package org.apache.hadoop.log;

import java.io.File;
import java.net.SocketException;
import java.net.URI;
import java.util.concurrent.Callable;
import javax.net.ssl.SSLException;
import org.apache.commons.configuration2.tree.DefaultExpressionEngineSymbols;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.logging.impl.Log4JLogger;
import org.apache.hadoop.HadoopIllegalArgumentException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.http.HttpServer2;
import org.apache.hadoop.log.LogLevel;
import org.apache.hadoop.minikdc.KerberosSecurityTestcase;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.AuthenticationFilterInitializer;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.KerberosTestUtils;
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
import org.apache.hadoop.security.authorize.AccessControlList;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.apache.hadoop.security.ssl.SSLFactory;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.3-eep-900-tests.jar:org/apache/hadoop/log/TestLogLevel.class */
public class TestLogLevel extends KerberosSecurityTestcase {
    private static final File BASEDIR = GenericTestUtils.getRandomizedTestDir();
    private static String keystoresDir;
    private static String sslConfDir;
    private static Configuration conf;
    private static Configuration sslConf;
    private String clientPrincipal;
    private String serverPrincipal;
    private static final String PRINCIPAL = "loglevel.principal";
    private static final String KEYTAB = "loglevel.keytab";
    private static final String PREFIX = "hadoop.http.authentication.";
    private final String logName = TestLogLevel.class.getName();
    private final Log testlog = LogFactory.getLog(this.logName);
    private final Logger log = ((Log4JLogger) this.testlog).getLogger();

    @BeforeClass
    public static void setUp() throws Exception {
        GenericTestUtils.setLogLevel(LoggerFactory.getLogger((Class<?>) KerberosAuthenticator.class), Level.DEBUG);
        FileUtil.fullyDelete(BASEDIR);
        if (!BASEDIR.mkdirs()) {
            throw new Exception("unable to create the base directory for testing");
        }
        conf = new Configuration();
        setupSSL(BASEDIR);
    }

    private static void setupSSL(File file) throws Exception {
        keystoresDir = file.getAbsolutePath();
        sslConfDir = KeyStoreTestUtil.getClasspathDir(TestLogLevel.class);
        KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
        sslConf = KeyStoreTestUtil.getSslConfig();
    }

    @Before
    public void setupKerberos() throws Exception {
        File file = new File(KerberosTestUtils.getKeytabFile());
        this.clientPrincipal = KerberosTestUtils.getClientPrincipal();
        this.serverPrincipal = KerberosTestUtils.getServerPrincipal();
        this.clientPrincipal = this.clientPrincipal.substring(0, this.clientPrincipal.lastIndexOf("@"));
        this.serverPrincipal = this.serverPrincipal.substring(0, this.serverPrincipal.lastIndexOf("@"));
        getKdc().createPrincipal(file, new String[]{this.clientPrincipal, this.serverPrincipal});
    }

    @AfterClass
    public static void tearDown() throws Exception {
        KeyStoreTestUtil.cleanupSSLConfig(keystoresDir, sslConfDir);
        FileUtil.fullyDelete(BASEDIR);
    }

    @Test(timeout = 120000)
    public void testCommandOptions() throws Exception {
        String name = getClass().getName();
        Assert.assertFalse(validateCommand(new String[]{"-foo"}));
        Assert.assertFalse(validateCommand(new String[0]));
        Assert.assertFalse(validateCommand(new String[]{"-getlevel"}));
        Assert.assertFalse(validateCommand(new String[]{"-setlevel"}));
        Assert.assertFalse(validateCommand(new String[]{"-getlevel", "foo.bar:8080"}));
        Assert.assertTrue(validateCommand(new String[]{"-getlevel", "foo.bar:8080", name}));
        Assert.assertTrue(validateCommand(new String[]{"-setlevel", "foo.bar:8080", name, "DEBUG"}));
        Assert.assertTrue(validateCommand(new String[]{"-getlevel", "foo.bar:8080", name, "-protocol", "http"}));
        Assert.assertTrue(validateCommand(new String[]{"-getlevel", "foo.bar:8080", name, "-protocol", "https"}));
        Assert.assertTrue(validateCommand(new String[]{"-setlevel", "foo.bar:8080", name, "DEBUG", "-protocol", "http"}));
        Assert.assertTrue(validateCommand(new String[]{"-setlevel", "foo.bar:8080", name, "DEBUG", "-protocol", "https"}));
        Assert.assertFalse(validateCommand(new String[]{"-getlevel", "foo.bar:8080", name, "-protocol", "https", "blah"}));
        Assert.assertFalse(validateCommand(new String[]{"-setlevel", "foo.bar:8080", name, "DEBUG", "-protocol", "https", "blah"}));
        Assert.assertFalse(validateCommand(new String[]{"-getlevel", "foo.bar:8080", name, "-protocol", "https", "-protocol", "https"}));
        Assert.assertFalse(validateCommand(new String[]{"-getlevel", "foo.bar:8080", name, "-setlevel", "foo.bar:8080", name}));
    }

    private boolean validateCommand(String[] strArr) throws Exception {
        try {
            new LogLevel.CLI(sslConf).parseArguments(strArr);
            return true;
        } catch (HadoopIllegalArgumentException e) {
            return false;
        } catch (Exception e2) {
            return true;
        }
    }

    private HttpServer2 createServer(String str, boolean z) throws Exception {
        HttpServer2.Builder conf2 = new HttpServer2.Builder().setName(DefaultExpressionEngineSymbols.DEFAULT_ESCAPED_DELIMITER).addEndpoint(new URI(str + "://localhost:0")).setFindPort(true).setConf(conf);
        if (z) {
            conf2.setSecurityEnabled(true).setUsernameConfKey(PRINCIPAL).setKeytabConfKey(KEYTAB).setACL(new AccessControlList(this.clientPrincipal));
        }
        if (str.equals("https")) {
            conf2 = conf2.keyPassword(sslConf.get("ssl.server.keystore.keypassword")).keyStore(sslConf.get("ssl.server.keystore.location"), sslConf.get("ssl.server.keystore.password"), sslConf.get(SSLFactory.SSL_SERVER_KEYSTORE_TYPE, "jks")).trustStore(sslConf.get("ssl.server.truststore.location"), sslConf.get("ssl.server.truststore.password"), sslConf.get(SSLFactory.SSL_SERVER_TRUSTSTORE_TYPE, "jks"));
        }
        HttpServer2 build = conf2.build();
        if (z) {
            build.addInternalServlet("logLevel", "/logLevel", LogLevel.Servlet.class, true);
        }
        build.start();
        return build;
    }

    private void testDynamicLogLevel(String str, String str2, boolean z) throws Exception {
        testDynamicLogLevel(str, str2, z, Level.DEBUG.toString());
    }

    private void testDynamicLogLevel(String str, final String str2, boolean z, final String str3) throws Exception {
        if (!LogLevel.isValidProtocol(str)) {
            throw new Exception("Invalid server protocol " + str);
        }
        if (!LogLevel.isValidProtocol(str2)) {
            throw new Exception("Invalid client protocol " + str2);
        }
        Level effectiveLevel = this.log.getEffectiveLevel();
        Assert.assertNotEquals("Get default Log Level which shouldn't be ERROR.", Level.ERROR, effectiveLevel);
        if (z) {
            conf.set(PRINCIPAL, KerberosTestUtils.getServerPrincipal());
            conf.set(KEYTAB, KerberosTestUtils.getKeytabFile());
            conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
            conf.set(CommonConfigurationKeysPublic.HADOOP_HTTP_AUTHENTICATION_TYPE, "kerberos");
            conf.set("hadoop.http.authentication.kerberos.keytab", KerberosTestUtils.getKeytabFile());
            conf.set("hadoop.http.authentication.kerberos.principal", KerberosTestUtils.getServerPrincipal());
            conf.set(HttpServer2.FILTER_INITIALIZER_PROPERTY, AuthenticationFilterInitializer.class.getName());
            conf.setBoolean("hadoop.security.authorization", true);
            UserGroupInformation.setConfiguration(conf);
        }
        HttpServer2 createServer = createServer(str, z);
        final String hostPortString = NetUtils.getHostPortString(createServer.getConnectorAddress(0));
        KerberosTestUtils.doAsClient(new Callable<Void>() { // from class: org.apache.hadoop.log.TestLogLevel.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                TestLogLevel.this.getLevel(str2, hostPortString);
                TestLogLevel.this.setLevel(str2, hostPortString, str3);
                return null;
            }
        });
        createServer.stop();
        GenericTestUtils.setLogLevel(this.log, effectiveLevel);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void getLevel(String str, String str2) throws Exception {
        new LogLevel.CLI(sslConf).run(new String[]{"-getlevel", str2, this.logName, "-protocol", str});
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setLevel(String str, String str2, String str3) throws Exception {
        new LogLevel.CLI(sslConf).run(new String[]{"-setlevel", str2, this.logName, str3, "-protocol", str});
        Assert.assertEquals("new level not equal to expected: ", str3.toUpperCase(), this.log.getEffectiveLevel().toString());
    }

    @Test(timeout = 60000)
    public void testInfoLogLevel() throws Exception {
        testDynamicLogLevel("http", "http", false, "Info");
    }

    @Test(timeout = 60000)
    public void testErrorLogLevel() throws Exception {
        testDynamicLogLevel("http", "http", false, "Error");
    }

    @Test(timeout = 60000)
    public void testLogLevelByHttp() throws Exception {
        testDynamicLogLevel("http", "http", false);
        try {
            testDynamicLogLevel("http", "https", false);
            Assert.fail("A HTTPS Client should not have succeeded in connecting to a HTTP server");
        } catch (SSLException e) {
            GenericTestUtils.assertExceptionContains("Error while authenticating with endpoint", e);
            GenericTestUtils.assertExceptionContains("recognized SSL message", e.getCause());
        }
    }

    @Test(timeout = 60000)
    public void testLogLevelByHttpWithSpnego() throws Exception {
        testDynamicLogLevel("http", "http", true);
        try {
            testDynamicLogLevel("http", "https", true);
            Assert.fail("A HTTPS Client should not have succeeded in connecting to a HTTP server");
        } catch (SSLException e) {
            GenericTestUtils.assertExceptionContains("Error while authenticating with endpoint", e);
            GenericTestUtils.assertExceptionContains("recognized SSL message", e.getCause());
        }
    }

    @Test(timeout = 60000)
    public void testLogLevelByHttps() throws Exception {
        testDynamicLogLevel("https", "https", false);
        try {
            testDynamicLogLevel("https", "http", false);
            Assert.fail("A HTTP Client should not have succeeded in connecting to a HTTPS server");
        } catch (SocketException e) {
            GenericTestUtils.assertExceptionContains("Error while authenticating with endpoint", e);
            GenericTestUtils.assertExceptionContains("Unexpected end of file from server", e.getCause());
        }
    }

    @Test(timeout = 60000)
    public void testLogLevelByHttpsWithSpnego() throws Exception {
        testDynamicLogLevel("https", "https", true);
        try {
            testDynamicLogLevel("https", "http", true);
            Assert.fail("A HTTP Client should not have succeeded in connecting to a HTTPS server");
        } catch (SocketException e) {
            GenericTestUtils.assertExceptionContains("Error while authenticating with endpoint", e);
            GenericTestUtils.assertExceptionContains("Unexpected end of file from server", e.getCause());
        }
    }
}
