package org.apache.sentry.service.thrift;

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/sentry/service/thrift/TestGSSCallback.class */
public class TestGSSCallback {
    private static final Configuration conf = new Configuration();
    private GSSCallback callBack;

    @Before
    public void setUp() {
        conf.set("sentry.service.allow.connect", "hive");
        this.callBack = new GSSCallback(conf);
    }

    @Test
    public void testAllowConnectOnKerberosPrincipal() {
        Assert.assertTrue("Authenticate valid user", this.callBack.allowConnect("hive@GCE.CLOUDERA.COM"));
        Assert.assertFalse("Do not authenticate invalid user", this.callBack.allowConnect("impala@GCE.CLOUDERA.COM"));
        KerberosName.setRules("DEFAULT");
        Assert.assertTrue("Authenticate valid user", this.callBack.allowConnect("hive@GCE.CLOUDERA.COM"));
        Assert.assertFalse("Do not authenticate invalid user", this.callBack.allowConnect("impala@GCE.CLOUDERA.COM"));
    }

    @Test
    public void testAllowConnectWithRuleSet() {
        KerberosName.setRules("RULE:[1:$1@$0](user1@TEST.REALM.COM)s/.*/hive/");
        Assert.assertTrue("Authenticate valid user", this.callBack.allowConnect("user1@TEST.REALM.COM"));
        KerberosName.setRules("RULE:[1:$1@$0](user2@TEST.REALM.COM)s/.*/solr/");
        Assert.assertFalse("Do not authenticate invalid user", this.callBack.allowConnect("user2@TEST.REALM.COM"));
        Assert.assertFalse("Do not authenticate invalid user", this.callBack.allowConnect("user3@TEST.REALM.COM"));
    }
}
