package org.apache.zookeeper.server.quorum.auth;

import java.io.File;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeoutException;
import junit.framework.Assert;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils;
import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.PortAssignment;
import org.apache.zookeeper.ZooDefs;
import org.apache.zookeeper.ZooKeeper;
import org.apache.zookeeper.server.quorum.QuorumPeerTestBase;
import org.apache.zookeeper.test.ClientBase;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assume;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/zookeeper/server/quorum/auth/ApacheDSQuorumKerberosHostBasedAuthTest.class */
public class ApacheDSQuorumKerberosHostBasedAuthTest extends ApacheDSKerberosSecurityTestcase {
    private static File keytabFile;
    private static String hostServerPrincipal = KerberosTestUtils.getHostServerPrincipal();
    private static String hostLearnerPrincipal = KerberosTestUtils.getHostLearnerPrincipal();
    private static String hostNamedLearnerPrincipal = KerberosTestUtils.getHostNamedLearnerPrincipal("myhost");

    private static void setupJaasConfigEntries(String str, String str2, String str3) {
        String normalize = FilenameUtils.normalize(KerberosTestUtils.getKeytabFile(), true);
        setupJaasConfig(new String("QuorumServer {\n       com.sun.security.auth.module.Krb5LoginModule required\n       useKeyTab=true\n       keyTab=\"" + normalize + "\"\n       storeKey=true\n       useTicketCache=false\n       debug=true\n       doNotPrompt=true\n       refreshKrb5Config=true\n       principal=\"" + KerberosTestUtils.replaceHostPattern(str) + "\";\n};\nQuorumLearner {\n       com.sun.security.auth.module.Krb5LoginModule required\n       useKeyTab=true\n       keyTab=\"" + normalize + "\"\n       storeKey=true\n       useTicketCache=false\n       debug=true\n       doNotPrompt=true\n       refreshKrb5Config=true\n       isInitiator=true\n       principal=\"" + KerberosTestUtils.replaceHostPattern(str2) + "\";\n};\nQuorumLearnerMyHost {\n       com.sun.security.auth.module.Krb5LoginModule required\n       useKeyTab=true\n       keyTab=\"" + normalize + "\"\n       storeKey=true\n       useTicketCache=false\n       debug=true\n       doNotPrompt=true\n       refreshKrb5Config=true\n       isInitiator=true\n       principal=\"" + str3 + "\";\n};\n"));
    }

    @BeforeClass
    public static void onlyJdk6() throws Exception {
        String property = System.getProperty("java.specification.version", "1.6");
        System.out.println("java.specification.version=" + property);
        Assume.assumeTrue("Skipping test as Java Major version is " + property, "1.6".equals(property));
    }

    @BeforeClass
    public static void setUp() throws Exception {
        keytabFile = new File(KerberosTestUtils.getKeytabFile());
        String replaceHostPattern = KerberosTestUtils.replaceHostPattern(hostLearnerPrincipal.substring(0, hostLearnerPrincipal.lastIndexOf("@")));
        String replaceHostPattern2 = KerberosTestUtils.replaceHostPattern(hostServerPrincipal.substring(0, hostServerPrincipal.lastIndexOf("@")));
        getKdc().createPrincipal(keytabFile, replaceHostPattern, hostNamedLearnerPrincipal.substring(0, hostNamedLearnerPrincipal.lastIndexOf("@")), replaceHostPattern2);
    }

    @After
    public void tearDown() throws Exception {
        for (QuorumPeerTestBase.MainThread mainThread : this.mt) {
            mainThread.shutdown();
            mainThread.deleteBaseDir();
        }
    }

    @AfterClass
    public static void cleanup() {
        if (keytabFile != null) {
            FileUtils.deleteQuietly(keytabFile);
        }
        cleanupJaasConfig();
    }

    @Test(timeout = 120000)
    public void testValidCredentials() throws Exception {
        String substring = hostServerPrincipal.substring(0, hostServerPrincipal.lastIndexOf("@"));
        HashMap hashMap = new HashMap();
        hashMap.put("quorum.auth.enableSasl", "true");
        hashMap.put("quorum.auth.serverRequireSasl", "true");
        hashMap.put("quorum.auth.learnerRequireSasl", "true");
        hashMap.put("quorum.auth.kerberos.servicePrincipal", substring);
        String startQuorum = startQuorum(3, (Map<String, String>) hashMap, 3, true);
        ClientBase.CountdownWatcher countdownWatcher = new ClientBase.CountdownWatcher();
        ZooKeeper zooKeeper = new ZooKeeper(startQuorum, ClientBase.CONNECTION_TIMEOUT, countdownWatcher);
        countdownWatcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT);
        for (int i = 0; i < 10; i++) {
            zooKeeper.create("/" + i, new byte[0], ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
        }
        zooKeeper.close();
    }

    @Test(timeout = 120000)
    public void testConnectBadServer() throws Exception {
        String substring = hostServerPrincipal.substring(0, hostServerPrincipal.lastIndexOf("@"));
        HashMap hashMap = new HashMap();
        hashMap.put("quorum.auth.enableSasl", "true");
        hashMap.put("quorum.auth.serverRequireSasl", "true");
        hashMap.put("quorum.auth.learnerRequireSasl", "true");
        hashMap.put("quorum.auth.kerberos.servicePrincipal", substring);
        String startQuorum = startQuorum(3, (Map<String, String>) hashMap, 3, true);
        ClientBase.CountdownWatcher countdownWatcher = new ClientBase.CountdownWatcher();
        ZooKeeper zooKeeper = new ZooKeeper(startQuorum, ClientBase.CONNECTION_TIMEOUT, countdownWatcher);
        countdownWatcher.waitForConnected(ClientBase.CONNECTION_TIMEOUT);
        for (int i = 0; i < 10; i++) {
            zooKeeper.create("/" + i, new byte[0], ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
        }
        zooKeeper.close();
        String quorumCfgSection = this.mt.get(0).getQuorumCfgSection();
        StringBuilder sb = new StringBuilder();
        sb.append(quorumCfgSection);
        int size = this.mt.size() + 1;
        int unique = PortAssignment.unique();
        sb.append(String.format("server.%d=localhost:%d:%d:participant", Integer.valueOf(size), Integer.valueOf(PortAssignment.unique()), Integer.valueOf(PortAssignment.unique())) + "\n");
        String sb2 = sb.toString();
        hashMap.put("quorum.auth.learner.saslLoginContext", "QuorumLearnerMyHost");
        QuorumPeerTestBase.MainThread mainThread = new QuorumPeerTestBase.MainThread(size, unique, sb2, hashMap);
        mainThread.start();
        ClientBase.CountdownWatcher countdownWatcher2 = new ClientBase.CountdownWatcher();
        ZooKeeper zooKeeper2 = new ZooKeeper("127.0.0.1:" + unique, ClientBase.CONNECTION_TIMEOUT, countdownWatcher2);
        try {
            countdownWatcher2.waitForConnected(ClientBase.CONNECTION_TIMEOUT / 3);
            Assert.fail("Must throw exception as the myHost is not an authorized one!");
            zooKeeper2.close();
            mainThread.shutdown();
            mainThread.deleteBaseDir();
        } catch (TimeoutException e) {
            zooKeeper2.close();
            mainThread.shutdown();
            mainThread.deleteBaseDir();
        } catch (Throwable th) {
            zooKeeper2.close();
            mainThread.shutdown();
            mainThread.deleteBaseDir();
            throw th;
        }
    }

    static {
        setupJaasConfigEntries(hostServerPrincipal, hostLearnerPrincipal, hostNamedLearnerPrincipal);
    }
}
