package org.apache.hive.service.server;

import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Optional;
import javax.security.sasl.AuthenticationException;
import org.apache.commons.io.IOUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.MetaStoreTestUtils;
import org.apache.hive.service.auth.HttpAuthUtils;
import org.apache.hive.service.auth.PasswdAuthenticationProvider;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.cookie.Cookie;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.params.BasicHttpParams;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.util.B64Code;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/hive/service/server/TestHS2HttpServerLDAP.class */
public class TestHS2HttpServerLDAP {
    private static HiveServer2 hiveServer2;
    private static Integer webUIPort;
    private static final String HOST = "localhost";
    private static final String METASTORE_PASSWD = "693efe9fa425ad21886d73a0fa3fbc70";
    private static final String VALID_USER = "validUser";
    private static final String VALID_PASS = "validPass";
    private static final String INVALID_USER = "invalidUser";
    private static final String INVALID_PASS = "invalidPass";

    /* loaded from: input_file:org/apache/hive/service/server/TestHS2HttpServerLDAP$DummyLdapAuthenticationProviderImpl.class */
    public static class DummyLdapAuthenticationProviderImpl implements PasswdAuthenticationProvider {
        public void authenticate(String str, String str2) throws AuthenticationException {
            if (!str.equals(TestHS2HttpServerLDAP.VALID_USER) || !str2.equals(TestHS2HttpServerLDAP.VALID_PASS)) {
                throw new AuthenticationException();
            }
        }
    }

    @BeforeClass
    public static void beforeTests() throws Exception {
        webUIPort = Integer.valueOf(MetaStoreTestUtils.findFreePortExcepting(Integer.parseInt(HiveConf.ConfVars.HIVE_SERVER2_WEBUI_PORT.getDefaultValue())));
        HiveConf hiveConf = new HiveConf();
        hiveConf.setBoolVar(HiveConf.ConfVars.HIVE_IN_TEST, true);
        hiveConf.set(HiveConf.ConfVars.HIVE_SERVER2_WEBUI_PORT.varname, webUIPort.toString());
        hiveConf.set(HiveConf.ConfVars.HIVE_SERVER2_WEBUI_AUTH_METHOD.varname, "LDAP");
        hiveConf.set(HiveConf.ConfVars.METASTORE_PWD.varname, METASTORE_PASSWD);
        hiveConf.setVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER, "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory");
        hiveConf.setBoolVar(HiveConf.ConfVars.HIVE_QUERY_HISTORY_ENABLED, false);
        hiveServer2 = new HiveServer2(new DummyLdapAuthenticationProviderImpl());
        hiveServer2.init(hiveConf);
        hiveServer2.start();
        Thread.sleep(5000L);
    }

    @Test
    public void testValidCredentialsWithAuthorizationHeader() throws Exception {
        CloseableHttpClient closeableHttpClient = null;
        try {
            BasicCookieStore basicCookieStore = new BasicCookieStore();
            closeableHttpClient = HttpClientBuilder.create().setDefaultCookieStore(basicCookieStore).build();
            HttpGet httpGet = new HttpGet("http://localhost:" + webUIPort + "/jmx");
            httpGet.setHeader(HttpHeader.AUTHORIZATION.asString(), "Basic " + B64Code.encode("validUser:validPass", "iso-8859-1"));
            closeableHttpClient.execute(httpGet);
            Assert.assertTrue(isAuthorized(basicCookieStore.getCookies()));
            if (closeableHttpClient != null) {
                closeableHttpClient.close();
            }
        } catch (Throwable th) {
            if (closeableHttpClient != null) {
                closeableHttpClient.close();
            }
            throw th;
        }
    }

    @Test
    public void testInvalidCredentialsWithInAuthorizationHeader() throws Exception {
        CloseableHttpClient closeableHttpClient = null;
        try {
            BasicCookieStore basicCookieStore = new BasicCookieStore();
            closeableHttpClient = HttpClientBuilder.create().setDefaultCookieStore(basicCookieStore).build();
            HttpGet httpGet = new HttpGet("http://localhost:" + webUIPort + "/jmx");
            httpGet.setHeader(HttpHeader.AUTHORIZATION.asString(), "Basic " + B64Code.encode("invalidUser:invalidPass", "iso-8859-1"));
            closeableHttpClient.execute(httpGet);
            Assert.assertFalse(isAuthorized(basicCookieStore.getCookies()));
            if (closeableHttpClient != null) {
                closeableHttpClient.close();
            }
        } catch (Throwable th) {
            if (closeableHttpClient != null) {
                closeableHttpClient.close();
            }
            throw th;
        }
    }

    @Test
    public void testValidCredentialsWithRequestParameters() throws Exception {
        CloseableHttpClient closeableHttpClient = null;
        try {
            BasicCookieStore basicCookieStore = new BasicCookieStore();
            closeableHttpClient = HttpClientBuilder.create().setDefaultCookieStore(basicCookieStore).build();
            BasicHttpParams basicHttpParams = new BasicHttpParams();
            basicHttpParams.setParameter("username", VALID_USER);
            basicHttpParams.setParameter("password", VALID_PASS);
            HttpPost httpPost = new HttpPost("http://localhost:" + webUIPort + "/login");
            httpPost.setParams(basicHttpParams);
            closeableHttpClient.execute(httpPost);
            Assert.assertFalse(isAuthorized(basicCookieStore.getCookies()));
            if (closeableHttpClient != null) {
                closeableHttpClient.close();
            }
        } catch (Throwable th) {
            if (closeableHttpClient != null) {
                closeableHttpClient.close();
            }
            throw th;
        }
    }

    @Test
    public void testInvalidCredentialsWithRequestParameters() throws Exception {
        CloseableHttpClient closeableHttpClient = null;
        try {
            BasicCookieStore basicCookieStore = new BasicCookieStore();
            closeableHttpClient = HttpClientBuilder.create().setDefaultCookieStore(basicCookieStore).build();
            BasicHttpParams basicHttpParams = new BasicHttpParams();
            basicHttpParams.setParameter("username", INVALID_USER);
            basicHttpParams.setParameter("password", INVALID_PASS);
            HttpPost httpPost = new HttpPost("http://localhost:" + webUIPort + "/login");
            httpPost.setParams(basicHttpParams);
            closeableHttpClient.execute(httpPost);
            Assert.assertFalse(isAuthorized(basicCookieStore.getCookies()));
            if (closeableHttpClient != null) {
                closeableHttpClient.close();
            }
        } catch (Throwable th) {
            if (closeableHttpClient != null) {
                closeableHttpClient.close();
            }
            throw th;
        }
    }

    @Test
    public void testEscapeAuthentication() throws Exception {
        Throwable th;
        CloseableHttpClient build = HttpClientBuilder.create().build();
        Throwable th2 = null;
        try {
            CloseableHttpResponse execute = build.execute(new HttpGet("http://localhost:" + webUIPort + "/hiveserver2.jsp;login"));
            Throwable th3 = null;
            try {
                try {
                    checkForwardToLoginPage(execute);
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    execute = build.execute(new HttpGet("http://localhost:" + webUIPort + "/logs"));
                    th = null;
                } catch (Throwable th5) {
                    th3 = th5;
                    throw th5;
                }
                try {
                    try {
                        checkForwardToLoginPage(execute);
                        if (execute != null) {
                            if (0 != 0) {
                                try {
                                    execute.close();
                                } catch (Throwable th6) {
                                    th.addSuppressed(th6);
                                }
                            } else {
                                execute.close();
                            }
                        }
                        if (build != null) {
                            if (0 == 0) {
                                build.close();
                                return;
                            }
                            try {
                                build.close();
                            } catch (Throwable th7) {
                                th2.addSuppressed(th7);
                            }
                        }
                    } catch (Throwable th8) {
                        th = th8;
                        throw th8;
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th9) {
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th10) {
                        th2.addSuppressed(th10);
                    }
                } else {
                    build.close();
                }
            }
            throw th9;
        }
    }

    private void checkForwardToLoginPage(CloseableHttpResponse closeableHttpResponse) throws Exception {
        Assert.assertEquals(200L, closeableHttpResponse.getStatusLine().getStatusCode());
        String iOUtils = IOUtils.toString(closeableHttpResponse.getEntity().getContent(), StandardCharsets.UTF_8);
        Assert.assertTrue(iOUtils.contains("<meta name=\"description\" content=\"Login - Hive\">"));
        Assert.assertTrue(iOUtils.contains("<div class=\"login-form\">"));
    }

    public static boolean isAuthorized(List<Cookie> list) {
        Optional<Cookie> findAny = list.stream().filter(cookie -> {
            return cookie.getName().equals("hive.server2.webui.auth");
        }).findAny();
        if (!findAny.isPresent()) {
            return false;
        }
        return HttpAuthUtils.getUserNameFromCookieToken(hiveServer2.getLdapAuthService().verifyAndExtract(findAny.get().getValue())).equals(VALID_USER);
    }

    @AfterClass
    public static void afterTests() {
        hiveServer2.stop();
    }
}
