package org.apache.hive.service.auth;

import com.google.common.collect.ImmutableSet;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.EnumUtils;
import org.apache.hadoop.hive.conf.HiveServer2TransportMode;
import org.apache.hive.service.auth.HiveAuthConstants;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/hive/service/auth/TestAuthType.class */
public class TestAuthType {

    /* loaded from: input_file:org/apache/hive/service/auth/TestAuthType$EntryForTest.class */
    private class EntryForTest {
        String authTypes;
        HiveServer2TransportMode mode;
        boolean shouldThrowException;

        EntryForTest(String str, HiveServer2TransportMode hiveServer2TransportMode, boolean z) {
            this.authTypes = str;
            this.mode = hiveServer2TransportMode;
            this.shouldThrowException = z;
        }
    }

    @Test
    public void testSingleAuth() throws Exception {
        for (HiveAuthConstants.AuthTypes authTypes : HiveAuthConstants.AuthTypes.values()) {
            testSingleAuth(authTypes);
        }
    }

    private void testSingleAuth(HiveAuthConstants.AuthTypes authTypes) throws Exception {
        AuthType authType = new AuthType(authTypes.getAuthName(), HiveServer2TransportMode.http);
        Assert.assertTrue(authType.isEnabled(authTypes));
        if (authTypes == HiveAuthConstants.AuthTypes.NOSASL || authTypes == HiveAuthConstants.AuthTypes.NONE || AuthType.PASSWORD_BASED_TYPES.contains(authTypes)) {
            Assert.assertEquals(authTypes.getAuthName(), authType.getPasswordBasedAuthStr());
        } else {
            Assert.assertEquals("Should return empty string if no password based authentication is set.", "", authType.getPasswordBasedAuthStr());
        }
    }

    @Test
    public void testOnePasswordAuthWithSAML() throws Exception {
        testOnePasswordAuthWithSAML(HiveAuthConstants.AuthTypes.LDAP);
        testOnePasswordAuthWithSAML(HiveAuthConstants.AuthTypes.PAM);
        testOnePasswordAuthWithSAML(HiveAuthConstants.AuthTypes.CUSTOM);
    }

    @Test
    public void testOnePasswordAuthWithJWT() throws Exception {
        testOnePasswordAuthWithJWT(HiveAuthConstants.AuthTypes.LDAP);
        testOnePasswordAuthWithJWT(HiveAuthConstants.AuthTypes.PAM);
        testOnePasswordAuthWithJWT(HiveAuthConstants.AuthTypes.CUSTOM);
    }

    private void testOnePasswordAuthWithSAML(HiveAuthConstants.AuthTypes authTypes) throws Exception {
        AuthType authType = new AuthType("SAML," + authTypes.getAuthName(), HiveServer2TransportMode.http);
        Assert.assertTrue(authType.isEnabled(HiveAuthConstants.AuthTypes.SAML));
        Assert.assertTrue(authType.isEnabled(authTypes));
        Set set = (Set) Arrays.stream(HiveAuthConstants.AuthTypes.values()).collect(Collectors.toSet());
        set.remove(HiveAuthConstants.AuthTypes.SAML);
        set.remove(authTypes);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            Assert.assertFalse(authType.isEnabled((HiveAuthConstants.AuthTypes) it.next()));
        }
        Assert.assertEquals(authTypes.getAuthName(), authType.getPasswordBasedAuthStr());
        verify("SAML," + authTypes.getAuthName(), HiveServer2TransportMode.binary, true);
        verify("SAML," + authTypes.getAuthName(), HiveServer2TransportMode.all, true);
    }

    private void verify(String str, HiveServer2TransportMode hiveServer2TransportMode, boolean z) {
        try {
            AuthType authType = new AuthType(str, hiveServer2TransportMode);
            if (z) {
                Assert.fail("HiveServer2 " + hiveServer2TransportMode.name() + " mode cann't support " + str + " by design");
            } else {
                for (String str2 : str.split(",")) {
                    Assert.assertTrue(authType.isEnabled(EnumUtils.getEnumIgnoreCase(HiveAuthConstants.AuthTypes.class, str2)));
                }
            }
        } catch (Exception e) {
            if (z) {
                Assert.assertTrue(e instanceof RuntimeException);
            } else {
                Assert.fail("HiveServer2 " + hiveServer2TransportMode.name() + " mode should be able to support " + str);
            }
        }
    }

    private void testOnePasswordAuthWithJWT(HiveAuthConstants.AuthTypes authTypes) throws Exception {
        AuthType authType = new AuthType("JWT," + authTypes.getAuthName(), HiveServer2TransportMode.http);
        Assert.assertTrue(authType.isEnabled(HiveAuthConstants.AuthTypes.JWT));
        Assert.assertTrue(authType.isEnabled(authTypes));
        Set set = (Set) Arrays.stream(HiveAuthConstants.AuthTypes.values()).collect(Collectors.toSet());
        set.remove(HiveAuthConstants.AuthTypes.JWT);
        set.remove(authTypes);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            Assert.assertFalse(authType.isEnabled((HiveAuthConstants.AuthTypes) it.next()));
        }
        Assert.assertEquals(authTypes.getAuthName(), authType.getPasswordBasedAuthStr());
        verify("JWT," + authTypes.getAuthName(), HiveServer2TransportMode.binary, true);
        verify("JWT," + authTypes.getAuthName(), HiveServer2TransportMode.all, true);
    }

    @Test
    public void testMultipleAuthMethods() {
        for (EntryForTest entryForTest : ImmutableSet.of(new EntryForTest("KERBEROS,SAML", HiveServer2TransportMode.binary, true), new EntryForTest("KERBEROS,SAML", HiveServer2TransportMode.http, false), new EntryForTest("KERBEROS,SAML,LDAP", HiveServer2TransportMode.all, true), new EntryForTest("KERBEROS,SAML,LDAP", HiveServer2TransportMode.http, false), new EntryForTest("KERBEROS,LDAP", HiveServer2TransportMode.all, false), new EntryForTest("NONE,SAML", HiveServer2TransportMode.all, true), new EntryForTest[]{new EntryForTest("NONE,SAML", HiveServer2TransportMode.http, true), new EntryForTest("NOSASL,SAML", HiveServer2TransportMode.all, true), new EntryForTest("SAML,LDAP,PAM,CUSTOM", HiveServer2TransportMode.http, true), new EntryForTest("SAML,OTHER", HiveServer2TransportMode.all, true), new EntryForTest("LDAP,PAM,CUSTOM", HiveServer2TransportMode.binary, true), new EntryForTest("KERBEROS,JWT", HiveServer2TransportMode.binary, true), new EntryForTest("KERBEROS,JWT", HiveServer2TransportMode.http, false), new EntryForTest("KERBEROS,JWT,LDAP", HiveServer2TransportMode.http, false), new EntryForTest("KERBEROS,JWT,LDAP", HiveServer2TransportMode.all, true), new EntryForTest("NONE,JWT", HiveServer2TransportMode.all, true), new EntryForTest("NOSASL,JWT", HiveServer2TransportMode.http, true), new EntryForTest("JWT,LDAP,PAM,CUSTOM", HiveServer2TransportMode.http, true), new EntryForTest("JWT,SAML,LDAP", HiveServer2TransportMode.http, false), new EntryForTest("JWT,SAML,LDAP", HiveServer2TransportMode.all, true), new EntryForTest("JWT,SAML", HiveServer2TransportMode.http, false), new EntryForTest("JWT,SAML", HiveServer2TransportMode.binary, true)})) {
            verify(entryForTest.authTypes, entryForTest.mode, entryForTest.shouldThrowException);
        }
    }
}
