package alluxio.server.auth;

import alluxio.AlluxioURI;
import alluxio.ClientContext;
import alluxio.client.file.FileSystemMasterClient;
import alluxio.conf.Configuration;
import alluxio.conf.PropertyKey;
import alluxio.exception.status.UnauthenticatedException;
import alluxio.master.MasterClientContext;
import alluxio.security.authentication.AuthenticationProvider;
import alluxio.security.group.GroupMappingService;
import alluxio.security.user.TestUserState;
import alluxio.testutils.BaseIntegrationTest;
import alluxio.testutils.LocalAlluxioClusterResource;
import alluxio.util.FileSystemOptionsUtils;
import java.io.IOException;
import java.net.URL;
import java.net.URLClassLoader;
import java.util.Collections;
import java.util.List;
import javax.security.sasl.AuthenticationException;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;

/* loaded from: input_file:alluxio/server/auth/MasterClientAuthenticationIntegrationTest.class */
public final class MasterClientAuthenticationIntegrationTest extends BaseIntegrationTest {
    private static final String SUPERGROUP = "supergroup";
    private static final String NONSUPER = "nonsuper";
    private static final String SUPERUSER = "alluxio";

    @Rule
    public LocalAlluxioClusterResource mLocalAlluxioClusterResource = new LocalAlluxioClusterResource.Builder().setProperty(PropertyKey.SECURITY_GROUP_MAPPING_CLASS, UserGroupsMapping.class.getName()).setProperty(PropertyKey.SECURITY_AUTHORIZATION_PERMISSION_SUPERGROUP, SUPERGROUP).build();

    @Rule
    public ExpectedException mThrown = ExpectedException.none();

    /* loaded from: input_file:alluxio/server/auth/MasterClientAuthenticationIntegrationTest$NameMatchAuthenticationProvider.class */
    public static class NameMatchAuthenticationProvider implements AuthenticationProvider {
        public static final String FULL_CLASS_NAME = "alluxio.server.auth.MasterClientAuthenticationIntegrationTest$NameMatchAuthenticationProvider";

        public void authenticate(String str, String str2) throws AuthenticationException {
            if (!str.equals(MasterClientAuthenticationIntegrationTest.SUPERUSER)) {
                throw new AuthenticationException("Only allow the user alluxio to connect");
            }
        }
    }

    /* loaded from: input_file:alluxio/server/auth/MasterClientAuthenticationIntegrationTest$UserGroupsMapping.class */
    public static class UserGroupsMapping implements GroupMappingService {
        public List<String> getGroups(String str) throws IOException {
            return str.equals(MasterClientAuthenticationIntegrationTest.SUPERUSER) ? Collections.singletonList(MasterClientAuthenticationIntegrationTest.SUPERGROUP) : Collections.singletonList(MasterClientAuthenticationIntegrationTest.NONSUPER);
        }
    }

    @Test
    @LocalAlluxioClusterResource.Config(confParams = {"alluxio.security.authentication.type", "NOSASL", "alluxio.security.authorization.permission.enabled", "false"})
    public void noAuthenticationOpenClose() throws Exception {
        authenticationOperationTest("/file-nosasl");
    }

    @Test
    @LocalAlluxioClusterResource.Config(confParams = {"alluxio.security.authentication.type", "SIMPLE"})
    public void simpleAuthenticationOpenClose() throws Exception {
        authenticationOperationTest("/file-simple");
    }

    @Test
    @LocalAlluxioClusterResource.Config(confParams = {"alluxio.security.authentication.type", "CUSTOM", "alluxio.security.authentication.custom.provider.class", NameMatchAuthenticationProvider.FULL_CLASS_NAME, "alluxio.security.login.username", SUPERUSER})
    public void customAuthenticationOpenClose() throws Exception {
        authenticationOperationTest("/file-custom");
    }

    @Test
    @LocalAlluxioClusterResource.Config(confParams = {"alluxio.security.authentication.type", "CUSTOM", "alluxio.security.authentication.custom.provider.class", NameMatchAuthenticationProvider.FULL_CLASS_NAME, "alluxio.security.login.username", SUPERUSER})
    public void customAuthenticationDenyConnect() throws Exception {
        FileSystemMasterClient create = FileSystemMasterClient.Factory.create(MasterClientContext.newBuilder(ClientContext.create(new TestUserState("no-alluxio", Configuration.global()).getSubject(), Configuration.global())).build());
        Throwable th = null;
        try {
            try {
                Assert.assertFalse(create.isConnected());
                this.mThrown.expect(UnauthenticatedException.class);
                create.connect();
                if (create != null) {
                    if (0 == 0) {
                        create.close();
                        return;
                    }
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (create != null) {
                if (th != null) {
                    try {
                        create.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    create.close();
                }
            }
            throw th4;
        }
    }

    @Test
    @LocalAlluxioClusterResource.Config(confParams = {"alluxio.security.authentication.type", "SIMPLE"})
    public void simpleAuthenticationIsolatedClassLoader() throws Exception {
        FileSystemMasterClient create = FileSystemMasterClient.Factory.create(MasterClientContext.newBuilder(ClientContext.create(Configuration.global())).build());
        Assert.assertFalse(create.isConnected());
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        Thread.currentThread().setContextClassLoader(contextClassLoader instanceof URLClassLoader ? new URLClassLoader(((URLClassLoader) contextClassLoader).getURLs(), null) : new URLClassLoader(new URL[0], contextClassLoader));
        try {
            create.connect();
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            Assert.assertTrue(create.isConnected());
            create.close();
        } catch (Throwable th) {
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    private void authenticationOperationTest(String str) throws Exception {
        FileSystemMasterClient create = FileSystemMasterClient.Factory.create(MasterClientContext.newBuilder(ClientContext.create(new TestUserState(SUPERUSER, Configuration.global()).getSubject(), Configuration.global())).build());
        Assert.assertFalse(create.isConnected());
        create.connect();
        Assert.assertTrue(create.isConnected());
        create.createFile(new AlluxioURI(str), FileSystemOptionsUtils.createFileDefaults(Configuration.global()));
        Assert.assertNotNull(create.getStatus(new AlluxioURI(str), FileSystemOptionsUtils.getStatusDefaults(Configuration.global())));
        create.disconnect();
        create.close();
    }
}
