package org.apache.impala.customcluster;

import com.google.common.collect.Lists;
import com.google.common.collect.Range;
import java.util.ArrayList;
import java.util.Arrays;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.directory.server.core.integ.CreateLdapServerRule;
import org.apache.impala.util.Metrics;
import org.apache.log4j.Logger;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", address = "localhost")})
@CreateDS(name = "myDS", partitions = {@CreatePartition(name = "test", suffix = "dc=myorg,dc=com")})
@ApplyLdifFiles({"users.ldif"})
/* loaded from: input_file:org/apache/impala/customcluster/LdapImpylaHttpTest.class */
public class LdapImpylaHttpTest {
    private static final String testUser_ = "Test1Ldap";
    private static final String testPassword_ = "12345";
    private static final String testUser2_ = "Test2Ldap";
    private static final String testPassword2_ = "abcde";
    private static final String delegateUser_ = "proxyUser$";
    Metrics metrics = new Metrics();
    private static final Logger LOG = Logger.getLogger(LdapImpylaHttpTest.class);

    @ClassRule
    public static CreateLdapServerRule serverRule = new CreateLdapServerRule();
    private static String query_ = "select logged_in_user()";
    private static final String helper_ = System.getenv("IMPALA_HOME") + "/tests/util/run_impyla_http_query.py";
    private static final Range<Long> zero = Range.closed(0L, 0L);
    private static final Range<Long> one = Range.closed(1L, 1L);

    @Before
    public void setUp() throws Exception {
        Assert.assertEquals(CustomClusterRunner.StartImpalaCluster(String.format("--enable_ldap_auth --ldap_uri='%s' --ldap_bind_pattern='%s' --ldap_passwords_in_clear_ok --authorized_proxy_user_config=%s=%s", String.format("ldap://localhost:%s", Integer.valueOf(serverRule.getLdapServer().getPort())), "cn=#UID,ou=Users,dc=myorg,dc=com", "Test1Ldap", delegateUser_)), 0L);
        verifyMetrics(zero, zero, zero, zero);
    }

    @After
    public void cleanUp() throws Exception {
        CustomClusterRunner.StartImpalaCluster();
    }

    private void verifyMetrics(Range<Long> range, Range<Long> range2, Range<Long> range3, Range<Long> range4) throws Exception {
        long longValue = ((Long) this.metrics.getMetric("impala.thrift-server.hiveserver2-http-frontend.total-basic-auth-success")).longValue();
        Assert.assertTrue("Expected: " + range + ", Actual: " + longValue, range.contains(Long.valueOf(longValue)));
        long longValue2 = ((Long) this.metrics.getMetric("impala.thrift-server.hiveserver2-http-frontend.total-basic-auth-failure")).longValue();
        Assert.assertTrue("Expected: " + range2 + ", Actual: " + longValue2, range2.contains(Long.valueOf(longValue2)));
        long longValue3 = ((Long) this.metrics.getMetric("impala.thrift-server.hiveserver2-http-frontend.total-cookie-auth-success")).longValue();
        Assert.assertTrue("Expected: " + range3 + ", Actual: " + longValue3, range3.contains(Long.valueOf(longValue3)));
        long longValue4 = ((Long) this.metrics.getMetric("impala.thrift-server.hiveserver2-http-frontend.total-cookie-auth-failure")).longValue();
        Assert.assertTrue("Expected: " + range4 + ", Actual: " + longValue4, range4.contains(Long.valueOf(longValue4)));
    }

    @Test
    public void testImpylaHttpLdapAuth() throws Exception {
        RunShellCommand.Run(buildCommand("Test1Ldap", "12345", null, null), true, "Test1Ldap", "");
        verifyMetrics(Range.atLeast(1L), zero, Range.atLeast(6L), zero);
        long longValue = ((Long) this.metrics.getMetric("impala.thrift-server.hiveserver2-http-frontend.total-basic-auth-success")).longValue();
        long longValue2 = ((Long) this.metrics.getMetric("impala.thrift-server.hiveserver2-http-frontend.total-cookie-auth-success")).longValue();
        RunShellCommand.Run(buildCommand("foo", "bar", null, null), false, "", "HTTP code 401: Unauthorized");
        verifyMetrics(Range.closed(Long.valueOf(longValue), Long.valueOf(longValue)), Range.closed(3L, 3L), Range.closed(Long.valueOf(longValue2), Long.valueOf(longValue2)), zero);
        long longValue3 = ((Long) this.metrics.getMetric("impala.thrift-server.hiveserver2-http-frontend.total-basic-auth-failure")).longValue();
        RunShellCommand.Run(new String[]{"impala-python", helper_, "--query", query_}, false, "", "HTTP code 401: Unauthorized");
        verifyMetrics(Range.closed(Long.valueOf(longValue), Long.valueOf(longValue)), Range.closed(Long.valueOf(longValue3), Long.valueOf(longValue3)), Range.closed(Long.valueOf(longValue2), Long.valueOf(longValue2)), zero);
        RunShellCommand.Run(buildCommand("Test1Ldap", "12345", null, ""), true, "Test1Ldap", "");
        verifyMetrics(Range.atLeast(Long.valueOf(longValue + 7)), Range.closed(Long.valueOf(longValue3), Long.valueOf(longValue3)), Range.closed(Long.valueOf(longValue2), Long.valueOf(longValue2)), zero);
        long longValue4 = ((Long) this.metrics.getMetric("impala.thrift-server.hiveserver2-http-frontend.total-basic-auth-success")).longValue();
        RunShellCommand.Run(buildCommand("Test1Ldap", "12345", null, "impala.auth"), true, "Test1Ldap", "");
        verifyMetrics(Range.atLeast(Long.valueOf(longValue4 + 1)), Range.closed(Long.valueOf(longValue3), Long.valueOf(longValue3)), Range.atLeast(Long.valueOf(longValue2 + 6)), zero);
        long longValue5 = ((Long) this.metrics.getMetric("impala.thrift-server.hiveserver2-http-frontend.total-basic-auth-success")).longValue();
        long longValue6 = ((Long) this.metrics.getMetric("impala.thrift-server.hiveserver2-http-frontend.total-cookie-auth-success")).longValue();
        RunShellCommand.Run(buildCommand("Test1Ldap", "12345", null, "impala.session.id"), true, "Test1Ldap", "");
        verifyMetrics(Range.atLeast(Long.valueOf(longValue5 + 7)), Range.closed(Long.valueOf(longValue3), Long.valueOf(longValue3)), Range.closed(Long.valueOf(longValue6), Long.valueOf(longValue6)), zero);
    }

    private String[] buildCommand(String str, String str2, String str3, String str4) {
        ArrayList newArrayList = Lists.newArrayList(Arrays.asList("impala-python", helper_, "--user", str, "--password", str2, "--query", query_));
        if (str3 != null) {
            newArrayList.addAll(Arrays.asList("--http_path", str3));
        }
        if (str4 != null) {
            newArrayList.addAll(Arrays.asList("--http_cookie_names", str4));
        }
        return (String[]) newArrayList.toArray(new String[0]);
    }

    @Test
    public void testImpylaHttpImpersonation() throws Exception {
        RunShellCommand.Run(buildCommand("Test2Ldap", "abcde", "/?doAs=proxyUser$", null), false, "", String.format("User '%s' is not authorized to delegate to '%s'", "Test2Ldap", delegateUser_));
        RunShellCommand.Run(buildCommand("Test1Ldap", "12345", "/?doAs=invalid-delegate-user", null), false, "", String.format("User '%s' is not authorized to delegate to '%s'", "Test1Ldap", "invalid-delegate-user"));
        RunShellCommand.Run(buildCommand("Test1Ldap", "12345", "/?doAs=%", null), false, "", "httplib.BadStatusLine");
        RunShellCommand.Run(buildCommand("Test1Ldap", "12345", "/?doAs=proxyUser$", null), true, delegateUser_, "");
    }
}
