package org.apache.hadoop.security;

import java.io.File;
import java.io.FileWriter;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.atomic.AtomicInteger;
import javax.naming.AuthenticationException;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.security.TestLdapGroupsMappingBase;
import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.thirdparty.com.google.common.collect.Iterators;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.0-eep-900-tests.jar:org/apache/hadoop/security/TestLdapGroupsMappingWithBindUserSwitch.class */
public class TestLdapGroupsMappingWithBindUserSwitch extends TestLdapGroupsMappingBase {
    private static final String TEST_USER_NAME = "some_user";

    @Test
    public void testIncorrectConfiguration() {
        Configuration baseConf = getBaseConf();
        baseConf.set(LdapGroupsMapping.BIND_USERS_KEY, "user1,user2");
        baseConf.set("hadoop.security.group.mapping.ldap.bind.users.user1.bind.user", "bindUsername1");
        LdapGroupsMapping ldapGroupsMapping = new LdapGroupsMapping();
        try {
            ldapGroupsMapping.setConf(baseConf);
            ldapGroupsMapping.getGroups(TEST_USER_NAME);
            Assert.fail("Should have failed with RuntimeException");
        } catch (RuntimeException e) {
            GenericTestUtils.assertExceptionContains("Bind username or password not configured for user: user2", e);
        }
    }

    @Test
    public void testBindUserSwitchPasswordPlaintext() throws Exception {
        Configuration baseConf = getBaseConf();
        baseConf.set(LdapGroupsMapping.BIND_USERS_KEY, "user1,user2");
        baseConf.set("hadoop.security.group.mapping.ldap.bind.users.user1.bind.user", "bindUsername1");
        baseConf.set("hadoop.security.group.mapping.ldap.bind.users.user2.bind.user", "bindUsername2");
        baseConf.set("hadoop.security.group.mapping.ldap.bind.users.user1.bind.password", "bindPassword1");
        baseConf.set("hadoop.security.group.mapping.ldap.bind.users.user2.bind.password", "bindPassword2");
        doTestBindUserSwitch(baseConf, (Integer) 1, Arrays.asList("bindUsername1", "bindUsername2"), Arrays.asList("bindPassword1", "bindPassword2"));
    }

    @Test
    public void testBindUserSwitchPasswordFromAlias() throws Exception {
        Configuration baseConf = getBaseConf();
        baseConf.set(LdapGroupsMapping.BIND_USERS_KEY, "joe,lukas");
        baseConf.set("hadoop.security.group.mapping.ldap.bind.users.joe.bind.user", "joeBindUsername");
        baseConf.set("hadoop.security.group.mapping.ldap.bind.users.lukas.bind.user", "lukasBindUsername");
        baseConf.set("hadoop.security.group.mapping.ldap.bind.users.joe.bind.password.alias", "joeBindPasswordAlias");
        baseConf.set("hadoop.security.group.mapping.ldap.bind.users.lukas.bind.password.alias", "lukasBindPasswordAlias");
        setupCredentialProvider(baseConf);
        createCredentialForAlias(baseConf, "joeBindPasswordAlias", "joeBindPassword");
        createCredentialForAlias(baseConf, "lukasBindPasswordAlias", "lukasBindPassword");
        doTestBindUserSwitch(baseConf, (Integer) 2, Arrays.asList("joeBindUsername", "lukasBindUsername", "joeBindUsername"), Arrays.asList("joeBindPassword", "lukasBindPassword", "joeBindPassword"));
    }

    @Test
    public void testBindUserSwitchPasswordFromFile() throws Exception {
        Configuration baseConf = getBaseConf();
        baseConf.setInt(LdapGroupsMapping.LDAP_NUM_ATTEMPTS_KEY, 10);
        baseConf.set(LdapGroupsMapping.BIND_USERS_KEY, "bob,alice");
        baseConf.set("hadoop.security.group.mapping.ldap.bind.users.bob.bind.user", "bobUsername");
        baseConf.set("hadoop.security.group.mapping.ldap.bind.users.alice.bind.user", "aliceUsername");
        baseConf.set("hadoop.security.group.mapping.ldap.bind.users.bob.bind.password.file", createPasswordFile("bobPasswordFile1.txt", "bobBindPassword"));
        baseConf.set("hadoop.security.group.mapping.ldap.bind.users.alice.bind.password.file", createPasswordFile("alicePasswordFile2.txt", "aliceBindPassword"));
        doTestBindUserSwitch(baseConf, (Integer) 4, Arrays.asList("bobUsername", "aliceUsername", "bobUsername", "aliceUsername", "bobUsername"), Arrays.asList("bobBindPassword", "aliceBindPassword", "bobBindPassword", "aliceBindPassword", "bobBindPassword"));
    }

    private void setupCredentialProvider(Configuration configuration) {
        File testDir = GenericTestUtils.getTestDir();
        String str = "jceks://file" + new Path(testDir.toString(), "test.jks").toUri();
        new File(testDir, "test.jks").delete();
        configuration.set("hadoop.security.credential.provider.path", str);
    }

    private void createCredentialForAlias(Configuration configuration, String str, String str2) throws Exception {
        CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(configuration).get(0);
        char[] charArray = str2.toCharArray();
        Assert.assertNull(credentialProvider.getCredentialEntry(str));
        credentialProvider.createCredentialEntry(str, charArray);
        credentialProvider.flush();
        Assert.assertArrayEquals(charArray, credentialProvider.getCredentialEntry(str).getCredential());
    }

    private String createPasswordFile(String str, String str2) throws Exception {
        File testDir = GenericTestUtils.getTestDir();
        testDir.mkdirs();
        File file = new File(testDir, str);
        FileWriter fileWriter = new FileWriter(file);
        fileWriter.write(str2);
        fileWriter.close();
        return file.getPath();
    }

    private void doTestBindUserSwitch(Configuration configuration, Integer num, List<String> list, List<String> list2) throws NamingException {
        doTestBindUserSwitch(configuration, num, Iterators.cycle(list), Iterators.cycle(list2));
    }

    private void doTestBindUserSwitch(Configuration configuration, Integer num, Iterator<String> it, Iterator<String> it2) throws NamingException {
        TestLdapGroupsMappingBase.DummyLdapCtxFactory.setExpectedBindUser(it.next());
        TestLdapGroupsMappingBase.DummyLdapCtxFactory.setExpectedBindPassword(it2.next());
        AtomicInteger atomicInteger = new AtomicInteger(num.intValue());
        Mockito.when(getContext().search(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (Object[]) ArgumentMatchers.any(Object[].class), (SearchControls) ArgumentMatchers.any(SearchControls.class))).thenAnswer(invocationOnMock -> {
            if (atomicInteger.get() <= 0) {
                return atomicInteger.getAndDecrement() == 0 ? getUserNames() : getGroupNames();
            }
            TestLdapGroupsMappingBase.DummyLdapCtxFactory.setExpectedBindUser((String) it.next());
            TestLdapGroupsMappingBase.DummyLdapCtxFactory.setExpectedBindPassword((String) it2.next());
            atomicInteger.decrementAndGet();
            throw new AuthenticationException();
        });
        LdapGroupsMapping ldapGroupsMapping = new LdapGroupsMapping();
        ldapGroupsMapping.setConf(configuration);
        Assert.assertEquals(Arrays.asList("group1", "group2"), ldapGroupsMapping.getGroups(TEST_USER_NAME));
        ((DirContext) Mockito.verify(getContext(), Mockito.times(num.intValue() + 2))).search(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (Object[]) ArgumentMatchers.any(Object[].class), (SearchControls) ArgumentMatchers.any(SearchControls.class));
    }
}
