package org.apache.hadoop.hdfs.security;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import junit.framework.Assert;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.server.namenode.FSNamesystem;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/hdfs/security/TestDelegationTokenAuthMethod.class */
public class TestDelegationTokenAuthMethod {
    private MiniDFSCluster cluster;
    Configuration config;

    @Before
    public void setUp() throws Exception {
        this.config = new Configuration();
        FileSystem.setDefaultUri(this.config, "hdfs://localhost:0");
        this.cluster = new MiniDFSCluster(0, this.config, 1, true, true, true, null, null, null, null);
        this.cluster.waitActive();
        this.cluster.getNameNode().getNamesystem().getDelegationTokenSecretManager().startThreads();
    }

    @After
    public void tearDown() throws Exception {
        if (this.cluster != null) {
            this.cluster.shutdown();
        }
    }

    private Token<DelegationTokenIdentifier> generateDelegationToken(String str, String str2) {
        return new Token<>(new DelegationTokenIdentifier(new Text(str), new Text(str2), (Text) null), this.cluster.getNameNode().getNamesystem().getDelegationTokenSecretManager());
    }

    @Test
    public void testDelegationTokenNamesystemApi() throws Exception {
        final FSNamesystem namesystem = this.cluster.getNameNode().getNamesystem();
        final UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        currentUser.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS);
        this.config.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(this.config);
        currentUser.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hdfs.security.TestDelegationTokenAuthMethod.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                try {
                    Token delegationToken = namesystem.getDelegationToken(new Text(currentUser.getShortUserName()));
                    namesystem.renewDelegationToken(delegationToken);
                    namesystem.cancelDelegationToken(delegationToken);
                    return null;
                } catch (IOException e) {
                    e.printStackTrace();
                    throw e;
                }
            }
        });
    }

    @Test
    public void testGetDelegationTokenWithoutKerberos() throws Exception {
        final FSNamesystem namesystem = this.cluster.getNameNode().getNamesystem();
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        currentUser.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.TOKEN);
        this.config.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(this.config);
        currentUser.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hdfs.security.TestDelegationTokenAuthMethod.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                try {
                    namesystem.getDelegationToken(new Text("arenewer"));
                    Assert.fail("Delegation token should not be issued without Kerberos authentication");
                    return null;
                } catch (IOException e) {
                    return null;
                }
            }
        });
    }

    @Test
    public void testRenewDelegationTokenWithoutKerberos() throws Exception {
        final FSNamesystem namesystem = this.cluster.getNameNode().getNamesystem();
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        currentUser.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.TOKEN);
        this.config.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(this.config);
        final Token<DelegationTokenIdentifier> generateDelegationToken = generateDelegationToken("owner", currentUser.getShortUserName());
        currentUser.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hdfs.security.TestDelegationTokenAuthMethod.3
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                try {
                    namesystem.renewDelegationToken(generateDelegationToken);
                    Assert.fail("Delegation token should not be renewed without Kerberos authentication");
                    return null;
                } catch (IOException e) {
                    return null;
                }
            }
        });
    }
}
