package alluxio.security.authentication;

import alluxio.conf.InstancedConfiguration;
import alluxio.conf.PropertyKey;
import alluxio.exception.status.UnauthenticatedException;
import alluxio.grpc.GrpcChannel;
import alluxio.grpc.GrpcChannelBuilder;
import alluxio.grpc.GrpcServer;
import alluxio.grpc.GrpcServerAddress;
import alluxio.grpc.GrpcServerBuilder;
import alluxio.security.user.UserState;
import alluxio.util.CommonUtils;
import alluxio.util.ConfigurationUtils;
import alluxio.util.WaitForOptions;
import alluxio.util.network.NetworkAddressUtils;
import io.grpc.Channel;
import java.net.InetSocketAddress;
import javax.security.sasl.AuthenticationException;
import org.hamcrest.core.StringStartsWith;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.powermock.reflect.Whitebox;

/* loaded from: input_file:alluxio/security/authentication/GrpcSecurityTest.class */
public class GrpcSecurityTest {
    private static final int S_AUTHENTICATION_PROPOGATE_TIMEOUT = 30000;

    @Rule
    public ExpectedException mThrown = ExpectedException.none();
    private InstancedConfiguration mConfiguration;

    /* loaded from: input_file:alluxio/security/authentication/GrpcSecurityTest$ExactlyMatchAuthenticationProvider.class */
    public static class ExactlyMatchAuthenticationProvider implements AuthenticationProvider {
        static final String USERNAME = "alluxio";
        static final String PASSWORD = "correct-password";

        public void authenticate(String str, String str2) throws AuthenticationException {
            if (!str.equals(USERNAME) || !str2.equals(PASSWORD)) {
                throw new AuthenticationException("User authentication fails");
            }
        }
    }

    @Before
    public void before() {
        this.mConfiguration = new InstancedConfiguration(ConfigurationUtils.defaults());
    }

    @Test
    public void testServerUnsupportedAuthentication() {
        this.mThrown.expect(RuntimeException.class);
        this.mThrown.expectMessage(new StringStartsWith("No factory could create a UserState with authType: " + AuthType.KERBEROS.name()));
        createServer(AuthType.KERBEROS);
    }

    @Test
    public void testSimpleAuthentication() throws Exception {
        GrpcServer createServer = createServer(AuthType.SIMPLE);
        try {
            createServer.start();
            GrpcChannelBuilder.newBuilder(getServerConnectAddress(createServer), this.mConfiguration).setSubject(UserState.Factory.create(this.mConfiguration).getSubject()).build();
            createServer.shutdown();
        } catch (Throwable th) {
            createServer.shutdown();
            throw th;
        }
    }

    @Test
    public void testNoSaslAuthentication() throws Exception {
        GrpcServer createServer = createServer(AuthType.NOSASL);
        try {
            createServer.start();
            GrpcChannelBuilder.newBuilder(getServerConnectAddress(createServer), this.mConfiguration).build();
        } finally {
            createServer.shutdown();
        }
    }

    @Test
    public void testCustomAuthentication() throws Exception {
        this.mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.CUSTOM.getAuthName());
        this.mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_CUSTOM_PROVIDER_CLASS, ExactlyMatchAuthenticationProvider.class.getName());
        GrpcServer createServer = createServer(AuthType.CUSTOM);
        try {
            createServer.start();
            GrpcChannelBuilder.newBuilder(getServerConnectAddress(createServer), this.mConfiguration).setCredentials("alluxio", "correct-password", (String) null).build();
        } finally {
            createServer.shutdown();
        }
    }

    @Test
    public void testCustomAuthenticationFails() throws Exception {
        this.mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.CUSTOM.getAuthName());
        this.mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_CUSTOM_PROVIDER_CLASS, ExactlyMatchAuthenticationProvider.class.getName());
        GrpcServer createServer = createServer(AuthType.CUSTOM);
        try {
            createServer.start();
            GrpcChannelBuilder newBuilder = GrpcChannelBuilder.newBuilder(getServerConnectAddress(createServer), this.mConfiguration);
            this.mThrown.expect(UnauthenticatedException.class);
            newBuilder.setCredentials("fail", "fail", (String) null).build();
        } finally {
            createServer.shutdown();
        }
    }

    @Test
    public void testDisabledAuthentication() throws Exception {
        GrpcServer createServer = createServer(AuthType.SIMPLE);
        try {
            createServer.start();
            GrpcChannelBuilder.newBuilder(getServerConnectAddress(createServer), this.mConfiguration).disableAuthentication().build();
        } finally {
            createServer.shutdown();
        }
    }

    @Test
    public void testAuthMismatch() throws Exception {
        GrpcServer createServer = createServer(AuthType.NOSASL);
        try {
            createServer.start();
            this.mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.SIMPLE);
            GrpcChannelBuilder newBuilder = GrpcChannelBuilder.newBuilder(getServerConnectAddress(createServer), this.mConfiguration);
            this.mThrown.expect(UnauthenticatedException.class);
            newBuilder.build();
        } finally {
            createServer.shutdown();
        }
    }

    @Test
    public void testAuthenticationClosed() throws Exception {
        this.mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.SIMPLE.getAuthName());
        GrpcServer createServer = createServer(AuthType.SIMPLE);
        try {
            createServer.start();
            AuthenticatedChannel authenticatedChannel = (AuthenticatedChannel) Whitebox.getInternalState((Channel) Whitebox.getInternalState(GrpcChannelBuilder.newBuilder(getServerConnectAddress(createServer), this.mConfiguration).setSubject(UserState.Factory.create(this.mConfiguration).getSubject()).build(), "mChannel"), "channel");
            Assert.assertNotNull(createServer.getAuthenticationServer().getUserInfoForChannel(authenticatedChannel.getChannelId()));
            authenticatedChannel.close();
            CommonUtils.waitFor("login state removed", () -> {
                try {
                    createServer.getAuthenticationServer().getUserInfoForChannel(authenticatedChannel.getChannelId());
                    return false;
                } catch (UnauthenticatedException e) {
                    return true;
                }
            }, WaitForOptions.defaults().setTimeoutMs(S_AUTHENTICATION_PROPOGATE_TIMEOUT));
            createServer.shutdown();
        } catch (Throwable th) {
            createServer.shutdown();
            throw th;
        }
    }

    @Test
    public void testAuthenticationRevoked() throws Exception {
        this.mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.SIMPLE.getAuthName());
        this.mConfiguration.set(PropertyKey.AUTHENTICATION_INACTIVE_CHANNEL_REAUTHENTICATE_PERIOD, "250ms");
        GrpcServer createServer = createServer(AuthType.SIMPLE);
        try {
            createServer.start();
            GrpcChannel build = GrpcChannelBuilder.newBuilder(getServerConnectAddress(createServer), this.mConfiguration).setSubject(UserState.Factory.create(this.mConfiguration).getSubject()).build();
            Assert.assertTrue(build.isHealthy());
            Thread.sleep(500L);
            Assert.assertFalse(build.isHealthy());
            createServer.shutdown();
        } catch (Throwable th) {
            createServer.shutdown();
            throw th;
        }
    }

    private GrpcServerAddress getServerConnectAddress(GrpcServer grpcServer) {
        return new GrpcServerAddress(new InetSocketAddress(NetworkAddressUtils.getLocalHostName((int) this.mConfiguration.getMs(PropertyKey.NETWORK_HOST_RESOLUTION_TIMEOUT_MS)), grpcServer.getBindPort()));
    }

    private GrpcServer createServer(AuthType authType) {
        this.mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, authType.name());
        return GrpcServerBuilder.forAddress("localhost", new InetSocketAddress(NetworkAddressUtils.getLocalHostName((int) this.mConfiguration.getMs(PropertyKey.NETWORK_HOST_RESOLUTION_TIMEOUT_MS)), 0), this.mConfiguration, UserState.Factory.create(this.mConfiguration)).build();
    }
}
