package org.apache.hadoop.security;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.StringUtils;
import org.apache.phoenix.shaded.org.jcodings.exception.ErrorCodes;
import org.apache.phoenix.shaded.org.junit.Assert;
import org.apache.phoenix.shaded.org.junit.BeforeClass;
import org.apache.phoenix.shaded.org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/security/TestSecurityUtil.class */
public class TestSecurityUtil {
    @BeforeClass
    public static void unsetKerberosRealm() {
        System.setProperty(KDiag.JAVA_SECURITY_KRB5_KDC_ADDRESS, "");
        System.setProperty(KDiag.JAVA_SECURITY_KRB5_REALM, "NONE");
    }

    @Test
    public void isOriginalTGTReturnsCorrectValues() {
        Assert.assertTrue(SecurityUtil.isTGSPrincipal(new KerberosPrincipal("krbtgt/foo@foo")));
        Assert.assertTrue(SecurityUtil.isTGSPrincipal(new KerberosPrincipal("krbtgt/foo.bar.bat@foo.bar.bat")));
        Assert.assertFalse(SecurityUtil.isTGSPrincipal(null));
        Assert.assertFalse(SecurityUtil.isTGSPrincipal(new KerberosPrincipal("blah")));
        Assert.assertFalse(SecurityUtil.isTGSPrincipal(new KerberosPrincipal("krbtgt/hello")));
        Assert.assertFalse(SecurityUtil.isTGSPrincipal(new KerberosPrincipal("krbtgt/foo@FOO")));
    }

    private void verify(String str, String str2, String str3) throws IOException {
        Assert.assertEquals(str3, SecurityUtil.getServerPrincipal(str, str2));
        Assert.assertEquals(str3, SecurityUtil.getServerPrincipal(str, mockAddr(str2)));
    }

    private InetAddress mockAddr(String str) {
        InetAddress inetAddress = (InetAddress) Mockito.mock(InetAddress.class);
        ((InetAddress) Mockito.doReturn(str).when(inetAddress)).getCanonicalHostName();
        return inetAddress;
    }

    @Test
    public void testGetServerPrincipal() throws IOException {
        verify("hdfs/_HOST@REALM", "foohost", "hdfs/foohost@REALM");
        String str = "hdfs/_HOSTNAME@REALM";
        verify(str, "foohost", str);
        verify("foo@FOOREALM", "foohost", "foo@FOOREALM");
        InetAddress inetAddress = (InetAddress) Mockito.mock(InetAddress.class);
        Assert.assertEquals(str, SecurityUtil.getServerPrincipal(str, inetAddress));
        ((InetAddress) Mockito.verify(inetAddress, Mockito.never())).getCanonicalHostName();
    }

    @Test
    public void testPrincipalsWithLowerCaseHosts() throws IOException {
        verify("xyz/_HOST@REALM", "FooHost", "xyz/" + StringUtils.toLowerCase("FooHost") + "@REALM");
    }

    @Test
    public void testLocalHostNameForNullOrWild() throws Exception {
        String lowerCase = StringUtils.toLowerCase(SecurityUtil.getLocalHostName(null));
        Assert.assertEquals("hdfs/" + lowerCase + "@REALM", SecurityUtil.getServerPrincipal("hdfs/_HOST@REALM", (String) null));
        Assert.assertEquals("hdfs/" + lowerCase + "@REALM", SecurityUtil.getServerPrincipal("hdfs/_HOST@REALM", "0.0.0.0"));
    }

    @Test
    public void testStartsWithIncorrectSettings() throws IOException {
        Configuration configuration = new Configuration();
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
        configuration.set("key", "");
        UserGroupInformation.setConfiguration(configuration);
        boolean z = false;
        try {
            SecurityUtil.login(configuration, "key", "", "");
        } catch (IOException e) {
            z = true;
        }
        Assert.assertTrue("Exception for empty keytabfile name was expected", z);
    }

    @Test
    public void testGetHostFromPrincipal() {
        Assert.assertEquals("host", SecurityUtil.getHostFromPrincipal("service/host@realm"));
        Assert.assertEquals((Object) null, SecurityUtil.getHostFromPrincipal("service@realm"));
    }

    @Test
    public void testBuildDTServiceName() {
        Configuration configuration = new Configuration(false);
        configuration.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP, true);
        SecurityUtil.setConfiguration(configuration);
        Assert.assertEquals("127.0.0.1:123", SecurityUtil.buildDTServiceName(URI.create("test://LocalHost"), 123));
        Assert.assertEquals("127.0.0.1:123", SecurityUtil.buildDTServiceName(URI.create("test://LocalHost:123"), 456));
        Assert.assertEquals("127.0.0.1:123", SecurityUtil.buildDTServiceName(URI.create("test://127.0.0.1"), 123));
        Assert.assertEquals("127.0.0.1:123", SecurityUtil.buildDTServiceName(URI.create("test://127.0.0.1:123"), 456));
    }

    @Test
    public void testBuildTokenServiceSockAddr() {
        Configuration configuration = new Configuration(false);
        configuration.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP, true);
        SecurityUtil.setConfiguration(configuration);
        Assert.assertEquals("127.0.0.1:123", SecurityUtil.buildTokenService(new InetSocketAddress("LocalHost", 123)).toString());
        Assert.assertEquals("127.0.0.1:123", SecurityUtil.buildTokenService(new InetSocketAddress(HConstants.LOCALHOST_IP, 123)).toString());
        Assert.assertEquals("127.0.0.1:123", SecurityUtil.buildTokenService(NetUtils.createSocketAddr(HConstants.LOCALHOST_IP, 123)).toString());
    }

    @Test
    public void testGoodHostsAndPorts() {
        InetSocketAddress createSocketAddrForHost = NetUtils.createSocketAddrForHost("localhost", 123);
        runGoodCases(createSocketAddrForHost, "localhost", 123);
        runGoodCases(createSocketAddrForHost, "localhost:", 123);
        runGoodCases(createSocketAddrForHost, "localhost:123", 456);
    }

    void runGoodCases(InetSocketAddress inetSocketAddress, String str, int i) {
        Assert.assertEquals(inetSocketAddress, NetUtils.createSocketAddr(str, i));
        Assert.assertEquals(inetSocketAddress, NetUtils.createSocketAddr("hdfs://" + str, i));
        Assert.assertEquals(inetSocketAddress, NetUtils.createSocketAddr("hdfs://" + str + "/path", i));
    }

    @Test
    public void testBadHostsAndPorts() {
        runBadCases("", true);
        runBadCases(":", false);
        runBadCases("hdfs/", false);
        runBadCases("hdfs:/", false);
        runBadCases("hdfs://", true);
    }

    void runBadCases(String str, boolean z) {
        runBadPortPermutes(str, false);
        runBadPortPermutes(str + "*", false);
        runBadPortPermutes(str + "localhost", z);
        runBadPortPermutes(str + "localhost:-1", false);
        runBadPortPermutes(str + "localhost:-123", false);
        runBadPortPermutes(str + "localhost:xyz", false);
        runBadPortPermutes(str + "localhost/xyz", z);
        runBadPortPermutes(str + "localhost/:123", z);
        runBadPortPermutes(str + ":123", false);
        runBadPortPermutes(str + ":xyz", false);
    }

    void runBadPortPermutes(String str, boolean z) {
        int[] iArr = {ErrorCodes.ERR_INVALID_REPEAT_RANGE_PATTERN, -1, 123};
        boolean z2 = false;
        try {
            try {
                NetUtils.createSocketAddr(str);
                Assert.assertTrue("should be bad: '" + str + "'", false);
            } finally {
                Assert.assertTrue("should be bad: '" + str + "'", z2);
            }
        } catch (IllegalArgumentException e) {
            z2 = true;
            Assert.assertTrue("should be bad: '" + str + "'", true);
        }
        for (int i : iArr) {
            if (!z || i <= 0) {
                try {
                    try {
                        NetUtils.createSocketAddr(str, i);
                        Assert.assertTrue("should be bad: '" + str + "' (default port:" + i + ")", false);
                    } catch (IllegalArgumentException e2) {
                        Assert.assertTrue("should be bad: '" + str + "' (default port:" + i + ")", true);
                    }
                } finally {
                    Assert.assertTrue("should be bad: '" + str + "' (default port:" + i + ")", false);
                }
            }
        }
    }

    private void verifyValues(InetSocketAddress inetSocketAddress, String str, String str2, int i) {
        Assert.assertTrue(!inetSocketAddress.isUnresolved());
        if (!SecurityUtil.useIpForTokenService) {
            Assert.assertEquals(str, inetSocketAddress.getHostName());
            Assert.assertEquals(str, inetSocketAddress.getAddress().getHostName());
        }
        Assert.assertEquals(str2, inetSocketAddress.getAddress().getHostAddress());
        Assert.assertEquals(i, inetSocketAddress.getPort());
    }

    private void verifyTokenService(InetSocketAddress inetSocketAddress, String str, String str2, int i, boolean z) {
        Configuration configuration = new Configuration(false);
        configuration.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP, z);
        SecurityUtil.setConfiguration(configuration);
        String lowerCase = z ? str2 : StringUtils.toLowerCase(str);
        Token token = new Token();
        Text text = new Text(lowerCase + ":" + i);
        Assert.assertEquals(text, SecurityUtil.buildTokenService(inetSocketAddress));
        SecurityUtil.setTokenService(token, inetSocketAddress);
        Assert.assertEquals(text, token.getService());
        InetSocketAddress tokenServiceAddr = SecurityUtil.getTokenServiceAddr(token);
        Assert.assertNotNull(tokenServiceAddr);
        verifyValues(tokenServiceAddr, lowerCase, str2, i);
    }

    private void verifyAddress(InetSocketAddress inetSocketAddress, String str, String str2, int i) {
        verifyValues(inetSocketAddress, str, str2, i);
        verifyTokenService(inetSocketAddress, str, str2, i, true);
        verifyTokenService(inetSocketAddress, str, str2, i, false);
    }

    private void verifyServiceAddr(String str, String str2) {
        verifyAddress(NetUtils.createSocketAddrForHost(str, 123), str, str2, 123);
        verifyAddress(NetUtils.createSocketAddr(str + ":123"), str, str2, 123);
        verifyAddress(NetUtils.createSocketAddr(str + ":123", 123 + 1), str, str2, 123);
        verifyAddress(NetUtils.createSocketAddr(str, 123), str, str2, 123);
    }

    @Test
    public void testSocketAddrWithName() {
        NetUtils.addStaticResolution("my", "localhost");
        verifyServiceAddr("LocalHost", HConstants.LOCALHOST_IP);
    }

    @Test
    public void testSocketAddrWithIP() {
        NetUtils.addStaticResolution(HConstants.LOCALHOST_IP, "localhost");
        verifyServiceAddr(HConstants.LOCALHOST_IP, HConstants.LOCALHOST_IP);
    }

    @Test
    public void testSocketAddrWithNameToStaticName() {
        NetUtils.addStaticResolution("host1", "localhost");
        verifyServiceAddr("host1", HConstants.LOCALHOST_IP);
    }

    @Test
    public void testSocketAddrWithNameToStaticIP() {
        NetUtils.addStaticResolution("host3", "255.255.255.255");
        verifyServiceAddr("host3", "255.255.255.255");
    }

    @Test
    public void testSocketAddrWithIPToStaticIP() {
        NetUtils.addStaticResolution("1.2.3.4", "255.255.255.255");
        verifyServiceAddr("1.2.3.4", "255.255.255.255");
    }

    @Test
    public void testGetAuthenticationMethod() {
        Configuration configuration = new Configuration();
        configuration.unset(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION);
        Assert.assertEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, SecurityUtil.getAuthenticationMethod(configuration));
        configuration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "simple");
        Assert.assertEquals(UserGroupInformation.AuthenticationMethod.SIMPLE, SecurityUtil.getAuthenticationMethod(configuration));
        configuration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
        Assert.assertEquals(UserGroupInformation.AuthenticationMethod.KERBEROS, SecurityUtil.getAuthenticationMethod(configuration));
        configuration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kaboom");
        String str = null;
        try {
            SecurityUtil.getAuthenticationMethod(configuration);
        } catch (Exception e) {
            str = e.toString();
        }
        Assert.assertEquals("java.lang.IllegalArgumentException: Invalid attribute value for hadoop.security.authentication of kaboom", str);
    }

    @Test
    public void testSetAuthenticationMethod() {
        Configuration configuration = new Configuration();
        SecurityUtil.setAuthenticationMethod(null, configuration);
        Assert.assertEquals("simple", configuration.get(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION));
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.SIMPLE, configuration);
        Assert.assertEquals("simple", configuration.get(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION));
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
        Assert.assertEquals("kerberos", configuration.get(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION));
    }
}
