package org.apache.hadoop.crypto.key.kms.server;

import java.io.File;
import java.net.URL;
import java.security.PrivilegedExceptionAction;
import org.apache.curator.test.TestingServer;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.kms.KMSRESTConstants;
import org.apache.hadoop.crypto.key.kms.server.KMSACLs;
import org.apache.hadoop.crypto.key.kms.server.MiniKMS;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL;
import org.apache.log4j.LogManager;
import org.junit.Assert;
import org.junit.Test;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-kms-2.7.0-mapr-1803-r1-tests.jar:org/apache/hadoop/crypto/key/kms/server/TestKMSWithZK.class
 */
/* loaded from: input_file:test-classes/org/apache/hadoop/crypto/key/kms/server/TestKMSWithZK.class */
public class TestKMSWithZK {
    protected Configuration createBaseKMSConf(File file) throws Exception {
        Configuration configuration = new Configuration(false);
        configuration.set(KMSConfiguration.KEY_PROVIDER_URI, "jceks://file@" + new Path(file.getAbsolutePath(), "kms.keystore").toUri());
        configuration.set("hadoop.kms.authentication.type", PseudoAuthenticationHandler.TYPE);
        configuration.setBoolean(KMSConfiguration.KEY_AUTHORIZATION_ENABLE, false);
        configuration.set(KMSACLs.Type.GET_KEYS.getAclConfigKey(), "foo");
        return configuration;
    }

    @Test
    public void testMultipleKMSInstancesWithZKSigner() throws Exception {
        File testDir = TestKMS.getTestDir();
        Configuration createBaseKMSConf = createBaseKMSConf(testDir);
        TestingServer testingServer = new TestingServer();
        testingServer.start();
        MiniKMS miniKMS = null;
        MiniKMS miniKMS2 = null;
        createBaseKMSConf.set("hadoop.kms.authentication.signer.secret.provider", "zookeeper");
        createBaseKMSConf.set("hadoop.kms.authentication.signer.secret.provider.zookeeper.connection.string", testingServer.getConnectString());
        createBaseKMSConf.set("hadoop.kms.authentication.signer.secret.provider.zookeeper.path", "/secret");
        TestKMS.writeConf(testDir, createBaseKMSConf);
        try {
            miniKMS = new MiniKMS.Builder().setKmsConfDir(testDir).setLog4jConfFile(LogManager.DEFAULT_CONFIGURATION_FILE).build();
            miniKMS.start();
            miniKMS2 = new MiniKMS.Builder().setKmsConfDir(testDir).setLog4jConfFile(LogManager.DEFAULT_CONFIGURATION_FILE).build();
            miniKMS2.start();
            final URL url = new URL(miniKMS.getKMSUrl().toExternalForm() + KMSRESTConstants.SERVICE_VERSION + "/" + KMSRESTConstants.KEYS_NAMES_RESOURCE);
            final URL url2 = new URL(miniKMS2.getKMSUrl().toExternalForm() + KMSRESTConstants.SERVICE_VERSION + "/" + KMSRESTConstants.KEYS_NAMES_RESOURCE);
            final DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token();
            final DelegationTokenAuthenticatedURL delegationTokenAuthenticatedURL = new DelegationTokenAuthenticatedURL();
            UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("foo", new String[]{"gfoo"});
            UserGroupInformation createUserForTesting2 = UserGroupInformation.createUserForTesting("bar", new String[]{"gBar"});
            createUserForTesting.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.crypto.key.kms.server.TestKMSWithZK.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Assert.assertEquals(200L, delegationTokenAuthenticatedURL.openConnection(url, token).getResponseCode());
                    return null;
                }
            });
            createUserForTesting2.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.crypto.key.kms.server.TestKMSWithZK.2
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Assert.assertEquals(200L, delegationTokenAuthenticatedURL.openConnection(url2, token).getResponseCode());
                    return null;
                }
            });
            createUserForTesting2.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.crypto.key.kms.server.TestKMSWithZK.3
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Assert.assertEquals(403L, delegationTokenAuthenticatedURL.openConnection(url2, new DelegationTokenAuthenticatedURL.Token()).getResponseCode());
                    return null;
                }
            });
            if (miniKMS2 != null) {
                miniKMS2.stop();
            }
            if (miniKMS != null) {
                miniKMS.stop();
            }
            testingServer.stop();
        } catch (Throwable th) {
            if (miniKMS2 != null) {
                miniKMS2.stop();
            }
            if (miniKMS != null) {
                miniKMS.stop();
            }
            testingServer.stop();
            throw th;
        }
    }
}
