package org.apache.hadoop.security;

import java.io.File;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Properties;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.LoginContext;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.contract.AbstractContractRootDirectoryTest;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.hadoop.test.GenericTestUtils;
import org.apache.hadoop.test.LambdaTestUtils;
import org.apache.hadoop.util.PlatformName;
import org.apache.log4j.Level;
import org.junit.After;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/security/TestUGIWithMiniKdc.class */
public class TestUGIWithMiniKdc {
    private static MiniKdc kdc;

    @After
    public void teardown() {
        UserGroupInformation.reset();
        if (kdc != null) {
            kdc.stop();
        }
    }

    private void setupKdc() throws Exception {
        Properties createConf = MiniKdc.createConf();
        createConf.setProperty("max.ticket.lifetime", "30");
        createConf.setProperty("min.ticket.lifetime", "30");
        kdc = new MiniKdc(createConf, new File(System.getProperty("test.dir", "target")));
        kdc.start();
    }

    @Test(timeout = 120000)
    public void testAutoRenewalThreadRetryWithKdc() throws Exception {
        GenericTestUtils.setLogLevel(UserGroupInformation.LOG, Level.DEBUG);
        Configuration configuration = new Configuration();
        configuration.setLong("hadoop.kerberos.min.seconds.before.relogin", 1L);
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
        UserGroupInformation.setConfiguration(configuration);
        UserGroupInformation.setEnableRenewThreadCreationForTest(true);
        LoginContext loginContext = null;
        try {
            final File file = new File(new File(System.getProperty("test.dir", "target")), "foo.keytab");
            HashSet hashSet = new HashSet();
            hashSet.add(new KerberosPrincipal("foo"));
            setupKdc();
            kdc.createPrincipal(file, new String[]{"foo"});
            loginContext = new LoginContext("", new Subject(false, hashSet, new HashSet(), new HashSet()), (CallbackHandler) null, new javax.security.auth.login.Configuration() { // from class: org.apache.hadoop.security.TestUGIWithMiniKdc.1
                public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                    HashMap hashMap = new HashMap();
                    hashMap.put("principal", "foo");
                    hashMap.put("refreshKrb5Config", "true");
                    if (PlatformName.IBM_JAVA) {
                        hashMap.put("useKeytab", file.getPath());
                        hashMap.put("credsType", "both");
                    } else {
                        hashMap.put("keyTab", file.getPath());
                        hashMap.put("useKeyTab", "true");
                        hashMap.put("storeKey", "true");
                        hashMap.put("doNotPrompt", "true");
                        hashMap.put("useTicketCache", "true");
                        hashMap.put("renewTGT", "true");
                        hashMap.put("isInitiator", Boolean.toString(true));
                    }
                    String str2 = System.getenv("KRB5CCNAME");
                    if (str2 != null) {
                        hashMap.put("ticketCache", str2);
                    }
                    hashMap.put("debug", "true");
                    return new AppConfigurationEntry[]{new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
                }
            });
            loginContext.login();
            UserGroupInformation.loginUserFromSubject(loginContext.getSubject());
            LambdaTestUtils.await(AbstractContractRootDirectoryTest.OBJECTSTORE_RETRY_TIMEOUT, 500, () -> {
                int value = UserGroupInformation.metrics.getRenewalFailures().value();
                UserGroupInformation.LOG.info("Renew failure count is {}", Integer.valueOf(value));
                return Boolean.valueOf(value > 0);
            });
            if (loginContext != null) {
                loginContext.logout();
            }
        } catch (Throwable th) {
            if (loginContext != null) {
                loginContext.logout();
            }
            throw th;
        }
    }
}
