package org.apache.oozie.servlet;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.Callable;
import junit.framework.TestCase;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
import org.apache.oozie.cli.OozieCLI;
import org.apache.oozie.client.AuthOozieClient;
import org.apache.oozie.client.HeaderTestingVersionServlet;
import org.apache.oozie.service.ForTestAuthorizationService;
import org.apache.oozie.service.ForTestWorkflowStoreService;
import org.apache.oozie.service.Services;
import org.apache.oozie.test.EmbeddedServletContainer;
import org.apache.oozie.test.XTestCase;
import org.apache.oozie.util.IOUtils;

/* loaded from: input_file:org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.class */
public class TestAuthFilterAuthOozieClient extends XTestCase {
    private static final String SECRET = "secret";
    private EmbeddedServletContainer container;
    private int embeddedServletContainerPort = getFreePort();

    /* loaded from: input_file:org/apache/oozie/servlet/TestAuthFilterAuthOozieClient$Authenticator4Test.class */
    public static class Authenticator4Test extends PseudoAuthenticator {
        private static boolean USED = false;

        public void authenticate(URL url, AuthenticatedURL.Token token) throws IOException, AuthenticationException {
            USED = true;
            super.authenticate(url, token);
        }
    }

    protected String getContextURL() {
        return this.container.getContextURL();
    }

    protected URL createURL(String str, String str2, Map<String, String> map) throws Exception {
        StringBuilder sb = new StringBuilder();
        sb.append(this.container.getServletURL(str));
        if (str2 != null && str2.length() > 0) {
            sb.append("/").append(str2);
        }
        if (map.size() > 0) {
            String str3 = "?";
            for (Map.Entry<String, String> entry : map.entrySet()) {
                sb.append(str3).append(URLEncoder.encode(entry.getKey(), StandardCharsets.UTF_8.name())).append("=").append(URLEncoder.encode(entry.getValue(), StandardCharsets.UTF_8.name()));
                str3 = "&";
            }
        }
        return new URL(sb.toString());
    }

    protected File runTest(Callable<Void> callable, Configuration configuration, String str) throws Exception {
        Services services = new Services();
        try {
            services.init();
            if (configuration != null) {
                Iterator it = configuration.iterator();
                while (it.hasNext()) {
                    Map.Entry entry = (Map.Entry) it.next();
                    Services.get().getConf().set((String) entry.getKey(), (String) entry.getValue());
                }
            }
            Services.get().setService(ForTestAuthorizationService.class);
            Services.get().setService(ForTestWorkflowStoreService.class);
            Services.get().setService(MockDagEngineService.class);
            Services.get().setService(MockCoordinatorEngineService.class);
            this.container = new EmbeddedServletContainer(str, this.embeddedServletContainerPort);
            this.container.addServletEndpoint("/versions", HeaderTestingVersionServlet.class);
            this.container.addServletEndpoint("/v2/admin/*", V1AdminServlet.class);
            this.container.addFilter("/*", HostnameFilter.class);
            this.container.addFilter("/*", AuthFilter.class);
            this.container.addFilter("/*", HttpResponseHeaderFilter.class);
            this.container.start();
            callable.call();
            File cacheFile = getCacheFile(this.container.getContextURL());
            if (this.container != null) {
                this.container.stop();
            }
            services.destroy();
            this.container = null;
            return cacheFile;
        } catch (Throwable th) {
            if (this.container != null) {
                this.container.stop();
            }
            services.destroy();
            this.container = null;
            throw th;
        }
    }

    private File getCacheFile(String str) {
        return new File(System.getProperty("user.home"), new AuthOozieClient(str).getAuthCacheFileName(str));
    }

    private int getFreePort() {
        Socket socket = new Socket();
        try {
            socket.bind(new InetSocketAddress(0));
            if (null == socket || socket.isClosed()) {
                return -1;
            }
            int localPort = socket.getLocalPort();
            socket.close();
            return localPort;
        } catch (IOException e) {
            System.err.println("Failed to get system free port, caused by: " + e.getMessage());
            return -1;
        }
    }

    protected File runTest(Callable<Void> callable, Configuration configuration) throws Exception {
        return runTest(callable, configuration, "oozie");
    }

    public void testClientWithAnonymous() throws Exception {
        Configuration configuration = new Configuration(false);
        configuration.set("oozie.authentication.simple.anonymous.allowed", "true");
        runTest(new Callable<Void>() { // from class: org.apache.oozie.servlet.TestAuthFilterAuthOozieClient.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                TestCase.assertEquals(0, new OozieCLI().run(new String[]{"admin", "-status", "-oozie", TestAuthFilterAuthOozieClient.this.getContextURL()}));
                return null;
            }
        }, configuration);
    }

    public void testClientWithoutAnonymous() throws Exception {
        Configuration configuration = new Configuration(false);
        configuration.set("oozie.authentication.simple.anonymous.allowed", "false");
        runTest(new Callable<Void>() { // from class: org.apache.oozie.servlet.TestAuthFilterAuthOozieClient.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                TestCase.assertEquals(0, new OozieCLI().run(new String[]{"admin", "-status", "-oozie", TestAuthFilterAuthOozieClient.this.getContextURL()}));
                return null;
            }
        }, configuration);
    }

    public void testClientWithCustomAuthenticator() throws Exception {
        setSystemProperty("authenticator.class", Authenticator4Test.class.getName());
        Configuration configuration = new Configuration(false);
        configuration.set("oozie.authentication.simple.anonymous.allowed", "false");
        boolean unused = Authenticator4Test.USED = false;
        runTest(new Callable<Void>() { // from class: org.apache.oozie.servlet.TestAuthFilterAuthOozieClient.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                TestCase.assertEquals(0, new OozieCLI().run(new String[]{"admin", "-status", "-oozie", TestAuthFilterAuthOozieClient.this.getContextURL()}));
                return null;
            }
        }, configuration);
        assertTrue(Authenticator4Test.USED);
    }

    public void testClientAuthTokenCache() throws Exception {
        Configuration authenticationConf = getAuthenticationConf();
        File runTest = runTest(new Callable<Void>() { // from class: org.apache.oozie.servlet.TestAuthFilterAuthOozieClient.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                TestCase.assertEquals(0, new OozieCLI().run(new String[]{"admin", "-status", "-oozie", TestAuthFilterAuthOozieClient.this.getContextURL()}));
                return null;
            }
        }, authenticationConf);
        assertFalse(runTest.exists());
        setSystemProperty("oozie.auth.token.cache", "true");
        runTest.delete();
        assertFalse(runTest.exists());
        File runTest2 = runTest(new Callable<Void>() { // from class: org.apache.oozie.servlet.TestAuthFilterAuthOozieClient.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                TestCase.assertEquals(0, new OozieCLI().run(new String[]{"admin", "-status", "-oozie", TestAuthFilterAuthOozieClient.this.getContextURL()}));
                return null;
            }
        }, authenticationConf);
        assertTrue(runTest2.exists());
        String readerAsString = IOUtils.getReaderAsString(new InputStreamReader(new FileInputStream(runTest2), StandardCharsets.UTF_8), -1);
        setSystemProperty("oozie.auth.token.cache", "true");
        File runTest3 = runTest(new Callable<Void>() { // from class: org.apache.oozie.servlet.TestAuthFilterAuthOozieClient.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                TestCase.assertEquals(0, new OozieCLI().run(new String[]{"admin", "-status", "-oozie", TestAuthFilterAuthOozieClient.this.getContextURL()}));
                return null;
            }
        }, authenticationConf);
        assertTrue(runTest3.exists());
        assertEquals(readerAsString, IOUtils.getReaderAsString(new InputStreamReader(new FileInputStream(runTest3), StandardCharsets.UTF_8), -1));
        String writeTokenCache = writeTokenCache(System.currentTimeMillis() + 300000, runTest3);
        setSystemProperty("oozie.auth.token.cache", "true");
        File runTest4 = runTest(new Callable<Void>() { // from class: org.apache.oozie.servlet.TestAuthFilterAuthOozieClient.7
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                TestCase.assertEquals(0, new OozieCLI().run(new String[]{"admin", "-status", "-oozie", TestAuthFilterAuthOozieClient.this.getContextURL()}));
                return null;
            }
        }, authenticationConf);
        assertTrue(runTest4.exists());
        assertFalse("Almost expired token should have been updated but was not", writeTokenCache.equals(IOUtils.getReaderAsString(new InputStreamReader(new FileInputStream(runTest4), StandardCharsets.UTF_8), -1)));
        String writeTokenCache2 = writeTokenCache(System.currentTimeMillis() - 1000, runTest4);
        setSystemProperty("oozie.auth.token.cache", "true");
        File runTest5 = runTest(new Callable<Void>() { // from class: org.apache.oozie.servlet.TestAuthFilterAuthOozieClient.8
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                TestCase.assertEquals(0, new OozieCLI().run(new String[]{"admin", "-status", "-oozie", TestAuthFilterAuthOozieClient.this.getContextURL()}));
                return null;
            }
        }, authenticationConf);
        assertTrue(runTest5.exists());
        assertFalse("Expired token should have been updated but was not", writeTokenCache2.equals(IOUtils.getReaderAsString(new InputStreamReader(new FileInputStream(runTest5), StandardCharsets.UTF_8), -1)));
        setSystemProperty("oozie.auth.token.cache", "true");
        runTest5.delete();
        assertFalse(runTest5.exists());
    }

    public void testMultipleClientAuthTokenCache() throws Exception {
        Configuration authenticationConf = getAuthenticationConf();
        setSystemProperty("oozie.auth.token.cache", "true");
        File serverRunTest = serverRunTest(authenticationConf, "oozie_1");
        File serverRunTest2 = serverRunTest(authenticationConf, "oozie_1");
        String readerAsString = IOUtils.getReaderAsString(new InputStreamReader(new FileInputStream(serverRunTest), StandardCharsets.UTF_8), -1);
        assertEquals("AuthTokenCache with the same oozieUrl should be same but was not", readerAsString, IOUtils.getReaderAsString(new InputStreamReader(new FileInputStream(serverRunTest2), StandardCharsets.UTF_8), -1));
        assertTrue("The cacheFile_2 file should exist but was not", serverRunTest2.exists());
        assertTrue("The cacheFile_1 file should exist but was not", serverRunTest.exists());
        File serverRunTest3 = serverRunTest(authenticationConf, "oozie_3");
        assertTrue("The cacheFile_3 file should exist but was not", serverRunTest3.exists());
        assertTrue("The cacheFile_1 file should exist but was not", serverRunTest.exists());
        assertNotSame("AuthTokenCache with different oozieUrls should be different but was not", readerAsString, IOUtils.getReaderAsString(new InputStreamReader(new FileInputStream(serverRunTest3), StandardCharsets.UTF_8), -1));
        assertFalse("The cache can't exist when the request with the not existing url", runTest(new Callable<Void>() { // from class: org.apache.oozie.servlet.TestAuthFilterAuthOozieClient.9
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                TestCase.assertNotSame("The request with the no existing url will fail but was not", 0, Integer.valueOf(new OozieCLI().run(new String[]{"admin", "-status", "-oozie", TestAuthFilterAuthOozieClient.this.getContextURL() + "/test"})));
                return null;
            }
        }, authenticationConf, "oozie_4").exists());
        serverRunTest2.delete();
        assertFalse("CacheFile_2 should not exist but was not", serverRunTest2.exists());
        assertFalse("CacheFile_1 should not exist but was not", serverRunTest.exists());
        serverRunTest3.delete();
        assertFalse("CacheFile_3 should not exist but was not", serverRunTest3.exists());
    }

    private File serverRunTest(Configuration configuration, String str) throws Exception {
        return runTest(new Callable<Void>() { // from class: org.apache.oozie.servlet.TestAuthFilterAuthOozieClient.10
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                TestCase.assertEquals("The request will be success but was not", 0, new OozieCLI().run(new String[]{"admin", "-status", "-oozie", TestAuthFilterAuthOozieClient.this.getContextURL()}));
                return null;
            }
        }, configuration, str);
    }

    private static String writeTokenCache(long j, File file) throws Exception {
        AuthenticationToken authenticationToken = new AuthenticationToken(getOozieUser(), getOozieUser(), "simple");
        authenticationToken.setExpires(j);
        String str = authenticationToken.toString() + "&s=" + computeSignature(SECRET.getBytes(StandardCharsets.UTF_8), authenticationToken.toString());
        PrintWriter printWriter = new PrintWriter(new OutputStreamWriter(new FileOutputStream(file), StandardCharsets.UTF_8));
        printWriter.write(str);
        printWriter.close();
        return str;
    }

    private static String computeSignature(byte[] bArr, String str) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA");
        messageDigest.update(str.getBytes(StandardCharsets.UTF_8));
        messageDigest.update(bArr);
        return Base64.getEncoder().encodeToString(messageDigest.digest());
    }

    public void testClientAuthMethod() throws Exception {
        runTest(new Callable<Void>() { // from class: org.apache.oozie.servlet.TestAuthFilterAuthOozieClient.11
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                TestCase.assertEquals(0, new OozieCLI().run(new String[]{"admin", "-status", "-oozie", TestAuthFilterAuthOozieClient.this.getContextURL(), "-auth", "SIMPLE"}));
                return null;
            }
        }, null);
        runTest(new Callable<Void>() { // from class: org.apache.oozie.servlet.TestAuthFilterAuthOozieClient.12
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                TestCase.assertEquals(-1, new OozieCLI().run(new String[]{"admin", "-status", "-oozie", TestAuthFilterAuthOozieClient.this.getContextURL(), "-auth", "fake"}));
                return null;
            }
        }, null);
    }

    private Configuration getAuthenticationConf() {
        Configuration configuration = new Configuration(false);
        try {
            if (Class.forName("org.apache.hadoop.security.authentication.util.FileSignerSecretProvider") != null) {
                String str = getTestCaseConfDir() + "/auth-secret";
                configuration.set("oozie.authentication.signature.secret.file", str);
                new PrintWriter(new OutputStreamWriter(new FileOutputStream(str), StandardCharsets.UTF_8)).write(SECRET);
            }
        } catch (Exception e) {
        }
        configuration.set("oozie.authentication.signature.secret", SECRET);
        configuration.set("oozie.authentication.simple.anonymous.allowed", "false");
        return configuration;
    }
}
