package org.apache.hadoop.ipc;

import java.io.IOException;
import java.lang.annotation.Annotation;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.PrivilegedExceptionAction;
import java.security.Security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.regex.Pattern;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ipc.Client;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.ipc.TestRpcBase;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.KDiag;
import org.apache.hadoop.security.KerberosInfo;
import org.apache.hadoop.security.SaslInputStream;
import org.apache.hadoop.security.SaslPlainServer;
import org.apache.hadoop.security.SaslPropertiesResolver;
import org.apache.hadoop.security.SaslRpcClient;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.SecurityInfo;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.TestUserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.security.token.TokenInfo;
import org.apache.hadoop.security.token.TokenSelector;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.thirdparty.protobuf.ServiceException;
import org.apache.hadoop.util.StringUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.event.Level;

@RunWith(Parameterized.class)
/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.25-eep-901-tests.jar:org/apache/hadoop/ipc/TestSaslRPC.class */
public class TestSaslRPC extends TestRpcBase {
    SaslRpcServer.QualityOfProtection[] qop;
    SaslRpcServer.QualityOfProtection expectedQop;
    String saslPropertiesResolver;
    static final String ERROR_MESSAGE = "Token is invalid";
    static final String SERVER_KEYTAB_KEY = "test.ipc.server.keytab";
    static final String SERVER_PRINCIPAL_1 = "p1/foo@BAR";
    private static Pattern BadToken;
    private static Pattern KrbFailed;
    private static Pattern NoTokenAuth;
    private static Pattern NoFallback;
    public static final Logger LOG = LoggerFactory.getLogger((Class<?>) TestSaslRPC.class);
    static Boolean enableSecretManager = null;
    static Boolean forceSecretManager = null;
    static Boolean clientFallBackToSimpleAllowed = true;

    /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.25-eep-901-tests.jar:org/apache/hadoop/ipc/TestSaslRPC$AuthSaslPropertiesResolver.class */
    static class AuthSaslPropertiesResolver extends SaslPropertiesResolver {
        AuthSaslPropertiesResolver() {
        }

        @Override // org.apache.hadoop.security.SaslPropertiesResolver
        public Map<String, String> getServerProperties(InetAddress inetAddress) {
            HashMap hashMap = new HashMap(getDefaultProperties());
            hashMap.put("javax.security.sasl.qop", SaslRpcServer.QualityOfProtection.AUTHENTICATION.getSaslQop());
            return hashMap;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.25-eep-901-tests.jar:org/apache/hadoop/ipc/TestSaslRPC$BadTokenSecretManager.class */
    public static class BadTokenSecretManager extends TestRpcBase.TestTokenSecretManager {
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.hadoop.ipc.TestRpcBase.TestTokenSecretManager, org.apache.hadoop.security.token.SecretManager
        public byte[] retrievePassword(TestRpcBase.TestTokenIdentifier testTokenIdentifier) throws SecretManager.InvalidToken {
            throw new SecretManager.InvalidToken(TestSaslRPC.ERROR_MESSAGE);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.25-eep-901-tests.jar:org/apache/hadoop/ipc/TestSaslRPC$CustomSecurityInfo.class */
    public static class CustomSecurityInfo extends SecurityInfo {
        @Override // org.apache.hadoop.security.SecurityInfo
        public KerberosInfo getKerberosInfo(Class<?> cls, Configuration configuration) {
            return new KerberosInfo() { // from class: org.apache.hadoop.ipc.TestSaslRPC.CustomSecurityInfo.1
                @Override // java.lang.annotation.Annotation
                public Class<? extends Annotation> annotationType() {
                    return null;
                }

                @Override // org.apache.hadoop.security.KerberosInfo
                public String serverPrincipal() {
                    return "test.ipc.server.principal";
                }

                @Override // org.apache.hadoop.security.KerberosInfo
                public String clientPrincipal() {
                    return null;
                }
            };
        }

        @Override // org.apache.hadoop.security.SecurityInfo
        public TokenInfo getTokenInfo(Class<?> cls, Configuration configuration) {
            return new TokenInfo() { // from class: org.apache.hadoop.ipc.TestSaslRPC.CustomSecurityInfo.2
                @Override // org.apache.hadoop.security.token.TokenInfo
                public Class<? extends TokenSelector<? extends TokenIdentifier>> value() {
                    return TestRpcBase.TestTokenSelector.class;
                }

                @Override // java.lang.annotation.Annotation
                public Class<? extends Annotation> annotationType() {
                    return null;
                }
            };
        }
    }

    /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.25-eep-901-tests.jar:org/apache/hadoop/ipc/TestSaslRPC$TestPlainCallbacks.class */
    static class TestPlainCallbacks {

        /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.25-eep-901-tests.jar:org/apache/hadoop/ipc/TestSaslRPC$TestPlainCallbacks$Client.class */
        public static class Client implements CallbackHandler {
            String user;
            String password;

            Client(String str, String str2) {
                this.user = null;
                this.password = null;
                this.user = str;
                this.password = str2;
            }

            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
                for (Callback callback : callbackArr) {
                    if (callback instanceof NameCallback) {
                        ((NameCallback) callback).setName(this.user);
                    } else {
                        if (!(callback instanceof PasswordCallback)) {
                            throw new UnsupportedCallbackException(callback, "Unrecognized SASL PLAIN Callback");
                        }
                        ((PasswordCallback) callback).setPassword(this.password.toCharArray());
                    }
                }
            }
        }

        /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.25-eep-901-tests.jar:org/apache/hadoop/ipc/TestSaslRPC$TestPlainCallbacks$Server.class */
        public static class Server implements CallbackHandler {
            String user;
            String password;

            Server(String str, String str2) {
                this.user = null;
                this.password = null;
                this.user = str;
                this.password = str2;
            }

            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws UnsupportedCallbackException, SaslException {
                NameCallback nameCallback = null;
                PasswordCallback passwordCallback = null;
                AuthorizeCallback authorizeCallback = null;
                for (Callback callback : callbackArr) {
                    if (callback instanceof NameCallback) {
                        nameCallback = (NameCallback) callback;
                        Assert.assertEquals(this.user, nameCallback.getName());
                    } else if (callback instanceof PasswordCallback) {
                        passwordCallback = (PasswordCallback) callback;
                        if (!this.password.equals(new String(passwordCallback.getPassword()))) {
                            throw new IllegalArgumentException("wrong password");
                        }
                    } else {
                        if (!(callback instanceof AuthorizeCallback)) {
                            throw new UnsupportedCallbackException(callback, "Unsupported SASL PLAIN Callback");
                        }
                        authorizeCallback = (AuthorizeCallback) callback;
                        Assert.assertEquals(this.user, authorizeCallback.getAuthorizationID());
                        Assert.assertEquals(this.user, authorizeCallback.getAuthenticationID());
                        authorizeCallback.setAuthorized(true);
                        authorizeCallback.setAuthorizedID(authorizeCallback.getAuthenticationID());
                    }
                }
                Assert.assertNotNull(nameCallback);
                Assert.assertNotNull(passwordCallback);
                Assert.assertNotNull(authorizeCallback);
            }
        }

        TestPlainCallbacks() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.25-eep-901-tests.jar:org/apache/hadoop/ipc/TestSaslRPC$UseToken.class */
    public enum UseToken {
        NONE,
        VALID,
        INVALID,
        OTHER
    }

    @Parameterized.Parameters
    public static Collection<Object[]> data() {
        ArrayList arrayList = new ArrayList();
        for (SaslRpcServer.QualityOfProtection qualityOfProtection : SaslRpcServer.QualityOfProtection.values()) {
            arrayList.add(new Object[]{new SaslRpcServer.QualityOfProtection[]{qualityOfProtection}, qualityOfProtection, null});
        }
        arrayList.add(new Object[]{new SaslRpcServer.QualityOfProtection[]{SaslRpcServer.QualityOfProtection.PRIVACY, SaslRpcServer.QualityOfProtection.AUTHENTICATION}, SaslRpcServer.QualityOfProtection.PRIVACY, null});
        arrayList.add(new Object[]{new SaslRpcServer.QualityOfProtection[]{SaslRpcServer.QualityOfProtection.PRIVACY, SaslRpcServer.QualityOfProtection.AUTHENTICATION}, SaslRpcServer.QualityOfProtection.AUTHENTICATION, "org.apache.hadoop.ipc.TestSaslRPC$AuthSaslPropertiesResolver"});
        return arrayList;
    }

    public TestSaslRPC(SaslRpcServer.QualityOfProtection[] qualityOfProtectionArr, SaslRpcServer.QualityOfProtection qualityOfProtection, String str) {
        this.qop = qualityOfProtectionArr;
        this.expectedQop = qualityOfProtection;
        this.saslPropertiesResolver = str;
    }

    @BeforeClass
    public static void setupKerb() {
        System.setProperty(KDiag.JAVA_SECURITY_KRB5_KDC_ADDRESS, "");
        System.setProperty(KDiag.JAVA_SECURITY_KRB5_REALM, "NONE");
        Security.addProvider(new SaslPlainServer.SecurityProvider());
    }

    @Before
    public void setup() {
        LOG.info("---------------------------------");
        LOG.info("Testing QOP:" + getQOPNames(this.qop));
        LOG.info("---------------------------------");
        conf = new Configuration();
        conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, UserGroupInformation.AuthenticationMethod.SIMPLE.toString());
        conf.set(CommonConfigurationKeysPublic.HADOOP_RPC_PROTECTION, getQOPNames(this.qop));
        if (this.saslPropertiesResolver != null) {
            conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_SASL_PROPS_RESOLVER_CLASS, this.saslPropertiesResolver);
        }
        UserGroupInformation.setConfiguration(conf);
        enableSecretManager = null;
        forceSecretManager = null;
        clientFallBackToSimpleAllowed = true;
        RPC.setProtocolEngine(conf, TestRpcBase.TestRpcService.class, ProtobufRpcEngine2.class);
    }

    static String getQOPNames(SaslRpcServer.QualityOfProtection[] qualityOfProtectionArr) {
        StringBuilder sb = new StringBuilder();
        int i = 0;
        for (SaslRpcServer.QualityOfProtection qualityOfProtection : qualityOfProtectionArr) {
            sb.append(StringUtils.toLowerCase(qualityOfProtection.name()));
            i++;
            if (i < qualityOfProtectionArr.length) {
                sb.append(",");
            }
        }
        return sb.toString();
    }

    @Test
    public void testDigestRpc() throws Exception {
        TestRpcBase.TestTokenSecretManager testTokenSecretManager = new TestRpcBase.TestTokenSecretManager();
        doDigestRpc(setupTestServer(conf, 5, testTokenSecretManager), testTokenSecretManager);
    }

    @Test
    public void testDigestRpcWithoutAnnotation() throws Exception {
        TestRpcBase.TestTokenSecretManager testTokenSecretManager = new TestRpcBase.TestTokenSecretManager();
        try {
            SecurityUtil.setSecurityInfoProviders(new CustomSecurityInfo());
            doDigestRpc(setupTestServer(conf, 5, testTokenSecretManager), testTokenSecretManager);
            SecurityUtil.setSecurityInfoProviders(new SecurityInfo[0]);
        } catch (Throwable th) {
            SecurityUtil.setSecurityInfoProviders(new SecurityInfo[0]);
            throw th;
        }
    }

    @Test
    public void testErrorMessage() throws Exception {
        BadTokenSecretManager badTokenSecretManager = new BadTokenSecretManager();
        boolean z = false;
        try {
            doDigestRpc(setupTestServer(conf, 5, badTokenSecretManager), badTokenSecretManager);
        } catch (ServiceException e) {
            Assert.assertTrue(e.getCause() instanceof RemoteException);
            RemoteException remoteException = (RemoteException) e.getCause();
            LOG.info("LOGGING MESSAGE: " + remoteException.getLocalizedMessage());
            Assert.assertEquals(ERROR_MESSAGE, remoteException.getLocalizedMessage());
            Assert.assertTrue(remoteException.unwrapRemoteException() instanceof SecretManager.InvalidToken);
            z = true;
        }
        Assert.assertTrue(z);
    }

    private void doDigestRpc(Server server, TestRpcBase.TestTokenSecretManager testTokenSecretManager) throws Exception {
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        addr = NetUtils.getConnectAddress(server);
        Token<? extends TokenIdentifier> token = new Token<>(new TestRpcBase.TestTokenIdentifier(new Text(currentUser.getUserName())), testTokenSecretManager);
        SecurityUtil.setTokenService(token, addr);
        currentUser.addToken(token);
        TestRpcBase.TestRpcService testRpcService = null;
        try {
            testRpcService = getClient(addr, conf);
            Assert.assertEquals(UserGroupInformation.AuthenticationMethod.TOKEN, convert(testRpcService.getAuthMethod(null, newEmptyRequest())));
            Assert.assertEquals(this.expectedQop.saslQop, RPC.getConnectionIdForProxy(testRpcService).getSaslQop());
            int i = 0;
            for (Server.Connection connection : server.getConnections()) {
                boolean z = connection.saslServer != null;
                Assert.assertTrue("qop:" + this.expectedQop + " hasServer:" + z, (this.expectedQop == SaslRpcServer.QualityOfProtection.AUTHENTICATION) ^ z);
                i++;
            }
            Assert.assertTrue(i > 0);
            testRpcService.ping(null, newEmptyRequest());
            stop(server, testRpcService);
        } catch (Throwable th) {
            stop(server, testRpcService);
            throw th;
        }
    }

    @Test
    public void testPingInterval() throws Exception {
        Configuration configuration = new Configuration(conf);
        configuration.set("test.ipc.server.principal", SERVER_PRINCIPAL_1);
        conf.setInt(CommonConfigurationKeys.IPC_PING_INTERVAL_KEY, 60000);
        configuration.setBoolean(CommonConfigurationKeys.IPC_CLIENT_PING_KEY, true);
        Assert.assertEquals(60000L, Client.ConnectionId.getConnectionId(new InetSocketAddress(0), TestRpcBase.TestRpcService.class, null, 0, null, configuration).getPingInterval());
        configuration.setBoolean(CommonConfigurationKeys.IPC_CLIENT_PING_KEY, false);
        Assert.assertEquals(0L, Client.ConnectionId.getConnectionId(new InetSocketAddress(0), TestRpcBase.TestRpcService.class, null, 0, null, configuration).getPingInterval());
    }

    @Test
    public void testPerConnectionConf() throws Exception {
        TestRpcBase.TestTokenSecretManager testTokenSecretManager = new TestRpcBase.TestTokenSecretManager();
        RPC.Server server = setupTestServer(conf, 5, testTokenSecretManager);
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        InetSocketAddress connectAddress = NetUtils.getConnectAddress(server);
        Token<? extends TokenIdentifier> token = new Token<>(new TestRpcBase.TestTokenIdentifier(new Text(currentUser.getUserName())), testTokenSecretManager);
        SecurityUtil.setTokenService(token, connectAddress);
        currentUser.addToken(token);
        Configuration configuration = new Configuration(conf);
        configuration.set(CommonConfigurationKeysPublic.HADOOP_RPC_SOCKET_FACTORY_CLASS_DEFAULT_KEY, "");
        Client client = null;
        TestRpcBase.TestRpcService testRpcService = null;
        TestRpcBase.TestRpcService testRpcService2 = null;
        TestRpcBase.TestRpcService testRpcService3 = null;
        int[] iArr = {111222, 3333333};
        try {
            configuration.setInt(CommonConfigurationKeysPublic.IPC_CLIENT_CONNECTION_MAXIDLETIME_KEY, iArr[0]);
            testRpcService = getClient(connectAddress, configuration);
            testRpcService.getAuthMethod(null, newEmptyRequest());
            client = ProtobufRpcEngine2.getClient(configuration);
            Set<Client.ConnectionId> connectionIds = client.getConnectionIds();
            Assert.assertEquals("number of connections in cache is wrong", 1L, connectionIds.size());
            testRpcService2 = getClient(connectAddress, configuration);
            testRpcService2.getAuthMethod(null, newEmptyRequest());
            Assert.assertEquals("number of connections in cache is wrong", 1L, connectionIds.size());
            configuration.setInt(CommonConfigurationKeysPublic.IPC_CLIENT_CONNECTION_MAXIDLETIME_KEY, iArr[1]);
            testRpcService3 = getClient(connectAddress, configuration);
            testRpcService3.getAuthMethod(null, newEmptyRequest());
            Assert.assertEquals("number of connections in cache is wrong", 2L, connectionIds.size());
            Client.ConnectionId[] connectionIdArr = {RPC.getConnectionIdForProxy(testRpcService), RPC.getConnectionIdForProxy(testRpcService2), RPC.getConnectionIdForProxy(testRpcService3)};
            Assert.assertEquals(connectionIdArr[0], connectionIdArr[1]);
            Assert.assertEquals(connectionIdArr[0].getMaxIdleTime(), iArr[0]);
            Assert.assertFalse(connectionIdArr[0].equals(connectionIdArr[2]));
            Assert.assertNotSame(Integer.valueOf(connectionIdArr[2].getMaxIdleTime()), Integer.valueOf(iArr[1]));
            server.stop();
            if (client != null) {
                client.getConnectionIds().clear();
            }
            if (testRpcService != null) {
                RPC.stopProxy(testRpcService);
            }
            if (testRpcService2 != null) {
                RPC.stopProxy(testRpcService2);
            }
            if (testRpcService3 != null) {
                RPC.stopProxy(testRpcService3);
            }
        } catch (Throwable th) {
            server.stop();
            if (client != null) {
                client.getConnectionIds().clear();
            }
            if (testRpcService != null) {
                RPC.stopProxy(testRpcService);
            }
            if (testRpcService2 != null) {
                RPC.stopProxy(testRpcService2);
            }
            if (testRpcService3 != null) {
                RPC.stopProxy(testRpcService3);
            }
            throw th;
        }
    }

    static void testKerberosRpc(String str, String str2) throws Exception {
        Configuration configuration = new Configuration(conf);
        configuration.set("test.ipc.server.principal", str);
        configuration.set(SERVER_KEYTAB_KEY, str2);
        SecurityUtil.login(configuration, SERVER_KEYTAB_KEY, "test.ipc.server.principal");
        TestUserGroupInformation.verifyLoginMetrics(1L, 0);
        System.out.println("UGI: " + UserGroupInformation.getCurrentUser());
        RPC.Server server = setupTestServer(configuration, 5);
        TestRpcBase.TestRpcService testRpcService = null;
        try {
            testRpcService = getClient(addr, configuration);
            testRpcService.ping(null, newEmptyRequest());
            stop(server, testRpcService);
            System.out.println("Test is successful.");
        } catch (Throwable th) {
            stop(server, testRpcService);
            throw th;
        }
    }

    @Test
    public void testSaslPlainServer() throws IOException {
        runNegotiation(new TestPlainCallbacks.Client("user", "pass"), new TestPlainCallbacks.Server("user", "pass"));
    }

    @Test
    public void testSaslPlainServerBadPassword() {
        SaslException saslException = null;
        try {
            runNegotiation(new TestPlainCallbacks.Client("user", "pass1"), new TestPlainCallbacks.Server("user", "pass2"));
        } catch (SaslException e) {
            saslException = e;
        }
        Assert.assertNotNull(saslException);
        String message = saslException.getMessage();
        assertContains("PLAIN auth failed", message);
        assertContains("wrong password", message);
    }

    private void assertContains(String str, String str2) {
        Assert.assertNotNull("null text", str2);
        Assert.assertTrue("No {" + str + "} in {" + str2 + "}", str2.contains(str));
    }

    private void runNegotiation(CallbackHandler callbackHandler, CallbackHandler callbackHandler2) throws SaslException {
        String mechanismName = SaslRpcServer.AuthMethod.PLAIN.getMechanismName();
        SaslClient createSaslClient = Sasl.createSaslClient(new String[]{mechanismName}, (String) null, (String) null, (String) null, (Map) null, callbackHandler);
        Assert.assertNotNull(createSaslClient);
        SaslServer createSaslServer = Sasl.createSaslServer(mechanismName, (String) null, "localhost", (Map) null, callbackHandler2);
        Assert.assertNotNull("failed to find PLAIN server", createSaslServer);
        byte[] evaluateChallenge = createSaslClient.evaluateChallenge(new byte[0]);
        Assert.assertNotNull(evaluateChallenge);
        Assert.assertTrue(createSaslClient.isComplete());
        Assert.assertNull(createSaslServer.evaluateResponse(evaluateChallenge));
        Assert.assertTrue(createSaslServer.isComplete());
        Assert.assertNotNull(createSaslServer.getAuthorizationID());
    }

    private static Pattern Denied(UserGroupInformation.AuthenticationMethod authenticationMethod) {
        return Pattern.compile("^" + RemoteException.class.getName() + "\\(" + AccessControlException.class.getName() + "\\): " + authenticationMethod + " authentication is not enabled.*");
    }

    private static Pattern No(UserGroupInformation.AuthenticationMethod... authenticationMethodArr) {
        return Pattern.compile(".*Failed on local exception:.* Client cannot authenticate via:\\[" + org.apache.commons.lang3.StringUtils.join(authenticationMethodArr, ",\\s*") + "\\].*");
    }

    @Test
    public void testSimpleServer() throws Exception {
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.OTHER));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.OTHER));
    }

    @Test
    public void testClientFallbackToSimpleAuthForASecondClient() throws Exception {
        Configuration createConfForAuth = createConfForAuth(UserGroupInformation.AuthenticationMethod.SIMPLE);
        Server startServer = startServer(createConfForAuth, setupServerUgi(UserGroupInformation.AuthenticationMethod.SIMPLE, createConfForAuth), createServerSecretManager(UserGroupInformation.AuthenticationMethod.SIMPLE, new TestRpcBase.TestTokenSecretManager()));
        InetSocketAddress connectAddress = NetUtils.getConnectAddress(startServer);
        clientFallBackToSimpleAllowed = true;
        Configuration createConfForAuth2 = createConfForAuth(UserGroupInformation.AuthenticationMethod.KERBEROS);
        UserGroupInformation userGroupInformation = setupClientUgi(UserGroupInformation.AuthenticationMethod.KERBEROS, createConfForAuth2);
        AtomicBoolean atomicBoolean = new AtomicBoolean();
        AtomicBoolean atomicBoolean2 = new AtomicBoolean();
        try {
            LOG.info("trying ugi:" + userGroupInformation + " tokens:" + userGroupInformation.getTokens());
            userGroupInformation.doAs(() -> {
                TestRpcBase.TestRpcService testRpcService = null;
                TestRpcBase.TestRpcService testRpcService2 = null;
                try {
                    testRpcService = getClient(connectAddress, createConfForAuth2, null, atomicBoolean);
                    testRpcService.ping(null, newEmptyRequest());
                    Assert.assertEquals(userGroupInformation.getUserName(), testRpcService.getAuthUser(null, newEmptyRequest()).getUser());
                    assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, convert(testRpcService.getAuthMethod(null, newEmptyRequest())).toString());
                    testRpcService2 = getClient(connectAddress, createConfForAuth2, null, atomicBoolean2);
                    testRpcService2.ping(null, newEmptyRequest());
                    Assert.assertEquals(userGroupInformation.getUserName(), testRpcService2.getAuthUser(null, newEmptyRequest()).getUser());
                    assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, convert(testRpcService2.getAuthMethod(null, newEmptyRequest())).toString());
                    if (testRpcService != null) {
                        RPC.stopProxy(testRpcService);
                    }
                    if (testRpcService2 == null) {
                        return null;
                    }
                    RPC.stopProxy(testRpcService2);
                    return null;
                } catch (Throwable th) {
                    if (testRpcService != null) {
                        RPC.stopProxy(testRpcService);
                    }
                    if (testRpcService2 != null) {
                        RPC.stopProxy(testRpcService2);
                    }
                    throw th;
                }
            });
            startServer.stop();
            Assert.assertTrue("First client does not set to fall back properly.", atomicBoolean.get());
            Assert.assertTrue("Second client does not set to fall back properly.", atomicBoolean2.get());
        } catch (Throwable th) {
            startServer.stop();
            throw th;
        }
    }

    @Test
    public void testNoClientFallbackToSimple() throws Exception {
        clientFallBackToSimpleAllowed = false;
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.OTHER));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.INVALID));
        assertAuthEquals(NoFallback, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE));
        assertAuthEquals(NoFallback, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.OTHER));
        assertAuthEquals(NoFallback, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(NoFallback, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.INVALID));
        forceSecretManager = true;
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.OTHER));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.TOKEN, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(BadToken, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.INVALID));
        assertAuthEquals(NoFallback, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE));
        assertAuthEquals(NoFallback, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.OTHER));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.TOKEN, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(BadToken, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.INVALID));
        assertAuthEquals(Denied(UserGroupInformation.AuthenticationMethod.SIMPLE), getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.TOKEN));
        assertAuthEquals(No(UserGroupInformation.AuthenticationMethod.TOKEN), getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.OTHER));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.TOKEN, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.VALID));
        assertAuthEquals(BadToken, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.INVALID));
        assertAuthEquals(No(UserGroupInformation.AuthenticationMethod.TOKEN), getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.TOKEN));
        assertAuthEquals(No(UserGroupInformation.AuthenticationMethod.TOKEN), getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.OTHER));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.TOKEN, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.VALID));
        assertAuthEquals(BadToken, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.INVALID));
    }

    @Test
    public void testSimpleServerWithTokens() throws Exception {
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.OTHER));
        enableSecretManager = true;
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.OTHER));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.OTHER));
        forceSecretManager = true;
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.TOKEN, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.OTHER));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.TOKEN, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.OTHER));
    }

    @Test
    public void testSimpleServerWithInvalidTokens() throws Exception {
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.INVALID));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.INVALID));
        enableSecretManager = true;
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.INVALID));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.INVALID));
        forceSecretManager = true;
        assertAuthEquals(BadToken, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.INVALID));
        assertAuthEquals(BadToken, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.SIMPLE, UseToken.INVALID));
    }

    @Test
    public void testTokenOnlyServer() throws Exception {
        assertAuthEquals(Denied(UserGroupInformation.AuthenticationMethod.SIMPLE), getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.TOKEN));
        assertAuthEquals(No(UserGroupInformation.AuthenticationMethod.TOKEN), getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.OTHER));
        assertAuthEquals(No(UserGroupInformation.AuthenticationMethod.TOKEN), getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.TOKEN));
        assertAuthEquals(No(UserGroupInformation.AuthenticationMethod.TOKEN), getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.OTHER));
    }

    @Test
    public void testTokenOnlyServerWithTokens() throws Exception {
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.TOKEN, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.VALID));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.TOKEN, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.VALID));
        enableSecretManager = false;
        assertAuthEquals(NoTokenAuth, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.VALID));
        assertAuthEquals(NoTokenAuth, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.VALID));
    }

    @Test
    public void testTokenOnlyServerWithInvalidTokens() throws Exception {
        assertAuthEquals(BadToken, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.INVALID));
        assertAuthEquals(BadToken, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.INVALID));
        enableSecretManager = false;
        assertAuthEquals(NoTokenAuth, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.INVALID));
        assertAuthEquals(NoTokenAuth, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.TOKEN, UseToken.INVALID));
    }

    @Test
    public void testKerberosServer() throws Exception {
        assertAuthEquals(Denied(UserGroupInformation.AuthenticationMethod.SIMPLE), getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.KERBEROS));
        assertAuthEquals(No(UserGroupInformation.AuthenticationMethod.TOKEN, UserGroupInformation.AuthenticationMethod.KERBEROS), getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.KERBEROS, UseToken.OTHER));
        assertAuthEquals(KrbFailed, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.KERBEROS));
        assertAuthEquals(KrbFailed, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.KERBEROS, UseToken.OTHER));
    }

    @Test
    public void testKerberosServerWithTokens() throws Exception {
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.TOKEN, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.KERBEROS, UseToken.VALID));
        assertAuthEquals(UserGroupInformation.AuthenticationMethod.TOKEN, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.KERBEROS, UseToken.VALID));
        enableSecretManager = false;
        assertAuthEquals(No(UserGroupInformation.AuthenticationMethod.KERBEROS), getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.KERBEROS, UseToken.VALID));
        assertAuthEquals(KrbFailed, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.KERBEROS, UseToken.VALID));
    }

    @Test
    public void testKerberosServerWithInvalidTokens() throws Exception {
        assertAuthEquals(BadToken, getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.KERBEROS, UseToken.INVALID));
        assertAuthEquals(BadToken, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.KERBEROS, UseToken.INVALID));
        enableSecretManager = false;
        assertAuthEquals(No(UserGroupInformation.AuthenticationMethod.KERBEROS), getAuthMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, UserGroupInformation.AuthenticationMethod.KERBEROS, UseToken.INVALID));
        assertAuthEquals(KrbFailed, getAuthMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, UserGroupInformation.AuthenticationMethod.KERBEROS, UseToken.INVALID));
    }

    @Test(timeout = 10000)
    public void testSaslResponseOrdering() throws Exception {
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.TOKEN, conf);
        UserGroupInformation.setConfiguration(conf);
        TestRpcBase.TestTokenSecretManager testTokenSecretManager = new TestRpcBase.TestTokenSecretManager();
        RPC.Server server = setupTestServer(conf, 1, testTokenSecretManager);
        try {
            final InetSocketAddress connectAddress = NetUtils.getConnectAddress(server);
            UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("client");
            createRemoteUser.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.TOKEN);
            Token<? extends TokenIdentifier> token = new Token<>(new TestRpcBase.TestTokenIdentifier(new Text(createRemoteUser.getUserName())), testTokenSecretManager);
            SecurityUtil.setTokenService(token, connectAddress);
            createRemoteUser.addToken(token);
            createRemoteUser.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.ipc.TestSaslRPC.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    final TestRpcBase.TestRpcService client = TestRpcBase.getClient(connectAddress, TestRpcBase.conf);
                    ExecutorService newCachedThreadPool = Executors.newCachedThreadPool();
                    final AtomicInteger atomicInteger = new AtomicInteger();
                    try {
                        Future[] futureArr = new Future[10];
                        for (int i = 0; i < futureArr.length; i++) {
                            futureArr[i] = newCachedThreadPool.submit(new Callable<Void>() { // from class: org.apache.hadoop.ipc.TestSaslRPC.1.1
                                /* JADX WARN: Can't rename method to resolve collision */
                                @Override // java.util.concurrent.Callable
                                public Void call() throws Exception {
                                    String str = "future" + atomicInteger.getAndIncrement();
                                    Assert.assertEquals(str, TestRpcBase.convert(client.echoPostponed(null, TestRpcBase.newEchoRequest(str))));
                                    return null;
                                }
                            });
                            try {
                                futureArr[i].get(100L, TimeUnit.MILLISECONDS);
                                Assert.fail("future" + i + " did not block");
                            } catch (TimeoutException e) {
                            }
                        }
                        client.sendPostponed(null, TestRpcBase.newEmptyRequest());
                        for (int i2 = 0; i2 < futureArr.length; i2++) {
                            TestSaslRPC.LOG.info("waiting for future" + i2);
                            futureArr[i2].get();
                        }
                        return null;
                    } finally {
                        RPC.stopProxy(client);
                        newCachedThreadPool.shutdownNow();
                    }
                }
            });
            server.stop();
        } catch (Throwable th) {
            server.stop();
            throw th;
        }
    }

    private String getAuthMethod(UserGroupInformation.AuthenticationMethod authenticationMethod, UserGroupInformation.AuthenticationMethod authenticationMethod2) throws Exception {
        try {
            return internalGetAuthMethod(authenticationMethod, authenticationMethod2, UseToken.NONE);
        } catch (Exception e) {
            LOG.warn("Auth method failure", (Throwable) e);
            return e.toString();
        }
    }

    private String getAuthMethod(UserGroupInformation.AuthenticationMethod authenticationMethod, UserGroupInformation.AuthenticationMethod authenticationMethod2, UseToken useToken) throws Exception {
        try {
            return internalGetAuthMethod(authenticationMethod, authenticationMethod2, useToken);
        } catch (Exception e) {
            LOG.warn("Auth method failure", (Throwable) e);
            return e.toString();
        }
    }

    private String internalGetAuthMethod(UserGroupInformation.AuthenticationMethod authenticationMethod, UserGroupInformation.AuthenticationMethod authenticationMethod2, UseToken useToken) throws Exception {
        TestRpcBase.TestTokenSecretManager testTokenSecretManager = new TestRpcBase.TestTokenSecretManager();
        Configuration createConfForAuth = createConfForAuth(authenticationMethod2);
        Server startServer = startServer(createConfForAuth, setupServerUgi(authenticationMethod2, createConfForAuth), createServerSecretManager(authenticationMethod2, testTokenSecretManager));
        InetSocketAddress connectAddress = NetUtils.getConnectAddress(startServer);
        Configuration createConfForAuth2 = createConfForAuth(authenticationMethod);
        UserGroupInformation userGroupInformation = setupClientUgi(authenticationMethod, createConfForAuth2);
        setupTokenIfNeeded(useToken, testTokenSecretManager, userGroupInformation, connectAddress);
        try {
            String createClientAndQueryAuthMethod = createClientAndQueryAuthMethod(connectAddress, createConfForAuth2, userGroupInformation, null);
            startServer.stop();
            return createClientAndQueryAuthMethod;
        } catch (Throwable th) {
            startServer.stop();
            throw th;
        }
    }

    private Configuration createConfForAuth(UserGroupInformation.AuthenticationMethod authenticationMethod) {
        Configuration configuration = new Configuration(conf);
        configuration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, authenticationMethod.toString());
        configuration.setBoolean(CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY, clientFallBackToSimpleAllowed.booleanValue());
        return configuration;
    }

    private SecretManager<?> createServerSecretManager(UserGroupInformation.AuthenticationMethod authenticationMethod, TestRpcBase.TestTokenSecretManager testTokenSecretManager) {
        boolean z = authenticationMethod != UserGroupInformation.AuthenticationMethod.SIMPLE;
        if (enableSecretManager != null) {
            z &= enableSecretManager.booleanValue();
        }
        if (forceSecretManager != null) {
            z |= forceSecretManager.booleanValue();
        }
        return z ? testTokenSecretManager : null;
    }

    private Server startServer(final Configuration configuration, UserGroupInformation userGroupInformation, final SecretManager<?> secretManager) throws IOException, InterruptedException {
        return (Server) userGroupInformation.doAs(new PrivilegedExceptionAction<Server>() { // from class: org.apache.hadoop.ipc.TestSaslRPC.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Server run() throws IOException {
                return TestRpcBase.setupTestServer(configuration, 5, secretManager);
            }
        });
    }

    private UserGroupInformation setupServerUgi(UserGroupInformation.AuthenticationMethod authenticationMethod, Configuration configuration) {
        UserGroupInformation.setConfiguration(configuration);
        UserGroupInformation createRemoteUser = authenticationMethod == UserGroupInformation.AuthenticationMethod.KERBEROS ? UserGroupInformation.createRemoteUser("server/localhost@NONE") : UserGroupInformation.createRemoteUser("server");
        createRemoteUser.setAuthenticationMethod(authenticationMethod);
        return createRemoteUser;
    }

    private UserGroupInformation setupClientUgi(UserGroupInformation.AuthenticationMethod authenticationMethod, Configuration configuration) {
        UserGroupInformation.setConfiguration(configuration);
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("client");
        createRemoteUser.setAuthenticationMethod(authenticationMethod);
        return createRemoteUser;
    }

    private void setupTokenIfNeeded(UseToken useToken, TestRpcBase.TestTokenSecretManager testTokenSecretManager, UserGroupInformation userGroupInformation, InetSocketAddress inetSocketAddress) {
        if (useToken != UseToken.NONE) {
            TestRpcBase.TestTokenIdentifier testTokenIdentifier = new TestRpcBase.TestTokenIdentifier(new Text(userGroupInformation.getUserName()));
            Token<? extends TokenIdentifier> token = null;
            switch (useToken) {
                case VALID:
                    token = new Token<>(testTokenIdentifier, testTokenSecretManager);
                    SecurityUtil.setTokenService(token, inetSocketAddress);
                    break;
                case INVALID:
                    token = new Token<>(testTokenIdentifier.getBytes(), "bad-password!".getBytes(), testTokenIdentifier.getKind(), null);
                    SecurityUtil.setTokenService(token, inetSocketAddress);
                    break;
                case OTHER:
                    token = new Token<>();
                    break;
            }
            userGroupInformation.addToken(token);
        }
    }

    private String createClientAndQueryAuthMethod(final InetSocketAddress inetSocketAddress, final Configuration configuration, final UserGroupInformation userGroupInformation, final AtomicBoolean atomicBoolean) throws IOException, InterruptedException {
        LOG.info("trying ugi:" + userGroupInformation + " tokens:" + userGroupInformation.getTokens());
        return (String) userGroupInformation.doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hadoop.ipc.TestSaslRPC.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public String run() throws IOException {
                TestRpcBase.TestRpcService testRpcService = null;
                try {
                    try {
                        testRpcService = TestRpcBase.getClient(inetSocketAddress, configuration, null, atomicBoolean);
                        testRpcService.ping(null, TestRpcBase.newEmptyRequest());
                        Assert.assertEquals(userGroupInformation.getUserName(), testRpcService.getAuthUser(null, TestRpcBase.newEmptyRequest()).getUser());
                        SaslRpcServer.AuthMethod convert = TestRpcBase.convert(testRpcService.getAuthMethod(null, TestRpcBase.newEmptyRequest()));
                        Assert.assertEquals(convert.equals(UserGroupInformation.AuthenticationMethod.SIMPLE) ? TestSaslRPC.this.expectedQop.saslQop : null, RPC.getConnectionIdForProxy(testRpcService).getSaslQop());
                        String authMethod = convert != null ? convert.toString() : null;
                        if (testRpcService != null) {
                            RPC.stopProxy(testRpcService);
                        }
                        return authMethod;
                    } catch (ServiceException e) {
                        if (e.getCause() instanceof RemoteException) {
                            throw ((RemoteException) e.getCause());
                        }
                        if (e.getCause() instanceof IOException) {
                            throw ((IOException) e.getCause());
                        }
                        throw new RuntimeException(e.getCause());
                    }
                } catch (Throwable th) {
                    if (testRpcService != null) {
                        RPC.stopProxy(testRpcService);
                    }
                    throw th;
                }
            }
        });
    }

    private static void assertAuthEquals(UserGroupInformation.AuthenticationMethod authenticationMethod, String str) {
        Assert.assertEquals(authenticationMethod.toString(), str);
    }

    private static void assertAuthEquals(Pattern pattern, String str) {
        if (pattern.matcher(str).matches()) {
            return;
        }
        Assert.fail(String.format("\"%s\" did not match pattern %s", str, pattern));
    }

    public static void main(String[] strArr) throws Exception {
        System.out.println("Testing Kerberos authentication over RPC");
        if (strArr.length != 2) {
            System.err.println("Usage: java <options> org.apache.hadoop.ipc.TestSaslRPC  <serverPrincipal> <keytabFile>");
            System.exit(-1);
        }
        testKerberosRpc(strArr[0], strArr[1]);
    }

    static {
        GenericTestUtils.setLogLevel(Client.LOG, Level.TRACE);
        GenericTestUtils.setLogLevel(Server.LOG, Level.TRACE);
        GenericTestUtils.setLogLevel(SaslRpcClient.LOG, Level.TRACE);
        GenericTestUtils.setLogLevel(SaslRpcServer.LOG, Level.TRACE);
        GenericTestUtils.setLogLevel(SaslInputStream.LOG, Level.TRACE);
        GenericTestUtils.setLogLevel(SecurityUtil.LOG, Level.TRACE);
        BadToken = Pattern.compile("^" + RemoteException.class.getName() + "\\(" + SaslException.class.getName() + "\\): DIGEST-MD5: digest response format violation.*");
        KrbFailed = Pattern.compile(".*Failed on local exception:.* Failed to specify server's Kerberos principal name.*");
        NoTokenAuth = Pattern.compile("^" + IllegalArgumentException.class.getName() + ": TOKEN authentication requires a secret manager");
        NoFallback = Pattern.compile("^" + AccessControlException.class.getName() + ":.* Server asks us to fall back to SIMPLE auth, but this client is configured to only allow secure connections.*");
    }
}
