package org.apache.hadoop.security.authorize;

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.test.LambdaTestUtils;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.Timeout;
import org.mockito.Mockito;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.6-eep-900-tests.jar:org/apache/hadoop/security/authorize/TestDefaultImpersonationProvider.class */
public class TestDefaultImpersonationProvider {
    private String proxyUser;
    private String user;
    private DefaultImpersonationProvider provider;
    private Configuration conf;
    private UserGroupInformation userGroupInformation = (UserGroupInformation) Mockito.mock(UserGroupInformation.class);
    private UserGroupInformation realUserUGI = (UserGroupInformation) Mockito.mock(UserGroupInformation.class);

    @Rule
    public Timeout globalTimeout = new Timeout(10000);

    @Before
    public void setup() {
        this.conf = new Configuration();
        this.provider = new DefaultImpersonationProvider();
        this.conf.set("hadoop.proxyuser.fakeuser.groups", "*");
        this.conf.set("hadoop.proxyuser.fakeuser.hosts", "*");
        this.conf.set("hadoop.proxyuser.test.user.groups", "*");
        this.conf.set("hadoop.proxyuser.test.user.hosts", "*");
        this.conf.set("hadoop.proxyuser.test user2.groups", "*");
        this.conf.set("hadoop.proxyuser.test user2.hosts", "*");
        this.provider.setConf(this.conf);
        this.provider.init(ProxyUsers.CONF_HADOOP_PROXYUSER);
    }

    @Test
    public void testAuthorizationSuccess() throws AuthorizationException {
        this.proxyUser = "fakeuser";
        this.user = "dummyUser";
        Mockito.when(this.realUserUGI.getShortUserName()).thenReturn(this.proxyUser);
        Mockito.when(this.userGroupInformation.getRealUser()).thenReturn(this.realUserUGI);
        this.provider.authorize(this.userGroupInformation, "2.2.2.2");
        this.user = "somerandomuser";
        this.proxyUser = "test.user";
        Mockito.when(this.realUserUGI.getShortUserName()).thenReturn(this.proxyUser);
        Mockito.when(this.userGroupInformation.getRealUser()).thenReturn(this.realUserUGI);
        this.provider.authorize(this.userGroupInformation, "2.2.2.2");
    }

    @Test
    public void testAuthorizationFailure() throws Exception {
        this.user = "dummyUser";
        this.proxyUser = "test user2";
        Mockito.when(this.realUserUGI.getShortUserName()).thenReturn(this.proxyUser);
        Mockito.when(this.realUserUGI.getUserName()).thenReturn(this.proxyUser);
        Mockito.when(this.userGroupInformation.getUserName()).thenReturn(this.user);
        Mockito.when(this.userGroupInformation.getRealUser()).thenReturn(this.realUserUGI);
        LambdaTestUtils.intercept(AuthorizationException.class, "User: " + this.proxyUser + " is not allowed to impersonate " + this.user, () -> {
            this.provider.authorize(this.userGroupInformation, "2.2.2.2");
        });
    }

    @After
    public void clear() {
        this.provider = null;
        this.conf = null;
        this.userGroupInformation = null;
        this.realUserUGI = null;
    }
}
