package org.apache.hadoop.security;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import javax.naming.CommunicationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/security/TestLdapGroupsMapping.class */
public class TestLdapGroupsMapping extends TestLdapGroupsMappingBase {
    private static final Logger LOG = LoggerFactory.getLogger(TestLdapGroupsMapping.class);
    private static final byte[] AUTHENTICATE_SUCCESS_MSG = {48, 12, 2, 1, 1, 97, 7, 10, 1, 0, 4, 0, 4, 0};

    @Before
    public void setupMocks() throws NamingException {
        SearchResult searchResult = (SearchResult) Mockito.mock(SearchResult.class);
        Mockito.when(this.mockUserNamingEnum.nextElement()).thenReturn(searchResult);
        Mockito.when(searchResult.getNameInNamespace()).thenReturn("CN=some_user,DC=test,DC=com");
    }

    @Test
    public void testGetGroups() throws IOException, NamingException {
        Mockito.when(this.mockContext.search(Mockito.anyString(), Mockito.anyString(), (Object[]) Mockito.any(Object[].class), (SearchControls) Mockito.any(SearchControls.class))).thenReturn(this.mockUserNamingEnum, new NamingEnumeration[]{this.mockGroupNamingEnum});
        doTestGetGroups(Arrays.asList(this.testGroups), 2);
    }

    @Test
    public void testGetGroupsWithConnectionClosed() throws IOException, NamingException {
        Mockito.when(this.mockContext.search(Mockito.anyString(), Mockito.anyString(), (Object[]) Mockito.any(Object[].class), (SearchControls) Mockito.any(SearchControls.class))).thenThrow(new Throwable[]{new CommunicationException("Connection is closed")}).thenReturn(this.mockUserNamingEnum, new NamingEnumeration[]{this.mockGroupNamingEnum});
        doTestGetGroups(Arrays.asList(this.testGroups), 3);
    }

    @Test
    public void testGetGroupsWithLdapDown() throws IOException, NamingException {
        Mockito.when(this.mockContext.search(Mockito.anyString(), Mockito.anyString(), (Object[]) Mockito.any(Object[].class), (SearchControls) Mockito.any(SearchControls.class))).thenThrow(new Throwable[]{new CommunicationException("Connection is closed")});
        doTestGetGroups(Arrays.asList(new String[0]), 3);
    }

    private void doTestGetGroups(List<String> list, int i) throws IOException, NamingException {
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.group.mapping.ldap.url", "ldap://test");
        this.mappingSpy.setConf(configuration);
        Assert.assertEquals(list, this.mappingSpy.getGroups("some_user"));
        ((DirContext) Mockito.verify(this.mockContext, Mockito.times(i))).search(Mockito.anyString(), Mockito.anyString(), (Object[]) Mockito.any(Object[].class), (SearchControls) Mockito.any(SearchControls.class));
    }

    @Test
    public void testExtractPassword() throws IOException {
        File file = new File(System.getProperty("test.build.data", "target/test-dir"));
        file.mkdirs();
        File file2 = new File(file, "secret.txt");
        FileWriter fileWriter = new FileWriter(file2);
        fileWriter.write("hadoop");
        fileWriter.close();
        Assert.assertEquals("hadoop", new LdapGroupsMapping().extractPassword(file2.getPath()));
    }

    @Test
    public void testConfGetPassword() throws Exception {
        File file = new File(System.getProperty("test.build.data", "target/test-dir"));
        Configuration configuration = new Configuration();
        String str = "jceks://file" + new Path(file.toString(), "test.jks").toUri();
        new File(file, "test.jks").delete();
        configuration.set("hadoop.security.credential.provider.path", str);
        CredentialProvider credentialProvider = (CredentialProvider) CredentialProviderFactory.getProviders(configuration).get(0);
        char[] cArr = {'b', 'i', 'n', 'd', 'p', 'a', 's', 's'};
        char[] cArr2 = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};
        Assert.assertEquals((Object) null, credentialProvider.getCredentialEntry("hadoop.security.group.mapping.ldap.bind.password"));
        Assert.assertEquals((Object) null, credentialProvider.getCredentialEntry("hadoop.security.group.mapping.ldap.ssl.keystore.password"));
        try {
            credentialProvider.createCredentialEntry("hadoop.security.group.mapping.ldap.bind.password", cArr);
            credentialProvider.createCredentialEntry("hadoop.security.group.mapping.ldap.ssl.keystore.password", cArr2);
            credentialProvider.flush();
            Assert.assertArrayEquals(cArr, credentialProvider.getCredentialEntry("hadoop.security.group.mapping.ldap.bind.password").getCredential());
            Assert.assertArrayEquals(cArr2, credentialProvider.getCredentialEntry("hadoop.security.group.mapping.ldap.ssl.keystore.password").getCredential());
            LdapGroupsMapping ldapGroupsMapping = new LdapGroupsMapping();
            Assert.assertEquals("bindpass", ldapGroupsMapping.getPassword(configuration, "hadoop.security.group.mapping.ldap.bind.password", ""));
            Assert.assertEquals("storepass", ldapGroupsMapping.getPassword(configuration, "hadoop.security.group.mapping.ldap.ssl.keystore.password", ""));
            Assert.assertEquals("", ldapGroupsMapping.getPassword(configuration, "invalid-alias", ""));
        } catch (Exception e) {
            e.printStackTrace();
            throw e;
        }
    }

    @Test(timeout = 30000)
    public void testLdapConnectionTimeout() throws IOException, InterruptedException {
        final ServerSocket serverSocket = new ServerSocket(0);
        Throwable th = null;
        try {
            try {
                final CountDownLatch countDownLatch = new CountDownLatch(1);
                Thread thread = new Thread(new Runnable() { // from class: org.apache.hadoop.security.TestLdapGroupsMapping.1
                    @Override // java.lang.Runnable
                    public void run() {
                        try {
                            Socket accept = serverSocket.accept();
                            Throwable th2 = null;
                            try {
                                countDownLatch.await();
                                if (accept != null) {
                                    if (0 != 0) {
                                        try {
                                            accept.close();
                                        } catch (Throwable th3) {
                                            th2.addSuppressed(th3);
                                        }
                                    } else {
                                        accept.close();
                                    }
                                }
                            } finally {
                            }
                        } catch (Exception e) {
                            e.printStackTrace();
                        }
                    }
                });
                thread.start();
                LdapGroupsMapping ldapGroupsMapping = new LdapGroupsMapping();
                Configuration configuration = new Configuration();
                configuration.set("hadoop.security.group.mapping.ldap.url", "ldap://localhost:" + serverSocket.getLocalPort());
                configuration.setInt("hadoop.security.group.mapping.ldap.connection.timeout.ms", 3000);
                ldapGroupsMapping.setConf(configuration);
                try {
                    try {
                        ldapGroupsMapping.doGetGroups("hadoop");
                        Assert.fail("The LDAP query should have timed out!");
                        countDownLatch.countDown();
                    } catch (Throwable th2) {
                        countDownLatch.countDown();
                        throw th2;
                    }
                } catch (NamingException e) {
                    LOG.debug("Got the exception while LDAP querying: ", e);
                    GenericTestUtils.assertExceptionContains("LDAP response read timed out, timeout used:3000ms", e);
                    Assert.assertFalse(e.getMessage().contains("remaining name"));
                    countDownLatch.countDown();
                }
                thread.join();
                if (serverSocket != null) {
                    if (0 == 0) {
                        serverSocket.close();
                        return;
                    }
                    try {
                        serverSocket.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                }
            } catch (Throwable th4) {
                th = th4;
                throw th4;
            }
        } catch (Throwable th5) {
            if (serverSocket != null) {
                if (th != null) {
                    try {
                        serverSocket.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    serverSocket.close();
                }
            }
            throw th5;
        }
    }

    @Test(timeout = 30000)
    public void testLdapReadTimeout() throws IOException, InterruptedException {
        final ServerSocket serverSocket = new ServerSocket(0);
        Throwable th = null;
        try {
            final CountDownLatch countDownLatch = new CountDownLatch(1);
            Thread thread = new Thread(new Runnable() { // from class: org.apache.hadoop.security.TestLdapGroupsMapping.2
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        Socket accept = serverSocket.accept();
                        Throwable th2 = null;
                        try {
                            IOUtils.skipFully(accept.getInputStream(), 1L);
                            accept.getOutputStream().write(TestLdapGroupsMapping.AUTHENTICATE_SUCCESS_MSG);
                            countDownLatch.await();
                            if (accept != null) {
                                if (0 != 0) {
                                    try {
                                        accept.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    accept.close();
                                }
                            }
                        } finally {
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
            });
            thread.start();
            LdapGroupsMapping ldapGroupsMapping = new LdapGroupsMapping();
            Configuration configuration = new Configuration();
            configuration.set("hadoop.security.group.mapping.ldap.url", "ldap://localhost:" + serverSocket.getLocalPort());
            configuration.setInt("hadoop.security.group.mapping.ldap.read.timeout.ms", 4000);
            ldapGroupsMapping.setConf(configuration);
            try {
                try {
                    ldapGroupsMapping.doGetGroups("hadoop");
                    Assert.fail("The LDAP query should have timed out!");
                    countDownLatch.countDown();
                } catch (Throwable th2) {
                    countDownLatch.countDown();
                    throw th2;
                }
            } catch (NamingException e) {
                LOG.debug("Got the exception while LDAP querying: ", e);
                GenericTestUtils.assertExceptionContains("LDAP response read timed out, timeout used:4000ms", e);
                GenericTestUtils.assertExceptionContains("remaining name", e);
                countDownLatch.countDown();
            }
            thread.join();
            if (serverSocket != null) {
                if (0 == 0) {
                    serverSocket.close();
                    return;
                }
                try {
                    serverSocket.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
            }
        } catch (Throwable th4) {
            if (serverSocket != null) {
                if (0 != 0) {
                    try {
                        serverSocket.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    serverSocket.close();
                }
            }
            throw th4;
        }
    }
}
