package org.apache.hadoop.security;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import javax.naming.CommunicationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.lib.service.hadoop.FileSystemAccessService;
import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-2.7.5.0/share/hadoop/common/hadoop-common-2.7.5.0-tests.jar:org/apache/hadoop/security/TestLdapGroupsMapping.class
 */
/* loaded from: input_file:hadoop-2.7.5.0/share/hadoop/tools/lib/hadoop-common-2.7.5.0-tests.jar:org/apache/hadoop/security/TestLdapGroupsMapping.class */
public class TestLdapGroupsMapping {
    private DirContext mockContext;
    private LdapGroupsMapping mappingSpy = (LdapGroupsMapping) Mockito.spy(new LdapGroupsMapping());
    private NamingEnumeration mockUserNamingEnum = (NamingEnumeration) Mockito.mock(NamingEnumeration.class);
    private NamingEnumeration mockGroupNamingEnum = (NamingEnumeration) Mockito.mock(NamingEnumeration.class);
    private String[] testGroups = {"group1", "group2"};

    @Before
    public void setupMocks() throws NamingException {
        this.mockContext = (DirContext) Mockito.mock(DirContext.class);
        ((LdapGroupsMapping) Mockito.doReturn(this.mockContext).when(this.mappingSpy)).getDirContext();
        SearchResult searchResult = (SearchResult) Mockito.mock(SearchResult.class);
        Mockito.when(Boolean.valueOf(this.mockUserNamingEnum.hasMoreElements())).thenReturn(true);
        Mockito.when(this.mockUserNamingEnum.nextElement()).thenReturn(searchResult);
        Mockito.when(searchResult.getNameInNamespace()).thenReturn("CN=some_user,DC=test,DC=com");
        SearchResult searchResult2 = (SearchResult) Mockito.mock(SearchResult.class);
        Mockito.when(Boolean.valueOf(this.mockGroupNamingEnum.hasMoreElements())).thenReturn(true, true, false);
        Mockito.when(this.mockGroupNamingEnum.nextElement()).thenReturn(searchResult2);
        BasicAttribute basicAttribute = new BasicAttribute("cn");
        basicAttribute.add(this.testGroups[0]);
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put(basicAttribute);
        BasicAttribute basicAttribute2 = new BasicAttribute("cn");
        basicAttribute2.add(this.testGroups[1]);
        Attributes basicAttributes2 = new BasicAttributes();
        basicAttributes2.put(basicAttribute2);
        Mockito.when(searchResult2.getAttributes()).thenReturn(basicAttributes, basicAttributes2);
    }

    @Test
    public void testGetGroups() throws IOException, NamingException {
        Mockito.when(this.mockContext.search(Mockito.anyString(), Mockito.anyString(), (Object[]) Mockito.any(Object[].class), (SearchControls) Mockito.any(SearchControls.class))).thenReturn(this.mockUserNamingEnum, this.mockGroupNamingEnum);
        doTestGetGroups(Arrays.asList(this.testGroups), 2);
    }

    @Test
    public void testGetGroupsWithConnectionClosed() throws IOException, NamingException {
        Mockito.when(this.mockContext.search(Mockito.anyString(), Mockito.anyString(), (Object[]) Mockito.any(Object[].class), (SearchControls) Mockito.any(SearchControls.class))).thenThrow(new CommunicationException("Connection is closed")).thenReturn(this.mockUserNamingEnum, this.mockGroupNamingEnum);
        doTestGetGroups(Arrays.asList(this.testGroups), 3);
    }

    @Test
    public void testGetGroupsWithLdapDown() throws IOException, NamingException {
        Mockito.when(this.mockContext.search(Mockito.anyString(), Mockito.anyString(), (Object[]) Mockito.any(Object[].class), (SearchControls) Mockito.any(SearchControls.class))).thenThrow(new CommunicationException("Connection is closed"));
        doTestGetGroups(Arrays.asList(new String[0]), 3);
    }

    private void doTestGetGroups(List<String> list, int i) throws IOException, NamingException {
        Configuration configuration = new Configuration();
        configuration.set(LdapGroupsMapping.LDAP_URL_KEY, "ldap://test");
        this.mappingSpy.setConf(configuration);
        Assert.assertEquals(list, this.mappingSpy.getGroups("some_user"));
        ((DirContext) Mockito.verify(this.mockContext, Mockito.times(i))).search(Mockito.anyString(), Mockito.anyString(), (Object[]) Mockito.any(Object[].class), (SearchControls) Mockito.any(SearchControls.class));
    }

    @Test
    public void testExtractPassword() throws IOException {
        File file = new File(System.getProperty(MiniDFSCluster.PROP_TEST_BUILD_DATA, "target/test-dir"));
        file.mkdirs();
        File file2 = new File(file, "secret.txt");
        FileWriter fileWriter = new FileWriter(file2);
        fileWriter.write(FileSystemAccessService.PREFIX);
        fileWriter.close();
        Assert.assertEquals(FileSystemAccessService.PREFIX, new LdapGroupsMapping().extractPassword(file2.getPath()));
    }

    @Test
    public void testConfGetPassword() throws Exception {
        File file = new File(System.getProperty(MiniDFSCluster.PROP_TEST_BUILD_DATA, "target/test-dir"));
        Configuration configuration = new Configuration();
        String str = "jceks://file" + new Path(file.toString(), "test.jks").toUri();
        new File(file, "test.jks").delete();
        configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, str);
        CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(configuration).get(0);
        char[] cArr = {'b', 'i', 'n', 'd', 'p', 'a', 's', 's'};
        char[] cArr2 = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};
        Assert.assertEquals((Object) null, credentialProvider.getCredentialEntry(LdapGroupsMapping.BIND_PASSWORD_KEY));
        Assert.assertEquals((Object) null, credentialProvider.getCredentialEntry(LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY));
        try {
            credentialProvider.createCredentialEntry(LdapGroupsMapping.BIND_PASSWORD_KEY, cArr);
            credentialProvider.createCredentialEntry(LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY, cArr2);
            credentialProvider.flush();
            Assert.assertArrayEquals(cArr, credentialProvider.getCredentialEntry(LdapGroupsMapping.BIND_PASSWORD_KEY).getCredential());
            Assert.assertArrayEquals(cArr2, credentialProvider.getCredentialEntry(LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY).getCredential());
            LdapGroupsMapping ldapGroupsMapping = new LdapGroupsMapping();
            Assert.assertEquals("bindpass", ldapGroupsMapping.getPassword(configuration, LdapGroupsMapping.BIND_PASSWORD_KEY, ""));
            Assert.assertEquals("storepass", ldapGroupsMapping.getPassword(configuration, LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY, ""));
            Assert.assertEquals("", ldapGroupsMapping.getPassword(configuration, "invalid-alias", ""));
        } catch (Exception e) {
            e.printStackTrace();
            throw e;
        }
    }
}
