package org.apache.drill.exec.rpc.user.security;

import com.google.common.collect.Lists;
import com.typesafe.config.ConfigValueFactory;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.ServerSocket;
import java.nio.file.Files;
import java.security.PrivilegedExceptionAction;
import java.util.Properties;
import javax.security.auth.Subject;
import org.apache.drill.BaseTestQuery;
import org.apache.drill.common.config.DrillConfig;
import org.apache.drill.exec.rpc.user.security.testing.UserAuthenticatorTestImpl;
import org.apache.hadoop.security.UgiTestUtil;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.JaasKrbUtil;
import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.krb5.Config;

/* loaded from: input_file:org/apache/drill/exec/rpc/user/security/TestUserBitKerberos.class */
public class TestUserBitKerberos extends BaseTestQuery {
    private static File workspace;
    private static File kdcDir;
    private static SimpleKdcServer kdc;
    private static int kdcPort;
    private static final String CLIENT_SHORT_NAME = "testUser";
    private static final String CLIENT_PRINCIPAL = "testUser@EXAMPLE.COM";
    private static File keytabDir;
    private static File clientKeytab;
    private static File serverKeytab;
    private static boolean kdcStarted;
    private static final Logger logger = LoggerFactory.getLogger(TestUserBitKerberos.class);
    private static final String SERVER_SHORT_NAME = System.getProperty("user.name");
    private static final String HOSTNAME = "localhost";
    private static final String REALM = "EXAMPLE.COM";
    private static final String SERVER_PRINCIPAL = SERVER_SHORT_NAME + "/" + HOSTNAME + "@" + REALM;

    @BeforeClass
    public static void setupKdc() throws Exception {
        kdc = new SimpleKdcServer();
        workspace = new File(getTempDir("kerberos_target"));
        kdcDir = new File(workspace, TestUserBitKerberos.class.getSimpleName());
        kdcDir.mkdirs();
        kdc.setWorkDir(kdcDir);
        kdc.setKdcHost(HOSTNAME);
        kdcPort = getFreePort();
        kdc.setAllowTcp(true);
        kdc.setAllowUdp(false);
        kdc.setKdcTcpPort(kdcPort);
        logger.debug("Starting KDC server at {}:{}", HOSTNAME, Integer.valueOf(kdcPort));
        kdc.init();
        kdc.start();
        kdcStarted = true;
        keytabDir = new File(workspace, TestUserBitKerberos.class.getSimpleName() + "_keytabs");
        keytabDir.mkdirs();
        setupUsers(keytabDir);
        System.clearProperty("java.security.auth.login.config");
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
        DrillConfig drillConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))), false);
        Properties properties = new Properties();
        properties.setProperty("user", "anonymous");
        properties.setProperty("password", "anything works!");
        Config.refresh();
        Field declaredField = KerberosName.class.getDeclaredField("defaultRealm");
        declaredField.setAccessible(true);
        declaredField.set(null, KerberosUtil.getDefaultRealm());
        updateTestCluster(1, drillConfig, properties);
    }

    private static int getFreePort() throws IOException {
        ServerSocket serverSocket = null;
        try {
            serverSocket = new ServerSocket(0);
            serverSocket.setReuseAddress(true);
            int localPort = serverSocket.getLocalPort();
            if (serverSocket != null) {
                serverSocket.close();
            }
            return localPort;
        } catch (Throwable th) {
            if (serverSocket != null) {
                serverSocket.close();
            }
            throw th;
        }
    }

    private static void setupUsers(File file) throws KrbException {
        String substring = CLIENT_PRINCIPAL.substring(0, CLIENT_PRINCIPAL.indexOf(64));
        clientKeytab = new File(file, substring.replace('/', '_') + ".keytab");
        logger.debug("Creating {} with keytab {}", substring, clientKeytab);
        setupUser(kdc, clientKeytab, substring);
        serverKeytab = new File(file, SERVER_PRINCIPAL.substring(0, SERVER_PRINCIPAL.indexOf(64)).replace('/', '_') + ".keytab");
        logger.debug("Creating {} with keytab {}", SERVER_PRINCIPAL, serverKeytab);
        setupUser(kdc, serverKeytab, SERVER_PRINCIPAL);
    }

    private static void setupUser(SimpleKdcServer simpleKdcServer, File file, String str) throws KrbException {
        simpleKdcServer.createPrincipal(str);
        simpleKdcServer.exportPrincipal(str, file);
    }

    @AfterClass
    public static void stopKdc() throws Exception {
        if (kdcStarted) {
            logger.info("Stopping KDC on {}", Integer.valueOf(kdcPort));
            kdc.stop();
        }
        deleteIfExists(clientKeytab);
        deleteIfExists(serverKeytab);
        deleteIfExists(keytabDir);
        deleteIfExists(kdcDir);
        deleteIfExists(workspace);
        UgiTestUtil.resetUgi();
    }

    private static void deleteIfExists(File file) throws IOException {
        if (file != null) {
            Files.deleteIfExists(file.toPath());
        }
    }

    @Test
    public void successKeytab() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("principal", SERVER_PRINCIPAL);
        properties.setProperty("user", CLIENT_PRINCIPAL);
        properties.setProperty("keytab", clientKeytab.getAbsolutePath());
        updateClient(properties);
        testBuilder().sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)").unOrdered().baselineColumns("session_user").baselineValues(CLIENT_SHORT_NAME).go();
        test("SHOW SCHEMAS");
        test("USE INFORMATION_SCHEMA");
        test("SHOW TABLES");
        test("SELECT * FROM INFORMATION_SCHEMA.`TABLES` WHERE TABLE_NAME LIKE 'COLUMNS'");
        test("SELECT * FROM cp.`region.json` LIMIT 5");
    }

    @Test
    public void successTicket() throws Exception {
        final Properties properties = new Properties();
        properties.setProperty("principal", SERVER_PRINCIPAL);
        properties.setProperty("from_subject", "true");
        Subject.doAs(JaasKrbUtil.loginUsingKeytab(CLIENT_PRINCIPAL, clientKeytab.getAbsoluteFile()), new PrivilegedExceptionAction<Void>() { // from class: org.apache.drill.exec.rpc.user.security.TestUserBitKerberos.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                BaseTestQuery.updateClient(properties);
                return null;
            }
        });
        testBuilder().sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)").unOrdered().baselineColumns("session_user").baselineValues(CLIENT_SHORT_NAME).go();
        test("SHOW SCHEMAS");
        test("USE INFORMATION_SCHEMA");
        test("SHOW TABLES");
        test("SELECT * FROM INFORMATION_SCHEMA.`TABLES` WHERE TABLE_NAME LIKE 'COLUMNS'");
        test("SELECT * FROM cp.`region.json` LIMIT 5");
    }
}
