package org.apache.hadoop.hdfs.security;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.hdfs.web.WebHdfsTestUtil;
import org.apache.hadoop.security.TestDoAsEffectiveUser;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.DefaultImpersonationProvider;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.token.Token;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.internal.util.reflection.Whitebox;
import org.mortbay.util.URIUtil;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-hdfs-2.7.0-tests.jar:org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.class
  input_file:hadoop-hdfs-2.7.0/share/hadoop/hdfs/hadoop-hdfs-2.7.0-tests.jar:org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.class
 */
/* loaded from: input_file:test-classes/org/apache/hadoop/hdfs/security/TestDelegationTokenForProxyUser.class */
public class TestDelegationTokenForProxyUser {
    private static MiniDFSCluster cluster;
    private static Configuration config;
    private static final String REAL_USER = "RealUser";
    private static final String PROXY_USER = "ProxyUser";
    private static UserGroupInformation ugi;
    private static UserGroupInformation proxyUgi;
    private static final String GROUP1_NAME = "group1";
    private static final String GROUP2_NAME = "group2";
    private static final String[] GROUP_NAMES = {GROUP1_NAME, GROUP2_NAME};
    private static final Log LOG = LogFactory.getLog(TestDoAsEffectiveUser.class);

    private static void configureSuperUserIPAddresses(Configuration configuration, String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        Enumeration<NetworkInterface> networkInterfaces = NetworkInterface.getNetworkInterfaces();
        while (networkInterfaces.hasMoreElements()) {
            Enumeration<InetAddress> inetAddresses = networkInterfaces.nextElement().getInetAddresses();
            while (inetAddresses.hasMoreElements()) {
                arrayList.add(inetAddresses.nextElement().getHostAddress());
            }
        }
        StringBuilder sb = new StringBuilder();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            sb.append((String) it.next());
            sb.append(',');
        }
        sb.append("127.0.1.1,");
        sb.append(InetAddress.getLocalHost().getCanonicalHostName());
        LOG.info("Local Ip addresses: " + sb.toString());
        configuration.setStrings(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey(str), new String[]{sb.toString()});
    }

    @BeforeClass
    public static void setUp() throws Exception {
        config = new HdfsConfiguration();
        config.setBoolean(DFSConfigKeys.DFS_WEBHDFS_ENABLED_KEY, true);
        config.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY, 10000L);
        config.setLong(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY, 5000L);
        config.setStrings(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey(REAL_USER), new String[]{GROUP1_NAME});
        config.setBoolean(DFSConfigKeys.DFS_NAMENODE_DELEGATION_TOKEN_ALWAYS_USE_KEY, true);
        configureSuperUserIPAddresses(config, REAL_USER);
        FileSystem.setDefaultUri(config, "hdfs://localhost:0");
        cluster = new MiniDFSCluster.Builder(config).build();
        cluster.waitActive();
        ProxyUsers.refreshSuperUserGroupsConfiguration(config);
        ugi = UserGroupInformation.createRemoteUser(REAL_USER);
        proxyUgi = UserGroupInformation.createProxyUserForTesting(PROXY_USER, ugi, GROUP_NAMES);
    }

    @AfterClass
    public static void tearDown() throws Exception {
        if (cluster != null) {
            cluster.shutdown();
        }
    }

    @Test(timeout = 20000)
    public void testDelegationTokenWithRealUser() throws IOException {
        try {
            Token[] tokenArr = (Token[]) proxyUgi.doAs(new PrivilegedExceptionAction<Token<?>[]>() { // from class: org.apache.hadoop.hdfs.security.TestDelegationTokenForProxyUser.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Token<?>[] run() throws IOException {
                    return TestDelegationTokenForProxyUser.cluster.getFileSystem().addDelegationTokens("RenewerUser", null);
                }
            });
            DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier();
            delegationTokenIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(tokenArr[0].getIdentifier())));
            Assert.assertEquals(delegationTokenIdentifier.getUser().getUserName(), PROXY_USER);
            Assert.assertEquals(delegationTokenIdentifier.getUser().getRealUser().getUserName(), REAL_USER);
        } catch (InterruptedException e) {
        }
    }

    @Test(timeout = 5000)
    public void testWebHdfsDoAs() throws Exception {
        WebHdfsTestUtil.LOG.info("START: testWebHdfsDoAs()");
        WebHdfsTestUtil.LOG.info("ugi.getShortUserName()=" + ugi.getShortUserName());
        WebHdfsFileSystem webHdfsFileSystemAs = WebHdfsTestUtil.getWebHdfsFileSystemAs(ugi, config, WebHdfsFileSystem.SCHEME);
        cluster.getFileSystem().setPermission(new Path(URIUtil.SLASH), new FsPermission((short) 511));
        Whitebox.setInternalState(webHdfsFileSystemAs, "ugi", proxyUgi);
        Path homeDirectory = webHdfsFileSystemAs.getHomeDirectory();
        WebHdfsTestUtil.LOG.info("responsePath=" + homeDirectory);
        Assert.assertEquals(webHdfsFileSystemAs.getUri() + "/user/" + PROXY_USER, homeDirectory.toString());
        Path path = new Path("/testWebHdfsDoAs/a.txt");
        FSDataOutputStream create = webHdfsFileSystemAs.create(path);
        create.write("Hello, webhdfs user!".getBytes());
        create.close();
        FileStatus fileStatus = webHdfsFileSystemAs.getFileStatus(path);
        WebHdfsTestUtil.LOG.info("status.getOwner()=" + fileStatus.getOwner());
        Assert.assertEquals(PROXY_USER, fileStatus.getOwner());
        FSDataOutputStream append = webHdfsFileSystemAs.append(path);
        append.write("\nHello again!".getBytes());
        append.close();
        FileStatus fileStatus2 = webHdfsFileSystemAs.getFileStatus(path);
        WebHdfsTestUtil.LOG.info("status.getOwner()=" + fileStatus2.getOwner());
        WebHdfsTestUtil.LOG.info("status.getLen()  =" + fileStatus2.getLen());
        Assert.assertEquals(PROXY_USER, fileStatus2.getOwner());
    }
}
