package org.apache.impala.customcluster;

import com.google.common.collect.Range;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.integ.CreateLdapServerRule;
import org.apache.impala.testutil.LdapUtil;
import org.apache.impala.testutil.WebClient;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.ClassRule;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", address = "localhost")})
@ApplyLdifFiles({"users.ldif"})
/* loaded from: input_file:org/apache/impala/customcluster/LdapImpalaShellTest.class */
public class LdapImpalaShellTest {
    protected static final String delegateUser_ = "proxyUser$";
    private WebClient client_ = new WebClient();

    @ClassRule
    public static CreateLdapServerRule serverRule = new CreateLdapServerRule();
    private static final Range<Long> zero = Range.closed(0L, 0L);
    private static final Range<Long> one = Range.closed(1L, 1L);

    public void setUp(String str) throws Exception {
        Assert.assertEquals(startImpalaCluster(String.format("--enable_ldap_auth --ldap_uri='%s' --ldap_passwords_in_clear_ok %s", String.format("ldap://localhost:%s", Integer.valueOf(serverRule.getLdapServer().getPort())), str)), 0L);
        verifyMetrics(zero, zero, zero, zero);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int startImpalaCluster(String str) throws IOException, InterruptedException {
        return CustomClusterRunner.StartImpalaCluster(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean pythonSupportsSSLContext() throws Exception {
        return Boolean.parseBoolean(RunShellCommand.Run(new String[]{"python", "-c", "import ssl; print(hasattr(ssl, 'create_default_context'))"}, true, "", "").replace("\n", ""));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<String> getProtocolsToTest() throws Exception {
        List<String> asList = Arrays.asList("beeswax", "hs2");
        if (pythonSupportsSSLContext()) {
            asList = Arrays.asList("beeswax", "hs2", "hs2-http");
        }
        return asList;
    }

    private void verifyMetrics(Range<Long> range, Range<Long> range2, Range<Long> range3, Range<Long> range4) throws Exception {
        long longValue = ((Long) this.client_.getMetric("impala.thrift-server.hiveserver2-http-frontend.total-basic-auth-success")).longValue();
        Assert.assertTrue("Expected: " + range + ", Actual: " + longValue, range.contains(Long.valueOf(longValue)));
        long longValue2 = ((Long) this.client_.getMetric("impala.thrift-server.hiveserver2-http-frontend.total-basic-auth-failure")).longValue();
        Assert.assertTrue("Expected: " + range2 + ", Actual: " + longValue2, range2.contains(Long.valueOf(longValue2)));
        long longValue3 = ((Long) this.client_.getMetric("impala.thrift-server.hiveserver2-http-frontend.total-cookie-auth-success")).longValue();
        Assert.assertTrue("Expected: " + range3 + ", Actual: " + longValue3, range3.contains(Long.valueOf(longValue3)));
        long longValue4 = ((Long) this.client_.getMetric("impala.thrift-server.hiveserver2-http-frontend.total-cookie-auth-failure")).longValue();
        Assert.assertTrue("Expected: " + range4 + ", Actual: " + longValue4, range4.contains(Long.valueOf(longValue4)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] buildCommand(String str, String str2, String str3, String str4, String str5) {
        return new String[]{"impala-shell.sh", "--protocol=" + str2, "--ldap", "--auth_creds_ok_in_clear", "--user=" + str3, "--ldap_password_cmd=printf " + str4, "--query=" + str, "--http_path=" + str5};
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void testShellLdapAuthImpl() throws Exception {
        String[] strArr = {"impala-shell.sh", "", "--ldap", "--auth_creds_ok_in_clear", String.format("--user=%s", LdapUtil.TEST_USER_1), String.format("--ldap_password_cmd=printf %s", LdapUtil.TEST_PASSWORD_1), String.format("--query=%s", "select logged_in_user()")};
        String[] strArr2 = {"impala-shell.sh", "", "--ldap", "--auth_creds_ok_in_clear", "--http_cookie_names=impala.auth", String.format("--user=%s", LdapUtil.TEST_USER_1), String.format("--ldap_password_cmd=printf %s", LdapUtil.TEST_PASSWORD_1), String.format("--query=%s", "select logged_in_user()")};
        String[] strArr3 = {"impala-shell.sh", "", "--ldap", "--auth_creds_ok_in_clear", "--http_cookie_names=impala.conn", String.format("--user=%s", LdapUtil.TEST_USER_1), String.format("--ldap_password_cmd=printf %s", LdapUtil.TEST_PASSWORD_1), String.format("--query=%s", "select logged_in_user()")};
        String[] strArr4 = {"impala-shell.sh", "", "--ldap", "--auth_creds_ok_in_clear", "--http_cookie_names=", String.format("--user=%s", LdapUtil.TEST_USER_1), String.format("--ldap_password_cmd=printf %s", LdapUtil.TEST_PASSWORD_1), String.format("--query=%s", "select logged_in_user()")};
        String[] strArr5 = {"impala-shell.sh", "", "--ldap", "--auth_creds_ok_in_clear", "--user=foo", "--ldap_password_cmd=printf bar", String.format("--query=%s", "select logged_in_user()")};
        String[] strArr6 = {"impala-shell.sh", "", String.format("--query=%s", "select logged_in_user()")};
        for (String str : getProtocolsToTest()) {
            String format = String.format("--protocol=%s", str);
            strArr[1] = format;
            RunShellCommand.Run(strArr, true, LdapUtil.TEST_USER_1, "Starting Impala Shell with LDAP-based authentication");
            if (str.equals("hs2-http")) {
                verifyMetrics(Range.atLeast(1L), zero, Range.atLeast(1L), zero);
            }
            strArr2[1] = format;
            RunShellCommand.Run(strArr2, true, LdapUtil.TEST_USER_1, "Starting Impala Shell with LDAP-based authentication");
            if (str.equals("hs2-http")) {
                verifyMetrics(Range.atLeast(2L), zero, Range.atLeast(2L), zero);
            }
            strArr3[1] = format;
            RunShellCommand.Run(strArr3, true, LdapUtil.TEST_USER_1, "Starting Impala Shell with LDAP-based authentication");
            if (str.equals("hs2-http")) {
                verifyMetrics(Range.atLeast(2L), zero, Range.atLeast(2L), zero);
            }
            strArr4[1] = format;
            RunShellCommand.Run(strArr4, true, LdapUtil.TEST_USER_1, "Starting Impala Shell with LDAP-based authentication");
            if (str.equals("hs2-http")) {
                verifyMetrics(Range.atLeast(2L), zero, Range.atLeast(2L), zero);
            }
            strArr5[1] = format;
            RunShellCommand.Run(strArr5, false, "", "Not connected to Impala");
            strArr6[1] = format;
            RunShellCommand.Run(strArr6, false, "", "Not connected to Impala");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void testHttpImpersonationImpl() throws Exception {
        Assume.assumeTrue(pythonSupportsSSLContext());
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_2, LdapUtil.TEST_PASSWORD_2, "/?doAs=proxyUser$"), false, "", String.format("User '%s' is not authorized to delegate to '%s'", LdapUtil.TEST_USER_2, delegateUser_));
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_1, LdapUtil.TEST_PASSWORD_1, "/?doAs=invalid-delegate-user"), false, "", String.format("User '%s' is not authorized to delegate to '%s'", LdapUtil.TEST_USER_1, "invalid-delegate-user"));
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_1, LdapUtil.TEST_PASSWORD_1, "/?doAs=%"), false, "", "Not connected to Impala");
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_1, LdapUtil.TEST_PASSWORD_1, "/?doAs=proxyUser$"), true, delegateUser_, "");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void testLdapFiltersImpl() throws Exception {
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_2, LdapUtil.TEST_PASSWORD_2, "/cliservice"), false, "", "Not connected to Impala");
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_3, LdapUtil.TEST_PASSWORD_3, "/cliservice"), false, "", "Not connected to Impala");
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_4, LdapUtil.TEST_PASSWORD_4, "/cliservice"), false, "", "Not connected to Impala");
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_1, LdapUtil.TEST_PASSWORD_1, "/cliservice"), true, LdapUtil.TEST_USER_1, "");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void testLdapFiltersWithProxyImpl() throws Exception {
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_4, LdapUtil.TEST_PASSWORD_4, "/?doAs=Test1Ldap"), true, LdapUtil.TEST_USER_1, "");
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_4, LdapUtil.TEST_PASSWORD_4, "/?doAs=Test3Ldap"), false, "", "Not connected to Impala");
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_4, LdapUtil.TEST_PASSWORD_4, "/?doAs=Test2Ldap"), false, "", "Not connected to Impala");
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_4, LdapUtil.TEST_PASSWORD_4, "/?doAs=Test4Ldap"), false, "", "Not connected to Impala");
        RunShellCommand.Run(buildCommand("select logged_in_user()", "hs2-http", LdapUtil.TEST_USER_4, LdapUtil.TEST_PASSWORD_4, "/"), false, "", "");
    }
}
