package org.apache.hadoop.fs.azurebfs.extensions;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
import java.net.URI;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.azurebfs.AbstractAbfsIntegrationTest;
import org.apache.hadoop.fs.azurebfs.AzureBlobFileSystem;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.mapreduce.security.TokenCache;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.DtUtilShell;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.service.ServiceOperations;
import org.apache.hadoop.test.LambdaTestUtils;
import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.util.ToolRunner;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/fs/azurebfs/extensions/ITestAbfsDelegationTokens.class */
public class ITestAbfsDelegationTokens extends AbstractAbfsIntegrationTest {
    private static final Logger LOG = LoggerFactory.getLogger(ITestAbfsDelegationTokens.class);
    private static KerberizedAbfsCluster cluster;
    private UserGroupInformation aliceUser;

    @BeforeClass
    public static void setupCluster() throws Exception {
        resetUGI();
        cluster = new KerberizedAbfsCluster();
        cluster.init(new Configuration());
        cluster.start();
    }

    @AfterClass
    public static void teardownCluster() throws Exception {
        resetUGI();
        ServiceOperations.stopQuietly(LOG, cluster);
    }

    @Override // org.apache.hadoop.fs.azurebfs.AbstractAbfsIntegrationTest
    public void setup() throws Exception {
        Configuration rawConfiguration = getRawConfiguration();
        cluster.bindConfToCluster(rawConfiguration);
        rawConfiguration.setBoolean("hadoop.security.token.service.use_ip", false);
        resetUGI();
        UserGroupInformation.setConfiguration(rawConfiguration);
        this.aliceUser = cluster.createAliceUser();
        assertSecurityEnabled();
        UserGroupInformation.setLoginUser(this.aliceUser);
        StubDelegationTokenManager.useStubDTManager(rawConfiguration);
        FileSystem.closeAllForUGI(UserGroupInformation.getLoginUser());
        super.setup();
        assertNotNull("No StubDelegationTokenManager created in filesystem init", getStubDTManager());
    }

    protected StubDelegationTokenManager getStubDTManager() throws IOException {
        return (StubDelegationTokenManager) getDelegationTokenManager().getTokenManager();
    }

    @Override // org.apache.hadoop.fs.azurebfs.AbstractAbfsIntegrationTest
    public void teardown() throws Exception {
        FileSystem.closeAllForUGI(UserGroupInformation.getLoginUser());
        super.teardown();
    }

    public static void assertSecurityEnabled() {
        assertTrue("Security is needed for this test", UserGroupInformation.isSecurityEnabled());
    }

    protected static void resetUGI() {
        UserGroupInformation.reset();
    }

    protected static Credentials mkTokens(FileSystem fileSystem) throws IOException {
        Credentials credentials = new Credentials();
        fileSystem.addDelegationTokens("rm/rm1@EXAMPLE.COM", credentials);
        return credentials;
    }

    @Test
    public void testTokenManagerBinding() throws Throwable {
        StubDelegationTokenManager stubDTManager = getStubDTManager();
        assertNotNull("No StubDelegationTokenManager created in filesystem init", stubDTManager);
        assertTrue("token manager not initialized: " + stubDTManager, stubDTManager.isInitialized());
    }

    @Test
    public void testCanonicalization() throws Throwable {
        String canonicalServiceName = getCanonicalServiceName();
        assertNotNull("No canonical service name from filesystem " + getFileSystem(), canonicalServiceName);
        assertEquals("canonical URI and service name mismatch", getFilesystemURI(), new URI(canonicalServiceName));
    }

    protected URI getFilesystemURI() throws IOException {
        return getFileSystem().getUri();
    }

    protected String getCanonicalServiceName() throws IOException {
        return getFileSystem().getCanonicalServiceName();
    }

    @Test
    public void testDefaultCanonicalization() throws Throwable {
        AzureBlobFileSystem fileSystem = getFileSystem();
        clearTokenServiceName();
        assertEquals("canonicalServiceName is not the default", getDefaultServiceName(fileSystem), getCanonicalServiceName());
    }

    protected String getDefaultServiceName(FileSystem fileSystem) {
        return SecurityUtil.buildDTServiceName(fileSystem.getUri(), 0);
    }

    protected void clearTokenServiceName() throws IOException {
        getStubDTManager().setCanonicalServiceName(null);
    }

    @Test
    public void testRequestToken() throws Throwable {
        AzureBlobFileSystem fileSystem = getFileSystem();
        Credentials mkTokens = mkTokens(fileSystem);
        assertEquals("Number of collected tokens", 1L, mkTokens.numberOfTokens());
        verifyCredentialsContainsToken(mkTokens, fileSystem);
    }

    @Test
    public void testRequestTokenDefault() throws Throwable {
        clearTokenServiceName();
        AzureBlobFileSystem fileSystem = getFileSystem();
        assertEquals("canonicalServiceName is not the default", getDefaultServiceName(fileSystem), fileSystem.getCanonicalServiceName());
        Credentials mkTokens = mkTokens(fileSystem);
        assertEquals("Number of collected tokens", 1L, mkTokens.numberOfTokens());
        verifyCredentialsContainsToken(mkTokens, getDefaultServiceName(fileSystem), getFilesystemURI().toString());
    }

    public void verifyCredentialsContainsToken(Credentials credentials, FileSystem fileSystem) throws IOException {
        verifyCredentialsContainsToken(credentials, fileSystem.getCanonicalServiceName(), fileSystem.getUri().toString());
    }

    public StubAbfsTokenIdentifier verifyCredentialsContainsToken(Credentials credentials, String str, String str2) throws IOException {
        Token token = credentials.getToken(new Text(str));
        assertEquals("Token Kind in " + token, StubAbfsTokenIdentifier.TOKEN_KIND, token.getKind());
        assertEquals("Token Service Kind in " + token, str2, token.getService().toString());
        StubAbfsTokenIdentifier decodeIdentifier = token.decodeIdentifier();
        LOG.info("Created token {}", decodeIdentifier);
        assertEquals("token URI in " + decodeIdentifier, str2, decodeIdentifier.getUri().toString());
        return decodeIdentifier;
    }

    @Test
    public void testJobsCollectTokens() throws Throwable {
        AzureBlobFileSystem fileSystem = getFileSystem();
        Credentials credentials = new Credentials();
        TokenCache.obtainTokensForNamenodes(credentials, new Path[]{fileSystem.makeQualified(new Path("/"))}, fileSystem.getConf());
        verifyCredentialsContainsToken(credentials, fileSystem);
    }

    protected String dtutil(int i, Configuration configuration, String... strArr) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DtUtilShell dtUtilShell = new DtUtilShell();
        dtUtilShell.setOut(new PrintStream(byteArrayOutputStream));
        byteArrayOutputStream.reset();
        int intValue = ((Integer) LambdaTestUtils.doAs(this.aliceUser, () -> {
            return Integer.valueOf(ToolRunner.run(configuration, dtUtilShell, strArr));
        })).intValue();
        String byteArrayOutputStream2 = byteArrayOutputStream.toString();
        LOG.info("\n{}", byteArrayOutputStream2);
        assertEquals("Exit code from command dtutil " + StringUtils.join(" ", strArr) + " with output " + byteArrayOutputStream2, i, intValue);
        return byteArrayOutputStream2;
    }

    @Test
    public void testDTUtilShell() throws Throwable {
        File createTempTokenFile = cluster.createTempTokenFile();
        String file = createTempTokenFile.toString();
        String uri = getFileSystem().getUri().toString();
        dtutil(0, getRawConfiguration(), "get", uri, "-format", "protobuf", file);
        assertTrue("not created: " + createTempTokenFile, createTempTokenFile.exists());
        assertTrue("File is empty " + createTempTokenFile, createTempTokenFile.length() > 0);
        assertTrue("File only contains header " + createTempTokenFile, createTempTokenFile.length() > 6);
        String dtutil = dtutil(0, getRawConfiguration(), "print", file);
        assertTrue("no " + uri + " in " + dtutil, dtutil.contains(uri));
        assertTrue("no StubAbfsTokenIdentifier in " + dtutil, dtutil.contains(StubAbfsTokenIdentifier.ID));
    }

    @Test
    public void testBaseDTLifecycle() throws Throwable {
        Configuration configuration = new Configuration(getRawConfiguration());
        ClassicDelegationTokenManager.useClassicDTManager(configuration);
        FileSystem newInstance = FileSystem.newInstance(getFilesystemURI(), configuration);
        try {
            Credentials mkTokens = mkTokens(newInstance);
            assertEquals("Number of collected tokens", 1L, mkTokens.numberOfTokens());
            verifyCredentialsContainsToken(mkTokens, newInstance.getCanonicalServiceName(), ClassicDelegationTokenManager.UNSET);
            if (newInstance != null) {
                newInstance.close();
            }
        } catch (Throwable th) {
            if (newInstance != null) {
                try {
                    newInstance.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
