package org.apache.hadoop.security.authorize;

import java.util.Arrays;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.StringUtils;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:lib/hadoop-common-2.0.0-cdh4.1.3-tests.jar:org/apache/hadoop/security/authorize/TestProxyUsers.class */
public class TestProxyUsers {
    private static final String REAL_USER_NAME = "proxier";
    private static final String PROXY_USER_NAME = "proxied_user";
    private static final String[] GROUP_NAMES = {"foo_group"};
    private static final String[] OTHER_GROUP_NAMES = {"bar_group"};
    private static final String PROXY_IP = "1.2.3.4";

    @Test
    public void testProxyUsers() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER_NAME), StringUtils.join(StringUtils.COMMA_STR, Arrays.asList(GROUP_NAMES)));
        configuration.set(ProxyUsers.getProxySuperuserIpConfKey(REAL_USER_NAME), PROXY_IP);
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES);
        assertAuthorized(createProxyUserForTesting, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting, "1.2.3.5");
        UserGroupInformation createProxyUserForTesting2 = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), OTHER_GROUP_NAMES);
        assertNotAuthorized(createProxyUserForTesting2, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting2, "1.2.3.5");
    }

    @Test
    public void testWildcardGroup() {
        Configuration configuration = new Configuration();
        configuration.set(ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER_NAME), "*");
        configuration.set(ProxyUsers.getProxySuperuserIpConfKey(REAL_USER_NAME), PROXY_IP);
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES);
        assertAuthorized(createProxyUserForTesting, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting, "1.2.3.5");
        UserGroupInformation createProxyUserForTesting2 = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), OTHER_GROUP_NAMES);
        assertAuthorized(createProxyUserForTesting2, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting2, "1.2.3.5");
    }

    @Test
    public void testWildcardIP() {
        Configuration configuration = new Configuration();
        configuration.set(ProxyUsers.getProxySuperuserGroupConfKey(REAL_USER_NAME), StringUtils.join(StringUtils.COMMA_STR, Arrays.asList(GROUP_NAMES)));
        configuration.set(ProxyUsers.getProxySuperuserIpConfKey(REAL_USER_NAME), "*");
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES);
        assertAuthorized(createProxyUserForTesting, PROXY_IP);
        assertAuthorized(createProxyUserForTesting, "1.2.3.5");
        UserGroupInformation createProxyUserForTesting2 = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), OTHER_GROUP_NAMES);
        assertNotAuthorized(createProxyUserForTesting2, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting2, "1.2.3.5");
    }

    private void assertNotAuthorized(UserGroupInformation userGroupInformation, String str) {
        try {
            ProxyUsers.authorize(userGroupInformation, str, null);
            Assert.fail("Allowed authorization of " + userGroupInformation + " from " + str);
        } catch (AuthorizationException e) {
        }
    }

    private void assertAuthorized(UserGroupInformation userGroupInformation, String str) {
        try {
            ProxyUsers.authorize(userGroupInformation, str, null);
        } catch (AuthorizationException e) {
            Assert.fail("Did not allowed authorization of " + userGroupInformation + " from " + str);
        }
    }
}
