package org.apache.hadoop.hbase.security;

import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.RealmChoiceCallback;
import javax.security.sasl.SaslClient;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.security.AbstractHBaseSaslRpcClient;
import org.apache.hadoop.hbase.security.SaslUtil;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.hbase.testclassification.SmallTests;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.io.DataInputBuffer;
import org.apache.hadoop.io.DataOutputBuffer;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hbase.thirdparty.com.google.common.base.Strings;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.ExpectedException;
import org.mockito.Matchers;
import org.mockito.Mockito;

@Category({SecurityTests.class, SmallTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/TestHBaseSaslRpcClient.class */
public class TestHBaseSaslRpcClient {

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestHBaseSaslRpcClient.class);
    static final String DEFAULT_USER_NAME = "principal";
    static final String DEFAULT_USER_PASSWORD = "password";
    private static final Logger LOG;

    @Rule
    public ExpectedException exception = ExpectedException.none();

    @BeforeClass
    public static void before() {
        Logger.getRootLogger().setLevel(Level.DEBUG);
    }

    /* JADX WARN: Type inference failed for: r0v9, types: [org.apache.hadoop.hbase.security.TestHBaseSaslRpcClient$1] */
    @Test
    public void testSaslClientUsesGivenRpcProtection() throws Exception {
        Token<? extends TokenIdentifier> createTokenMockWithCredentials = createTokenMockWithCredentials(DEFAULT_USER_NAME, DEFAULT_USER_PASSWORD);
        for (SaslUtil.QualityOfProtection qualityOfProtection : SaslUtil.QualityOfProtection.values()) {
            Assert.assertEquals(new HBaseSaslRpcClient(AuthMethod.DIGEST, createTokenMockWithCredentials, "principal/host@DOMAIN.COM", false, qualityOfProtection.name(), false) { // from class: org.apache.hadoop.hbase.security.TestHBaseSaslRpcClient.1
                public String getQop() {
                    return (String) this.saslProps.get("javax.security.sasl.qop");
                }
            }.getQop(), qualityOfProtection.getSaslQop());
        }
    }

    @Test
    public void testSaslClientCallbackHandler() throws UnsupportedCallbackException {
        Token<? extends TokenIdentifier> createTokenMock = createTokenMock();
        Mockito.when(createTokenMock.getIdentifier()).thenReturn(Bytes.toBytes(DEFAULT_USER_NAME));
        Mockito.when(createTokenMock.getPassword()).thenReturn(Bytes.toBytes(DEFAULT_USER_PASSWORD));
        Callback callback = (NameCallback) Mockito.mock(NameCallback.class);
        PasswordCallback passwordCallback = (PasswordCallback) Mockito.mock(PasswordCallback.class);
        Callback callback2 = (RealmCallback) Mockito.mock(RealmCallback.class);
        new AbstractHBaseSaslRpcClient.SaslClientCallbackHandler(createTokenMock).handle(new Callback[]{callback, passwordCallback, callback2, (RealmChoiceCallback) Mockito.mock(RealmChoiceCallback.class)});
        ((NameCallback) Mockito.verify(callback)).setName(Matchers.anyString());
        ((RealmCallback) Mockito.verify(callback2)).setText((String) Matchers.any());
        ((PasswordCallback) Mockito.verify(passwordCallback)).setPassword((char[]) Matchers.any());
    }

    @Test
    public void testSaslClientCallbackHandlerWithException() {
        Token<? extends TokenIdentifier> createTokenMock = createTokenMock();
        Mockito.when(createTokenMock.getIdentifier()).thenReturn(Bytes.toBytes(DEFAULT_USER_NAME));
        Mockito.when(createTokenMock.getPassword()).thenReturn(Bytes.toBytes(DEFAULT_USER_PASSWORD));
        try {
            new AbstractHBaseSaslRpcClient.SaslClientCallbackHandler(createTokenMock).handle(new Callback[]{(Callback) Mockito.mock(TextOutputCallback.class)});
        } catch (UnsupportedCallbackException e) {
        } catch (Exception e2) {
            Assert.fail("testSaslClientCallbackHandlerWithException error : " + e2.getMessage());
        }
    }

    @Test
    public void testHBaseSaslRpcClientCreation() throws Exception {
        Assert.assertFalse(assertSuccessCreationKerberosPrincipal(null));
        Assert.assertFalse(assertSuccessCreationKerberosPrincipal("DOMAIN.COM"));
        Assert.assertFalse(assertSuccessCreationKerberosPrincipal("principal/DOMAIN.COM"));
        if (!assertSuccessCreationKerberosPrincipal("principal/localhost@DOMAIN.COM")) {
            LOG.warn("Could not create a SASL client with valid Kerberos credential");
        }
        Assert.assertFalse(assertSuccessCreationDigestPrincipal(null, null));
        Assert.assertFalse(assertSuccessCreationDigestPrincipal("", ""));
        Assert.assertFalse(assertSuccessCreationDigestPrincipal("", null));
        Assert.assertFalse(assertSuccessCreationDigestPrincipal(null, ""));
        Assert.assertTrue(assertSuccessCreationDigestPrincipal(DEFAULT_USER_NAME, DEFAULT_USER_PASSWORD));
        Assert.assertFalse(assertSuccessCreationSimplePrincipal("", ""));
        Assert.assertFalse(assertSuccessCreationSimplePrincipal(null, null));
        Assert.assertFalse(assertSuccessCreationSimplePrincipal(DEFAULT_USER_NAME, DEFAULT_USER_PASSWORD));
        Assert.assertTrue(assertIOExceptionThenSaslClientIsNull(DEFAULT_USER_NAME, DEFAULT_USER_PASSWORD));
        Assert.assertTrue(assertIOExceptionWhenGetStreamsBeforeConnectCall(DEFAULT_USER_NAME, DEFAULT_USER_PASSWORD));
    }

    @Test
    public void testAuthMethodReadWrite() throws IOException {
        DataInputBuffer dataInputBuffer = new DataInputBuffer();
        DataOutputBuffer dataOutputBuffer = new DataOutputBuffer();
        assertAuthMethodRead(dataInputBuffer, AuthMethod.SIMPLE);
        assertAuthMethodRead(dataInputBuffer, AuthMethod.KERBEROS);
        assertAuthMethodRead(dataInputBuffer, AuthMethod.DIGEST);
        assertAuthMethodWrite(dataOutputBuffer, AuthMethod.SIMPLE);
        assertAuthMethodWrite(dataOutputBuffer, AuthMethod.KERBEROS);
        assertAuthMethodWrite(dataOutputBuffer, AuthMethod.DIGEST);
    }

    private void assertAuthMethodRead(DataInputBuffer dataInputBuffer, AuthMethod authMethod) throws IOException {
        dataInputBuffer.reset(new byte[]{authMethod.code}, 1);
        Assert.assertEquals(authMethod, AuthMethod.read(dataInputBuffer));
    }

    private void assertAuthMethodWrite(DataOutputBuffer dataOutputBuffer, AuthMethod authMethod) throws IOException {
        authMethod.write(dataOutputBuffer);
        Assert.assertEquals(authMethod.code, dataOutputBuffer.getData()[0]);
        dataOutputBuffer.reset();
    }

    private boolean assertIOExceptionWhenGetStreamsBeforeConnectCall(String str, String str2) throws IOException {
        boolean z = false;
        boolean z2 = false;
        HBaseSaslRpcClient hBaseSaslRpcClient = new HBaseSaslRpcClient(AuthMethod.DIGEST, createTokenMockWithCredentials(str, str2), str, false) { // from class: org.apache.hadoop.hbase.security.TestHBaseSaslRpcClient.2
            public SaslClient createDigestSaslClient(String[] strArr, String str3, CallbackHandler callbackHandler) throws IOException {
                return (SaslClient) Mockito.mock(SaslClient.class);
            }

            public SaslClient createKerberosSaslClient(String[] strArr, String str3, String str4) throws IOException {
                return (SaslClient) Mockito.mock(SaslClient.class);
            }
        };
        try {
            hBaseSaslRpcClient.getInputStream();
        } catch (IOException e) {
            z = true;
        }
        try {
            hBaseSaslRpcClient.getOutputStream();
        } catch (IOException e2) {
            z2 = true;
        }
        return z && z2;
    }

    private boolean assertIOExceptionThenSaslClientIsNull(String str, String str2) {
        try {
            new HBaseSaslRpcClient(AuthMethod.DIGEST, createTokenMockWithCredentials(str, str2), str, false) { // from class: org.apache.hadoop.hbase.security.TestHBaseSaslRpcClient.3
                public SaslClient createDigestSaslClient(String[] strArr, String str3, CallbackHandler callbackHandler) throws IOException {
                    return null;
                }

                public SaslClient createKerberosSaslClient(String[] strArr, String str3, String str4) throws IOException {
                    return null;
                }
            };
            return false;
        } catch (IOException e) {
            return true;
        }
    }

    private boolean assertSuccessCreationKerberosPrincipal(String str) {
        HBaseSaslRpcClient hBaseSaslRpcClient = null;
        try {
            hBaseSaslRpcClient = createSaslRpcClientForKerberos(str);
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
        }
        return hBaseSaslRpcClient != null;
    }

    private boolean assertSuccessCreationDigestPrincipal(String str, String str2) {
        HBaseSaslRpcClient hBaseSaslRpcClient = null;
        try {
            hBaseSaslRpcClient = new HBaseSaslRpcClient(AuthMethod.DIGEST, createTokenMockWithCredentials(str, str2), str, false);
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
        }
        return hBaseSaslRpcClient != null;
    }

    private boolean assertSuccessCreationSimplePrincipal(String str, String str2) {
        HBaseSaslRpcClient hBaseSaslRpcClient = null;
        try {
            hBaseSaslRpcClient = createSaslRpcClientSimple(str, str2);
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
        }
        return hBaseSaslRpcClient != null;
    }

    private HBaseSaslRpcClient createSaslRpcClientForKerberos(String str) throws IOException {
        return new HBaseSaslRpcClient(AuthMethod.KERBEROS, createTokenMock(), str, false);
    }

    private Token<? extends TokenIdentifier> createTokenMockWithCredentials(String str, String str2) throws IOException {
        Token<? extends TokenIdentifier> createTokenMock = createTokenMock();
        if (!Strings.isNullOrEmpty(str) && !Strings.isNullOrEmpty(str2)) {
            Mockito.when(createTokenMock.getIdentifier()).thenReturn(Bytes.toBytes(DEFAULT_USER_NAME));
            Mockito.when(createTokenMock.getPassword()).thenReturn(Bytes.toBytes(DEFAULT_USER_PASSWORD));
        }
        return createTokenMock;
    }

    private HBaseSaslRpcClient createSaslRpcClientSimple(String str, String str2) throws IOException {
        return new HBaseSaslRpcClient(AuthMethod.SIMPLE, createTokenMock(), str, false);
    }

    private Token<? extends TokenIdentifier> createTokenMock() {
        return (Token) Mockito.mock(Token.class);
    }

    static {
        System.setProperty("java.security.krb5.realm", "DOMAIN.COM");
        System.setProperty("java.security.krb5.kdc", "DOMAIN.COM");
        LOG = Logger.getLogger(TestHBaseSaslRpcClient.class);
    }
}
