package org.apache.drill.exec.rpc.user.security;

import com.typesafe.config.ConfigValueFactory;
import java.lang.reflect.Field;
import java.security.PrivilegedExceptionAction;
import java.util.Properties;
import javax.security.auth.Subject;
import junit.framework.TestCase;
import org.apache.drill.categories.SecurityTest;
import org.apache.drill.common.config.DrillConfig;
import org.apache.drill.exec.rpc.NonTransientRpcException;
import org.apache.drill.exec.rpc.RpcException;
import org.apache.drill.exec.rpc.control.ControlRpcMetrics;
import org.apache.drill.exec.rpc.data.DataRpcMetrics;
import org.apache.drill.exec.rpc.security.KerberosHelper;
import org.apache.drill.exec.rpc.user.UserRpcMetrics;
import org.apache.drill.exec.rpc.user.security.testing.UserAuthenticatorTestImpl;
import org.apache.drill.exec.store.avro.AvroTestUtil;
import org.apache.drill.shaded.guava.com.google.common.collect.Lists;
import org.apache.drill.test.BaseTestQuery;
import org.apache.drill.test.TestBuilder;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.kerby.kerberos.kerb.client.JaasKrbUtil;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.krb5.Config;

@Ignore("See DRILL-5387")
@Category({SecurityTest.class})
/* loaded from: input_file:org/apache/drill/exec/rpc/user/security/TestUserBitKerberosEncryption.class */
public class TestUserBitKerberosEncryption extends BaseTestQuery {
    private static final Logger logger;
    private static KerberosHelper krbHelper;
    private static DrillConfig newConfig;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeClass
    public static void setupTest() throws Exception {
        krbHelper = new KerberosHelper(TestUserBitKerberosEncryption.class.getSimpleName(), null);
        krbHelper.setupKdc(dirTestWatcher.getTmpDir());
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))).withValue("drill.exec.security.user.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)));
        Properties properties = new Properties();
        properties.setProperty("principal", krbHelper.SERVER_PRINCIPAL);
        properties.setProperty("user", krbHelper.CLIENT_PRINCIPAL);
        properties.setProperty("keytab", krbHelper.clientKeytab.getAbsolutePath());
        Config.refresh();
        Field declaredField = KerberosName.class.getDeclaredField("defaultRealm");
        declaredField.setAccessible(true);
        declaredField.set(null, KerberosUtil.getDefaultRealm());
        updateTestCluster(1, newConfig, properties);
    }

    @AfterClass
    public static void cleanTest() throws Exception {
        krbHelper.stopKdc();
    }

    @Test
    public void successKeytabWithoutChunking() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("principal", krbHelper.SERVER_PRINCIPAL);
        properties.setProperty("user", krbHelper.CLIENT_PRINCIPAL);
        properties.setProperty("keytab", krbHelper.clientKeytab.getAbsolutePath());
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))).withValue("drill.exec.security.user.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)));
        updateTestCluster(1, newConfig, properties);
        TestBuilder baselineColumns = testBuilder().sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)").unOrdered().baselineColumns("session_user");
        krbHelper.getClass();
        baselineColumns.baselineValues("testUser").go();
        test("SHOW SCHEMAS");
        test("USE INFORMATION_SCHEMA");
        test("SHOW TABLES");
        test("SELECT * FROM INFORMATION_SCHEMA.`TABLES` WHERE TABLE_NAME LIKE 'COLUMNS'");
        test("SELECT * FROM cp.`region.json`");
    }

    @Test
    public void testConnectionCounters() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("principal", krbHelper.SERVER_PRINCIPAL);
        properties.setProperty("user", krbHelper.CLIENT_PRINCIPAL);
        properties.setProperty("keytab", krbHelper.clientKeytab.getAbsolutePath());
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))).withValue("drill.exec.security.user.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)));
        updateTestCluster(1, newConfig, properties);
        TestCase.assertTrue(UserRpcMetrics.getInstance().getEncryptedConnectionCount() == 1);
        TestCase.assertTrue(UserRpcMetrics.getInstance().getUnEncryptedConnectionCount() == 0);
        TestBuilder baselineColumns = testBuilder().sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)").unOrdered().baselineColumns("session_user");
        krbHelper.getClass();
        baselineColumns.baselineValues("testUser").go();
        TestCase.assertTrue(1 == UserRpcMetrics.getInstance().getEncryptedConnectionCount());
        TestCase.assertTrue(0 == ControlRpcMetrics.getInstance().getEncryptedConnectionCount());
        TestCase.assertTrue(0 == DataRpcMetrics.getInstance().getEncryptedConnectionCount());
        TestCase.assertTrue(0 == UserRpcMetrics.getInstance().getUnEncryptedConnectionCount());
        TestCase.assertTrue(0 == ControlRpcMetrics.getInstance().getUnEncryptedConnectionCount());
        TestCase.assertTrue(0 == DataRpcMetrics.getInstance().getUnEncryptedConnectionCount());
    }

    @Test
    public void successTicketWithoutChunking() throws Exception {
        final Properties properties = new Properties();
        properties.setProperty("principal", krbHelper.SERVER_PRINCIPAL);
        properties.setProperty("from_subject", "true");
        Subject loginUsingKeytab = JaasKrbUtil.loginUsingKeytab(krbHelper.CLIENT_PRINCIPAL, krbHelper.clientKeytab.getAbsoluteFile());
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))).withValue("drill.exec.security.user.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)));
        Subject.doAs(loginUsingKeytab, new PrivilegedExceptionAction<Void>() { // from class: org.apache.drill.exec.rpc.user.security.TestUserBitKerberosEncryption.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                TestUserBitKerberosEncryption.updateTestCluster(1, TestUserBitKerberosEncryption.newConfig, properties);
                return null;
            }
        });
        TestBuilder baselineColumns = testBuilder().sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)").unOrdered().baselineColumns("session_user");
        krbHelper.getClass();
        baselineColumns.baselineValues("testUser").go();
        test("SHOW SCHEMAS");
        test("USE INFORMATION_SCHEMA");
        test("SHOW TABLES");
        test("SELECT * FROM INFORMATION_SCHEMA.`TABLES` WHERE TABLE_NAME LIKE 'COLUMNS'");
        test("SELECT * FROM cp.`region.json` LIMIT 5");
    }

    @Test
    public void successKeytabWithChunking() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("principal", krbHelper.SERVER_PRINCIPAL);
        properties.setProperty("user", krbHelper.CLIENT_PRINCIPAL);
        properties.setProperty("keytab", krbHelper.clientKeytab.getAbsolutePath());
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))).withValue("drill.exec.security.user.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.encryption.sasl.max_wrapped_size", ConfigValueFactory.fromAnyRef(100)));
        updateTestCluster(1, newConfig, properties);
        TestBuilder baselineColumns = testBuilder().sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)").unOrdered().baselineColumns("session_user");
        krbHelper.getClass();
        baselineColumns.baselineValues("testUser").go();
        test("SHOW SCHEMAS");
        test("USE INFORMATION_SCHEMA");
        test("SHOW TABLES");
        test("SELECT * FROM INFORMATION_SCHEMA.`TABLES` WHERE TABLE_NAME LIKE 'COLUMNS'");
        test("SELECT * FROM cp.`region.json`");
    }

    @Test
    public void successKeytabWithChunkingDefaultChunkSize() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("principal", krbHelper.SERVER_PRINCIPAL);
        properties.setProperty("user", krbHelper.CLIENT_PRINCIPAL);
        properties.setProperty("keytab", krbHelper.clientKeytab.getAbsolutePath());
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))).withValue("drill.exec.security.user.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)));
        updateTestCluster(1, newConfig, properties);
        TestBuilder baselineColumns = testBuilder().sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)").unOrdered().baselineColumns("session_user");
        krbHelper.getClass();
        baselineColumns.baselineValues("testUser").go();
        test("SHOW SCHEMAS");
        test("USE INFORMATION_SCHEMA");
        test("SHOW TABLES");
        test("SELECT * FROM INFORMATION_SCHEMA.`TABLES` WHERE TABLE_NAME LIKE 'COLUMNS'");
        test("SELECT * FROM cp.`region.json` LIMIT 5");
    }

    @Test
    public void successEncryptionAllChannelChunkMode() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("principal", krbHelper.SERVER_PRINCIPAL);
        properties.setProperty("user", krbHelper.CLIENT_PRINCIPAL);
        properties.setProperty("keytab", krbHelper.clientKeytab.getAbsolutePath());
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))).withValue("drill.exec.security.user.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.encryption.sasl.max_wrapped_size", ConfigValueFactory.fromAnyRef(Integer.valueOf(AvroTestUtil.RECORD_COUNT))).withValue("drill.exec.security.bit.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.bit.auth.mechanism", ConfigValueFactory.fromAnyRef("kerberos")).withValue("drill.exec.security.bit.auth.use_login_principal", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.bit.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.bit.encryption.sasl.max_wrapped_size", ConfigValueFactory.fromAnyRef(Integer.valueOf(AvroTestUtil.RECORD_COUNT))));
        updateTestCluster(1, newConfig, properties);
        TestBuilder baselineColumns = testBuilder().sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)").unOrdered().baselineColumns("session_user");
        krbHelper.getClass();
        baselineColumns.baselineValues("testUser").go();
        test("SHOW SCHEMAS");
        test("USE INFORMATION_SCHEMA");
        test("SHOW TABLES");
        test("SELECT * FROM INFORMATION_SCHEMA.`TABLES` WHERE TABLE_NAME LIKE 'COLUMNS'");
        test("SELECT * FROM cp.`region.json` LIMIT 5");
    }

    @Test
    public void successEncryptionAllChannel() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("principal", krbHelper.SERVER_PRINCIPAL);
        properties.setProperty("user", krbHelper.CLIENT_PRINCIPAL);
        properties.setProperty("keytab", krbHelper.clientKeytab.getAbsolutePath());
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))).withValue("drill.exec.security.user.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.bit.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.bit.auth.mechanism", ConfigValueFactory.fromAnyRef("kerberos")).withValue("drill.exec.security.bit.auth.use_login_principal", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.bit.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)));
        updateTestCluster(1, newConfig, properties);
        TestBuilder baselineColumns = testBuilder().sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)").unOrdered().baselineColumns("session_user");
        krbHelper.getClass();
        baselineColumns.baselineValues("testUser").go();
        test("SHOW SCHEMAS");
        test("USE INFORMATION_SCHEMA");
        test("SHOW TABLES");
        test("SELECT * FROM INFORMATION_SCHEMA.`TABLES` WHERE TABLE_NAME LIKE 'COLUMNS'");
        test("SELECT * FROM cp.`region.json` LIMIT 5");
    }

    @Test
    public void testEncryptedConnectionCountersAllChannel() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("principal", krbHelper.SERVER_PRINCIPAL);
        properties.setProperty("user", krbHelper.CLIENT_PRINCIPAL);
        properties.setProperty("keytab", krbHelper.clientKeytab.getAbsolutePath());
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))).withValue("drill.exec.security.user.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.bit.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.bit.auth.mechanism", ConfigValueFactory.fromAnyRef("kerberos")).withValue("drill.exec.security.bit.auth.use_login_principal", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.bit.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)));
        updateTestCluster(1, newConfig, properties);
        TestBuilder baselineColumns = testBuilder().sqlQuery("SELECT session_user FROM (SELECT * FROM sys.drillbits LIMIT 1)").unOrdered().baselineColumns("session_user");
        krbHelper.getClass();
        baselineColumns.baselineValues("testUser").go();
        TestCase.assertTrue(1 == UserRpcMetrics.getInstance().getEncryptedConnectionCount());
        TestCase.assertTrue(0 == ControlRpcMetrics.getInstance().getEncryptedConnectionCount());
        TestCase.assertTrue(0 == DataRpcMetrics.getInstance().getEncryptedConnectionCount());
        TestCase.assertTrue(0 == UserRpcMetrics.getInstance().getUnEncryptedConnectionCount());
        TestCase.assertTrue(0 == ControlRpcMetrics.getInstance().getUnEncryptedConnectionCount());
        TestCase.assertTrue(0 == DataRpcMetrics.getInstance().getUnEncryptedConnectionCount());
    }

    @Test
    public void failurePlainMech() {
        try {
            Properties properties = new Properties();
            properties.setProperty("user", "anonymous");
            properties.setProperty("password", "anything works!");
            newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))).withValue("drill.exec.security.user.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)));
            updateTestCluster(1, newConfig, properties);
            TestCase.fail();
        } catch (Exception e) {
            if (!$assertionsDisabled && !(e.getCause() instanceof NonTransientRpcException)) {
                throw new AssertionError();
            }
            logger.error("Caught exception: ", e);
        }
    }

    @Test
    public void encryptionEnabledWithOnlyPlainMech() {
        try {
            Properties properties = new Properties();
            properties.setProperty("principal", krbHelper.SERVER_PRINCIPAL);
            properties.setProperty("user", krbHelper.CLIENT_PRINCIPAL);
            properties.setProperty("keytab", krbHelper.clientKeytab.getAbsolutePath());
            newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain"}))).withValue("drill.exec.security.user.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)));
            updateTestCluster(1, newConfig, properties);
            TestCase.fail();
        } catch (Exception e) {
            if (!$assertionsDisabled && !(e.getCause() instanceof NonTransientRpcException)) {
                throw new AssertionError();
            }
            logger.error("Caught exception: ", e);
        }
    }

    @Test
    public void failureOldClientEncryptionEnabled() {
        try {
            Properties properties = new Properties();
            properties.setProperty("principal", krbHelper.SERVER_PRINCIPAL);
            properties.setProperty("user", krbHelper.CLIENT_PRINCIPAL);
            properties.setProperty("keytab", krbHelper.clientKeytab.getAbsolutePath());
            properties.setProperty("test_sasl_level", "1");
            newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))).withValue("drill.exec.security.user.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)));
            updateTestCluster(1, newConfig, properties);
            TestCase.fail();
        } catch (Exception e) {
            if (!$assertionsDisabled && !(e.getCause() instanceof RpcException)) {
                throw new AssertionError();
            }
            logger.error("Caught exception: ", e);
        }
    }

    @Test
    public void successOldClientEncryptionDisabled() {
        Properties properties = new Properties();
        properties.setProperty("principal", krbHelper.SERVER_PRINCIPAL);
        properties.setProperty("user", krbHelper.CLIENT_PRINCIPAL);
        properties.setProperty("keytab", krbHelper.clientKeytab.getAbsolutePath());
        properties.setProperty("test_sasl_level", "1");
        newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))));
        updateTestCluster(1, newConfig, properties);
    }

    @Test
    public void clientNeedsEncryptionWithNoServerSupport() throws Exception {
        try {
            Properties properties = new Properties();
            properties.setProperty("principal", krbHelper.SERVER_PRINCIPAL);
            properties.setProperty("user", krbHelper.CLIENT_PRINCIPAL);
            properties.setProperty("keytab", krbHelper.clientKeytab.getAbsolutePath());
            properties.setProperty("sasl_encrypt", "true");
            newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))));
            updateTestCluster(1, newConfig, properties);
            TestCase.fail();
        } catch (Exception e) {
            if (!$assertionsDisabled && !(e.getCause() instanceof NonTransientRpcException)) {
                throw new AssertionError();
            }
        }
    }

    @Test
    public void clientNeedsEncryptionWithServerSupport() throws Exception {
        try {
            Properties properties = new Properties();
            properties.setProperty("principal", krbHelper.SERVER_PRINCIPAL);
            properties.setProperty("user", krbHelper.CLIENT_PRINCIPAL);
            properties.setProperty("keytab", krbHelper.clientKeytab.getAbsolutePath());
            properties.setProperty("sasl_encrypt", "true");
            newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()).withValue("drill.exec.security.user.auth.enabled", ConfigValueFactory.fromAnyRef(true)).withValue("drill.exec.security.user.auth.impl", ConfigValueFactory.fromAnyRef(UserAuthenticatorTestImpl.TYPE)).withValue("drill.exec.security.auth.principal", ConfigValueFactory.fromAnyRef(krbHelper.SERVER_PRINCIPAL)).withValue("drill.exec.security.auth.keytab", ConfigValueFactory.fromAnyRef(krbHelper.serverKeytab.toString())).withValue("drill.exec.security.auth.mechanisms", ConfigValueFactory.fromIterable(Lists.newArrayList(new String[]{"plain", "kerberos"}))).withValue("drill.exec.security.user.encryption.sasl.enabled", ConfigValueFactory.fromAnyRef(true)));
            updateTestCluster(1, newConfig, properties);
        } catch (Exception e) {
            TestCase.fail();
            if (!$assertionsDisabled && !(e.getCause() instanceof NonTransientRpcException)) {
                throw new AssertionError();
            }
        }
    }

    static {
        $assertionsDisabled = !TestUserBitKerberosEncryption.class.desiredAssertionStatus();
        logger = LoggerFactory.getLogger(TestUserBitKerberosEncryption.class);
    }
}
