package org.apache.flink.runtime.util;

import org.apache.flink.util.TestLogger;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;
import sun.security.krb5.Config;
import sun.security.krb5.KrbException;

/* loaded from: input_file:org/apache/flink/runtime/util/HadoopUtilsTest.class */
public class HadoopUtilsTest extends TestLogger {
    @BeforeClass
    public static void setPropertiesToEnableKerberosConfigInit() throws KrbException {
        System.setProperty("java.security.krb5.realm", "");
        System.setProperty("java.security.krb5.kdc", "");
        System.setProperty("java.security.krb5.conf", "/dev/null");
        Config.refresh();
    }

    @Test
    public void testShouldReturnFalseWhenNoKerberosCredentialsOrDelegationTokens() {
        UserGroupInformation.setConfiguration(getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS));
        UserGroupInformation createTestUser = createTestUser(UserGroupInformation.AuthenticationMethod.KERBEROS);
        Assume.assumeFalse(createTestUser.hasKerberosCredentials());
        boolean isKerberosSecurityEnabled = HadoopUtils.isKerberosSecurityEnabled(createTestUser);
        boolean areKerberosCredentialsValid = HadoopUtils.areKerberosCredentialsValid(createTestUser, true);
        Assert.assertTrue(isKerberosSecurityEnabled);
        Assert.assertFalse(areKerberosCredentialsValid);
    }

    @Test
    public void testShouldReturnTrueWhenDelegationTokenIsPresent() {
        UserGroupInformation.setConfiguration(getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS));
        UserGroupInformation createTestUser = createTestUser(UserGroupInformation.AuthenticationMethod.KERBEROS);
        createTestUser.addToken(getHDFSDelegationToken());
        Assume.assumeFalse(createTestUser.hasKerberosCredentials());
        Assert.assertTrue(HadoopUtils.areKerberosCredentialsValid(createTestUser, true));
    }

    @Test
    public void testShouldReturnTrueWhenKerberosCredentialsArePresent() {
        UserGroupInformation.setConfiguration(getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS));
        UserGroupInformation userGroupInformation = (UserGroupInformation) Mockito.mock(UserGroupInformation.class);
        Mockito.when(userGroupInformation.getAuthenticationMethod()).thenReturn(UserGroupInformation.AuthenticationMethod.KERBEROS);
        Mockito.when(Boolean.valueOf(userGroupInformation.hasKerberosCredentials())).thenReturn(true);
        Assert.assertTrue(HadoopUtils.areKerberosCredentialsValid(userGroupInformation, true));
    }

    @Test
    public void isKerberosSecurityEnabled_NoKerberos_ReturnsFalse() {
        UserGroupInformation.setConfiguration(getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod.PROXY));
        Assert.assertFalse(HadoopUtils.isKerberosSecurityEnabled(createTestUser(UserGroupInformation.AuthenticationMethod.PROXY)));
    }

    @Test
    public void testShouldReturnTrueIfTicketCacheIsNotUsed() {
        UserGroupInformation.setConfiguration(getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS));
        Assert.assertTrue(HadoopUtils.areKerberosCredentialsValid(createTestUser(UserGroupInformation.AuthenticationMethod.KERBEROS), false));
    }

    @Test
    public void testShouldCheckIfTheUserHasHDFSDelegationToken() {
        UserGroupInformation createTestUser = createTestUser(UserGroupInformation.AuthenticationMethod.KERBEROS);
        createTestUser.addToken(getHDFSDelegationToken());
        Assert.assertTrue(HadoopUtils.hasHDFSDelegationToken(createTestUser));
    }

    @Test
    public void testShouldReturnFalseIfTheUserHasNoHDFSDelegationToken() {
        UserGroupInformation createTestUser = createTestUser(UserGroupInformation.AuthenticationMethod.KERBEROS);
        Assume.assumeTrue(createTestUser.getTokens().isEmpty());
        Assert.assertFalse(HadoopUtils.hasHDFSDelegationToken(createTestUser));
    }

    private static Configuration getHadoopConfigWithAuthMethod(UserGroupInformation.AuthenticationMethod authenticationMethod) {
        Configuration configuration = new Configuration(true);
        configuration.set("hadoop.security.authentication", authenticationMethod.name());
        return configuration;
    }

    private static UserGroupInformation createTestUser(UserGroupInformation.AuthenticationMethod authenticationMethod) {
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("test-user");
        createRemoteUser.setAuthenticationMethod(authenticationMethod);
        return createRemoteUser;
    }

    private static Token<DelegationTokenIdentifier> getHDFSDelegationToken() {
        Token<DelegationTokenIdentifier> token = new Token<>();
        token.setKind(HadoopUtils.HDFS_DELEGATION_TOKEN_KIND);
        return token;
    }
}
