package org.apache.flink.table.security.token;

import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.time.Clock;
import java.time.Instant;
import java.time.ZoneId;
import java.util.Optional;
import org.apache.flink.configuration.SecurityOptions;
import org.apache.flink.util.FlinkRuntimeException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.ql.metadata.Hive;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;
import sun.security.krb5.Config;
import sun.security.krb5.KrbException;

/* loaded from: input_file:org/apache/flink/table/security/token/HiveServer2DelegationTokenProviderITCase.class */
public class HiveServer2DelegationTokenProviderITCase {

    /* loaded from: input_file:org/apache/flink/table/security/token/HiveServer2DelegationTokenProviderITCase$TestHiveServer2DelegationToken.class */
    private class TestHiveServer2DelegationToken extends HiveServer2DelegationTokenIdentifier {
        private TestHiveServer2DelegationToken() {
        }

        public long getIssueDate() {
            return 1000L;
        }
    }

    @BeforeAll
    public static void setPropertiesToEnableKerberosConfigInit() throws KrbException {
        System.setProperty("java.security.krb5.realm", "EXAMPLE.COM");
        System.setProperty("java.security.krb5.kdc", "kdc");
        System.setProperty("java.security.krb5.conf", "/dev/null");
        Config.refresh();
    }

    @AfterAll
    public static void cleanupHadoopConfigs() {
        UserGroupInformation.setConfiguration(new Configuration());
    }

    @Test
    public void delegationTokensRequiredShouldReturnFalseWhenKerberosIsNotEnabled() throws Exception {
        HiveServer2DelegationTokenProvider hiveServer2DelegationTokenProvider = new HiveServer2DelegationTokenProvider();
        hiveServer2DelegationTokenProvider.init(new org.apache.flink.configuration.Configuration());
        Assertions.assertFalse(hiveServer2DelegationTokenProvider.delegationTokensRequired());
    }

    @Test
    public void delegationTokensRequiredShouldReturnFalseWhenHiveMetastoreUrisIsEmpty() throws Exception {
        UserGroupInformation.setConfiguration(getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS));
        UserGroupInformation.getCurrentUser().setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS);
        HiveServer2DelegationTokenProvider hiveServer2DelegationTokenProvider = new HiveServer2DelegationTokenProvider();
        hiveServer2DelegationTokenProvider.init(new org.apache.flink.configuration.Configuration());
        Assertions.assertFalse(hiveServer2DelegationTokenProvider.delegationTokensRequired());
    }

    @Test
    public void delegationTokensRequiredShouldReturnTrueWhenAllConditionsIsRight(@TempDir Path path) throws Exception {
        HiveConf.setHiveSiteLocation(Thread.currentThread().getContextClassLoader().getResource("test-hive-delegation-token/hive-site.xml"));
        UserGroupInformation.setConfiguration(getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS));
        UserGroupInformation.getCurrentUser().setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS);
        HiveServer2DelegationTokenProvider hiveServer2DelegationTokenProvider = new HiveServer2DelegationTokenProvider();
        org.apache.flink.configuration.Configuration configuration = new org.apache.flink.configuration.Configuration();
        configuration.set(SecurityOptions.KERBEROS_LOGIN_KEYTAB, Files.createFile(path.resolve("test.keytab"), new FileAttribute[0]).toAbsolutePath().toString());
        configuration.set(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL, "test@EXAMPLE.COM");
        hiveServer2DelegationTokenProvider.init(configuration);
        Assertions.assertTrue(hiveServer2DelegationTokenProvider.delegationTokensRequired());
    }

    @Test
    public void getTokenRenewalIntervalShouldReturnRenewalIntervalWhenNoExceptionIsThrown() {
        Assertions.assertEquals(9000L, new HiveServer2DelegationTokenProvider() { // from class: org.apache.flink.table.security.token.HiveServer2DelegationTokenProviderITCase.1
            long getNewExpiration(Hive hive, String str) {
                return 10000L;
            }
        }.getTokenRenewalInterval(Clock.fixed(Instant.ofEpochMilli(0L), ZoneId.systemDefault()), new TestHiveServer2DelegationToken(), (Hive) null, "test"));
    }

    @Test
    public void getTokenRenewalIntervalShouldThrowExceptionWhenHiveIsNull() {
        HiveServer2DelegationTokenProvider hiveServer2DelegationTokenProvider = new HiveServer2DelegationTokenProvider();
        Clock fixed = Clock.fixed(Instant.ofEpochMilli(0L), ZoneId.systemDefault());
        TestHiveServer2DelegationToken testHiveServer2DelegationToken = new TestHiveServer2DelegationToken();
        org.assertj.core.api.Assertions.assertThatThrownBy(() -> {
            hiveServer2DelegationTokenProvider.getTokenRenewalInterval(fixed, testHiveServer2DelegationToken, (Hive) null, "test");
        }).isInstanceOf(FlinkRuntimeException.class).hasMessageContaining("java.lang.NullPointerException");
    }

    @Test
    public void getTokenRenewalDateShouldReturnNoneWhenNegativeRenewalInterval() {
        Assertions.assertEquals(Optional.empty(), new HiveServer2DelegationTokenProvider().getTokenRenewalDate(Clock.fixed(Instant.ofEpochMilli(0L), ZoneId.systemDefault()), new TestHiveServer2DelegationToken(), -1L));
    }

    @Test
    public void getTokenRenewalDateShouldReturnRenewalDateWhenNotNegativeRenewalInterval() {
        Assertions.assertEquals(Optional.of(10000L), new HiveServer2DelegationTokenProvider().getTokenRenewalDate(Clock.fixed(Instant.ofEpochMilli(0L), ZoneId.systemDefault()), new TestHiveServer2DelegationToken(), 9000L));
    }

    private Configuration getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod authenticationMethod) {
        Configuration configuration = new Configuration(true);
        configuration.set("hadoop.security.authentication", authenticationMethod.name());
        return configuration;
    }
}
