package org.apache.hadoop.hbase.http;

import java.io.File;
import java.lang.management.ManagementFactory;
import java.net.URL;
import java.security.PrivilegedExceptionAction;
import javax.management.ObjectName;
import javax.management.QueryExp;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.LocalHBaseCluster;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.Waiter;
import org.apache.hadoop.hbase.ipc.TestProtoBufRpc;
import org.apache.hadoop.hbase.security.HBaseKerberosUtils;
import org.apache.hadoop.hbase.security.token.TokenProvider;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.testclassification.MiscTests;
import org.apache.hadoop.hbase.util.CommonFSUtils;
import org.apache.hadoop.hbase.util.Pair;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.KerberosCredentials;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.TestName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Category({MiscTests.class, MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/http/TestInfoServersACL.class */
public class TestInfoServersACL {
    private static Configuration conf;
    protected static String USERNAME;
    private static LocalHBaseCluster CLUSTER;
    private static MiniKdc KDC;
    private static String PRINCIPAL;
    private static String HTTP_PRINCIPAL;

    @Rule
    public TestName name = new TestName();
    private static final String USER_ADMIN_STR = "admin";
    private static final String USER_NONE_STR = "none";

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestInfoServersACL.class);
    private static final Logger LOG = LoggerFactory.getLogger(TestInfoServersACL.class);
    private static final HBaseTestingUtility UTIL = new HBaseTestingUtility();
    private static final File KEYTAB_FILE = new File(UTIL.getDataTestDir("keytab").toUri().getPath());
    private static String HOST = TestProtoBufRpc.ADDRESS;

    @BeforeClass
    public static void beforeClass() throws Exception {
        conf = UTIL.getConfiguration();
        KDC = UTIL.setupMiniKdc(KEYTAB_FILE);
        USERNAME = UserGroupInformation.getLoginUser().getShortUserName();
        PRINCIPAL = USERNAME + "/" + HOST;
        HTTP_PRINCIPAL = "HTTP/" + HOST;
        KDC.createPrincipal(KEYTAB_FILE, new String[]{PRINCIPAL, HTTP_PRINCIPAL, USER_ADMIN_STR, USER_NONE_STR});
        UTIL.startMiniZKCluster();
        HBaseKerberosUtils.setSecuredConfiguration(conf, PRINCIPAL + "@" + KDC.getRealm(), HTTP_PRINCIPAL + "@" + KDC.getRealm());
        HBaseKerberosUtils.setSSLConfiguration(UTIL, TestInfoServersACL.class);
        conf.setStrings("hbase.coprocessor.region.classes", new String[]{TokenProvider.class.getName()});
        UTIL.startMiniDFSCluster(1);
        CommonFSUtils.setRootDir(conf, UTIL.getDataTestDirOnTestFS("TestInfoServersACL"));
        conf.setInt("hbase.master.info.port", 0);
        conf.setInt("hbase.regionserver.info.port", 0);
        conf.set("hbase.security.authentication.ui", "kerberos");
        conf.set("hbase.security.authentication.spnego.kerberos.principal", HTTP_PRINCIPAL);
        conf.set("hbase.security.authentication.spnego.kerberos.keytab", KEYTAB_FILE.getAbsolutePath());
        conf.setBoolean("hadoop.security.authorization", true);
        conf.set("hbase.security.authentication.spnego.admin.users", USER_ADMIN_STR);
        CLUSTER = new LocalHBaseCluster(conf, 1);
        CLUSTER.startup();
        CLUSTER.getActiveMaster().waitForMetaOnline();
    }

    @AfterClass
    public static void shutDownMiniCluster() throws Exception {
        if (CLUSTER != null) {
            CLUSTER.shutdown();
            CLUSTER.join();
        }
        if (KDC != null) {
            KDC.stop();
        }
        UTIL.shutdownMiniCluster();
    }

    @Test
    public void testAuthorizedUser() throws Exception {
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(USER_ADMIN_STR, KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Pair logLevelPage = TestInfoServersACL.this.getLogLevelPage();
                Assert.assertEquals(200L, ((Integer) logLevelPage.getFirst()).intValue());
                Assert.assertTrue("expected=Get Log Level, content=" + ((String) logLevelPage.getSecond()), ((String) logLevelPage.getSecond()).contains("Get Log Level"));
                return null;
            }
        });
    }

    @Test
    public void testUnauthorizedUser() throws Exception {
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(USER_NONE_STR, KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Assert.assertEquals(403L, ((Integer) TestInfoServersACL.this.getLogLevelPage().getFirst()).intValue());
                return null;
            }
        });
    }

    @Test
    public void testTableActionsAvailableForAdmins() throws Exception {
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(USER_ADMIN_STR, KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Pair tablePage = TestInfoServersACL.this.getTablePage(TableName.META_TABLE_NAME);
                Assert.assertEquals(200L, ((Integer) tablePage.getFirst()).intValue());
                Assert.assertTrue("expected=Actions:, content=" + ((String) tablePage.getSecond()), ((String) tablePage.getSecond()).contains("Actions:"));
                return null;
            }
        });
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(USER_NONE_STR, KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Pair tablePage = TestInfoServersACL.this.getTablePage(TableName.META_TABLE_NAME);
                Assert.assertEquals(200L, ((Integer) tablePage.getFirst()).intValue());
                Assert.assertFalse("should not find=Actions:, content=" + ((String) tablePage.getSecond()), ((String) tablePage.getSecond()).contains("Actions:"));
                return null;
            }
        });
    }

    @Test
    public void testLogsAvailableForAdmins() throws Exception {
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(USER_ADMIN_STR, KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Pair logsPage = TestInfoServersACL.this.getLogsPage();
                Assert.assertEquals(200L, ((Integer) logsPage.getFirst()).intValue());
                Assert.assertTrue("expected=Directory: /logs/, content=" + ((String) logsPage.getSecond()), ((String) logsPage.getSecond()).contains("Directory: /logs/"));
                return null;
            }
        });
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(USER_NONE_STR, KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Assert.assertEquals(403L, ((Integer) TestInfoServersACL.this.getLogsPage().getFirst()).intValue());
                return null;
            }
        });
    }

    @Test
    public void testDumpActionsAvailableForAdmins() throws Exception {
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(USER_ADMIN_STR, KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.7
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Pair masterDumpPage = TestInfoServersACL.this.getMasterDumpPage();
                Assert.assertEquals(200L, ((Integer) masterDumpPage.getFirst()).intValue());
                Assert.assertTrue("expected=Master status for, content=" + ((String) masterDumpPage.getSecond()), ((String) masterDumpPage.getSecond()).contains("Master status for"));
                return null;
            }
        });
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(USER_NONE_STR, KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.8
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Assert.assertEquals(403L, ((Integer) TestInfoServersACL.this.getMasterDumpPage().getFirst()).intValue());
                return null;
            }
        });
    }

    @Test
    public void testStackActionsAvailableForAdmins() throws Exception {
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(USER_ADMIN_STR, KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.9
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Pair stacksPage = TestInfoServersACL.this.getStacksPage();
                Assert.assertEquals(200L, ((Integer) stacksPage.getFirst()).intValue());
                Assert.assertTrue("expected=Process Thread Dump, content=" + ((String) stacksPage.getSecond()), ((String) stacksPage.getSecond()).contains("Process Thread Dump"));
                return null;
            }
        });
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(USER_NONE_STR, KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.10
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Assert.assertEquals(403L, ((Integer) TestInfoServersACL.this.getStacksPage().getFirst()).intValue());
                return null;
            }
        });
    }

    @Test
    public void testJmxAvailableForAdmins() throws Exception {
        UTIL.waitFor(30000L, new Waiter.Predicate<Exception>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.11
            public boolean evaluate() throws Exception {
                for (ObjectName objectName : ManagementFactory.getPlatformMBeanServer().queryNames(new ObjectName("*:*"), (QueryExp) null)) {
                    if (objectName.toString().contains("Hadoop:service=HBase")) {
                        TestInfoServersACL.LOG.info("{}", objectName);
                        return true;
                    }
                }
                return false;
            }
        });
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(USER_ADMIN_STR, KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.12
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Pair jmxPage = TestInfoServersACL.this.getJmxPage();
                Assert.assertEquals(200L, ((Integer) jmxPage.getFirst()).intValue());
                Assert.assertTrue("expected=Hadoop:service=HBase, content=" + ((String) jmxPage.getSecond()), ((String) jmxPage.getSecond()).contains("Hadoop:service=HBase"));
                return null;
            }
        });
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(USER_NONE_STR, KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.13
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Assert.assertEquals(403L, ((Integer) TestInfoServersACL.this.getJmxPage().getFirst()).intValue());
                return null;
            }
        });
    }

    @Test
    public void testMetricsAvailableForAdmins() throws Exception {
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(USER_ADMIN_STR, KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.14
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                Pair metricsPage = TestInfoServersACL.this.getMetricsPage();
                if (404 == ((Integer) metricsPage.getFirst()).intValue()) {
                    return null;
                }
                Assert.assertEquals(200L, ((Integer) metricsPage.getFirst()).intValue());
                Assert.assertTrue("expected=, content=" + ((String) metricsPage.getSecond()), ((String) metricsPage.getSecond()).contains(""));
                return null;
            }
        });
        UserGroupInformation.loginUserFromKeytabAndReturnUGI(USER_NONE_STR, KEYTAB_FILE.getAbsolutePath()).doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.http.TestInfoServersACL.15
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                if (404 == ((Integer) TestInfoServersACL.this.getMetricsPage().getFirst()).intValue()) {
                    return null;
                }
                Assert.assertEquals(403L, ((Integer) r0.getFirst()).intValue());
                return null;
            }
        });
    }

    private String getInfoServerHostAndPort() {
        return "http://localhost:" + CLUSTER.getActiveMaster().getInfoServer().getPort();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Pair<Integer, String> getLogLevelPage() throws Exception {
        return getUrlContent(new URL(getInfoServerHostAndPort() + "/logLevel"));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Pair<Integer, String> getTablePage(TableName tableName) throws Exception {
        return getUrlContent(new URL(getInfoServerHostAndPort() + "/table.jsp?name=" + tableName.getNameAsString()));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Pair<Integer, String> getLogsPage() throws Exception {
        return getUrlContent(new URL(getInfoServerHostAndPort() + "/logs/"));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Pair<Integer, String> getMasterDumpPage() throws Exception {
        return getUrlContent(new URL(getInfoServerHostAndPort() + "/dump"));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Pair<Integer, String> getStacksPage() throws Exception {
        return getUrlContent(new URL(getInfoServerHostAndPort() + "/stacks"));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Pair<Integer, String> getJmxPage() throws Exception {
        return getUrlContent(new URL(getInfoServerHostAndPort() + "/jmx"));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Pair<Integer, String> getMetricsPage() throws Exception {
        return getUrlContent(new URL(getInfoServerHostAndPort() + "/metrics"));
    }

    private Pair<Integer, String> getUrlContent(URL url) throws Exception {
        CloseableHttpClient createHttpClient = createHttpClient(UserGroupInformation.getCurrentUser().getUserName());
        try {
            CloseableHttpResponse execute = createHttpClient.execute(new HttpGet(url.toURI()));
            int statusCode = execute.getStatusLine().getStatusCode();
            if (statusCode == 200) {
                Pair<Integer, String> pair = new Pair<>(Integer.valueOf(statusCode), EntityUtils.toString(execute.getEntity()));
                if (createHttpClient != null) {
                    createHttpClient.close();
                }
                return pair;
            }
            Pair<Integer, String> pair2 = new Pair<>(Integer.valueOf(statusCode), (Object) null);
            if (createHttpClient != null) {
                createHttpClient.close();
            }
            return pair2;
        } catch (Throwable th) {
            if (createHttpClient != null) {
                try {
                    createHttpClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private CloseableHttpClient createHttpClient(String str) throws Exception {
        GSSManager gSSManager = GSSManager.getInstance();
        GSSCredential createCredential = gSSManager.createCredential(gSSManager.createName(str, GSSName.NT_USER_NAME), 0, new Oid("1.2.840.113554.1.2.2"), 1);
        Registry build = RegistryBuilder.create().register("Negotiate", new SPNegoSchemeFactory(true, true)).build();
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(createCredential));
        return HttpClients.custom().setDefaultAuthSchemeRegistry(build).setDefaultCredentialsProvider(basicCredentialsProvider).build();
    }
}
