package org.apache.hadoop.hdfs.server.common;

import java.io.DataOutput;
import java.io.IOException;
import java.net.InetSocketAddress;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.server.common.HdfsServerConstants;
import org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer;
import org.apache.hadoop.hdfs.web.resources.DoAsParam;
import org.apache.hadoop.hdfs.web.resources.UserParam;
import org.apache.hadoop.io.DataInputBuffer;
import org.apache.hadoop.io.DataOutputBuffer;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AuthorizationException;
import org.apache.hadoop.security.authorize.DefaultImpersonationProvider;
import org.apache.hadoop.security.authorize.ProxyUsers;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;
import org.mortbay.jetty.security.Constraint;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-hdfs-2.7.1-tests.jar:org/apache/hadoop/hdfs/server/common/TestJspHelper.class
  input_file:hadoop-hdfs-2.7.1/share/hadoop/hdfs/hadoop-hdfs-2.7.1-tests.jar:org/apache/hadoop/hdfs/server/common/TestJspHelper.class
 */
/* loaded from: input_file:test-classes/org/apache/hadoop/hdfs/server/common/TestJspHelper.class */
public class TestJspHelper {
    private final Configuration conf = new HdfsConfiguration();
    private static String clientAddr = "1.1.1.1";
    private static String chainedClientAddr = clientAddr + ", 2.2.2.2";
    private static String proxyAddr = "3.3.3.3";

    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-hdfs-2.7.1-tests.jar:org/apache/hadoop/hdfs/server/common/TestJspHelper$DummySecretManager.class
      input_file:hadoop-hdfs-2.7.1/share/hadoop/hdfs/hadoop-hdfs-2.7.1-tests.jar:org/apache/hadoop/hdfs/server/common/TestJspHelper$DummySecretManager.class
     */
    /* loaded from: input_file:test-classes/org/apache/hadoop/hdfs/server/common/TestJspHelper$DummySecretManager.class */
    public static class DummySecretManager extends AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> {
        public DummySecretManager(long j, long j2, long j3, long j4) {
            super(j, j2, j3, j4);
        }

        /* renamed from: createIdentifier, reason: merged with bridge method [inline-methods] */
        public DelegationTokenIdentifier m1582createIdentifier() {
            return null;
        }

        public byte[] createPassword(DelegationTokenIdentifier delegationTokenIdentifier) {
            return new byte[1];
        }
    }

    @BeforeClass
    public static void setupKerb() {
        System.setProperty("java.security.krb5.kdc", "");
        System.setProperty("java.security.krb5.realm", Constraint.NONE);
    }

    @Test
    public void testGetUgi() throws IOException {
        this.conf.set("fs.defaultFS", "hdfs://localhost:4321/");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        ServletContext servletContext = (ServletContext) Mockito.mock(ServletContext.class);
        Text text = new Text("TheDoctor");
        Token token = new Token(new DelegationTokenIdentifier(text, text, null), new DummySecretManager(0L, 0L, 0L, 0L));
        Mockito.when(httpServletRequest.getParameter("delegation")).thenReturn(token.encodeToUrlString());
        Mockito.when(httpServletRequest.getRemoteUser()).thenReturn("TheDoctor");
        Mockito.when(httpServletRequest.getParameter(JspHelper.NAMENODE_ADDRESS)).thenReturn("1.1.1.1:1111");
        this.conf.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(this.conf);
        verifyServiceInToken(servletContext, httpServletRequest, "1.1.1.1:1111");
        Mockito.when(httpServletRequest.getParameter(JspHelper.NAMENODE_ADDRESS)).thenReturn((Object) null);
        InetSocketAddress inetSocketAddress = new InetSocketAddress("localhost", 2222);
        Mockito.when(servletContext.getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY)).thenReturn(inetSocketAddress);
        verifyServiceInToken(servletContext, httpServletRequest, inetSocketAddress.getAddress().getHostAddress() + ":2222");
        token.setService(new Text("3.3.3.3:3333"));
        String encodeToUrlString = token.encodeToUrlString();
        Mockito.when(servletContext.getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY)).thenReturn((Object) null);
        Mockito.when(httpServletRequest.getParameter("delegation")).thenReturn(encodeToUrlString);
        verifyServiceInToken(servletContext, httpServletRequest, "3.3.3.3:3333");
    }

    private void verifyServiceInToken(ServletContext servletContext, HttpServletRequest httpServletRequest, String str) throws IOException {
        Assert.assertEquals(str, ((Token) JspHelper.getUGI(servletContext, httpServletRequest, this.conf).getTokens().iterator().next()).getService().toString());
    }

    @Test
    public void testGetUgiFromToken() throws IOException {
        this.conf.set("fs.defaultFS", "hdfs://localhost:4321/");
        ServletContext servletContext = (ServletContext) Mockito.mock(ServletContext.class);
        this.conf.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(this.conf);
        Text text = new Text("TheNurse");
        String encodeToUrlString = new Token(new DelegationTokenIdentifier(text, text, new Text("TheDoctor")), new DummySecretManager(0L, 0L, 0L, 0L)).encodeToUrlString();
        HttpServletRequest mockRequest = getMockRequest(null, null, null);
        Mockito.when(mockRequest.getParameter("delegation")).thenReturn(encodeToUrlString);
        UserGroupInformation ugi = JspHelper.getUGI(servletContext, mockRequest, this.conf);
        Assert.assertNotNull(ugi.getRealUser());
        Assert.assertEquals(ugi.getRealUser().getShortUserName(), "TheDoctor");
        Assert.assertEquals(ugi.getShortUserName(), "TheNurse");
        checkUgiFromToken(ugi);
        HttpServletRequest mockRequest2 = getMockRequest("TheDoctor", null, null);
        Mockito.when(mockRequest2.getParameter("delegation")).thenReturn(encodeToUrlString);
        UserGroupInformation ugi2 = JspHelper.getUGI(servletContext, mockRequest2, this.conf);
        Assert.assertNotNull(ugi2.getRealUser());
        Assert.assertEquals(ugi2.getRealUser().getShortUserName(), "TheDoctor");
        Assert.assertEquals(ugi2.getShortUserName(), "TheNurse");
        checkUgiFromToken(ugi2);
        HttpServletRequest mockRequest3 = getMockRequest("rogue", null, null);
        Mockito.when(mockRequest3.getParameter("delegation")).thenReturn(encodeToUrlString);
        UserGroupInformation ugi3 = JspHelper.getUGI(servletContext, mockRequest3, this.conf);
        Assert.assertNotNull(ugi3.getRealUser());
        Assert.assertEquals(ugi3.getRealUser().getShortUserName(), "TheDoctor");
        Assert.assertEquals(ugi3.getShortUserName(), "TheNurse");
        checkUgiFromToken(ugi3);
        HttpServletRequest mockRequest4 = getMockRequest(null, "TheNurse", null);
        Mockito.when(mockRequest4.getParameter("delegation")).thenReturn(encodeToUrlString);
        UserGroupInformation ugi4 = JspHelper.getUGI(servletContext, mockRequest4, this.conf);
        Assert.assertNotNull(ugi4.getRealUser());
        Assert.assertEquals(ugi4.getRealUser().getShortUserName(), "TheDoctor");
        Assert.assertEquals(ugi4.getShortUserName(), "TheNurse");
        checkUgiFromToken(ugi4);
        HttpServletRequest mockRequest5 = getMockRequest(null, null, "rogue");
        Mockito.when(mockRequest5.getParameter("delegation")).thenReturn(encodeToUrlString);
        try {
            JspHelper.getUGI(servletContext, mockRequest5, this.conf);
            Assert.fail("bad request allowed");
        } catch (IOException e) {
            Assert.assertEquals("Usernames not matched: name=rogue != expected=TheNurse", e.getMessage());
        }
        HttpServletRequest mockRequest6 = getMockRequest(null, "TheNurse", "rogue");
        Mockito.when(mockRequest6.getParameter("delegation")).thenReturn(encodeToUrlString);
        try {
            JspHelper.getUGI(servletContext, mockRequest6, this.conf);
            Assert.fail("bad request allowed");
        } catch (IOException e2) {
            Assert.assertEquals("Usernames not matched: name=rogue != expected=TheNurse", e2.getMessage());
        }
    }

    @Test
    public void testGetNonProxyUgi() throws IOException {
        this.conf.set("fs.defaultFS", "hdfs://localhost:4321/");
        ServletContext servletContext = (ServletContext) Mockito.mock(ServletContext.class);
        this.conf.set("hadoop.security.authentication", "kerberos");
        UserGroupInformation.setConfiguration(this.conf);
        try {
            JspHelper.getUGI(servletContext, getMockRequest(null, null, null), this.conf);
            Assert.fail("bad request allowed");
        } catch (IOException e) {
            Assert.assertEquals("Security enabled but user not authenticated by filter", e.getMessage());
        }
        try {
            JspHelper.getUGI(servletContext, getMockRequest(null, "TheDoctor", null), this.conf);
            Assert.fail("bad request allowed");
        } catch (IOException e2) {
            Assert.assertEquals("Security enabled but user not authenticated by filter", e2.getMessage());
        }
        UserGroupInformation ugi = JspHelper.getUGI(servletContext, getMockRequest("TheDoctor", null, null), this.conf);
        Assert.assertNull(ugi.getRealUser());
        Assert.assertEquals(ugi.getShortUserName(), "TheDoctor");
        checkUgiFromAuth(ugi);
        UserGroupInformation ugi2 = JspHelper.getUGI(servletContext, getMockRequest("TheDoctor", "TheDoctor", null), this.conf);
        Assert.assertNull(ugi2.getRealUser());
        Assert.assertEquals(ugi2.getShortUserName(), "TheDoctor");
        checkUgiFromAuth(ugi2);
        try {
            JspHelper.getUGI(servletContext, getMockRequest("TheDoctor", "TheNurse", null), this.conf);
            Assert.fail("bad request allowed");
        } catch (IOException e3) {
            Assert.assertEquals("Usernames not matched: name=TheNurse != expected=TheDoctor", e3.getMessage());
        }
    }

    @Test
    public void testGetProxyUgi() throws IOException {
        this.conf.set("fs.defaultFS", "hdfs://localhost:4321/");
        ServletContext servletContext = (ServletContext) Mockito.mock(ServletContext.class);
        this.conf.set("hadoop.security.authentication", "kerberos");
        this.conf.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserGroupConfKey("TheDoctor"), "*");
        this.conf.set(DefaultImpersonationProvider.getTestProvider().getProxySuperuserIpConfKey("TheDoctor"), "*");
        ProxyUsers.refreshSuperUserGroupsConfiguration(this.conf);
        UserGroupInformation.setConfiguration(this.conf);
        try {
            JspHelper.getUGI(servletContext, getMockRequest(null, null, "TheNurse"), this.conf);
            Assert.fail("bad request allowed");
        } catch (IOException e) {
            Assert.assertEquals("Security enabled but user not authenticated by filter", e.getMessage());
        }
        try {
            JspHelper.getUGI(servletContext, getMockRequest(null, "TheDoctor", "TheNurse"), this.conf);
            Assert.fail("bad request allowed");
        } catch (IOException e2) {
            Assert.assertEquals("Security enabled but user not authenticated by filter", e2.getMessage());
        }
        UserGroupInformation ugi = JspHelper.getUGI(servletContext, getMockRequest("TheDoctor", null, "TheNurse"), this.conf);
        Assert.assertNotNull(ugi.getRealUser());
        Assert.assertEquals(ugi.getRealUser().getShortUserName(), "TheDoctor");
        Assert.assertEquals(ugi.getShortUserName(), "TheNurse");
        checkUgiFromAuth(ugi);
        UserGroupInformation ugi2 = JspHelper.getUGI(servletContext, getMockRequest("TheDoctor", "TheDoctor", "TheNurse"), this.conf);
        Assert.assertNotNull(ugi2.getRealUser());
        Assert.assertEquals(ugi2.getRealUser().getShortUserName(), "TheDoctor");
        Assert.assertEquals(ugi2.getShortUserName(), "TheNurse");
        checkUgiFromAuth(ugi2);
        try {
            JspHelper.getUGI(servletContext, getMockRequest("TheDoctor", "TheNurse", "TheNurse"), this.conf);
            Assert.fail("bad request allowed");
        } catch (IOException e3) {
            Assert.assertEquals("Usernames not matched: name=TheNurse != expected=TheDoctor", e3.getMessage());
        }
        try {
            JspHelper.getUGI(servletContext, getMockRequest("TheNurse", null, "TheDoctor"), this.conf);
            Assert.fail("bad proxy request allowed");
        } catch (AuthorizationException e4) {
            Assert.assertEquals("User: TheNurse is not allowed to impersonate TheDoctor", e4.getMessage());
        }
        try {
            JspHelper.getUGI(servletContext, getMockRequest("TheNurse", "TheNurse", "TheDoctor"), this.conf);
            Assert.fail("bad proxy request allowed");
        } catch (AuthorizationException e5) {
            Assert.assertEquals("User: TheNurse is not allowed to impersonate TheDoctor", e5.getMessage());
        }
    }

    private HttpServletRequest getMockRequest(String str, String str2, String str3) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getParameter(UserParam.NAME)).thenReturn(str2);
        if (str3 != null) {
            Mockito.when(httpServletRequest.getParameter(DoAsParam.NAME)).thenReturn(str3);
        }
        Mockito.when(httpServletRequest.getRemoteUser()).thenReturn(str);
        return httpServletRequest;
    }

    private void checkUgiFromAuth(UserGroupInformation userGroupInformation) {
        if (userGroupInformation.getRealUser() == null) {
            Assert.assertEquals(UserGroupInformation.AuthenticationMethod.KERBEROS_SSL, userGroupInformation.getAuthenticationMethod());
        } else {
            Assert.assertEquals(UserGroupInformation.AuthenticationMethod.PROXY, userGroupInformation.getAuthenticationMethod());
            Assert.assertEquals(UserGroupInformation.AuthenticationMethod.KERBEROS_SSL, userGroupInformation.getRealUser().getAuthenticationMethod());
        }
    }

    private void checkUgiFromToken(UserGroupInformation userGroupInformation) {
        if (userGroupInformation.getRealUser() == null) {
            Assert.assertEquals(UserGroupInformation.AuthenticationMethod.TOKEN, userGroupInformation.getAuthenticationMethod());
        } else {
            Assert.assertEquals(UserGroupInformation.AuthenticationMethod.PROXY, userGroupInformation.getAuthenticationMethod());
            Assert.assertEquals(UserGroupInformation.AuthenticationMethod.TOKEN, userGroupInformation.getRealUser().getAuthenticationMethod());
        }
    }

    @Test
    public void testReadWriteReplicaState() {
        try {
            DataOutput dataOutputBuffer = new DataOutputBuffer();
            DataInputBuffer dataInputBuffer = new DataInputBuffer();
            HdfsServerConstants.ReplicaState[] values = HdfsServerConstants.ReplicaState.values();
            int length = values.length;
            for (int i = 0; i < length; i++) {
                HdfsServerConstants.ReplicaState replicaState = values[i];
                replicaState.write(dataOutputBuffer);
                dataInputBuffer.reset(dataOutputBuffer.getData(), dataOutputBuffer.getLength());
                Assert.assertTrue("testReadWrite error !!!", replicaState == HdfsServerConstants.ReplicaState.read(dataInputBuffer));
                dataOutputBuffer.reset();
                dataInputBuffer.reset();
            }
        } catch (Exception e) {
            Assert.fail("testReadWrite ex error ReplicaState");
        }
    }

    @Test
    public void testRemoteAddr() {
        Assert.assertEquals(clientAddr, getRemoteAddr(clientAddr, null, false));
    }

    @Test
    public void testRemoteAddrWithUntrustedProxy() {
        Assert.assertEquals(proxyAddr, getRemoteAddr(clientAddr, proxyAddr, false));
    }

    @Test
    public void testRemoteAddrWithTrustedProxy() {
        Assert.assertEquals(clientAddr, getRemoteAddr(clientAddr, proxyAddr, true));
        Assert.assertEquals(clientAddr, getRemoteAddr(chainedClientAddr, proxyAddr, true));
    }

    @Test
    public void testRemoteAddrWithTrustedProxyAndEmptyClient() {
        Assert.assertEquals(proxyAddr, getRemoteAddr(null, proxyAddr, true));
        Assert.assertEquals(proxyAddr, getRemoteAddr("", proxyAddr, true));
    }

    private String getRemoteAddr(String str, String str2, boolean z) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getRemoteAddr()).thenReturn("1.2.3.4");
        Configuration configuration = new Configuration();
        if (str2 == null) {
            Mockito.when(httpServletRequest.getRemoteAddr()).thenReturn(str);
        } else {
            Mockito.when(httpServletRequest.getRemoteAddr()).thenReturn(str2);
            Mockito.when(httpServletRequest.getHeader("X-Forwarded-For")).thenReturn(str);
            if (z) {
                configuration.set("hadoop.proxyservers", str2);
            }
        }
        ProxyUsers.refreshSuperUserGroupsConfiguration(configuration);
        return JspHelper.getRemoteAddr(httpServletRequest);
    }
}
