package org.apache.hadoop.hdfs.web;

import java.io.IOException;
import java.net.URI;
import java.net.URL;
import java.util.Arrays;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager;
import org.apache.hadoop.hdfs.server.namenode.FSNamesystem;
import org.apache.hadoop.hdfs.web.resources.DelegationParam;
import org.apache.hadoop.hdfs.web.resources.DoAsParam;
import org.apache.hadoop.hdfs.web.resources.GetOpParam;
import org.apache.hadoop.hdfs.web.resources.Param;
import org.apache.hadoop.hdfs.web.resources.PutOpParam;
import org.apache.hadoop.hdfs.web.resources.TokenArgumentParam;
import org.apache.hadoop.hdfs.web.resources.UserParam;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.SecurityUtilTestHelper;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:lib/hadoop-hdfs-0.23.7-tests.jar:org/apache/hadoop/hdfs/web/TestWebHdfsUrl.class */
public class TestWebHdfsUrl {
    final URI uri = URI.create("webhdfs://127.0.0.1:0");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/hadoop-hdfs-0.23.7-tests.jar:org/apache/hadoop/hdfs/web/TestWebHdfsUrl$MyWebHdfsFileSystem.class */
    public static class MyWebHdfsFileSystem extends WebHdfsFileSystem {
        MyWebHdfsFileSystem() {
        }

        @Override // org.apache.hadoop.fs.FileSystem
        public URI getCanonicalUri() {
            return super.getCanonicalUri();
        }

        @Override // org.apache.hadoop.hdfs.web.WebHdfsFileSystem, org.apache.hadoop.fs.FileSystem
        public int getDefaultPort() {
            return super.getDefaultPort();
        }
    }

    @Before
    public void resetUGI() {
        UserGroupInformation.setConfiguration(new Configuration());
    }

    @Test(timeout = 4000)
    public void testSimpleAuthParamsInUrl() throws IOException {
        Configuration configuration = new Configuration();
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("test-user");
        UserGroupInformation.setLoginUser(createRemoteUser);
        checkQueryParams(new String[]{GetOpParam.Op.GETFILESTATUS.toQueryString(), new UserParam(createRemoteUser.getShortUserName()).toString()}, getWebHdfsFileSystem(createRemoteUser, configuration).toUrl(GetOpParam.Op.GETFILESTATUS, new Path("/"), new Param[0]));
    }

    @Test(timeout = 4000)
    public void testSimpleProxyAuthParamsInUrl() throws IOException {
        Configuration configuration = new Configuration();
        UserGroupInformation createProxyUser = UserGroupInformation.createProxyUser("test-proxy-user", UserGroupInformation.createRemoteUser("test-user"));
        UserGroupInformation.setLoginUser(createProxyUser);
        checkQueryParams(new String[]{GetOpParam.Op.GETFILESTATUS.toQueryString(), new UserParam(createProxyUser.getRealUser().getShortUserName()).toString(), new DoAsParam(createProxyUser.getShortUserName()).toString()}, getWebHdfsFileSystem(createProxyUser, configuration).toUrl(GetOpParam.Op.GETFILESTATUS, new Path("/"), new Param[0]));
    }

    @Test(timeout = 4000)
    public void testSecureAuthParamsInUrl() throws IOException {
        Configuration configuration = new Configuration();
        configuration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, KerberosAuthenticationHandler.TYPE);
        UserGroupInformation.setConfiguration(configuration);
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("test-user");
        createRemoteUser.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS);
        UserGroupInformation.setLoginUser(createRemoteUser);
        WebHdfsFileSystem webHdfsFileSystem = getWebHdfsFileSystem(createRemoteUser, configuration);
        Path path = new Path("/");
        String encodeToUrlString = webHdfsFileSystem.getDelegationToken().encodeToUrlString();
        checkQueryParams(new String[]{GetOpParam.Op.GETDELEGATIONTOKEN.toQueryString(), new UserParam(createRemoteUser.getShortUserName()).toString()}, webHdfsFileSystem.toUrl(GetOpParam.Op.GETDELEGATIONTOKEN, path, new Param[0]));
        checkQueryParams(new String[]{PutOpParam.Op.RENEWDELEGATIONTOKEN.toQueryString(), new UserParam(createRemoteUser.getShortUserName()).toString(), new TokenArgumentParam(encodeToUrlString).toString()}, webHdfsFileSystem.toUrl(PutOpParam.Op.RENEWDELEGATIONTOKEN, path, new TokenArgumentParam(encodeToUrlString)));
        checkQueryParams(new String[]{PutOpParam.Op.CANCELDELEGATIONTOKEN.toQueryString(), new UserParam(createRemoteUser.getShortUserName()).toString(), new TokenArgumentParam(encodeToUrlString).toString()}, webHdfsFileSystem.toUrl(PutOpParam.Op.CANCELDELEGATIONTOKEN, path, new TokenArgumentParam(encodeToUrlString)));
        checkQueryParams(new String[]{GetOpParam.Op.GETFILESTATUS.toQueryString(), new DelegationParam(encodeToUrlString).toString()}, webHdfsFileSystem.toUrl(GetOpParam.Op.GETFILESTATUS, path, new Param[0]));
        webHdfsFileSystem.setDelegationToken(null);
        checkQueryParams(new String[]{PutOpParam.Op.CANCELDELEGATIONTOKEN.toQueryString(), new UserParam(createRemoteUser.getShortUserName()).toString(), new TokenArgumentParam(encodeToUrlString).toString()}, webHdfsFileSystem.toUrl(PutOpParam.Op.CANCELDELEGATIONTOKEN, path, new TokenArgumentParam(encodeToUrlString)));
        checkQueryParams(new String[]{GetOpParam.Op.GETFILESTATUS.toQueryString(), new UserParam(createRemoteUser.getShortUserName()).toString()}, webHdfsFileSystem.toUrl(GetOpParam.Op.GETFILESTATUS, path, new Param[0]));
    }

    @Test(timeout = 4000)
    public void testSecureProxyAuthParamsInUrl() throws IOException {
        Configuration configuration = new Configuration();
        configuration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, KerberosAuthenticationHandler.TYPE);
        UserGroupInformation.setConfiguration(configuration);
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("test-user");
        createRemoteUser.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS);
        UserGroupInformation createProxyUser = UserGroupInformation.createProxyUser("test-proxy-user", createRemoteUser);
        UserGroupInformation.setLoginUser(createProxyUser);
        WebHdfsFileSystem webHdfsFileSystem = getWebHdfsFileSystem(createProxyUser, configuration);
        Path path = new Path("/");
        String encodeToUrlString = webHdfsFileSystem.getDelegationToken().encodeToUrlString();
        checkQueryParams(new String[]{GetOpParam.Op.GETDELEGATIONTOKEN.toQueryString(), new UserParam(createProxyUser.getRealUser().getShortUserName()).toString(), new DoAsParam(createProxyUser.getShortUserName()).toString()}, webHdfsFileSystem.toUrl(GetOpParam.Op.GETDELEGATIONTOKEN, path, new Param[0]));
        checkQueryParams(new String[]{PutOpParam.Op.RENEWDELEGATIONTOKEN.toQueryString(), new UserParam(createProxyUser.getRealUser().getShortUserName()).toString(), new DoAsParam(createProxyUser.getShortUserName()).toString(), new TokenArgumentParam(encodeToUrlString).toString()}, webHdfsFileSystem.toUrl(PutOpParam.Op.RENEWDELEGATIONTOKEN, path, new TokenArgumentParam(encodeToUrlString)));
        checkQueryParams(new String[]{PutOpParam.Op.CANCELDELEGATIONTOKEN.toQueryString(), new UserParam(createProxyUser.getRealUser().getShortUserName()).toString(), new DoAsParam(createProxyUser.getShortUserName()).toString(), new TokenArgumentParam(encodeToUrlString).toString()}, webHdfsFileSystem.toUrl(PutOpParam.Op.CANCELDELEGATIONTOKEN, path, new TokenArgumentParam(encodeToUrlString)));
        checkQueryParams(new String[]{GetOpParam.Op.GETFILESTATUS.toQueryString(), new DelegationParam(encodeToUrlString).toString()}, webHdfsFileSystem.toUrl(GetOpParam.Op.GETFILESTATUS, path, new Param[0]));
        webHdfsFileSystem.setDelegationToken(null);
        checkQueryParams(new String[]{PutOpParam.Op.CANCELDELEGATIONTOKEN.toQueryString(), new UserParam(createProxyUser.getRealUser().getShortUserName()).toString(), new DoAsParam(createProxyUser.getShortUserName()).toString(), new TokenArgumentParam(encodeToUrlString).toString()}, webHdfsFileSystem.toUrl(PutOpParam.Op.CANCELDELEGATIONTOKEN, path, new TokenArgumentParam(encodeToUrlString)));
        checkQueryParams(new String[]{GetOpParam.Op.GETFILESTATUS.toQueryString(), new UserParam(createProxyUser.getRealUser().getShortUserName()).toString(), new DoAsParam(createProxyUser.getShortUserName()).toString()}, webHdfsFileSystem.toUrl(GetOpParam.Op.GETFILESTATUS, path, new Param[0]));
    }

    private void checkQueryParams(String[] strArr, URL url) {
        Arrays.sort(strArr);
        String[] split = url.getQuery().split("&");
        Arrays.sort(split);
        Assert.assertEquals(Arrays.toString(strArr), Arrays.toString(split));
    }

    private WebHdfsFileSystem getWebHdfsFileSystem(UserGroupInformation userGroupInformation, Configuration configuration) throws IOException {
        if (UserGroupInformation.isSecurityEnabled()) {
            DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier(new Text(userGroupInformation.getUserName()), null, null);
            DelegationTokenSecretManager delegationTokenSecretManager = new DelegationTokenSecretManager(86400000L, 86400000L, 86400000L, 86400000L, (FSNamesystem) Mockito.mock(FSNamesystem.class));
            delegationTokenSecretManager.startThreads();
            Token<? extends TokenIdentifier> token = new Token<>(delegationTokenIdentifier, delegationTokenSecretManager);
            SecurityUtil.setTokenService(token, NetUtils.createSocketAddr(this.uri.getAuthority()));
            token.setKind(WebHdfsFileSystem.TOKEN_KIND);
            userGroupInformation.addToken(token);
        }
        return (WebHdfsFileSystem) FileSystem.get(this.uri, configuration);
    }

    @Test(timeout = 4000)
    public void testSelectHdfsDelegationToken() throws Exception {
        SecurityUtilTestHelper.setTokenServiceUseIp(true);
        Configuration configuration = new Configuration();
        configuration.setClass("fs.webhdfs.impl", MyWebHdfsFileSystem.class, FileSystem.class);
        MyWebHdfsFileSystem myWebHdfsFileSystem = (MyWebHdfsFileSystem) FileSystem.get(URI.create("webhdfs://localhost"), configuration);
        checkTokenSelection(myWebHdfsFileSystem, configuration);
        MyWebHdfsFileSystem myWebHdfsFileSystem2 = (MyWebHdfsFileSystem) FileSystem.get(URI.create("webhdfs://localhost:" + myWebHdfsFileSystem.getDefaultPort()), configuration);
        checkTokenSelection(myWebHdfsFileSystem2, configuration);
        checkTokenSelection((MyWebHdfsFileSystem) FileSystem.get(URI.create("webhdfs://localhost:" + (myWebHdfsFileSystem2.getDefaultPort() - 1)), configuration), configuration);
    }

    private void checkTokenSelection(MyWebHdfsFileSystem myWebHdfsFileSystem, Configuration configuration) throws IOException {
        int port = myWebHdfsFileSystem.getCanonicalUri().getPort();
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting(myWebHdfsFileSystem.getUri().getAuthority(), new String[0]);
        SecurityUtilTestHelper.setTokenServiceUseIp(true);
        Token<? extends TokenIdentifier> token = new Token<>(new byte[0], new byte[0], DelegationTokenIdentifier.HDFS_DELEGATION_KIND, new Text("127.0.0.1:8020"));
        createUserForTesting.addToken(token);
        Token<DelegationTokenIdentifier> selectDelegationToken = myWebHdfsFileSystem.selectDelegationToken(createUserForTesting);
        Assert.assertNotNull(selectDelegationToken);
        Assert.assertEquals(token, selectDelegationToken);
        Token<? extends TokenIdentifier> token2 = new Token<>(new byte[0], new byte[0], WebHdfsFileSystem.TOKEN_KIND, new Text("127.0.0.1:" + port));
        createUserForTesting.addToken(token2);
        Token<DelegationTokenIdentifier> selectDelegationToken2 = myWebHdfsFileSystem.selectDelegationToken(createUserForTesting);
        Assert.assertNotNull(selectDelegationToken2);
        Assert.assertEquals(token2, selectDelegationToken2);
        SecurityUtilTestHelper.setTokenServiceUseIp(false);
        Assert.assertNull(myWebHdfsFileSystem.selectDelegationToken(createUserForTesting));
        Token<? extends TokenIdentifier> token3 = new Token<>(new byte[0], new byte[0], DelegationTokenIdentifier.HDFS_DELEGATION_KIND, new Text("localhost:8020"));
        createUserForTesting.addToken(token3);
        Token<DelegationTokenIdentifier> selectDelegationToken3 = myWebHdfsFileSystem.selectDelegationToken(createUserForTesting);
        Assert.assertNotNull(selectDelegationToken3);
        Assert.assertEquals(token3, selectDelegationToken3);
        Token<? extends TokenIdentifier> token4 = new Token<>(new byte[0], new byte[0], WebHdfsFileSystem.TOKEN_KIND, new Text("localhost:" + port));
        createUserForTesting.addToken(token4);
        Token<DelegationTokenIdentifier> selectDelegationToken4 = myWebHdfsFileSystem.selectDelegationToken(createUserForTesting);
        Assert.assertNotNull(selectDelegationToken4);
        Assert.assertEquals(token4, selectDelegationToken4);
    }
}
