package org.apache.hadoop.hdfs.security;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.logging.impl.Log4JLogger;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.server.namenode.NameNodeAdapter;
import org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.hdfs.web.WebHdfsTestUtil;
import org.apache.hadoop.hdfs.web.resources.DoAsParam;
import org.apache.hadoop.hdfs.web.resources.ExceptionHandler;
import org.apache.hadoop.hdfs.web.resources.GetOpParam;
import org.apache.hadoop.hdfs.web.resources.PostOpParam;
import org.apache.hadoop.hdfs.web.resources.PutOpParam;
import org.apache.hadoop.mapreduce.util.ProcessTree;
import org.apache.hadoop.security.TestDoAsEffectiveUser;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.token.Token;
import org.apache.log4j.Level;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:lib/hadoop-hdfs-0.23.7-tests.jar:org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.class */
public class TestDelegationTokenForProxyUser {
    private MiniDFSCluster cluster;
    Configuration config;
    private static final String REAL_USER = "RealUser";
    private static final String PROXY_USER = "ProxyUser";
    private static final String GROUP1_NAME = "group1";
    private static final String GROUP2_NAME = "group2";
    private static final String[] GROUP_NAMES = {GROUP1_NAME, GROUP2_NAME};
    private static final Log LOG = LogFactory.getLog(TestDoAsEffectiveUser.class);

    private void configureSuperUserIPAddresses(Configuration configuration, String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        Enumeration<NetworkInterface> networkInterfaces = NetworkInterface.getNetworkInterfaces();
        while (networkInterfaces.hasMoreElements()) {
            Enumeration<InetAddress> inetAddresses = networkInterfaces.nextElement().getInetAddresses();
            while (inetAddresses.hasMoreElements()) {
                arrayList.add(inetAddresses.nextElement().getHostAddress());
            }
        }
        StringBuilder sb = new StringBuilder();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            sb.append((String) it.next());
            sb.append(',');
        }
        sb.append("127.0.1.1,");
        sb.append(InetAddress.getLocalHost().getCanonicalHostName());
        LOG.info("Local Ip addresses: " + sb.toString());
        configuration.setStrings(ProxyUsers.getProxySuperuserIpConfKey(str), sb.toString());
    }

    @Before
    public void setUp() throws Exception {
        this.config = new HdfsConfiguration();
        this.config.setBoolean(DFSConfigKeys.DFS_WEBHDFS_ENABLED_KEY, true);
        this.config.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY, 10000L);
        this.config.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY, ProcessTree.DEFAULT_SLEEPTIME_BEFORE_SIGKILL);
        this.config.setStrings(ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER), GROUP1_NAME);
        configureSuperUserIPAddresses(this.config, REAL_USER);
        FileSystem.setDefaultUri(this.config, "hdfs://localhost:0");
        this.cluster = new MiniDFSCluster.Builder(this.config).build();
        this.cluster.waitActive();
        NameNodeAdapter.getDtSecretManager(this.cluster.getNamesystem()).startThreads();
        ProxyUsers.refreshSuperUserGroupsConfiguration(this.config);
    }

    @After
    public void tearDown() throws Exception {
        if (this.cluster != null) {
            this.cluster.shutdown();
        }
    }

    @Test
    public void testDelegationTokenWithRealUser() throws IOException {
        try {
            Token[] tokenArr = (Token[]) UserGroupInformation.createProxyUserForTesting(PROXY_USER, UserGroupInformation.createRemoteUser(REAL_USER), GROUP_NAMES).doAs(new PrivilegedExceptionAction<Token<?>[]>() { // from class: org.apache.hadoop.hdfs.security.TestDelegationTokenForProxyUser.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Token<?>[] run() throws IOException {
                    return TestDelegationTokenForProxyUser.this.cluster.getFileSystem().addDelegationTokens("RenewerUser", null);
                }
            });
            DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier();
            delegationTokenIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(tokenArr[0].getIdentifier())));
            Assert.assertEquals(delegationTokenIdentifier.getUser().getUserName(), PROXY_USER);
            Assert.assertEquals(delegationTokenIdentifier.getUser().getRealUser().getUserName(), REAL_USER);
        } catch (InterruptedException e) {
        }
    }

    @Test
    public void testWebHdfsDoAs() throws Exception {
        WebHdfsTestUtil.LOG.info("START: testWebHdfsDoAs()");
        ((Log4JLogger) NamenodeWebHdfsMethods.LOG).getLogger().setLevel(Level.ALL);
        ((Log4JLogger) ExceptionHandler.LOG).getLogger().setLevel(Level.ALL);
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(REAL_USER);
        WebHdfsTestUtil.LOG.info("ugi.getShortUserName()=" + createRemoteUser.getShortUserName());
        WebHdfsFileSystem webHdfsFileSystemAs = WebHdfsTestUtil.getWebHdfsFileSystemAs(createRemoteUser, this.config);
        Path path = new Path("/");
        this.cluster.getFileSystem().setPermission(path, new FsPermission((short) 511));
        HttpURLConnection httpURLConnection = (HttpURLConnection) WebHdfsTestUtil.toUrl(webHdfsFileSystemAs, GetOpParam.Op.GETHOMEDIRECTORY, path, new DoAsParam(PROXY_USER)).openConnection();
        Map<?, ?> connectAndGetJson = WebHdfsTestUtil.connectAndGetJson(httpURLConnection, 200);
        httpURLConnection.disconnect();
        Object obj = connectAndGetJson.get(Path.class.getSimpleName());
        WebHdfsTestUtil.LOG.info("responsePath=" + obj);
        Assert.assertEquals("/user/ProxyUser", obj);
        HttpURLConnection httpURLConnection2 = (HttpURLConnection) WebHdfsTestUtil.toUrl(webHdfsFileSystemAs, GetOpParam.Op.GETHOMEDIRECTORY, path, new DoAsParam(PROXY_USER) { // from class: org.apache.hadoop.hdfs.security.TestDelegationTokenForProxyUser.2
            @Override // org.apache.hadoop.hdfs.web.resources.DoAsParam, org.apache.hadoop.hdfs.web.resources.Param
            public String getName() {
                return "DOas";
            }
        }).openConnection();
        Map<?, ?> connectAndGetJson2 = WebHdfsTestUtil.connectAndGetJson(httpURLConnection2, 200);
        httpURLConnection2.disconnect();
        Object obj2 = connectAndGetJson2.get(Path.class.getSimpleName());
        WebHdfsTestUtil.LOG.info("responsePath=" + obj2);
        Assert.assertEquals("/user/ProxyUser", obj2);
        Path path2 = new Path("/testWebHdfsDoAs/a.txt");
        PutOpParam.Op op = PutOpParam.Op.CREATE;
        FSDataOutputStream write = WebHdfsTestUtil.write(webHdfsFileSystemAs, op, WebHdfsTestUtil.twoStepWrite((HttpURLConnection) WebHdfsTestUtil.toUrl(webHdfsFileSystemAs, op, path2, new DoAsParam(PROXY_USER)).openConnection(), op), 4096);
        write.write("Hello, webhdfs user!".getBytes());
        write.close();
        FileStatus fileStatus = webHdfsFileSystemAs.getFileStatus(path2);
        WebHdfsTestUtil.LOG.info("status.getOwner()=" + fileStatus.getOwner());
        Assert.assertEquals(PROXY_USER, fileStatus.getOwner());
        PostOpParam.Op op2 = PostOpParam.Op.APPEND;
        FSDataOutputStream write2 = WebHdfsTestUtil.write(webHdfsFileSystemAs, op2, WebHdfsTestUtil.twoStepWrite((HttpURLConnection) WebHdfsTestUtil.toUrl(webHdfsFileSystemAs, op2, path2, new DoAsParam(PROXY_USER)).openConnection(), op2), 4096);
        write2.write("\nHello again!".getBytes());
        write2.close();
        FileStatus fileStatus2 = webHdfsFileSystemAs.getFileStatus(path2);
        WebHdfsTestUtil.LOG.info("status.getOwner()=" + fileStatus2.getOwner());
        WebHdfsTestUtil.LOG.info("status.getLen()  =" + fileStatus2.getLen());
        Assert.assertEquals(PROXY_USER, fileStatus2.getOwner());
    }
}
