package org.apache.hadoop.fs.http.server;

import java.io.File;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.security.PrivilegedExceptionAction;
import java.util.concurrent.Callable;
import junit.framework.Assert;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.fs.DelegationTokenRenewer;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.http.client.HttpFSFileSystem;
import org.apache.hadoop.fs.http.client.HttpFSKerberosAuthenticator;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.test.HFSTestCase;
import org.apache.hadoop.test.KerberosTestUtils;
import org.apache.hadoop.test.TestDir;
import org.apache.hadoop.test.TestDirHelper;
import org.apache.hadoop.test.TestHdfs;
import org.apache.hadoop.test.TestHdfsHelper;
import org.apache.hadoop.test.TestJetty;
import org.apache.hadoop.test.TestJettyHelper;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.junit.After;
import org.junit.Test;
import org.mortbay.jetty.Server;
import org.mortbay.jetty.webapp.WebAppContext;

/* loaded from: input_file:test-classes/org/apache/hadoop/fs/http/server/TestHttpFSWithKerberos.class */
public class TestHttpFSWithKerberos extends HFSTestCase {
    @After
    public void resetUGI() {
        UserGroupInformation.setConfiguration(new Configuration());
    }

    private void createHttpFSServer() throws Exception {
        File testDir = TestDirHelper.getTestDir();
        Assert.assertTrue(new File(testDir, "conf").mkdir());
        Assert.assertTrue(new File(testDir, "log").mkdir());
        Assert.assertTrue(new File(testDir, "temp").mkdir());
        HttpFSServerWebApp.setHomeDirForCurrentThread(testDir.getAbsolutePath());
        File file = new File(new File(testDir, "conf"), "secret");
        FileWriter fileWriter = new FileWriter(file);
        fileWriter.write("secret");
        fileWriter.close();
        File file2 = new File(new File(testDir, "conf"), "hadoop-conf");
        file2.mkdirs();
        String str = TestHdfsHelper.getHdfsConf().get("fs.defaultFS");
        Configuration configuration = new Configuration(false);
        configuration.set("fs.defaultFS", str);
        FileOutputStream fileOutputStream = new FileOutputStream(new File(file2, "hdfs-site.xml"));
        configuration.writeXml(fileOutputStream);
        fileOutputStream.close();
        Configuration configuration2 = new Configuration(false);
        configuration2.set("httpfs.proxyuser.client.hosts", "*");
        configuration2.set("httpfs.proxyuser.client.groups", "*");
        configuration2.set("httpfs.authentication.type", KerberosAuthenticationHandler.TYPE);
        configuration2.set("httpfs.authentication.signature.secret.file", file.getAbsolutePath());
        FileOutputStream fileOutputStream2 = new FileOutputStream(new File(new File(testDir, "conf"), "httpfs-site.xml"));
        configuration2.writeXml(fileOutputStream2);
        fileOutputStream2.close();
        WebAppContext webAppContext = new WebAppContext(Thread.currentThread().getContextClassLoader().getResource("webapp").getPath(), "/webhdfs");
        Server jettyServer = TestJettyHelper.getJettyServer();
        jettyServer.addHandler(webAppContext);
        jettyServer.start();
        HttpFSServerWebApp.get().setAuthority(TestJettyHelper.getAuthority());
    }

    @TestDir
    @Test
    @TestHdfs
    @TestJetty
    public void testValidHttpFSAccess() throws Exception {
        createHttpFSServer();
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.fs.http.server.TestHttpFSWithKerberos.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                Assert.assertEquals(new AuthenticatedURL().openConnection(new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"), new AuthenticatedURL.Token()).getResponseCode(), 200);
                return null;
            }
        });
    }

    @TestDir
    @Test
    @TestHdfs
    @TestJetty
    public void testInvalidadHttpFSAccess() throws Exception {
        createHttpFSServer();
        Assert.assertEquals(((HttpURLConnection) new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY").openConnection()).getResponseCode(), 401);
    }

    @TestDir
    @Test
    @TestHdfs
    @TestJetty
    public void testDelegationTokenHttpFSAccess() throws Exception {
        createHttpFSServer();
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.fs.http.server.TestHttpFSWithKerberos.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                URL url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETDELEGATIONTOKEN");
                AuthenticatedURL authenticatedURL = new AuthenticatedURL();
                AuthenticatedURL.Token token = new AuthenticatedURL.Token();
                HttpURLConnection openConnection = authenticatedURL.openConnection(url, token);
                Assert.assertEquals(openConnection.getResponseCode(), 200);
                String str = (String) ((JSONObject) ((JSONObject) new JSONParser().parse(new InputStreamReader(openConnection.getInputStream()))).get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_JSON)).get(HttpFSKerberosAuthenticator.DELEGATION_TOKEN_URL_STRING_JSON);
                Assert.assertEquals(((HttpURLConnection) new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + str).openConnection()).getResponseCode(), 200);
                HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + str).openConnection();
                httpURLConnection.setRequestMethod("PUT");
                Assert.assertEquals(httpURLConnection.getResponseCode(), 401);
                HttpURLConnection openConnection2 = authenticatedURL.openConnection(new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token=" + str), token);
                openConnection2.setRequestMethod("PUT");
                Assert.assertEquals(openConnection2.getResponseCode(), 200);
                HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=CANCELDELEGATIONTOKEN&token=" + str).openConnection();
                httpURLConnection2.setRequestMethod("PUT");
                Assert.assertEquals(httpURLConnection2.getResponseCode(), 200);
                Assert.assertEquals(((HttpURLConnection) new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation=" + str).openConnection()).getResponseCode(), 401);
                return null;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    public void testDelegationTokenWithFS(Class cls) throws Exception {
        createHttpFSServer();
        Configuration configuration = new Configuration();
        configuration.set("fs.webhdfs.impl", cls.getName());
        configuration.set("fs.hdfs.impl.disable.cache", "true");
        URI uri = new URI("webhdfs://" + TestJettyHelper.getJettyURL().toURI().getAuthority());
        FileSystem fileSystem = FileSystem.get(uri, configuration);
        Token<?>[] addDelegationTokens = fileSystem.addDelegationTokens("foo", null);
        fileSystem.close();
        Assert.assertEquals(1, addDelegationTokens.length);
        FileSystem fileSystem2 = FileSystem.get(uri, configuration);
        ((DelegationTokenRenewer.Renewable) fileSystem2).setDelegationToken(addDelegationTokens[0]);
        fileSystem2.listStatus(new Path("/"));
        fileSystem2.close();
    }

    private void testDelegationTokenWithinDoAs(final Class cls, boolean z) throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, KerberosAuthenticationHandler.TYPE);
        UserGroupInformation.setConfiguration(configuration);
        UserGroupInformation.loginUserFromKeytab("client", "/Users/tucu/tucu.keytab");
        UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
        if (z) {
            loginUser = UserGroupInformation.createProxyUser("foo", loginUser);
        }
        UserGroupInformation.setConfiguration(new Configuration());
        loginUser.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.fs.http.server.TestHttpFSWithKerberos.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                TestHttpFSWithKerberos.this.testDelegationTokenWithFS(cls);
                return null;
            }
        });
    }

    @TestDir
    @Test
    @TestHdfs
    @TestJetty
    public void testDelegationTokenWithHttpFSFileSystem() throws Exception {
        testDelegationTokenWithinDoAs(HttpFSFileSystem.class, false);
    }

    @TestDir
    @Test
    @TestHdfs
    @TestJetty
    public void testDelegationTokenWithWebhdfsFileSystem() throws Exception {
        testDelegationTokenWithinDoAs(WebHdfsFileSystem.class, false);
    }

    @TestDir
    @Test
    @TestHdfs
    @TestJetty
    public void testDelegationTokenWithHttpFSFileSystemProxyUser() throws Exception {
        testDelegationTokenWithinDoAs(HttpFSFileSystem.class, true);
    }
}
