package co.cask.cdap.security.authorization;

import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.namespace.InMemoryNamespaceClient;
import co.cask.cdap.proto.NamespaceMeta;
import co.cask.cdap.proto.id.ApplicationId;
import co.cask.cdap.proto.id.KerberosPrincipalId;
import co.cask.cdap.proto.id.NamespaceId;
import co.cask.cdap.security.auth.context.AuthenticationTestContext;
import co.cask.cdap.security.impersonation.DefaultOwnerAdmin;
import co.cask.cdap.security.impersonation.InMemoryOwnerStore;
import co.cask.cdap.security.impersonation.OwnerAdmin;
import co.cask.cdap.security.spi.authentication.AuthenticationContext;
import java.net.InetAddress;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:co/cask/cdap/security/authorization/AuthorizationUtilTest.class */
public class AuthorizationUtilTest {
    private static CConfiguration cConf;
    private static InMemoryNamespaceClient namespaceClient;
    private static AuthenticationContext authenticationContext;
    private static final NamespaceId namespaceId = new NamespaceId("AuthorizationUtilTest");
    private static final ApplicationId applicationId = namespaceId.app("someapp");
    private static String username;

    @BeforeClass
    public static void init() throws Exception {
        cConf = CConfiguration.create();
        username = UserGroupInformation.getCurrentUser().getShortUserName();
        namespaceClient = new InMemoryNamespaceClient();
        authenticationContext = new AuthenticationTestContext();
    }

    @Test
    public void testGetAppAuthorizingUse() throws Exception {
        OwnerAdmin ownerAdmin = getOwnerAdmin();
        namespaceClient.create(new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(username + "/" + InetAddress.getLocalHost().getHostName() + "@REALM.net").setKeytabURI("doesnotmatter").build());
        Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, (KerberosPrincipalId) null));
        namespaceClient.delete(namespaceId);
        namespaceClient.create(new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(username).setKeytabURI("doesnotmatter").build());
        Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, (KerberosPrincipalId) null));
        namespaceClient.delete(namespaceId);
        namespaceClient.create(new NamespaceMeta.Builder().setName(namespaceId).setPrincipal(username + "@REALM.net").setKeytabURI("doesnotmatter").build());
        Assert.assertEquals(username, AuthorizationUtil.getAppAuthorizingUser(ownerAdmin, authenticationContext, applicationId, (KerberosPrincipalId) null));
        namespaceClient.delete(namespaceId);
    }

    private OwnerAdmin getOwnerAdmin() {
        return new DefaultOwnerAdmin(cConf, new InMemoryOwnerStore(), namespaceClient);
    }
}
