package org.apache.hadoop.security.alias;

import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.util.List;
import java.util.Random;
import org.apache.commons.httpclient.HttpState;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.contract.localfs.LocalFSContract;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.ProviderUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.Assert;
import org.junit.Test;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-common-2.7.0-tests.jar:org/apache/hadoop/security/alias/TestCredentialProviderFactory.class
  input_file:hadoop-common-2.7.0/share/hadoop/common/hadoop-common-2.7.0-tests.jar:org/apache/hadoop/security/alias/TestCredentialProviderFactory.class
 */
/* loaded from: input_file:test-classes/org/apache/hadoop/security/alias/TestCredentialProviderFactory.class */
public class TestCredentialProviderFactory {
    private static char[] chars = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'M', 'N', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '2', '3', '4', '5', '6', '7', '8', '9'};
    private static final File tmpDir = new File(System.getProperty(LocalFSContract.SYSPROP_TEST_BUILD_DATA, "/tmp"), "creds");

    @Test
    public void testFactory() throws Exception {
        Configuration configuration = new Configuration();
        String str = "jceks://file" + new Path(tmpDir.toString(), "test.jks").toUri();
        configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, "user:///," + str);
        List<CredentialProvider> providers = CredentialProviderFactory.getProviders(configuration);
        Assert.assertEquals(2L, providers.size());
        Assert.assertEquals(UserProvider.class, providers.get(0).getClass());
        Assert.assertEquals(JavaKeyStoreProvider.class, providers.get(1).getClass());
        Assert.assertEquals("user:///", providers.get(0).toString());
        Assert.assertEquals(str, providers.get(1).toString());
    }

    @Test
    public void testFactoryErrors() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, "unknown:///");
        try {
            CredentialProviderFactory.getProviders(configuration);
            Assert.assertTrue("should throw!", false);
        } catch (IOException e) {
            Assert.assertEquals("No CredentialProviderFactory for unknown:/// in hadoop.security.credential.provider.path", e.getMessage());
        }
    }

    @Test
    public void testUriErrors() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, "unkn@own:/x/y");
        try {
            CredentialProviderFactory.getProviders(configuration);
            Assert.assertTrue("should throw!", false);
        } catch (IOException e) {
            Assert.assertEquals("Bad configuration of hadoop.security.credential.provider.path at unkn@own:/x/y", e.getMessage());
        }
    }

    private static char[] generatePassword(int i) {
        StringBuffer stringBuffer = new StringBuffer();
        Random random = new Random();
        for (int i2 = 0; i2 < i; i2++) {
            stringBuffer.append(chars[random.nextInt(chars.length)]);
        }
        return stringBuffer.toString().toCharArray();
    }

    static void checkSpecificProvider(Configuration configuration, String str) throws Exception {
        CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(configuration).get(0);
        char[] generatePassword = generatePassword(16);
        Assert.assertEquals((Object) null, credentialProvider.getCredentialEntry("no-such-key"));
        Assert.assertEquals((Object) null, credentialProvider.getCredentialEntry("key"));
        try {
            credentialProvider.createCredentialEntry("pass", generatePassword);
            Assert.assertArrayEquals(generatePassword, credentialProvider.getCredentialEntry("pass").getCredential());
            try {
                credentialProvider.createCredentialEntry("pass", generatePassword);
                Assert.assertTrue("should throw", false);
            } catch (IOException e) {
                Assert.assertEquals("Credential pass already exists in " + str, e.getMessage());
            }
            credentialProvider.deleteCredentialEntry("pass");
            try {
                credentialProvider.deleteCredentialEntry("pass");
                Assert.assertTrue("should throw", false);
            } catch (IOException e2) {
                Assert.assertEquals("Credential pass does not exist in " + str, e2.getMessage());
            }
            char[] cArr = {'1', '2', '3'};
            credentialProvider.createCredentialEntry("pass", generatePassword);
            credentialProvider.createCredentialEntry("pass2", cArr);
            Assert.assertArrayEquals(cArr, credentialProvider.getCredentialEntry("pass2").getCredential());
            credentialProvider.flush();
            Assert.assertArrayEquals(cArr, configuration.getPassword("pass2"));
            configuration.set("onetwothree", "123");
            Assert.assertArrayEquals(cArr, configuration.getPassword("onetwothree"));
            configuration.set(CredentialProvider.CLEAR_TEXT_FALLBACK, HttpState.PREEMPTIVE_DEFAULT);
            Assert.assertArrayEquals((char[]) null, configuration.getPassword("onetwothree"));
            CredentialProvider credentialProvider2 = CredentialProviderFactory.getProviders(configuration).get(0);
            Assert.assertTrue(credentialProvider2 != null);
            Assert.assertArrayEquals(new char[]{'1', '2', '3'}, credentialProvider2.getCredentialEntry("pass2").getCredential());
            Assert.assertArrayEquals(generatePassword, credentialProvider2.getCredentialEntry("pass").getCredential());
            List<String> aliases = credentialProvider2.getAliases();
            Assert.assertTrue("Credentials should have been returned.", aliases.size() == 2);
            Assert.assertTrue("Returned Credentials should have included pass.", aliases.contains("pass"));
            Assert.assertTrue("Returned Credentials should have included pass2.", aliases.contains("pass2"));
        } catch (Exception e3) {
            e3.printStackTrace();
            throw e3;
        }
    }

    @Test
    public void testUserProvider() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, "user:///");
        checkSpecificProvider(configuration, "user:///");
        Assert.assertArrayEquals(new byte[]{49, 50, 51}, UserGroupInformation.getCurrentUser().getCredentials().getSecretKey(new Text("pass2")));
    }

    @Test
    public void testJksProvider() throws Exception {
        Configuration configuration = new Configuration();
        String str = "jceks://file" + new Path(tmpDir.toString(), "test.jks").toUri();
        File file = new File(tmpDir, "test.jks");
        file.delete();
        configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, str);
        checkSpecificProvider(configuration, str);
        Path unnestUri = ProviderUtils.unnestUri(new URI(str));
        FileSystem fileSystem = unnestUri.getFileSystem(configuration);
        Assert.assertTrue(fileSystem.getFileStatus(unnestUri).getPermission().toString().equals("rwx------"));
        Assert.assertTrue(file + " should exist", file.isFile());
        fileSystem.setPermission(unnestUri, new FsPermission("777"));
        checkPermissionRetention(configuration, str, unnestUri);
    }

    public void checkPermissionRetention(Configuration configuration, String str, Path path) throws Exception {
        CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(configuration).get(0);
        char[] cArr = new char[32];
        for (int i = 0; i < cArr.length; i++) {
            cArr[i] = (char) i;
        }
        try {
            credentialProvider.createCredentialEntry("key5", cArr);
            credentialProvider.flush();
            Assert.assertArrayEquals(cArr, CredentialProviderFactory.getProviders(configuration).get(0).getCredentialEntry("key5").getCredential());
            Assert.assertTrue("Permissions should have been retained from the preexisting keystore.", path.getFileSystem(configuration).getFileStatus(path).getPermission().toString().equals("rwxrwxrwx"));
        } catch (Exception e) {
            e.printStackTrace();
            throw e;
        }
    }
}
