package org.apache.hadoop.registry.secure;

import java.io.IOException;
import java.util.List;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.registry.client.api.RegistryConstants;
import org.apache.hadoop.registry.client.impl.zk.RegistrySecurity;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.zookeeper.data.ACL;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:test-classes/org/apache/hadoop/registry/secure/TestRegistrySecurityHelper.class
 */
/* loaded from: input_file:hadoop-yarn-registry-2.7.5.0-tests.jar:org/apache/hadoop/registry/secure/TestRegistrySecurityHelper.class */
public class TestRegistrySecurityHelper extends Assert {
    private static final Logger LOG = LoggerFactory.getLogger(TestRegistrySecurityHelper.class);
    public static final String YARN_EXAMPLE_COM = "yarn@example.com";
    public static final String SASL_YARN_EXAMPLE_COM = "sasl:yarn@example.com";
    public static final String MAPRED_EXAMPLE_COM = "mapred@example.com";
    public static final String SASL_MAPRED_EXAMPLE_COM = "sasl:mapred@example.com";
    public static final String SASL_MAPRED_APACHE = "sasl:mapred@APACHE";
    public static final String DIGEST_F0AF = "digest:f0afbeeb00baa";
    public static final String SASL_YARN_SHORT = "sasl:yarn@";
    public static final String SASL_MAPRED_SHORT = "sasl:mapred@";
    public static final String REALM_EXAMPLE_COM = "example.com";
    private static RegistrySecurity registrySecurity;

    @BeforeClass
    public static void setupTestRegistrySecurityHelper() throws IOException {
        Configuration configuration = new Configuration();
        configuration.setBoolean(RegistryConstants.KEY_REGISTRY_SECURE, true);
        configuration.set(RegistryConstants.KEY_REGISTRY_KERBEROS_REALM, "KERBEROS");
        registrySecurity = new RegistrySecurity("");
        registrySecurity.init(configuration);
    }

    @Test
    public void testACLSplitRealmed() throws Throwable {
        List<String> splitAclPairs = registrySecurity.splitAclPairs("sasl:yarn@example.com, sasl:mapred@example.com", "");
        assertEquals(SASL_YARN_EXAMPLE_COM, splitAclPairs.get(0));
        assertEquals(SASL_MAPRED_EXAMPLE_COM, splitAclPairs.get(1));
    }

    @Test
    public void testBuildAclsRealmed() throws Throwable {
        List<ACL> buildACLs = registrySecurity.buildACLs("sasl:yarn@example.com, sasl:mapred@example.com", "", 31);
        assertEquals(YARN_EXAMPLE_COM, buildACLs.get(0).getId().getId());
        assertEquals(MAPRED_EXAMPLE_COM, buildACLs.get(1).getId().getId());
    }

    @Test
    public void testACLDefaultRealm() throws Throwable {
        List<String> splitAclPairs = registrySecurity.splitAclPairs("sasl:yarn@, sasl:mapred@", REALM_EXAMPLE_COM);
        assertEquals(SASL_YARN_EXAMPLE_COM, splitAclPairs.get(0));
        assertEquals(SASL_MAPRED_EXAMPLE_COM, splitAclPairs.get(1));
    }

    @Test
    public void testBuildAclsDefaultRealm() throws Throwable {
        List<ACL> buildACLs = registrySecurity.buildACLs("sasl:yarn@, sasl:mapred@", REALM_EXAMPLE_COM, 31);
        assertEquals(YARN_EXAMPLE_COM, buildACLs.get(0).getId().getId());
        assertEquals(MAPRED_EXAMPLE_COM, buildACLs.get(1).getId().getId());
    }

    @Test
    public void testACLSplitNullRealm() throws Throwable {
        List<String> splitAclPairs = registrySecurity.splitAclPairs("sasl:yarn@, sasl:mapred@", "");
        assertEquals(SASL_YARN_SHORT, splitAclPairs.get(0));
        assertEquals(SASL_MAPRED_SHORT, splitAclPairs.get(1));
    }

    @Test(expected = IllegalArgumentException.class)
    public void testBuildAclsNullRealm() throws Throwable {
        registrySecurity.buildACLs("sasl:yarn@, sasl:mapred@", "", 31);
        fail("");
    }

    @Test
    public void testACLDefaultRealmOnlySASL() throws Throwable {
        List<String> splitAclPairs = registrySecurity.splitAclPairs("sasl:yarn@, digest:f0afbeeb00baa", REALM_EXAMPLE_COM);
        assertEquals(SASL_YARN_EXAMPLE_COM, splitAclPairs.get(0));
        assertEquals(DIGEST_F0AF, splitAclPairs.get(1));
    }

    @Test
    public void testACLSplitMixed() throws Throwable {
        List<String> splitAclPairs = registrySecurity.splitAclPairs("sasl:yarn@, sasl:mapred@APACHE, ,,digest:f0afbeeb00baa", REALM_EXAMPLE_COM);
        assertEquals(SASL_YARN_EXAMPLE_COM, splitAclPairs.get(0));
        assertEquals(SASL_MAPRED_APACHE, splitAclPairs.get(1));
        assertEquals(DIGEST_F0AF, splitAclPairs.get(2));
    }

    @Test
    public void testDefaultAClsValid() throws Throwable {
        registrySecurity.buildACLs(RegistryConstants.DEFAULT_REGISTRY_SYSTEM_ACCOUNTS, REALM_EXAMPLE_COM, 31);
    }

    @Test
    public void testDefaultRealm() throws Throwable {
        LOG.info("Realm {}", RegistrySecurity.getDefaultRealmInJVM());
    }

    @Test
    public void testUGIProperties() throws Throwable {
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        ACL createACLForUser = registrySecurity.createACLForUser(currentUser, 31);
        assertFalse(RegistrySecurity.ALL_READWRITE_ACCESS.equals(createACLForUser));
        LOG.info("User {} has ACL {}", currentUser, createACLForUser);
    }

    @Test
    public void testSecurityImpliesKerberos() throws Throwable {
        Configuration configuration = new Configuration();
        configuration.setBoolean("hadoop.security.authentication", true);
        configuration.setBoolean(RegistryConstants.KEY_REGISTRY_SECURE, true);
        configuration.set(RegistryConstants.KEY_REGISTRY_KERBEROS_REALM, "KERBEROS");
        try {
            new RegistrySecurity("registry security").init(configuration);
        } catch (Exception e) {
            assertTrue("did not find Registry security is enabled -but Hadoop security is not enabled in " + e, e.toString().contains(RegistrySecurity.E_NO_KERBEROS));
        }
    }
}
