package org.apache.hadoop.hdfs.qjournal;

import java.io.File;
import java.io.IOException;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.contract.AbstractFSContractTestBase;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.qjournal.MiniJournalCluster;
import org.apache.hadoop.http.HttpConfig;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.Timeout;

/* loaded from: input_file:lib/hadoop-hdfs-2.7.5.0-tests.jar:org/apache/hadoop/hdfs/qjournal/TestSecureNNWithQJM.class */
public class TestSecureNNWithQJM {
    private static final Path TEST_PATH = new Path("/test-dir");
    private static final Path TEST_PATH_2 = new Path("/test-dir-2");
    private static HdfsConfiguration baseConf;
    private static File baseDir;
    private static MiniKdc kdc;
    private MiniDFSCluster cluster;
    private HdfsConfiguration conf;
    private FileSystem fs;
    private MiniJournalCluster mjc;

    @Rule
    public Timeout timeout = new Timeout(AbstractFSContractTestBase.DEFAULT_TEST_TIMEOUT);

    @BeforeClass
    public static void init() throws Exception {
        baseDir = new File(System.getProperty("test.build.dir", "target/test-dir"), TestSecureNNWithQJM.class.getSimpleName());
        FileUtil.fullyDelete(baseDir);
        Assert.assertTrue(baseDir.mkdirs());
        kdc = new MiniKdc(MiniKdc.createConf(), baseDir);
        kdc.start();
        baseConf = new HdfsConfiguration();
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, baseConf);
        UserGroupInformation.setConfiguration(baseConf);
        Assert.assertTrue("Expected configuration to enable security", UserGroupInformation.isSecurityEnabled());
        String shortUserName = UserGroupInformation.getLoginUser().getShortUserName();
        File file = new File(baseDir, shortUserName + ".keytab");
        String absolutePath = file.getAbsolutePath();
        String str = Path.WINDOWS ? "127.0.0.1" : "localhost";
        kdc.createPrincipal(file, new String[]{shortUserName + "/" + str, "HTTP/" + str});
        String str2 = shortUserName + "/" + str + "@" + kdc.getRealm();
        String str3 = "HTTP/" + str + "@" + kdc.getRealm();
        baseConf.set("dfs.namenode.kerberos.principal", str2);
        baseConf.set(DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY, absolutePath);
        baseConf.set("dfs.datanode.kerberos.principal", str2);
        baseConf.set(DFSConfigKeys.DFS_DATANODE_KEYTAB_FILE_KEY, absolutePath);
        baseConf.set(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, str3);
        baseConf.set(DFSConfigKeys.DFS_JOURNALNODE_KEYTAB_FILE_KEY, absolutePath);
        baseConf.set(DFSConfigKeys.DFS_JOURNALNODE_KERBEROS_PRINCIPAL_KEY, str2);
        baseConf.set(DFSConfigKeys.DFS_JOURNALNODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY, str3);
        baseConf.setBoolean(DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true);
        baseConf.set(DFSConfigKeys.DFS_DATA_TRANSFER_PROTECTION_KEY, "authentication");
        baseConf.set(DFSConfigKeys.DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());
        baseConf.set(DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0");
        baseConf.set(DFSConfigKeys.DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");
        baseConf.set(DFSConfigKeys.DFS_JOURNALNODE_HTTPS_ADDRESS_KEY, "localhost:0");
        baseConf.setInt(CommonConfigurationKeys.IPC_CLIENT_CONNECT_MAX_RETRIES_ON_SASL_KEY, 10);
        KeyStoreTestUtil.setupSSLConfig(baseDir.getAbsolutePath(), KeyStoreTestUtil.getClasspathDir(TestSecureNNWithQJM.class), baseConf, false);
    }

    @AfterClass
    public static void destroy() {
        if (kdc != null) {
            kdc.stop();
        }
        FileUtil.fullyDelete(baseDir);
    }

    @Before
    public void setup() throws Exception {
        this.conf = new HdfsConfiguration(baseConf);
    }

    @After
    public void shutdown() throws IOException {
        IOUtils.cleanup(null, this.fs);
        if (this.cluster != null) {
            this.cluster.shutdown();
        }
        if (this.mjc != null) {
            this.mjc.shutdown();
        }
    }

    @Test
    public void testSecureMode() throws Exception {
        doNNWithQJMTest();
    }

    @Test
    public void testSecondaryNameNodeHttpAddressNotNeeded() throws Exception {
        this.conf.set(DFSConfigKeys.DFS_NAMENODE_SECONDARY_HTTP_ADDRESS_KEY, "null");
        doNNWithQJMTest();
    }

    private void doNNWithQJMTest() throws IOException {
        startCluster();
        Assert.assertTrue(this.fs.mkdirs(TEST_PATH));
        restartNameNode();
        Assert.assertTrue(this.fs.exists(TEST_PATH));
        Assert.assertTrue(this.fs.mkdirs(TEST_PATH_2));
        restartNameNode();
        Assert.assertTrue(this.fs.exists(TEST_PATH));
        Assert.assertTrue(this.fs.exists(TEST_PATH_2));
    }

    private void restartNameNode() throws IOException {
        IOUtils.cleanup(null, this.fs);
        this.cluster.restartNameNode(new String[0]);
        this.fs = this.cluster.getFileSystem();
    }

    private void startCluster() throws IOException {
        this.mjc = new MiniJournalCluster.Builder(this.conf).build();
        this.conf.set(DFSConfigKeys.DFS_NAMENODE_EDITS_DIR_KEY, this.mjc.getQuorumJournalURI("myjournal").toString());
        this.cluster = new MiniDFSCluster.Builder(this.conf).build();
        this.cluster.waitActive();
        this.fs = this.cluster.getFileSystem();
    }
}
