package org.apache.hadoop.hbase.security;

import java.io.File;
import java.io.IOException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.AuthUtil;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtil;
import org.apache.hadoop.hbase.ipc.TestProtoBufRpc;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.hbase.testclassification.SmallTests;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({SecurityTests.class, SmallTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/TestUsersOperationsWithSecureHadoop.class */
public class TestUsersOperationsWithSecureHadoop {
    private static MiniKdc KDC;
    private static String PRINCIPAL;
    private static String CLIENT_NAME;

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestUsersOperationsWithSecureHadoop.class);
    private static final HBaseTestingUtil TEST_UTIL = new HBaseTestingUtil();
    private static final File KEYTAB_FILE = new File(TEST_UTIL.getDataTestDir("keytab").toUri().getPath());
    private static String HOST = TestProtoBufRpc.ADDRESS;

    @BeforeClass
    public static void setUp() throws Exception {
        KDC = TEST_UTIL.setupMiniKdc(KEYTAB_FILE);
        PRINCIPAL = "hbase/" + HOST;
        CLIENT_NAME = "foo";
        KDC.createPrincipal(KEYTAB_FILE, new String[]{PRINCIPAL, CLIENT_NAME});
        HBaseKerberosUtils.setPrincipalForTesting(PRINCIPAL + "@" + KDC.getRealm());
        HBaseKerberosUtils.setKeytabFileForTesting(KEYTAB_FILE.getAbsolutePath());
        HBaseKerberosUtils.setClientPrincipalForTesting(CLIENT_NAME + "@" + KDC.getRealm());
        HBaseKerberosUtils.setClientKeytabForTesting(KEYTAB_FILE.getAbsolutePath());
    }

    @AfterClass
    public static void tearDown() throws IOException {
        if (KDC != null) {
            KDC.stop();
        }
        TEST_UTIL.cleanupTestDir();
    }

    @Test
    public void testUserLoginInSecureHadoop() throws Exception {
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        String keytabFileForTesting = HBaseKerberosUtils.getKeytabFileForTesting();
        String principalForTesting = HBaseKerberosUtils.getPrincipalForTesting();
        Assert.assertNotNull("KerberosKeytab was not specified", keytabFileForTesting);
        Assert.assertNotNull("KerberosPrincipal was not specified", principalForTesting);
        Configuration securedConfiguration = HBaseKerberosUtils.getSecuredConfiguration();
        UserGroupInformation.setConfiguration(securedConfiguration);
        User.login(securedConfiguration, "hbase.regionserver.keytab.file", "hbase.regionserver.kerberos.principal", TestProtoBufRpc.ADDRESS);
        Assert.assertFalse("ugi should be different in in case success login", currentUser.equals(UserGroupInformation.getLoginUser()));
    }

    @Test
    public void testLoginWithUserKeytabAndPrincipal() throws Exception {
        String clientKeytabForTesting = HBaseKerberosUtils.getClientKeytabForTesting();
        String clientPrincipalForTesting = HBaseKerberosUtils.getClientPrincipalForTesting();
        Assert.assertNotNull("Path for client keytab is not specified.", clientKeytabForTesting);
        Assert.assertNotNull("Client principal is not specified.", clientPrincipalForTesting);
        Configuration securedConfiguration = HBaseKerberosUtils.getSecuredConfiguration();
        securedConfiguration.set("hbase.client.keytab.file", clientKeytabForTesting);
        securedConfiguration.set("hbase.client.keytab.principal", clientPrincipalForTesting);
        UserGroupInformation.setConfiguration(securedConfiguration);
        UserProvider instantiate = UserProvider.instantiate(securedConfiguration);
        Assert.assertTrue("Client principal or keytab is empty", instantiate.shouldLoginFromKeytab());
        instantiate.login("hbase.client.keytab.file", "hbase.client.keytab.principal");
        User current = instantiate.getCurrent();
        Assert.assertEquals(CLIENT_NAME, current.getShortName());
        Assert.assertEquals(HBaseKerberosUtils.getClientPrincipalForTesting(), current.getName());
    }

    @Test
    public void testAuthUtilLogin() throws Exception {
        String clientKeytabForTesting = HBaseKerberosUtils.getClientKeytabForTesting();
        String clientPrincipalForTesting = HBaseKerberosUtils.getClientPrincipalForTesting();
        Configuration securedConfiguration = HBaseKerberosUtils.getSecuredConfiguration();
        securedConfiguration.set("hbase.client.keytab.file", clientKeytabForTesting);
        securedConfiguration.set("hbase.client.keytab.principal", clientPrincipalForTesting);
        UserGroupInformation.setConfiguration(securedConfiguration);
        User loginClient = AuthUtil.loginClient(securedConfiguration);
        Assert.assertTrue(loginClient.isLoginFromKeytab());
        Assert.assertEquals(CLIENT_NAME, loginClient.getShortName());
        Assert.assertEquals(HBaseKerberosUtils.getClientPrincipalForTesting(), loginClient.getName());
    }
}
