package org.apache.hadoop.hbase.security.provider.example;

import java.io.BufferedWriter;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.nio.charset.StandardCharsets;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hbase.CellUtil;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.LocalHBaseCluster;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Get;
import org.apache.hadoop.hbase.client.Put;
import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.client.RetriesExhaustedException;
import org.apache.hadoop.hbase.client.Table;
import org.apache.hadoop.hbase.client.TableDescriptorBuilder;
import org.apache.hadoop.hbase.security.HBaseKerberosUtils;
import org.apache.hadoop.hbase.security.token.TokenProvider;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.util.CommonFSUtils;
import org.apache.hadoop.hbase.util.Pair;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.TestName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Category({MediumTests.class, SecurityTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/provider/example/TestShadeSaslAuthenticationProvider.class */
public class TestShadeSaslAuthenticationProvider {
    private static final Logger LOG = LoggerFactory.getLogger(TestShadeSaslAuthenticationProvider.class);

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestShadeSaslAuthenticationProvider.class);
    private static final char[] USER1_PASSWORD = "foobarbaz".toCharArray();
    private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
    private static final Configuration CONF = UTIL.getConfiguration();
    private static LocalHBaseCluster CLUSTER;
    private static File KEYTAB_FILE;
    private static Path USER_DATABASE_FILE;

    @Rule
    public TestName name = new TestName();
    TableName tableName;
    String clusterId;

    static LocalHBaseCluster createCluster(HBaseTestingUtility hBaseTestingUtility, File file, MiniKdc miniKdc, Map<String, char[]> map) throws Exception {
        miniKdc.createPrincipal(file, new String[]{"hbase/localhost"});
        hBaseTestingUtility.startMiniZKCluster();
        HBaseKerberosUtils.setSecuredConfiguration(hBaseTestingUtility.getConfiguration(), "hbase/localhost@" + miniKdc.getRealm(), "HTTP/localhost@" + miniKdc.getRealm());
        HBaseKerberosUtils.setSSLConfiguration(hBaseTestingUtility, TestShadeSaslAuthenticationProvider.class);
        hBaseTestingUtility.getConfiguration().setStrings("hbase.coprocessor.region.classes", new String[]{TokenProvider.class.getName()});
        hBaseTestingUtility.startMiniDFSCluster(1);
        Path dataTestDirOnTestFS = hBaseTestingUtility.getDataTestDirOnTestFS("TestShadeSaslAuthenticationProvider");
        USER_DATABASE_FILE = new Path(dataTestDirOnTestFS, "user-db.txt");
        createUserDBFile(USER_DATABASE_FILE.getFileSystem(CONF), USER_DATABASE_FILE, map);
        CONF.set("hbase.security.shade.password.file", USER_DATABASE_FILE.toString());
        CommonFSUtils.setRootDir(CONF, new Path(dataTestDirOnTestFS, "hbase-root"));
        return new LocalHBaseCluster(CONF, 1);
    }

    static void createUserDBFile(FileSystem fileSystem, Path path, Map<String, char[]> map) throws IOException {
        if (fileSystem.exists(path)) {
            fileSystem.delete(path, true);
        }
        FSDataOutputStream create = fileSystem.create(path);
        try {
            BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter((OutputStream) create, StandardCharsets.UTF_8));
            try {
                for (Map.Entry<String, char[]> entry : map.entrySet()) {
                    bufferedWriter.write(entry.getKey());
                    bufferedWriter.write(61);
                    bufferedWriter.write(entry.getValue());
                    bufferedWriter.newLine();
                }
                bufferedWriter.close();
                if (create != null) {
                    create.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (create != null) {
                try {
                    create.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @BeforeClass
    public static void setupCluster() throws Exception {
        KEYTAB_FILE = new File(UTIL.getDataTestDir("keytab").toUri().getPath());
        MiniKdc miniKdc = UTIL.setupMiniKdc(KEYTAB_FILE);
        CONF.setStrings("hbase.client.sasl.provider.extras", new String[]{ShadeSaslClientAuthenticationProvider.class.getName()});
        CONF.setStrings("hbase.server.sasl.provider.extras", new String[]{ShadeSaslServerAuthenticationProvider.class.getName()});
        CONF.set("hbase.client.sasl.provider.class", ShadeProviderSelector.class.getName());
        CLUSTER = createCluster(UTIL, KEYTAB_FILE, miniKdc, Collections.singletonMap("user1", USER1_PASSWORD));
        CLUSTER.startup();
    }

    @AfterClass
    public static void teardownCluster() throws Exception {
        if (CLUSTER != null) {
            CLUSTER.shutdown();
            CLUSTER = null;
        }
        UTIL.shutdownMiniZKCluster();
    }

    @Before
    public void createTable() throws Exception {
        this.tableName = TableName.valueOf(this.name.getMethodName());
        this.clusterId = (String) UserGroupInformation.loginUserFromKeytabAndReturnUGI("hbase/localhost", KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hadoop.hbase.security.provider.example.TestShadeSaslAuthenticationProvider.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public String run() throws Exception {
                Connection createConnection = ConnectionFactory.createConnection(TestShadeSaslAuthenticationProvider.CONF);
                try {
                    Admin admin = createConnection.getAdmin();
                    try {
                        admin.createTable(TableDescriptorBuilder.newBuilder(TestShadeSaslAuthenticationProvider.this.tableName).setColumnFamily(ColumnFamilyDescriptorBuilder.of("f1")).build());
                        TestShadeSaslAuthenticationProvider.UTIL.waitTableAvailable(TestShadeSaslAuthenticationProvider.this.tableName);
                        Table table = createConnection.getTable(TestShadeSaslAuthenticationProvider.this.tableName);
                        try {
                            Put put = new Put(Bytes.toBytes("r1"));
                            put.addColumn(Bytes.toBytes("f1"), Bytes.toBytes("q1"), Bytes.toBytes("1"));
                            table.put(put);
                            if (table != null) {
                                table.close();
                            }
                            String clusterId = admin.getClusterMetrics().getClusterId();
                            if (admin != null) {
                                admin.close();
                            }
                            if (createConnection != null) {
                                createConnection.close();
                            }
                            return clusterId;
                        } catch (Throwable th) {
                            if (table != null) {
                                try {
                                    table.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            }
                            throw th;
                        }
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (createConnection != null) {
                        try {
                            createConnection.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            }
        });
        Assert.assertNotNull(this.clusterId);
    }

    @Test
    public void testPositiveAuthentication() throws Exception {
        final Configuration configuration = new Configuration(CONF);
        Connection createConnection = ConnectionFactory.createConnection(configuration);
        try {
            UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("user1", new String[0]);
            createUserForTesting.addToken(ShadeClientTokenUtil.obtainToken(createConnection, "user1", USER1_PASSWORD));
            createUserForTesting.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.provider.example.TestShadeSaslAuthenticationProvider.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    Connection createConnection2 = ConnectionFactory.createConnection(configuration);
                    try {
                        Table table = createConnection2.getTable(TestShadeSaslAuthenticationProvider.this.tableName);
                        try {
                            Result result = table.get(new Get(Bytes.toBytes("r1")));
                            Assert.assertNotNull(result);
                            Assert.assertFalse("Should have read a non-empty Result", result.isEmpty());
                            Assert.assertTrue("Unexpected value", CellUtil.matchingValue(result.getColumnLatestCell(Bytes.toBytes("f1"), Bytes.toBytes("q1")), Bytes.toBytes("1")));
                            if (table != null) {
                                table.close();
                            }
                            if (createConnection2 != null) {
                                createConnection2.close();
                            }
                            return null;
                        } finally {
                        }
                    } catch (Throwable th) {
                        if (createConnection2 != null) {
                            try {
                                createConnection2.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                }
            });
            if (createConnection != null) {
                createConnection.close();
            }
        } catch (Throwable th) {
            if (createConnection != null) {
                try {
                    createConnection.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testNegativeAuthentication() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Pair("org.apache.hadoop.hbase.client.ZKConnectionRegistry", RetriesExhaustedException.class));
        arrayList.forEach(pair -> {
            LOG.info("Running negative authentication test for client registry {}, expecting {}", pair.getFirst(), ((Class) pair.getSecond()).getName());
            final Configuration configuration = new Configuration(CONF);
            configuration.setInt("hbase.client.retries.number", 3);
            configuration.set("hbase.client.registry.impl", (String) pair.getFirst());
            try {
                Connection createConnection = ConnectionFactory.createConnection(configuration);
                try {
                    UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("user1", new String[0]);
                    createUserForTesting.addToken(ShadeClientTokenUtil.obtainToken(createConnection, "user1", "not a real password".toCharArray()));
                    LOG.info("Executing request to HBase Master which should fail");
                    createUserForTesting.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.provider.example.TestShadeSaslAuthenticationProvider.3
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public Void run() throws Exception {
                            try {
                                Connection createConnection2 = ConnectionFactory.createConnection(configuration);
                                try {
                                    createConnection2.getAdmin().listTableDescriptors();
                                    Assert.fail("Should not successfully authenticate with HBase");
                                    if (createConnection2 != null) {
                                        createConnection2.close();
                                    }
                                    return null;
                                } finally {
                                }
                            } catch (Exception e) {
                                TestShadeSaslAuthenticationProvider.LOG.info("Caught exception in negative Master connectivity test", e);
                                Assert.assertEquals("Found unexpected exception", pair.getSecond(), e.getClass());
                                return null;
                            }
                        }
                    });
                    LOG.info("Executing request to HBase RegionServer which should fail");
                    createUserForTesting.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.provider.example.TestShadeSaslAuthenticationProvider.4
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public Void run() throws Exception {
                            try {
                                Connection createConnection2 = ConnectionFactory.createConnection(configuration);
                                try {
                                    Table table = createConnection2.getTable(TestShadeSaslAuthenticationProvider.this.tableName);
                                    try {
                                        table.get(new Get(Bytes.toBytes("r1")));
                                        Assert.fail("Should not successfully authenticate with HBase");
                                        if (table != null) {
                                            table.close();
                                        }
                                        if (createConnection2 != null) {
                                            createConnection2.close();
                                        }
                                        return null;
                                    } catch (Throwable th) {
                                        if (table != null) {
                                            try {
                                                table.close();
                                            } catch (Throwable th2) {
                                                th.addSuppressed(th2);
                                            }
                                        }
                                        throw th;
                                    }
                                } finally {
                                }
                            } catch (Exception e) {
                                TestShadeSaslAuthenticationProvider.LOG.info("Caught exception in negative RegionServer connectivity test", e);
                                Assert.assertEquals("Found unexpected exception", pair.getSecond(), e.getClass());
                                return null;
                            }
                        }
                    });
                    if (createConnection != null) {
                        createConnection.close();
                    }
                } catch (Throwable th) {
                    if (createConnection != null) {
                        try {
                            createConnection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            } catch (InterruptedException e2) {
                LOG.error("Caught interrupted exception", e2);
                Thread.currentThread().interrupt();
            }
        });
    }
}
