package org.apache.sqoop.credentials;

import com.cloudera.sqoop.SqoopOptions;
import com.cloudera.sqoop.manager.OracleUtils;
import com.cloudera.sqoop.testutil.BaseSqoopTestCase;
import com.cloudera.sqoop.testutil.CommonArgs;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Properties;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.mapred.JobConf;
import org.apache.sqoop.mapreduce.db.DBConfiguration;
import org.apache.sqoop.tool.ImportTool;
import org.apache.sqoop.util.password.CredentialProviderHelper;
import org.apache.sqoop.util.password.CredentialProviderPasswordLoader;
import org.apache.sqoop.util.password.CryptoFileLoader;

/* loaded from: input_file:org/apache/sqoop/credentials/TestPassingSecurePassword.class */
public class TestPassingSecurePassword extends BaseSqoopTestCase {
    @Override // com.cloudera.sqoop.testutil.BaseSqoopTestCase
    public void setUp() {
        super.setUp();
        try {
            FileSystem.get(getConf()).create(new Path(getWarehouseDir()), true);
        } catch (IOException e) {
            System.out.println("Could not create warehouse dir!");
        }
    }

    public void testPasswordFilePathInOptionIsEnabled() throws Exception {
        String str = TEMP_BASE_DIR + ".pwd";
        createTempFile(str);
        try {
            ArrayList<String> arrayList = new ArrayList<>();
            arrayList.add("--username");
            arrayList.add("username");
            arrayList.add("--password-file");
            arrayList.add(str);
            String[] commonArgs = getCommonArgs(false, arrayList);
            ArrayList arrayList2 = new ArrayList();
            Collections.addAll(arrayList2, commonArgs);
            assertTrue("passwordFilePath option missing.", arrayList2.contains("--password-file"));
        } catch (Exception e) {
            fail("passwordPath option is missing.");
        }
    }

    public void testPasswordFileDoesNotExist() throws Exception {
        try {
            ArrayList<String> arrayList = new ArrayList<>();
            arrayList.add("--password-file");
            arrayList.add(TEMP_BASE_DIR + "unknown");
            String[] commonArgs = getCommonArgs(false, arrayList);
            Configuration conf = getConf();
            new ImportTool().parseArguments(commonArgs, conf, getSqoopOptions(conf), true);
            fail("The password file does not exist!");
        } catch (Exception e) {
            assertTrue(e.getMessage().matches(".*The provided password file .* does not exist!"));
        }
    }

    public void testPasswordFileIsADirectory() throws Exception {
        try {
            ArrayList<String> arrayList = new ArrayList<>();
            arrayList.add("--password-file");
            arrayList.add(TEMP_BASE_DIR);
            String[] commonArgs = getCommonArgs(false, arrayList);
            Configuration conf = getConf();
            new ImportTool().parseArguments(commonArgs, conf, getSqoopOptions(conf), true);
            fail("The password file cannot be a directory!");
        } catch (Exception e) {
            assertTrue(e.getMessage().matches(".*The provided password file .* is a directory!"));
        }
    }

    public void testBothPasswordOptions() throws Exception {
        String str = TEMP_BASE_DIR + ".pwd";
        createTempFile(str);
        try {
            ArrayList<String> arrayList = new ArrayList<>();
            arrayList.add("--username");
            arrayList.add("username");
            arrayList.add("--password");
            arrayList.add("password");
            arrayList.add("--password-file");
            arrayList.add(str);
            String[] commonArgs = getCommonArgs(false, arrayList);
            Configuration conf = getConf();
            SqoopOptions sqoopOptions = getSqoopOptions(conf);
            ImportTool importTool = new ImportTool();
            SqoopOptions parseArguments = importTool.parseArguments(commonArgs, conf, sqoopOptions, true);
            assertNotNull(parseArguments.getPassword());
            importTool.validateOptions(parseArguments);
            fail("Only one of password, password alias or path to a password file must be specified.");
        } catch (Exception e) {
            assertTrue(e.getMessage().contains("Only one of password, password alias or path to a password file must be specified."));
        }
    }

    public void testPasswordFilePath() throws Exception {
        String str = TEMP_BASE_DIR + ".pwd";
        createTempFile(str);
        writeToFile(str, "password");
        try {
            ArrayList<String> arrayList = new ArrayList<>();
            arrayList.add("--username");
            arrayList.add("username");
            arrayList.add("--password-file");
            arrayList.add(str);
            String[] commonArgs = getCommonArgs(false, arrayList);
            Configuration conf = getConf();
            SqoopOptions parseArguments = new ImportTool().parseArguments(commonArgs, conf, getSqoopOptions(conf), true);
            assertNotNull(parseArguments.getPasswordFilePath());
            assertNotNull(parseArguments.getPassword());
            assertEquals("password", parseArguments.getPassword());
        } catch (Exception e) {
            fail("passwordPath option is missing.");
        }
    }

    public void testPasswordInDBConfiguration() throws Exception {
        JobConf jobConf = new JobConf(getConf());
        DBConfiguration.configureDB(jobConf, "org.hsqldb.jdbcDriver", getConnectString(), "username", "password", (Integer) null, (Properties) null);
        assertNotNull(jobConf.getCredentials().getSecretKey(new Text("mapreduce.jdbc.password")));
        assertEquals("password", new String(jobConf.getCredentials().getSecretKey(new Text("mapreduce.jdbc.password"))));
        JobConf jobConf2 = new JobConf();
        DBConfiguration.configureDB(jobConf2, "org.hsqldb.jdbcDriver", getConnectString(), (String) null, (String) null, (Integer) null, (Properties) null);
        assertNotNull(new DBConfiguration(jobConf2).getConnection());
    }

    public void testPasswordNotInJobConf() throws Exception {
        JobConf jobConf = new JobConf(getConf());
        DBConfiguration.configureDB(jobConf, "org.hsqldb.jdbcDriver", getConnectString(), "username", "password", (Integer) null, (Properties) null);
        assertNull(jobConf.get("mapreduce.jdbc.password", (String) null));
    }

    public void testPasswordInMetastoreWithRecordEnabledAndSecureOption() throws Exception {
        String str = TEMP_BASE_DIR + ".pwd";
        createTempFile(str);
        ArrayList<String> arrayList = new ArrayList<>();
        arrayList.add("--username");
        arrayList.add("username");
        arrayList.add("--password-file");
        arrayList.add(str);
        String[] commonArgs = getCommonArgs(false, arrayList);
        Configuration conf = getConf();
        SqoopOptions parseArguments = new ImportTool().parseArguments(commonArgs, conf, getSqoopOptions(conf), true);
        assertNotNull(parseArguments.getPassword());
        conf.set("sqoop.metastore.client.record.password", "true");
        Properties writeProperties = parseArguments.writeProperties();
        assertNull(writeProperties.getProperty("db.password"));
        assertNotNull(writeProperties.getProperty("db.password.file"));
        SqoopOptions sqoopOptions = new SqoopOptions();
        sqoopOptions.loadProperties(writeProperties);
        assertNotNull(sqoopOptions.getPassword());
        assertNotNull(sqoopOptions.getPasswordFilePath());
        assertEquals(str, sqoopOptions.getPasswordFilePath());
    }

    public void testPasswordInMetastoreWithRecordDisabledAndSecureOption() throws Exception {
        String str = TEMP_BASE_DIR + ".pwd";
        createTempFile(str);
        ArrayList<String> arrayList = new ArrayList<>();
        arrayList.add("--username");
        arrayList.add("username");
        arrayList.add("--password-file");
        arrayList.add(str);
        String[] commonArgs = getCommonArgs(false, arrayList);
        Configuration conf = getConf();
        SqoopOptions parseArguments = new ImportTool().parseArguments(commonArgs, conf, getSqoopOptions(conf), true);
        assertNotNull(parseArguments.getPassword());
        conf.set("sqoop.metastore.client.record.password", "false");
        Properties writeProperties = parseArguments.writeProperties();
        assertNull(writeProperties.getProperty("db.password"));
        assertNotNull(writeProperties.getProperty("db.password.file"));
        SqoopOptions sqoopOptions = new SqoopOptions();
        sqoopOptions.loadProperties(writeProperties);
        assertNotNull(sqoopOptions.getPassword());
        assertNotNull(sqoopOptions.getPasswordFilePath());
        assertEquals(str, sqoopOptions.getPasswordFilePath());
    }

    public void testPasswordInMetastoreWithRecordEnabledAndNonSecureOption() throws Exception {
        ArrayList<String> arrayList = new ArrayList<>();
        arrayList.add("--username");
        arrayList.add("username");
        arrayList.add("--password");
        arrayList.add("password");
        String[] commonArgs = getCommonArgs(false, arrayList);
        Configuration conf = getConf();
        SqoopOptions parseArguments = new ImportTool().parseArguments(commonArgs, conf, getSqoopOptions(conf), true);
        assertNotNull(parseArguments.getPassword());
        conf.set("sqoop.metastore.client.record.password", "true");
        Properties writeProperties = parseArguments.writeProperties();
        assertNotNull(writeProperties.getProperty("db.password"));
        assertNull(writeProperties.getProperty("db.password.file"));
        SqoopOptions sqoopOptions = new SqoopOptions();
        sqoopOptions.loadProperties(writeProperties);
        assertNotNull(sqoopOptions.getPassword());
        assertNull(sqoopOptions.getPasswordFilePath());
    }

    private String[] getCommonArgs(boolean z, ArrayList<String> arrayList) {
        ArrayList arrayList2 = new ArrayList();
        if (z) {
            CommonArgs.addHadoopFlags(arrayList2);
        }
        arrayList2.add("--table");
        arrayList2.add(getTableName());
        arrayList2.add("--warehouse-dir");
        arrayList2.add(getWarehouseDir());
        arrayList2.add("--connect");
        arrayList2.add(getConnectString());
        arrayList2.add("--as-textfile");
        arrayList2.add("--num-mappers");
        arrayList2.add("2");
        arrayList2.addAll(arrayList);
        return (String[]) arrayList2.toArray(new String[0]);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void testCryptoFileLoader() throws Exception {
        String[] strArr = {"Simple  password", "!@#$%^&*()_+<>?:"};
        for (Object[] objArr : new Object[]{new Object[]{"AES/ECB/NoPadding", 128}, new Object[]{"AES/ECB/PKCS5Padding", 128}, new Object[]{"DES/ECB/NoPadding", 64}, new Object[]{"DES/ECB/PKCS5Padding", 64}, new Object[]{"DESede/ECB/NoPadding", 192}, new Object[]{"DESede/ECB/PKCS5Padding", 192}}) {
            for (String str : strArr) {
                executeCipherTest(str, str, (String) objArr[0], ((Integer) objArr[1]).intValue());
            }
        }
    }

    public void testCredentialProviderLoader() throws Exception {
        CredentialProviderPasswordLoader credentialProviderPasswordLoader = new CredentialProviderPasswordLoader();
        if (!CredentialProviderHelper.isProviderAvailable()) {
            LOG.info("CredentialProvider facility not available in the hadoop environment used");
            return;
        }
        String str = TEMP_BASE_DIR + ".pwd";
        createTempFile(str);
        writeToFile(str, "super.secret.alias".getBytes());
        File file = new File(".");
        Configuration conf = getConf();
        String str2 = "jceks://file/" + file.getAbsolutePath() + "/creds.jks";
        new File(file, "creds.jks").delete();
        conf.set("hadoop.security.credential.provider.path", str2);
        CredentialProviderHelper.createCredentialEntry(conf, "super.secret.alias", "super.secret.password");
        conf.set("org.apache.sqoop.credentials.loader.class", CredentialProviderPasswordLoader.class.getCanonicalName());
        ArrayList<String> arrayList = new ArrayList<>();
        arrayList.add("--username");
        arrayList.add("username");
        arrayList.add("--password-file");
        arrayList.add(str);
        SqoopOptions parseArguments = new ImportTool().parseArguments(getCommonArgs(false, arrayList), conf, getSqoopOptions(conf), true);
        assertEquals("super.secret.password", credentialProviderPasswordLoader.loadPassword(str, conf));
        assertEquals("super.secret.password", parseArguments.getPassword());
    }

    public void testPasswordAliasOption() throws Exception {
        new CredentialProviderPasswordLoader();
        if (!CredentialProviderHelper.isProviderAvailable()) {
            LOG.info("CredentialProvider facility not available in the hadoop environment used");
            return;
        }
        File file = new File(".");
        Configuration conf = getConf();
        String str = "jceks://file/" + file.getAbsolutePath() + "/creds.jks";
        new File(file, "creds.jks").delete();
        conf.set("hadoop.security.credential.provider.path", str);
        CredentialProviderHelper.createCredentialEntry(conf, "super.secret.alias", "super.secret.password");
        ArrayList<String> arrayList = new ArrayList<>();
        arrayList.add("--username");
        arrayList.add("username");
        arrayList.add("--password-alias");
        arrayList.add("super.secret.alias");
        assertEquals("super.secret.password", new ImportTool().parseArguments(getCommonArgs(false, arrayList), conf, getSqoopOptions(conf), true).getPassword());
    }

    public void executeCipherTest(String str, String str2, String str3, int i) throws Exception {
        LOG.info("Using cipher: " + str3 + " with keySize " + i + " and passphrase " + str2);
        String str4 = TEMP_BASE_DIR + ".pwd";
        createTempFile(str4);
        writeToFile(str4, encryptPassword(str, str2, str3, OracleUtils.INTEGRATIONTEST_NUM_ROWS, i));
        LOG.info("Generated encrypted password file in: " + str4);
        ArrayList<String> arrayList = new ArrayList<>();
        arrayList.add("--username");
        arrayList.add("username");
        arrayList.add("--password-file");
        arrayList.add(str4);
        String[] commonArgs = getCommonArgs(false, arrayList);
        Configuration conf = getConf();
        conf.set("org.apache.sqoop.credentials.loader.class", CryptoFileLoader.class.getCanonicalName());
        conf.set("org.apache.sqoop.credentials.loader.crypto.alg", str3);
        conf.set("org.apache.sqoop.credentials.loader.crypto.passphrase", str2);
        conf.setInt("org.apache.sqoop.credentials.loader.crypto.salt.key.len", i);
        SqoopOptions parseArguments = new ImportTool().parseArguments(commonArgs, conf, getSqoopOptions(conf), true);
        assertNotNull(parseArguments.getPasswordFilePath());
        assertNotNull(parseArguments.getPassword());
        assertEquals(str2, parseArguments.getPassword());
    }

    private byte[] encryptPassword(String str, String str2, String str3, int i, int i2) throws Exception {
        SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str2.toCharArray(), "SALT".getBytes(), i, i2)).getEncoded(), str3.split("/")[0]);
        Cipher cipher = Cipher.getInstance(str3);
        cipher.init(1, secretKeySpec);
        return cipher.doFinal(str.getBytes());
    }

    private void createTempFile(String str) throws IOException {
        new File(str).createNewFile();
    }

    private void writeToFile(String str, String str2) throws IOException {
        writeToFile(str, str2.getBytes());
    }

    private void writeToFile(String str, byte[] bArr) throws IOException {
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(new File(str));
            fileOutputStream.write(bArr);
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            throw th;
        }
    }
}
