package org.apache.hadoop.fs.http.server;

import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.http.client.HttpFSFileSystem;
import org.apache.hadoop.fs.http.client.HttpFSKerberosAuthenticator;
import org.apache.hadoop.hdfs.web.SWebHdfsFileSystem;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.lib.service.DelegationTokenIdentifier;
import org.apache.hadoop.lib.service.DelegationTokenManager;
import org.apache.hadoop.lib.service.DelegationTokenManagerException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.server.AuthenticationHandler;
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.test.HFSTestCase;
import org.apache.hadoop.test.TestDir;
import org.apache.hadoop.test.TestDirHelper;
import org.apache.log4j.helpers.UtilLoggingLevel;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:test-classes/org/apache/hadoop/fs/http/server/TestHttpFSKerberosAuthenticationHandler.class */
public class TestHttpFSKerberosAuthenticationHandler extends HFSTestCase {
    @Test
    @TestDir
    public void testManagementOperationsWebHdfsFileSystem() throws Exception {
        testManagementOperations(WebHdfsFileSystem.TOKEN_KIND);
    }

    @Test
    @TestDir
    public void testManagementOperationsSWebHdfsFileSystem() throws Exception {
        try {
            System.setProperty("httpfs.ssl.enabled", "true");
            testManagementOperations(SWebHdfsFileSystem.TOKEN_KIND);
            System.getProperties().remove("httpfs.ssl.enabled");
        } catch (Throwable th) {
            System.getProperties().remove("httpfs.ssl.enabled");
            throw th;
        }
    }

    private void testManagementOperations(Text text) throws Exception {
        String absolutePath = TestDirHelper.getTestDir().getAbsolutePath();
        HttpFSServerWebApp httpFSServerWebApp = new HttpFSServerWebApp(absolutePath, absolutePath, absolutePath, absolutePath, new Configuration(false));
        httpFSServerWebApp.setAuthority(new InetSocketAddress(InetAddress.getLocalHost(), UtilLoggingLevel.CONFIG_INT));
        HttpFSKerberosAuthenticationHandlerForTesting httpFSKerberosAuthenticationHandlerForTesting = new HttpFSKerberosAuthenticationHandlerForTesting();
        try {
            httpFSServerWebApp.init();
            httpFSKerberosAuthenticationHandlerForTesting.init(null);
            testNonManagementOperation(httpFSKerberosAuthenticationHandlerForTesting);
            testManagementOperationErrors(httpFSKerberosAuthenticationHandlerForTesting);
            testGetToken(httpFSKerberosAuthenticationHandlerForTesting, null, text);
            testGetToken(httpFSKerberosAuthenticationHandlerForTesting, "foo", text);
            testCancelToken(httpFSKerberosAuthenticationHandlerForTesting);
            testRenewToken(httpFSKerberosAuthenticationHandlerForTesting);
            if (httpFSKerberosAuthenticationHandlerForTesting != null) {
                httpFSKerberosAuthenticationHandlerForTesting.destroy();
            }
            httpFSServerWebApp.destroy();
        } catch (Throwable th) {
            if (httpFSKerberosAuthenticationHandlerForTesting != null) {
                httpFSKerberosAuthenticationHandlerForTesting.destroy();
            }
            httpFSServerWebApp.destroy();
            throw th;
        }
    }

    private void testNonManagementOperation(AuthenticationHandler authenticationHandler) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getParameter("op")).thenReturn((Object) null);
        Assert.assertTrue(authenticationHandler.managementOperation(null, httpServletRequest, null));
        Mockito.when(httpServletRequest.getParameter("op")).thenReturn(HttpFSFileSystem.Operation.CREATE.toString());
        Assert.assertTrue(authenticationHandler.managementOperation(null, httpServletRequest, null));
    }

    private void testManagementOperationErrors(AuthenticationHandler authenticationHandler) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(httpServletRequest.getParameter("op")).thenReturn(HttpFSKerberosAuthenticator.DelegationTokenOperation.GETDELEGATIONTOKEN.toString());
        Mockito.when(httpServletRequest.getMethod()).thenReturn("FOO");
        Assert.assertFalse(authenticationHandler.managementOperation(null, httpServletRequest, httpServletResponse));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(Mockito.eq(400), Mockito.startsWith("Wrong HTTP method"));
        Mockito.reset(new HttpServletResponse[]{httpServletResponse});
        Mockito.when(httpServletRequest.getMethod()).thenReturn(HttpFSKerberosAuthenticator.DelegationTokenOperation.GETDELEGATIONTOKEN.getHttpMethod());
        Assert.assertFalse(authenticationHandler.managementOperation(null, httpServletRequest, httpServletResponse));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(Mockito.eq(401), Mockito.contains("requires SPNEGO"));
    }

    private void testGetToken(AuthenticationHandler authenticationHandler, String str, Text text) throws Exception {
        HttpFSKerberosAuthenticator.DelegationTokenOperation delegationTokenOperation = HttpFSKerberosAuthenticator.DelegationTokenOperation.GETDELEGATIONTOKEN;
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(httpServletRequest.getParameter("op")).thenReturn(delegationTokenOperation.toString());
        Mockito.when(httpServletRequest.getMethod()).thenReturn(delegationTokenOperation.getHttpMethod());
        AuthenticationToken authenticationToken = (AuthenticationToken) Mockito.mock(AuthenticationToken.class);
        Mockito.when(authenticationToken.getUserName()).thenReturn("user");
        Assert.assertFalse(authenticationHandler.managementOperation(null, httpServletRequest, httpServletResponse));
        Mockito.when(httpServletRequest.getParameter("renewer")).thenReturn(str);
        Mockito.reset(new HttpServletResponse[]{httpServletResponse});
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter(stringWriter);
        Mockito.when(httpServletResponse.getWriter()).thenReturn(printWriter);
        Assert.assertFalse(authenticationHandler.managementOperation(authenticationToken, httpServletRequest, httpServletResponse));
        if (str == null) {
            ((AuthenticationToken) Mockito.verify(authenticationToken)).getUserName();
        } else {
            ((AuthenticationToken) Mockito.verify(authenticationToken, Mockito.never())).getUserName();
        }
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setStatus(200);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setContentType("application/json");
        printWriter.close();
        String stringWriter2 = stringWriter.toString();
        Assert.assertTrue(stringWriter2.contains(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_JSON));
        Assert.assertTrue(stringWriter2.contains(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON));
        String str2 = (String) ((JSONObject) ((JSONObject) new JSONParser().parse(stringWriter2)).get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_JSON)).get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON);
        Token<DelegationTokenIdentifier> token = new Token<>();
        token.decodeFromUrlString(str2);
        ((DelegationTokenManager) HttpFSServerWebApp.get().get(DelegationTokenManager.class)).verifyToken(token);
        Assert.assertEquals(text, token.getKind());
    }

    private void testCancelToken(AuthenticationHandler authenticationHandler) throws Exception {
        HttpFSKerberosAuthenticator.DelegationTokenOperation delegationTokenOperation = HttpFSKerberosAuthenticator.DelegationTokenOperation.CANCELDELEGATIONTOKEN;
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(httpServletRequest.getParameter("op")).thenReturn(delegationTokenOperation.toString());
        Mockito.when(httpServletRequest.getMethod()).thenReturn(delegationTokenOperation.getHttpMethod());
        Assert.assertFalse(authenticationHandler.managementOperation(null, httpServletRequest, httpServletResponse));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(Mockito.eq(400), Mockito.contains("requires the parameter [token]"));
        Mockito.reset(new HttpServletResponse[]{httpServletResponse});
        Token<DelegationTokenIdentifier> createToken = ((DelegationTokenManager) HttpFSServerWebApp.get().get(DelegationTokenManager.class)).createToken(UserGroupInformation.getCurrentUser(), "foo");
        Mockito.when(httpServletRequest.getParameter("token")).thenReturn(createToken.encodeToUrlString());
        Assert.assertFalse(authenticationHandler.managementOperation(null, httpServletRequest, httpServletResponse));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setStatus(200);
        try {
            ((DelegationTokenManager) HttpFSServerWebApp.get().get(DelegationTokenManager.class)).verifyToken(createToken);
            Assert.fail();
        } catch (DelegationTokenManagerException e) {
            Assert.assertTrue(e.toString().contains("DT01"));
        }
    }

    private void testRenewToken(AuthenticationHandler authenticationHandler) throws Exception {
        HttpFSKerberosAuthenticator.DelegationTokenOperation delegationTokenOperation = HttpFSKerberosAuthenticator.DelegationTokenOperation.RENEWDELEGATIONTOKEN;
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(httpServletRequest.getParameter("op")).thenReturn(delegationTokenOperation.toString());
        Mockito.when(httpServletRequest.getMethod()).thenReturn(delegationTokenOperation.getHttpMethod());
        Assert.assertFalse(authenticationHandler.managementOperation(null, httpServletRequest, httpServletResponse));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(Mockito.eq(401), Mockito.contains("equires SPNEGO authentication established"));
        Mockito.reset(new HttpServletResponse[]{httpServletResponse});
        AuthenticationToken authenticationToken = (AuthenticationToken) Mockito.mock(AuthenticationToken.class);
        Mockito.when(authenticationToken.getUserName()).thenReturn("user");
        Assert.assertFalse(authenticationHandler.managementOperation(authenticationToken, httpServletRequest, httpServletResponse));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(Mockito.eq(400), Mockito.contains("requires the parameter [token]"));
        Mockito.reset(new HttpServletResponse[]{httpServletResponse});
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter(stringWriter);
        Mockito.when(httpServletResponse.getWriter()).thenReturn(printWriter);
        Token<DelegationTokenIdentifier> createToken = ((DelegationTokenManager) HttpFSServerWebApp.get().get(DelegationTokenManager.class)).createToken(UserGroupInformation.getCurrentUser(), "user");
        Mockito.when(httpServletRequest.getParameter("token")).thenReturn(createToken.encodeToUrlString());
        Assert.assertFalse(authenticationHandler.managementOperation(authenticationToken, httpServletRequest, httpServletResponse));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setStatus(200);
        printWriter.close();
        Assert.assertTrue(stringWriter.toString().contains(HttpFSKerberosAuthenticator.RENEW_DELEGATION_TOKEN_JSON));
        ((DelegationTokenManager) HttpFSServerWebApp.get().get(DelegationTokenManager.class)).verifyToken(createToken);
    }

    @Test
    @TestDir
    public void testAuthenticate() throws Exception {
        String absolutePath = TestDirHelper.getTestDir().getAbsolutePath();
        HttpFSServerWebApp httpFSServerWebApp = new HttpFSServerWebApp(absolutePath, absolutePath, absolutePath, absolutePath, new Configuration(false));
        httpFSServerWebApp.setAuthority(new InetSocketAddress(InetAddress.getLocalHost(), UtilLoggingLevel.CONFIG_INT));
        HttpFSKerberosAuthenticationHandlerForTesting httpFSKerberosAuthenticationHandlerForTesting = new HttpFSKerberosAuthenticationHandlerForTesting();
        try {
            httpFSServerWebApp.init();
            httpFSKerberosAuthenticationHandlerForTesting.init(null);
            testValidDelegationToken(httpFSKerberosAuthenticationHandlerForTesting);
            testInvalidDelegationToken(httpFSKerberosAuthenticationHandlerForTesting);
            if (httpFSKerberosAuthenticationHandlerForTesting != null) {
                httpFSKerberosAuthenticationHandlerForTesting.destroy();
            }
            httpFSServerWebApp.destroy();
        } catch (Throwable th) {
            if (httpFSKerberosAuthenticationHandlerForTesting != null) {
                httpFSKerberosAuthenticationHandlerForTesting.destroy();
            }
            httpFSServerWebApp.destroy();
            throw th;
        }
    }

    private void testValidDelegationToken(AuthenticationHandler authenticationHandler) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(httpServletRequest.getParameter("delegation")).thenReturn(((DelegationTokenManager) HttpFSServerWebApp.get().get(DelegationTokenManager.class)).createToken(UserGroupInformation.getCurrentUser(), "user").encodeToUrlString());
        AuthenticationToken authenticate = authenticationHandler.authenticate(httpServletRequest, httpServletResponse);
        Assert.assertEquals(UserGroupInformation.getCurrentUser().getShortUserName(), authenticate.getUserName());
        Assert.assertEquals(0L, authenticate.getExpires());
        Assert.assertEquals(HttpFSKerberosAuthenticationHandler.TYPE, authenticate.getType());
        Assert.assertTrue(authenticate.isExpired());
    }

    private void testInvalidDelegationToken(AuthenticationHandler authenticationHandler) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(httpServletRequest.getParameter("delegation")).thenReturn("invalid");
        try {
            authenticationHandler.authenticate(httpServletRequest, httpServletResponse);
            Assert.fail();
        } catch (AuthenticationException e) {
        } catch (Exception e2) {
            Assert.fail();
        }
    }
}
