package org.apache.hadoop.hdfs.server.federation.security;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Map;
import java.util.Properties;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.contract.router.SecurityConfUtil;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.server.federation.RouterConfigBuilder;
import org.apache.hadoop.hdfs.server.federation.router.Router;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.hdfs.web.WebHdfsTestUtil;
import org.apache.hadoop.hdfs.web.resources.GetOpParam;
import org.apache.hadoop.hdfs.web.resources.HttpOpParam;
import org.apache.hadoop.hdfs.web.resources.Param;
import org.apache.hadoop.hdfs.web.resources.PutOpParam;
import org.apache.hadoop.hdfs.web.resources.RenewerParam;
import org.apache.hadoop.hdfs.web.resources.TokenArgumentParam;
import org.apache.hadoop.hdfs.web.resources.UserParam;
import org.apache.hadoop.http.FilterContainer;
import org.apache.hadoop.security.AuthenticationFilterInitializer;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.test.LambdaTestUtils;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/hdfs/server/federation/security/TestRouterHttpDelegationToken.class */
public class TestRouterHttpDelegationToken {
    public static final String FILTER_INITIALIZER_PROPERTY = "hadoop.http.filter.initializers";
    private Router router;
    private WebHdfsFileSystem fs;

    /* loaded from: input_file:org/apache/hadoop/hdfs/server/federation/security/TestRouterHttpDelegationToken$NoAuthFilter.class */
    public static final class NoAuthFilter extends AuthenticationFilter {
        protected Properties getConfiguration(String str, FilterConfig filterConfig) throws ServletException {
            Properties properties = new Properties();
            Enumeration initParameterNames = filterConfig.getInitParameterNames();
            while (initParameterNames.hasMoreElements()) {
                String str2 = (String) initParameterNames.nextElement();
                if (str2.startsWith(str)) {
                    properties.put(str2.substring(str.length()), filterConfig.getInitParameter(str2));
                }
            }
            properties.put("type", "simple");
            properties.put("simple.anonymous.allowed", "true");
            return properties;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hdfs/server/federation/security/TestRouterHttpDelegationToken$NoAuthFilterInitializer.class */
    public static final class NoAuthFilterInitializer extends AuthenticationFilterInitializer {
        static final String PREFIX = "hadoop.http.authentication.";

        public void initFilter(FilterContainer filterContainer, Configuration configuration) {
            filterContainer.addFilter("authentication", NoAuthFilter.class.getName(), getFilterConfigMap(configuration, PREFIX));
        }
    }

    @Before
    public void setup() throws Exception {
        Configuration initSecurity = SecurityConfUtil.initSecurity();
        initSecurity.set("dfs.federation.router.http-address", "0.0.0.0:0");
        initSecurity.set("dfs.federation.router.https-address", "0.0.0.0:0");
        initSecurity.set("dfs.federation.router.rpc-address", "0.0.0.0:0");
        initSecurity.set(FILTER_INITIALIZER_PROPERTY, NoAuthFilterInitializer.class.getName());
        initSecurity.set("hadoop.http.authentication.type", "simple");
        initSecurity.addResource(new RouterConfigBuilder().rpc().http().build());
        this.router = new Router();
        this.router.init(initSecurity);
        this.router.start();
        InetSocketAddress httpServerAddress = this.router.getHttpServerAddress();
        this.fs = FileSystem.get(new URI("swebhdfs", null, httpServerAddress.getHostName(), httpServerAddress.getPort(), null, null, null), initSecurity);
    }

    @After
    public void cleanup() throws Exception {
        if (this.router != null) {
            this.router.stop();
            this.router.close();
        }
        SecurityConfUtil.destroy();
    }

    @Test
    public void testGetDelegationToken() throws Exception {
        Token<DelegationTokenIdentifier> delegationToken = getDelegationToken(this.fs, "renewer0");
        Assert.assertNotNull(delegationToken);
        DelegationTokenIdentifier tokenIdentifier = getTokenIdentifier(delegationToken.getIdentifier());
        Assert.assertEquals("router", tokenIdentifier.getOwner().toString());
        Assert.assertEquals("renewer0", tokenIdentifier.getRenewer().toString());
        Assert.assertEquals("", tokenIdentifier.getRealUser().toString());
        Assert.assertEquals("SWEBHDFS delegation", delegationToken.getKind().toString());
        Assert.assertNotNull(delegationToken.getPassword());
    }

    @Test
    public void testRenewDelegationToken() throws Exception {
        Token<DelegationTokenIdentifier> delegationToken = getDelegationToken(this.fs, "router");
        DelegationTokenIdentifier tokenIdentifier = getTokenIdentifier(delegationToken.getIdentifier());
        long renewDelegationToken = renewDelegationToken(this.fs, delegationToken);
        Assert.assertTrue(renewDelegationToken + " should not be larger than " + tokenIdentifier.getMaxDate(), renewDelegationToken <= tokenIdentifier.getMaxDate());
    }

    @Test
    public void testCancelDelegationToken() throws Exception {
        Token<DelegationTokenIdentifier> delegationToken = getDelegationToken(this.fs, "router");
        cancelDelegationToken(this.fs, delegationToken);
        LambdaTestUtils.intercept(IOException.class, "Server returned HTTP response code: 403 ", () -> {
            return Long.valueOf(renewDelegationToken(this.fs, delegationToken));
        });
    }

    private Token<DelegationTokenIdentifier> getDelegationToken(WebHdfsFileSystem webHdfsFileSystem, String str) throws IOException {
        return WebHdfsTestUtil.convertJsonToDelegationToken(sendHttpRequest(webHdfsFileSystem, GetOpParam.Op.GETDELEGATIONTOKEN, new RenewerParam(str)));
    }

    private long renewDelegationToken(WebHdfsFileSystem webHdfsFileSystem, Token<?> token) throws IOException {
        return ((Number) sendHttpRequest(webHdfsFileSystem, PutOpParam.Op.RENEWDELEGATIONTOKEN, new TokenArgumentParam(token.encodeToUrlString())).get("long")).longValue();
    }

    private void cancelDelegationToken(WebHdfsFileSystem webHdfsFileSystem, Token<?> token) throws IOException {
        sendHttpRequest(webHdfsFileSystem, PutOpParam.Op.CANCELDELEGATIONTOKEN, new TokenArgumentParam(token.encodeToUrlString()));
    }

    private Map<?, ?> sendHttpRequest(WebHdfsFileSystem webHdfsFileSystem, HttpOpParam.Op op, Param<?, ?>... paramArr) throws IOException {
        String routerUserName = SecurityConfUtil.getRouterUserName();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new UserParam(routerUserName));
        arrayList.addAll(Arrays.asList(paramArr));
        HttpURLConnection openConnection = WebHdfsTestUtil.openConnection(WebHdfsTestUtil.toUrl(webHdfsFileSystem, op, (Path) null, (Param[]) arrayList.toArray(new Param[arrayList.size()])), webHdfsFileSystem.getConf());
        openConnection.setRequestMethod(op.getType().toString());
        WebHdfsTestUtil.sendRequest(openConnection);
        Map<?, ?> andParseResponse = WebHdfsTestUtil.getAndParseResponse(openConnection);
        openConnection.disconnect();
        return andParseResponse;
    }

    private DelegationTokenIdentifier getTokenIdentifier(byte[] bArr) throws IOException {
        DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier();
        delegationTokenIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(bArr)));
        return delegationTokenIdentifier;
    }
}
