package org.apache.hadoop.hbase.security.token;

import com.google.protobuf.RpcController;
import com.google.protobuf.ServiceException;
import java.io.File;
import java.io.IOException;
import java.util.Properties;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.LocalHBaseCluster;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.Table;
import org.apache.hadoop.hbase.http.ssl.KeyStoreTestUtil;
import org.apache.hadoop.hbase.ipc.AsyncRpcClient;
import org.apache.hadoop.hbase.ipc.RpcClient;
import org.apache.hadoop.hbase.ipc.RpcClientImpl;
import org.apache.hadoop.hbase.ipc.TestProtoBufRpc;
import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
import org.apache.hadoop.hbase.protobuf.generated.AuthenticationProtos;
import org.apache.hadoop.hbase.security.HBaseKerberosUtils;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.http.HttpConfig;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/token/TestGenerateDelegationToken.class */
public class TestGenerateDelegationToken {
    private static LocalHBaseCluster CLUSTER;
    private static MiniKdc KDC;
    private static String USERNAME;
    private static String PRINCIPAL;
    private static String HTTP_PRINCIPAL;
    private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
    private static final File KEYTAB_FILE = new File(TEST_UTIL.getDataTestDir("keytab").toUri().getPath());
    private static String HOST = TestProtoBufRpc.ADDRESS;

    private static void setHdfsSecuredConfiguration(Configuration configuration) throws Exception {
        configuration.set("dfs.namenode.kerberos.principal", PRINCIPAL + "@" + KDC.getRealm());
        configuration.set("dfs.namenode.keytab.file", KEYTAB_FILE.getAbsolutePath());
        configuration.set("dfs.datanode.kerberos.principal", PRINCIPAL + "@" + KDC.getRealm());
        configuration.set("dfs.datanode.keytab.file", KEYTAB_FILE.getAbsolutePath());
        configuration.set("dfs.web.authentication.kerberos.principal", HTTP_PRINCIPAL + "@" + KDC.getRealm());
        configuration.setBoolean("dfs.block.access.token.enable", true);
        configuration.set("dfs.http.policy", HttpConfig.Policy.HTTPS_ONLY.name());
        configuration.set("dfs.namenode.https-address", "localhost:0");
        configuration.set("dfs.datanode.https.address", "localhost:0");
        File file = new File(TEST_UTIL.getDataTestDir("keystore").toUri().getPath());
        file.mkdirs();
        KeyStoreTestUtil.setupSSLConfig(file.getAbsolutePath(), KeyStoreTestUtil.getClasspathDir(TestGenerateDelegationToken.class), configuration, false);
        configuration.setBoolean("ignore.secure.ports.for.testing", true);
    }

    @BeforeClass
    public static void setUp() throws Exception {
        Properties createConf = MiniKdc.createConf();
        createConf.put("debug", true);
        KDC = new MiniKdc(createConf, new File(TEST_UTIL.getDataTestDir("kdc").toUri().getPath()));
        KDC.start();
        USERNAME = UserGroupInformation.getLoginUser().getShortUserName();
        PRINCIPAL = USERNAME + "/" + HOST;
        HTTP_PRINCIPAL = "HTTP/" + HOST;
        KDC.createPrincipal(KEYTAB_FILE, new String[]{PRINCIPAL, HTTP_PRINCIPAL});
        TEST_UTIL.startMiniZKCluster();
        HBaseKerberosUtils.setKeytabFileForTesting(KEYTAB_FILE.getAbsolutePath());
        HBaseKerberosUtils.setPrincipalForTesting(PRINCIPAL + "@" + KDC.getRealm());
        HBaseKerberosUtils.setSecuredConfiguration(TEST_UTIL.getConfiguration());
        setHdfsSecuredConfiguration(TEST_UTIL.getConfiguration());
        UserGroupInformation.setConfiguration(TEST_UTIL.getConfiguration());
        TEST_UTIL.getConfiguration().setStrings("hbase.coprocessor.region.classes", new String[]{TokenProvider.class.getName()});
        TEST_UTIL.startMiniDFSCluster(1);
        CLUSTER = new LocalHBaseCluster(TEST_UTIL.getConfiguration(), 1);
        CLUSTER.startup();
    }

    @AfterClass
    public static void tearDown() throws Exception {
        if (CLUSTER != null) {
            CLUSTER.shutdown();
        }
        CLUSTER.join();
        if (KDC != null) {
            KDC.stop();
        }
        TEST_UTIL.shutdownMiniCluster();
    }

    private void testTokenAuth(Class<? extends RpcClient> cls) throws IOException, ServiceException {
        TEST_UTIL.getConfiguration().set("hbase.rpc.client.impl", cls.getName());
        Connection createConnection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
        Throwable th = null;
        try {
            Table table = createConnection.getTable(TableName.META_TABLE_NAME);
            Throwable th2 = null;
            try {
                try {
                    AuthenticationProtos.AuthenticationService.BlockingInterface newBlockingStub = AuthenticationProtos.AuthenticationService.newBlockingStub(table.coprocessorService(HConstants.EMPTY_START_ROW));
                    AuthenticationProtos.WhoAmIResponse whoAmI = newBlockingStub.whoAmI((RpcController) null, AuthenticationProtos.WhoAmIRequest.getDefaultInstance());
                    Assert.assertEquals(USERNAME, whoAmI.getUsername());
                    Assert.assertEquals(UserGroupInformation.AuthenticationMethod.TOKEN.name(), whoAmI.getAuthMethod());
                    try {
                        newBlockingStub.getAuthenticationToken((RpcController) null, AuthenticationProtos.GetAuthenticationTokenRequest.getDefaultInstance());
                    } catch (ServiceException e) {
                        Assert.assertTrue(ProtobufUtil.getRemoteException(e).getMessage().contains("Token generation only allowed for Kerberos authenticated clients"));
                    }
                    if (table != null) {
                        if (0 != 0) {
                            try {
                                table.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            table.close();
                        }
                    }
                    if (createConnection != null) {
                        if (0 == 0) {
                            createConnection.close();
                            return;
                        }
                        try {
                            createConnection.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (table != null) {
                    if (th2 != null) {
                        try {
                            table.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        table.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (createConnection != null) {
                if (0 != 0) {
                    try {
                        createConnection.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    createConnection.close();
                }
            }
            throw th8;
        }
    }

    @Test
    public void test() throws Exception {
        Connection createConnection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration());
        Throwable th = null;
        try {
            try {
                UserGroupInformation.getCurrentUser().addToken(TokenUtil.obtainToken(createConnection));
                testTokenAuth(RpcClientImpl.class);
                testTokenAuth(AsyncRpcClient.class);
                if (createConnection != null) {
                    if (0 == 0) {
                        createConnection.close();
                        return;
                    }
                    try {
                        createConnection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createConnection != null) {
                if (th != null) {
                    try {
                        createConnection.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createConnection.close();
                }
            }
            throw th4;
        }
    }
}
