package org.apache.hadoop.yarn.server.resourcemanager.webapp;

import com.sun.jersey.api.client.ClientResponse;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.User;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.KerberosTestUtils;
import org.apache.hadoop.security.rpcauth.KerberosAuthMethod;
import org.apache.hadoop.yarn.server.resourcemanager.MockRM;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.ApplicationSubmissionContextInfo;
import org.codehaus.jettison.json.JSONObject;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesHttpStaticUserPermissions.class */
public class TestRMWebServicesHttpStaticUserPermissions {
    private static final File testRootDir = new File("target", TestRMWebServicesHttpStaticUserPermissions.class.getName() + "-root");
    private static File spnegoKeytabFile = new File(KerberosTestUtils.getKeytabFile());
    private static String spnegoPrincipal = KerberosTestUtils.getServerPrincipal();
    private static MiniKdc testMiniKDC;
    private static MockRM rm;

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesHttpStaticUserPermissions$Helper.class */
    static class Helper {
        String method;
        String requestBody;

        Helper(String str, String str2) {
            this.method = str;
            this.requestBody = str2;
        }
    }

    @BeforeClass
    public static void setUp() {
        try {
            testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
            setupKDC();
            setupAndStartRM();
        } catch (Exception e) {
            Assert.fail("Couldn't create MiniKDC");
        }
    }

    @AfterClass
    public static void tearDown() {
        if (testMiniKDC != null) {
            testMiniKDC.stop();
        }
        if (rm != null) {
            rm.stop();
        }
    }

    private static void setupAndStartRM() throws Exception {
        Configuration configuration = new Configuration();
        configuration.setInt("yarn.resourcemanager.am.max-attempts", 2);
        configuration.setClass("yarn.resourcemanager.scheduler.class", FifoScheduler.class, ResourceScheduler.class);
        configuration.setBoolean("yarn.acl.enable", true);
        configuration.set("hadoop.security.authentication", "kerberos");
        configuration.set("hadoop.security.custom.auth.principal.class", User.class.getName());
        configuration.set("hadoop.security.custom.rpc.auth.method.class", KerberosAuthMethod.class.getName());
        configuration.set("yarn.resourcemanager.principal", spnegoPrincipal);
        configuration.set("yarn.resourcemanager.keytab", spnegoKeytabFile.getAbsolutePath());
        configuration.setBoolean("mockrm.webapp.enabled", true);
        UserGroupInformation.setConfiguration(configuration);
        rm = new MockRM(configuration);
        rm.start();
    }

    private static void setupKDC() throws Exception {
        testMiniKDC.start();
        testMiniKDC.createPrincipal(spnegoKeytabFile, new String[]{"HTTP/localhost", "client", UserGroupInformation.getLoginUser().getShortUserName(), "client2"});
    }

    @Test
    public void testWebServiceAccess() throws Exception {
        ApplicationSubmissionContextInfo applicationSubmissionContextInfo = new ApplicationSubmissionContextInfo();
        applicationSubmissionContextInfo.setApplicationId("application_123_0");
        String marshalledAppInfo = TestRMWebServicesDelegationTokenAuthentication.getMarshalledAppInfo(applicationSubmissionContextInfo);
        URL url = new URL("http://localhost:8088/ws/v1/cluster/apps?user.name=dr.who");
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        TestRMWebServicesDelegationTokenAuthentication.setupConn(httpURLConnection, "GET", "", "");
        try {
            httpURLConnection.getInputStream();
            Assert.assertEquals(ClientResponse.Status.OK.getStatusCode(), httpURLConnection.getResponseCode());
        } catch (IOException e) {
            Assert.fail("Got " + httpURLConnection.getResponseCode() + " instead of 200 accessing " + url.toString());
        }
        httpURLConnection.disconnect();
        HashMap hashMap = new HashMap();
        hashMap.put("http://localhost:8088/ws/v1/cluster/apps?user.name=dr.who", new Helper("POST", marshalledAppInfo));
        hashMap.put("http://localhost:8088/ws/v1/cluster/apps/new-application?user.name=dr.who", new Helper("POST", ""));
        hashMap.put("http://localhost:8088/ws/v1/cluster/apps/app_123_1/state?user.name=dr.who", new Helper("PUT", "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n<appstate>\n  <state>KILLED</state>\n</appstate>"));
        for (Map.Entry entry : hashMap.entrySet()) {
            HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL((String) entry.getKey()).openConnection();
            TestRMWebServicesDelegationTokenAuthentication.setupConn(httpURLConnection2, ((Helper) entry.getValue()).method, "application/xml", ((Helper) entry.getValue()).requestBody);
            try {
                httpURLConnection2.getInputStream();
                Assert.fail("Request " + ((String) entry.getKey()) + "succeeded but should have failed");
            } catch (IOException e2) {
                Assert.assertEquals(ClientResponse.Status.FORBIDDEN.getStatusCode(), httpURLConnection2.getResponseCode());
                InputStream errorStream = httpURLConnection2.getErrorStream();
                String str = "";
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(errorStream, "UTF8"));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    } else {
                        str = str + readLine;
                    }
                }
                bufferedReader.close();
                errorStream.close();
                Assert.assertEquals("java.lang.Exception: The default static user cannot carry out this operation.", new JSONObject(str).getJSONObject("RemoteException").getString("message"));
            }
            httpURLConnection2.disconnect();
        }
    }
}
