package org.apache.phoenix.end2end;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.io.Reader;
import java.io.Writer;
import java.lang.reflect.Field;
import java.nio.file.Paths;
import java.security.PrivilegedAction;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.LocalHBaseCluster;
import org.apache.hadoop.hbase.security.HBaseKerberosUtils;
import org.apache.hadoop.hbase.security.token.TokenProvider;
import org.apache.hadoop.http.HttpConfig;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.phoenix.query.ConfigurationFactory;
import org.apache.phoenix.queryserver.server.QueryServer;
import org.apache.phoenix.util.InstanceResolver;
import org.apache.phoenix.util.ThinClientUtil;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Category({NeedsOwnMiniClusterTest.class})
/* loaded from: input_file:org/apache/phoenix/end2end/SecureQueryServerPhoenixDBIT.class */
public class SecureQueryServerPhoenixDBIT {
    private static final String SPNEGO_PRINCIPAL = "HTTP/localhost";
    private static final String PQS_PRINCIPAL = "phoenixqs/localhost";
    private static final String SERVICE_PRINCIPAL = "securecluster/localhost";
    private static File KEYTAB;
    private static MiniKdc KDC;
    private static LocalHBaseCluster HBASE_CLUSTER;
    private static int NUM_CREATED_USERS;
    private static ExecutorService PQS_EXECUTOR;
    private static QueryServer PQS;
    private static int PQS_PORT;
    private static String PQS_URL;
    private static final Logger LOG = LoggerFactory.getLogger(SecureQueryServerPhoenixDBIT.class);
    private static final File TEMP_DIR = new File(getTempDirForClass());
    private static final File KEYTAB_DIR = new File(TEMP_DIR, "keytabs");
    private static final List<File> USER_KEYTAB_FILES = new ArrayList();
    private static HBaseTestingUtility UTIL = new HBaseTestingUtility();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/phoenix/end2end/SecureQueryServerPhoenixDBIT$Kdc.class */
    public enum Kdc {
        MIT,
        HEIMDAL
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/phoenix/end2end/SecureQueryServerPhoenixDBIT$StreamCopy.class */
    public class StreamCopy implements Runnable {
        private Reader reader;
        private Writer writer;

        public StreamCopy(Reader reader, Writer writer) {
            this.reader = reader;
            this.writer = writer;
        }

        @Override // java.lang.Runnable
        public void run() {
            while (true) {
                try {
                    IOUtils.copy(this.reader, this.writer);
                    Thread.sleep(10L);
                } catch (Exception e) {
                    return;
                }
            }
        }
    }

    private static String getTempDirForClass() {
        StringBuilder sb = new StringBuilder(32);
        sb.append(System.getProperty("user.dir")).append(File.separator);
        sb.append("target").append(File.separator);
        sb.append(SecureQueryServerPhoenixDBIT.class.getSimpleName());
        return sb.toString();
    }

    private static void updateDefaultRealm() throws Exception {
        Field declaredField = KerberosName.class.getDeclaredField("defaultRealm");
        declaredField.setAccessible(true);
        declaredField.set(null, "EXAMPLE.COM");
    }

    private static void createUsers(int i) throws Exception {
        Assert.assertNotNull("KDC is null, was setup method called?", KDC);
        NUM_CREATED_USERS = i;
        for (int i2 = 1; i2 <= i; i2++) {
            String str = "user" + i2;
            File file = new File(KEYTAB_DIR, str + ".keytab");
            KDC.createPrincipal(file, new String[]{str});
            USER_KEYTAB_FILES.add(file);
        }
    }

    private static Map.Entry<String, File> getUser(int i) {
        if (i <= 0 || i > NUM_CREATED_USERS) {
            throw new IllegalArgumentException();
        }
        return new AbstractMap.SimpleImmutableEntry("user" + i, USER_KEYTAB_FILES.get(i - 1));
    }

    private static void setHdfsSecuredConfiguration(Configuration configuration) throws Exception {
        configuration.set("dfs.namenode.kerberos.principal", "securecluster/localhost@" + KDC.getRealm());
        configuration.set("dfs.namenode.keytab.file", KEYTAB.getAbsolutePath());
        configuration.set("dfs.datanode.kerberos.principal", "securecluster/localhost@" + KDC.getRealm());
        configuration.set("dfs.datanode.keytab.file", KEYTAB.getAbsolutePath());
        configuration.set("dfs.web.authentication.kerberos.principal", "HTTP/localhost@" + KDC.getRealm());
        configuration.setBoolean("dfs.block.access.token.enable", true);
        configuration.set("dfs.http.policy", HttpConfig.Policy.HTTPS_ONLY.name());
        configuration.set("dfs.namenode.https-address", "localhost:0");
        configuration.set("dfs.datanode.https.address", "localhost:0");
        File file = new File(UTIL.getDataTestDir("keystore").toUri().getPath());
        file.mkdirs();
        TlsUtil.setupSSLConfig(file.getAbsolutePath(), TlsUtil.getClasspathDir(SecureQueryServerPhoenixDBIT.class), configuration, false);
        configuration.setBoolean("ignore.secure.ports.for.testing", true);
    }

    private static void ensureIsEmptyDirectory(File file) throws IOException {
        if (file.exists()) {
            if (file.isDirectory()) {
                FileUtils.deleteDirectory(file);
            } else {
                Assert.assertTrue("Failed to delete keytab directory", file.delete());
            }
        }
        Assert.assertTrue("Failed to create keytab directory", file.mkdirs());
    }

    private static void checkForCommandOnPath(String str) throws Exception {
        Process start = new ProcessBuilder((List<String>) Arrays.asList("which", str)).start();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(start.getInputStream()));
        BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(start.getErrorStream()));
        int waitFor = start.waitFor();
        while (bufferedReader.ready()) {
            LOG.info(bufferedReader.readLine());
        }
        while (bufferedReader2.ready()) {
            LOG.error(bufferedReader2.readLine());
        }
        Assume.assumeTrue("Could not find '" + str + "' on the PATH", waitFor == 0);
    }

    @BeforeClass
    public static synchronized void setUp() throws Exception {
        checkForCommandOnPath("python");
        checkForCommandOnPath("virtualenv");
        checkForCommandOnPath("kinit");
        final Configuration configuration = UTIL.getConfiguration();
        ensureIsEmptyDirectory(TEMP_DIR);
        ensureIsEmptyDirectory(KEYTAB_DIR);
        KEYTAB = new File(KEYTAB_DIR, "test.keytab");
        KDC = UTIL.setupMiniKdc(KEYTAB);
        KDC.createPrincipal(KEYTAB, new String[]{SPNEGO_PRINCIPAL, PQS_PRINCIPAL, SERVICE_PRINCIPAL});
        UTIL.startMiniZKCluster();
        createUsers(3);
        HBaseKerberosUtils.setPrincipalForTesting("securecluster/localhost@" + KDC.getRealm());
        HBaseKerberosUtils.setSecuredConfiguration(configuration);
        setHdfsSecuredConfiguration(configuration);
        UserGroupInformation.setConfiguration(configuration);
        configuration.setInt("hbase.master.port", 0);
        configuration.setInt("hbase.master.info.port", 0);
        configuration.setInt("hbase.regionserver.port", 0);
        configuration.setInt("hbase.regionserver.info.port", 0);
        configuration.setStrings("hbase.coprocessor.region.classes", new String[]{TokenProvider.class.getName()});
        configuration.set("phoenix.queryserver.kerberos.http.principal", "HTTP/localhost@" + KDC.getRealm());
        configuration.set("phoenix.queryserver.http.keytab.file", KEYTAB.getAbsolutePath());
        configuration.set("phoenix.queryserver.kerberos.principal", "phoenixqs/localhost@" + KDC.getRealm());
        configuration.set("phoenix.queryserver.keytab.file", KEYTAB.getAbsolutePath());
        configuration.setBoolean("phoenix.queryserver.disable.kerberos.login", true);
        if (System.getProperty("do.not.randomize.pqs.port") == null) {
            configuration.setInt("phoenix.queryserver.http.port", 0);
        }
        configuration.set("hadoop.proxyuser.phoenixqs.groups", "*");
        configuration.set("hadoop.proxyuser.phoenixqs.hosts", "*");
        InstanceResolver.clearSingletons();
        InstanceResolver.getSingleton(ConfigurationFactory.class, new ConfigurationFactory() { // from class: org.apache.phoenix.end2end.SecureQueryServerPhoenixDBIT.1
            public Configuration getConfiguration() {
                return configuration;
            }

            public Configuration getConfiguration(Configuration configuration2) {
                Configuration configuration3 = new Configuration(configuration);
                configuration3.addResource(configuration2);
                return configuration3;
            }
        });
        updateDefaultRealm();
        UTIL.startMiniDFSCluster(1);
        configuration.set("hbase.rootdir", UTIL.getDataTestDirOnTestFS(SecureQueryServerPhoenixDBIT.class.getSimpleName()).toString());
        HBASE_CLUSTER = new LocalHBaseCluster(configuration, 1);
        HBASE_CLUSTER.startup();
        startQueryServer();
    }

    private static void startQueryServer() throws Exception {
        PQS = new QueryServer(new String[0], UTIL.getConfiguration());
        final UserGroupInformation loginUserFromKeytabAndReturnUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(PQS_PRINCIPAL, KEYTAB.getAbsolutePath());
        PQS_EXECUTOR = Executors.newSingleThreadExecutor();
        PQS_EXECUTOR.submit(new Runnable() { // from class: org.apache.phoenix.end2end.SecureQueryServerPhoenixDBIT.2
            @Override // java.lang.Runnable
            public void run() {
                loginUserFromKeytabAndReturnUGI.doAs(new PrivilegedAction<Void>() { // from class: org.apache.phoenix.end2end.SecureQueryServerPhoenixDBIT.2.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public Void run() {
                        SecureQueryServerPhoenixDBIT.PQS.run();
                        return null;
                    }
                });
            }
        });
        PQS.awaitRunning();
        PQS_PORT = PQS.getPort();
        PQS_URL = ThinClientUtil.getConnectionUrl("localhost", PQS_PORT) + ";authentication=SPNEGO";
    }

    @AfterClass
    public static synchronized void stopKdc() throws Exception {
        InstanceResolver.clearSingletons();
        if (PQS_EXECUTOR != null) {
            PQS.stop();
            PQS_EXECUTOR.shutdown();
            if (!PQS_EXECUTOR.awaitTermination(5L, TimeUnit.SECONDS)) {
                LOG.info("PQS didn't exit in 5 seconds, proceeding anyways.");
            }
        }
        if (HBASE_CLUSTER != null) {
            HBASE_CLUSTER.shutdown();
            HBASE_CLUSTER.join();
        }
        if (UTIL != null) {
            UTIL.shutdownMiniZKCluster();
        }
        if (KDC != null) {
            KDC.stop();
        }
    }

    @Test
    public void testBasicReadWrite() throws Exception {
        runShellScript("python", Paths.get(new File(".").getAbsolutePath(), "src", "it", "bin", "test_phoenixdb.py").toString());
    }

    @Test
    public void testFullSuite() throws Exception {
        Assume.assumeNotNull(new Object[]{System.getProperty("run.full.python.testsuite")});
        runShellScript("python", "-m", "unittest", "discover", "-v", "-s", Paths.get(new File(".").getAbsolutePath(), "..", "python-phoenixdb").toString());
    }

    @Test
    public void startLocalPQS() throws Exception {
        Assume.assumeNotNull(new Object[]{System.getProperty("start.secure.pqs")});
        runShellScript("sleep", "86400");
    }

    /* JADX WARN: Finally extract failed */
    public void runShellScript(String... strArr) throws Exception {
        Map.Entry<String, File> user = getUser(1);
        String absolutePath = new File(".").getAbsolutePath();
        LOG.debug("Current working directory : " + absolutePath);
        LOG.debug("PQS_PORT:" + PQS_PORT);
        LOG.debug("PQS_URL: " + PQS_URL);
        ArrayList arrayList = new ArrayList();
        arrayList.add(Paths.get(absolutePath, "src", "it", "bin", "test_phoenixdb.sh").toString());
        arrayList.add(Paths.get(absolutePath, "..", "python-phoenixdb").toString());
        arrayList.add(user.getKey() + "@" + KDC.getRealm());
        arrayList.add(user.getValue().getAbsolutePath());
        String lowerCase = System.getProperty("os.name").toLowerCase();
        String property = System.getProperty("PHOENIXDB_KDC_IMPL", "");
        Kdc kdc = property.isEmpty() ? lowerCase.indexOf("mac") >= 0 ? Kdc.HEIMDAL : Kdc.MIT : property.trim().equalsIgnoreCase(Kdc.HEIMDAL.name()) ? Kdc.HEIMDAL : Kdc.MIT;
        LOG.info("Generating krb5.conf for KDC type:'{}'. OS='{}', PHOENIXDB_KDC_IMPL='{}'", new Object[]{kdc, lowerCase, property});
        File file = null;
        switch (kdc) {
            case HEIMDAL:
                int port = KDC.getPort();
                LOG.info("MINIKDC PORT " + port);
                StringBuilder sb = new StringBuilder();
                sb.append("[libdefaults]\n");
                sb.append("     default_realm = EXAMPLE.COM\n");
                sb.append("     udp_preference_limit = 1\n");
                sb.append("\n");
                sb.append("[realms]\n");
                sb.append("    EXAMPLE.COM = {\n");
                sb.append("       kdc = localhost:");
                sb.append(port);
                sb.append("\n");
                sb.append("       kdc = tcp/localhost:");
                sb.append(port);
                sb.append("\n");
                sb.append("    }\n");
                LOG.info("Writing Heimdal style krb5.conf");
                LOG.info(sb.toString());
                file = File.createTempFile("krb5.conf", null);
                FileOutputStream fileOutputStream = new FileOutputStream(file);
                fileOutputStream.write(sb.toString().getBytes());
                fileOutputStream.close();
                LOG.info("krb5.conf written to " + file.getAbsolutePath());
                arrayList.add(file.getAbsolutePath());
                break;
            case MIT:
                arrayList.add(System.getProperty("java.security.krb5.conf"));
                LOG.info("Using miniKDC provided krb5.conf  " + KDC.getKrb5conf().getAbsolutePath());
                break;
            default:
                throw new RuntimeException("Unhandled KDC type: " + kdc);
        }
        arrayList.add(Integer.toString(PQS_PORT));
        arrayList.addAll(Arrays.asList(strArr));
        LOG.info("Running command {}", arrayList.stream().collect(Collectors.joining(" ")));
        Thread thread = null;
        Thread thread2 = null;
        try {
            Process start = new ProcessBuilder(arrayList).start();
            thread = new Thread(new StreamCopy(new BufferedReader(new InputStreamReader(start.getInputStream())), new PrintWriter(System.out)));
            thread.start();
            thread2 = new Thread(new StreamCopy(new BufferedReader(new InputStreamReader(start.getErrorStream())), new PrintWriter(System.err)));
            thread2.start();
            int waitFor = start.waitFor();
            if (file != null) {
                file.delete();
            }
            Assert.assertEquals("Subprocess exited with errors", 0L, waitFor);
            LOG.info("Test exiting");
            if (thread != null) {
                thread.stop();
                System.out.flush();
            }
            if (thread2 != null) {
                thread2.stop();
                System.err.flush();
            }
        } catch (Throwable th) {
            LOG.info("Test exiting");
            if (thread != null) {
                thread.stop();
                System.out.flush();
            }
            if (thread2 != null) {
                thread2.stop();
                System.err.flush();
            }
            throw th;
        }
    }
}
