package org.apache.hadoop.hbase.security.token;

import java.security.PrivilegedExceptionAction;
import java.util.UUID;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.LargeTests;
import org.apache.hadoop.hbase.client.HTable;
import org.apache.hadoop.hbase.coprocessor.BaseEndpointCoprocessor;
import org.apache.hadoop.hbase.ipc.CoprocessorProtocol;
import org.apache.hadoop.hbase.ipc.RequestContext;
import org.apache.hadoop.hbase.ipc.SecureRpcEngine;
import org.apache.hadoop.hbase.ipc.SecureServer;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.util.Writables;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({LargeTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/token/TestTokenAuthentication.class */
public class TestTokenAuthentication {
    private static HBaseTestingUtility TEST_UTIL;
    private static AuthenticationTokenSecretManager secretManager;

    /* loaded from: input_file:org/apache/hadoop/hbase/security/token/TestTokenAuthentication$IdentityCoprocessor.class */
    public static class IdentityCoprocessor extends BaseEndpointCoprocessor implements IdentityProtocol {
        @Override // org.apache.hadoop.hbase.security.token.TestTokenAuthentication.IdentityProtocol
        public String whoami() {
            return RequestContext.getRequestUserName();
        }

        @Override // org.apache.hadoop.hbase.security.token.TestTokenAuthentication.IdentityProtocol
        public String getAuthMethod() {
            UserGroupInformation userGroupInformation = null;
            User requestUser = RequestContext.getRequestUser();
            if (requestUser != null) {
                userGroupInformation = requestUser.getUGI();
            }
            if (userGroupInformation != null) {
                return userGroupInformation.getAuthenticationMethod().toString();
            }
            return null;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hbase/security/token/TestTokenAuthentication$IdentityProtocol.class */
    public interface IdentityProtocol extends CoprocessorProtocol {
        String whoami();

        String getAuthMethod();
    }

    @BeforeClass
    public static void setupBeforeClass() throws Exception {
        TEST_UTIL = new HBaseTestingUtility();
        Configuration configuration = TEST_UTIL.getConfiguration();
        configuration.set("hbase.rpc.engine", SecureRpcEngine.class.getName());
        configuration.set("hbase.coprocessor.region.classes", IdentityCoprocessor.class.getName());
        TEST_UTIL.startMiniCluster();
        SecureServer rpcServer = TEST_UTIL.getMiniHBaseCluster().getRegionServer(0).getRpcServer();
        Assert.assertTrue(rpcServer instanceof SecureServer);
        AuthenticationTokenSecretManager secretManager2 = rpcServer.getSecretManager();
        Assert.assertTrue(secretManager2 instanceof AuthenticationTokenSecretManager);
        secretManager = secretManager2;
    }

    @AfterClass
    public static void tearDownAfterClass() throws Exception {
        TEST_UTIL.shutdownMiniCluster();
    }

    @Test
    public void testTokenCreation() throws Exception {
        Token generateToken = secretManager.generateToken("testuser");
        AuthenticationTokenIdentifier authenticationTokenIdentifier = new AuthenticationTokenIdentifier();
        Writables.getWritable(generateToken.getIdentifier(), authenticationTokenIdentifier);
        Assert.assertEquals("Token username should match", "testuser", authenticationTokenIdentifier.getUsername());
        Assert.assertTrue("Token password and password from secret manager should match", Bytes.equals(generateToken.getPassword(), secretManager.retrievePassword(authenticationTokenIdentifier)));
    }

    public void testTokenAuthentication() throws Exception {
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("testuser", new String[]{"testgroup"});
        createUserForTesting.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.TOKEN);
        final Configuration configuration = TEST_UTIL.getConfiguration();
        configuration.set("hadoop.security.authentication", "kerberos");
        configuration.set("randomkey", UUID.randomUUID().toString());
        UserGroupInformation.setConfiguration(configuration);
        createUserForTesting.addToken(secretManager.generateToken("testuser"));
        createUserForTesting.doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.hbase.security.token.TestTokenAuthentication.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                IdentityProtocol identityProtocol = (IdentityProtocol) new HTable(configuration, ".META.").coprocessorProxy(IdentityProtocol.class, HConstants.EMPTY_START_ROW);
                Assert.assertEquals("testuser", identityProtocol.whoami());
                Assert.assertEquals("TOKEN", identityProtocol.getAuthMethod());
                return null;
            }
        });
    }
}
