package org.apache.hadoop.yarn.server.webproxy.amfilter;

import java.io.File;
import java.net.URI;
import java.net.URL;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.http.HttpServer2;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.User;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.KerberosTestUtils;
import org.apache.hadoop.security.authorize.AccessControlList;
import org.apache.hadoop.security.rpcauth.DigestAuthMethod;
import org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilterInitializer;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/yarn/server/webproxy/amfilter/TestSecureAmFilter.class */
public class TestSecureAmFilter {
    private String proxyHost = "localhost";
    private static final File TEST_ROOT_DIR = new File("target", TestSecureAmFilter.class.getName() + "-root");
    private static File httpSpnegoKeytabFile = new File(KerberosTestUtils.getKeytabFile());
    private static Configuration rmconf = new Configuration();
    private static String httpSpnegoPrincipal = KerberosTestUtils.getServerPrincipal();
    private static boolean miniKDCStarted = false;
    private static MiniKdc testMiniKDC;

    /* loaded from: input_file:org/apache/hadoop/yarn/server/webproxy/amfilter/TestSecureAmFilter$TestAmIpFilter.class */
    private class TestAmIpFilter extends AmIpFilter {
        private Set<String> proxyAddresses = null;

        private TestAmIpFilter() {
        }

        protected Set<String> getProxyAddresses() {
            if (this.proxyAddresses == null) {
                this.proxyAddresses = new HashSet();
            }
            this.proxyAddresses.add(TestSecureAmFilter.this.proxyHost);
            return this.proxyAddresses;
        }
    }

    @BeforeClass
    public static void setUp() {
        rmconf.setBoolean("yarn.acl.enable", true);
        rmconf.set("hadoop.security.authentication", "kerberos");
        rmconf.setBoolean("yarn.resourcemanager.webapp.delegation-token-auth-filter.enabled", true);
        rmconf.set("hadoop.http.filter.initializers", RMAuthenticationFilterInitializer.class.getName());
        rmconf.set("yarn.resourcemanager.webapp.spnego-principal", httpSpnegoPrincipal);
        rmconf.set("yarn.resourcemanager.keytab", httpSpnegoKeytabFile.getAbsolutePath());
        rmconf.set("yarn.resourcemanager.webapp.spnego-keytab-file", httpSpnegoKeytabFile.getAbsolutePath());
        rmconf.set("hadoop.security.authentication", UserGroupInformation.AuthenticationMethod.TOKEN.toString());
        rmconf.set("hadoop.security.custom.auth.principal.class", User.class.getName());
        rmconf.set("hadoop.security.custom.rpc.auth.method.class", DigestAuthMethod.class.getName());
        UserGroupInformation.setConfiguration(rmconf);
        try {
            testMiniKDC = new MiniKdc(MiniKdc.createConf(), TEST_ROOT_DIR);
            setupKDC();
        } catch (Exception e) {
            Assert.assertTrue("Couldn't create MiniKDC", false);
        }
    }

    @AfterClass
    public static void tearDown() {
        if (testMiniKDC != null) {
            testMiniKDC.stop();
        }
    }

    private static void setupKDC() throws Exception {
        if (miniKDCStarted) {
            return;
        }
        testMiniKDC.start();
        getKdc().createPrincipal(httpSpnegoKeytabFile, new String[]{"HTTP/localhost"});
        miniKDCStarted = true;
    }

    private static MiniKdc getKdc() {
        return testMiniKDC;
    }

    @Test
    public void testFindRedirectUrl() throws Exception {
        String startSecureHttpServer = startSecureHttpServer();
        TestAmIpFilter testAmIpFilter = (TestAmIpFilter) Mockito.spy(new TestAmIpFilter());
        testAmIpFilter.proxyUriBases = new HashMap();
        testAmIpFilter.proxyUriBases.put("rm1", startSecureHttpServer);
        testAmIpFilter.proxyUriBases.put("rm2", "host2:8088");
        testAmIpFilter.rmUrls = new String[]{"rm1", "rm2"};
        Assert.assertTrue(testAmIpFilter.isValidUrl(startSecureHttpServer));
        Assert.assertFalse(testAmIpFilter.isValidUrl("host2:8088"));
        Assert.assertEquals(testAmIpFilter.findRedirectUrl(), startSecureHttpServer);
    }

    private String startSecureHttpServer() throws Exception {
        HttpServer2.Builder acl = new HttpServer2.Builder().setName("test").setConf(rmconf).addEndpoint(new URI("http://localhost")).setACL(new AccessControlList(rmconf.get("yarn.admin.acl", "*")));
        acl.setUsernameConfKey("yarn.resourcemanager.webapp.spnego-principal").setKeytabConfKey("yarn.resourcemanager.webapp.spnego-keytab-file").setSecurityEnabled(UserGroupInformation.isSecurityEnabled());
        HttpServer2 build = acl.build();
        build.start();
        return new URL("http://" + NetUtils.getHostPortString(build.getConnectorAddress(0))).toString();
    }
}
