package org.apache.hadoop.hdfs.protocol.datatransfer.sasl;

import java.io.Closeable;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.fs.BlockLocation;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.FileSystemTestHelper;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DFSTestUtil;
import org.apache.hadoop.hdfs.DFSUtilClient;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.protocol.DatanodeID;
import org.apache.hadoop.hdfs.protocol.datatransfer.TrustedChannelResolver;
import org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey;
import org.apache.hadoop.hdfs.server.datanode.DataNode;
import org.apache.hadoop.http.HttpConfig;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.After;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.rules.Timeout;
import org.objectweb.asm.Opcodes;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-hdfs-2.10.0-tests.jar:org/apache/hadoop/hdfs/protocol/datatransfer/sasl/TestSaslDataTransfer.class
  input_file:test-classes/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/TestSaslDataTransfer.class
 */
/* loaded from: input_file:hadoop-hdfs-2.10.0/share/hadoop/hdfs/hadoop-hdfs-2.10.0-tests.jar:org/apache/hadoop/hdfs/protocol/datatransfer/sasl/TestSaslDataTransfer.class */
public class TestSaslDataTransfer extends SaslDataTransferTestCase {
    private static final int BLOCK_SIZE = 4096;
    private static final int NUM_BLOCKS = 3;
    private static final Path PATH = new Path("/file1");
    private MiniDFSCluster cluster;
    private FileSystem fs;

    @Rule
    public ExpectedException exception = ExpectedException.none();

    @Rule
    public Timeout timeout = new Timeout(60000);

    @After
    public void shutdown() {
        IOUtils.cleanup((Log) null, new Closeable[]{this.fs});
        if (this.cluster != null) {
            this.cluster.shutdown();
            this.cluster = null;
        }
    }

    @Test
    public void testAuthentication() throws Exception {
        HdfsConfiguration createSecureConfig = createSecureConfig("authentication,integrity,privacy");
        startCluster(createSecureConfig);
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration(createSecureConfig);
        hdfsConfiguration.set("dfs.data.transfer.protection", "authentication");
        doTest(hdfsConfiguration);
    }

    @Test
    public void testIntegrity() throws Exception {
        HdfsConfiguration createSecureConfig = createSecureConfig("authentication,integrity,privacy");
        startCluster(createSecureConfig);
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration(createSecureConfig);
        hdfsConfiguration.set("dfs.data.transfer.protection", "integrity");
        doTest(hdfsConfiguration);
    }

    @Test
    public void testPrivacy() throws Exception {
        HdfsConfiguration createSecureConfig = createSecureConfig("authentication,integrity,privacy");
        startCluster(createSecureConfig);
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration(createSecureConfig);
        hdfsConfiguration.set("dfs.data.transfer.protection", "privacy");
        doTest(hdfsConfiguration);
    }

    @Test
    public void testClientAndServerDoNotHaveCommonQop() throws Exception {
        HdfsConfiguration createSecureConfig = createSecureConfig("privacy");
        startCluster(createSecureConfig);
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration(createSecureConfig);
        hdfsConfiguration.set("dfs.data.transfer.protection", "authentication");
        this.exception.expect(IOException.class);
        this.exception.expectMessage("could only be replicated to 0 nodes");
        doTest(hdfsConfiguration);
    }

    @Test
    public void testServerSaslNoClientSasl() throws Exception {
        HdfsConfiguration createSecureConfig = createSecureConfig("authentication,integrity,privacy");
        createSecureConfig.setInt("dfs.client.retry.window.base", 10);
        startCluster(createSecureConfig);
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration(createSecureConfig);
        hdfsConfiguration.set("dfs.data.transfer.protection", "");
        GenericTestUtils.LogCapturer captureLogs = GenericTestUtils.LogCapturer.captureLogs(LogFactory.getLog(DataNode.class));
        try {
            try {
                doTest(hdfsConfiguration);
                Assert.fail("Should fail if SASL data transfer protection is not configured or not supported in client");
                captureLogs.stopCapturing();
            } catch (IOException e) {
                GenericTestUtils.assertMatches(e.getMessage(), "could only be replicated to 0 nodes");
                captureLogs.stopCapturing();
            }
            GenericTestUtils.assertMatches(captureLogs.getOutput(), "Failed to read expected SASL data transfer protection handshake from client at");
        } catch (Throwable th) {
            captureLogs.stopCapturing();
            throw th;
        }
    }

    @Test
    public void testDataNodeAbortsIfNoSasl() throws Exception {
        HdfsConfiguration createSecureConfig = createSecureConfig("");
        this.exception.expect(RuntimeException.class);
        this.exception.expectMessage("Cannot start secure DataNode");
        startCluster(createSecureConfig);
    }

    @Test
    public void testDataNodeAbortsIfNotHttpsOnly() throws Exception {
        HdfsConfiguration createSecureConfig = createSecureConfig("authentication");
        createSecureConfig.set(DFSConfigKeys.DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTP_AND_HTTPS.name());
        this.exception.expect(RuntimeException.class);
        this.exception.expectMessage("Cannot start secure DataNode");
        startCluster(createSecureConfig);
    }

    @Test
    public void testNoSaslAndSecurePortsIgnored() throws Exception {
        HdfsConfiguration createSecureConfig = createSecureConfig("");
        createSecureConfig.setBoolean(DFSConfigKeys.IGNORE_SECURE_PORTS_FOR_TESTING_KEY, true);
        startCluster(createSecureConfig);
        doTest(createSecureConfig);
    }

    private void doTest(HdfsConfiguration hdfsConfiguration) throws IOException {
        this.fs = FileSystem.get(this.cluster.getURI(), hdfsConfiguration);
        FileSystemTestHelper.createFile(this.fs, PATH, 3, 4096);
        Assert.assertArrayEquals(FileSystemTestHelper.getFileData(3, 4096L), DFSTestUtil.readFile(this.fs, PATH).getBytes("UTF-8"));
        BlockLocation[] fileBlockLocations = this.fs.getFileBlockLocations(PATH, 0L, Long.MAX_VALUE);
        Assert.assertNotNull(fileBlockLocations);
        Assert.assertEquals(3L, fileBlockLocations.length);
        for (BlockLocation blockLocation : fileBlockLocations) {
            Assert.assertNotNull(blockLocation.getHosts());
            Assert.assertEquals(3L, r0.getHosts().length);
        }
    }

    private void startCluster(HdfsConfiguration hdfsConfiguration) throws IOException {
        this.cluster = new MiniDFSCluster.Builder(hdfsConfiguration).numDataNodes(3).build();
        this.cluster.waitActive();
    }

    @Test(timeout = 60000)
    public void TestPeerFromSocketAndKeyReadTimeout() throws Exception {
        HdfsConfiguration createSecureConfig = createSecureConfig("authentication,integrity,privacy");
        SaslDataTransferClient saslDataTransferClient = new SaslDataTransferClient(createSecureConfig, DataTransferSaslUtil.getSaslPropertiesResolver(createSecureConfig), TrustedChannelResolver.getInstance(createSecureConfig), new AtomicBoolean(false));
        DatanodeID datanodeID = new DatanodeID("127.0.0.1", "localhost", "beefbeef-beef-beef-beef-beefbeefbeef", 1, 2, 3, 4);
        DataEncryptionKeyFactory dataEncryptionKeyFactory = new DataEncryptionKeyFactory() { // from class: org.apache.hadoop.hdfs.protocol.datatransfer.sasl.TestSaslDataTransfer.1
            @Override // org.apache.hadoop.hdfs.protocol.datatransfer.sasl.DataEncryptionKeyFactory
            public DataEncryptionKey newDataEncryptionKey() {
                return new DataEncryptionKey(Opcodes.LSHR, "456", new byte[8], new byte[8], 1234567L, "fakeAlgorithm");
            }
        };
        ServerSocket serverSocket = null;
        Socket socket = null;
        try {
            try {
                serverSocket = new ServerSocket(0, -1);
                socket = new Socket(serverSocket.getInetAddress(), serverSocket.getLocalPort());
                DFSUtilClient.peerFromSocketAndKey(saslDataTransferClient, socket, dataEncryptionKeyFactory, new Token(), datanodeID, 1).close();
                Assert.fail("Expected DFSClient#peerFromSocketAndKey to time out.");
                IOUtils.cleanup((Log) null, new Closeable[]{socket, serverSocket});
            } catch (SocketTimeoutException e) {
                GenericTestUtils.assertExceptionContains("Read timed out", e);
                IOUtils.cleanup((Log) null, new Closeable[]{socket, serverSocket});
            }
        } catch (Throwable th) {
            IOUtils.cleanup((Log) null, new Closeable[]{socket, serverSocket});
            throw th;
        }
    }
}
