package org.apache.hadoop.registry.secure;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.HashSet;
import java.util.Properties;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.registry.RegistryTestHelper;
import org.apache.hadoop.registry.client.api.RegistryConstants;
import org.apache.hadoop.registry.client.impl.zk.RegistrySecurity;
import org.apache.hadoop.registry.client.impl.zk.ZookeeperConfigOptions;
import org.apache.hadoop.registry.server.services.AddingCompositeService;
import org.apache.hadoop.registry.server.services.MicroZookeeperService;
import org.apache.hadoop.registry.server.services.MicroZookeeperServiceKeys;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hadoop.service.Service;
import org.apache.hadoop.service.ServiceOperations;
import org.apache.hadoop.util.Shell;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.rules.TestName;
import org.junit.rules.Timeout;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:test-classes/org/apache/hadoop/registry/secure/AbstractSecureRegistryTest.class
 */
/* loaded from: input_file:hadoop-yarn-registry-2.7.7-tests.jar:org/apache/hadoop/registry/secure/AbstractSecureRegistryTest.class */
public class AbstractSecureRegistryTest extends RegistryTestHelper {
    public static final String REALM = "EXAMPLE.COM";
    public static final String ZOOKEEPER = "zookeeper";
    public static final String ZOOKEEPER_LOCALHOST = "zookeeper/localhost";
    public static final String ZOOKEEPER_1270001 = "zookeeper/127.0.0.1";
    public static final String ZOOKEEPER_REALM = "zookeeper@EXAMPLE.COM";
    public static final String ZOOKEEPER_CLIENT_CONTEXT = "zookeeper";
    public static final String ZOOKEEPER_SERVER_CONTEXT = "ZOOKEEPER_SERVER";
    public static final String ZOOKEEPER_LOCALHOST_REALM = "zookeeper/localhost@EXAMPLE.COM";
    public static final String ALICE = "alice";
    public static final String ALICE_CLIENT_CONTEXT = "alice";
    public static final String ALICE_LOCALHOST = "alice/localhost";
    public static final String BOB = "bob";
    public static final String BOB_CLIENT_CONTEXT = "bob";
    public static final String BOB_LOCALHOST = "bob/localhost";
    private static final Logger LOG = LoggerFactory.getLogger(AbstractSecureRegistryTest.class);
    public static final Configuration CONF = new Configuration();
    private static final AddingCompositeService classTeardown;
    public static final String SUN_SECURITY_KRB5_DEBUG = "sun.security.krb5.debug";
    protected static MiniKdc kdc;
    protected static File keytab_zk;
    protected static File keytab_bob;
    protected static File keytab_alice;
    protected static File kdcWorkDir;
    protected static Properties kdcConf;
    protected static RegistrySecurity registrySecurity;
    protected MicroZookeeperService secureZK;
    protected static File jaasFile;
    private LoginContext zookeeperLogin;
    private static String zkServerPrincipal;
    protected static final String kerberosRule = "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT";
    private final AddingCompositeService teardown = new AddingCompositeService("teardown");

    @Rule
    public final Timeout testTimeout = new Timeout(900000);

    @Rule
    public TestName methodName = new TestName();

    @BeforeClass
    public static void beforeSecureRegistryTestClass() throws Exception {
        registrySecurity = new RegistrySecurity("registrySecurity");
        registrySecurity.init(CONF);
        setupKDCAndPrincipals();
        RegistrySecurity.clearJaasSystemProperties();
        RegistrySecurity.bindJVMtoJAASFile(jaasFile);
        initHadoopSecurity();
    }

    @AfterClass
    public static void afterSecureRegistryTestClass() throws Exception {
        describe(LOG, "teardown of class", new Object[0]);
        classTeardown.close();
        teardownKDC();
    }

    @Before
    public void nameThread() {
        Thread.currentThread().setName("JUnit");
    }

    @Before
    public void beforeSecureRegistryTest() {
    }

    @After
    public void afterSecureRegistryTest() throws IOException {
        describe(LOG, "teardown of instance", new Object[0]);
        this.teardown.close();
        stopSecureZK();
    }

    protected static void addToClassTeardown(Service service) {
        classTeardown.addService(service);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addToTeardown(Service service) {
        this.teardown.addService(service);
    }

    public static void teardownKDC() throws Exception {
        if (kdc != null) {
            kdc.stop();
            kdc = null;
        }
    }

    public static void setupKDCAndPrincipals() throws Exception {
        kdcWorkDir = new File(new File(System.getProperty("test.dir", "target")), "kdc");
        kdcWorkDir.mkdirs();
        if (!kdcWorkDir.mkdirs()) {
            assertTrue(kdcWorkDir.isDirectory());
        }
        kdcConf = MiniKdc.createConf();
        kdcConf.setProperty("debug", ZookeeperConfigOptions.DEFAULT_ZK_ENABLE_SASL_CLIENT);
        kdc = new MiniKdc(kdcConf, kdcWorkDir);
        kdc.start();
        keytab_zk = createKeytab("zookeeper", "zookeeper.keytab");
        keytab_alice = createKeytab("alice", "alice.keytab");
        keytab_bob = createKeytab("bob", "bob.keytab");
        zkServerPrincipal = Shell.WINDOWS ? ZOOKEEPER_1270001 : ZOOKEEPER_LOCALHOST;
        StringBuilder sb = new StringBuilder(1024);
        sb.append(registrySecurity.createJAASEntry("zookeeper", "zookeeper", keytab_zk));
        sb.append(registrySecurity.createJAASEntry(ZOOKEEPER_SERVER_CONTEXT, zkServerPrincipal, keytab_zk));
        sb.append(registrySecurity.createJAASEntry("alice", ALICE_LOCALHOST, keytab_alice));
        sb.append(registrySecurity.createJAASEntry("bob", BOB_LOCALHOST, keytab_bob));
        jaasFile = new File(kdcWorkDir, "jaas.txt");
        FileUtils.write(jaasFile, sb.toString());
        LOG.info("\n" + ((Object) sb));
        RegistrySecurity.bindJVMtoJAASFile(jaasFile);
    }

    public static void initHadoopSecurity() {
        UserGroupInformation.setConfiguration(CONF);
        KerberosName.setRules(kerberosRule);
    }

    public synchronized void stopSecureZK() {
        ServiceOperations.stop(this.secureZK);
        this.secureZK = null;
        logout(this.zookeeperLogin);
        this.zookeeperLogin = null;
    }

    public static MiniKdc getKdc() {
        return kdc;
    }

    public static File getKdcWorkDir() {
        return kdcWorkDir;
    }

    public static Properties getKdcConf() {
        return kdcConf;
    }

    protected static MicroZookeeperService createSecureZKInstance(String str) throws Exception {
        Configuration configuration = new Configuration();
        File file = new File(new File(System.getProperty("test.dir", "target")), str);
        if (!file.mkdirs()) {
            assertTrue(file.isDirectory());
        }
        System.setProperty(ZookeeperConfigOptions.PROP_ZK_SERVER_MAINTAIN_CONNECTION_DESPITE_SASL_FAILURE, "false");
        RegistrySecurity.validateContext(ZOOKEEPER_SERVER_CONTEXT);
        configuration.set(MicroZookeeperServiceKeys.KEY_REGISTRY_ZKSERVICE_JAAS_CONTEXT, ZOOKEEPER_SERVER_CONTEXT);
        MicroZookeeperService microZookeeperService = new MicroZookeeperService(str);
        microZookeeperService.init(configuration);
        LOG.info(microZookeeperService.getDiagnostics());
        return microZookeeperService;
    }

    public static File createKeytab(String str, String str2) throws Exception {
        assertNotEmpty("empty principal", str);
        assertNotEmpty("empty host", str2);
        assertNotNull("Null KDC", kdc);
        File file = new File(kdcWorkDir, str2);
        kdc.createPrincipal(file, new String[]{str, str + "/localhost", str + "/127.0.0.1"});
        return file;
    }

    public static String getPrincipalAndRealm(String str) {
        return str + "@" + getRealm();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getRealm() {
        return kdc.getRealm();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LoginContext login(String str, String str2, File file) throws LoginException, FileNotFoundException {
        LOG.info("Logging in as {} in context {} with keytab {}", new Object[]{str, str2, file});
        if (!file.exists()) {
            throw new FileNotFoundException(file.getAbsolutePath());
        }
        HashSet hashSet = new HashSet();
        hashSet.add(new KerberosPrincipal(str));
        LoginContext loginContext = new LoginContext(str2, new Subject(false, hashSet, new HashSet(), new HashSet()), (CallbackHandler) null, KerberosConfiguration.createClientConfig(str, file));
        loginContext.login();
        return loginContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized void startSecureZK() throws Exception {
        assertNull("Zookeeper is already running", this.secureZK);
        this.zookeeperLogin = login(zkServerPrincipal, ZOOKEEPER_SERVER_CONTEXT, keytab_zk);
        this.secureZK = createSecureZKInstance("test-" + this.methodName.getMethodName());
        this.secureZK.start();
    }

    static {
        CONF.set("hadoop.security.authentication", RegistryConstants.REGISTRY_CLIENT_AUTH_KERBEROS);
        CONF.setBoolean("hadoop.security.authorization", true);
        classTeardown = new AddingCompositeService("classTeardown");
        classTeardown.init(CONF);
        classTeardown.start();
    }
}
