package org.apache.hadoop.hdfs.server.federation.router;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.NameNodeProxies;
import org.apache.hadoop.hdfs.server.federation.MiniRouterDFSCluster;
import org.apache.hadoop.hdfs.server.federation.RouterConfigBuilder;
import org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider;
import org.apache.hadoop.hdfs.tools.DFSAdmin;
import org.apache.hadoop.hdfs.tools.GetGroups;
import org.apache.hadoop.security.GroupMappingServiceProvider;
import org.apache.hadoop.security.Groups;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AuthorizationException;
import org.apache.hadoop.security.authorize.DefaultImpersonationProvider;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.test.LambdaTestUtils;
import org.apache.hadoop.tools.GetUserMappingsProtocol;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdfs/server/federation/router/TestRouterUserMappings.class */
public class TestRouterUserMappings {
    private static final Logger LOG = LoggerFactory.getLogger(TestRouterUserMappings.class);
    private MiniRouterDFSCluster cluster;
    private Router router;
    private Configuration conf;
    private static final long GROUP_REFRESH_TIMEOUT_SEC = 1;
    private static final String ROUTER_NS = "rbfns";
    private static final String HDFS_SCHEMA = "hdfs://";
    private static final String LOOPBACK_ADDRESS = "127.0.0.1";
    private String tempResource = null;

    /* loaded from: input_file:org/apache/hadoop/hdfs/server/federation/router/TestRouterUserMappings$MockUnixGroupsMapping.class */
    public static class MockUnixGroupsMapping implements GroupMappingServiceProvider {
        private static int i = 0;

        public List<String> getGroups(String str) throws IOException {
            TestRouterUserMappings.LOG.info("Getting groups in MockUnixGroupsMapping");
            String str2 = str + ((10 * i) + 1);
            String str3 = str + ((10 * i) + 2);
            ArrayList arrayList = new ArrayList(2);
            arrayList.add(str2);
            arrayList.add(str3);
            i++;
            return arrayList;
        }

        public void cacheGroupsRefresh() throws IOException {
            TestRouterUserMappings.LOG.info("Refreshing groups in MockUnixGroupsMapping");
        }

        public void cacheGroupsAdd(List<String> list) throws IOException {
        }
    }

    @Before
    public void setUp() {
        this.conf = new Configuration(false);
        this.conf.setClass("hadoop.security.group.mapping", MockUnixGroupsMapping.class, GroupMappingServiceProvider.class);
        this.conf.setLong("hadoop.security.groups.cache.secs", GROUP_REFRESH_TIMEOUT_SEC);
        this.conf = new RouterConfigBuilder(this.conf).rpc().admin().build();
        Groups.getUserToGroupsMappingService(this.conf);
    }

    private String setUpMultiRoutersAndReturnDefaultFs() throws Exception {
        this.cluster = new MiniRouterDFSCluster(true, 2);
        this.cluster.addRouterOverrides(this.conf);
        this.cluster.startRouters();
        this.conf.set("dfs.internal.nameservices", "ns0,ns1");
        this.conf.set("dfs.nameservices", "ns0,ns1,rbfns");
        this.conf.set("dfs.client.failover.proxy.provider.rbfns", ConfiguredFailoverProxyProvider.class.getCanonicalName());
        this.conf.set("fs.defaultFS", "hdfs://rbfns");
        this.conf.set("dfs.ha.namenodes.rbfns", "r1,r2");
        List<MiniRouterDFSCluster.RouterContext> routers = this.cluster.getRouters();
        for (int i = 0; i < routers.size(); i++) {
            this.conf.set("dfs.namenode.rpc-address.rbfns.r" + (i + 1), "127.0.0.1:" + routers.get(i).getRouter().getRpcServerAddress().getPort());
        }
        return "hdfs://rbfns";
    }

    @Test
    public void testRefreshSuperUserGroupsConfiguration() throws Exception {
        testRefreshSuperUserGroupsConfigurationInternal(setUpMultiRoutersAndReturnDefaultFs());
    }

    @Test
    public void testGroupMappingRefresh() throws Exception {
        testGroupMappingRefreshInternal(setUpMultiRoutersAndReturnDefaultFs());
    }

    private void testRefreshSuperUserGroupsConfigurationInternal(String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add("gr1");
        arrayList.add("gr2");
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add("gr3");
        arrayList2.add("gr4");
        String proxySuperuserGroupConfKey = DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey("super_user");
        String proxySuperuserIpConfKey = DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey("super_user");
        this.conf.set(proxySuperuserGroupConfKey, "gr3,gr4,gr5");
        this.conf.set(proxySuperuserIpConfKey, LOOPBACK_ADDRESS);
        ProxyUsers.refreshSuperUserGroupsConfiguration(this.conf);
        UserGroupInformation userGroupInformation = (UserGroupInformation) Mockito.mock(UserGroupInformation.class);
        UserGroupInformation userGroupInformation2 = (UserGroupInformation) Mockito.mock(UserGroupInformation.class);
        UserGroupInformation userGroupInformation3 = (UserGroupInformation) Mockito.mock(UserGroupInformation.class);
        Mockito.when(userGroupInformation.getRealUser()).thenReturn(userGroupInformation3);
        Mockito.when(userGroupInformation2.getRealUser()).thenReturn(userGroupInformation3);
        Mockito.when(userGroupInformation3.getShortUserName()).thenReturn("super_user");
        Mockito.when(userGroupInformation3.getUserName()).thenReturn("super_userL");
        Mockito.when(userGroupInformation.getShortUserName()).thenReturn("user1");
        Mockito.when(userGroupInformation2.getShortUserName()).thenReturn("user2");
        Mockito.when(userGroupInformation.getUserName()).thenReturn("userL1");
        Mockito.when(userGroupInformation2.getUserName()).thenReturn("userL2");
        Mockito.when(userGroupInformation.getGroups()).thenReturn(arrayList);
        Mockito.when(userGroupInformation2.getGroups()).thenReturn(arrayList2);
        LambdaTestUtils.intercept(AuthorizationException.class, () -> {
            ProxyUsers.authorize(userGroupInformation, LOOPBACK_ADDRESS);
        });
        try {
            ProxyUsers.authorize(userGroupInformation2, LOOPBACK_ADDRESS);
            LOG.info("auth for {} succeeded", userGroupInformation2.getUserName());
        } catch (AuthorizationException e) {
            Assert.fail("first auth for " + userGroupInformation2.getShortUserName() + " should've succeeded: " + e.getLocalizedMessage());
        }
        this.tempResource = addNewConfigResource("testGroupMappingRefresh_rsrc.xml", proxySuperuserGroupConfKey, "gr2", proxySuperuserIpConfKey, LOOPBACK_ADDRESS);
        this.conf.set("fs.defaultFS", str);
        new DFSAdmin(this.conf).run(new String[]{"-refreshSuperUserGroupsConfiguration"});
        LambdaTestUtils.intercept(AuthorizationException.class, () -> {
            ProxyUsers.authorize(userGroupInformation2, LOOPBACK_ADDRESS);
        });
        try {
            ProxyUsers.authorize(userGroupInformation, LOOPBACK_ADDRESS);
            LOG.info("auth for {} succeeded", userGroupInformation.getUserName());
        } catch (AuthorizationException e2) {
            Assert.fail("second auth for " + userGroupInformation.getShortUserName() + " should've succeeded: " + e2.getLocalizedMessage());
        }
        testGroupsForUserCLI(this.conf, "user");
        testGroupsForUserProtocol(this.conf, "user");
    }

    private void testGroupsForUserCLI(Configuration configuration, String str) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintStream printStream = System.out;
        System.setOut(new PrintStream(byteArrayOutputStream));
        new GetGroups(configuration).run(new String[]{str});
        Assert.assertTrue("Wrong output: " + byteArrayOutputStream, byteArrayOutputStream.toString().startsWith(str + " : " + str));
        byteArrayOutputStream.reset();
        System.setOut(printStream);
    }

    private void testGroupsForUserProtocol(Configuration configuration, String str) throws IOException {
        Assert.assertArrayEquals(new String[]{"user1", "user2"}, ((GetUserMappingsProtocol) NameNodeProxies.createProxy(configuration, FileSystem.getDefaultUri(configuration), GetUserMappingsProtocol.class).getProxy()).getGroupsForUser(str));
    }

    private void testGroupMappingRefreshInternal(String str) throws Exception {
        Groups userToGroupsMappingService = Groups.getUserToGroupsMappingService(this.conf);
        String str2 = "test_user123";
        LOG.info("First attempt:");
        List groups = userToGroupsMappingService.getGroups("test_user123");
        LOG.info("Group 1 :{}", groups);
        LOG.info("Second attempt, should be the same:");
        List groups2 = userToGroupsMappingService.getGroups("test_user123");
        LOG.info("Group 2 :{}", groups2);
        for (int i = 0; i < groups2.size(); i++) {
            Assert.assertEquals("Should be same group ", groups.get(i), groups2.get(i));
        }
        this.conf.set("fs.defaultFS", str);
        new DFSAdmin(this.conf).run(new String[]{"-refreshUserToGroupsMappings"});
        LOG.info("Third attempt(after refresh command), should be different:");
        List groups3 = userToGroupsMappingService.getGroups("test_user123");
        LOG.info("Group 3:{}", groups3);
        for (int i2 = 0; i2 < groups3.size(); i2++) {
            Assert.assertNotEquals("Should be different group: " + ((String) groups.get(i2)) + " and " + ((String) groups3.get(i2)), groups.get(i2), groups3.get(i2));
        }
        LOG.info("Fourth attempt(after timeout), should be different:");
        GenericTestUtils.waitFor(() -> {
            try {
                List groups4 = userToGroupsMappingService.getGroups(str2);
                LOG.info("Group 4 : {}", groups4);
                return Boolean.valueOf(!groups3.equals(groups4));
            } catch (IOException e) {
                LOG.debug("Failed to get groups for user:{}", str2);
                return false;
            }
        }, 50L, Math.toIntExact(TimeUnit.SECONDS.toMillis(30L)));
    }

    public static String addNewConfigResource(String str, String str2, String str3, String str4, String str5) throws FileNotFoundException, UnsupportedEncodingException {
        String str6 = new Path(URLDecoder.decode(new Configuration().getResource("hdfs-site.xml").getPath(), "UTF-8")).getParent().toString() + "/" + str;
        StringBuilder append = new StringBuilder().append("<configuration>").append("<property>").append("<name>").append(str2).append("</name>").append("<value>").append(str3).append("</value>").append("</property>").append("<property>").append("<name>").append(str4).append("</name>").append("<value>").append(str5).append("</value>").append("</property>").append("</configuration>");
        PrintWriter printWriter = new PrintWriter(new FileOutputStream(str6));
        printWriter.println(append.toString());
        printWriter.close();
        Configuration.addDefaultResource(str);
        return str6;
    }

    @After
    public void tearDown() {
        if (this.router != null) {
            this.router.shutDown();
            this.router = null;
        }
        if (this.cluster != null) {
            this.cluster.shutdown();
            this.cluster = null;
        }
        if (this.tempResource != null) {
            new File(this.tempResource).delete();
            this.tempResource = null;
        }
    }
}
