package org.apache.hadoop.hbase.security.token;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.AsyncConnection;
import org.apache.hadoop.hbase.client.AsyncTable;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.ipc.NettyRpcClient;
import org.apache.hadoop.hbase.protobuf.generated.AuthenticationProtos;
import org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.hbase.util.FutureUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
@Category({SecurityTests.class, MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/token/TestGenerateDelegationToken.class */
public class TestGenerateDelegationToken extends SecureTestCluster {

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestGenerateDelegationToken.class);

    @Parameterized.Parameter
    public String rpcClientImpl;

    @BeforeClass
    public static void setUp() throws Exception {
        SecureTestCluster.setUp();
        Connection createConnection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
        try {
            UserGroupInformation.getCurrentUser().addToken(ClientTokenUtil.obtainToken(createConnection));
            if (createConnection != null) {
                createConnection.close();
            }
        } catch (Throwable th) {
            if (createConnection != null) {
                try {
                    createConnection.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Parameterized.Parameters(name = "{index}: rpcClientImpl={0}")
    public static Collection<Object> parameters() {
        return Arrays.asList(NettyRpcClient.class.getName());
    }

    @Before
    public void setUpBeforeMethod() {
        TEST_UTIL.getConfiguration().set("hbase.rpc.client.impl", this.rpcClientImpl);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void testToken() throws Exception {
        AsyncConnection asyncConnection = (AsyncConnection) ConnectionFactory.createAsyncConnection(TEST_UTIL.getConfiguration()).get();
        try {
            AsyncTable table = asyncConnection.getTable(TableName.META_TABLE_NAME);
            AuthenticationProtos.WhoAmIResponse whoAmIResponse = (AuthenticationProtos.WhoAmIResponse) table.coprocessorService(AuthenticationProtos.AuthenticationService::newStub, (r5, rpcController, rpcCallback) -> {
                r5.whoAmI(rpcController, AuthenticationProtos.WhoAmIRequest.getDefaultInstance(), rpcCallback);
            }, HConstants.EMPTY_START_ROW).get();
            Assert.assertEquals(USERNAME, whoAmIResponse.getUsername());
            Assert.assertEquals(UserGroupInformation.AuthenticationMethod.TOKEN.name(), whoAmIResponse.getAuthMethod());
            IOException iOException = (IOException) Assert.assertThrows(IOException.class, () -> {
                FutureUtils.get(table.coprocessorService(AuthenticationProtos.AuthenticationService::newStub, (r52, rpcController2, rpcCallback2) -> {
                    r52.getAuthenticationToken(rpcController2, AuthenticationProtos.GetAuthenticationTokenRequest.getDefaultInstance(), rpcCallback2);
                }, HConstants.EMPTY_START_ROW));
            });
            MatcherAssert.assertThat(iOException, CoreMatchers.instanceOf(AccessDeniedException.class));
            MatcherAssert.assertThat(iOException.getMessage(), CoreMatchers.containsString("Token generation only allowed for Kerberos authenticated clients"));
            if (asyncConnection != null) {
                asyncConnection.close();
            }
        } catch (Throwable th) {
            if (asyncConnection != null) {
                try {
                    asyncConnection.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testTokenFirst() throws Exception {
        testToken();
    }

    @Test
    public void testOnlyToken() throws Exception {
        User createUserForTesting = User.createUserForTesting(TEST_UTIL.getConfiguration(), "no_krb_user", new String[0]);
        Iterator it = User.getCurrent().getUGI().getCredentials().getAllTokens().iterator();
        while (it.hasNext()) {
            createUserForTesting.getUGI().addToken((Token) it.next());
        }
        createUserForTesting.getUGI().doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.hbase.security.token.TestGenerateDelegationToken.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                TestGenerateDelegationToken.this.testToken();
                return null;
            }
        });
    }
}
