package org.apache.hadoop.yarn.service.client;

import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.minikdc.KerberosSecurityTestcase;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.client.util.YarnClientUtils;
import org.apache.log4j.Logger;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/yarn/service/client/TestSecureApiServiceClient.class */
public class TestSecureApiServiceClient extends KerberosSecurityTestcase {
    private File keytabFile;
    private Map<String, String> props;
    private static Server server;
    private static Logger LOG = Logger.getLogger(TestSecureApiServiceClient.class);
    private ApiServiceClient asc;
    private String clientPrincipal = "client";
    private String server1Protocol = "HTTP";
    private String server2Protocol = "server2";
    private String host = "localhost";
    private String server1Principal = this.server1Protocol + "/" + this.host;
    private String server2Principal = this.server2Protocol + "/" + this.host;
    private Configuration testConf = new Configuration();

    /* loaded from: input_file:org/apache/hadoop/yarn/service/client/TestSecureApiServiceClient$TestServlet.class */
    public static class TestServlet extends HttpServlet {
        private static boolean headerFound = false;

        protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                TestSecureApiServiceClient.LOG.info((String) headerNames.nextElement());
            }
            if (httpServletRequest.getHeader("Authorization") != null) {
                headerFound = true;
                httpServletResponse.setStatus(200);
            } else {
                headerFound = false;
                httpServletResponse.setStatus(404);
            }
        }

        protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
            httpServletResponse.setStatus(200);
        }

        protected void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
            httpServletResponse.setStatus(200);
        }

        protected void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
            httpServletResponse.setStatus(200);
        }

        public static boolean isHeaderExist() {
            return headerFound;
        }
    }

    @Before
    public void setUp() throws Exception {
        this.keytabFile = new File(getWorkDir(), "keytab");
        getKdc().createPrincipal(this.keytabFile, new String[]{this.clientPrincipal, this.server1Principal, this.server2Principal});
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, this.testConf);
        UserGroupInformation.setConfiguration(this.testConf);
        UserGroupInformation.setShouldRenewImmediatelyForTests(true);
        this.props = new HashMap();
        this.props.put("javax.security.sasl.qop", SaslRpcServer.QualityOfProtection.AUTHENTICATION.saslQop);
        server = new Server(8088);
        server.getThreadPool().setMaxThreads(20);
        ServletContextHandler servletContextHandler = new ServletContextHandler();
        servletContextHandler.setContextPath("/app");
        server.setHandler(servletContextHandler);
        servletContextHandler.addServlet(new ServletHolder(TestServlet.class), "/*");
        server.getConnectors()[0].setHost("localhost");
        server.start();
        final ArrayList arrayList = new ArrayList();
        arrayList.add("localhost:8088");
        this.testConf.set("yarn.resourcemanager.webapp.address", "localhost:8088");
        this.testConf.setBoolean("yarn.resourcemanager.ha.enabled", true);
        this.asc = new ApiServiceClient() { // from class: org.apache.hadoop.yarn.service.client.TestSecureApiServiceClient.1
            List<String> getRMHAWebAddresses(Configuration configuration) {
                return arrayList;
            }
        };
        this.asc.serviceInit(this.testConf);
    }

    @After
    public void tearDown() throws Exception {
        server.stop();
    }

    @Test
    public void testHttpSpnegoChallenge() throws Exception {
        UserGroupInformation.loginUserFromKeytab(this.clientPrincipal, this.keytabFile.getCanonicalPath());
        Assert.assertNotNull(YarnClientUtils.generateToken("localhost"));
    }

    @Test
    public void testAuthorizationHeader() throws Exception {
        UserGroupInformation.loginUserFromKeytab(this.clientPrincipal, this.keytabFile.getCanonicalPath());
        String rMWebAddress = this.asc.getRMWebAddress();
        if (TestServlet.isHeaderExist()) {
            Assert.assertEquals(rMWebAddress, "http://localhost:8088");
        } else {
            Assert.fail("Did not see Authorization header.");
        }
    }
}
