package org.apache.hadoop.security;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import javax.naming.CommunicationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/security/TestLdapGroupsMapping.class */
public class TestLdapGroupsMapping extends TestLdapGroupsMappingBase {
    private static final Logger LOG = LoggerFactory.getLogger(TestLdapGroupsMapping.class);
    private static final byte[] AUTHENTICATE_SUCCESS_MSG = {48, 12, 2, 1, 1, 97, 7, 10, 1, 0, 4, 0, 4, 0};
    private final String userDN = "CN=some_user,DC=test,DC=com";
    private static final String TEST_LDAP_URL = "ldap://test";

    @Before
    public void setupMocks() {
        Mockito.when(getUserSearchResult().getNameInNamespace()).thenReturn("CN=some_user,DC=test,DC=com");
    }

    @Test
    public void testGetGroups() throws NamingException {
        Mockito.when(getContext().search(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (Object[]) ArgumentMatchers.any(Object[].class), (SearchControls) ArgumentMatchers.any(SearchControls.class))).thenReturn(getUserNames(), new NamingEnumeration[]{getGroupNames()});
        doTestGetGroups(Arrays.asList(getTestGroups()), 2);
    }

    @Test
    public void testGetGroupsWithDifferentBaseDNs() throws Exception {
        Configuration baseConf = getBaseConf(TEST_LDAP_URL);
        baseConf.set("hadoop.security.group.mapping.ldap.userbase", "ou=Users,dc=xxx,dc=com ");
        baseConf.set("hadoop.security.group.mapping.ldap.groupbase", " ou=Groups,dc=xxx,dc=com");
        doTestGetGroupsWithBaseDN(baseConf, "ou=Users,dc=xxx,dc=com ".trim(), " ou=Groups,dc=xxx,dc=com".trim());
    }

    @Test
    public void testGetGroupsWithDefaultBaseDN() throws Exception {
        Configuration baseConf = getBaseConf(TEST_LDAP_URL);
        baseConf.set("hadoop.security.group.mapping.ldap.base", " dc=xxx,dc=com ");
        doTestGetGroupsWithBaseDN(baseConf, " dc=xxx,dc=com ".trim(), " dc=xxx,dc=com ".trim());
    }

    private void doTestGetGroupsWithBaseDN(Configuration configuration, String str, String str2) throws NamingException {
        LdapGroupsMapping groupsMapping = getGroupsMapping();
        groupsMapping.setConf(configuration);
        Mockito.when(getContext().search(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (Object[]) ArgumentMatchers.any(Object[].class), (SearchControls) ArgumentMatchers.any(SearchControls.class))).thenReturn(getUserNames(), new NamingEnumeration[]{getGroupNames()});
        Assert.assertEquals(Arrays.asList(getTestGroups()), groupsMapping.getGroups("some_user"));
        ((DirContext) Mockito.verify(getContext(), Mockito.times(1))).search(str, "(&(objectClass=user)(sAMAccountName={0}))", new Object[]{"some_user"}, LdapGroupsMapping.SEARCH_CONTROLS);
        ((DirContext) Mockito.verify(getContext(), Mockito.times(1))).search(str2, "(&(objectClass=group)(member={0}))", new Object[]{"CN=some_user,DC=test,DC=com"}, LdapGroupsMapping.SEARCH_CONTROLS);
    }

    @Test
    public void testGetGroupsWithHierarchy() throws NamingException {
        Mockito.when(getContext().search(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (Object[]) ArgumentMatchers.any(Object[].class), (SearchControls) ArgumentMatchers.any(SearchControls.class))).thenReturn(getUserNames(), new NamingEnumeration[]{getGroupNames()});
        Mockito.when(getContext().search(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (SearchControls) ArgumentMatchers.any(SearchControls.class))).thenReturn(getParentGroupNames());
        doTestGetGroupsWithParent(Arrays.asList(getTestParentGroups()), 2, 1);
    }

    @Test
    public void testGetGroupsWithConnectionClosed() throws NamingException {
        Mockito.when(getContext().search(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (Object[]) ArgumentMatchers.any(Object[].class), (SearchControls) ArgumentMatchers.any(SearchControls.class))).thenThrow(new Throwable[]{new CommunicationException("Connection is closed")}).thenReturn(getUserNames(), new NamingEnumeration[]{getGroupNames()});
        doTestGetGroups(Arrays.asList(getTestGroups()), 3);
    }

    @Test
    public void testGetGroupsWithLdapDown() throws NamingException {
        Mockito.when(getContext().search(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (Object[]) ArgumentMatchers.any(Object[].class), (SearchControls) ArgumentMatchers.any(SearchControls.class))).thenThrow(new Throwable[]{new CommunicationException("Connection is closed")});
        doTestGetGroups(Arrays.asList(new String[0]), 4);
    }

    private void doTestGetGroups(List<String> list, int i) throws NamingException {
        Configuration baseConf = getBaseConf(TEST_LDAP_URL);
        baseConf.setInt("hadoop.security.group.mapping.ldap.num.attempts", i);
        LdapGroupsMapping groupsMapping = getGroupsMapping();
        groupsMapping.setConf(baseConf);
        Assert.assertEquals(list, groupsMapping.getGroups("some_user"));
        ((DirContext) Mockito.verify(getContext(), Mockito.times(i))).search(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (Object[]) ArgumentMatchers.any(Object[].class), (SearchControls) ArgumentMatchers.any(SearchControls.class));
    }

    private void doTestGetGroupsWithParent(List<String> list, int i, int i2) throws NamingException {
        Configuration baseConf = getBaseConf(TEST_LDAP_URL);
        baseConf.setInt("hadoop.security.group.mapping.ldap.search.group.hierarchy.levels", 1);
        LdapGroupsMapping groupsMapping = getGroupsMapping();
        groupsMapping.setConf(baseConf);
        Assert.assertEquals(new HashSet(list), new HashSet(groupsMapping.getGroups("some_user")));
        ((DirContext) Mockito.verify(getContext(), Mockito.times(i))).search(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (Object[]) ArgumentMatchers.any(Object[].class), (SearchControls) ArgumentMatchers.any(SearchControls.class));
        ((DirContext) Mockito.verify(getContext(), Mockito.times(i2))).search(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (SearchControls) ArgumentMatchers.any(SearchControls.class));
    }

    @Test
    public void testExtractPassword() throws IOException {
        File testDir = GenericTestUtils.getTestDir();
        testDir.mkdirs();
        File file = new File(testDir, "secret.txt");
        FileWriter fileWriter = new FileWriter(file);
        fileWriter.write("hadoop");
        fileWriter.close();
        Assert.assertEquals("hadoop", new LdapGroupsMapping().extractPassword(file.getPath()));
    }

    @Test
    public void testConfGetPassword() throws Exception {
        File testDir = GenericTestUtils.getTestDir();
        Configuration baseConf = getBaseConf();
        String str = "jceks://file" + new Path(testDir.toString(), "test.jks").toUri();
        new File(testDir, "test.jks").delete();
        baseConf.set("hadoop.security.credential.provider.path", str);
        CredentialProvider credentialProvider = (CredentialProvider) CredentialProviderFactory.getProviders(baseConf).get(0);
        char[] cArr = {'b', 'i', 'n', 'd', 'p', 'a', 's', 's'};
        char[] cArr2 = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};
        Assert.assertNull(credentialProvider.getCredentialEntry("hadoop.security.group.mapping.ldap.bind.password"));
        Assert.assertNull(credentialProvider.getCredentialEntry("hadoop.security.group.mapping.ldap.ssl.keystore.password"));
        try {
            credentialProvider.createCredentialEntry("hadoop.security.group.mapping.ldap.bind.password", cArr);
            credentialProvider.createCredentialEntry("hadoop.security.group.mapping.ldap.ssl.keystore.password", cArr2);
            credentialProvider.flush();
            Assert.assertArrayEquals(cArr, credentialProvider.getCredentialEntry("hadoop.security.group.mapping.ldap.bind.password").getCredential());
            Assert.assertArrayEquals(cArr2, credentialProvider.getCredentialEntry("hadoop.security.group.mapping.ldap.ssl.keystore.password").getCredential());
            LdapGroupsMapping ldapGroupsMapping = new LdapGroupsMapping();
            Assert.assertEquals("bindpass", ldapGroupsMapping.getPassword(baseConf, "hadoop.security.group.mapping.ldap.bind.password", ""));
            Assert.assertEquals("storepass", ldapGroupsMapping.getPassword(baseConf, "hadoop.security.group.mapping.ldap.ssl.keystore.password", ""));
            Assert.assertEquals("", ldapGroupsMapping.getPassword(baseConf, "invalid-alias", ""));
        } catch (Exception e) {
            e.printStackTrace();
            throw e;
        }
    }

    @Test
    public void testConfGetPasswordUsingAlias() throws Exception {
        File testDir = GenericTestUtils.getTestDir();
        Configuration baseConf = getBaseConf();
        String str = "jceks://file" + new Path(testDir.toString(), "test.jks").toUri();
        new File(testDir, "test.jks").delete();
        baseConf.set("hadoop.security.credential.provider.path", str);
        baseConf.set("hadoop.security.group.mapping.ldap.bind.password.alias", "bindpassAlias");
        CredentialProvider credentialProvider = (CredentialProvider) CredentialProviderFactory.getProviders(baseConf).get(0);
        char[] charArray = "bindpass".toCharArray();
        Assert.assertNull(credentialProvider.getCredentialEntry("bindpassAlias"));
        credentialProvider.createCredentialEntry("bindpassAlias", charArray);
        credentialProvider.flush();
        Assert.assertArrayEquals(charArray, credentialProvider.getCredentialEntry("bindpassAlias").getCredential());
        LdapGroupsMapping ldapGroupsMapping = new LdapGroupsMapping();
        Assert.assertEquals("bindpass", ldapGroupsMapping.getPasswordFromCredentialProviders(baseConf, "bindpassAlias", ""));
        Assert.assertEquals("", ldapGroupsMapping.getPasswordFromCredentialProviders(baseConf, "invalid-alias", ""));
    }

    @Test(timeout = 30000)
    public void testLdapConnectionTimeout() throws IOException, InterruptedException {
        final ServerSocket serverSocket = new ServerSocket(0);
        try {
            final CountDownLatch countDownLatch = new CountDownLatch(1);
            Thread thread = new Thread(new Runnable() { // from class: org.apache.hadoop.security.TestLdapGroupsMapping.1
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        Socket accept = serverSocket.accept();
                        try {
                            countDownLatch.await();
                            if (accept != null) {
                                accept.close();
                            }
                        } finally {
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
            });
            thread.start();
            LdapGroupsMapping ldapGroupsMapping = new LdapGroupsMapping();
            Configuration baseConf = getBaseConf("ldap://localhost:" + serverSocket.getLocalPort(), null);
            baseConf.setInt("hadoop.security.group.mapping.ldap.connection.timeout.ms", 3000);
            ldapGroupsMapping.setConf(baseConf);
            try {
                try {
                    ldapGroupsMapping.doGetGroups("hadoop", 1);
                    Assert.fail("The LDAP query should have timed out!");
                    countDownLatch.countDown();
                } catch (NamingException e) {
                    LOG.debug("Got the exception while LDAP querying: ", e);
                    GenericTestUtils.assertExceptionContains("LDAP response read timed out, timeout used", e);
                    GenericTestUtils.assertExceptionContains("3000", e);
                    Assert.assertFalse(e.getMessage().contains("remaining name"));
                    countDownLatch.countDown();
                }
                thread.join();
                serverSocket.close();
            } catch (Throwable th) {
                countDownLatch.countDown();
                throw th;
            }
        } catch (Throwable th2) {
            try {
                serverSocket.close();
            } catch (Throwable th3) {
                th2.addSuppressed(th3);
            }
            throw th2;
        }
    }

    @Test(timeout = 30000)
    public void testLdapReadTimeout() throws IOException, InterruptedException {
        final ServerSocket serverSocket = new ServerSocket(0);
        try {
            final CountDownLatch countDownLatch = new CountDownLatch(1);
            Thread thread = new Thread(new Runnable() { // from class: org.apache.hadoop.security.TestLdapGroupsMapping.2
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        Socket accept = serverSocket.accept();
                        try {
                            IOUtils.skipFully(accept.getInputStream(), 1L);
                            accept.getOutputStream().write(TestLdapGroupsMapping.AUTHENTICATE_SUCCESS_MSG);
                            countDownLatch.await();
                            if (accept != null) {
                                accept.close();
                            }
                        } finally {
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
            });
            thread.start();
            LdapGroupsMapping ldapGroupsMapping = new LdapGroupsMapping();
            Configuration baseConf = getBaseConf("ldap://localhost:" + serverSocket.getLocalPort(), null);
            baseConf.setInt("hadoop.security.group.mapping.ldap.read.timeout.ms", 4000);
            ldapGroupsMapping.setConf(baseConf);
            try {
                try {
                    ldapGroupsMapping.doGetGroups("hadoop", 1);
                    Assert.fail("The LDAP query should have timed out!");
                    countDownLatch.countDown();
                } catch (Throwable th) {
                    countDownLatch.countDown();
                    throw th;
                }
            } catch (NamingException e) {
                LOG.debug("Got the exception while LDAP querying: ", e);
                GenericTestUtils.assertExceptionContains("LDAP response read timed out, timeout used", e);
                GenericTestUtils.assertExceptionContains("4000", e);
                GenericTestUtils.assertExceptionContains("remaining name", e);
                countDownLatch.countDown();
            }
            thread.join();
            serverSocket.close();
        } catch (Throwable th2) {
            try {
                serverSocket.close();
            } catch (Throwable th3) {
                th2.addSuppressed(th3);
            }
            throw th2;
        }
    }

    @Test(timeout = 10000)
    public void testSetConf() throws Exception {
        Configuration configuration = (Configuration) Mockito.spy(getBaseConf(TEST_LDAP_URL));
        Mockito.when(configuration.getPassword(ArgumentMatchers.anyString())).thenThrow(new Throwable[]{new IOException("injected IOException")});
        getGroupsMapping().setConf(configuration);
    }
}
