 = kerberosDescriptor.getIdentity("shared");
            Assert.assertNotNull(identity2);
            Assert.assertEquals(identity.getKeytabDescriptor(), kerberosIdentityDescriptor.getKeytabDescriptor());
            Assert.assertEquals(identity2.getPrincipalDescriptor(), kerberosIdentityDescriptor.getPrincipalDescriptor());
            Map configurations = kerberosServiceDescriptor.getConfigurations(true);
            Assert.assertNotNull(configurations);
            Assert.assertEquals(2, configurations.size());
            Assert.assertNotNull(configurations.get("service-site"));
            Assert.assertNotNull(configurations.get("cluster-conf"));
        }
        Map configurations2 = kerberosDescriptor.getConfigurations();
        Assert.assertNotNull(configurations2);
        Assert.assertEquals(1, configurations2.size());
        KerberosConfigurationDescriptor kerberosConfigurationDescriptor = (KerberosConfigurationDescriptor) configurations2.get("cluster-conf");
        Assert.assertNotNull(kerberosConfigurationDescriptor);
        Map properties2 = kerberosConfigurationDescriptor.getProperties();
        Assert.assertEquals("cluster-conf", kerberosConfigurationDescriptor.getType());
        Assert.assertNotNull(properties2);
        Assert.assertEquals(1, properties2.size());
        Assert.assertEquals("red", (String) properties2.get("property1"));
    }

    private void validateUpdatedData(KerberosDescriptor kerberosDescriptor) {
        Assert.assertNotNull(kerberosDescriptor);
        Map properties = kerberosDescriptor.getProperties();
        Assert.assertNotNull(properties);
        Assert.assertEquals(3, properties.size());
        Assert.assertEquals("EXAMPLE.COM", (String) properties.get("realm"));
        Assert.assertEquals("/etc/security/keytabs", (String) properties.get("keytab_dir"));
        Assert.assertEquals("Hello World", (String) properties.get("some.property"));
        Set authToLocalProperties = kerberosDescriptor.getAuthToLocalProperties();
        Assert.assertNotNull(authToLocalProperties);
        Assert.assertEquals(2, authToLocalProperties.size());
        Iterator it = new TreeSet(authToLocalProperties).iterator();
        Assert.assertEquals("generic.name.rules", (String) it.next());
        Assert.assertEquals("global.name.rules", (String) it.next());
        Map services = kerberosDescriptor.getServices();
        Assert.assertNotNull(services);
        Assert.assertEquals(2, services.size());
        KerberosServiceDescriptorTest.validateFromJSON(kerberosDescriptor.getService("SERVICE_NAME"));
        KerberosServiceDescriptorTest.validateFromMap(kerberosDescriptor.getService("A_DIFFERENT_SERVICE_NAME"));
        Assert.assertNull(kerberosDescriptor.getService("invalid service"));
        Map configurations = kerberosDescriptor.getConfigurations();
        Assert.assertNotNull(configurations);
        Assert.assertEquals(1, configurations.size());
        KerberosConfigurationDescriptor kerberosConfigurationDescriptor = (KerberosConfigurationDescriptor) configurations.get("cluster-conf");
        Assert.assertNotNull(kerberosConfigurationDescriptor);
        Map properties2 = kerberosConfigurationDescriptor.getProperties();
        Assert.assertEquals("cluster-conf", kerberosConfigurationDescriptor.getType());
        Assert.assertNotNull(properties2);
        Assert.assertEquals(1, properties2.size());
        Assert.assertEquals("red", (String) properties2.get("property1"));
    }

    private KerberosDescriptor createFromJSON() throws AmbariException {
        return KERBEROS_DESCRIPTOR_FACTORY.createInstance(JSON_VALUE);
    }

    private KerberosDescriptor createFromMap() throws AmbariException {
        return new KerberosDescriptor(MAP_VALUE);
    }

    @Test
    public void testFromMapViaGSON() throws AmbariException {
        Object fromJson = new Gson().fromJson(JSON_VALUE, Object.class);
        Assert.assertNotNull(fromJson);
        validateFromJSON(new KerberosDescriptor((Map) fromJson));
    }

    @Test
    public void testJSONDeserialize() throws AmbariException {
        validateFromJSON(createFromJSON());
    }

    @Test
    public void testMapDeserialize() throws AmbariException {
        validateFromMap(createFromMap());
    }

    @Test
    public void testInvalid() {
        try {
            KERBEROS_SERVICE_DESCRIPTOR_FACTORY.createInstances("{  \"properties\": {      \"realm\": \"${cluster-env/kerberos_domain}\",      \"keytab_dir\": \"/etc/security/keytabs\"    },  \"auth_to_local_properties\": [      generic.name.rules    ],  \"services\": [{  \"name\": \"SERVICE_NAME\",  \"preconfigure\": \"true\",  \"identities\": [{  \"name\": \"identity_1\",  \"principal\":{\"value\": \"service/_HOST@_REALM\",\"configuration\": \"service-site/service.component.kerberos.principal\",\"type\": \"service\",\"local_username\": \"localUser\"},  \"keytab\":{  \"file\": \"/etc/security/keytabs/${host}/subject.service.keytab\",  \"owner\": {      \"name\": \"subject\",      \"access\": \"rw\"  },  \"group\": {      \"name\": \"hadoop\",      \"access\": \"r\"  },  \"configuration\": \"service-site/service.component.keytab.file\"},  \"when\": {\"contains\" : [\"services\", \"HIVE\"]}}],  \"components\": [ {  \"name\": \"COMPONENT_NAME\",  \"identities\": [{  \"name\": \"identity_1\",  \"principal\":{\"value\": \"service/_HOST@_REALM\",\"configuration\": \"service-site/service.component.kerberos.principal\",\"type\": \"service\",\"local_username\": \"localUser\"},  \"keytab\":{  \"file\": \"/etc/security/keytabs/${host}/subject.service.keytab\",  \"owner\": {      \"name\": \"subject\",      \"access\": \"rw\"  },  \"group\": {      \"name\": \"hadoop\",      \"access\": \"r\"  },  \"configuration\": \"service-site/service.component.keytab.file\"},  \"when\": {\"contains\" : [\"services\", \"HIVE\"]}}],  \"configurations\": [    {      \"service-site\": {        \"service.component.property1\": \"value1\",        \"service.component.property2\": \"value2\"      }    }  ],  \"auth_to_local_properties\": [      component.name.rules1    ]}],  \"auth_to_local_properties\": [      service.name.rules1    ],  \"configurations\": [    {      \"service-site\": {        \"service.property1\": \"value1\",        \"service.property2\": \"value2\"      }    }  ]}    ]}erroneous text");
            Assert.fail("Should have thrown AmbariException.");
        } catch (AmbariException e) {
        } catch (Throwable th) {
            Assert.fail("Should have thrown AmbariException.");
        }
    }

    @Test
    public void testEquals() throws AmbariException {
        Assert.assertTrue(createFromJSON().equals(createFromJSON()));
        Assert.assertFalse(createFromJSON().equals(createFromMap()));
    }

    @Test
    public void testToMap() throws AmbariException {
        Gson gson = new Gson();
        KerberosDescriptor createFromMap = createFromMap();
        Assert.assertNotNull(createFromMap);
        Assert.assertEquals(gson.toJson(MAP_VALUE), gson.toJson(createFromMap.toMap()));
    }

    @Test
    public void testUpdate() throws AmbariException {
        KerberosDescriptor createFromJSON = createFromJSON();
        KerberosDescriptor createFromMap = createFromMap();
        Assert.assertNotNull(createFromJSON);
        Assert.assertNotNull(createFromMap);
        createFromJSON.update(createFromMap);
        validateUpdatedData(createFromJSON);
    }

    @Test
    public void testGetReferencedIdentityDescriptor() throws IOException {
        URL systemResource = ClassLoader.getSystemResource("kerberos/test_get_referenced_identity_descriptor.json");
        Assert.assertNotNull(systemResource);
        KerberosDescriptor createInstance = KERBEROS_DESCRIPTOR_FACTORY.createInstance(new File(systemResource.getFile()));
        KerberosIdentityDescriptor referencedIdentityDescriptor = createInstance.getReferencedIdentityDescriptor("/stack_identity");
        Assert.assertNotNull(referencedIdentityDescriptor);
        Assert.assertEquals("stack_identity", referencedIdentityDescriptor.getName());
        KerberosIdentityDescriptor referencedIdentityDescriptor2 = createInstance.getReferencedIdentityDescriptor("/SERVICE1/service1_identity");
        Assert.assertNotNull(referencedIdentityDescriptor2);
        Assert.assertEquals("service1_identity", referencedIdentityDescriptor2.getName());
        Assert.assertNotNull(referencedIdentityDescriptor2.getParent());
        Assert.assertEquals("SERVICE1", referencedIdentityDescriptor2.getParent().getName());
        KerberosIdentityDescriptor referencedIdentityDescriptor3 = createInstance.getReferencedIdentityDescriptor("/SERVICE2/SERVICE2_COMPONENT1/service2_component1_identity");
        Assert.assertNotNull(referencedIdentityDescriptor3);
        Assert.assertEquals("service2_component1_identity", referencedIdentityDescriptor3.getName());
        Assert.assertNotNull(referencedIdentityDescriptor3.getParent());
        Assert.assertEquals("SERVICE2_COMPONENT1", referencedIdentityDescriptor3.getParent().getName());
        Assert.assertNotNull(referencedIdentityDescriptor3.getParent().getParent());
        Assert.assertEquals("SERVICE2", referencedIdentityDescriptor3.getParent().getParent().getName());
    }

    @Test
    public void testGetReferencedIdentityDescriptor_NameCollisions() throws IOException {
        URL systemResource = ClassLoader.getSystemResource("kerberos/test_get_referenced_identity_descriptor.json");
        Assert.assertNotNull(systemResource);
        KerberosDescriptor createInstance = KERBEROS_DESCRIPTOR_FACTORY.createInstance(new File(systemResource.getFile()));
        KerberosIdentityDescriptor referencedIdentityDescriptor = createInstance.getReferencedIdentityDescriptor("/collision");
        Assert.assertNotNull(referencedIdentityDescriptor);
        Assert.assertEquals("collision", referencedIdentityDescriptor.getName());
        Assert.assertNotNull(referencedIdentityDescriptor.getParent());
        Assert.assertEquals((String) null, referencedIdentityDescriptor.getParent().getName());
        KerberosIdentityDescriptor referencedIdentityDescriptor2 = createInstance.getReferencedIdentityDescriptor("/SERVICE1/collision");
        Assert.assertNotNull(referencedIdentityDescriptor2);
        Assert.assertEquals("collision", referencedIdentityDescriptor2.getName());
        Assert.assertNotNull(referencedIdentityDescriptor2.getParent());
        Assert.assertEquals("SERVICE1", referencedIdentityDescriptor2.getParent().getName());
        KerberosIdentityDescriptor referencedIdentityDescriptor3 = createInstance.getReferencedIdentityDescriptor("/SERVICE2/SERVICE2_COMPONENT1/collision");
        Assert.assertNotNull(referencedIdentityDescriptor3);
        Assert.assertEquals("collision", referencedIdentityDescriptor3.getName());
        Assert.assertNotNull(referencedIdentityDescriptor3.getParent());
        Assert.assertEquals("SERVICE2_COMPONENT1", referencedIdentityDescriptor3.getParent().getName());
        Assert.assertNotNull(referencedIdentityDescriptor3.getParent().getParent());
        Assert.assertEquals("SERVICE2", referencedIdentityDescriptor3.getParent().getParent().getName());
    }

    @Test
    public void testGetReferencedIdentityDescriptor_RelativePath() throws IOException {
        URL systemResource = ClassLoader.getSystemResource("kerberos/test_get_referenced_identity_descriptor.json");
        Assert.assertNotNull(systemResource);
        KerberosDescriptor createInstance = KERBEROS_DESCRIPTOR_FACTORY.createInstance(new File(systemResource.getFile()));
        Assert.assertNotNull(createInstance);
        KerberosServiceDescriptor service = createInstance.getService("SERVICE2");
        Assert.assertNotNull(service);
        KerberosComponentDescriptor component = service.getComponent("SERVICE2_COMPONENT1");
        Assert.assertNotNull(component);
        KerberosIdentityDescriptor referencedIdentityDescriptor = component.getReferencedIdentityDescriptor("../service2_identity");
        Assert.assertNotNull(referencedIdentityDescriptor);
        Assert.assertEquals("service2_identity", referencedIdentityDescriptor.getName());
        Assert.assertEquals(service, referencedIdentityDescriptor.getParent());
        Assert.assertNull(service.getReferencedIdentityDescriptor("../service2_identity"));
    }

    @Test
    public void testGetReferencedIdentityDescriptor_Recursive() throws IOException {
        URL systemResource = ClassLoader.getSystemResource("kerberos/test_get_referenced_identity_descriptor.json");
        Assert.assertNotNull(systemResource);
        KerberosDescriptor createInstance = KERBEROS_DESCRIPTOR_FACTORY.createInstance(new File(systemResource.getFile()));
        Assert.assertNotNull(createInstance);
        KerberosServiceDescriptor service = createInstance.getService("SERVICE2");
        Assert.assertNotNull(service);
        List<KerberosIdentityDescriptor> identities = service.getIdentities(true, (Map) null);
        Assert.assertNotNull(identities);
        boolean z = false;
        for (KerberosIdentityDescriptor kerberosIdentityDescriptor : identities) {
            if ("service2_stack_reference".equals(kerberosIdentityDescriptor.getName())) {
                Assert.assertEquals("stack@${realm}", kerberosIdentityDescriptor.getPrincipalDescriptor().getValue());
                Assert.assertEquals("${keytab_dir}/service2_stack.keytab", kerberosIdentityDescriptor.getKeytabDescriptor().getFile());
                Assert.assertEquals("/stack_identity", kerberosIdentityDescriptor.getReference());
                Assert.assertEquals("service2/property1_principal", kerberosIdentityDescriptor.getPrincipalDescriptor().getConfiguration());
                z = true;
            }
        }
        Assert.assertTrue(z);
        KerberosComponentDescriptor component = service.getComponent("SERVICE2_COMPONENT1");
        Assert.assertNotNull(component);
        List<KerberosIdentityDescriptor> identities2 = component.getIdentities(true, (Map) null);
        Assert.assertNotNull(identities2);
        boolean z2 = false;
        for (KerberosIdentityDescriptor kerberosIdentityDescriptor2 : identities2) {
            if ("component1_service2_stack_reference".equals(kerberosIdentityDescriptor2.getName())) {
                Assert.assertEquals("stack@${realm}", kerberosIdentityDescriptor2.getPrincipalDescriptor().getValue());
                Assert.assertEquals("${keytab_dir}/service2_stack.keytab", kerberosIdentityDescriptor2.getKeytabDescriptor().getFile());
                Assert.assertEquals("/SERVICE2/service2_stack_reference", kerberosIdentityDescriptor2.getReference());
                Assert.assertEquals("component1_service2/property1_principal", kerberosIdentityDescriptor2.getPrincipalDescriptor().getConfiguration());
                z2 = true;
            }
        }
        Assert.assertTrue(z2);
    }

    @Test
    public void testFiltersOutIdentitiesBasedonInstalledServices() throws IOException {
        KerberosComponentDescriptor component = KERBEROS_DESCRIPTOR_FACTORY.createInstance(new File(ClassLoader.getSystemResource("kerberos/test_filtering_identity_descriptor.json").getFile())).getService("SERVICE1").getComponent("SERVICE1_COMPONENT1");
        Assert.assertEquals(0, component.getIdentities(true, new HashedMap() { // from class: org.apache.ambari.server.state.kerberos.KerberosDescriptorTest.1
            {
                put("services", Collections.emptySet());
            }
        }).size());
        Assert.assertEquals(1, component.getIdentities(true, new HashedMap() { // from class: org.apache.ambari.server.state.kerberos.KerberosDescriptorTest.2
            {
                put("services", Arrays.asList("REF_SERVICE1"));
            }
        }).size());
    }

    @Test
    public void testCollectPrincipalNames() throws Exception {
        Map principals = KERBEROS_DESCRIPTOR_FACTORY.createInstance(new File(ClassLoader.getSystemResource("kerberos/test_get_referenced_identity_descriptor.json").getFile())).principals();
        Assert.assertEquals("service2_component1@${realm}", (String) principals.get("SERVICE2/SERVICE2_COMPONENT1/service2_component1_identity"));
        Assert.assertEquals("service1@${realm}", (String) principals.get("SERVICE1/service1_identity"));
    }

    @Test
    public void testIdentityReferences() throws Exception {
        KerberosDescriptor createInstance = KERBEROS_DESCRIPTOR_FACTORY.createInstance(JSON_VALUE_IDENTITY_REFERENCES);
        List<KerberosIdentityDescriptor> identities = createInstance.getService("SERVICE1").getIdentities(true, (Map) null);
        Assert.assertEquals(2, identities.size());
        for (KerberosIdentityDescriptor kerberosIdentityDescriptor : identities) {
            if (kerberosIdentityDescriptor.isReference()) {
                Assert.assertEquals("service1_spnego", kerberosIdentityDescriptor.getName());
                Assert.assertEquals("/spnego", kerberosIdentityDescriptor.getReference());
            } else {
                Assert.assertEquals("service1_identity", kerberosIdentityDescriptor.getName());
                Assert.assertNull(kerberosIdentityDescriptor.getReference());
            }
        }
        Assert.assertEquals("service1_identity", ((KerberosIdentityDescriptor) identities.get(1)).getName());
        Assert.assertNull(((KerberosIdentityDescriptor) identities.get(1)).getReference());
        List<KerberosIdentityDescriptor> identities2 = createInstance.getService("SERVICE2").getIdentities(true, (Map) null);
        Assert.assertEquals(2, identities2.size());
        for (KerberosIdentityDescriptor kerberosIdentityDescriptor2 : identities2) {
            if (kerberosIdentityDescriptor2.isReference()) {
                Assert.assertEquals("/spnego", kerberosIdentityDescriptor2.getName());
                Assert.assertNull(kerberosIdentityDescriptor2.getReference());
            } else {
                Assert.assertEquals("service2_identity", kerberosIdentityDescriptor2.getName());
                Assert.assertNull(kerberosIdentityDescriptor2.getReference());
            }
        }
    }

    @Test
    public void testGetPath() throws Exception {
        KerberosServiceDescriptor service = KERBEROS_DESCRIPTOR_FACTORY.createInstance(JSON_VALUE).getService("SERVICE_NAME");
        List identities = service.getIdentities(false, (Map) null);
        Assert.assertEquals(1, identities.size());
        Assert.assertEquals("/SERVICE_NAME/identity_1", ((KerberosIdentityDescriptor) identities.get(0)).getPath());
        List identities2 = service.getComponent("COMPONENT_NAME").getIdentities(false, (Map) null);
        Assert.assertEquals(1, identities2.size());
        Assert.assertEquals("/SERVICE_NAME/COMPONENT_NAME/identity_1", ((KerberosIdentityDescriptor) identities2.get(0)).getPath());
        List identities3 = KERBEROS_DESCRIPTOR_FACTORY.createInstance(JSON_VALUE_IDENTITY_REFERENCES).getService("SERVICE1").getIdentities(true, (Map) null);
        Assert.assertEquals(2, identities3.size());
        Assert.assertEquals("/SERVICE1/service1_spnego", ((KerberosIdentityDescriptor) identities3.get(0)).getPath());
        Assert.assertEquals("/SERVICE1/service1_identity", ((KerberosIdentityDescriptor) identities3.get(1)).getPath());
    }

    @Test
    public void testGetReferences() throws Exception {
        KerberosDescriptor createInstance = KERBEROS_DESCRIPTOR_FACTORY.createInstance(JSON_VALUE_IDENTITY_REFERENCES);
        List<KerberosIdentityDescriptor> findReferences = createInstance.getIdentity("spnego").findReferences();
        Assert.assertNotNull(findReferences);
        Assert.assertEquals(2, findReferences.size());
        Set<String> collectPaths = collectPaths(findReferences);
        Assert.assertTrue(collectPaths.contains("/SERVICE1/service1_spnego"));
        Assert.assertTrue(collectPaths.contains("/SERVICE2//spnego"));
        List<KerberosIdentityDescriptor> findReferences2 = createInstance.getService("SERVICE1").getIdentity("service1_identity").findReferences();
        Assert.assertNotNull(findReferences2);
        Assert.assertEquals(1, findReferences2.size());
        Assert.assertTrue(collectPaths(findReferences2).contains("/SERVICE2/COMPONENT21/service2_component1_service1_identity"));
        List<KerberosIdentityDescriptor> findReferences3 = createInstance.getService("SERVICE2").getComponent("COMPONENT21").getIdentity("component1_identity").findReferences();
        Assert.assertNotNull(findReferences3);
        Assert.assertEquals(1, findReferences3.size());
        Assert.assertTrue(collectPaths(findReferences3).contains("/SERVICE2/COMPONENT21/service2_component1_component1_identity"));
        List<KerberosIdentityDescriptor> findReferences4 = createInstance.getService("SERVICE2").getIdentity("service2_identity").findReferences();
        Assert.assertNotNull(findReferences4);
        Assert.assertEquals(1, findReferences4.size());
        Assert.assertTrue(collectPaths(findReferences4).contains("/SERVICE2/COMPONENT21/service2_component1_service2_identity"));
    }

    private Set<String> collectPaths(List<KerberosIdentityDescriptor> list) {
        HashSet hashSet = new HashSet();
        Iterator<KerberosIdentityDescriptor> it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getPath());
        }
        return hashSet;
    }

    static {
        TreeMap treeMap = new TreeMap();
        treeMap.put("name", "root");
        treeMap.put("access", "rw");
        TreeMap treeMap2 = new TreeMap();
        treeMap2.put("name", "hadoop");
        treeMap2.put("access", "r");
        TreeMap treeMap3 = new TreeMap();
        treeMap3.put("file", "/etc/security/keytabs/subject.service.keytab");
        treeMap3.put("owner", treeMap);
        treeMap3.put("group", treeMap2);
        treeMap3.put("configuration", "service-site/service2.component.keytab.file");
        TreeMap treeMap4 = new TreeMap();
        treeMap4.put("name", "shared");
        treeMap4.put(KerberosIdentityDescriptor.KEY_PRINCIPAL, KerberosPrincipalDescriptorTest.MAP_VALUE);
        treeMap4.put(KerberosIdentityDescriptor.KEY_KEYTAB, treeMap3);
        TreeMap treeMap5 = new TreeMap();
        treeMap5.put((String) KerberosServiceDescriptorTest.MAP_VALUE.get("name"), KerberosServiceDescriptorTest.MAP_VALUE);
        TreeMap treeMap6 = new TreeMap();
        treeMap6.put("shared", treeMap4);
        TreeMap treeMap7 = new TreeMap();
        treeMap7.put("property1", "red");
        TreeMap treeMap8 = new TreeMap();
        treeMap8.put("cluster-conf", treeMap7);
        TreeMap treeMap9 = new TreeMap();
        treeMap9.put("cluster-conf", treeMap8);
        ArrayList arrayList = new ArrayList();
        arrayList.add("global.name.rules");
        TreeMap treeMap10 = new TreeMap();
        treeMap10.put("realm", "EXAMPLE.COM");
        treeMap10.put("some.property", "Hello World");
        MAP_VALUE = new TreeMap();
        MAP_VALUE.put("properties", treeMap10);
        MAP_VALUE.put(KerberosDescriptor.KEY_AUTH_TO_LOCAL_PROPERTIES, arrayList);
        MAP_VALUE.put(KerberosDescriptor.KEY_SERVICES, treeMap5.values());
        MAP_VALUE.put(KerberosDescriptor.KEY_CONFIGURATIONS, treeMap9.values());
        MAP_VALUE.put(KerberosDescriptor.KEY_IDENTITIES, treeMap6.values());
    }
}
