package org.apache.hadoop.security.authorize;

import com.sun.tools.doclets.internal.toolkit.taglets.SimpleTaglet;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Arrays;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.security.Groups;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.NativeCodeLoader;
import org.apache.hadoop.util.StringUtils;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:lib/hadoop-common-2.7.0-mapr-1506-tests.jar:org/apache/hadoop/security/authorize/TestProxyUsers.class */
public class TestProxyUsers {
    private static final String REAL_USER_NAME = "proxier";
    private static final String PROXY_USER_NAME = "proxied_user";
    private static final String AUTHORIZED_PROXY_USER_NAME = "authorized_proxied_user";
    private static final String PROXY_IP = "1.2.3.4";
    private static final String PROXY_IP_RANGE = "10.222.0.0/16,10.113.221.221";
    private static final Log LOG = LogFactory.getLog(TestProxyUsers.class);
    private static final String[] GROUP_NAMES = {"foo_group"};
    private static final String[] NETGROUP_NAMES = {"@foo_group"};
    private static final String[] OTHER_GROUP_NAMES = {"bar_group"};
    private static final String[] SUDO_GROUP_NAMES = {"sudo_proxied_user"};

    /* loaded from: input_file:lib/hadoop-common-2.7.0-mapr-1506-tests.jar:org/apache/hadoop/security/authorize/TestProxyUsers$TestDummyImpersonationProvider.class */
    static class TestDummyImpersonationProvider implements ImpersonationProvider {
        TestDummyImpersonationProvider() {
        }

        @Override // org.apache.hadoop.security.authorize.ImpersonationProvider
        public void init(String str) {
        }

        @Override // org.apache.hadoop.security.authorize.ImpersonationProvider
        public void authorize(UserGroupInformation userGroupInformation, String str) throws AuthorizationException {
            UserGroupInformation realUser = userGroupInformation.getRealUser();
            if (!Arrays.asList(realUser.getGroupNames()).contains("sudo_" + userGroupInformation.getShortUserName())) {
                throw new AuthorizationException("User: " + realUser.getUserName() + " is not allowed to impersonate " + userGroupInformation.getUserName());
            }
        }

        @Override // org.apache.hadoop.conf.Configurable
        public void setConf(Configuration configuration) {
        }

        @Override // org.apache.hadoop.conf.Configurable
        public Configuration getConf() {
            return null;
        }
    }

    @Test
    public void testNetgroups() throws IOException {
        if (!NativeCodeLoader.isNativeCodeLoaded()) {
            LOG.info("Not testing netgroups, this test only runs when native code is compiled");
            return;
        }
        String property = System.getProperty("TestProxyUsersGroupMapping");
        if (property == null) {
            LOG.info("Not testing netgroups, no group mapping class specified, use -DTestProxyUsersGroupMapping=$className to specify group mapping class (must implement GroupMappingServiceProvider interface and support netgroups)");
            return;
        }
        LOG.info("Testing netgroups using: " + property);
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.group.mapping", property);
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_NAME), StringUtils.join(",", Arrays.asList(NETGROUP_NAMES)));
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(REAL_USER_NAME), PROXY_IP);
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        Groups userToGroupsMappingService = Groups.getUserToGroupsMappingService(configuration);
        assertAuthorized(UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), (String[]) userToGroupsMappingService.getGroups(PROXY_USER_NAME).toArray(new String[userToGroupsMappingService.getGroups(PROXY_USER_NAME).size()])), PROXY_IP);
    }

    @Test
    public void testProxyUsers() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_NAME), StringUtils.join(",", Arrays.asList(GROUP_NAMES)));
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(REAL_USER_NAME), PROXY_IP);
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES);
        assertAuthorized(createProxyUserForTesting, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting, "1.2.3.5");
        UserGroupInformation createProxyUserForTesting2 = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), OTHER_GROUP_NAMES);
        assertNotAuthorized(createProxyUserForTesting2, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting2, "1.2.3.5");
    }

    @Test
    public void testProxyUsersWithUserConf() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserUserConfKey(REAL_USER_NAME), StringUtils.join(",", Arrays.asList(AUTHORIZED_PROXY_USER_NAME)));
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(REAL_USER_NAME), PROXY_IP);
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting(AUTHORIZED_PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES);
        assertAuthorized(createProxyUserForTesting, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting, "1.2.3.5");
        UserGroupInformation createProxyUserForTesting2 = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES);
        assertNotAuthorized(createProxyUserForTesting2, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting2, "1.2.3.5");
    }

    @Test
    public void testWildcardGroup() {
        Configuration configuration = new Configuration();
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_NAME), "*");
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(REAL_USER_NAME), PROXY_IP);
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES);
        assertAuthorized(createProxyUserForTesting, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting, "1.2.3.5");
        UserGroupInformation createProxyUserForTesting2 = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), OTHER_GROUP_NAMES);
        assertAuthorized(createProxyUserForTesting2, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting2, "1.2.3.5");
    }

    @Test
    public void testWildcardUser() {
        Configuration configuration = new Configuration();
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserUserConfKey(REAL_USER_NAME), "*");
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(REAL_USER_NAME), PROXY_IP);
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting(AUTHORIZED_PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES);
        assertAuthorized(createProxyUserForTesting, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting, "1.2.3.5");
        UserGroupInformation createProxyUserForTesting2 = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), OTHER_GROUP_NAMES);
        assertAuthorized(createProxyUserForTesting2, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting2, "1.2.3.5");
    }

    @Test
    public void testWildcardIP() {
        Configuration configuration = new Configuration();
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_NAME), StringUtils.join(",", Arrays.asList(GROUP_NAMES)));
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(REAL_USER_NAME), "*");
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES);
        assertAuthorized(createProxyUserForTesting, PROXY_IP);
        assertAuthorized(createProxyUserForTesting, "1.2.3.5");
        UserGroupInformation createProxyUserForTesting2 = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), OTHER_GROUP_NAMES);
        assertNotAuthorized(createProxyUserForTesting2, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting2, "1.2.3.5");
    }

    @Test
    public void testIPRange() {
        Configuration configuration = new Configuration();
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_NAME), "*");
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(REAL_USER_NAME), PROXY_IP_RANGE);
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES);
        assertAuthorized(createProxyUserForTesting, "10.222.0.0");
        assertNotAuthorized(createProxyUserForTesting, "10.221.0.0");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Test
    public void testWithDuplicateProxyGroups() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_NAME), StringUtils.join(",", Arrays.asList(GROUP_NAMES, GROUP_NAMES)));
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(REAL_USER_NAME), PROXY_IP);
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        Assert.assertEquals(1L, ProxyUsers.getDefaultImpersonationProvider().getProxyGroups().get(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_NAME)).size());
    }

    @Test
    public void testWithDuplicateProxyHosts() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_NAME), StringUtils.join(",", Arrays.asList(GROUP_NAMES)));
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(REAL_USER_NAME), StringUtils.join(",", Arrays.asList(PROXY_IP, PROXY_IP)));
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        Assert.assertEquals(1L, ProxyUsers.getDefaultImpersonationProvider().getProxyHosts().get(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(REAL_USER_NAME)).size());
    }

    @Test
    public void testProxyUsersWithProviderOverride() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_IMPERSONATION_PROVIDER_CLASS, "org.apache.hadoop.security.authorize.TestProxyUsers$TestDummyImpersonationProvider");
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createUserForTesting(REAL_USER_NAME, SUDO_GROUP_NAMES), GROUP_NAMES);
        assertAuthorized(createProxyUserForTesting, PROXY_IP);
        assertAuthorized(createProxyUserForTesting, "1.2.3.5");
        UserGroupInformation createProxyUserForTesting2 = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createUserForTesting(REAL_USER_NAME, GROUP_NAMES), GROUP_NAMES);
        assertNotAuthorized(createProxyUserForTesting2, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting2, "1.2.3.5");
    }

    @Test
    public void testWithProxyGroupsAndUsersWithSpaces() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserUserConfKey(REAL_USER_NAME), StringUtils.join(",", Arrays.asList("proxied_user ", AUTHORIZED_PROXY_USER_NAME, "ONEMORE")));
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_NAME), StringUtils.join(",", Arrays.asList(GROUP_NAMES)));
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(REAL_USER_NAME), PROXY_IP);
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        Assert.assertEquals(GROUP_NAMES.length, ProxyUsers.getDefaultImpersonationProvider().getProxyGroups().get(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_NAME)).size());
    }

    @Test(expected = IllegalArgumentException.class)
    public void testProxyUsersWithNullPrefix() throws Exception {
        ProxyUsers.refreshSuperUserGroupsConfiguration(new Configuration(false), null);
    }

    @Test(expected = IllegalArgumentException.class)
    public void testProxyUsersWithEmptyPrefix() throws Exception {
        ProxyUsers.refreshSuperUserGroupsConfiguration(new Configuration(false), "");
    }

    @Test
    public void testProxyUsersWithCustomPrefix() throws Exception {
        Configuration configuration = new Configuration(false);
        configuration.set("x.proxier.users", StringUtils.join(",", Arrays.asList(AUTHORIZED_PROXY_USER_NAME)));
        configuration.set("x.proxier.hosts", PROXY_IP);
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration, SimpleTaglet.EXCLUDED);
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting(AUTHORIZED_PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES);
        assertAuthorized(createProxyUserForTesting, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting, "1.2.3.5");
        UserGroupInformation createProxyUserForTesting2 = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES);
        assertNotAuthorized(createProxyUserForTesting2, PROXY_IP);
        assertNotAuthorized(createProxyUserForTesting2, "1.2.3.5");
    }

    @Test
    public void testNoHostsForUsers() throws Exception {
        Configuration configuration = new Configuration(false);
        configuration.set("y.proxier.users", StringUtils.join(",", Arrays.asList(AUTHORIZED_PROXY_USER_NAME)));
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration, "y");
        assertNotAuthorized(UserGroupInformation.createProxyUserForTesting(AUTHORIZED_PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES), PROXY_IP);
    }

    private void assertNotAuthorized(UserGroupInformation userGroupInformation, String str) {
        try {
            ProxyUsers.authorize(userGroupInformation, str);
            Assert.fail("Allowed authorization of " + userGroupInformation + " from " + str);
        } catch (AuthorizationException e) {
        }
    }

    private void assertAuthorized(UserGroupInformation userGroupInformation, String str) {
        try {
            ProxyUsers.authorize(userGroupInformation, str);
        } catch (AuthorizationException e) {
            Assert.fail("Did not allow authorization of " + userGroupInformation + " from " + str);
        }
    }

    public static void loadTest(String str, int i) {
        Configuration configuration = new Configuration();
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER_NAME), StringUtils.join(",", Arrays.asList(GROUP_NAMES)));
        configuration.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(REAL_USER_NAME), str);
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting(PROXY_USER_NAME, UserGroupInformation.createRemoteUser(REAL_USER_NAME), GROUP_NAMES);
        long nanoTime = System.nanoTime();
        SecureRandom secureRandom = new SecureRandom();
        for (int i2 = 1; i2 < 1000000; i2++) {
            try {
                ProxyUsers.authorize(createProxyUserForTesting, "1.2.3." + secureRandom.nextInt(i));
            } catch (AuthorizationException e) {
            }
        }
        System.out.println(((System.nanoTime() - nanoTime) / 1000000) + " ms");
    }

    public static void main(String[] strArr) {
        String str = null;
        if (strArr.length != 3 || (!strArr[0].equals("ip") && !strArr[0].equals("range"))) {
            System.out.println("Invalid invocation. The right syntax is ip/range <numberofIps/cidr> <testRange>");
            return;
        }
        if (strArr[0].equals("ip")) {
            int parseInt = Integer.parseInt(strArr[1]);
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < parseInt; i++) {
                sb.append("1.2.3." + i + ",");
            }
            str = sb.toString();
        } else if (strArr[0].equals("range")) {
            str = strArr[1];
        }
        loadTest(str, Integer.parseInt(strArr[2]));
    }
}
