package org.apache.hadoop.hbase.replication;

import java.io.File;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.function.Supplier;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtil;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.mapreduce.replication.VerifyReplication;
import org.apache.hadoop.hbase.security.HBaseKerberosUtils;
import org.apache.hadoop.hbase.security.access.AccessController;
import org.apache.hadoop.hbase.security.access.SecureTestUtil;
import org.apache.hadoop.hbase.security.token.TokenProvider;
import org.apache.hadoop.hbase.security.visibility.VisibilityTestUtil;
import org.apache.hadoop.hbase.testclassification.LargeTests;
import org.apache.hadoop.hbase.testclassification.ReplicationTests;
import org.apache.hadoop.hbase.zookeeper.ZKClusterId;
import org.apache.hadoop.hbase.zookeeper.ZKConfig;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
@Category({ReplicationTests.class, LargeTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/replication/TestVerifyReplicationSecureClusterCredentials.class */
public class TestVerifyReplicationSecureClusterCredentials {
    private static MiniKdc KDC;
    private static final String LOCALHOST = "localhost";
    private static String CLUSTER_PRINCIPAL;
    private static String FULL_USER_PRINCIPAL;
    private static String HTTP_PRINCIPAL;

    @Parameterized.Parameter
    public Supplier<String> peer;

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestVerifyReplicationSecureClusterCredentials.class);
    private static final HBaseTestingUtil UTIL1 = new HBaseTestingUtil();
    private static final HBaseTestingUtil UTIL2 = new HBaseTestingUtil();
    private static final File KEYTAB_FILE = new File(UTIL1.getDataTestDir("keytab").toUri().getPath());

    private static void setUpKdcServer() throws Exception {
        KDC = UTIL1.setupMiniKdc(KEYTAB_FILE);
        String str = UserGroupInformation.getLoginUser().getShortUserName() + '/' + LOCALHOST;
        CLUSTER_PRINCIPAL = str;
        FULL_USER_PRINCIPAL = str + '@' + KDC.getRealm();
        HTTP_PRINCIPAL = "HTTP/localhost";
        KDC.createPrincipal(KEYTAB_FILE, new String[]{CLUSTER_PRINCIPAL, HTTP_PRINCIPAL});
    }

    private static void setupCluster(HBaseTestingUtil hBaseTestingUtil) throws Exception {
        Configuration configuration = hBaseTestingUtil.getConfiguration();
        SecureTestUtil.enableSecurity(configuration);
        VisibilityTestUtil.enableVisiblityLabels(configuration);
        SecureTestUtil.verifyConfiguration(configuration);
        configuration.set("hbase.coprocessor.region.classes", AccessController.class.getName() + ',' + TokenProvider.class.getName());
        HBaseKerberosUtils.setSecuredConfiguration(configuration, CLUSTER_PRINCIPAL + '@' + KDC.getRealm(), HTTP_PRINCIPAL + '@' + KDC.getRealm());
        hBaseTestingUtil.startMiniCluster();
    }

    @BeforeClass
    public static void beforeClass() throws Exception {
        setUpKdcServer();
        setupCluster(UTIL1);
        setupCluster(UTIL2);
        Admin admin = UTIL1.getAdmin();
        Throwable th = null;
        try {
            admin.addReplicationPeer("1", ReplicationPeerConfig.newBuilder().setClusterKey(ZKConfig.getZooKeeperClusterKey(UTIL2.getConfiguration())).putConfiguration("hbase.regionserver.kerberos.principal", UTIL2.getConfiguration().get("hbase.regionserver.kerberos.principal")).putConfiguration("hbase.master.kerberos.principal", UTIL2.getConfiguration().get("hbase.master.kerberos.principal")).build());
            if (admin != null) {
                if (0 == 0) {
                    admin.close();
                    return;
                }
                try {
                    admin.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (admin != null) {
                if (0 != 0) {
                    try {
                        admin.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    admin.close();
                }
            }
            throw th3;
        }
    }

    @AfterClass
    public static void cleanup() throws IOException {
        UTIL1.shutdownMiniCluster();
        UTIL2.shutdownMiniCluster();
    }

    @Parameterized.Parameters
    public static Collection<Supplier<String>> peer() {
        return Arrays.asList(() -> {
            return "1";
        }, () -> {
            return ZKConfig.getZooKeeperClusterKey(UTIL2.getConfiguration());
        });
    }

    @Test
    public void testJobCredentials() throws Exception {
        Credentials credentials = new VerifyReplication().createSubmittableJob(new Configuration(UTIL1.getConfiguration()), new String[]{this.peer.get(), "table"}).getCredentials();
        Assert.assertEquals(2L, credentials.getAllTokens().size());
        Assert.assertEquals(FULL_USER_PRINCIPAL, credentials.getToken(new Text(ZKClusterId.readClusterIdZNode(UTIL1.getZooKeeperWatcher()))).decodeIdentifier().getUsername());
        Assert.assertEquals(FULL_USER_PRINCIPAL, credentials.getToken(new Text(ZKClusterId.readClusterIdZNode(UTIL2.getZooKeeperWatcher()))).decodeIdentifier().getUsername());
    }
}
