package org.apache.hadoop.hbase.thrift;

import java.io.File;
import java.nio.file.Paths;
import java.security.Principal;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.security.HBaseKerberosUtils;
import org.apache.hadoop.hbase.testclassification.ClientTests;
import org.apache.hadoop.hbase.testclassification.LargeTests;
import org.apache.hadoop.hbase.thrift.generated.Hbase;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.KerberosCredentials;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.kerby.kerberos.kerb.client.JaasKrbUtil;
import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.transport.THttpClient;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.experimental.categories.Category;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Category({ClientTests.class, LargeTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/thrift/TestThriftSpnegoHttpServer.class */
public class TestThriftSpnegoHttpServer extends TestThriftHttpServer {

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestThriftSpnegoHttpServer.class);
    private static final Logger LOG = LoggerFactory.getLogger(TestThriftSpnegoHttpServer.class);
    private static SimpleKdcServer kdc;
    private static File serverKeytab;
    private static File spnegoServerKeytab;
    private static File clientKeytab;
    private static String clientPrincipal;
    private static String serverPrincipal;
    private static String spnegoServerPrincipal;

    private static SimpleKdcServer buildMiniKdc() throws Exception {
        SimpleKdcServer simpleKdcServer = new SimpleKdcServer();
        File file = Paths.get(TEST_UTIL.getRandomDir().toString(), new String[0]).toAbsolutePath().toFile();
        file.mkdirs();
        simpleKdcServer.setWorkDir(file);
        simpleKdcServer.setKdcHost("localhost");
        int randomFreePort = HBaseTestingUtility.randomFreePort();
        simpleKdcServer.setAllowTcp(true);
        simpleKdcServer.setAllowUdp(false);
        simpleKdcServer.setKdcTcpPort(randomFreePort);
        LOG.info("Starting KDC server at localhost:" + randomFreePort);
        simpleKdcServer.init();
        return simpleKdcServer;
    }

    private static void addSecurityConfigurations(Configuration configuration) {
        KerberosName.setRules("DEFAULT");
        HBaseKerberosUtils.setKeytabFileForTesting(serverKeytab.getAbsolutePath());
        configuration.setBoolean("hbase.thrift.support.proxyuser", true);
        configuration.setBoolean("hbase.regionserver.thrift.http", true);
        configuration.set("hbase.thrift.kerberos.principal", serverPrincipal);
        configuration.set("hbase.thrift.keytab.file", serverKeytab.getAbsolutePath());
        HBaseKerberosUtils.setSecuredConfiguration(configuration, serverPrincipal, spnegoServerPrincipal);
        configuration.set("hadoop.proxyuser.hbase.hosts", "*");
        configuration.set("hadoop.proxyuser.hbase.groups", "*");
        configuration.set("hbase.thrift.spnego.principal", spnegoServerPrincipal);
        configuration.set("hbase.thrift.spnego.keytab.file", spnegoServerKeytab.getAbsolutePath());
    }

    @BeforeClass
    public static void setUpBeforeClass() throws Exception {
        kdc = buildMiniKdc();
        kdc.start();
        File file = Paths.get(TEST_UTIL.getRandomDir().toString(), new String[0]).toAbsolutePath().toFile();
        file.mkdirs();
        clientPrincipal = "client@" + kdc.getKdcConfig().getKdcRealm();
        clientKeytab = new File(file, clientPrincipal + ".keytab");
        kdc.createAndExportPrincipals(clientKeytab, new String[]{clientPrincipal});
        serverPrincipal = "hbase/localhost@" + kdc.getKdcConfig().getKdcRealm();
        serverKeytab = new File(file, serverPrincipal.replace('/', '_') + ".keytab");
        spnegoServerPrincipal = "HTTP/localhost@" + kdc.getKdcConfig().getKdcRealm();
        spnegoServerKeytab = new File(file, spnegoServerPrincipal.replace('/', '_') + ".keytab");
        kdc.createAndExportPrincipals(spnegoServerKeytab, new String[]{spnegoServerPrincipal});
        kdc.createAndExportPrincipals(serverKeytab, new String[]{serverPrincipal});
        TEST_UTIL.getConfiguration().setBoolean("hbase.regionserver.thrift.http", true);
        addSecurityConfigurations(TEST_UTIL.getConfiguration());
        TestThriftHttpServer.setUpBeforeClass();
    }

    @AfterClass
    public static void tearDownAfterClass() throws Exception {
        TestThriftHttpServer.tearDownAfterClass();
        try {
            if (null != kdc) {
                kdc.stop();
                kdc = null;
            }
        } catch (Exception e) {
            LOG.info("Failed to stop mini KDC", e);
        }
    }

    @Override // org.apache.hadoop.hbase.thrift.TestThriftHttpServer
    protected void talkToThriftServer(String str, int i) throws Exception {
        CloseableHttpClient createHttpClient = createHttpClient();
        Throwable th = null;
        try {
            THttpClient tHttpClient = new THttpClient(str, createHttpClient);
            Throwable th2 = null;
            try {
                try {
                    tHttpClient.open();
                    if (i > 0) {
                        StringBuilder sb = new StringBuilder();
                        for (int i2 = 0; i2 < i; i2++) {
                            sb.append("a");
                        }
                        tHttpClient.setCustomHeader("User-Agent", sb.toString());
                    }
                    Hbase.Client client = new Hbase.Client(new TBinaryProtocol(tHttpClient));
                    TestThriftServer.createTestTables(client);
                    TestThriftServer.checkTableList(client);
                    TestThriftServer.dropTestTables(client);
                    if (tHttpClient != null) {
                        if (0 != 0) {
                            try {
                                tHttpClient.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            tHttpClient.close();
                        }
                    }
                    if (createHttpClient != null) {
                        if (0 == 0) {
                            createHttpClient.close();
                            return;
                        }
                        try {
                            createHttpClient.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (tHttpClient != null) {
                    if (th2 != null) {
                        try {
                            tHttpClient.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        tHttpClient.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (createHttpClient != null) {
                if (0 != 0) {
                    try {
                        createHttpClient.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    createHttpClient.close();
                }
            }
            throw th8;
        }
    }

    private CloseableHttpClient createHttpClient() throws Exception {
        Subject loginUsingKeytab = JaasKrbUtil.loginUsingKeytab(clientPrincipal, clientKeytab);
        Set<Principal> principals = loginUsingKeytab.getPrincipals();
        Assert.assertFalse("Found no client principals in the clientSubject.", principals.isEmpty());
        Set privateCredentials = loginUsingKeytab.getPrivateCredentials(KerberosTicket.class);
        Assert.assertFalse("Found no private credentials in the clientSubject.", privateCredentials.isEmpty());
        Assert.assertNotNull("No kerberos ticket found.", (KerberosTicket) privateCredentials.iterator().next());
        String name = principals.iterator().next().getName();
        return (CloseableHttpClient) Subject.doAs(loginUsingKeytab, () -> {
            GSSManager gSSManager = GSSManager.getInstance();
            GSSCredential createCredential = gSSManager.createCredential(gSSManager.createName(name, GSSName.NT_USER_NAME), 0, new Oid("1.2.840.113554.1.2.2"), 1);
            Registry build = RegistryBuilder.create().register("Negotiate", new SPNegoSchemeFactory(true, true)).build();
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            basicCredentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(createCredential));
            return HttpClients.custom().setDefaultAuthSchemeRegistry(build).setDefaultCredentialsProvider(basicCredentialsProvider).build();
        });
    }
}
