package org.apache.hadoop.hbase.ipc;

import java.io.File;
import java.io.IOException;
import java.lang.reflect.UndeclaredThrowableException;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.security.sasl.SaslException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.ServerName;
import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.protobuf.generated.AuthenticationProtos;
import org.apache.hadoop.hbase.security.SecurityInfo;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestProtos;
import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestRpcServiceProtos;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.ipc.RemoteException;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.server.resourcemanager.placement.csmappingrule.MappingRule;
import org.apache.hbase.thirdparty.com.google.common.collect.Iterables;
import org.apache.hbase.thirdparty.com.google.common.collect.Lists;
import org.apache.hbase.thirdparty.com.google.common.io.Closeables;
import org.apache.hbase.thirdparty.com.google.protobuf.ServiceException;
import org.apache.hbase.thirdparty.io.netty.handler.codec.DecoderException;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
@Category({SecurityTests.class, MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/ipc/TestMultipleServerPrincipalsIPC.class */
public class TestMultipleServerPrincipalsIPC {
    private static MiniKdc KDC;
    private static String SERVER_PRINCIPAL;
    private static String SERVER_PRINCIPAL2;
    private static String CLIENT_PRINCIPAL;

    @Parameterized.Parameter(0)
    public Class<? extends RpcServer> rpcServerImpl;

    @Parameterized.Parameter(1)
    public Class<? extends RpcClient> rpcClientImpl;
    private Configuration clientConf;
    private Configuration serverConf;
    private UserGroupInformation clientUGI;
    private UserGroupInformation serverUGI;
    private RpcServer rpcServer;
    private RpcClient rpcClient;

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestMultipleServerPrincipalsIPC.class);
    private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
    private static final File KEYTAB_FILE = new File(TEST_UTIL.getDataTestDir("keytab").toUri().getPath());
    private static String HOST = "localhost";

    @Parameterized.Parameters(name = "{index}: rpcServerImpl={0}, rpcClientImpl={1}")
    public static List<Object[]> params() {
        ArrayList arrayList = new ArrayList();
        List<Class> asList = Arrays.asList(NettyRpcServer.class, SimpleRpcServer.class);
        List asList2 = Arrays.asList(NettyRpcClient.class, BlockingRpcClient.class);
        for (Class cls : asList) {
            Iterator it = asList2.iterator();
            while (it.hasNext()) {
                arrayList.add(new Object[]{cls, (Class) it.next()});
            }
        }
        return arrayList;
    }

    @BeforeClass
    public static void setUpBeforeClass() throws Exception {
        KDC = TEST_UTIL.setupMiniKdc(KEYTAB_FILE);
        SERVER_PRINCIPAL = "server/" + HOST;
        SERVER_PRINCIPAL2 = "server2/" + HOST;
        CLIENT_PRINCIPAL = "client";
        KDC.createPrincipal(KEYTAB_FILE, new String[]{CLIENT_PRINCIPAL, SERVER_PRINCIPAL, SERVER_PRINCIPAL2});
        SERVER_PRINCIPAL += "@" + KDC.getRealm();
        SERVER_PRINCIPAL2 += "@" + KDC.getRealm();
        setSecuredConfiguration(TEST_UTIL.getConfiguration());
        TEST_UTIL.getConfiguration().setInt("hbase.security.relogin.maxbackoff", 1);
        TEST_UTIL.getConfiguration().setInt("hbase.security.relogin.maxretries", 0);
        TEST_UTIL.getConfiguration().setInt(RpcClient.FAILED_SERVER_EXPIRY_KEY, 10);
    }

    @AfterClass
    public static void tearDownAfterClass() {
        if (KDC != null) {
            KDC.stop();
        }
    }

    private static void setSecuredConfiguration(Configuration configuration) {
        configuration.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
        configuration.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
        configuration.setBoolean(User.HBASE_SECURITY_AUTHORIZATION_CONF_KEY, true);
    }

    private void loginAndStartRpcServer(String str, int i) throws Exception {
        UserGroupInformation.setConfiguration(this.serverConf);
        this.serverUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(str, KEYTAB_FILE.getCanonicalPath());
        this.rpcServer = (RpcServer) this.serverUGI.doAs(() -> {
            return RpcServerFactory.createRpcServer(null, getClass().getSimpleName(), Lists.newArrayList(new RpcServer.BlockingServiceAndInterface(TestProtobufRpcServiceImpl.SERVICE, null)), new InetSocketAddress(HOST, i), this.serverConf, new FifoRpcScheduler(this.serverConf, 1));
        });
        this.rpcServer.start();
    }

    @Before
    public void setUp() throws Exception {
        this.clientConf = new Configuration(TEST_UTIL.getConfiguration());
        this.clientConf.setClass(RpcClientFactory.CUSTOM_RPC_CLIENT_IMPL_CONF_KEY, this.rpcClientImpl, RpcClient.class);
        this.clientConf.set("hbase.test.multiple.principal.first", SERVER_PRINCIPAL);
        this.clientConf.set("hbase.test.multiple.principal.second", SERVER_PRINCIPAL2);
        this.serverConf = new Configuration(TEST_UTIL.getConfiguration());
        this.serverConf.setClass(RpcServerFactory.CUSTOM_RPC_SERVER_IMPL_CONF_KEY, this.rpcServerImpl, RpcServer.class);
        SecurityInfo.addInfo(TestRpcServiceProtos.TestProtobufRpcProto.getDescriptor().getName(), new SecurityInfo(AuthenticationProtos.TokenIdentifier.Kind.HBASE_AUTH_TOKEN, "hbase.test.multiple.principal.second", "hbase.test.multiple.principal.first"));
        UserGroupInformation.setConfiguration(this.clientConf);
        this.clientUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(CLIENT_PRINCIPAL, KEYTAB_FILE.getCanonicalPath());
        loginAndStartRpcServer(SERVER_PRINCIPAL, 0);
        this.rpcClient = (RpcClient) this.clientUGI.doAs(() -> {
            return RpcClientFactory.createClient(this.clientConf, HConstants.DEFAULT_CLUSTER_ID.toString());
        });
    }

    @After
    public void tearDown() throws IOException {
        Closeables.close(this.rpcClient, true);
        this.rpcServer.stop();
    }

    private String echo(String str) throws Exception {
        return (String) this.clientUGI.doAs(() -> {
            return TestRpcServiceProtos.TestProtobufRpcProto.newBlockingStub(this.rpcClient.createBlockingRpcChannel(ServerName.valueOf(HOST, this.rpcServer.getListenerAddress().getPort(), -1L), User.getCurrent(), 10000)).echo(null, TestProtos.EchoRequestProto.newBuilder().setMessage(str).build()).getMessage();
        });
    }

    @Test
    public void testEcho() throws Exception {
        Assert.assertEquals("Hello World", echo("Hello World"));
    }

    @Test
    public void testMaliciousServer() throws Exception {
        SecurityInfo info = SecurityInfo.getInfo(TestRpcServiceProtos.TestProtobufRpcProto.getDescriptor().getName());
        for (int i = 0; i < info.getServerPrincipals().size(); i++) {
            this.clientConf.set(info.getServerPrincipals().get(i), "valid_server_" + i + "/" + HOST + "@" + KDC.getRealm());
        }
        UndeclaredThrowableException undeclaredThrowableException = (UndeclaredThrowableException) Assert.assertThrows(UndeclaredThrowableException.class, () -> {
            echo("whatever");
        });
        MatcherAssert.assertThat(undeclaredThrowableException.getCause(), Matchers.instanceOf(ServiceException.class));
        MatcherAssert.assertThat(undeclaredThrowableException.getCause().getCause(), Matchers.instanceOf(SaslException.class));
    }

    @Test
    public void testRememberLastSucceededServerPrincipal() throws Exception {
        RemoteException remoteException;
        Assert.assertEquals(MappingRule.APPLICATION_MAPPING, echo(MappingRule.APPLICATION_MAPPING));
        ((RpcConnection) Iterables.getOnlyElement(((AbstractRpcClient) this.rpcClient).getConnections().values())).shutdown();
        int port = this.rpcServer.getListenerAddress().getPort();
        this.rpcServer.stop();
        this.serverUGI.logoutUserFromKeytab();
        loginAndStartRpcServer(SERVER_PRINCIPAL2, port);
        UndeclaredThrowableException undeclaredThrowableException = (UndeclaredThrowableException) Assert.assertThrows(UndeclaredThrowableException.class, () -> {
            echo(MappingRule.APPLICATION_MAPPING);
        });
        MatcherAssert.assertThat(undeclaredThrowableException.getCause(), Matchers.instanceOf(ServiceException.class));
        MatcherAssert.assertThat(undeclaredThrowableException.getCause().getCause(), Matchers.instanceOf(IOException.class));
        MatcherAssert.assertThat(undeclaredThrowableException.getCause().getCause().getCause(), Matchers.instanceOf(IOException.class));
        Throwable cause = undeclaredThrowableException.getCause().getCause().getCause().getCause();
        MatcherAssert.assertThat(cause, Matchers.either(Matchers.instanceOf(DecoderException.class)).or(Matchers.instanceOf(RemoteException.class)));
        if (cause instanceof RemoteException) {
            remoteException = (RemoteException) cause;
        } else {
            MatcherAssert.assertThat(cause.getCause(), Matchers.instanceOf(RemoteException.class));
            remoteException = (RemoteException) cause.getCause();
        }
        Assert.assertEquals(SaslException.class.getName(), remoteException.getClassName());
        TEST_UTIL.waitFor(10000L, () -> {
            try {
                echo(MappingRule.APPLICATION_MAPPING);
                return true;
            } catch (UndeclaredThrowableException e) {
                Throwable cause2 = e.getCause().getCause();
                MatcherAssert.assertThat(cause2, Matchers.instanceOf(IOException.class));
                if (cause2 instanceof FailedServerException) {
                    return false;
                }
                MatcherAssert.assertThat(e.getCause().getMessage(), Matchers.containsString(RpcConnectionConstants.RELOGIN_IS_IN_PROGRESS));
                return false;
            }
        });
    }
}
