package org.apache.hadoop.registry.secure;

import com.sun.security.auth.module.Krb5LoginModule;
import java.io.File;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.HashSet;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.registry.client.impl.zk.RegistrySecurity;
import org.apache.hadoop.registry.client.impl.zk.ZookeeperConfigOptions;
import org.apache.hadoop.security.HadoopKerberosName;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.zookeeper.Environment;
import org.apache.zookeeper.data.ACL;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-yarn-registry-2.7.2-tests.jar:org/apache/hadoop/registry/secure/TestSecureLogins.class
 */
/* loaded from: input_file:test-classes/org/apache/hadoop/registry/secure/TestSecureLogins.class */
public class TestSecureLogins extends AbstractSecureRegistryTest {
    private static final Logger LOG = LoggerFactory.getLogger(TestSecureLogins.class);

    @Test
    public void testHasRealm() throws Throwable {
        assertNotNull(getRealm());
        LOG.info("ZK principal = {}", getPrincipalAndRealm(AbstractSecureRegistryTest.ZOOKEEPER_LOCALHOST));
    }

    @Test
    public void testJaasFileSetup() throws Throwable {
        assertNotNull("jaasFile", jaasFile);
        assertEquals(jaasFile.getAbsolutePath(), System.getProperty(Environment.JAAS_CONF_KEY));
    }

    @Test
    public void testJaasFileBinding() throws Throwable {
        assertNotNull("jaasFile", jaasFile);
        RegistrySecurity.bindJVMtoJAASFile(jaasFile);
        assertEquals(jaasFile.getAbsolutePath(), System.getProperty(Environment.JAAS_CONF_KEY));
    }

    @Test
    public void testClientLogin() throws Throwable {
        LoginContext login = login(AbstractSecureRegistryTest.ALICE_LOCALHOST, "alice", keytab_alice);
        try {
            logLoginDetails(AbstractSecureRegistryTest.ALICE_LOCALHOST, login);
            String property = System.getProperty(Environment.JAAS_CONF_KEY);
            assertNotNull("Unset: " + Environment.JAAS_CONF_KEY, property);
            LOG.info("{}=\n{}", property, FileUtils.readFileToString(new File(property)));
            RegistrySecurity.setZKSaslClientProperties("alice", "alice");
            login.logout();
        } catch (Throwable th) {
            login.logout();
            throw th;
        }
    }

    @Test
    public void testZKServerContextLogin() throws Throwable {
        LoginContext login = login(AbstractSecureRegistryTest.ZOOKEEPER_LOCALHOST, AbstractSecureRegistryTest.ZOOKEEPER_SERVER_CONTEXT, keytab_zk);
        logLoginDetails(AbstractSecureRegistryTest.ZOOKEEPER_LOCALHOST, login);
        login.logout();
    }

    @Test
    public void testServerLogin() throws Throwable {
        LoginContext createLoginContextZookeeperLocalhost = createLoginContextZookeeperLocalhost();
        createLoginContextZookeeperLocalhost.login();
        createLoginContextZookeeperLocalhost.logout();
    }

    public LoginContext createLoginContextZookeeperLocalhost() throws LoginException {
        getPrincipalAndRealm(AbstractSecureRegistryTest.ZOOKEEPER_LOCALHOST);
        HashSet hashSet = new HashSet();
        hashSet.add(new KerberosPrincipal(AbstractSecureRegistryTest.ZOOKEEPER_LOCALHOST));
        return new LoginContext("", new Subject(false, hashSet, new HashSet(), new HashSet()), (CallbackHandler) null, KerberosConfiguration.createServerConfig(AbstractSecureRegistryTest.ZOOKEEPER_LOCALHOST, keytab_zk));
    }

    @Test
    public void testKerberosAuth() throws Throwable {
        File krb5conf = getKdc().getKrb5conf();
        LOG.info("krb5.conf at {}:\n{}", krb5conf, FileUtils.readFileToString(krb5conf));
        Subject subject = new Subject();
        Krb5LoginModule krb5LoginModule = new Krb5LoginModule();
        HashMap hashMap = new HashMap();
        hashMap.put("keyTab", keytab_alice.getAbsolutePath());
        hashMap.put("principal", AbstractSecureRegistryTest.ALICE_LOCALHOST);
        hashMap.put("debug", ZookeeperConfigOptions.DEFAULT_ZK_ENABLE_SASL_CLIENT);
        hashMap.put("doNotPrompt", ZookeeperConfigOptions.DEFAULT_ZK_ENABLE_SASL_CLIENT);
        hashMap.put("isInitiator", ZookeeperConfigOptions.DEFAULT_ZK_ENABLE_SASL_CLIENT);
        hashMap.put("refreshKrb5Config", ZookeeperConfigOptions.DEFAULT_ZK_ENABLE_SASL_CLIENT);
        hashMap.put("renewTGT", ZookeeperConfigOptions.DEFAULT_ZK_ENABLE_SASL_CLIENT);
        hashMap.put("storeKey", ZookeeperConfigOptions.DEFAULT_ZK_ENABLE_SASL_CLIENT);
        hashMap.put("useKeyTab", ZookeeperConfigOptions.DEFAULT_ZK_ENABLE_SASL_CLIENT);
        hashMap.put("useTicketCache", ZookeeperConfigOptions.DEFAULT_ZK_ENABLE_SASL_CLIENT);
        krb5LoginModule.initialize(subject, (CallbackHandler) null, new HashMap(), hashMap);
        assertTrue("Failed to login", krb5LoginModule.login());
        assertTrue("Failed to Commit", krb5LoginModule.commit());
    }

    @Test
    public void testDefaultRealmValid() throws Throwable {
        String defaultRealm = KerberosUtil.getDefaultRealm();
        assertNotEmpty("No default Kerberos Realm", defaultRealm);
        LOG.info("Default Realm '{}'", defaultRealm);
    }

    @Test
    public void testKerberosRulesValid() throws Throwable {
        assertTrue("!KerberosName.hasRulesBeenSet()", KerberosName.hasRulesBeenSet());
        String rules = KerberosName.getRules();
        assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT", rules);
        LOG.info(rules);
    }

    @Test
    public void testValidKerberosName() throws Throwable {
        new HadoopKerberosName("zookeeper").getShortName();
        new HadoopKerberosName(AbstractSecureRegistryTest.ZOOKEEPER_LOCALHOST).getShortName();
        new HadoopKerberosName(AbstractSecureRegistryTest.ZOOKEEPER_REALM).getShortName();
    }

    @Test
    public void testUGILogin() throws Throwable {
        UserGroupInformation loginUGI = loginUGI("zookeeper", keytab_zk);
        RegistrySecurity.UgiInfo ugiInfo = new RegistrySecurity.UgiInfo(loginUGI);
        LOG.info("logged in as: {}", ugiInfo);
        assertTrue("security is not enabled: " + ugiInfo, UserGroupInformation.isSecurityEnabled());
        assertTrue("login is keytab based: " + ugiInfo, loginUGI.isFromKeytab());
        ACL acl = (ACL) loginUGI.doAs(new PrivilegedExceptionAction<ACL>() { // from class: org.apache.hadoop.registry.secure.TestSecureLogins.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public ACL run() throws Exception {
                return AbstractSecureRegistryTest.registrySecurity.createSaslACLFromCurrentUser(0);
            }
        });
        assertEquals(AbstractSecureRegistryTest.ZOOKEEPER_REALM, acl.getId().getId());
        assertEquals(ZookeeperConfigOptions.SCHEME_SASL, acl.getId().getScheme());
        registrySecurity.addSystemACL(acl);
    }
}
