package org.apache.hadoop.yarn.server.resourcemanager.webapp;

import com.sun.jersey.api.client.ClientResponse;
import java.io.File;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Arrays;
import java.util.Collection;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.User;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.KerberosTestUtils;
import org.apache.hadoop.security.rpcauth.KerberosAuthMethod;
import org.apache.hadoop.yarn.server.resourcemanager.MockRM;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.ApplicationSubmissionContextInfo;
import org.apache.hadoop.yarn.util.ConverterUtils;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebappAuthentication.class */
public class TestRMWebappAuthentication {
    private static MockRM rm;
    private static Configuration kerberosConf;
    private static MiniKdc testMiniKDC;
    private static final File testRootDir = new File("target", TestRMWebServicesDelegationTokenAuthentication.class.getName() + "-root");
    private static File httpSpnegoKeytabFile = new File(KerberosTestUtils.getKeytabFile());
    private static boolean miniKDCStarted = false;
    private static Configuration simpleConf = new Configuration();

    @Parameterized.Parameters
    public static Collection params() {
        return Arrays.asList(new Object[]{1, simpleConf}, new Object[]{2, kerberosConf});
    }

    public TestRMWebappAuthentication(int i, Configuration configuration) {
        setupAndStartRM(configuration);
    }

    @BeforeClass
    public static void setUp() {
        try {
            testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
            setupKDC();
        } catch (Exception e) {
            Assert.assertTrue("Couldn't create MiniKDC", false);
        }
    }

    @AfterClass
    public static void tearDown() {
        if (testMiniKDC != null) {
            testMiniKDC.stop();
        }
    }

    private static void setupKDC() throws Exception {
        if (miniKDCStarted) {
            return;
        }
        testMiniKDC.start();
        getKdc().createPrincipal(httpSpnegoKeytabFile, new String[]{"HTTP/localhost", "client", UserGroupInformation.getLoginUser().getShortUserName()});
        miniKDCStarted = true;
    }

    private static MiniKdc getKdc() {
        return testMiniKDC;
    }

    private static void setupAndStartRM(Configuration configuration) {
        UserGroupInformation.setConfiguration(configuration);
        rm = new MockRM(configuration);
    }

    @Test
    public void testSimpleAuth() throws Exception {
        rm.start();
        try {
            ((HttpURLConnection) new URL("http://localhost:8088/cluster").openConnection()).getInputStream();
            Assert.assertEquals(ClientResponse.Status.OK.getStatusCode(), r0.getResponseCode());
        } catch (Exception e) {
            Assert.fail("Fetching url failed");
        }
        if (UserGroupInformation.isSecurityEnabled()) {
            testAnonymousKerberosUser();
        } else {
            testAnonymousSimpleUser();
        }
        rm.stop();
    }

    private void testAnonymousKerberosUser() throws Exception {
        ApplicationSubmissionContextInfo applicationSubmissionContextInfo = new ApplicationSubmissionContextInfo();
        applicationSubmissionContextInfo.setApplicationId("application_123_0");
        String marshalledAppInfo = TestRMWebServicesDelegationTokenAuthentication.getMarshalledAppInfo(applicationSubmissionContextInfo);
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL("http://localhost:8088/ws/v1/cluster/apps/new-application").openConnection();
        TestRMWebServicesDelegationTokenAuthentication.setupConn(httpURLConnection, "POST", "application/xml", marshalledAppInfo);
        try {
            httpURLConnection.getInputStream();
            Assert.fail("Anonymous users should not be allowed to get new application ids in secure mode.");
        } catch (IOException e) {
            Assert.assertEquals(ClientResponse.Status.FORBIDDEN.getStatusCode(), httpURLConnection.getResponseCode());
        }
        HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL("http://localhost:8088/ws/v1/cluster/apps").openConnection();
        TestRMWebServicesDelegationTokenAuthentication.setupConn(httpURLConnection2, "POST", "application/xml", marshalledAppInfo);
        try {
            httpURLConnection2.getInputStream();
            Assert.fail("Anonymous users should not be allowed to submit apps in secure mode.");
        } catch (IOException e2) {
            Assert.assertEquals(ClientResponse.Status.FORBIDDEN.getStatusCode(), httpURLConnection2.getResponseCode());
        }
        HttpURLConnection httpURLConnection3 = (HttpURLConnection) new URL("http://localhost:8088/ws/v1/cluster/apps/application_123_0/state").openConnection();
        TestRMWebServicesDelegationTokenAuthentication.setupConn(httpURLConnection3, "PUT", "application/json", "{ \"state\": \"KILLED\"}");
        try {
            httpURLConnection3.getInputStream();
            Assert.fail("Anonymous users should not be allowed to kill apps in secure mode.");
        } catch (IOException e3) {
            Assert.assertEquals(ClientResponse.Status.FORBIDDEN.getStatusCode(), httpURLConnection3.getResponseCode());
        }
    }

    private void testAnonymousSimpleUser() throws Exception {
        ApplicationSubmissionContextInfo applicationSubmissionContextInfo = new ApplicationSubmissionContextInfo();
        applicationSubmissionContextInfo.setApplicationId("application_123_0");
        String marshalledAppInfo = TestRMWebServicesDelegationTokenAuthentication.getMarshalledAppInfo(applicationSubmissionContextInfo);
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL("http://localhost:8088/ws/v1/cluster/apps").openConnection();
        TestRMWebServicesDelegationTokenAuthentication.setupConn(httpURLConnection, "POST", "application/xml", marshalledAppInfo);
        httpURLConnection.getInputStream();
        Assert.assertEquals(ClientResponse.Status.ACCEPTED.getStatusCode(), httpURLConnection.getResponseCode());
        Assert.assertTrue(rm.getRMContext().getRMApps().containsKey(ConverterUtils.toApplicationId("application_123_0")));
        Assert.assertEquals(rm.getConfig().get("hadoop.http.staticuser.user", "dr.who"), ((RMApp) rm.getRMContext().getRMApps().get(ConverterUtils.toApplicationId("application_123_0"))).getUser());
        applicationSubmissionContextInfo.setApplicationId("application_123_1");
        String marshalledAppInfo2 = TestRMWebServicesDelegationTokenAuthentication.getMarshalledAppInfo(applicationSubmissionContextInfo);
        HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL("http://localhost:8088/ws/v1/cluster/apps?user.name=client").openConnection();
        TestRMWebServicesDelegationTokenAuthentication.setupConn(httpURLConnection2, "POST", "application/xml", marshalledAppInfo2);
        httpURLConnection2.getInputStream();
        Assert.assertTrue(rm.getRMContext().getRMApps().containsKey(ConverterUtils.toApplicationId("application_123_1")));
        Assert.assertEquals("client", ((RMApp) rm.getRMContext().getRMApps().get(ConverterUtils.toApplicationId("application_123_1"))).getUser());
    }

    static {
        simpleConf.setInt("yarn.resourcemanager.am.max-attempts", 2);
        simpleConf.setClass("yarn.resourcemanager.scheduler.class", FifoScheduler.class, ResourceScheduler.class);
        simpleConf.setBoolean("mockrm.webapp.enabled", true);
        kerberosConf = new Configuration();
        kerberosConf.setInt("yarn.resourcemanager.am.max-attempts", 2);
        kerberosConf.setClass("yarn.resourcemanager.scheduler.class", FifoScheduler.class, ResourceScheduler.class);
        kerberosConf.setBoolean("yarn.acl.enable", true);
        kerberosConf.set("hadoop.security.authentication", "kerberos");
        kerberosConf.set("hadoop.security.custom.auth.principal.class", User.class.getName());
        kerberosConf.set("hadoop.security.custom.rpc.auth.method.class", KerberosAuthMethod.class.getName());
        kerberosConf.set("yarn.resourcemanager.keytab", httpSpnegoKeytabFile.getAbsolutePath());
        kerberosConf.setBoolean("mockrm.webapp.enabled", true);
    }
}
