package org.apache.hadoop.ipc;

import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.net.InetSocketAddress;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.logging.impl.Log4JLogger;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ipc.Client;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.ipc.TestRPC;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.KerberosInfo;
import org.apache.hadoop.security.SaslInputStream;
import org.apache.hadoop.security.SaslRpcClient;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.SecurityInfo;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.TestUserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.security.token.TokenInfo;
import org.apache.hadoop.security.token.TokenSelector;
import org.apache.log4j.Level;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:lib/hadoop-common-2.0.1-alpha-tests.jar:org/apache/hadoop/ipc/TestSaslRPC.class */
public class TestSaslRPC {
    private static final String ADDRESS = "0.0.0.0";
    static final String ERROR_MESSAGE = "Token is invalid";
    static final String SERVER_PRINCIPAL_KEY = "test.ipc.server.principal";
    static final String SERVER_KEYTAB_KEY = "test.ipc.server.keytab";
    static final String SERVER_PRINCIPAL_1 = "p1/foo@BAR";
    static final String SERVER_PRINCIPAL_2 = "p2/foo@BAR";
    public static final Log LOG = LogFactory.getLog(TestSaslRPC.class);
    private static Configuration conf = new Configuration();

    /* loaded from: input_file:lib/hadoop-common-2.0.1-alpha-tests.jar:org/apache/hadoop/ipc/TestSaslRPC$BadTokenSecretManager.class */
    public static class BadTokenSecretManager extends TestTokenSecretManager {
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.hadoop.ipc.TestSaslRPC.TestTokenSecretManager, org.apache.hadoop.security.token.SecretManager
        public byte[] retrievePassword(TestTokenIdentifier testTokenIdentifier) throws SecretManager.InvalidToken {
            throw new SecretManager.InvalidToken(TestSaslRPC.ERROR_MESSAGE);
        }
    }

    /* loaded from: input_file:lib/hadoop-common-2.0.1-alpha-tests.jar:org/apache/hadoop/ipc/TestSaslRPC$CustomSecurityInfo.class */
    public static class CustomSecurityInfo extends SecurityInfo {
        @Override // org.apache.hadoop.security.SecurityInfo
        public KerberosInfo getKerberosInfo(Class<?> cls, Configuration configuration) {
            return new KerberosInfo() { // from class: org.apache.hadoop.ipc.TestSaslRPC.CustomSecurityInfo.1
                @Override // java.lang.annotation.Annotation
                public Class<? extends Annotation> annotationType() {
                    return null;
                }

                @Override // org.apache.hadoop.security.KerberosInfo
                public String serverPrincipal() {
                    return TestSaslRPC.SERVER_PRINCIPAL_KEY;
                }

                @Override // org.apache.hadoop.security.KerberosInfo
                public String clientPrincipal() {
                    return null;
                }
            };
        }

        @Override // org.apache.hadoop.security.SecurityInfo
        public TokenInfo getTokenInfo(Class<?> cls, Configuration configuration) {
            return new TokenInfo() { // from class: org.apache.hadoop.ipc.TestSaslRPC.CustomSecurityInfo.2
                @Override // org.apache.hadoop.security.token.TokenInfo
                public Class<? extends TokenSelector<? extends TokenIdentifier>> value() {
                    return TestTokenSelector.class;
                }

                @Override // java.lang.annotation.Annotation
                public Class<? extends Annotation> annotationType() {
                    return null;
                }
            };
        }
    }

    /* loaded from: input_file:lib/hadoop-common-2.0.1-alpha-tests.jar:org/apache/hadoop/ipc/TestSaslRPC$TestSaslImpl.class */
    public static class TestSaslImpl extends TestRPC.TestImpl implements TestSaslProtocol {
        @Override // org.apache.hadoop.ipc.TestSaslRPC.TestSaslProtocol
        public UserGroupInformation.AuthenticationMethod getAuthMethod() throws IOException {
            return UserGroupInformation.getCurrentUser().getAuthenticationMethod();
        }
    }

    @TokenInfo(TestTokenSelector.class)
    @KerberosInfo(serverPrincipal = TestSaslRPC.SERVER_PRINCIPAL_KEY)
    /* loaded from: input_file:lib/hadoop-common-2.0.1-alpha-tests.jar:org/apache/hadoop/ipc/TestSaslRPC$TestSaslProtocol.class */
    public interface TestSaslProtocol extends TestRPC.TestProtocol {
        UserGroupInformation.AuthenticationMethod getAuthMethod() throws IOException;
    }

    /* loaded from: input_file:lib/hadoop-common-2.0.1-alpha-tests.jar:org/apache/hadoop/ipc/TestSaslRPC$TestTokenIdentifier.class */
    public static class TestTokenIdentifier extends TokenIdentifier {
        private Text tokenid;
        private Text realUser;
        static final Text KIND_NAME = new Text("test.token");

        public TestTokenIdentifier() {
            this(new Text(), new Text());
        }

        public TestTokenIdentifier(Text text) {
            this(text, new Text());
        }

        public TestTokenIdentifier(Text text, Text text2) {
            this.tokenid = text == null ? new Text() : text;
            this.realUser = text2 == null ? new Text() : text2;
        }

        @Override // org.apache.hadoop.security.token.TokenIdentifier
        public Text getKind() {
            return KIND_NAME;
        }

        @Override // org.apache.hadoop.security.token.TokenIdentifier
        public UserGroupInformation getUser() {
            if ("".equals(this.realUser.toString())) {
                return UserGroupInformation.createRemoteUser(this.tokenid.toString());
            }
            return UserGroupInformation.createProxyUser(this.tokenid.toString(), UserGroupInformation.createRemoteUser(this.realUser.toString()));
        }

        @Override // org.apache.hadoop.io.Writable
        public void readFields(DataInput dataInput) throws IOException {
            this.tokenid.readFields(dataInput);
            this.realUser.readFields(dataInput);
        }

        @Override // org.apache.hadoop.io.Writable
        public void write(DataOutput dataOutput) throws IOException {
            this.tokenid.write(dataOutput);
            this.realUser.write(dataOutput);
        }
    }

    /* loaded from: input_file:lib/hadoop-common-2.0.1-alpha-tests.jar:org/apache/hadoop/ipc/TestSaslRPC$TestTokenSecretManager.class */
    public static class TestTokenSecretManager extends SecretManager<TestTokenIdentifier> {
        @Override // org.apache.hadoop.security.token.SecretManager
        public byte[] createPassword(TestTokenIdentifier testTokenIdentifier) {
            return testTokenIdentifier.getBytes();
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.hadoop.security.token.SecretManager
        public byte[] retrievePassword(TestTokenIdentifier testTokenIdentifier) throws SecretManager.InvalidToken {
            return testTokenIdentifier.getBytes();
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.hadoop.security.token.SecretManager
        public TestTokenIdentifier createIdentifier() {
            return new TestTokenIdentifier();
        }
    }

    /* loaded from: input_file:lib/hadoop-common-2.0.1-alpha-tests.jar:org/apache/hadoop/ipc/TestSaslRPC$TestTokenSelector.class */
    public static class TestTokenSelector implements TokenSelector<TestTokenIdentifier> {
        @Override // org.apache.hadoop.security.token.TokenSelector
        public Token<TestTokenIdentifier> selectToken(Text text, Collection<Token<? extends TokenIdentifier>> collection) {
            if (text == null) {
                return null;
            }
            Iterator<Token<? extends TokenIdentifier>> it = collection.iterator();
            while (it.hasNext()) {
                Token<TestTokenIdentifier> token = (Token) it.next();
                if (TestTokenIdentifier.KIND_NAME.equals(token.getKind()) && text.equals(token.getService())) {
                    return token;
                }
            }
            return null;
        }
    }

    @Test
    public void testDigestRpc() throws Exception {
        TestTokenSecretManager testTokenSecretManager = new TestTokenSecretManager();
        doDigestRpc(RPC.getServer(TestSaslProtocol.class, new TestSaslImpl(), "0.0.0.0", 0, 5, true, conf, testTokenSecretManager), testTokenSecretManager);
    }

    @Test
    public void testDigestRpcWithoutAnnotation() throws Exception {
        TestTokenSecretManager testTokenSecretManager = new TestTokenSecretManager();
        try {
            SecurityUtil.setSecurityInfoProviders(new CustomSecurityInfo());
            doDigestRpc(RPC.getServer(TestSaslProtocol.class, new TestSaslImpl(), "0.0.0.0", 0, 5, true, conf, testTokenSecretManager), testTokenSecretManager);
            SecurityUtil.setSecurityInfoProviders(new SecurityInfo[0]);
        } catch (Throwable th) {
            SecurityUtil.setSecurityInfoProviders(new SecurityInfo[0]);
            throw th;
        }
    }

    @Test
    public void testSecureToInsecureRpc() throws Exception {
        RPC.Server server = RPC.getServer(TestSaslProtocol.class, new TestSaslImpl(), "0.0.0.0", 0, 5, true, conf, null);
        server.disableSecurity();
        doDigestRpc(server, new TestTokenSecretManager());
    }

    @Test
    public void testErrorMessage() throws Exception {
        BadTokenSecretManager badTokenSecretManager = new BadTokenSecretManager();
        boolean z = false;
        try {
            doDigestRpc(RPC.getServer(TestSaslProtocol.class, new TestSaslImpl(), "0.0.0.0", 0, 5, true, conf, badTokenSecretManager), badTokenSecretManager);
        } catch (RemoteException e) {
            LOG.info("LOGGING MESSAGE: " + e.getLocalizedMessage());
            Assert.assertTrue(ERROR_MESSAGE.equals(e.getLocalizedMessage()));
            Assert.assertTrue(e.unwrapRemoteException() instanceof SecretManager.InvalidToken);
            z = true;
        }
        Assert.assertTrue(z);
    }

    private void doDigestRpc(Server server, TestTokenSecretManager testTokenSecretManager) throws Exception {
        server.start();
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        InetSocketAddress connectAddress = NetUtils.getConnectAddress(server);
        Token<? extends TokenIdentifier> token = new Token<>(new TestTokenIdentifier(new Text(currentUser.getUserName())), testTokenSecretManager);
        SecurityUtil.setTokenService(token, connectAddress);
        currentUser.addToken(token);
        TestSaslProtocol testSaslProtocol = null;
        try {
            testSaslProtocol = (TestSaslProtocol) RPC.getProxy(TestSaslProtocol.class, 1L, connectAddress, conf);
            junit.framework.Assert.assertEquals(SaslRpcServer.SASL_PROPS.get("javax.security.sasl.qop"), "auth");
            testSaslProtocol.ping();
            server.stop();
            if (testSaslProtocol != null) {
                RPC.stopProxy(testSaslProtocol);
            }
        } catch (Throwable th) {
            server.stop();
            if (testSaslProtocol != null) {
                RPC.stopProxy(testSaslProtocol);
            }
            throw th;
        }
    }

    @Test
    public void testPingInterval() throws Exception {
        Configuration configuration = new Configuration(conf);
        configuration.set(SERVER_PRINCIPAL_KEY, SERVER_PRINCIPAL_1);
        conf.setInt(CommonConfigurationKeys.IPC_PING_INTERVAL_KEY, 60000);
        configuration.setBoolean(CommonConfigurationKeys.IPC_CLIENT_PING_KEY, true);
        Assert.assertEquals(60000L, Client.ConnectionId.getConnectionId(new InetSocketAddress(0), TestSaslProtocol.class, null, 0, configuration).getPingInterval());
        configuration.setBoolean(CommonConfigurationKeys.IPC_CLIENT_PING_KEY, false);
        Assert.assertEquals(0L, Client.ConnectionId.getConnectionId(new InetSocketAddress(0), TestSaslProtocol.class, null, 0, configuration).getPingInterval());
    }

    @Test
    public void testGetRemotePrincipal() throws Exception {
        try {
            Configuration configuration = new Configuration(conf);
            configuration.set(SERVER_PRINCIPAL_KEY, SERVER_PRINCIPAL_1);
            Assert.assertEquals(SERVER_PRINCIPAL_1, Client.ConnectionId.getConnectionId(new InetSocketAddress(0), TestSaslProtocol.class, null, 0, configuration).getServerPrincipal());
            configuration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, PseudoAuthenticationHandler.TYPE);
            UserGroupInformation.setConfiguration(configuration);
            Assert.assertEquals("serverPrincipal should be null when security is turned off", (Object) null, Client.ConnectionId.getConnectionId(new InetSocketAddress(0), TestSaslProtocol.class, null, 0, configuration).getServerPrincipal());
            UserGroupInformation.setConfiguration(conf);
        } catch (Throwable th) {
            UserGroupInformation.setConfiguration(conf);
            throw th;
        }
    }

    @Test
    public void testPerConnectionConf() throws Exception {
        TestTokenSecretManager testTokenSecretManager = new TestTokenSecretManager();
        RPC.Server server = RPC.getServer(TestSaslProtocol.class, new TestSaslImpl(), "0.0.0.0", 0, 5, true, conf, testTokenSecretManager);
        server.start();
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        InetSocketAddress connectAddress = NetUtils.getConnectAddress(server);
        Token<? extends TokenIdentifier> token = new Token<>(new TestTokenIdentifier(new Text(currentUser.getUserName())), testTokenSecretManager);
        SecurityUtil.setTokenService(token, connectAddress);
        currentUser.addToken(token);
        Configuration configuration = new Configuration(conf);
        configuration.set(CommonConfigurationKeysPublic.HADOOP_RPC_SOCKET_FACTORY_CLASS_DEFAULT_KEY, "");
        configuration.set(SERVER_PRINCIPAL_KEY, SERVER_PRINCIPAL_1);
        TestSaslProtocol testSaslProtocol = null;
        TestSaslProtocol testSaslProtocol2 = null;
        TestSaslProtocol testSaslProtocol3 = null;
        try {
            testSaslProtocol = (TestSaslProtocol) RPC.getProxy(TestSaslProtocol.class, 1L, connectAddress, configuration);
            testSaslProtocol.getAuthMethod();
            Set<Client.ConnectionId> connectionIds = WritableRpcEngine.getClient(conf).getConnectionIds();
            Assert.assertEquals("number of connections in cache is wrong", 1L, connectionIds.size());
            testSaslProtocol2 = (TestSaslProtocol) RPC.getProxy(TestSaslProtocol.class, 1L, connectAddress, configuration);
            testSaslProtocol2.getAuthMethod();
            Assert.assertEquals("number of connections in cache is wrong", 1L, connectionIds.size());
            configuration.set(SERVER_PRINCIPAL_KEY, SERVER_PRINCIPAL_2);
            testSaslProtocol3 = (TestSaslProtocol) RPC.getProxy(TestSaslProtocol.class, 1L, connectAddress, configuration);
            testSaslProtocol3.getAuthMethod();
            Client.ConnectionId[] connectionIdArr = (Client.ConnectionId[]) connectionIds.toArray(new Client.ConnectionId[0]);
            Assert.assertEquals("number of connections in cache is wrong", 2L, connectionIdArr.length);
            String serverPrincipal = connectionIdArr[0].getServerPrincipal();
            String serverPrincipal2 = connectionIdArr[1].getServerPrincipal();
            Assert.assertFalse("should have different principals", serverPrincipal.equals(serverPrincipal2));
            Assert.assertTrue("principal not as expected", serverPrincipal.equals(SERVER_PRINCIPAL_1) || serverPrincipal.equals(SERVER_PRINCIPAL_2));
            Assert.assertTrue("principal not as expected", serverPrincipal2.equals(SERVER_PRINCIPAL_1) || serverPrincipal2.equals(SERVER_PRINCIPAL_2));
            server.stop();
            RPC.stopProxy(testSaslProtocol);
            RPC.stopProxy(testSaslProtocol2);
            RPC.stopProxy(testSaslProtocol3);
        } catch (Throwable th) {
            server.stop();
            RPC.stopProxy(testSaslProtocol);
            RPC.stopProxy(testSaslProtocol2);
            RPC.stopProxy(testSaslProtocol3);
            throw th;
        }
    }

    static void testKerberosRpc(String str, String str2) throws Exception {
        Configuration configuration = new Configuration(conf);
        configuration.set(SERVER_PRINCIPAL_KEY, str);
        configuration.set(SERVER_KEYTAB_KEY, str2);
        SecurityUtil.login(configuration, SERVER_KEYTAB_KEY, SERVER_PRINCIPAL_KEY);
        TestUserGroupInformation.verifyLoginMetrics(1L, 0);
        System.out.println("UGI: " + UserGroupInformation.getCurrentUser());
        RPC.Server server = RPC.getServer(TestSaslProtocol.class, new TestSaslImpl(), "0.0.0.0", 0, 5, true, configuration, null);
        TestSaslProtocol testSaslProtocol = null;
        server.start();
        try {
            testSaslProtocol = (TestSaslProtocol) RPC.getProxy(TestSaslProtocol.class, 1L, NetUtils.getConnectAddress(server), configuration);
            testSaslProtocol.ping();
            server.stop();
            if (testSaslProtocol != null) {
                RPC.stopProxy(testSaslProtocol);
            }
            System.out.println("Test is successful.");
        } catch (Throwable th) {
            server.stop();
            if (testSaslProtocol != null) {
                RPC.stopProxy(testSaslProtocol);
            }
            throw th;
        }
    }

    @Test
    public void testDigestAuthMethod() throws Exception {
        TestTokenSecretManager testTokenSecretManager = new TestTokenSecretManager();
        RPC.Server server = RPC.getServer(TestSaslProtocol.class, new TestSaslImpl(), "0.0.0.0", 0, 5, true, conf, testTokenSecretManager);
        server.start();
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        final InetSocketAddress connectAddress = NetUtils.getConnectAddress(server);
        Token<? extends TokenIdentifier> token = new Token<>(new TestTokenIdentifier(new Text(currentUser.getUserName())), testTokenSecretManager);
        SecurityUtil.setTokenService(token, connectAddress);
        currentUser.addToken(token);
        currentUser.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.ipc.TestSaslRPC.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws IOException {
                TestSaslProtocol testSaslProtocol = null;
                try {
                    testSaslProtocol = (TestSaslProtocol) RPC.getProxy(TestSaslProtocol.class, 1L, connectAddress, TestSaslRPC.conf);
                    junit.framework.Assert.assertEquals(UserGroupInformation.AuthenticationMethod.TOKEN, testSaslProtocol.getAuthMethod());
                    if (testSaslProtocol == null) {
                        return null;
                    }
                    RPC.stopProxy(testSaslProtocol);
                    return null;
                } catch (Throwable th) {
                    if (testSaslProtocol != null) {
                        RPC.stopProxy(testSaslProtocol);
                    }
                    throw th;
                }
            }
        });
        server.stop();
    }

    public static void main(String[] strArr) throws Exception {
        System.out.println("Testing Kerberos authentication over RPC");
        if (strArr.length != 2) {
            System.err.println("Usage: java <options> org.apache.hadoop.ipc.TestSaslRPC  <serverPrincipal> <keytabFile>");
            System.exit(-1);
        }
        testKerberosRpc(strArr[0], strArr[1]);
    }

    static {
        conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, KerberosAuthenticationHandler.TYPE);
        UserGroupInformation.setConfiguration(conf);
        ((Log4JLogger) Client.LOG).getLogger().setLevel(Level.ALL);
        ((Log4JLogger) Server.LOG).getLogger().setLevel(Level.ALL);
        ((Log4JLogger) SaslRpcClient.LOG).getLogger().setLevel(Level.ALL);
        ((Log4JLogger) SaslRpcServer.LOG).getLogger().setLevel(Level.ALL);
        ((Log4JLogger) SaslInputStream.LOG).getLogger().setLevel(Level.ALL);
        ((Log4JLogger) SecurityUtil.LOG).getLogger().setLevel(Level.ALL);
    }
}
