package org.apache.hadoop.crypto.key.kms;

import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL;
import org.apache.hadoop.test.GenericTestUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.Timeout;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.event.Level;

/* loaded from: input_file:org/apache/hadoop/crypto/key/kms/TestKMSClientProvider.class */
public class TestKMSClientProvider {
    public static final Logger LOG = LoggerFactory.getLogger(TestKMSClientProvider.class);
    private final Token token = new Token();
    private final Token oldToken = new Token();
    private final String urlString = "https://host:16000/kms";
    private final String providerUriString = "kms://https@host:16000/kms";
    private final String oldTokenService = "host:16000";

    @Rule
    public Timeout globalTimeout = new Timeout(60000, TimeUnit.MILLISECONDS);

    public TestKMSClientProvider() {
        GenericTestUtils.setLogLevel(KMSClientProvider.LOG, Level.TRACE);
    }

    @Before
    public void setup() {
        SecurityUtil.setTokenServiceUseIp(false);
        this.token.setKind(KMSDelegationToken.TOKEN_KIND);
        this.token.setService(new Text("kms://https@host:16000/kms"));
        this.oldToken.setKind(KMSDelegationToken.TOKEN_KIND);
        this.oldToken.setService(new Text("host:16000"));
    }

    @Test
    public void testSelectDelegationToken() throws Exception {
        Credentials credentials = new Credentials();
        credentials.addToken(new Text("kms://https@host:16000/kms"), this.token);
        Assert.assertNull(KMSClientProvider.selectDelegationToken(credentials, null));
        Assert.assertNull(KMSClientProvider.selectDelegationToken(credentials, new Text("host:16000")));
        Assert.assertEquals(this.token, KMSClientProvider.selectDelegationToken(credentials, new Text("kms://https@host:16000/kms")));
    }

    @Test
    public void testSelectTokenOldService() throws Exception {
        KMSClientProvider kMSClientProvider = new KMSClientProvider(new URI("kms://https@host:16000/kms"), new Configuration());
        try {
            Credentials credentials = new Credentials();
            credentials.addToken(new Text("host:16000"), this.oldToken);
            Assert.assertEquals(this.oldToken, kMSClientProvider.selectDelegationToken(credentials));
            kMSClientProvider.close();
        } catch (Throwable th) {
            kMSClientProvider.close();
            throw th;
        }
    }

    @Test
    public void testSelectTokenWhenBothExist() throws Exception {
        Credentials credentials = new Credentials();
        KMSClientProvider kMSClientProvider = new KMSClientProvider(new URI("kms://https@host:16000/kms"), new Configuration());
        try {
            credentials.addToken(this.token.getService(), this.token);
            credentials.addToken(this.oldToken.getService(), this.oldToken);
            Assert.assertEquals("new token should be selected when both exist", this.token, kMSClientProvider.selectDelegationToken(credentials));
            kMSClientProvider.close();
        } catch (Throwable th) {
            kMSClientProvider.close();
            throw th;
        }
    }

    @Test
    public void testURLSelectTokenUriFormat() throws Exception {
        testURLSelectToken(this.token);
    }

    @Test
    public void testURLSelectTokenIpPort() throws Exception {
        testURLSelectToken(this.oldToken);
    }

    private void testURLSelectToken(Token token) throws URISyntaxException, IOException {
        DelegationTokenAuthenticatedURL createAuthenticatedURL = new KMSClientProvider(new URI("kms://https@host:16000/kms"), new Configuration()).createAuthenticatedURL();
        Credentials credentials = new Credentials();
        credentials.addToken(token.getService(), token);
        Assert.assertEquals(token, createAuthenticatedURL.selectDelegationToken(new URL("https://host:16000/kms"), credentials));
    }
}
