package org.apache.hadoop.yarn.server.timelineservice.reader;

import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.server.timelineservice.reader.security.TimelineReaderWhitelistAuthorizationFilter;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWhitelistAuthorizationFilter.class */
public class TestTimelineReaderWhitelistAuthorizationFilter {
    private static final String GROUP1_NAME = "group1";
    private static final String GROUP2_NAME = "group2";
    private static final String GROUP3_NAME = "group3";
    private static final String[] GROUP_NAMES = {GROUP1_NAME, GROUP2_NAME, GROUP3_NAME};

    /* loaded from: input_file:org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWhitelistAuthorizationFilter$DummyFilterConfig.class */
    private static class DummyFilterConfig implements FilterConfig {
        private final Map<String, String> map;

        DummyFilterConfig(Map<String, String> map) {
            this.map = map;
        }

        public String getFilterName() {
            return "dummy";
        }

        public String getInitParameter(String str) {
            return this.map.get(str);
        }

        public Enumeration<String> getInitParameterNames() {
            return Collections.enumeration(this.map.keySet());
        }

        public ServletContext getServletContext() {
            return null;
        }
    }

    @Test
    public void checkFilterAllowedUser() throws ServletException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("yarn.timeline-service.read.authentication.enabled", "true");
        hashMap.put("yarn.timeline-service.read.allowed.users", "user1,user2");
        TimelineReaderWhitelistAuthorizationFilter timelineReaderWhitelistAuthorizationFilter = new TimelineReaderWhitelistAuthorizationFilter();
        timelineReaderWhitelistAuthorizationFilter.init(new DummyFilterConfig(hashMap));
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        final String str = "user1";
        Mockito.when(httpServletRequest.getUserPrincipal()).thenReturn(new Principal() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.1
            @Override // java.security.Principal
            public String getName() {
                return str;
            }
        });
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        timelineReaderWhitelistAuthorizationFilter.doFilter(httpServletRequest, httpServletResponse, (FilterChain) null);
        ((HttpServletResponse) Mockito.verify(httpServletResponse, Mockito.times(0))).sendError(403, "User user1 is not allowed to read TimelineService V2 data.");
    }

    @Test
    public void checkFilterNotAllowedUser() throws ServletException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("yarn.timeline-service.read.authentication.enabled", "true");
        hashMap.put("yarn.timeline-service.read.allowed.users", "user1,user2");
        TimelineReaderWhitelistAuthorizationFilter timelineReaderWhitelistAuthorizationFilter = new TimelineReaderWhitelistAuthorizationFilter();
        timelineReaderWhitelistAuthorizationFilter.init(new DummyFilterConfig(hashMap));
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        final String str = "testuser1";
        Mockito.when(httpServletRequest.getUserPrincipal()).thenReturn(new Principal() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.2
            @Override // java.security.Principal
            public String getName() {
                return str;
            }
        });
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        timelineReaderWhitelistAuthorizationFilter.doFilter(httpServletRequest, httpServletResponse, (FilterChain) null);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(ArgumentMatchers.eq(403), (String) ArgumentMatchers.eq("User testuser1 is not allowed to read TimelineService V2 data."));
    }

    @Test
    public void checkFilterAllowedUserGroup() throws ServletException, IOException, InterruptedException {
        HashMap hashMap = new HashMap();
        hashMap.put("yarn.timeline-service.read.authentication.enabled", "true");
        hashMap.put("yarn.timeline-service.read.allowed.users", "user2 group1,group2");
        final TimelineReaderWhitelistAuthorizationFilter timelineReaderWhitelistAuthorizationFilter = new TimelineReaderWhitelistAuthorizationFilter();
        timelineReaderWhitelistAuthorizationFilter.init(new DummyFilterConfig(hashMap));
        final HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        final String str = "user1";
        Mockito.when(httpServletRequest.getUserPrincipal()).thenReturn(new Principal() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.3
            @Override // java.security.Principal
            public String getName() {
                return str;
            }
        });
        final HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        UserGroupInformation.createUserForTesting("user1", GROUP_NAMES).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.4
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                timelineReaderWhitelistAuthorizationFilter.doFilter(httpServletRequest, httpServletResponse, (FilterChain) null);
                return null;
            }
        });
        ((HttpServletResponse) Mockito.verify(httpServletResponse, Mockito.times(0))).sendError(403, "User user1 is not allowed to read TimelineService V2 data.");
    }

    @Test
    public void checkFilterNotAlloweGroup() throws ServletException, IOException, InterruptedException {
        HashMap hashMap = new HashMap();
        hashMap.put("yarn.timeline-service.read.authentication.enabled", "true");
        hashMap.put("yarn.timeline-service.read.allowed.users", " group5,group6");
        final TimelineReaderWhitelistAuthorizationFilter timelineReaderWhitelistAuthorizationFilter = new TimelineReaderWhitelistAuthorizationFilter();
        timelineReaderWhitelistAuthorizationFilter.init(new DummyFilterConfig(hashMap));
        final HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        final String str = "user200";
        Mockito.when(httpServletRequest.getUserPrincipal()).thenReturn(new Principal() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.5
            @Override // java.security.Principal
            public String getName() {
                return str;
            }
        });
        final HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        UserGroupInformation.createUserForTesting("user200", GROUP_NAMES).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.6
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                timelineReaderWhitelistAuthorizationFilter.doFilter(httpServletRequest, httpServletResponse, (FilterChain) null);
                return null;
            }
        });
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(ArgumentMatchers.eq(403), (String) ArgumentMatchers.eq("User user200 is not allowed to read TimelineService V2 data."));
    }

    @Test
    public void checkFilterAllowAdmins() throws ServletException, IOException, InterruptedException {
        HashMap hashMap = new HashMap();
        hashMap.put("yarn.timeline-service.read.authentication.enabled", "true");
        hashMap.put("yarn.timeline-service.read.allowed.users", "user3 group5,group6");
        hashMap.put("yarn.admin.acl", " group1,group2");
        final TimelineReaderWhitelistAuthorizationFilter timelineReaderWhitelistAuthorizationFilter = new TimelineReaderWhitelistAuthorizationFilter();
        timelineReaderWhitelistAuthorizationFilter.init(new DummyFilterConfig(hashMap));
        final HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        final String str = "user90";
        Mockito.when(httpServletRequest.getUserPrincipal()).thenReturn(new Principal() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.7
            @Override // java.security.Principal
            public String getName() {
                return str;
            }
        });
        final HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        UserGroupInformation.createUserForTesting("user90", GROUP_NAMES).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.8
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                timelineReaderWhitelistAuthorizationFilter.doFilter(httpServletRequest, httpServletResponse, (FilterChain) null);
                return null;
            }
        });
        ((HttpServletResponse) Mockito.verify(httpServletResponse, Mockito.times(0))).sendError(403, "User user90 is not allowed to read TimelineService V2 data.");
    }

    @Test
    public void checkFilterAllowAdminsWhenNoUsersSet() throws ServletException, IOException, InterruptedException {
        HashMap hashMap = new HashMap();
        hashMap.put("yarn.timeline-service.read.authentication.enabled", "true");
        hashMap.put("yarn.admin.acl", " group1,group2");
        final TimelineReaderWhitelistAuthorizationFilter timelineReaderWhitelistAuthorizationFilter = new TimelineReaderWhitelistAuthorizationFilter();
        timelineReaderWhitelistAuthorizationFilter.init(new DummyFilterConfig(hashMap));
        final HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        final String str = "user90";
        Mockito.when(httpServletRequest.getUserPrincipal()).thenReturn(new Principal() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.9
            @Override // java.security.Principal
            public String getName() {
                return str;
            }
        });
        final HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        UserGroupInformation.createUserForTesting("user90", GROUP_NAMES).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.10
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                timelineReaderWhitelistAuthorizationFilter.doFilter(httpServletRequest, httpServletResponse, (FilterChain) null);
                return null;
            }
        });
        ((HttpServletResponse) Mockito.verify(httpServletResponse, Mockito.times(0))).sendError(403, "User user90 is not allowed to read TimelineService V2 data.");
    }

    @Test
    public void checkFilterAllowNoOneWhenAdminAclsEmptyAndUserAclsEmpty() throws ServletException, IOException, InterruptedException {
        HashMap hashMap = new HashMap();
        hashMap.put("yarn.timeline-service.read.authentication.enabled", "true");
        final TimelineReaderWhitelistAuthorizationFilter timelineReaderWhitelistAuthorizationFilter = new TimelineReaderWhitelistAuthorizationFilter();
        timelineReaderWhitelistAuthorizationFilter.init(new DummyFilterConfig(hashMap));
        final HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        final String str = "user88";
        Mockito.when(httpServletRequest.getUserPrincipal()).thenReturn(new Principal() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.11
            @Override // java.security.Principal
            public String getName() {
                return str;
            }
        });
        final HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        UserGroupInformation.createUserForTesting("user88", GROUP_NAMES).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.12
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                timelineReaderWhitelistAuthorizationFilter.doFilter(httpServletRequest, httpServletResponse, (FilterChain) null);
                return null;
            }
        });
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(ArgumentMatchers.eq(403), (String) ArgumentMatchers.eq("User user88 is not allowed to read TimelineService V2 data."));
    }

    @Test
    public void checkFilterReadAuthDisabledNoAclSettings() throws ServletException, IOException, InterruptedException {
        HashMap hashMap = new HashMap();
        final TimelineReaderWhitelistAuthorizationFilter timelineReaderWhitelistAuthorizationFilter = new TimelineReaderWhitelistAuthorizationFilter();
        timelineReaderWhitelistAuthorizationFilter.init(new DummyFilterConfig(hashMap));
        final HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        final String str = "user437";
        Mockito.when(httpServletRequest.getUserPrincipal()).thenReturn(new Principal() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.13
            @Override // java.security.Principal
            public String getName() {
                return str;
            }
        });
        final HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        UserGroupInformation.createUserForTesting("user437", GROUP_NAMES).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.14
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                timelineReaderWhitelistAuthorizationFilter.doFilter(httpServletRequest, httpServletResponse, (FilterChain) null);
                return null;
            }
        });
        ((HttpServletResponse) Mockito.verify(httpServletResponse, Mockito.times(0))).sendError(403, "User user437 is not allowed to read TimelineService V2 data.");
    }

    @Test
    public void checkFilterReadAuthDisabledButAclSettingsPopulated() throws ServletException, IOException, InterruptedException {
        HashMap hashMap = new HashMap();
        hashMap.put("yarn.admin.acl", "user1,user2 group9,group21");
        hashMap.put("yarn.timeline-service.read.allowed.users", "user27,user36 group5,group6");
        final TimelineReaderWhitelistAuthorizationFilter timelineReaderWhitelistAuthorizationFilter = new TimelineReaderWhitelistAuthorizationFilter();
        timelineReaderWhitelistAuthorizationFilter.init(new DummyFilterConfig(hashMap));
        final HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getUserPrincipal()).thenReturn(new Principal() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.15
            @Override // java.security.Principal
            public String getName() {
                return "user37";
            }
        });
        final HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        UserGroupInformation.createUserForTesting("user37", GROUP_NAMES).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.16
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                timelineReaderWhitelistAuthorizationFilter.doFilter(httpServletRequest, httpServletResponse, (FilterChain) null);
                return null;
            }
        });
        ((HttpServletResponse) Mockito.verify(httpServletResponse, Mockito.times(0))).sendError(403, "User user37 is not allowed to read TimelineService V2 data.");
        Mockito.when(httpServletRequest.getUserPrincipal()).thenReturn(new Principal() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.17
            @Override // java.security.Principal
            public String getName() {
                return "user27";
            }
        });
        final HttpServletResponse httpServletResponse2 = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        UserGroupInformation.createUserForTesting("user27", GROUP_NAMES).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.18
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                timelineReaderWhitelistAuthorizationFilter.doFilter(httpServletRequest, httpServletResponse2, (FilterChain) null);
                return null;
            }
        });
        ((HttpServletResponse) Mockito.verify(httpServletResponse, Mockito.times(0))).sendError(403, "User user27 is not allowed to read TimelineService V2 data.");
        Mockito.when(httpServletRequest.getUserPrincipal()).thenReturn(new Principal() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.19
            @Override // java.security.Principal
            public String getName() {
                return "user2";
            }
        });
        final HttpServletResponse httpServletResponse3 = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        UserGroupInformation.createUserForTesting("user2", GROUP_NAMES).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.yarn.server.timelineservice.reader.TestTimelineReaderWhitelistAuthorizationFilter.20
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                timelineReaderWhitelistAuthorizationFilter.doFilter(httpServletRequest, httpServletResponse3, (FilterChain) null);
                return null;
            }
        });
        ((HttpServletResponse) Mockito.verify(httpServletResponse, Mockito.times(0))).sendError(403, "User user2 is not allowed to read TimelineService V2 data.");
    }
}
